tag:blogger.com,1999:blog-24586388.post7660168967011899954..comments2023-11-24T09:52:43.963+01:00Comments on The Invisible Things Lab's blog: Introducing Qubes Odyssey FrameworkJoanna Rutkowskahttp://www.blogger.com/profile/07657268181166351141noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-24586388.post-53349372132331775982014-11-23T23:01:47.288+01:002014-11-23T23:01:47.288+01:00Joanna and the team,
Everyone says "thank you...Joanna and the team,<br />Everyone says "thank you" so I will do the opposite ;-)<br />Go to hell, all (cyber/IT)criminals will loose their jobs and then what? Many security officers will loose their jobs. And then what? ;-)<br />PS. Good job. I am observing this project quite for some time and I am more and more impressed.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-83990803822939259072014-11-10T04:37:09.942+01:002014-11-10T04:37:09.942+01:00Hello Joanna,
Incredible work, thank you. Surely ...Hello Joanna,<br /><br />Incredible work, thank you. Surely and sorely needed in today's computing environment.<br /><br />Regarding the Windows process level implementation option, there is a commercial product I use that does something similar to this called WinPatrol, maybe worth having a look at for ideas.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-5743762550319949372014-08-14T13:30:21.726+02:002014-08-14T13:30:21.726+02:00Just curious, where does kvm-qemu sit in all this,...Just curious, where does kvm-qemu sit in all this, I see no mention of it, do you see it a liability security-wise, worse than windows??? <br /><br />Will be watching.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-63583899280750165992013-12-29T18:34:39.752+01:002013-12-29T18:34:39.752+01:00I have just installed beta 3. I had beta 2 install...I have just installed beta 3. I had beta 2 installed but didn't have much time to fool with it. I am clueless when it comes to the level of knowledge you all are at. I don't understand much of the discussion but I do understand hardware fairly well. But what I do know is that I was able to install Qubes with no problem and can use the default appVMs as designed. I have, in beta 2, also created some appVMs. While I may know a little more than the average user I don't see installation and use as being any more difficult than Windows 8 (8 disks (OEM disks), 4 hours and 3 tries before it installed properly, 1 disk, 40 minutes, 1 try to install Qubes). It may seem more difficult than it is when a rook like me looks at the blog and comments but you are talking about things most users will never concern themselves with. With some education and good plain language guidance most of the commercial market could easily be using Qubes. I like Qubes a lot, I would like it to be my every day, go-to OS. Right now that isn't possible (need some Win only hardware) but with the many improvements in each update, Qubes will soon be standing alone on my system. Great OS! Great job! Keep up the good work!<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-89957157026165996802013-10-23T11:43:37.056+02:002013-10-23T11:43:37.056+02:00@joerg:
As has been mentioned multiple times in t...@joerg:<br /><br />As has been mentioned multiple times in the article, the purpose of Odyssey is to allow a whole spectrum of products, balancing security vs. hardware compatibility/ease of deployment. Even though the variants from the "low-security" end of the spectrum share some of the weakness of other products, the big advantage is that one can almost seamlessly upgrade to the more secure variants from the other end of the spectrum.<br /><br />Qubes Odyssey is all about giving the customer freedom in making the decision how they want to balance security vs. hardware compatibility and ease of deployment. Qubes Odyssey provides infrastructure to build very secure client systems. Whether people would like to use its full potential is up to the customer...<br /><br />As for us, ITL, we will, of course, continue the development of the open source Qubes OS, also based on Odyssey Framework as well as on Xen and Linux, which we believe is the most practically secure solution for desktop computing.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-33909124754088579482013-10-21T19:51:47.566+02:002013-10-21T19:51:47.566+02:00Joanna,
speaking of Qubes Odyssey: Wouldn´t you co...Joanna,<br />speaking of Qubes Odyssey: Wouldn´t you converge to products like eg Bromium (which you compared to cubes here http://theinvisiblethings.blogspot.de/2012/09/how-is-qubes-os-different-from.html)? And your mentioned attack vectors like usb attacks and hooking into the GUI subsystem would also apply?<br />regards, joergAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-49527619023795129372013-08-13T16:38:01.832+02:002013-08-13T16:38:01.832+02:00What about KVM? It is supported by libvirt, and if...What about KVM? It is supported by libvirt, and if one wants to stick with linux entirely it would be first choice - will Qubes Oddyssey support it as well?Timo Ollechhttp://www.pc-ab-50.de/noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-31075043937550933892013-05-30T14:32:07.717+02:002013-05-30T14:32:07.717+02:00@anonymous-who-propses-to-use-multiple-physical-bo...@anonymous-who-propses-to-use-multiple-physical-boxes:<br /><br />Surely doable, but the networking would have to be handled smartly, so that the TCP/IP and WiFi/BT stacks not be part of the TCB. Doable, I think.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-689127598049194102013-05-30T13:50:17.403+02:002013-05-30T13:50:17.403+02:00First, let me say - great job with everything so f...First, let me say - great job with everything so far!<br /><br />Another interesting thing to look into might be using hardware machines instead of VMs - maybe even with different CPU architectures.<br /><br />Something like a physical network of Raspberry PI machines, controlled by an Admin and/or GUI which runs on a high-end laptop or PC. The setup can have firewall-machine and net-machine roles, just like in the regular Qubes OS.<br /><br />Or a future single-board system that has multiple chips as separate systems.<br /><br />Or a mix of Xen VT-d-enabled VMs and hardware machines.