Operating system

I keep bumping into this, I am sure there is a reason :wink: We need more than 24 hours a day for sure, this is kinda nice and seems to fit many of my aspirations for security


I know a guy on twitter, a journalist I think, who’s been using it for a while and likes it a lot. I expressed some reservations as a quick search for the project author wasn’t reassuring, but not many people scrutinising the code was my main worry. Could be very nice fit for SAFE tho.

Noted Mark, worth a follow up. Be great if we cn get some pods working on a secure OS and or docker containers. WE are adding a device local discovery options for vaults so we can have plug computers simply plugged in and advertising locally. Then a client s/w can find this and register the wallet address etc. Just not enough hours to pull together a device as well.

I thought the China link would do that, but they wanted a joint partnership in China and we declined as it was looking like a moving target and we are too busy. If a pod could take it up it could be a good earner and really helpful for the network (hint hint @frabrunelle et al :wink: )


Completely forgot about Qubes…must be pretty solid by now, definitely worth considering for adaptation.

Securing Tor: the physical separation approach

Securing Tor: software compartmentalization approach (Qubes OS)


1 Like

This looks more like progress a Self-repairing software that tackles malware. This in combination with Qubes OS then we’re on our way to an Safe OS

1 Like

The A3 project applies virtualization, record-and-replay, introspection, repair, and other techniques to develop a customizable container for “advanced adaptive applications.” The A3 container provides its protected application with both innate and adaptive defenses against security threats.

Available Software

Stackdb — a VMI-enabled debugging library for multi-level systems

Virtual machine introspection (VMI) allows users to debug software that executes within a virtual machine. To support rich, whole-system analyses, a VMI tool must inspect and control systems at multiple levels of the software stack. Traditional debuggers enable inspection and control, but they limit users to treating a whole system as just one kind of target: e.g., just a kernel, or just a process, but not both.

We created Stackdb, a debugging library with VMI support that allows one to monitor and control a whole system through multiple, coordinated targets. A target corresponds to a particular level of the system’s software stack; multiple targets allow a user to observe a VM guest at several levels of abstraction simultaneously.

For example, with Stackdb, one can observe a PHP script running in a Linux process in a Xen VM via three coordinated targets at the language, process, and kernel levels. Within Stackdb, higher-level targets are components that utilize lower-level targets; a key contribution of Stackdb is its API that supports multi-level and flexible “stacks” of targets.

Weir — a streaming language for systems analysis

For modern software systems, performance analysis can be a challenging task. The software stack can be a complex, multi-layer, multi-component, concurrent, and parallel environment with multiple contexts of execution and multiple sources of performance data. Although much performance data is available, because modern systems incorporate many mature data-collection mechanisms, analysis algorithms suffer from the lack of a unifying programming environment for processing the collected performance data, potentially from multiple sources, in a convenient and script-like manner.

Weir is based on the insight that performance-analysis algorithms can be naturally expressed as stream-processing pipelines. In Weir, an analysis algorithm is implemented as a graph composed of stages, where each stage operates on a stream of events that represent collected performance measurements. Weir is an imperative streaming language with a syntax designed for the convenient construction of stream pipelines that utilize composable and reusable analysis stages. To demonstrate practical application, this paper presents the authors’ experience in using Weir to analyze performance in systems based on the Xen virtualization platform.

XenTT — a “time-traveling” hypervisor

Replay infrastructure: XenTT replay infrastructure, consists of four main logging components, and a high-bandwidth communication channel across them

Event interposition: The event interposition layer implements logging and replay of the low-level virtual machine interface exported by the Xen hypervisor. We design interposition primitives with a goal to introduce a minimal overhead on the critical execution path of the system.

A lightweight logging operation requires to read the hardware state of the system and put a logging record in a lock-free, shared-memory buffer for asynchronous processing by the user-level logging daemon.
Logging and replay daemons: User-level logging and replay daemons process the log of recorded events committing it to a stable storage.

Device daemon: To log and replay communication of virtual devices we rely on the fact that all Xen devices use a uniform shared memory interface for connecting guest and host device drivers. The device daemon implements a general abstraction for interposing on communication of the shared memory producer-consumer buffers.

Replay coordination: Finally, replay coordination mechanisms ensure controlled execution of the guest system between a pair of nondeterministic events. These mechanisms include branch counting logic, single-step execution, replay of synchronous and asynchronous events, and CPU branch tracing.


