Turn your IT hobby into a job!! Learn Linux and other skills with ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link 🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy TIMESTAMPS --------------------------------------------------- 0:00 ⏩ Intro 1:00 ⏩ What is Qubes OS? 3:55 ⏩ How Qubes works - App Qubes 5:40 ⏩ Service Qubes 7:41 ⏩ Qubes OS SYSTEM REQUIREMENTS 9:28 ⏩ STEP 1 - Qubes OS Install - Download Qubes 10:35 ⏩ STEP 2 - Virtual Machine Setup 13:33 ⏩ STEP 2 - Physical Machine Setup 15:46 ⏩ STEP 3 - Installing Qubes OS 17:17 ⏩ LINUX QUIZ CHALLENGE!! 18:42 ⏩ STEP 4 - Initial Qubes Configuration
One useful analogy that I explain to people about security. You basically have a slider. At one end is secure and at the other end is usable and your risk tolerance sets the slider position.
not neccesarily, even if your system is compromised at for example UEFI level(which every consumer computer is compromised at that level), if you can properly isolate your work environment then there is a good chance its still protected.@@Arachnoid_of_the_underverse
One of the reasons why they advise against using nested virtualization is because it negates some of the privacy benefits of Qubes. The Virtualized networking in Qubes is IMO it's best feature. The firewall isn't an add-on to the OS like other OSes but rather an integrated feature like Tails. You can completely control what packets leave your computer, choose what avenues they take (vpns, tor, proxy chains, et)., Create combinations. Whitelist/blacklist ips and apps. If you throw Qubes on a normal OS and virtualize it, the host OS will leak packets. If virtualized on Windows 11 things are even worse as Windows has practically become a keylogger.
quote: " If virtualized on Windows 11 things are even worse as Windows has practically become a keylogger." AMEN there. I've been on windows for decades and it gets worse and worse every year with tracking and monitoring.
@@surfingsub5854 And it's about to get way worse with AI integration,. Big brother is almost here. Putting aside the legal aspects , from a spying capability standpoint soon pretty much everything we do on our computers will be tracked by AI. I think once people understand the power that governments and corporations will have with AI running on our computers you will see a huge interest in OSes like Qubes. It's not quite average consumer friendly yet but from privacy capability standpoint it's far superior to any alternative I've tried. Tails is ok from privacy end of things but not as versatile. AI has its uses so I'll still use windows too but when I want privacy I switch to my linux box and a variety of virtual instances.
@@MrAw3sum Too long a list to write all the sketchy privacy things windows does but I can tell you the biggest one.... encrypted mystery telemetry. Windows computers are contacting Microsoft servers constantly and we have little clue what data they are sending. Microsoft is vague in describing precisely and there is no built-in feature to turn off telemetry entirely. THere is a third party tool called ooshutup10 that can shut off telemetry but if you are inexperienced I wouldn't recommend it. I don't use myself because turning of features with telemetry can have negative side effects and Microsoft can turn telemetry back on with any given update. It was too much of a time waster for me to use. The approach I would recommend for semi-privacy is get a second computer with some linux distro on it and use that when you want to do something more private. Don't use your real name or connect to any service that uses your real name when using it. Ubuntu would be good choice with a newb. (Qubes is still for advanced users at the moment). Maybe subscribe to a VPN service that you can also use on that computer. Keep in mind though, obfuscation is not pure anonymity. IMO only someone very experienced in tech has any practical hope of that online. And even then it's a lot of work and impractical for daily driver. If anyone plans to send nuclear secrets to North Korea from their home the NSA will get them lol.
I drank the QubesOS Cool Aid for a few months, but I got out of it. It's important to understand that, like all security models, this system is only able to protect you from the specific threat model it was designed for. In particular, QubesOS was designed to protect from information leaks caused by software flaws.
@@DarnIDidntKnowThat Ever hear your friend or family talk about how their social media account got hacked? Well... the account didn't get hacked *THEY* got hacked, by getting tricked into doing something dumb. By far, the largest percentage of "hacks" on the internet are social engineering, not software exploitation. QubesOS protects you to a very high degree of confidence from software flaws. It doesn't stop you from being dumb on the internet though.
I'll try to answer but obviously I can't read his toughts... Qubes OS is extremely good at compartmenting your activities (and no contrary to what @NetworkChuck said, setting up VMs is not as secure (there are some explaination in the Qubes OS documentation). But it won't protect you against tracking (cookies) unless you make use exclusively of disposable VMs via Tor (as your IP otherwise is the same from one Qubes to another from the perspective of web servers tracking you via Google/Facebook or whatever other tracker). You can have one of the most secure password manager (half of it, the wallet is in a disconnected from the network qubes, the other half is connected to clients Qubes leveraging PgP). The most important thing is I believe to help educate people about "true" security. Once you've spoken with people in this community you start to grasp how much you don't know about security when you though you were the boss using your Kali VM.
It's a cool idea but it's a pain for the avg user to navigate it etc. Installation can be a nightmare as well. I think it'll be another 5 years or so before it's more mainstream. Personally I want the VM manager stuff in a normal Linux setup. Take out the annoying stuff like separate keyboard copy buffers etc and just allow it to dumb paste into where ever but have the VM seperation and you've got my ideal OS.
@@skilletpan5674 If I'm being honest, QubesOS has other issues as well. I just didn't care to comment about them as it's likely to start an argument that I don't want to be involved in.
Nothing is cooler than running windows 10, 11, Mac, Kali, Debian, Fedora, Mint, Ubuntu, & Arch all right next to each other in Qubes! I hope you will give 4.2 another chance! If you're committed to moving on to something else perhaps you would consider creating some content for the Xen hypervisor? Thanks for another informative video chuck! Looking forward to more!
I used it for about 4 years as my main OS for my development machine with Debian in the VMs. I don't have too high security requirements, but I like the compartmentalization. There wasn't anything to hate in my opinion. It worked really well all the time - until recently. An update broke my install and I wasn't able to repair it. I tried NixOS, as I planned for a while, and I'm hooked and switched away from Qubes. Not as secure, but I can't resist the declarative configuration.
@infonotforsale-dx2nb It's easy enough to make backups. Security always comes with some inconvenience. It's a niche and therefore has limited resources. If you do need the security it's definitely worth it. If you don't need it then it's not so clear cut but they are very clear about who their target audience is. I don't see a reason to just discard it.
I so want to use Nix, but EndeavourOS has not given me a reason to change for almost two years now :( I do tinker with it on an old computer though. At least i have the config ready if i need to pull the trigger on my main one. :D
I love Qubes. Sure there is a steep learning curve but once you got used to it it's hard to go back to a regular OS. Having an hypervisor running as the main OS on your computer allows for a lot of things, it goes beyond security. I keep using it not because I have to for security, but because I really love it.
"nobody cares about it" until macos adds it. @@the_alien293 , you remind me of my brother who hates linux. that's exactly like saying that "i want the internet to run on fast hardware with software that slows it down" since windows is incredibly slow especially compared to linux. most of the websites on the internet are running of of some GNU based OS (or alpine linux lol)
Small correction! During the installation, a window from sys-whonix popped up asking you to connect/configure a tor connection. You say that it's asking if the whole system should be torified, but that's not what the prompt is doing. It's just asking whether sys-whonix should connect directly to the tor network, or if it needs to have a bridge configured. In fact, due to the nature of QubesOS, sys-whonix wouldn't be able to make that kind've system-wide change even if it wanted to.
