1 Topic by burhen42 (edited by burhen42 2021-01-17 11:13:38)

  • burhen42
  • Guest

Topic: Integrate QubesOS Security into HyperbolaBSD?

You've probably heard of QubesOS by now.
https://www.qubes-os.org/

If not, it's a Debian-based security distro that runs all apps in xen-based virtual machines,
essentially isolating them from each other hence the developers boast its "security through isolation".

I was looking to use that as my main distro until I heard of Linux-Libre distros like Hyperbola.
On one hand, QubesOS has such promising security but it relies on systemD and, likely, still has non-free blobs in its system. On the other hand, Linux-Libre distros are 100% free but doesn't seem to measure up Qubes security features - correct me if I'm wrong.

I wonder if it is possible to integrate QubesOS's VM capabilities into HyperbolaBSD and, possibly, Hyperbola Linux - given that security is one of the OS's main goals here.

2 Reply by sagaracharya (edited by sagaracharya 2021-01-17 19:26:38)

  • sagaracharya
  • Guest

Re: Integrate QubesOS Security into HyperbolaBSD?

+1
I personally would love this. It would make system administration a ton simpler. I have tried to convey my thoughts to both the OS people regarding this.

People would not discuss on Qubes Discourse about getting away from non-free software. If you really look into Qubes, you'll understand it's about accepting bugs for functionality. Although I can't understand why such things would be available at dom0 and some very secret VMs! Eg. I don't like Firefox installed in the same VM that contains my work files supposedly secret.

I prefer security through isolation (Qubes today; easy system administration but has blobs) and correctness (Hyperbola or OpenBSD today; 1 bug and game over)

Regarding security through isolation, I have requested some of Hyperbola's developers to have Xen in HyperbolaBSD. Let's hope they listen to our requests.

https://wiki.archlinux.org/index.php/Xen

I think it's structure will be like Xen in arch and it will not have the privilege of being better than Qubes like sometimes Qubes is not affected by XSA report bugs.