Qubes: > On 8/10/20 8:03 PM, Toptin wrote: >> Jeff Kayser: >>> Hi, Toptin. >>> >>> Glad to put a smile on your face! Humor helps in difficult times, >>> and COVID has certainly made things difficult. >>> >>> Torvalds isn't my God; Jesus is. However, in the area of Linux, few >>> people are more of an expert than Linus Torvalds. If he prefers >>> Fedora, that’s a pretty good endorsement. >>> >>> There is one other reason: containers are very important, especially >>> for the cloud. When I started learning about containers, one concern >>> I had was security. From a security standpoint, docker sucks. To >>> address the container security issue, one promising direction is >>> podman. It is a docker replacement, with a *much* better security >>> architecture. The latest podman is delivered in Fedora. I figured >>> that if I wanted to learn containers, I should use something secure, >>> so I started with Fedora and podman. My main Linux VM is Fedora 32. >>> >>> I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing >>> personal with Fedora. But, the container security issue pushed me >>> over the edge towards Fedora. >> >> That's a very good rationale, and makes sense. Although, I still have a >> little problem with distributions like Fedora. Fedora is Redhat and >> Redhat is IBM. So, in my world they can't be any trust in a company >> especially such giants like IBM. I got branded with SuSe when they got >> bought by Novel... >> >> I would have thought that the best distribution for a project like >> Qubes-OS would have been a fully independent community driven one. Like >> Debian (I'm not a big fan, but if we talk stability and security; Debian >> is a rock), or maybe something like Arch-Linux. >> > Debian community sponsored? Isn't Canonical the biggest sponsor? They're > not small. > > Has OmniosCE with the ZFS file system integrated along with a host of > VERY cool features been considered as replacement? It should.
I don't know OmniosCE, but I had a quick look at https://omniosce.org/ and it states on their front-page "OMNIOS community edition The Open Source Enterprise Server OS...". Qubes-OS is designed as a single-user laptop / desktop system. I think it would be a hell of an afford to implement such an server system on a laptop. And why? As Joanna Rutkowska describes in Qubes OS Architecture 2010 v0.3 [1] the footprint for the base system should be as small as possible (small attack surface). Although that wasn't the only consideration: separation, isolation of small modules is key. So, it's about attack surface and code review; maintenance. The smaller the code base the easier it is to do a code review, and the harder it is to attack. That's why I got curious as to why such complex distribution like Fedora got chosen to be the base; 6 month release cycle / 13 month max life cycle, and version upgrades. That's why I thought something like Arch-Linux or Gentoo would be more preferable because it is its nature to be small, simple, practical. The installation can be tweaked deep down into the last bit. I don't mean to say that the end-user should do it. But from the development point of view I would consider that an advantage. Then end-user would still install the system via a GUI. But the best thing for the end-user would be that Arch-Linux (or something similar) would have a rolling upgrade. So, no version upgrades and then fixing the system for the next couple of days. For those who are not familiar with AL: it's one simple command: pacman -Suy . That command takes care of everything. I work for over a decade with VMs. I have everything in VMs. Result: more security that's for sure, but also more complexity in regards to backup / restore. For example: What if a restored VM won't start because of a corrupt vdisk...do you still do traditional backups? etc, etc. It's complicated... So, to have a small, simple, and practical base system is a must. I don't see that with Fedora... However, I have to try when I get my new laptops and see for myself... 