tag:blogger.com,1999:blog-24586388.post2536319280775711164..comments2023-11-24T09:52:43.963+01:00Comments on The Invisible Things Lab's blog: Windows support coming to Qubes!Joanna Rutkowskahttp://www.blogger.com/profile/07657268181166351141noreply@blogger.comBlogger34125tag:blogger.com,1999:blog-24586388.post-22082999083095037002012-10-19T01:38:44.919+02:002012-10-19T01:38:44.919+02:00@David: In Qubes 2 Beta 1 (that is to be released ...@David: In Qubes 2 Beta 1 (that is to be released soon) we will do only full desktop virtualization. But in the next releases we will be aiming towards the per-app GUI virtualization, done by extracting the composition buffer in the VM.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-70826968989425034842012-10-18T16:53:23.995+02:002012-10-18T16:53:23.995+02:00Joanna,
Will your support for Windows include pus...Joanna,<br /><br />Will your support for Windows include pushing individual application windows to your display VM as you've done for X, or will you always push a complete desktop as a single X window?<br /><br />I am working on a Xen display VM implementation that is trying to solve a similar problem of providing a unified desktop. We've considered the same approach you've taken for X, but a big requirement we have is that the unified desktop "look and feel" like the native guest desktop. This is further complicated by the fact we allow different guest OS s to be run. At minimum, if we relax that last requirement, we'd still be forced to run Win 7 as the display VM OS, since that is the predominant guest OS people will run and they will want the look and feel of a Win 7 shell.<br /><br />Our current thinking is that we'd send over the entire guest desktop as a framebuffer and then "clip out" application windows. Similar to RemoteApp (RAIL) in RDP, but without implementing any local window management. All keyboard/mouse would be passed to the correct VM depending on which window has focus, and we'd allow the guest VM to manage its own windows.<br /><br />Wondering what Qubes will do for WIndows 7. There seem to be two different approaches - either mirror the guest desktop and cut out the app windows or send over the app window buffers and do the desktop management in the display VM. The former allows us to preserve the look and feel of the guest desktop window manager, but the latter allows us to do more fancy desktop composing and unified window management.David Sundstromnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-60957468110683469292012-09-05T13:31:46.080+02:002012-09-05T13:31:46.080+02:00Hi,
as there is no info on how to install on usb ...Hi,<br /><br />as there is no info on how to install on usb hdds and how this effects already installed oses on internal hdds and no contact form is on the org www site. I just came across this blog. Would be nice to get some info on this questions and by the way is there a forum for this os somewhere?<br /><br />ThXs! Great work so far!BaGgAcFrEaKhttps://www.blogger.com/profile/10467723380765893539noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-35975589796693769952012-06-28T01:37:46.510+02:002012-06-28T01:37:46.510+02:00We will soon release "1.0 Release Candidate 1...We will soon release "1.0 Release Candidate 1" -- likely not within the coming days, but within the coming weeks.<br /><br />Qubes 1.0 will come with a default template based on Fedora 17. It is possible to build your own template, but that's not trivial currently. Qubes 2.0 will allow to install fully virtualized OSes, such as Windows, in a matter similar to VMWare Workstation. It will also have special support for Windows VMs, similar to how we currently handle Linux VMs (seamless GUI integration, template sharing, etc).Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-61600497865436898472012-06-27T23:02:25.677+02:002012-06-27T23:02:25.677+02:00Joanna,
Looks like the release date for "Mil...Joanna,<br /><br />Looks like the release date for "Milestone: Release 1.0" is just a few days away. <br /><br />http://wiki.qubes-os.org/trac/roadmap<br /><br />Will that be a public release? Hope so, because I'm really looking forward to giving it a try!<br /><br />About the future of Qubes: What Linux distributions will be supported as guests? That is, will the choice be restricted to certain pre-built guests or will we be able to install whatever distributions we like for use as a guests?<br /><br />Thanks,<br />GizmoChickenAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-25754771980009100392012-06-27T11:55:55.912+02:002012-06-27T11:55:55.912+02:00@Al
