the most secure OS in the world.....I hate it
Вставка
- Опубліковано 3 чер 2024
- Turn your IT hobby into a job!! Learn Linux and other skills with ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
🔐💻 Dive into the World of Qubes OS - The Ultimate in Security, but a Setup Nightmare! 🔐💻
👉 In this video, we're exploring the most secure operating system on the planet - Qubes OS. Yes, it's incredibly secure, but wait until you see what it takes to set it up! Join me as I venture through the installation process, experiment with running Windows, and share my candid thoughts on whether Qubes OS is practical for everyday users.
🌐 What's Inside:
-Intro to Qubes OS: Uncover the unique features of Qubes OS and why it's considered ultra-secure.
-Installation Guide: Step-by-step walkthrough of installing Qubes on a virtual machine (and why you should ideally use physical hardware).
-Windows Installation in Qubes: Insights into the process and challenges of running Windows within Qubes OS.
-Final Thoughts: My personal take on the practicality and user-friendliness of Qubes OS.
🤓 ITPro Challenge by ACI Learning: Test your Linux knowledge with our impromptu quiz - are you a noob, an intermediate, or an expert? See how you score and find out how ITPro by ACI Learning can boost your skills!
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
Links from the Video
---------------------------------------------------
Qubes Download: www.qubes-os.org/downloads/
Install Windows on Qubes: www.qubes-os.org/doc/template...
NetworkChuck Cloud browser: browser.networkchuck.com/
Vmware workstation player: www.vmware.com/products/works...
Rufus - rufus.ie/en/
you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows) -
• you need to learn Virt...
**Sponsored by ITPro from ACI learning
TIMESTAMPS
---------------------------------------------------
0:00 ⏩ Intro
1:00 ⏩ What is Qubes OS?
3:55 ⏩ How Qubes works - App Qubes
5:40 ⏩ Service Qubes
7:41 ⏩ Qubes OS SYSTEM REQUIREMENTS
9:28 ⏩ STEP 1 - Qubes OS Install - Download Qubes
10:35 ⏩ STEP 2 - Virtual Machine Setup
13:33 ⏩ STEP 2 - Physical Machine Setup
15:46 ⏩ STEP 3 - Installing Qubes OS
17:17 ⏩ LINUX QUIZ CHALLENGE!!
18:42 ⏩ STEP 4 - Initial Qubes Configuration
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
fast and reliable unifi in the cloud: hostifi.com/?via=chuck
"Explore the robust security features of Qubes OS for enhanced digital protection."
"Learn the step-by-step process of installing Qubes OS on your system."
"Delve into the role of virtualization in modern cybersecurity strategies."
"Understand Xen-based hypervisor technology and its impact on secure computing."
"Discover the unique user experience offered by Qubes OS for tech enthusiasts."
"A comprehensive guide to understanding and utilizing a secure operating system like Qubes OS."
"Compare Qubes OS with traditional operating systems in terms of security and functionality."
"Enhance your network security by leveraging the capabilities of Qubes OS."
"Integrate Windows seamlessly into the Qubes OS environment for diverse application use."
"Advanced Linux security tips to fortify your system against cyber threats."
"Develop essential IT professional skills with a focus on cybersecurity and system management."
#qubes #linux - Наука та технологія
Turn your IT hobby into a job!! Learn Linux and other skills with ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
TIMESTAMPS
---------------------------------------------------
0:00 ⏩ Intro
1:00 ⏩ What is Qubes OS?
3:55 ⏩ How Qubes works - App Qubes
5:40 ⏩ Service Qubes
7:41 ⏩ Qubes OS SYSTEM REQUIREMENTS
9:28 ⏩ STEP 1 - Qubes OS Install - Download Qubes
10:35 ⏩ STEP 2 - Virtual Machine Setup
13:33 ⏩ STEP 2 - Physical Machine Setup
15:46 ⏩ STEP 3 - Installing Qubes OS
17:17 ⏩ LINUX QUIZ CHALLENGE!!
18:42 ⏩ STEP 4 - Initial Qubes Configuration
Ok
Where did you get the 1TB SSD?
I am using internal SSD, what do I do for that?
