“The team led by security expert Joanna Rutkowska has released the first beta version of the Qubes OS Linux distribution. The operating system can also be installed on a USB stick thanks to its new installer. Qubes aims to provide security through virtualisation. It uses a Xen hypervisor to run applications in separate virtual machines based on Fedora 14. As a result, online banking data are not at risk when a game running in its own VM turns out to be a trojan.”
very interesting idea! Definitely a project I’m going to check out. These are the type of projects I come to learn about on this site. BareMetal Node a few days ago and now this. Love it!
The main ideas behind the whole project are OK [though you can’t deny that virtualising everything is NOT sufficient. Security is the process, not a product].
Anyway … why they had chosen to use Fedora and KDE as the GUI is totally beyond my comprehension.
Personally I find KDE unintuitive. I spent quite some time on finding things in this invironment once I booted the whole darn thing …
And Fedora … OK, it might be related to ones taste [or lack of], but It isn’t the best possible option out there. Plus – it didn’t detect my peripherals during installation, which made the whole thing twice as much painful as it could be.
Edited 2011-04-16 07:20 UTC
I would imagine that they went with Fedora as Fedora normally has the best virtualization implementation. They normally have some great tools/support for Xen and KVM.
KDE is maybe easier to tweak to this purpose, thanks to a cleaner design with standard, universal API such as Phonon and Solid.
You said:
And then you said:
The keyword is “Personally” which is the answer of your “totally beyond my comprehension complaint”…
It is their personal choice to use KDE instead of GNOME or anything else.
as well, called “Zones”. But it is much more lightweight. A zone is running a kernel, but that kernel has all its API calls, remapped to the underlying Solaris kernel. This means that every kernel you run, is actually using the Solaris kernel. Every zone requires 40MB RAM, where it virtualizes some data structs. Very safe. Total separation. Every zone uses it’s own ZFS fileystem. You can shut down a zone, and send it over the network to another Solaris server and start it up there. Very cool. I use zones to run VirtualBox, and Windows in a zone. Very safe.
Where does it say that? I don’t see anything on qubes-os.org that would indicate that Solaris is being used.
It doesn’t because it doesn’t. It’s a comment about how Solaris does something similar, if somewhat ‘cooler’ from what I’m led to believe, with virtualization.
Edited 2011-04-16 18:50 UTC
I was also wondering why they went with Xen and not OpenVZ. OpenVZ provides containers like Zones in Solaris. Like you mention, using containers could’ve probably been a lot lighter on the resources.
Edited 2011-04-16 21:24 UTC
Well for starters, so long as Qubes isn’t written with too many Linux specific features in mind, one could possibly use any OS that can act as a Dom0, such as Solaris or NetBSD.
Joanna Rutkowska is a specialist of Xen.
well there you go. Makes perfect sense then.
To answer your question, let us go to the website in question http://qubes-os.org/Home.html , why they designed that thing on top of Linux:
The keywords are “most Linux applications and utilize most of the Linux drivers” and “desktop computing.” Whatever the Solaris or BSD world can offer with million light years ahead of being cooler than any Linux solutions _without_ APPLICATIONS and DRIVERS support, Solaris and BSD are nothing but a bunch of two different words. They are “cool” given if you use them properly, but if you want to run diverse applications with it and peripheral support, then it is useless.
Edited 2011-04-18 04:34 UTC
Who’s talking about BSD and Solaris? OpenVZ is a Linux technology.
Desktop computing works rather well in OpenVZ containers actually and I presume it will work just as well with LXC when it matures. Granted you don’t get direct hardware access but that isn’t exactly a shining moment for Xen either.