Contents
security-wg
Contents | security-wg | |
---|---|---|
85 | 6 | |
253 | 482 | |
-0.4% | 0.8% | |
6.3 | 8.9 | |
5 months ago | about 24 hours ago | |
Shell | JavaScript | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Contents
-
QubesOS – A reasonably secure operating system
I've been using Qubes for the past 2 years while going to school, and I found it really fun and helpful. A lot of professors had me download random closed source software from random websites during the pandemic, and it was easier to download it to a VM than to convince them about Free Software. More than that though it's been really helpful just for my own workflow. I can hit a keybind and start working from essentially a fresh linux install. It's easier to stay on task when each VM is designed to only do one kind of task. It's also nice having debian, fedora, windows, kali, and whonix all easily accessible on the same machine.
The main sticking point for me is that Qubes is reasonably secure from _myself_. I make mistakes. I first started using linux with an Ubuntu install that I broke a year later because I accidentally added in a space when typing `rm -rf ~/Arduino` which made it `rm -rf ~ /Arduino`. On Qubes I can `sudo rm -rf /` on the VM I'm using right now and not break a sweat. I have a keybind to spawn a disposable "airgapped" VM to deal with sensitive or untrusted data, and it helps knowing that even if I mess up with whatever I'm doing, the VM will keep everything reasonably contained.
Some cool things that Qubes has outside of just VMs are its features enabled by the communication between VMs. Notable ones are Split GPG (https://www.qubes-os.org/doc/split-gpg/) which let you use a VM as if it were a smartcard for GPG and Split SSH (https://github.com/Qubes-Community/Contents/blob/master/docs...) which let you isolate your private SSH keys from your VM running your SSH client.
There are some sticking points around Qubes. For instance, I use Tailscale to connect my computers to each other from anywhere. Tailscale's install scripts add their keys to my VM's package manager for updates and installs. The proper way to do this in Qubes is to clone a TemplateVM, run Tailscale's install script, update, install, and then base an AppVM off of it. But that creates an entire new OS taking up storage and requiring updates. You can hack a way around this in an AppVM which saves a considerable amount of space, but it takes a lot of upfront time to do and requires you to manually update it.
Another sticking point is hardware acceleration. The desktop environment has access to hardware acceleration, so it runs fine, but opening videos in AppVMs is all software decoded. I'm on a Thinkpad T580 and it can run 1080p videos, but the fans turn on and can't do 4K. When I want to game or do something GPU heavy I either stream from my tower or completely switch over.
Overall, I'm really happy with Qubes and I'm planning to stick with it on my laptops.
- Installing Windows 10 as a Qube. The install crashes at 10% in the "Getting files ready for installation" stage
-
GPU passthrough on Qubes?
I can't speak to 17+ GPUs - but have successfully passed through a single high-end GPU for gaming via following these instructions: https://github.com/Qubes-Community/Contents/blob/master/docs/customization/gaming-hvm.md
- Qubes OS new templates?
- Installer crashes at last moment ?
- Dual-booting Qubes and a Debian distro?
- ArchQubes?
-
Windows 7, 10, or 11 vm in Qubes-Os
Yes its possible. But check here under "Audio Support", also says at the bottom that windows 7, 10 & 11 are fully supported. As for how to install Windows, here. And installing Windows 11 by disabling the TPM check: https://forum.qubes-os.org/t/windows-11-in-qubes/6759/8.
- ISO download for HVM failing on all VMs
-
VPN Killswitch?
Follow this guide https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md
security-wg
-
Securizing your GitHub org
As I was working on an open source security project, I put pressure on myself to be ready. Also as a member of the Node.js Security WG I thought it was an interesting topic and that I was probably not the only one who was worried about not being up to the task 😖.
-
You should use the OpenSSF Scorecard
We began the discussion in this issue, and here you can find the meeting notes:
-
Dozens of malicious PyPI packages discovered targeting developers
Node.js is building something very similar: Permission Model https://github.com/nodejs/security-wg/issues/791
-
Announcing NodeSecure Vulnera
deprecated Node.js Security WG Database
- NodeSecure - What's new in 2022 ?
-
Make your JavaScript project safer by using this workflow
Node.js Security Working Group
What are some alternatives?
Qubes-vpn-support - VPN configuration in Qubes OS
cargo-vet - supply-chain security for Rust
proton-bridge - Proton Mail Bridge application
scorecard - OpenSSF Scorecard - Security health metrics for Open Source
qubes-app-split-browser - Tor Browser (or Firefox) in a Qubes OS disposable, with persistent bookmarks and login credentials
W4SP-Stealer - w4sp Stealer official source code, one of the best python stealer on the web [GET https://api.github.com/repos/loTus04/W4SP-Stealer: 403 - Repository access blocked]
bitmap-fonts - Monospaced bitmap fonts for X11, good for terminal use.
secimport - eBPF Python runtime sandbox with seccomp (Blocks RCE).
qubes-windows-tools-cross - Qubes Windows Tools build with mingw, wine and qubes-builder
ci - NodeSecure tool enabling secured continuous integration
qubes-issues - The Qubes OS Project issue tracker
scanner - ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!