So what happens if the template gets hacked? e.g. if a hack makes its way into Fedora, and you update? There goes your isolation.
hey im 15 a pentester think we can Collab if so reply to this comment or reply on one of my videos
One useful analogy that I explain to people about security. You basically have a slider. At one end is secure and at the other end is usable and your risk tolerance sets the slider position.
This is Over simplified way saying it for a Complex system.
Inverse correlation
@@fuzzytincan piss
You are only as secure as the weakest part of your system.
not neccesarily, even if your system is compromised at for example UEFI level(which every consumer computer is compromised at that level), if you can properly isolate your work environment then there is a good chance its still protected.@@Arachnoid_of_the_underverse
One of the reasons why they advise against using nested virtualization is because it negates some of the privacy benefits of Qubes. The Virtualized networking in Qubes is IMO it's best feature. The firewall isn't an add-on to the OS like other OSes but rather an integrated feature like Tails. You can completely control what packets leave your computer, choose what avenues they take (vpns, tor, proxy chains, et)., Create combinations. Whitelist/blacklist ips and apps. If you throw Qubes on a normal OS and virtualize it, the host OS will leak packets. If virtualized on Windows 11 things are even worse as Windows has practically become a keylogger.
quote: " If virtualized on Windows 11 things are even worse as Windows has practically become a keylogger."
AMEN there. I've been on windows for decades and it gets worse and worse every year with tracking and monitoring.
how is windows 11 like a keylogger and how do you stop it? I disabled some of the widget things and personalization things.
@@surfingsub5854 And it's about to get way worse with AI integration,. Big brother is almost here. Putting aside the legal aspects , from a spying capability standpoint soon pretty much everything we do on our computers will be tracked by AI.
I think once people understand the power that governments and corporations will have with AI running on our computers you will see a huge interest in OSes like Qubes. It's not quite average consumer friendly yet but from privacy capability standpoint it's far superior to any alternative I've tried. Tails is ok from privacy end of things but not as versatile.
AI has its uses so I'll still use windows too but when I want privacy I switch to my linux box and a variety of virtual instances.
@@MrAw3sum Too long a list to write all the sketchy privacy things windows does but I can tell you the biggest one.... encrypted mystery telemetry.
Windows computers are contacting Microsoft servers constantly and we have little clue what data they are sending. Microsoft is vague in describing precisely and there is no built-in feature to turn off telemetry entirely.
THere is a third party tool called ooshutup10 that can shut off telemetry but if you are inexperienced I wouldn't recommend it. I don't use myself because turning of features with telemetry can have negative side effects and Microsoft can turn telemetry back on with any given update. It was too much of a time waster for me to use.
The approach I would recommend for semi-privacy is get a second computer with some linux distro on it and use that when you want to do something more private. Don't use your real name or connect to any service that uses your real name when using it. Ubuntu would be good choice with a newb. (Qubes is still for advanced users at the moment). Maybe subscribe to a VPN service that you can also use on that computer.
Keep in mind though, obfuscation is not pure anonymity. IMO only someone very experienced in tech has any practical hope of that online. And even then it's a lot of work and impractical for daily driver. If anyone plans to send nuclear secrets to North Korea from their home the NSA will get them lol.
I drank the QubesOS Cool Aid for a few months, but I got out of it. It's important to understand that, like all security models, this system is only able to protect you from the specific threat model it was designed for. In particular, QubesOS was designed to protect from information leaks caused by software flaws.
pls elaborate?
@@AceGod7 Ever hear your friend or family talk about how their social media account got hacked? Well... the account didn't get hacked *THEY* got hacked, by getting tricked into doing something dumb.
By far, the largest percentage of "hacks" on the internet are social engineering, not software exploitation.
QubesOS protects you to a very high degree of confidence from software flaws. It doesn't stop you from being dumb on the internet though.
I'll try to answer but obviously I can't read his toughts... Qubes OS is extremely good at compartmenting your activities (and no contrary to what @NetworkChuck said, setting up VMs is not as secure (there are some explaination in the Qubes OS documentation). But it won't protect you against tracking (cookies) unless you make use exclusively of disposable VMs via Tor (as your IP otherwise is the same from one Qubes to another from the perspective of web servers tracking you via Google/Facebook or whatever other tracker). You can have one of the most secure password manager (half of it, the wallet is in a disconnected from the network qubes, the other half is connected to clients Qubes leveraging PgP). The most important thing is I believe to help educate people about "true" security. Once you've spoken with people in this community you start to grasp how much you don't know about security when you though you were the boss using your Kali VM.