Im in no way endorsed with ITL or cubeos, but...@Al<br /><br />Im in no way endorsed with ITL or cubeos, but I can tell that checking bromium whitepaper I find no info about how they isolate resources and what privileges have different resources (apart from 'least privileges'), so with that lack of info I guess it will be hard to answer. <br /><br />http://www.bromium.com/misc/BromiumMicrovirtualization.pdf There they dont give much info on how their microVM works, how does it interface with resources.bradbury9https://www.blogger.com/profile/09461691970302999490noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-61852662563185104332012-06-26T17:40:03.942+02:002012-06-26T17:40:03.942+02:00Any comments on Bromium vs Qubes? Do you see thei...Any comments on Bromium vs Qubes? Do you see their approach as a viable means to achieve security?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-35146980562095378352012-06-26T17:39:01.688+02:002012-06-26T17:39:01.688+02:00Any comments on Bromium vs Qubes?Any comments on Bromium vs Qubes?Alhttps://www.blogger.com/profile/16866259978665505084noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-37768360512947084382012-06-06T12:19:59.208+02:002012-06-06T12:19:59.208+02:00Watching to next release milestone http://wiki.qub...Watching to next release milestone http://wiki.qubes-os.org/trac/milestone/Release%202 I see that it has many ineresting features:<br /><br />- sandboxing audio card. It is mic support, right?<br />openGL for AppVM. Thats a difficult thing but a huge feature. Video editing, gaming, HD video playback with OpenGL...<br /><br /><br />I wonder about the release date. Could you gives us a hint?bradbury9https://www.blogger.com/profile/09461691970302999490noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-48359771944449349702012-06-05T17:19:41.249+02:002012-06-05T17:19:41.249+02:00Joanna,
Thanks so much for the reply and the expl...Joanna,<br /><br />Thanks so much for the reply and the explanation. I look forward to trying the next version when it comes out!<br /><br />Best regards,<br />GizmoChickenAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-50338927210001626172012-06-05T11:33:43.723+02:002012-06-05T11:33:43.723+02:00@GizmoChicken:
As shown on the screenshots above,...@GizmoChicken:<br /><br />As shown on the screenshots above, the full desktop support will be supported by the next version of Qubes (> 1.0), as part of supporting Windows VMs. Actually the plan is to have two options for running HVM VMs (so fully virtualized):<br /><br />1) In full desktop mode -- this is what is shown on the screenshots and what is already running on my laptop,<br /><br />2) In per-app mode, just like it is currently supported for Linux AppVMs.<br /><br />The support for running HVM VMs, so Windows, will requires, however, VT-x support (and ideally also VT-d). This is only not needed for Linux AppVMs, but is required for Windows VMs.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-85935990827625553722012-06-05T06:52:40.164+02:002012-06-05T06:52:40.164+02:00Since one of my older laptops doesn't support ...Since one of my older laptops doesn't support VT-x/d, I've been looking for alternatives to XenClient and NxTop that will install and run in a fully PV mode. So when I learned that VT-x/d isn't an absolute requirement for Qubes, I gave it a try right away. <br /><br />First, let me say that I'm impressed with how smoothly Qubes installed on my older laptop - no problems at all! Also, please accept my compliment for taking such an innovative approach to virtualization. Your virtual apps approach is very promising. <br /><br />The above positive comments in mind, I must confess that, at least as far as I can tell, despite all its promise, Qubes doesn't seem to offer what I currently need. In particular, Qubes doesn't seem to offer any way (or at least any easy way) to run multiple virtual full DESKTOPS (not just apps) at the same time. Yes, I know, XenClient and NxTop already do that. But as I said, I'm looking for an alternative that doesn't require VT-x/d.<br /><br />Am I missing something? Does Qubes offer an easy way to run multiple virtual desktops? If not, I hope you'll consider offering such a feature in future versions.<br /><br />Thanks!<br />GizmoChickenAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-86891134792618435622012-05-31T18:34:16.504+02:002012-05-31T18:34:16.504+02:00You need to stop google :).You need to stop google :).Linknoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-7477304571444592732012-05-05T12:19:26.740+02:002012-05-05T12:19:26.740+02:00But then you would need to run zram at the Xen-lev...But then you would need to run zram at the Xen-level, not at Dom0 level, I think...Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-20717599066590814222012-05-05T01:29:49.184+02:002012-05-05T01:29:49.184+02:00If the memory compression takes place at host leve...If the memory compression takes place at host level, outside of the guest VMs, then won't it compress any & all guest memory usage?