From: "infokiller " <joweill@icloud.com>
To: discuss@spectrum-os.org
Subject: Re: Comparison to Qubes OS
Date: Mon, 15 Jun 2020 01:33:56 -0000 [thread overview]
Message-ID: <159218483690.15924.16175017917976390500@localhost> (raw)
In-Reply-To: <E1jkZp5-0006oR-SF.7c6f434c-mail-ru@smtp43.i.mail.ru>
Michael Raskin wrote:
> > - "GUI applications are buggy, command line
> > tools
> > are mostly
> > undocumented": I assume that the reason for this is the lack of
> > resources the Qubes project has. However, I don't see how this will be
> > be better in the case of Spectrum which is a new project with one
> > developer. My understanding is that a lot of the instability I've
> > encountered with
> > Qubes's tools comes down to some severe technical debt with their
> > inter-VM communication system. This is likely something that is very
> > difficult to fix, but easy to learn from. Being a new project allows
> > Spectrum to learn from Qubes' mistakes. I agree, but I'm still not
> > convinced this will be different in the case of Spectrum, having even more limited dev
> > resources than Qubes'. I mean, if the Qubes folks could fix these issues without a
> > huge effort, even if it
> > meant rewriting all the inter-VM communication tools, they probably would. If they
> > didn't, I assume this is because this is just a huge undertaking (as is the whole
> > project), and they're busy with other work which has higher priority. I would assume
> > that you will end up in exactly the same situation.
> Note that SpectrumOS is going to make tradeoffs that are complete non-starters for Qubes.
True, but I'm not sure this applies to making GUI tools less buggy, or having better documentation for CLI tools. Even if Spectrum development will make big compromises, I find it unlikely that
these aspects will be improved over Qubes.
Now, I'm not saying this is not possible at all. Maybe a 100 new contributors will join the project soon and will make this viable. I just think that this is not a strong selling point of Spectrum,
which is somewhat implied in the motivation page.
> A wl_roots based tooling is seriously considered for the first full release, after all���
Is using wl_roots a non-starter for Qubes?
> A lot of problems for Qubes is that things are hard to do without making security slightly
> worse than what Qubes has now. Spectrum is definitely not going to achieve this level of
> security anytime soon for various reasons, and the goal is more to find the best trade-off
> between security and usability.
>
> There is quite a bit of design space in the gap between ��quite a bit more secure than
> Firejail, with the ease of use around plain NixOS plus Firejail�� and ��less secure than
> Qubes, but easier to manage��.
What do you mean by "quite a bit more secure than firejail"? isn't this side of the spectrum actually "firejail-like security"?
The way I see it, the following are the major points on the usability-security spectrum for running desktop Linux (or another desktop OS for that matter), starting from the best usability and worst
security, and ending in the worst usability and best security:
1. Run a regular Linux distro (some are better than others in providing quick security updates)
2. Harden the system: sandbox processes, harden the kernel and important userspace libraries like libc, enforce MAC, use Wayland instead of X11, firewall, verified/secure boot, etc.
3. Use Qubes
Most users, of course, don't bother and just use (1), which is actually fine in most cases.
(2) gives pretty good usability, with the main issues related to sandboxing, since most Linux desktop apps were not built with sandboxing in mind, and the overall experience does not
support it well (for example, there's no standard permission dialogs like in Android, where sandboxing works much better in practice).
Theoretically, people could use (2), run untrusted software in VMs to get strong sandboxing but still be able to use most software, and get pretty good security. In practice this doesn't quite work
because running stuff in dedicated VMs is not streamlined enough, so people just don't do it.
Then there's (3), which is the most secure, but has some usability issues that were already mentioned. So Spectrum can fill the gap between (2) and (3).
next prev parent reply other threads:[~2020-06-15 1:34 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-12 11:06 joweill
2020-06-12 11:28 ` Michał "rysiek" Woźniak
2020-06-12 11:54 ` infokiller
2020-06-12 12:02 ` Michał "rysiek" Woźniak
2020-06-13 11:19 ` Alyssa Ross
2020-06-13 11:38 ` Alyssa Ross
2020-06-14 20:19 ` infokiller
2020-06-14 21:27 ` Alyssa Ross
2020-06-14 22:19 ` Michał "rysiek" Woźniak
2020-06-15 1:59 ` infokiller
2020-06-15 1:54 ` infokiller
2020-06-14 21:13 ` Michael Raskin
2020-06-15 1:33 ` infokiller [this message]
2020-06-15 11:38 ` Michael Raskin
2020-06-15 13:44 ` infokiller
2020-06-15 14:06 ` Michał "rysiek" Woźniak
2020-06-15 15:07 ` infokiller
2020-06-15 14:42 ` Michael Raskin
2020-06-15 15:29 ` infokiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=159218483690.15924.16175017917976390500@localhost \
--to=joweill@icloud.com \
--cc=discuss@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).