It's a cool idea but it's a pain for the avg user to navigate it etc. Installation can be a nightmare as well. I think it'll be another 5 years or so before it's more mainstream.
Personally I want the VM manager stuff in a normal Linux setup. Take out the annoying stuff like separate keyboard copy buffers etc and just allow it to dumb paste into where ever but have the VM seperation and you've got my ideal OS.
@@skilletpan5674 If I'm being honest, QubesOS has other issues as well. I just didn't care to comment about them as it's likely to start an argument that I don't want to be involved in.
I used it for about 4 years as my main OS for my development machine with Debian in the VMs. I don't have too high security requirements, but I like the compartmentalization. There wasn't anything to hate in my opinion. It worked really well all the time - until recently. An update broke my install and I wasn't able to repair it. I tried NixOS, as I planned for a while, and I'm hooked and switched away from Qubes. Not as secure, but I can't resist the declarative configuration.
+1 for NixOS. Switching from Arch for the same love of declarative configuration, it's brilliant.
@@Ethorbit gonna read about it now
me too i was distrohopping for like 6 month i started my journy with distro hopping
@infonotforsale-dx2nb It's easy enough to make backups. Security always comes with some inconvenience. It's a niche and therefore has limited resources. If you do need the security it's definitely worth it. If you don't need it then it's not so clear cut but they are very clear about who their target audience is.
I don't see a reason to just discard it.
I'm kinda more surprised to see this has a gui and a desktop environment😅
REAL
@@notafbihoneypot8487 Hi, the real notafbihoeypot!
@@Spinetap less code less bugs so yes WM are more secure
Although a window manager like dwm is more auditable than xfwm and its related components, there are aspects of the qubes user experience that effectively require that the graphical interface have more functionality both through daemons and interface options. Inter-qube clipboard, inter-qube file transfer, managing allocation of hardware device access among qubes all require daemons to track clipboard usage, new right-click options in both the guest and the hypervisor interfaces, and a significant amount of python scripting to glue it all together.
Personally, I'm trying to weigh the completed form of qubes' user experience (for lack of a better term) vs making containers and small VMs on a more minimal distro where I could run dwm and friends as the defaults.
In fact it is one of the core benefit vs having VMs, because if what is running in your graphics card guest compromised, you lost. With QubesOS (you don't natively have GPU/3D), each VM paint it's "display" using a virtual graphics card, the windows manager, which runs in Dom0 is copying this frame-buffer in your video card frame buffer. It also leverage this functionality to "remove" vulnerabilities in PDF (which may compromise your printer for example). It use a disposable VM to render the PDF, and another disposable VM to capture the image of the rendered PDF and then generating a PDF with all the pictures.... You loose the copy/paste functionality, but your target PDF can go in your safer research qubes without being a risk of compromising your PDF reader. All of this is "transparent" (if I remeber it is just a "send to PDF cleaner" type of right click menu.
Too bad you missed the official release of QubesOS 4.2, it has a lot of improvements to the GUI
But that would disrupt his narrative
who cares for this shitty complex os
@@the_alien293then why are you here
@@the_alien293 It's optimized for security, not convenience
"nobody cares about it" until macos adds it. @@the_alien293 , you remind me of my brother who hates linux. that's exactly like saying that "i want the internet to run on fast hardware with software that slows it down" since windows is incredibly slow especially compared to linux. most of the websites on the internet are running of of some GNU based OS (or alpine linux lol)
I really enjoyed the questions segment. It was really well done, nicely made, fun to learn from and challenging to someone who is learning.
Great content mate keep it up and thank you!
Very glad I found this channel. I did not know about the different window colors in Qubes.
Found your channel recently (The video about Tails OS and the Darkweb) loving the content so far my man. Happy holidays.
