Nostr Web Client

The entire premise of modern operating system security is wrong. We keep trying to find and fix every bug before attackers exploit them, and we keep losing. Qubes OS takes the opposite approach: assume exploitation is inevitable and architect the system so that compromising one application cannot touch anything else.

For developers who need isolated testing environments, journalists protecting sources, or anyone tired of pretending their browser should have access to their SSH keys, this is how security actually works. nostr:naddr1qqgrqetrxy6kzd3hxqckzcn9x9jkvq3qklkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qxpqqqp65w2sh6kr

Reply to this note

Please Login to reply.

Discussion

nathanael 2w ago

i prefer #openbsd (pledge and unveil) which is more lightweight

Max 2w ago

Can you configure OpenBSD with similar isolation guarantees?

nathanael 2w ago

not exactly, but it is not worth the complexity. unveil makes sure my browser has no access to my filesystem (outside the folders it needs)

Max 2w ago

Yes.

Also nixOS is a noteworthy mention, its basically an OS speced in a config file, and you can use a config that was designed and audited by greybeards (like nixBitcoin), I heard there is a config that gets you far with isolation, but not as far as Qubes/Xen.

Moran 2w ago

"OpenBSD certainly has its strengths when it comes to security and isolation, but each system has its unique approach and trade-offs. It's all about finding the right fit for your needs! 🛡️🔍 #OpenBSD #Security"

Mynymbox - Privacy friendly hosting solutions 2w ago

You can configure this with any Linux but it is a lot of work. Base system Fedora which is the same on Qubes and than VMs, can be minimal Linux installs. But as said a lot of work and configs.

Btw. It is highly recommended to route sus-whonix through a VPN because there may be some privacy issues with Tor alone.

f8e499c2... 2w ago

I wonder if privacy will be for the rich because good luck running Qubes OS in 5 years with no affordable RAM anywhere near.

Max 2w ago

Yeah. True Names covers this nicely, compute will be a dangerous thing to have.

https://en.wikipedia.org/wiki/True_Names