1: http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf > > I have worked with ZFS on OmniosCE for a while and I can really see how > Qubes can greatly benefit from it. With the way that Qubes has been > designed dropping in ZFS can open up a world of possibilities in what we > can do with our VMs, be that TemplateVMs or AppVMs. > > Before I stumbled on to Qubes I had dreams of running my electronic life > much like Qubes is designed today. I don't even mean the security it > provides, just the plain freaking awesomeness of how quickly one can > achieve certain things. Just something as simple as spinning up a new VM > just to test something. ZFS can improve current functionality. > > OmniosCE is under active development I have been a part of that > community for a while. I can recommend it. > >> However I got your point. >> >> Thanks for clarifying. >> >> Regards, toptin. >> >>> >>> ~Jeff Kayser >>> >>> -----Original Message----- >>> From: [email protected] <[email protected]> On >>> Behalf Of Toptin >>> Sent: Monday, August 10, 2020 9:30 AM >>> To: [email protected] >>> Subject: Re: [qubes-users] Why Fedora? >>> >>> This email originated from outside the organization >>> >>> Jeff Kayser: >>>> Here is one reason to use Fedora. >>>> >>>> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >>>> fossmint.com%2Fwhich-linux-distribution-does-linus-torvalds-use%2F& >>>> ;data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793fa >>>> ce08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C6373267377 >>>> 62988903&sdata=dPvgOWqLbgomi%2BMnI1TqGMqdebCxwUBLQQmiFehVNy0%3D&am >>>> p;reserved=0 >>> >>> Ah, see... Mr Torvalds is your God. That isn't a reason at all. But >>> thanks you put a smile on my face. >>> >>>> >>>> ~Jeff Kayser >>>> >>>> -----Original Message----- >>>> From: [email protected] <[email protected]> On >>>> Behalf Of Chris Laprise >>>> Sent: Monday, August 10, 2020 9:18 AM >>>> To: [email protected] >>>> Subject: Re: [qubes-users] Why Fedora? >>>> >>>> This email originated from outside the organization >>>> >>>> On 8/10/20 12:05 PM, Toptin wrote: >>>>> Dear Qubes Users, >>>>> >>>>> I'm currently digging my way through the exceptional good Qubes >>>>> documentation. Everything is nicely explained as to why a certain >>>>> decision / implementation was made, except for the use of Fedora as >>>>> main distribution. >>>>> >>>>> I wonder what's the rationale of that decision; Fedora 25 isn't even >>>>> supported anymore. No offense or critic intended, just curiosity. >>>>> >>>>> Regards, toptin. >>>>> >>>> >>>> IIRC the core Linux developer for Qubes stated that Fedora was >>>> simply what he was used to when starting the project. >>>> >>>> Since then an issue has been open to replace Fedora in dom0 with >>>> something else. >>> >>> Yep, that's more like it. Thought something like that. >>> >>> Thanks both of you for your response. >>> >>> Regards, toptin. >>> >>> >>>> >>>> -- >>>> Chris Laprise, [email protected] >>>> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith >>>> ub.com%2Ftasket&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7 >>>> Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7 >>>> C0%7C0%7C637326737762988903&sdata=rf5LyRZwJn4dfRrEEFcLntVnlgT2qQxy >>>> MEBgXjzfmKI%3D&reserved=0 >>>> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwit >>>> ter.com%2Fttaskett&data=02%7C01%7Cjeff.kayser%40thehackettgroup.co >>>> m%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518 >>>> d%7C0%7C0%7C637326737762988903&sdata=91Nba%2F%2FMjm47xk1d%2BnTb9C3 >>>> K99uzoIEzj%2B8TAzxIMSU%3D&reserved=0 >>>> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "qubes-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fqubes-users%2Ff27b8bcd-9f82-7aa0-799e-c5887ce4ca79%2540posteo.net&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326737762988903&sdata=hJxGmBtxsge7s6vFXKQ3Xt98igaCbAr6O%2BIrzLBTgUI%3D&reserved=0. >>>> >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "qubes-users" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> To view this discussion on the web visit >>> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fqubes-users%2Ff2534e20-77c3-976d-100a-3e6f7065f04b%2540riseup.net&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326737762988903&sdata=PhM7n3XyB%2F4HzHSYzdb4ehqIfd%2B4LPZDIT6sIK5z%2F6U%3D&reserved=0. >>> >>> >> > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38f28d2d-0821-efff-5025-315fd75a6126%40riseup.net.
