[clug] Talk Proposal: QubesOS

[Paul Harvey]

I've been using QubesOS https://www.qubes-os.org/ for over 6 months,
and although it's complicated my life a little, I now feel naked
without it!

I'd like to talk about why Qubes is more than just a bunch of VMs:
- Helps mitigate against hostile USB devices (I'll bring a USB rubber
ducky configured for hostility, just to demonstrate)
- Helps contain malicious PDFs and (eventually) other documents
- Helps mitigate flaws inherent in the now decades-old
design/architecture of X11, while at the same time giving a unique,
somewhat seamless GUI experience for running different apps in
different VMs
- Helps contain exploits that might occur in kernel network drivers
- Helps reduce the scope of malware impact by containing its influence
to just a few filesystem locations that actually persist across AppVM
reboots: Eg. /home and /usr/local directories (the rest of the root
filesystem usually comes from a template rootfs that's instantiated on
every AppVM start)
- Provides a neat point & click way to chain different networking VMs
together in front of any of your AppVMs (firewall, IDS, proxy, Tor,
etc)
- Improves memory utilization by using fancy xen stuff to
share/release free memory among running AppVMs

... among other things (now that I've written that list perhaps I
should work on cutting it back a bit).

I'm used to giving 30-45min talks, but let me know the best format for
CLUG: obviously there's a lot of rabbit holes in Qubes and Xen that
could individually take up 30mins by themselves, I'd like to keep it
at the level of "here's a thing that lets you have more control over,
and confidence in your computing environment".

My goal is that you should come away from this talk knowing that there
is a better way to compartmentalize your computing than just running a
bunch of VMs :)