Rufus is good, but have you tried Ventoy? It lets you create a bootable usb once, and then you can just drop iso's onto it, letting you select the right one through the bootloader.
Although a window manager like dwm is more auditable than xfwm and its related components, there are aspects of the qubes user experience that effectively require that the graphical interface have more functionality both through daemons and interface options. Inter-qube clipboard, inter-qube file transfer, managing allocation of hardware device access among qubes all require daemons to track clipboard usage, new right-click options in both the guest and the hypervisor interfaces, and a significant amount of python scripting to glue it all together. Personally, I'm trying to weigh the completed form of qubes' user experience (for lack of a better term) vs making containers and small VMs on a more minimal distro where I could run dwm and friends as the defaults.
In fact it is one of the core benefit vs having VMs, because if what is running in your graphics card guest compromised, you lost. With QubesOS (you don't natively have GPU/3D), each VM paint it's "display" using a virtual graphics card, the windows manager, which runs in Dom0 is copying this frame-buffer in your video card frame buffer. It also leverage this functionality to "remove" vulnerabilities in PDF (which may compromise your printer for example). It use a disposable VM to render the PDF, and another disposable VM to capture the image of the rendered PDF and then generating a PDF with all the pictures.... You loose the copy/paste functionality, but your target PDF can go in your safer research qubes without being a risk of compromising your PDF reader. All of this is "transparent" (if I remeber it is just a "send to PDF cleaner" type of right click menu.
Ngl, the idea of "Why don't we just run each app in its own little sandbox" crossed my mind several times, but to see an OS spin up a whole XEN VM for it... Wow. Cool concept, and fact that they got it so far already.
The problem with this is, it will be hard to run programs (for a normal computer user atleast). For example lets say you download minecraft mods, and you use a mod manager. The program need to find minecraft order it to run.
@@RavDeBest lol that can be configured it is like docker the linkage is via uuids you can have parts of the Software running in the other part of the earth
I really enjoyed the questions segment. It was really well done, nicely made, fun to learn from and challenging to someone who is learning. Great content mate keep it up and thank you!
I use Qubes OS as my daily driver. Good points are that i am so much faster than everyone i work with at spinning up test VMs. My Facebook etc is not visible in my work etc. Also if i share my screen in slack Qubes only makes windows visible in the qube that slack is executing in. The strict networking is great for testing our networking product. The things that suck are i have a new laptop and have been running the beta version with a few quirks. I sometimes find the USB camera can disconnect meaning i have to add remove the software device to the qube. Audio can sometimes be a little weird. However i do think it's awesome. I also have Windows and FreeBSD qubes up and running as well
@@jaredclark3231 it's okay. No sound and haven't got the clipboard integrations working yet. Speed wise it's okay but I've got plenty of RAM and CPU for it. Does what I need to test some windows software.
@@vk3fbab Damn. Yeah i keep hearing how buggy it is. I wonder if theres any way to fix that problem. If that gets fixed this distro would be bulletproof…
@@jaredclark3231 sound seems like a no go because someone needs to make a windows driver that can pipe the audio into pulse audio. Don't think it's high on anyone's radar. I think the clip board can work I just wasn't able to get it working and haven't gone back to look at it
00:01 Cube's OS is focused on extreme security measures. 01:40 Securely run multiple virtual machines on one computer 04:55 Templates help in maintaining and updating core applications. 06:44 Qubes OS treats Dom zero as the most trusted and critical part of the system 09:55 Setting up a secure OS using Rufus and VMware Workstation player. 11:36 Creating a virtual machine with Fedora 64bit OS 15:03 Disable secure boot and select boot options for OS installation 16:38 Installing Fedora 11 hoix with default options 19:54 Running your own virtual machines provides better security options
Qubes OS was invented by my compatriot Joanna Rutkowska. So, one more reason to be proud. And by the way you should focus on the newest version and Qubes OS should be installed on hardware that is supported, what was written a long time ago on their website. I know about this OS since it has been released. I really like it.
@@surfingsub5854 The reason for the old hardware is Intel used in newer processors a backdoor to control your network, you may ask the NSA what it really does ...
I got a score of 100 points! (out of 120) The only question I didn't get was with Linux containerization. (Something I haven't messed with or learned about yet.)
Second google hit " But unlike a virtual machine, rather than creating a whole virtual operating system, containers don't need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application."
Fun fact: portable rufus installs exactly the same way that regular rufus does, the only difference is that it creates a properties file in the same directory that it is in. They explain it in their FAQ - "Difference between portable and non-portable versions".
Based on the title I was expecting an OS so locked down it was painful to just use. I know security does not equal usability. But Qubes OS looks awesome! As soon as you started spinning up VMs on the fly my mind was blown at how cool that was! There are some obvious drawbacks, like needing an ungodly amount of RAM for the more stuff you throw at it, but I'm sitting over here thinking, "I could actually daily drive this and it wouldn't be that bad! Realistically, I wouldn't daily it, just have some fun, and be aware if I ever need something crazy secure, I know the OS to go to. But this is very usable! Which goes to show, security, even really good security, doesn't always need to burn usability to the ground to be effective.
Okay first things first before ADHD makes me side rail myself, I got two wrong (double guessed my self on the chroot one). Second thing, I love how you ended the video "I don't care I'm just still going to use Windows, Linux, & Mac". Keep on being awesome Mr. Chuck!
2 mins in......interesting! Simple idea but....complex creation. Never heard of this one, and i have no worries about privacy, well no major worries right now(future worries 100% given the worlds agenda lol).....but this is interesting. Thanks Chuck! and not even oddly enough, i had just made a cup of coffee🤘
Great video Chuck, just installed Qubes on my new laptop. Wasn't as hard as you hyped it up to be glad to say. Probably because it's a brand new laptop
Qubes runs so much better on physical hardware instead of in a VM. Much faster. I love it, but I use too many apps that don’t support linux so I’ve had to switch back.
@@trueriver1950 I had a lot of issues running Windows VMs. (I just couldn’t find the right settings for them at the time a couple years ago). My experience is all a couple years ago. Now I’m on Mac for work and don’t even bother with a personal computer.
That's the entire purpose of windows, Mac, and Android controlling the os, software and hardware markets... because they all are fully onboard with allowing and have govt tracking/spyware and back doors baked deep within the os. As do many 3rd party software such as quickbooks, browsers, email, social media, etc Every instance of being online is picked up through these operating systems, can be logged, cached, transmitted etc. and they can infiltrated the lan
As a tip for the ROG laptop you can also hit the BIOS menu by hitting escape (before the ROG logo pops up). You may need to press several times but once you figure out the timing, you can get it fairly consistently by just pressing once. Also this OS is interesting but I feel like it's more practical (for me at least) to use more established methods for making VMs. If you want to go the extra secure route, I'd prefer using Whonix in a VM but that may be me. Edit: Tails OS is not usable in VMs but Whonix is. I got them mixed up.
Qubes is doing what I imagined for an OS that can run multiple apps for different OS, like I can run an Android app and an iOS app and a linux app and a windows app all at the same time.
Practical things like that are not the focus of the system. We all know a security project is best when only guys hunted by the FBI are willing to put up with using it.
I've got 120 but last 2 questions was kind of guessing by choosing what sounds more reasonable, or by eliminating definitely wrong answers because I used chroot couple of times before and the only thing I remember that it is applied to directories.
A very good video. The only problem is: every time you suggested taking a sip of coffee, my cup would already be empty and I would have to get a new one.
Nice! Have you tried the BlackOut stuff? I just got my first bag the other day and.... It's seriously the best coffee I ever had. Just throwing that out there, from one coffee lover to another.
