[clug] Talk Proposal: QubesOS

Steven Hanley sjh at svana.org
Thu Jun 25 20:53:59 MDT 2015 

Hi Paul

Looking forward to it, next month would be awesome as we discussed last
night (Thursday July 23rd).

	See You
	    Steve

On Fri, Jun 26, 2015 at 11:05:30AM +1000, Paul Harvey wrote:
> I've been using QubesOS https://www.qubes-os.org/ for over 6 months,
> and although it's complicated my life a little, I now feel naked
> without it!
> 
> I'd like to talk about why Qubes is more than just a bunch of VMs:
> - Helps mitigate against hostile USB devices (I'll bring a USB rubber
> ducky configured for hostility, just to demonstrate)
> - Helps contain malicious PDFs and (eventually) other documents
> - Helps mitigate flaws inherent in the now decades-old
> design/architecture of X11, while at the same time giving a unique,
> somewhat seamless GUI experience for running different apps in
> different VMs
> - Helps contain exploits that might occur in kernel network drivers
> - Helps reduce the scope of malware impact by containing its influence
> to just a few filesystem locations that actually persist across AppVM
> reboots: Eg. /home and /usr/local directories (the rest of the root
> filesystem usually comes from a template rootfs that's instantiated on
> every AppVM start)
> - Provides a neat point & click way to chain different networking VMs
> together in front of any of your AppVMs (firewall, IDS, proxy, Tor,
> etc)
> - Improves memory utilization by using fancy xen stuff to
> share/release free memory among running AppVMs
> 
> ... among other things (now that I've written that list perhaps I
> should work on cutting it back a bit).
> 
> I'm used to giving 30-45min talks, but let me know the best format for
> CLUG: obviously there's a lot of rabbit holes in Qubes and Xen that
> could individually take up 30mins by themselves, I'd like to keep it
> at the level of "here's a thing that lets you have more control over,
> and confidence in your computing environment".
> 
> My goal is that you should come away from this talk knowing that there
> is a better way to compartmentalize your computing than just running a
> bunch of VMs :)
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

-- 
Steven Hanley sjh at svana.org http://svana.org/sjh/diary
then she is wet behind the ears and wafting down the avenue
pre-rush hour, post-rain shower
stillness seeping upwards like steam
   Tamburitza Lingua - Revelling - Ani

More information about the linux mailing list