Software developer and security researcher. Currently working on Spectrum. Follows are not endorsements.
I would absolutely love to see something like this:
Based on Nix or similar.
Fully declarative.
Building and execution is fully sandboxed, ideally using micro-VMs.
Accessible GUI for end-users to use.
Signing of both build inputs and outputs.
Multiple binary caches that cross-check each other to ensure that if one of them produces a wrong output, it is detected.
Does not require root privileges to install software.
People have stuff to get done. Telling users that they shouldnβt run the software they need to use because of security just gives information security experts a bad reputation. Itβs our job to give users a way to do what they need to do without horrible security risks.
Our job is not to tell people they shouldnβt be playing video games. It is not even to tell them that they need to buy separate hardware for them. It should be to provide them a way to run the games with near native performance without compromising the security of their system, and to make that way so easy that it becomes just how people do things.
If we settle for anything less, we are accepting that the systems of a huge portion of the worldβs population will never be secure. I am not willing to surrender that fight.
@QubesOS@mastodon.social is not the most secure operating system ever. It is, however, the most secure operating system that is not only used by tens of thousands of people, but is also used for its own development. The official Qubes OS installation images are built on Qubes OS, and the infrastructure that does this uses Qubes OS-specific features.
To the best of my knowledge, no other compartmentalized operating system meets this criterion.
@GrapheneOS@grapheneos.social and various operating systems based on @sel4@fosstodon.org are awesome, but they arenβt used for their own offical builds and day-to-day development because they are not suitable as development platforms. To be usable as a development environment, a new OS must:
- Be able to run complex, existing applications, such as web browsers, that typically were not written with that OS in mind. This means that existing applications can and have been ported to it if necessary.
- Be able to execute code that was just compiled. This is typically incompatible with strict W^X. There are workarounds but they are generally very ugly hacks incompatible with many build systems.
- Support spawning tasks in response to a humanβs command, and possibly allocating a very large fraction of system resources to these tasks. This means that the system is able to adapt to workloads that were not known when the system was created, and excludes any OS that relies primarily on static partitioning.
In short, βIs this used for its own development?β is a very good test to distinguish operating systems that are general-purpose from those that are not. Most general-purpose OSs do not focus on security and most secure OSs are not general-purpose. Qubes OS is both secure and general-purpose, and only another secure general-purpose OS can truly be a competitor to it.
Time for an #introduction!
Iβm a software developer and security researcher. Iβm interested in security in general, but my main interest is in reasonably secure systems that people can actually use for their day-to-day tasks. That means fully dynamic systems with a human at the console that are capable of running the workloads humans actually want them to run, like web browsing.
At some point I might make a separate post for followers.
Apparently open source Synapse will crash at 160 events per second. What the heck????
If an HTTP server could only handle 160 requests per second, I would be this close to considering it a denial of service vulnerability. That is abysmal.
I am fed up with Matrix right now.
If they canβt stop CSAM and gore they should block media altogether. I am 100% serious here.
Centralized platforms have their problems, but from the perspective of not seeing illegal imagery, they are much, much safer.
There are applications that legitimately need βhere is a big list of contacts/files/etc up frontβ. Contact discovery is one of them, and there is no practical way to implement it at scale without requiring some central server to have access to all the contacts a user might want to get in touch with. One can try to ensure that server will never reveal the plain text, but that is all.
If you have thousands of contacts, selecting them one by one is slow. It doesnβt surprise me at all that messaging apps ask for the Contacts permission: I know of no other approach that will have good user experience.
I would absolutely love to see something like this:
Based on Nix or similar.
Fully declarative.
Building and execution is fully sandboxed, ideally using micro-VMs.
Accessible GUI for end-users to use.
Signing of both build inputs and outputs.
Multiple binary caches that cross-check each other to ensure that if one of them produces a wrong output, it is detected.
Does not require root privileges to install software.
People have stuff to get done. Telling users that they shouldnβt run the software they need to use because of security just gives information security experts a bad reputation. Itβs our job to give users a way to do what they need to do without horrible security risks.
Our job is not to tell people they shouldnβt be playing video games. It is not even to tell them that they need to buy separate hardware for them. It should be to provide them a way to run the games with near native performance without compromising the security of their system, and to make that way so easy that it becomes just how people do things.
If we settle for anything less, we are accepting that the systems of a huge portion of the worldβs population will never be secure. I am not willing to surrender that fight.
@QubesOS@mastodon.social is not the most secure operating system ever. It is, however, the most secure operating system that is not only used by tens of thousands of people, but is also used for its own development. The official Qubes OS installation images are built on Qubes OS, and the infrastructure that does this uses Qubes OS-specific features.
To the best of my knowledge, no other compartmentalized operating system meets this criterion.
@GrapheneOS@grapheneos.social and various operating systems based on @sel4@fosstodon.org are awesome, but they arenβt used for their own offical builds and day-to-day development because they are not suitable as development platforms. To be usable as a development environment, a new OS must:
- Be able to run complex, existing applications, such as web browsers, that typically were not written with that OS in mind. This means that existing applications can and have been ported to it if necessary.
- Be able to execute code that was just compiled. This is typically incompatible with strict W^X. There are workarounds but they are generally very ugly hacks incompatible with many build systems.
- Support spawning tasks in response to a humanβs command, and possibly allocating a very large fraction of system resources to these tasks. This means that the system is able to adapt to workloads that were not known when the system was created, and excludes any OS that relies primarily on static partitioning.
In short, βIs this used for its own development?β is a very good test to distinguish operating systems that are general-purpose from those that are not. Most general-purpose OSs do not focus on security and most secure OSs are not general-purpose. Qubes OS is both secure and general-purpose, and only another secure general-purpose OS can truly be a competitor to it.
Time for an #introduction!
Iβm a software developer and security researcher. Iβm interested in security in general, but my main interest is in reasonably secure systems that people can actually use for their day-to-day tasks. That means fully dynamic systems with a human at the console that are capable of running the workloads humans actually want them to run, like web browsing.
At some point I might make a separate post for followers.