[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-desktops
Subject: [Secure Desktops] Report: Qubes OS, Tails and Subgraph OS contributors meetup (Baltimore, 2016-10)
From: intrigeri <intrigeri () boum ! org>
Date: 2016-12-31 15:00:09
Message-ID: 85d1g89m9y.fsf () boum ! org
[Download RAW message or body]
Hi,
sorry for the delay, but FWIW here are my notes from the meeting
a bunch of us had in Baltimore two months ago, slightly edited to
leave out information some of us might prefer to stay private (mostly
funding & finances details).
Plans / perspectives:
- SGOS does things that other OS'es could use (e.g. GNOME -based tools for
Tails, Control Port Filter, fw-daemon), and some things that they won't.
- SGOS says that "Tails has extreme competence with building a distro
the right way, doc, release engineering", and Subgraph writes new
code (e.g. per-app TLS Guard)
- SGOS' code might be harder to integrate into Qubes OS than in Tails.
- There's interest in porting SGOS' hardening into Qubes OS' Debian template.
- anonym, Patrick and rfolcoptr people should compare their control port
filters and see what's missing in the other ones for everybody to use them.
- network/Tor bootstrap process: Tor Launcher is in XUL, have to move away from
it. There's been UX research by Linda about it. Tails has a design draft for
something much broader, that includes MAC spoofing, captive portal.
Qubes-Whonix wants something simpler. It would be nice to share some of that
code, and it would be nice to users if they could have a similar experience
in Tor Browser and "secure" OS'es. Linda is interested in implementing it
(she's a Python developer) but may not have time.
- Qubes OS ideally wants to be usable for people who cannot or don't want to
use the command line. There were improvements, but there's lots more to do.
The blocker is mainly time/money resources.
- Cost: $400 for a X220 with 16GB of RAM that supports Qubes. Requiring users
to _buy_ a specific computer is already a problem for many people
though. A LiveUSB helps checking if a specific computer is
compatible, but there's no maintainer for Qubes OS' one.
- One can use Qubes OS without VT-x and VT-d, but there will be missing
functionality. VT-x and VT-d might become more common in the future.
- Xen Linux kernel is lagging behind and does not always support the
latest hardware.
- Qubes OS are exploring having more laptops pre-installed with Qubes and
Coreboot. puri.sm is trying to do everything but does not change things
substantially on any of those.
- Mental model?
Funding:
- The situation is not ideal for any of our projects.
Meeting:
- Already reported about in a dedicated thread… that I failed to
follow-up about though.
Cheers,
--
intrigeri
_______________________________________________
Desktops mailing list
Desktops@secure-os.org
https://secure-os.org/cgi-bin/mailman/listinfo/desktops
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic