What is Nostr?
AbstractEquilibrium / Abstract Equilibrium
npub17fn…5ksh
2023-07-28 11:16:16

AbstractEquilibrium on Nostr: Pro Tip: If you use Qubes, setup a separate AppVM for each nostr identity you create. ...

Pro Tip: If you use Qubes, setup a separate AppVM for each nostr identity you create. Store the keys in the offline Vault VM, and only copy each key to its dedicated VM. 😎

Wanna test some new software? Spin up a Disposable VM. It's exactly what it sounds like, you it down, restart it, and its a clean slate machine.

Want to use a VPN like Tor or Wireguard? Configure your AppVM to route through a NetVM that has the VPN configured.

You like Gentoo over Debian or Fedora? There's a template for that.

Upgrading a dozen VMs at once? Time consuming, but its basically 1-click, and it runs in the background.

Want to copy files or text between VMs? A few extra clicks, but you know the bits are staying fully and intentionally isolated.

Want to use GPG? Delegate those operations to a dedicated PGP VM that can safely store your keyring.

The paradigm shift in personal computing that qubes exposes is often called difficult, but if you can grok the security model, it opens up a lot of highly secure options. It might not be an ideal daily OS (personally I like NixOS), but I find it indispensable for many use cases.

Qubes OS

How does Qubes become the most secure operating system today?

By isolation. Qubes is not an ordinary Linux distribution, Qubes is a Xen distribution. Xen is an open source tier 1 (baremetal) hypervisor that runs directly against the hardware. Virtual machines run on top of Xen, each of these virtual machines is the one that provides services to the system. For example, there is a virtual machine that provides access to the network, another virtual machine provides the firewall, another virtual machine dom0 is the one that manages the Xen engine, another virtual machine manages the USB devices, and finally we have the different work environments, with which we can create various levels of reliability.

All this that you are telling me is all Greek to me. In short, if a virtual machine is compromised, it will not affect the rest of the machines, because each machine is isolated from the rest of the system.

Within Qubes, we can run different Linux templates, including Fedora and Debian, and we can also run Windows (I do not recommend it, because it is a severely compromised system).



What are these working environments?

The funny thing about all this, is that we have to re-educate ourselves to use Qubes. The idea is based on having several environments depending on the reliability of each one. For example, we will use the "untrusted" environment for everyday web browsing, we can use the personal environment for accessing password-required websites, and we can use the "work" environment or one created on purpose for the most critical websites such as bank websites. Finally we have an environment called "vault" which does not have Internet access, and in which we should store our files. The working environments are differentiated from each other by the color of their windows, which is customizable. For example, in the default installation the "untrusted" environment has a red window border, the "personal" one is yellow, "work" is blue, and finally the "vault" environment is black.

What does this achieve? That for example, if the "untrusted" environment is compromised, it will not affect the "personal" environment in which we have access to webs with passwords and therefore the access cookies. Or in the same way, if the "untrusted" environment or any other is compromised, it will never have access to our "vault" environment which is where we have the files.

We can create as many environments as we want in just seconds, since these are based on Templates predefined by the system.


How does Qubes achieve privacy?

Through Whonix and the Tor network. Whonix is a Linux distribution configured to use Tor by default, like Tails. Qubes uses a Whonix Template to give access to the Tor network. In case we want privacy, we just have to make use of the whonix machines that Qubes creates by default. We can even configure it so that all Qubes access is through Tor.


What do I need to use Qubes?

A processor and a motherboard that are compatible with Intel's vt-x and vt-d instructions or their AMD equivalents, AMD-V and AMD-Vi.
It's a bit of a pain, because not all computers, especially low-end ones, are compatible, but it's the price to pay for running a "reasonably secure" operating system.


How do you install it?

Well, like any other Linux distribution, it has its graphical wizard and it is not very difficult, but if you have any questions or problems, I will gladly help you.

https://www.qubes-os.org/downloads/
Author Public Key
npub17fnzd22p3xu5tg8sz343d38c5m8dxxe4npyyx0akxphc6mhvxessuw5ksh