Nothing is cooler than running windows 10, 11, Mac, Kali, Debian, Fedora, Mint, Ubuntu, & Arch all right next to each other in Qubes! I hope you will give 4.2 another chance! If you're committed to moving on to something else perhaps you would consider creating some content for the Xen hypervisor? Thanks for another informative video chuck! Looking forward to more!
Pleasantly surprised to see this OS in your channel. Been following Invisible Things Lab like eternity, a talented team.
Great video Chuck, just installed Qubes on my new laptop. Wasn't as hard as you hyped it up to be glad to say. Probably because it's a brand new laptop
Okay first things first before ADHD makes me side rail myself, I got two wrong (double guessed my self on the chroot one). Second thing, I love how you ended the video "I don't care I'm just still going to use Windows, Linux, & Mac". Keep on being awesome Mr. Chuck!
Ngl, the idea of "Why don't we just run each app in its own little sandbox" crossed my mind several times, but to see an OS spin up a whole XEN VM for it... Wow. Cool concept, and fact that they got it so far already.
It's an interesting concept. I typically just run a heap of VM clients side by side for much the same results.
i wanna try this xen vm thing, might be cool for my uses. i like to compartmentalize my my work, bank, and youtube watching
The problem with this is, it will be hard to run programs (for a normal computer user atleast). For example lets say you download minecraft mods, and you use a mod manager.
The program need to find minecraft order it to run.
@@RavDeBest lol that can be configured it is like docker the linkage is via uuids you can have parts of the Software running in the other part of the earth
@@adriancoanda9227 Yes I think you can but Normal user wouldn't know. My cousin doesn't even know how to check Ram till now
Hey, just BTW, you've officially earned my subscription. Your content is informative and entertaining. Thank you.
Rufus is good, but have you tried Ventoy?
It lets you create a bootable usb once, and then you can just drop iso's onto it, letting you select the right one through the bootloader.
Yep... Yummi is similar. I prefer Rufus tho. Purely preference.
That is cool, so you can easily make a USB stick with multiple bootable ISO's?
@@volvo09 yep
@@volvo09 Yumi is a good tool... Add multiple iso del isos any of em easily at will. Without formatting constantly.
@@volvo09 Yes, exactly.
I only found out about it fairly recently myself.
2 mins in......interesting! Simple idea but....complex creation. Never heard of this one, and i have no worries about privacy, well no major worries right now(future worries 100% given the worlds agenda lol).....but this is interesting.
Thanks Chuck! and not even oddly enough, i had just made a cup of coffee🤘
Based on the title I was expecting an OS so locked down it was painful to just use. I know security does not equal usability.
But Qubes OS looks awesome! As soon as you started spinning up VMs on the fly my mind was blown at how cool that was! There are some obvious drawbacks, like needing an ungodly amount of RAM for the more stuff you throw at it, but I'm sitting over here thinking, "I could actually daily drive this and it wouldn't be that bad!
Realistically, I wouldn't daily it, just have some fun, and be aware if I ever need something crazy secure, I know the OS to go to. But this is very usable! Which goes to show, security, even really good security, doesn't always need to burn usability to the ground to be effective.
Very interesting video. I got all questions right, but I got last two of them, almost by chance.
I use Qubes OS as my daily driver. Good points are that i am so much faster than everyone i work with at spinning up test VMs. My Facebook etc is not visible in my work etc. Also if i share my screen in slack Qubes only makes windows visible in the qube that slack is executing in. The strict networking is great for testing our networking product. The things that suck are i have a new laptop and have been running the beta version with a few quirks. I sometimes find the USB camera can disconnect meaning i have to add remove the software device to the qube. Audio can sometimes be a little weird. However i do think it's awesome. I also have Windows and FreeBSD qubes up and running as well
Sadly thr support for GPU acceleration isn't so good yet. Nowadays even basic browser applications require graphics acceleration to work normally.
After about a week, qubes just works for me. Yes it takes some tweaking. But honestly I don't see how I could go back to a 'normal' system
As a tip for the ROG laptop you can also hit the BIOS menu by hitting escape (before the ROG logo pops up). You may need to press several times but once you figure out the timing, you can get it fairly consistently by just pressing once. Also this OS is interesting but I feel like it's more practical (for me at least) to use more established methods for making VMs. If you want to go the extra secure route, I'd prefer using Whonix in a VM but that may be me.
Edit: Tails OS is not usable in VMs but Whonix is. I got them mixed up.
Tails isn't meant for VMs. Whonix is. (Whonix is bundled in qubes)
@@aliceryan7053 thanks for the catch. Updated my comment accordingly. I don't make use of either so had to look it up.
Thanks to show the bios staff, lot of pros keep that to get money, thanks for your content🎉 Merry Christmas 🎉
love your channel, you teach well, and thanx because you help me learn easily, you break it down well
I've got 120 but last 2 questions was kind of guessing by choosing what sounds more reasonable, or by eliminating definitely wrong answers because I used chroot couple of times before and the only thing I remember that it is applied to directories.
I love Qubes. Sure there is a steep learning curve but once you got used to it it's hard to go back to a regular OS. Having an hypervisor running as the main OS on your computer allows for a lot of things, it goes beyond security. I keep using it not because I have to for security, but because I really love it.
yea i just want the hypervisor os. i dont think i need qubes tbh
I got lucky on the Cgroup question, I was unsure but I went with my gut and said C so I actually got a 120! Great video and a cool OS I might have to poke around if I can pick up a laptop to play with
Impromptu Quiz: Welp, apparently I haven't meddled in CGroups yet; 90 points, also kudos to Qubes for using the old Windblows xp silver theme style & for making an OS that I would be putting on my dads laptop (if only it could handle it...)
Qubes OS was invented by my compatriot Joanna Rutkowska. So, one more reason to be proud. And by the way you should focus on the newest version and Qubes OS should be installed on hardware that is supported, what was written a long time ago on their website. I know about this OS since it has been released. I really like it.
Great testimony. About the same thing here 😀
Yes, I love the idea, but OLD and SLOW hardware is the issue. They really need support for modern state of the art HIGH END systems.
@@surfingsub5854 The reason for the old hardware is Intel used in newer processors a backdoor to control your network, you may ask the NSA what it really does ...
I got a score of 100 points! (out of 120)
The only question I didn't get was with Linux containerization. (Something I haven't messed with or learned about yet.)
Second google hit " But unlike a virtual machine, rather than creating a whole virtual operating system, containers don't need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application."
Best UA-cam of the month. Thanks for this - I need it.
00:01 Cube's OS is focused on extreme security measures.
01:40 Securely run multiple virtual machines on one computer
04:55 Templates help in maintaining and updating core applications.
06:44 Qubes OS treats Dom zero as the most trusted and critical part of the system
09:55 Setting up a secure OS using Rufus and VMware Workstation player.
11:36 Creating a virtual machine with Fedora 64bit OS
15:03 Disable secure boot and select boot options for OS installation
16:38 Installing Fedora 11 hoix with default options
19:54 Running your own virtual machines provides better security options
18:34 I got 60 points. I embarrassingly got the second noob question wrong because I thought su means switch user and assumed that the su in sudo must mean the same thing. I knew about systemctl because of a brief adventure in Arch where I had to use it A LOT! I got the second expert question right only because I knew it couldn't be A, B or C, not because I actually understood what D meant lol. That was fun though, haha.
Noob = 10 pts
B ls ✅
A switch user/do ❌
Intermediate = 20 pts
D ps ❌
C systemctl ✅
Expert = 30 pts
D ❌
D ✅
also 60 points, but i just did all the noob and intermediate questions
@@M1szS Not bad! I should have gotten those. Not enough coffee is my excuse. 😅😝
Small correction! During the installation, a window from sys-whonix popped up asking you to connect/configure a tor connection.
You say that it's asking if the whole system should be torified, but that's not what the prompt is doing. It's just asking whether sys-whonix should connect directly to the tor network, or if it needs to have a bridge configured. In fact, due to the nature of QubesOS, sys-whonix wouldn't be able to make that kind've system-wide change even if it wanted to.
This is awesome! Thank you so much Chuck!
I tried a test build on an old rig (i7-2600k) and it threw up a slew of errors during installation about the age of the hardware and missing vital hardware support for virtualisation or encryption support (going on a 4 month old memory there). I found USB support for the console kept failing, it just looked like something that wasn't workable unless you had far more contemporary hardware. A real shame because I was curious to see how this worked in a practical sense too.
I experimented with Qubes OS, and while it offers some interesting features, the initial setup can be quite time-consuming, especially when configuring multiple virtual machines (VMs) and installing various applications. Customizing VMs or updating default ones can be a bit of a hassle, and I encountered issues with the performance of GNOME Desktop Environment (DE) VMs. Additionally, switching the dom0 to KDE resulted in app display problems, so I opted not to make that switch.
Regrettably, I found myself exhausted from the extensive tinkering required, even before personalizing my guest VMs or attempting to set up a Windows VM. Eventually, I decided to install a different operating system on my disk. However, this process also proved challenging due to the modifications Qubes makes to the disk, making it somewhat cumbersome to override.
at the end I just went back to Nobara KDE.
"Nobara KDE" - Yes, great work there. On one of my laptops it works great. On high-end desktop though too many instability issues and Windows VM builds and boots first time but after rebooting main computer and coming back the Windows VM hangs and won't run anymore. Hoping that Fedora makes some other updates in 40 to correct such issues. I simply don't have time or energy to tinker with it. Do love it on my laptop though.
Qubes runs so much better on physical hardware instead of in a VM. Much faster. I love it, but I use too many apps that don’t support linux so I’ve had to switch back.
Can't you spin up a Windows Qube for those apps?
Did you try? If so what went wrong?
@@trueriver1950 I had a lot of issues running Windows VMs. (I just couldn’t find the right settings for them at the time a couple years ago). My experience is all a couple years ago. Now I’m on Mac for work and don’t even bother with a personal computer.
That's the entire purpose of windows, Mac, and Android controlling the os, software and hardware markets...
because they all are fully onboard with allowing and have govt tracking/spyware and back doors baked deep within the os.
As do many 3rd party software such as quickbooks, browsers, email, social media, etc
Every instance of being online is picked up through these operating systems, can be logged, cached, transmitted etc. and they can infiltrated the lan
I followed alot of guides on how to install that operating system and you were the only one who explained about understanding if your computor is capable of running it but anywa I just gave up on linux all together never got any of them to run correctly.
i have used kali for years dual boot with windows 11. i tried qubes os on my pc, and when booted i had no idea at all where to begin from, i could not connect to the network, etc. but after watching this video i now have a clue where to begin from. after taking my cisco ccna i know what type one and type two hypervisor and the whole video was awesome to me.
I could see making this my main OS someday when it's developed a little more and I can spin up a windows gaming qube for blizzard-like windows games.
Practical things like that are not the focus of the system. We all know a security project is best when only guys hunted by the FBI are willing to put up with using it.
@@edhahaz wat
You can do that already with pci passthrough if you have two gpus.
@@paulchatel2215 is the support for it better now? 4-5 years ago, it was really on the edge (mainly due to buggy firmware from NVidia)
I run multiple live Tails instances inside of isolated Qubes for each context of my life while running it all virtually on an air-gapped homelab that only connects to the internet via morse-code transmitted over HF CB Radio via Tor 😂
+ over DMR 256 AES multi key encryption
you have a cb or a hackrf ?
all that just to use chrome for your banking because the website doesn't support firefox
I used this for a longggggg time. Loved it! But on older hardware, like what I had, it was a bit slow
Holiday-Happy to Headache in 14.2 minutes. Seriously, thanks for explaining this.
Fun fact: portable rufus installs exactly the same way that regular rufus does, the only difference is that it creates a properties file in the same directory that it is in. They explain it in their FAQ - "Difference between portable and non-portable versions".
Been using qubes os for about 4 years now and its amazing i love it.
Interesting, bythoway the background music is fire 🔥🔥🔥
One question, you used Rufus with DD mode . How do you recover that usb after writing in DD mode ? Is it even possible to revert it to unbootable usb storage?
I believe if you just do a "clean" command using diskpart (windows) it'll remove any bootable flags and partition data.
@@volvo09 I did it once, and then tried to create a partition but Diskpart failed to create one. And then the flash drive died .When I connect it to my PC Windows recognizes something is connected to it but not as a storage device , nor a disk .
The absolute vast majority of my private info that is found on the "dark web" is due to the negligence of various organizations whether its a private company i.e. Sony, or a government organization i.e. OPM.
Wohoo I only failed at the last one, great video as always Chuck
very informative as always bro
My favorite channel, the coffee is ready❤
Nice! Have you tried the BlackOut stuff? I just got my first bag the other day and.... It's seriously the best coffee I ever had.
Just throwing that out there, from one coffee lover to another.
TempleOS is way more secure
😂😂😂😂😂
Yes
It even protects you against STDs. 😷
Nah Redox, Slax, MenuteOs are secured by default
Lol!
haha, I haven't been to your channel in a long time, I even forgot how much you love coffee. I am an aspiring Systems Administrator. I am such a slow poke. Been wanting to get into IT for 5 years yet I still don't have my first IT job. Spring 2024 will change that. I'm not back, but just checking in. Subscribed for life. See y'all later.
Needed this laugh, Merry Christmas Chuck
And here I always thought OpenBSD was the most secure OS. This one just feels like overkill, but considering some of the threats out there maybe there's no such thing as "overkill."
Same! When I think of a secure OS, I always think of OpenBSD.
I'm human are you accepting new patients and clients into your service.
Hey how can I build/modify os for my raspberry Pi
DId you not see the system requirements part?
I don't know kasm workspaces has an option to erase everything if you log out. I'll probably just stick with that is it works really well and it's super simple to set up.
Wow Mr. Chuck, enabling iommu inside of a nested type 1 hypervisor. Ballsy my friend. Ballsy.
If only windows was built like this, it would be almost perfect.
Windows 10/11 does have built-in feature, similar, but not the extreme like Qube, it allows you to open and instance of Windows running on a hypervisor completely isolated.
Edit: It's called Windows Sandbox
@@ChrisAzure Yeah, but everything about it is proprietary. Is it really secure? Who knows!
i thought the most secure OS was AS/400... not known by the many :)
My score was 90 🎉🎉🎉, I wasn't knowing the difference between cgroups and namespace 😅, thanks for sharing 😊
Def also make sure you put it on hardwear that has/supports coreboot
fair warning about storage management before you even burn a disk image onto a USB to make an install disk:
if you overflow a storage limit on a VM, the whole OS breaks, like not bootable.
No matter how secure an system is it doesn't protect against human errors.
Chuckkkkk please upload more frequent videos!!!! I learned a lot from you within the past 2 years! There is literally nothing left to watch.
I would love to see more RPI videos Hacking videos, LETS DIVE IN!!!!!!
Dom-0 reminds me of the Avaya system platform OS I used to install and work on for communication systems.
If paranoia had paranoia
DO NOT run a VM it compermises the whole point and security of it.
Run Pubes- I mean QubesOS on a VM*
For a daily driver, no. On other other hand, if I just want to try it out, why not throw it in a VM before committing to bare metal?
@@ralphm6901 then just spin up VMs, it would be counterintuitive to Do it any other way.
You're channel is one of my favourite youtube channels period. I'll be joining ITPRO TV.
In all honesty, im glad you finally made this video.
Don't use vmware!
Why?
@initiald975 closed source, proprietary and crap. There's a wide, wonderful world of better options.
@@RonnieReddbro 💀 it ain't a virus man I used it no virus I was free. Probably have the worst antivirus in the world 😭
Yeah right, until you tried to set up a 3D accelerated Windows VM and realized your IOMMU is totally borked and VBox and VMware are the only options.
@@wilsontulusqemu
Qubes OS is for professionals. Not for the average wannabe.
Lol
Not really. QubesOS makes it really easy to run fast and private Virtual Machines since it uses a type 1 hypervisor
Afaik, Windows Defender actually have this feature, basically isolating every app on their own environment and it needs VT-x for it to work properly.
I got it working on a 12 year old dell laptop with just 8Gb of ram and 250Gb of storage and indeed an intel that's 64 bit with VT-x. They have that for about 20 years now I guess...
But indeed, it is not quick; starting up an entire linux kernel plus underlying OS is going to take a few moment at startup. And it is limited, especially when you would like to use the graphics card directly for, for instance, blender or running a machine learning model.
Clickbait title
What other purpose could a online title serve? Whenever someone dislikes what they've clicked on, then it's clickbait. Every title is clickbait. That's literally the one & only purpose of a title. Thanks for pointing out what titles are for.
What do you expect from chuck
@@bruhda7469 My definition of clickbait is having a video where the title and thumbnail are different from the video content and the "I hate it" part made me think he'd have points towards why not to use it.
Love all your videos ❤❤❤
17:29 option B ls to list the directory and have a peek over the files
I want a pack of balloons
I love the idea and I was able to get it to install on an older low power laptop but too slow to work with. Tried to install on high-end laptop and desktop and both of them fail to complete install. Not sure if Fedora at issue but tried other builds still would not install. Part of the issue with complex builds though is that if there is an update that breaks it one needs to be very deep in the weeds to know how to fix it. Most of us probably cannot spend days or weeks with the OS not working. I suppose some people with multiple other systems at their disposal could. I'll wait another year or two to see how far along development has come to support high end hardware. Though their documentation does say it's not supported by most vanilla systems. But what they do support is old and slow.
Please always verify signature of the downloaded files when talking about security and privacy. They could have been tempered with before even downloading them,
Funny, reminds me of the old secure VAX VMS OS, from the 80s. Every application had almost 200 permission flags, for devices and operation. A super pain to administer, this seems to be a lot simpler. Thanks
Kinda like running a windows 3. 1 instance with in OS/2. I loved OS/2.
I don't know how... but I was looking at the 2nd to last question and i figured it was either A or B regarding cgroups and namespaces... I was wrong, as it was B and not A. But the fact that I was close to being correct surprised me because I didn't think that I'd be at least 80 percent correct for the entirety.
I used linux rigorously because I wanted to do virtualization so that I can make windows.. a "mostly" enclosed gaming vm. But that aside, I think I should get back into computers again... I learned a lot in linux and experienced a lot in server hardware.
part of the security comes from the management container dom0 and its interaction or lack of with the other vms. it's kind of like local out of band management from my research. some of qubes' underlying foundation is built around vm aware malware (vm hoping is a thing).
I love your work Network. When I grow up, I want to be like you.
nice concept, so it's more like a collection of VMs running side by side... interesting.
LOL, good to see you are human too. So much polish in presentation, perfect beard but the screeeeen @13:51 *scream* :D
90/120. Missed the cgroups question, dang it. But probably pretty good for less than a year of using Linux.
Yo do you have a playlist of the basics of understanding all this stuff or just the basics of computers
Haven't tried latest version of Qubes but install it from time to time to fiddle with. The idea of virtualizing every app is the future but the execution was buggy and not user friendly. I'm an experienced IT guy. Average non-techie would be mostly lost. Nevertheless I hope the project continues to improve to the point it becomes more intuitive and stable. I'd love to use Qubes or something like it as a daily driver. And one day I hope the devs realize the term "Qubes" is uncomfortably too close to the word "Pubes" and change the fricken name.
Merry Christmas ⛄
I like using qubes os. It helps me separate work and personal stuff while being on the same machine
So, it's a Xen system with preconfigured templates for VMs for apps and different things and a bit of GUI to make it fairly usable.
It was just a matter of time till somebody made something like that. Not sure what took them so long.
Yeah, I'm sure it's cool if you need that kind of security, but it's not for everyone. It's resource-hungry and slow and a bit cumbersome to use compared to normal OSs.
Thank you Chuck!!!
What is the intro song? Thanks.
Edit: It's Underground Moments - Cushy
If we had no winter, the spring would not be so pleasant; if we did not sometimes taste of adversity, prosperity would not be so welcome.
If the DOM kernel is isolated from the internet, how do you do upgrades? presumably from a child or cube that DOES have access? Can you re-enable secure boot once you have everything installed?
No, While using this Secureboot needs to remain off - Secureboot runs a hash chack vs a database of known good bootloaders
They are too small to be registered with secureboot - so it would refuse to load
120, but I got kinda lucky on that cgroup and namespace question. I picked the one that intuitively sounded right to me. 😅🤷♂️