I tried a test build on an old rig (i7-2600k) and it threw up a slew of errors during installation about the age of the hardware and missing vital hardware support for virtualisation or encryption support (going on a 4 month old memory there). I found USB support for the console kept failing, it just looked like something that wasn't workable unless you had far more contemporary hardware. A real shame because I was curious to see how this worked in a practical sense too.
18:34 I got 60 points. I embarrassingly got the second noob question wrong because I thought su means switch user and assumed that the su in sudo must mean the same thing. I knew about systemctl because of a brief adventure in Arch where I had to use it A LOT! I got the second expert question right only because I knew it couldn't be A, B or C, not because I actually understood what D meant lol. That was fun though, haha.
Impromptu Quiz: Welp, apparently I haven't meddled in CGroups yet; 90 points, also kudos to Qubes for using the old Windblows xp silver theme style & for making an OS that I would be putting on my dads laptop (if only it could handle it...)
I got lucky on the Cgroup question, I was unsure but I went with my gut and said C so I actually got a 120! Great video and a cool OS I might have to poke around if I can pick up a laptop to play with
I experimented with Qubes OS, and while it offers some interesting features, the initial setup can be quite time-consuming, especially when configuring multiple virtual machines (VMs) and installing various applications. Customizing VMs or updating default ones can be a bit of a hassle, and I encountered issues with the performance of GNOME Desktop Environment (DE) VMs. Additionally, switching the dom0 to KDE resulted in app display problems, so I opted not to make that switch. Regrettably, I found myself exhausted from the extensive tinkering required, even before personalizing my guest VMs or attempting to set up a Windows VM. Eventually, I decided to install a different operating system on my disk. However, this process also proved challenging due to the modifications Qubes makes to the disk, making it somewhat cumbersome to override. at the end I just went back to Nobara KDE.
"Nobara KDE" - Yes, great work there. On one of my laptops it works great. On high-end desktop though too many instability issues and Windows VM builds and boots first time but after rebooting main computer and coming back the Windows VM hangs and won't run anymore. Hoping that Fedora makes some other updates in 40 to correct such issues. I simply don't have time or energy to tinker with it. Do love it on my laptop though.
$30-50 for a spare SSD and a means of booting to it when, and only when, you want, makes learning and experimenting with a new OS a lot less painful than dedicating an internal system drive as your one-and-only.
The absolute vast majority of my private info that is found on the "dark web" is due to the negligence of various organizations whether its a private company i.e. Sony, or a government organization i.e. OPM.
haha, I haven't been to your channel in a long time, I even forgot how much you love coffee. I am an aspiring Systems Administrator. I am such a slow poke. Been wanting to get into IT for 5 years yet I still don't have my first IT job. Spring 2024 will change that. I'm not back, but just checking in. Subscribed for life. See y'all later.
One question, you used Rufus with DD mode . How do you recover that usb after writing in DD mode ? Is it even possible to revert it to unbootable usb storage?
@@volvo09 I did it once, and then tried to create a partition but Diskpart failed to create one. And then the flash drive died .When I connect it to my PC Windows recognizes something is connected to it but not as a storage device , nor a disk .
I don't know kasm workspaces has an option to erase everything if you log out. I'll probably just stick with that is it works really well and it's super simple to set up.
Some help please … * Upon booting, I'm greeted with two error messages: Line 1: "Error: File '/boot/grub2/i386-pc/efi_gop.mod' not found." Line 2: "Error: File '/boot/grub2/i386-pc/efi_uga.mod' not found." * Despite the errors, the installation menu briefly appears less than a second after booting.The menu includes options such as "Install Qubes OS," "Test Media and Install Qubes," and troubleshooting options. * Upon selecting "Install Qubes OS," I encounter a black screen with a blinking white cursor (_). * I successfully installed Qubes OS on this same computer approximately one year ago without encountering such issues. Any suggestion ?
Windows 10/11 does have built-in feature, similar, but not the extreme like Qube, it allows you to open and instance of Windows running on a hypervisor completely isolated. Edit: It's called Windows Sandbox
I followed alot of guides on how to install that operating system and you were the only one who explained about understanding if your computor is capable of running it but anywa I just gave up on linux all together never got any of them to run correctly.
I run multiple live Tails instances inside of isolated Qubes for each context of my life while running it all virtually on an air-gapped homelab that only connects to the internet via morse-code transmitted over HF CB Radio via Tor 😂
Funny, reminds me of the old secure VAX VMS OS, from the 80s. Every application had almost 200 permission flags, for devices and operation. A super pain to administer, this seems to be a lot simpler. Thanks
And here I always thought OpenBSD was the most secure OS. This one just feels like overkill, but considering some of the threats out there maybe there's no such thing as "overkill."
i have used kali for years dual boot with windows 11. i tried qubes os on my pc, and when booted i had no idea at all where to begin from, i could not connect to the network, etc. but after watching this video i now have a clue where to begin from. after taking my cisco ccna i know what type one and type two hypervisor and the whole video was awesome to me.
I'm not a software guy, but this sounds like it operates a lot like BlackBerry OS10/QNX. From what I've read about BBOS10 (it's a mobile OS, but I'm sure it would run just fine on a PC as QNX does, which it's based) it 'sandboxes' applications so that they can't disrupt the core of the OS. It also had/has separate environments that can't be crossed over (work/personal work spaces)... it was essentially two phones in one device, and I believe there were dual SIM models that would assign each SIM to its own work profile. QNX is also a Hypervisor OS (type 1 as well). It's used in almost all automotive, industrial, medical systems etc.
Considering the steep hardware requirements, I fail to see how this is any better than a Virtualization server running something like Proxmox VE and you essentially creating a VM for each app you want to use.
What other purpose could a online title serve? Whenever someone dislikes what they've clicked on, then it's clickbait. Every title is clickbait. That's literally the one & only purpose of a title. Thanks for pointing out what titles are for.
@@bruhda7469 My definition of clickbait is having a video where the title and thumbnail are different from the video content and the "I hate it" part made me think he'd have points towards why not to use it.
So, it's a Xen system with preconfigured templates for VMs for apps and different things and a bit of GUI to make it fairly usable. It was just a matter of time till somebody made something like that. Not sure what took them so long. Yeah, I'm sure it's cool if you need that kind of security, but it's not for everyone. It's resource-hungry and slow and a bit cumbersome to use compared to normal OSs.
May I suggest something? Maybe it bothers just me, or maybe there're others too. I find your channel very informative, yet I sadly end up leaving every time. Those cuts in between sentences, even words. So frequent, and since there're no pauses after the cuts, it is hard to put up with, repulsive even. I don't get it. OK, like most, I prefer shorter when possible. But there should be more realistic approaches to keeping viewers watching... Besides I don't think those cuts amount to anything significant, 2 or 3 minutes at most... The way you speak is already way fast to get everything comfortably. And those unnatural cuts in between, sound... Well all I'm trying to say is, your content is a treasure man. Why not treat it as such? Oh please people I know about playback speed setting in RUclips. Just try yourself... Oh and those noises (?) İn the background... Kind of resembles something like music... They become fantastic when the video is slowed down. Brain wash network connected... Subliminal torture is starting in 3... 2... 1...
