[Linux-aus] LCA Lecture about sandboxing desktop apps

[Russell Coker]

On Tuesday, 20 June 2023 00:25:17 AEST Andrew Reimers via linux-aus wrote:
> Have you looked into QubesOS? (https://www.qubes-os.org/)
> 
> It uses VMs to isolate different desktop applications. And has a security
> model that doesn't outright suck.
> 
> We did a couple of LCA talks on what it is and why people should use it.
> 
> I guess it's biggest disadvantages are:
> 
>    - It can be a bit of a memory hog. (Especially if you start launching 4x
>    copies of firefox in different networking contexts)
>    - Applications can't access the GPU, and must be fully software rendered

Thanks for the information, I had heard of Qubes before, I wasn't aware of the 
GPU issue but I was aware of the memory issue.

The scenario I'm most interested in at this time is mobile phones where memory 
is limited and CPUs are somewhat slow and also less energy efficient for 
rendering type tasks than the GPU.  So Qubes probably won't fit, and even Snap 
probably won't work.  But something along similar lines could.

Qubes definitely solves some problems quite well.

I've added some Qubes videos to my watch list, not to use Qubes but to see how 
you dealt with some of the technical challenges and work out other ways of 
achieving comparable results.

Also for Qubes have you tried to address the issue of multiple types of data 
on the same device, EG company and personal data?  Something similar in 
concept to Samsung's Knox.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/