<br /><br />The end result can look the same as running Qubes OS on a single system with VT-d.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-82071380931271405672013-05-14T10:06:49.855+02:002013-05-14T10:06:49.855+02:00@Yeongdeok: at this moment we don't such plans...@Yeongdeok: at this moment we don't such plans, but with Qubes Odyssey Framework this is certainly possible. Questions about performance should really be asked to the specific VMM developers (e.g. Xen Arm Project).Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-62229004727403221902013-05-14T06:35:49.814+02:002013-05-14T06:35:49.814+02:00Do you have plan for porting QuebesOS on mobile pl...Do you have plan for porting QuebesOS on mobile platform? I planning to study and develop the mobile platform base on Xen-ARM (just for personal open source project, nonprofit). What do you think about QuebesOS mobile? Can I ask about your opinion as a developer? For example, in a point of view performance, utility, or any kind of things.testhttps://www.blogger.com/profile/02733201877980058735noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-74155691241810832652013-05-08T00:01:42.586+02:002013-05-08T00:01:42.586+02:00Here are my thoughts from a corporate perspective:...Here are my thoughts from a corporate perspective:<br /><br />I design technical infrastructure in a payment industry company so security is very dear to me also professionally.<br /><br />My first impression was that Qubes was first and formost a proof of concept and largely driven by the use case of being your personal productivity workstation driver.<br /><br />Now that you are reaching out into the commercial space, there are currently three primary use cases in our company (and most likely many others):<br /><br />1. Server <br />2. Worktation/Fat Client<br />3. VDI/Server based fat client + display-only thin client<br /><br />And I don't see Qubes yet playing very well in any of these use cases which seem best in terms of revenue stream and security needs.<br /><br />I could certainly see us paying for something ready to use in all of the above, because our company is a very likely target for the criminal industry.<br /><br />Our servers are of course GUI-less and we'd need a mix of OpenVZ we currently use to consolidate virtualized server loads at 1:50 or better as well as Qubes to isolate the I/O and management stacks. I/O overhead and latencies here would need to be optimized as much as possible and automated deployment via kickstart/PXE boot like mechanisms is a must.<br /><br />The run-time aspect of workstation is probably best covered today, but Qubes would need some unique deployment advantages to appeal to workstation admins. Ironically our vPro desktop was almost ideal about two years ago, when we depoyed almost exclusively Q based chipsets, but these days cost pressures is losing the potential window of opportunity to H based chipsets which have VT-d fused off.<br />AMD APU parts would have been a great alternative because they always come full featured in terms of virtualization support, but with AMD fighting for survival and dropping IOMMU2 software support they seem a very unsafe bet: There is also no APU based corporate client hardware out there.<br /><br />For me VDI servers are a next logical place to deploy the Qubes concept, but what you have currently doesn't seem to integrate easily with terminal servers or server based VMs. Of course the major players in that market like Citrix, VMware and I guess Microsoft take no prisoners and won't easily tolerate a cross vendor Qubes for VDI and TS.<br /><br />Like so often before I can see all the differnt parts out there fitting together in an ideal fashion for potential clients, but very little chance for this actually happening without major gotchas.<br /><br />Hope you prove me wrong and are successful in all those use cases!!Thomas Hoberghttp://www.atosworldline.comnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-90876858563114691412013-05-07T23:28:29.165+02:002013-05-07T23:28:29.165+02:00I can only welcome your new approach to generalize...I can only welcome your new approach to generalize the Qubes concept and thus have it appeal to a broader user and OS base. And I certainly wish you the very best in your attempt to attract commercial vendors: I guess doing all this good work on consultant fees only is too much living on the edge.<br /><br />I see strong parallels to my two other favorite open source projects, OpenVZ and openQRM as far as the commercialization is concerned.<br /><br />But just like with the OpenVZ version for Windows I'm a bit afraid there is only two options in that camp:<br />a) your work will be largely ignored when it should be mainstream<br /><br />b) Microsoft will make you an offer you can't refuse<br /><br />Meanwhile I just hope some patent troll can't steal or block your wonderful work.<br /><br />Unfortunately a technically well designed and from an end user perspective attractive product rarely is a good sell or downright shot down by vendors who fear losing a bit of grip on their customers.Thomas Hobergnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-88075559976449732702013-04-30T01:36:28.767+02:002013-04-30T01:36:28.767+02:00Joanna,
I am amazed at what you have created. We...Joanna, <br />I am amazed at what you have created. We are looking at how we can integrate your work in our commercial application. I have been watching since R1 and I am really excited by your progress. Have you thought about a BSD release With your duel licensing approach? Rather then Linux? This will allow more flexibility for commercial firms. (Qubes OS BSD) Andrewnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-32044595820904868822013-03-26T07:47:51.097+01:002013-03-26T07:47:51.097+01:00Joanna, what you and your team are working on is r...Joanna, what you and your team are working on is really revolutionary.<br /><br />Most cyber attacks could be stopped in the US government would use this technology in all of its departments.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-55049296852623460012013-03-23T15:27:52.566+01:002013-03-23T15:27:52.566+01:00Sounds awesome!Sounds awesome!Anonymousnoreply@blogger.com