9:09 Cant run on a VM (Which I do understand, as running a VM on a VM gets some seriously weird issues lol) which is a real bummer :( I was hoping to do a test run on it in VM and I ain't setting up a duel or multi-boot for it on my main system. You know I will attempt to run it on a VM though lol just out of curiosity :) Otherwise without Qubes, I have every other OS available in a VM which I can run at any time and bin if it gets compromised :) Well done video so far :) > 10:49 I typically run off VirtualBox, but interesting that VM Player works, which means I could likely get it up on VBox with the right settings :P Me wonders if the test was on VBox 6.x or 7.x? 15:55 Just be aware if you are running VBox on Windows you may need to turn off "Hyper-V" in Windows features. It messes with the virtualization, on virtualization on Virt... issue that Qubes warns about. I had issues with some other OSs on VBox because of it. I think it steals focus or interferes with the hardware virtualization you just covered so VBox can't use it correctly. > 20:12 I kind of like my own Ubuntu build that has a kind of light Lubutu feel about it with some select security upgrades. Only takes about 30sec max to shutdown a compromised session, restore the default .vdi/,vhd and reboot :) > Thanks for taking us over Qubes :)
part of the security comes from the management container dom0 and its interaction or lack of with the other vms. it's kind of like local out of band management from my research. some of qubes' underlying foundation is built around vm aware malware (vm hoping is a thing).
You may feel that that gives the impression it's something to get excited about but. Your teaching people who have to take time to grasp what you're saying. I've noticed that this is a common problem with many other RUclipsrs too slow down. Yeah I can set the speed
Chuckkkkk please upload more frequent videos!!!! I learned a lot from you within the past 2 years! There is literally nothing left to watch. I would love to see more RPI videos Hacking videos, LETS DIVE IN!!!!!!
I got it working on a 12 year old dell laptop with just 8Gb of ram and 250Gb of storage and indeed an intel that's 64 bit with VT-x. They have that for about 20 years now I guess... But indeed, it is not quick; starting up an entire linux kernel plus underlying OS is going to take a few moment at startup. And it is limited, especially when you would like to use the graphics card directly for, for instance, blender or running a machine learning model.
Please always verify signature of the downloaded files when talking about security and privacy. They could have been tempered with before even downloading them,
I love the idea and I was able to get it to install on an older low power laptop but too slow to work with. Tried to install on high-end laptop and desktop and both of them fail to complete install. Not sure if Fedora at issue but tried other builds still would not install. Part of the issue with complex builds though is that if there is an update that breaks it one needs to be very deep in the weeds to know how to fix it. Most of us probably cannot spend days or weeks with the OS not working. I suppose some people with multiple other systems at their disposal could. I'll wait another year or two to see how far along development has come to support high end hardware. Though their documentation does say it's not supported by most vanilla systems. But what they do support is old and slow.
My biggest issue is my "best" hardware speaking device is what I use for everything, which is well suited for QubeOS, but problems arise when you want to game with anything requiring Easy Anti Cheat. You then need a VM with GPU acceleration containing Windows. Not a problem if you purchase a second GPU. Unless QubeOS uses the onboard and uses passthrough to the GPU, which doesn't seem to work properly on other distros.
18:30 Are you sure about `chroot`? Chroot command (not system call) will not change filesystem's root of the currently running process, it will start a new process in a chrooted environment. E.g.: you have a Bash prompt, this Bash is your running process, you type `chroot`, it will start another shell inside chroot, it will not move the running process inside.
I'm 70, so I don't have the time for full courses. I just learn what I need to perform a task or something that's just interesting. Right now I'm having a problem with Virtual Box opening Windows XP. It has worked perfectly in the past, but doesn't now. VB opens, but it fails to open XP. When I get time, I'll try the old rubber chicken, delete and reinstall, to see if that fixes it.
Turn your IT hobby into a job!! Learn Linux and other skills with ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
TIMESTAMPS
---------------------------------------------------
0:00 ⏩ Intro
1:00 ⏩ What is Qubes OS?
3:55 ⏩ How Qubes works - App Qubes
5:40 ⏩ Service Qubes
7:41 ⏩ Qubes OS SYSTEM REQUIREMENTS
9:28 ⏩ STEP 1 - Qubes OS Install - Download Qubes
10:35 ⏩ STEP 2 - Virtual Machine Setup
13:33 ⏩ STEP 2 - Physical Machine Setup
15:46 ⏩ STEP 3 - Installing Qubes OS
17:17 ⏩ LINUX QUIZ CHALLENGE!!
18:42 ⏩ STEP 4 - Initial Qubes Configuration
Ok
Where did you get the 1TB SSD?
I am using internal SSD, what do I do for that?
So what happens if the template gets hacked? e.g. if a hack makes its way into Fedora, and you update? There goes your isolation.
hey im 15 a pentester think we can Collab if so reply to this comment or reply on one of my videos
One useful analogy that I explain to people about security. You basically have a slider. At one end is secure and at the other end is usable and your risk tolerance sets the slider position.
This is Over simplified way saying it for a Complex system.
Inverse correlation
@@fuzzytincan piss
You are only as secure as the weakest part of your system.
not neccesarily, even if your system is compromised at for example UEFI level(which every consumer computer is compromised at that level), if you can properly isolate your work environment then there is a good chance its still protected.@@Arachnoid_of_the_underverse
One of the reasons why they advise against using nested virtualization is because it negates some of the privacy benefits of Qubes. The Virtualized networking in Qubes is IMO it's best feature. The firewall isn't an add-on to the OS like other OSes but rather an integrated feature like Tails. You can completely control what packets leave your computer, choose what avenues they take (vpns, tor, proxy chains, et)., Create combinations. Whitelist/blacklist ips and apps. If you throw Qubes on a normal OS and virtualize it, the host OS will leak packets. If virtualized on Windows 11 things are even worse as Windows has practically become a keylogger.
quote: " If virtualized on Windows 11 things are even worse as Windows has practically become a keylogger."
AMEN there. I've been on windows for decades and it gets worse and worse every year with tracking and monitoring.
how is windows 11 like a keylogger and how do you stop it? I disabled some of the widget things and personalization things.
@@surfingsub5854 And it's about to get way worse with AI integration,. Big brother is almost here. Putting aside the legal aspects , from a spying capability standpoint soon pretty much everything we do on our computers will be tracked by AI.
I think once people understand the power that governments and corporations will have with AI running on our computers you will see a huge interest in OSes like Qubes. It's not quite average consumer friendly yet but from privacy capability standpoint it's far superior to any alternative I've tried. Tails is ok from privacy end of things but not as versatile.
AI has its uses so I'll still use windows too but when I want privacy I switch to my linux box and a variety of virtual instances.
@@MrAw3sum Too long a list to write all the sketchy privacy things windows does but I can tell you the biggest one.... encrypted mystery telemetry.
Windows computers are contacting Microsoft servers constantly and we have little clue what data they are sending. Microsoft is vague in describing precisely and there is no built-in feature to turn off telemetry entirely.
THere is a third party tool called ooshutup10 that can shut off telemetry but if you are inexperienced I wouldn't recommend it. I don't use myself because turning of features with telemetry can have negative side effects and Microsoft can turn telemetry back on with any given update. It was too much of a time waster for me to use.
The approach I would recommend for semi-privacy is get a second computer with some linux distro on it and use that when you want to do something more private. Don't use your real name or connect to any service that uses your real name when using it. Ubuntu would be good choice with a newb. (Qubes is still for advanced users at the moment). Maybe subscribe to a VPN service that you can also use on that computer.
Keep in mind though, obfuscation is not pure anonymity. IMO only someone very experienced in tech has any practical hope of that online. And even then it's a lot of work and impractical for daily driver. If anyone plans to send nuclear secrets to North Korea from their home the NSA will get them lol.
@@MrAw3sumits very penetrable
Pleasantly surprised to see this OS in your channel. Been following Invisible Things Lab like eternity, a talented team.
I drank the QubesOS Cool Aid for a few months, but I got out of it. It's important to understand that, like all security models, this system is only able to protect you from the specific threat model it was designed for. In particular, QubesOS was designed to protect from information leaks caused by software flaws.
pls elaborate?
@@DarnIDidntKnowThat Ever hear your friend or family talk about how their social media account got hacked? Well... the account didn't get hacked *THEY* got hacked, by getting tricked into doing something dumb.
By far, the largest percentage of "hacks" on the internet are social engineering, not software exploitation.
QubesOS protects you to a very high degree of confidence from software flaws. It doesn't stop you from being dumb on the internet though.
I'll try to answer but obviously I can't read his toughts... Qubes OS is extremely good at compartmenting your activities (and no contrary to what @NetworkChuck said, setting up VMs is not as secure (there are some explaination in the Qubes OS documentation). But it won't protect you against tracking (cookies) unless you make use exclusively of disposable VMs via Tor (as your IP otherwise is the same from one Qubes to another from the perspective of web servers tracking you via Google/Facebook or whatever other tracker). You can have one of the most secure password manager (half of it, the wallet is in a disconnected from the network qubes, the other half is connected to clients Qubes leveraging PgP). The most important thing is I believe to help educate people about "true" security. Once you've spoken with people in this community you start to grasp how much you don't know about security when you though you were the boss using your Kali VM.
It's a cool idea but it's a pain for the avg user to navigate it etc. Installation can be a nightmare as well. I think it'll be another 5 years or so before it's more mainstream.
Personally I want the VM manager stuff in a normal Linux setup. Take out the annoying stuff like separate keyboard copy buffers etc and just allow it to dumb paste into where ever but have the VM seperation and you've got my ideal OS.
@@skilletpan5674 If I'm being honest, QubesOS has other issues as well. I just didn't care to comment about them as it's likely to start an argument that I don't want to be involved in.
Nothing is cooler than running windows 10, 11, Mac, Kali, Debian, Fedora, Mint, Ubuntu, & Arch all right next to each other in Qubes! I hope you will give 4.2 another chance! If you're committed to moving on to something else perhaps you would consider creating some content for the Xen hypervisor? Thanks for another informative video chuck! Looking forward to more!
I used it for about 4 years as my main OS for my development machine with Debian in the VMs. I don't have too high security requirements, but I like the compartmentalization. There wasn't anything to hate in my opinion. It worked really well all the time - until recently. An update broke my install and I wasn't able to repair it. I tried NixOS, as I planned for a while, and I'm hooked and switched away from Qubes. Not as secure, but I can't resist the declarative configuration.
+1 for NixOS. Switching from Arch for the same love of declarative configuration, it's brilliant.
@@Ethorbit gonna read about it now
me too i was distrohopping for like 6 month i started my journy with distro hopping
@infonotforsale-dx2nb It's easy enough to make backups. Security always comes with some inconvenience. It's a niche and therefore has limited resources. If you do need the security it's definitely worth it. If you don't need it then it's not so clear cut but they are very clear about who their target audience is.
I don't see a reason to just discard it.
I so want to use Nix, but EndeavourOS has not given me a reason to change for almost two years now :(
I do tinker with it on an old computer though. At least i have the config ready if i need to pull the trigger on my main one. :D
I love Qubes. Sure there is a steep learning curve but once you got used to it it's hard to go back to a regular OS. Having an hypervisor running as the main OS on your computer allows for a lot of things, it goes beyond security. I keep using it not because I have to for security, but because I really love it.
TempleOS is way more secure
😂😂😂😂😂
Yes
It even protects you against STDs. 😷
Nah Redox, Slax, MenuteOs are secured by default
Lol!
Too bad you missed the official release of QubesOS 4.2, it has a lot of improvements to the GUI
But that would disrupt his narrative
who cares for this shitty complex os
@@the_alien293then why are you here
@@the_alien293 It's optimized for security, not convenience
"nobody cares about it" until macos adds it. @@the_alien293 , you remind me of my brother who hates linux. that's exactly like saying that "i want the internet to run on fast hardware with software that slows it down" since windows is incredibly slow especially compared to linux. most of the websites on the internet are running of of some GNU based OS (or alpine linux lol)
Found your channel recently (The video about Tails OS and the Darkweb) loving the content so far my man. Happy holidays.
Small correction! During the installation, a window from sys-whonix popped up asking you to connect/configure a tor connection.
You say that it's asking if the whole system should be torified, but that's not what the prompt is doing. It's just asking whether sys-whonix should connect directly to the tor network, or if it needs to have a bridge configured. In fact, due to the nature of QubesOS, sys-whonix wouldn't be able to make that kind've system-wide change even if it wanted to.
Very glad I found this channel. I did not know about the different window colors in Qubes.
Glad I'm not the only one who loved that feature...
Rufus is good, but have you tried Ventoy?
It lets you create a bootable usb once, and then you can just drop iso's onto it, letting you select the right one through the bootloader.
Yep... Yummi is similar. I prefer Rufus tho. Purely preference.
That is cool, so you can easily make a USB stick with multiple bootable ISO's?
@@volvo09 yep
@@volvo09 Yumi is a good tool... Add multiple iso del isos any of em easily at will. Without formatting constantly.
@@volvo09 Yes, exactly.
I only found out about it fairly recently myself.
I'm kinda more surprised to see this has a gui and a desktop environment😅
REAL
@@notafbihoneypot8487 Hi, the real notafbihoeypot!
@@Spinetap less code less bugs so yes WM are more secure
Although a window manager like dwm is more auditable than xfwm and its related components, there are aspects of the qubes user experience that effectively require that the graphical interface have more functionality both through daemons and interface options. Inter-qube clipboard, inter-qube file transfer, managing allocation of hardware device access among qubes all require daemons to track clipboard usage, new right-click options in both the guest and the hypervisor interfaces, and a significant amount of python scripting to glue it all together.
Personally, I'm trying to weigh the completed form of qubes' user experience (for lack of a better term) vs making containers and small VMs on a more minimal distro where I could run dwm and friends as the defaults.
In fact it is one of the core benefit vs having VMs, because if what is running in your graphics card guest compromised, you lost. With QubesOS (you don't natively have GPU/3D), each VM paint it's "display" using a virtual graphics card, the windows manager, which runs in Dom0 is copying this frame-buffer in your video card frame buffer. It also leverage this functionality to "remove" vulnerabilities in PDF (which may compromise your printer for example). It use a disposable VM to render the PDF, and another disposable VM to capture the image of the rendered PDF and then generating a PDF with all the pictures.... You loose the copy/paste functionality, but your target PDF can go in your safer research qubes without being a risk of compromising your PDF reader. All of this is "transparent" (if I remeber it is just a "send to PDF cleaner" type of right click menu.
Ngl, the idea of "Why don't we just run each app in its own little sandbox" crossed my mind several times, but to see an OS spin up a whole XEN VM for it... Wow. Cool concept, and fact that they got it so far already.
It's an interesting concept. I typically just run a heap of VM clients side by side for much the same results.
The problem with this is, it will be hard to run programs (for a normal computer user atleast). For example lets say you download minecraft mods, and you use a mod manager.
The program need to find minecraft order it to run.
