Contents
dangerzone
Contents | dangerzone | |
---|---|---|
85 | 21 | |
253 | 3,059 | |
-0.4% | 2.3% | |
6.3 | 9.6 | |
5 months ago | 7 days ago | |
Shell | Python | |
- | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Contents
-
QubesOS – A reasonably secure operating system
I've been using Qubes for the past 2 years while going to school, and I found it really fun and helpful. A lot of professors had me download random closed source software from random websites during the pandemic, and it was easier to download it to a VM than to convince them about Free Software. More than that though it's been really helpful just for my own workflow. I can hit a keybind and start working from essentially a fresh linux install. It's easier to stay on task when each VM is designed to only do one kind of task. It's also nice having debian, fedora, windows, kali, and whonix all easily accessible on the same machine.
The main sticking point for me is that Qubes is reasonably secure from _myself_. I make mistakes. I first started using linux with an Ubuntu install that I broke a year later because I accidentally added in a space when typing `rm -rf ~/Arduino` which made it `rm -rf ~ /Arduino`. On Qubes I can `sudo rm -rf /` on the VM I'm using right now and not break a sweat. I have a keybind to spawn a disposable "airgapped" VM to deal with sensitive or untrusted data, and it helps knowing that even if I mess up with whatever I'm doing, the VM will keep everything reasonably contained.
Some cool things that Qubes has outside of just VMs are its features enabled by the communication between VMs. Notable ones are Split GPG (https://www.qubes-os.org/doc/split-gpg/) which let you use a VM as if it were a smartcard for GPG and Split SSH (https://github.com/Qubes-Community/Contents/blob/master/docs...) which let you isolate your private SSH keys from your VM running your SSH client.
There are some sticking points around Qubes. For instance, I use Tailscale to connect my computers to each other from anywhere. Tailscale's install scripts add their keys to my VM's package manager for updates and installs. The proper way to do this in Qubes is to clone a TemplateVM, run Tailscale's install script, update, install, and then base an AppVM off of it. But that creates an entire new OS taking up storage and requiring updates. You can hack a way around this in an AppVM which saves a considerable amount of space, but it takes a lot of upfront time to do and requires you to manually update it.
Another sticking point is hardware acceleration. The desktop environment has access to hardware acceleration, so it runs fine, but opening videos in AppVMs is all software decoded. I'm on a Thinkpad T580 and it can run 1080p videos, but the fans turn on and can't do 4K. When I want to game or do something GPU heavy I either stream from my tower or completely switch over.
Overall, I'm really happy with Qubes and I'm planning to stick with it on my laptops.
- Installing Windows 10 as a Qube. The install crashes at 10% in the "Getting files ready for installation" stage
-
GPU passthrough on Qubes?
I can't speak to 17+ GPUs - but have successfully passed through a single high-end GPU for gaming via following these instructions: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/gaming-hvm.md
- Qubes OS new templates?
- Installer crashes at last moment ?
- Dual-booting Qubes and a Debian distro?
- ArchQubes?
-
Windows 7, 10, or 11 vm in Qubes-Os
Yes its possible. But check here under "Audio Support", also says at the bottom that windows 7, 10 & 11 are fully supported. As for how to install Windows, here. And installing Windows 11 by disabling the TPM check: https://forum.qubes-os.org/t/windows-11-in-qubes/6759/8.
- ISO download for HVM failing on all VMs
-
VPN Killswitch?
Follow this guide https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md
dangerzone
-
Dangerzone: Convert PDFs, documents, or images to a safe PDF
I don't have experience with Qubes in order to know what the files do, but this repo references two files in a qubes directory: e.g. https://github.com/freedomofpress/dangerzone/blob/v0.6.0/qub...
- dangerzone: Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
-
Ask HN: How can I security-sandbox email attachment opening?
start here: https://github.com/freedomofpress/dangerzone
i've never used it, but i've been meaning to check it out. at least it should give you a jumping off point for further investigation.
if that is insufficient, use proofpoint.
for archives that are tickling bugs, you have to use a similar technique. it's not enough to analyze them and send them on as-is. you have to unpack in a sandbox (which will be detectable, no 2 ways about it, but the question is will anyone expend enough effort to detect -- no, not for your use case, seeing as how you're asking the question at all), process with dangerzone or dangerzone-like tool, then re-archive it and let the user see only that new archive.
-
Ask HN: Why not cloud instead of Qubes “trusted PDFs” or Dangerzone?
I've read about the concept of "trusted PDFs" [1] from Qubes OS and the Dangerzone project [2].
I noticed people saying they use such tools to open applicant attachments in the context of employee hiring processes.
Isn't it simpler to just open these untrusted files in a cloud service like Google Drive or Microsoft Office online?
[1] https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html
[2] https://github.com/freedomofpress/dangerzone
-
QubesOS – A reasonably secure operating system
You can use something similar on macOS, Windows or Linux, based on Docker containers, see Dangerzone: https://github.com/freedomofpress/dangerzone
-
Help an independant journalist survive :)
https://github.com/freedomofpress/dangerzone has been a great tool to use as an added layer of defense. Definitely check out this users other projects as you can tell by the users name that they are made for journalists.
-
Downloading pdf’s & Javascript
This is exactly what DangerZone is built for. Takes ‘dangerous’ PDFs, converts them to images and back (via OCR) so there’s nothing potentially harmful inside. Does all the conversion inside docker containers so there’s little chance of a sandbox escape or network access
-
How can I implement this open-source tool as an API?
The source code for the CLI application is probably the best place to look for an example of how to use the internal parts of the code which perform the actual conversion: https://github.com/freedomofpress/dangerzone/blob/main/dangerzone/cli.py
-
Secure PDF Viewer app version 16 released
Check out danger zone - https://github.com/freedomofpress/dangerzone
What are some alternatives?
Qubes-vpn-support - VPN configuration in Qubes OS
pattern-matching-in-python - Pattern Matching in Python
proton-bridge - Proton Mail Bridge application
PdfViewer - Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. CSP is used to enforce that the JavaScript and styling properties within the WebView are entirely static.
qubes-app-split-browser - Tor Browser (or Firefox) in a Qubes OS disposable, with persistent bookmarks and login credentials
ctx - A minimal but opinionated dict/object combo (like Bunch).
bitmap-fonts - Monospaced bitmap fonts for X11, good for terminal use.
bandit - Bandit is a tool designed to find common security issues in Python code.
qubes-windows-tools-cross - Qubes Windows Tools build with mingw, wine and qubes-builder
kad - A simple Python package converting dictionary keys to attributes of a class.
qubes-issues - The Qubes OS Project issue tracker
CPython - The Python programming language