<br /><br />tmem may well be better since zram had various features removed in order to be accepted in to the kernel (AFAIK).<br /><br />Apologies for not talking about your topic of Windows guests. :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-17458206632754155652012-05-04T13:57:18.940+02:002012-05-04T13:57:18.940+02:00But zram, as well as Xen's tmem (which allows ...But zram, as well as Xen's tmem (which allows for memory pages deduplication) is a Linux-only solution, so couldn't be easily adopted for Windows VMs, right?Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-17074639207790549272012-05-03T23:43:41.870+02:002012-05-03T23:43:41.870+02:00Have you considered using zram as standard and (op...Have you considered using zram as standard and (optionally) not have a swap file on disk?<br /><br />Advantages:<br /><br />1. Running VMs will of course make the system more memory hungry, zram will effectively increase the available memory by 50% (?) (at the cost of increased processor usage)<br /><br />2. On disk swap file is slow, by storing data in ram instead zram will be orders of magnitude faster.<br /><br />3. On disk swap file is a security problem which requires encryption, whereas the processor cycles required for encryption can be more usefully used for compressing and storing data in RAM.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-63535189477885934892012-04-25T22:49:08.210+02:002012-04-25T22:49:08.210+02:00Hi, Joanna.
Could you share as more as you can re...Hi, Joanna.<br /><br />Could you share as more as you can related to you blog portals/sites/forums/irc channel, it would be great to see such post, or see the links in the related div of front page of your blog. <br />I mean portals about hardware, security, intel and so on.<br /><br />Thanx.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-48344058170228615352012-04-10T02:53:41.020+02:002012-04-10T02:53:41.020+02:00Have you and the qubes development team thought ab...Have you and the qubes development team thought about introducing Mac/BSD virtualization support in the future?Elinoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-437429670152639402012-03-31T10:24:53.391+02:002012-03-31T10:24:53.391+02:00@anon: this is not the best place to ask random se...@anon: this is not the best place to ask random security-related questions. A better place would be qubes-devel...<br /><br />Anyway, regarding this MBR rootkis -- looks rather pointless to me, especially that one can do something like this:<br />http://invisiblethingslab.com/resources/bh08/part3.pdfJoanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-58486264995962371592012-03-31T05:56:03.858+02:002012-03-31T05:56:03.858+02:00Hey Joanna,
your opinions on this "new" ...Hey Joanna,<br />your opinions on this "new" bootkit technique?<br />http://cansecwest.com/csw12/DeepBoot-English.pdf<br /><br />Researchers are:<br />http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Nicolas_Economou<br />and<br />http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Andres_Lopez_Luksenberganonnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-25840630477832080892012-03-28T11:07:51.670+02:002012-03-28T11:07:51.670+02:00@AstralStorm: Yes, bu provided yo uthen never shar...@AstralStorm: Yes, bu provided yo uthen never share this 2nd GPU among more than one VM (still might be useful -- e.g. to hardwire it to my "personal" VM). Would probably require some OEM magic to do the screen attach/detach between the integrated and discreet GPUs -- anybody has any idea how to do that?Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-11564476716967834642012-03-28T09:55:58.404+02:002012-03-28T09:55:58.404+02:00Actually, using passthrough graphics (a separate o...Actually, using passthrough graphics (a separate one) is reasonably secure if IOMMU is present and it's not the main GPU.<br /><br />There are scant few opportunities to snoop on the rest of VMs.AstralStormhttps://www.blogger.com/profile/16854204965365289701noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-6699353162589125422012-03-22T19:13:32.405+01:002012-03-22T19:13:32.405+01:00Very impressive projct I have to say!
I'm in t...Very impressive projct I have to say!<br />I'm in the XenClient world which is pretty much HVM oriented... and using vt-d for GPU's and PV drivers for network and storage exact the other way around.<br /><br />Can't wait to see the windows code too!<br /><br />Cheersnetwhohttps://www.blogger.com/profile/11518349284012789219noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-8873123173917542862012-03-21T11:20:01.725+01:002012-03-21T11:20:01.725+01:00@Anonymous: yes, and yes.@Anonymous: yes, and yes.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.com