@@RavDeBest lol that can be configured it is like docker the linkage is via uuids you can have parts of the Software running in the other part of the earth
@@adriancoanda9227 Yes I think you can but Normal user wouldn't know. My cousin doesn't even know how to check Ram till now
@@RavDeBest Solution: download both within the same Qube, let's say... a "Minecraft" Qube? Am I missing something?
I really enjoyed the questions segment. It was really well done, nicely made, fun to learn from and challenging to someone who is learning.
Great content mate keep it up and thank you!
I use Qubes OS as my daily driver. Good points are that i am so much faster than everyone i work with at spinning up test VMs. My Facebook etc is not visible in my work etc. Also if i share my screen in slack Qubes only makes windows visible in the qube that slack is executing in. The strict networking is great for testing our networking product. The things that suck are i have a new laptop and have been running the beta version with a few quirks. I sometimes find the USB camera can disconnect meaning i have to add remove the software device to the qube. Audio can sometimes be a little weird. However i do think it's awesome. I also have Windows and FreeBSD qubes up and running as well
Sadly thr support for GPU acceleration isn't so good yet. Nowadays even basic browser applications require graphics acceleration to work normally.
How well does the Windows qube run?
@@jaredclark3231 it's okay. No sound and haven't got the clipboard integrations working yet. Speed wise it's okay but I've got plenty of RAM and CPU for it. Does what I need to test some windows software.
@@vk3fbab Damn. Yeah i keep hearing how buggy it is. I wonder if theres any way to fix that problem. If that gets fixed this distro would be bulletproof…
@@jaredclark3231 sound seems like a no go because someone needs to make a windows driver that can pipe the audio into pulse audio. Don't think it's high on anyone's radar. I think the clip board can work I just wasn't able to get it working and haven't gone back to look at it
After about a week, qubes just works for me. Yes it takes some tweaking. But honestly I don't see how I could go back to a 'normal' system
00:01 Cube's OS is focused on extreme security measures.
01:40 Securely run multiple virtual machines on one computer
04:55 Templates help in maintaining and updating core applications.
06:44 Qubes OS treats Dom zero as the most trusted and critical part of the system
09:55 Setting up a secure OS using Rufus and VMware Workstation player.
11:36 Creating a virtual machine with Fedora 64bit OS
15:03 Disable secure boot and select boot options for OS installation
16:38 Installing Fedora 11 hoix with default options
19:54 Running your own virtual machines provides better security options
Qubes OS was invented by my compatriot Joanna Rutkowska. So, one more reason to be proud. And by the way you should focus on the newest version and Qubes OS should be installed on hardware that is supported, what was written a long time ago on their website. I know about this OS since it has been released. I really like it.
Great testimony. About the same thing here 😀
Yes, I love the idea, but OLD and SLOW hardware is the issue. They really need support for modern state of the art HIGH END systems.
@@surfingsub5854 The reason for the old hardware is Intel used in newer processors a backdoor to control your network, you may ask the NSA what it really does ...
I got a score of 100 points! (out of 120)
The only question I didn't get was with Linux containerization. (Something I haven't messed with or learned about yet.)
Second google hit " But unlike a virtual machine, rather than creating a whole virtual operating system, containers don't need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application."
Fun fact: portable rufus installs exactly the same way that regular rufus does, the only difference is that it creates a properties file in the same directory that it is in. They explain it in their FAQ - "Difference between portable and non-portable versions".
Based on the title I was expecting an OS so locked down it was painful to just use. I know security does not equal usability.
But Qubes OS looks awesome! As soon as you started spinning up VMs on the fly my mind was blown at how cool that was! There are some obvious drawbacks, like needing an ungodly amount of RAM for the more stuff you throw at it, but I'm sitting over here thinking, "I could actually daily drive this and it wouldn't be that bad!
Realistically, I wouldn't daily it, just have some fun, and be aware if I ever need something crazy secure, I know the OS to go to. But this is very usable! Which goes to show, security, even really good security, doesn't always need to burn usability to the ground to be effective.
Okay first things first before ADHD makes me side rail myself, I got two wrong (double guessed my self on the chroot one). Second thing, I love how you ended the video "I don't care I'm just still going to use Windows, Linux, & Mac". Keep on being awesome Mr. Chuck!
2 mins in......interesting! Simple idea but....complex creation. Never heard of this one, and i have no worries about privacy, well no major worries right now(future worries 100% given the worlds agenda lol).....but this is interesting.
Thanks Chuck! and not even oddly enough, i had just made a cup of coffee🤘
Great video Chuck, just installed Qubes on my new laptop. Wasn't as hard as you hyped it up to be glad to say. Probably because it's a brand new laptop
Qubes runs so much better on physical hardware instead of in a VM. Much faster. I love it, but I use too many apps that don’t support linux so I’ve had to switch back.
Can't you spin up a Windows Qube for those apps?
Did you try? If so what went wrong?
@@trueriver1950 I had a lot of issues running Windows VMs. (I just couldn’t find the right settings for them at the time a couple years ago). My experience is all a couple years ago. Now I’m on Mac for work and don’t even bother with a personal computer.
That's the entire purpose of windows, Mac, and Android controlling the os, software and hardware markets...
because they all are fully onboard with allowing and have govt tracking/spyware and back doors baked deep within the os.
As do many 3rd party software such as quickbooks, browsers, email, social media, etc
Every instance of being online is picked up through these operating systems, can be logged, cached, transmitted etc. and they can infiltrated the lan
As a tip for the ROG laptop you can also hit the BIOS menu by hitting escape (before the ROG logo pops up). You may need to press several times but once you figure out the timing, you can get it fairly consistently by just pressing once. Also this OS is interesting but I feel like it's more practical (for me at least) to use more established methods for making VMs. If you want to go the extra secure route, I'd prefer using Whonix in a VM but that may be me.
Edit: Tails OS is not usable in VMs but Whonix is. I got them mixed up.
Tails isn't meant for VMs. Whonix is. (Whonix is bundled in qubes)
@@aliceryan7053 thanks for the catch. Updated my comment accordingly. I don't make use of either so had to look it up.
Qubes is doing what I imagined for an OS that can run multiple apps for different OS, like I can run an Android app and an iOS app and a linux app and a windows app all at the same time.
I used this for a longggggg time. Loved it! But on older hardware, like what I had, it was a bit slow
That was an amazing video to watch.
Great way of showing how things get done, right... In a simple way.
I could see making this my main OS someday when it's developed a little more and I can spin up a windows gaming qube for blizzard-like windows games.
Practical things like that are not the focus of the system. We all know a security project is best when only guys hunted by the FBI are willing to put up with using it.
@@edhahaz wat
You can do that already with pci passthrough if you have two gpus.
@@paulchatel2215 is the support for it better now? 4-5 years ago, it was really on the edge (mainly due to buggy firmware from NVidia)
Very interesting video. I got all questions right, but I got last two of them, almost by chance.
I've got 120 but last 2 questions was kind of guessing by choosing what sounds more reasonable, or by eliminating definitely wrong answers because I used chroot couple of times before and the only thing I remember that it is applied to directories.
A very good video. The only problem is: every time you suggested taking a sip of coffee, my cup would already be empty and I would have to get a new one.
My favorite channel, the coffee is ready❤
Nice! Have you tried the BlackOut stuff? I just got my first bag the other day and.... It's seriously the best coffee I ever had.
Just throwing that out there, from one coffee lover to another.
I tried a test build on an old rig (i7-2600k) and it threw up a slew of errors during installation about the age of the hardware and missing vital hardware support for virtualisation or encryption support (going on a 4 month old memory there). I found USB support for the console kept failing, it just looked like something that wasn't workable unless you had far more contemporary hardware. A real shame because I was curious to see how this worked in a practical sense too.
