Last weekend I tried out Qubes OS (4.0 RC3).
I was drawn to it by the promise of having both work and personal activities on the same hardware (yet still compartmentalized), i.e. not carrying two laptops around anymore; also by the security benefit of separating activities into "high-trust" and "low-trust" execution environments with different access to network and hardware, while still hopefully having an integrated, usable system.
I decided to start with 7 domains as follows:
| Name | Color | Purpose | Notes/Restrictions |
|---------------+--------+----------------------------------+----------------------------------+
| untrusted | Orange | Insensitive browsing/experiments | |
| projects | Gray | Software projects | Persistent VM for dev work |
| web | Green | Credentialed internet use etc. | Browse with usual caution |
| work | Yellow | Work for employer | |
| work-vault | Black | Work secrets and sensitive files | Net access only for syncing |
| private | Blue | Comms apps, notes, photos | Cautious browsing only as needed |
| vault | Black | Secrets, keys, sensitive files | No net access, minimal software? |
The Good
Overall I was impressed by how nice the UI was, given the goals of the project. The extended desktop metaphor, with border colors indicating domain, does work. The "app launcher" has an extra layer to navigate through ("Which domain would you like that in?") but this was OK. I already use XFCE at work so that didn't require adjustment.
- Copy-paste and file transfer between domains works as advertised
- I got rid of the default Fedora 25 AppVMs and used Debian 9 instead
- Attaching PCI and USB devices to a domain works (including laptop integrated camera/mic), and WebRTC videoconferencing seems to work fine
- You do need a lot of RAM; a domain with one browser tab open uses about 3.5 GB on default settings
- Hardware support for my Thinkpad T450s was great (all the ports worked, even better than the HCL promised)
The Less Good
I put the project away for a week and came back to it this morning. Decided to not move forward and migrate my whole life to Qubes.
- Wasn't looking forward to managing editor and browser configuration across 3+ domains. I make a lot of tweaks to my browser to make it more secure, private, and productive. Could try to sync this state across domains but this opens a path for data and code to move between trust levels, negating some of the benefit of Qubes.
- It would take all weekend to migrate my personal and work environments into 7 domains, tweak preferences, etc.
- The one broken USB thing I found: my dmcrypt+LUKS-encrypted external HDD wasn't recognized by a Debian 9 AppVM for some reason. Didn't spend long troubleshooting, may not have been a USB issue.
- No hardware accelerated graphics, which makes things like Ctrl+drag in Google Maps satellite view laggy.
- Burden of doing regular updates in more places (dom0, template VMs, and restarting AppVMs), which could ultimately make my environment less secure if I fall behind.
Conclusion
Right now, I don't really have activities sensitive enough to make this additional complexity of running a Qubes system worthwhile. (e.g.: work for my employer isn't especially sensitive, and most of the code that I write is released publicly anyhow).
I'm still glad that I tried Qubes. I'm glad it is there for those who need it, which could be any or all of us someday.
<b>Mastering Online Casinos fur deutsche Spieler: Entdecken Sie die Welt des 5€ Spiels mit Paysafecard</b>
Mit der zunehmenden <a href=https://www.blurb.com/user/jacks702>paysafe casino online </a> von Online-Glucksspielen sind deutsche Spieler standig auf der Suche nach verlasslichen und bequemen Zahlungsoptionen, um ihr Spielerlebnis zu optimieren. Die Paysafecard ist eine solche Moglichkeit. Sie ist ein weit verbreiteter Prepaid-Gutschein, der es Spielern ermoglicht, ohne Bankkonto oder Kreditkarte Einzahlungen auf ihr Online-Casinokonto vorzunehmen. In diesem ausfuhrlichen Leitfaden werfen wir einen Blick darauf, was die Paysafecard ausmacht, wie sie in Online-Casinos verwendet wird und empfehlen Top-Casinos, in denen Sie schon ab einem Betrag von nur 5€ ins Spiel einsteigen konnen.
<b>Was genau ist die Paysafecard?</b></size>
Die Paysafecard agiert als eine Art Prepaid-Zahlungsmittel, vergleichbar mit einem Gutschein. Sie ist in diversen Nennwerten erhaltlich und kann sowohl bei zugelassenen Einzelhandelspartnern und Tankstellen als auch online gekauft werden. Jeder Gutschein ist mit einem individuellen 16-stelligen PIN-Code ausgestattet, der fur Online-Zahlungen genutzt wird. Dieses Zahlungssystem bietet den Spielern eine zusatzliche Sicherheitsschicht, da wahrend des Zahlungsvorgangs keine personlichen oder finanziellen Daten preisgegeben werden mussen.