18:34 I got 60 points. I embarrassingly got the second noob question wrong because I thought su means switch user and assumed that the su in sudo must mean the same thing. I knew about systemctl because of a brief adventure in Arch where I had to use it A LOT! I got the second expert question right only because I knew it couldn't be A, B or C, not because I actually understood what D meant lol. That was fun though, haha.
Noob = 10 pts
B ls ✅
A switch user/do ❌
Intermediate = 20 pts
D ps ❌
C systemctl ✅
Expert = 30 pts
D ❌
D ✅
also 60 points, but i just did all the noob and intermediate questions
@@M1szS Not bad! I should have gotten those. Not enough coffee is my excuse. 😅😝
Impromptu Quiz: Welp, apparently I haven't meddled in CGroups yet; 90 points, also kudos to Qubes for using the old Windblows xp silver theme style & for making an OS that I would be putting on my dads laptop (if only it could handle it...)
If we had no winter, the spring would not be so pleasant; if we did not sometimes taste of adversity, prosperity would not be so welcome.
I got lucky on the Cgroup question, I was unsure but I went with my gut and said C so I actually got a 120! Great video and a cool OS I might have to poke around if I can pick up a laptop to play with
I experimented with Qubes OS, and while it offers some interesting features, the initial setup can be quite time-consuming, especially when configuring multiple virtual machines (VMs) and installing various applications. Customizing VMs or updating default ones can be a bit of a hassle, and I encountered issues with the performance of GNOME Desktop Environment (DE) VMs. Additionally, switching the dom0 to KDE resulted in app display problems, so I opted not to make that switch.
Regrettably, I found myself exhausted from the extensive tinkering required, even before personalizing my guest VMs or attempting to set up a Windows VM. Eventually, I decided to install a different operating system on my disk. However, this process also proved challenging due to the modifications Qubes makes to the disk, making it somewhat cumbersome to override.
at the end I just went back to Nobara KDE.
"Nobara KDE" - Yes, great work there. On one of my laptops it works great. On high-end desktop though too many instability issues and Windows VM builds and boots first time but after rebooting main computer and coming back the Windows VM hangs and won't run anymore. Hoping that Fedora makes some other updates in 40 to correct such issues. I simply don't have time or energy to tinker with it. Do love it on my laptop though.
$30-50 for a spare SSD and a means of booting to it when, and only when, you want, makes learning and experimenting with a new OS a lot less painful than dedicating an internal system drive as your one-and-only.
Holiday-Happy to Headache in 14.2 minutes. Seriously, thanks for explaining this.
The absolute vast majority of my private info that is found on the "dark web" is due to the negligence of various organizations whether its a private company i.e. Sony, or a government organization i.e. OPM.
You're channel is one of my favourite youtube channels period. I'll be joining ITPRO TV.
This is kinda how Xbox's OS works. Every game is run in a virtualized environment. It's secure but it's resource intensive
or like android (used to?) work(s) - dalvin etc...
haha, I haven't been to your channel in a long time, I even forgot how much you love coffee. I am an aspiring Systems Administrator. I am such a slow poke. Been wanting to get into IT for 5 years yet I still don't have my first IT job. Spring 2024 will change that. I'm not back, but just checking in. Subscribed for life. See y'all later.
One question, you used Rufus with DD mode . How do you recover that usb after writing in DD mode ? Is it even possible to revert it to unbootable usb storage?
I believe if you just do a "clean" command using diskpart (windows) it'll remove any bootable flags and partition data.
@@volvo09 I did it once, and then tried to create a partition but Diskpart failed to create one. And then the flash drive died .When I connect it to my PC Windows recognizes something is connected to it but not as a storage device , nor a disk .
I don't know kasm workspaces has an option to erase everything if you log out. I'll probably just stick with that is it works really well and it's super simple to set up.
Some help please …
* Upon booting, I'm greeted with two error messages:
Line 1: "Error: File '/boot/grub2/i386-pc/efi_gop.mod' not found."
Line 2: "Error: File '/boot/grub2/i386-pc/efi_uga.mod' not found."
* Despite the errors, the installation menu briefly appears less than a second after booting.The menu includes options such as "Install Qubes OS," "Test Media and Install Qubes," and troubleshooting options.
* Upon selecting "Install Qubes OS," I encounter a black screen with a blinking white cursor (_).
* I successfully installed Qubes OS on this same computer approximately one year ago without encountering such issues.
Any suggestion ?
NVIDEA GPU?
I now see time and space in 4 dimensions due to how much coffee has been consumed from the word "cube."
If only windows was built like this, it would be almost perfect.
Windows 10/11 does have built-in feature, similar, but not the extreme like Qube, it allows you to open and instance of Windows running on a hypervisor completely isolated.
Edit: It's called Windows Sandbox
@@ChrisAzure Yeah, but everything about it is proprietary. Is it really secure? Who knows!
I followed alot of guides on how to install that operating system and you were the only one who explained about understanding if your computor is capable of running it but anywa I just gave up on linux all together never got any of them to run correctly.
I run multiple live Tails instances inside of isolated Qubes for each context of my life while running it all virtually on an air-gapped homelab that only connects to the internet via morse-code transmitted over HF CB Radio via Tor 😂
+ over DMR 256 AES multi key encryption
you have a cb or a hackrf ?
all that just to use chrome for your banking because the website doesn't support firefox
Anything less would be like living in a glass house with your pants down
Funny, reminds me of the old secure VAX VMS OS, from the 80s. Every application had almost 200 permission flags, for devices and operation. A super pain to administer, this seems to be a lot simpler. Thanks
If paranoia had paranoia
nice concept, so it's more like a collection of VMs running side by side... interesting.
And here I always thought OpenBSD was the most secure OS. This one just feels like overkill, but considering some of the threats out there maybe there's no such thing as "overkill."
Same! When I think of a secure OS, I always think of OpenBSD.
I'm human are you accepting new patients and clients into your service.
OpenBSD is more secure simply because the code base is small and thoroughly and frequently audited.
i have used kali for years dual boot with windows 11. i tried qubes os on my pc, and when booted i had no idea at all where to begin from, i could not connect to the network, etc. but after watching this video i now have a clue where to begin from. after taking my cisco ccna i know what type one and type two hypervisor and the whole video was awesome to me.
Don't use vmware!
Why?
@initiald975 closed source, proprietary and crap. There's a wide, wonderful world of better options.
@@Mudflap1110bro 💀 it ain't a virus man I used it no virus I was free. Probably have the worst antivirus in the world 😭
Yeah right, until you tried to set up a 3D accelerated Windows VM and realized your IOMMU is totally borked and VBox and VMware are the only options.
@@wilsontulusqemu
I'm not a software guy, but this sounds like it operates a lot like BlackBerry OS10/QNX. From what I've read about BBOS10 (it's a mobile OS, but I'm sure it would run just fine on a PC as QNX does, which it's based) it 'sandboxes' applications so that they can't disrupt the core of the OS. It also had/has separate environments that can't be crossed over (work/personal work spaces)... it was essentially two phones in one device, and I believe there were dual SIM models that would assign each SIM to its own work profile.
QNX is also a Hypervisor OS (type 1 as well). It's used in almost all automotive, industrial, medical systems etc.
No matter how secure an system is it doesn't protect against human errors.
Best RUclips of the month. Thanks for this - I need it.
i thought the most secure OS was AS/400... not known by the many :)
Wohoo I only failed at the last one, great video as always Chuck
DO NOT run a VM it compermises the whole point and security of it.
Run Pubes- I mean QubesOS on a VM*
For a daily driver, no. On other other hand, if I just want to try it out, why not throw it in a VM before committing to bare metal?
@@ralphm6901 then just spin up VMs, it would be counterintuitive to Do it any other way.
@@ralphm6901 Just create a partition
My score was 90 🎉🎉🎉, I wasn't knowing the difference between cgroups and namespace 😅, thanks for sharing 😊
Hey how can I build/modify os for my raspberry Pi
DId you not see the system requirements part?
Considering the steep hardware requirements, I fail to see how this is any better than a Virtualization server running something like Proxmox VE and you essentially creating a VM for each app you want to use.
Clickbait title
What other purpose could a online title serve? Whenever someone dislikes what they've clicked on, then it's clickbait. Every title is clickbait. That's literally the one & only purpose of a title. Thanks for pointing out what titles are for.
What do you expect from chuck
@@bruhda7469 My definition of clickbait is having a video where the title and thumbnail are different from the video content and the "I hate it" part made me think he'd have points towards why not to use it.
So, it's a Xen system with preconfigured templates for VMs for apps and different things and a bit of GUI to make it fairly usable.
It was just a matter of time till somebody made something like that. Not sure what took them so long.
Yeah, I'm sure it's cool if you need that kind of security, but it's not for everyone. It's resource-hungry and slow and a bit cumbersome to use compared to normal OSs.
I want a pack of balloons
May I suggest something? Maybe it bothers just me, or maybe there're others too. I find your channel very informative, yet I sadly end up leaving every time.
Those cuts in between sentences, even words. So frequent, and since there're no pauses after the cuts, it is hard to put up with, repulsive even. I don't get it. OK, like most, I prefer shorter when possible. But there should be more realistic approaches to keeping viewers watching...
Besides I don't think those cuts amount to anything significant, 2 or 3 minutes at most...
The way you speak is already way fast to get everything comfortably. And those unnatural cuts in between, sound...
Well all I'm trying to say is, your content is a treasure man. Why not treat it as such?
Oh please people I know about playback speed setting in RUclips. Just try yourself...
Oh and those noises (?) İn the background... Kind of resembles something like music... They become fantastic when the video is slowed down.
Brain wash network connected... Subliminal torture is starting in 3... 2... 1...
agree. got this video from recommendation, looked interesting but after 2 mins these cuts are just annoying
Qubes OS is for professionals. Not for the average wannabe.
Lol
Not really. QubesOS makes it really easy to run fast and private Virtual Machines since it uses a type 1 hypervisor
Interesting, bythoway the background music is fire 🔥🔥🔥
9:09 Cant run on a VM (Which I do understand, as running a VM on a VM gets some seriously weird issues lol) which is a real bummer :( I was hoping to do a test run on it in VM and I ain't setting up a duel or multi-boot for it on my main system.
You know I will attempt to run it on a VM though lol just out of curiosity :)
Otherwise without Qubes, I have every other OS available in a VM which I can run at any time and bin if it gets compromised :)
Well done video so far :)
>
10:49 I typically run off VirtualBox, but interesting that VM Player works, which means I could likely get it up on VBox with the right settings :P Me wonders if the test was on VBox 6.x or 7.x?
15:55 Just be aware if you are running VBox on Windows you may need to turn off "Hyper-V" in Windows features. It messes with the virtualization, on virtualization on Virt... issue that Qubes warns about. I had issues with some other OSs on VBox because of it. I think it steals focus or interferes with the hardware virtualization you just covered so VBox can't use it correctly.
>
20:12 I kind of like my own Ubuntu build that has a kind of light Lubutu feel about it with some select security upgrades. Only takes about 30sec max to shutdown a compromised session, restore the default .vdi/,vhd and reboot :)
>
Thanks for taking us over Qubes :)
This is awesome! Thank you so much Chuck!
Wow Mr. Chuck, enabling iommu inside of a nested type 1 hypervisor. Ballsy my friend. Ballsy.
9:14 Such a pity you didn't scroll a little bit more down 🤪
I have that laptop and I love it !!!!!!!
This is really interesting. Thanks a lot. Have you heard about TAILS OS?
Me and it's awesome
part of the security comes from the management container dom0 and its interaction or lack of with the other vms. it's kind of like local out of band management from my research. some of qubes' underlying foundation is built around vm aware malware (vm hoping is a thing).
90/120. Missed the cgroups question, dang it. But probably pretty good for less than a year of using Linux.
You may feel that that gives the impression it's something to get excited about but. Your teaching people who have to take time to grasp what you're saying. I've noticed that this is a common problem with many other RUclipsrs too slow down. Yeah I can set the speed
I love your work Network. When I grow up, I want to be like you.
Danke! BTW: Maybe #OpenBSD is more...
Def also make sure you put it on hardwear that has/supports coreboot
Chuckkkkk please upload more frequent videos!!!! I learned a lot from you within the past 2 years! There is literally nothing left to watch.
I would love to see more RPI videos Hacking videos, LETS DIVE IN!!!!!!
I got it working on a 12 year old dell laptop with just 8Gb of ram and 250Gb of storage and indeed an intel that's 64 bit with VT-x. They have that for about 20 years now I guess...
But indeed, it is not quick; starting up an entire linux kernel plus underlying OS is going to take a few moment at startup. And it is limited, especially when you would like to use the graphics card directly for, for instance, blender or running a machine learning model.
Been using qubes os for about 4 years now and its amazing i love it.
In all honesty, im glad you finally made this video.
Please always verify signature of the downloaded files when talking about security and privacy. They could have been tempered with before even downloading them,
very informative as always bro
Merry Christmas ⛄
I love the idea and I was able to get it to install on an older low power laptop but too slow to work with. Tried to install on high-end laptop and desktop and both of them fail to complete install. Not sure if Fedora at issue but tried other builds still would not install. Part of the issue with complex builds though is that if there is an update that breaks it one needs to be very deep in the weeds to know how to fix it. Most of us probably cannot spend days or weeks with the OS not working. I suppose some people with multiple other systems at their disposal could. I'll wait another year or two to see how far along development has come to support high end hardware. Though their documentation does say it's not supported by most vanilla systems. But what they do support is old and slow.
Dom-0 reminds me of the Avaya system platform OS I used to install and work on for communication systems.
My biggest issue is my "best" hardware speaking device is what I use for everything, which is well suited for QubeOS, but problems arise when you want to game with anything requiring Easy Anti Cheat. You then need a VM with GPU acceleration containing Windows. Not a problem if you purchase a second GPU. Unless QubeOS uses the onboard and uses passthrough to the GPU, which doesn't seem to work properly on other distros.
18:30 Are you sure about `chroot`? Chroot command (not system call) will not change filesystem's root of the currently running process, it will start a new process in a chrooted environment. E.g.: you have a Bash prompt, this Bash is your running process, you type `chroot`, it will start another shell inside chroot, it will not move the running process inside.
I'm 70, so I don't have the time for full courses. I just learn what I need to perform a task or something that's just interesting. Right now I'm having a problem with Virtual Box opening Windows XP. It has worked perfectly in the past, but doesn't now. VB opens, but it fails to open XP. When I get time, I'll try the old rubber chicken, delete and reinstall, to see if that fixes it.
120, but I got kinda lucky on that cgroup and namespace question. I picked the one that intuitively sounded right to me. 😅🤷♂️