Two years later … anyone have current experience with Qubes … trustworthy?

I don’t have any first hand experience with the OS. I was going to try it out a few years ago but I dont’ have any compatible hardware. These guys have an enticing laptop for sale and you can qubes installed on. You would have to do a lot more research on everyone involved.

1 Like

I’ve used it for a couple of years. It’s as trustowrthy as anything is, although obviously it has to rely ultimately on the Xen hypervisor, in which a few serious flaws have emerged, and Intel CPUs, which may or not have back doors. Even the developers don’t claim it’s completely secure but it’s certainly a lot better than most. It’s fussy about the machines it will install and run on though and there’s a bit of a learning curve as Qubes has its own way of doing things, eg moving files between VMs, but I’d say it’s pretty solid these days.


I tried it out maybe two years ago, and it was fun; too bad my old laptop with 4GB was not quite the match. Also, my CPU didn’t allow for protected DMA I think.

Can it play videos nicely? I’m asking because they explicitly said they will never support OpenGL.

1 Like

Yep, but maybe not with Nvidia cards. Actually, I think a lot of people people struggle using it with anything other than integrated Intel graphics, so certainly not ideal for gaming and the like. But then you probably wouldn’t use it for that anyway. I have it installed on a USB 3 stick.

1 Like

I haven’t tried it, but from reading some of its docs and watching the video tour, it looks like creating what they call a custom ProxyVM containing the SAFE core library (and the future SAFE authenticator) could fit in its network architecture quite well (I guess the same applies for storage).

Although, from my understanding there is a need of an extra layer to run on top of the SAFE core lib to implement the Xen network and storage virtual interfaces so that the AppVMs can interface with the safenet transparently, i.e. the Beaker browser and SAFE apps can run in any other domain.

Now I’m thinking that if we had such a custom SAFE ProxyVM then perhaps apps don’t even need to know about SAFE APIs/services at all…?.., assuming that the SAFE authenticator can implement some standard protocol like OAuth 2.0 (this led me to post in this other discussion about the future of the SAFE Launcher).


I’m interested in Void linux. It has some good security advantages and remains true to the linux philosophy of modularity.

the first distribution to switch to LibreSSL by default, replacing OpenSSL. Due to the Heartbleed fiasco we believe that the OpenBSD project has qualified and pro-active developers to provide a more secure alternative.

xbps-src is the xbps package builder, written from scratch with a 2-clause BSD license. This builds the software in containers through the use of Linux namespaces, providing isolation of processes and bind mounts (among others). No root required! Additionally xbps-src can build natively or cross compile for the target machine, and supports multiple C libraries (glibc and musl currently).

uses runit as the init system and service supervisor. runit is a simple and effective approach to initialize the system with reliable service supervision.

  • rolling releases, so no reinstallations.

From an end user perspective the security should be transparent, i.e. automatic without the user having to be responsible for it. Also, separate OSs are a bit like 90s technology. Even worse, mobile OSs are a step backwards where the users have to install software (apps). Even worse still, from a developer perspective different versions of an app are needed to support different mobile platforms (iOS, Android, Windows 10 Mobile etc).

A possible future solution is to divide the OS into one distributed layer and one client layer, such as SAFE Network OS and SAFE Client OS, where the network OS takes care of the security for the (distributed) applications and the client OS is just a secure GUI layer.

1 Like

It’s crazy, so many choices but who knows what we can trust these days … thanks for another option, will check it out, funnily enough I respect this forums input more than anywhere else… sucker I am :wink:

1 Like

Heads up!

The long awaited Qubes OS 4.0-rc1 has just been released!

Check it out: https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/


Forgive if slightly off topic but can any OS be secure and private in the cloud or are those instances necessarily going to be liable to the host?

Something like Qubes, I’m wondering tempts a shell that creates a vortex of crypto with a key that only the owner knows?.. but I can’t see that much suggested for all it’s being “Type 1”.

I’m liking the look of qubes. I have often thought about increasing my security by creating different users each with encrypted folders to have more division of tasks - but qubes does something similar in a much better way.

color me impressed. They also seems to have a really professional group behind them.


I liked what I read about qubes, but only when I tried it (Version 3) did I realize how easy and how powerful it is. For anyone reading this I’d urge you to try Qubes if you’ve not already. Sadly, there can be problems with hardware compatibility, so look at that first! If it looks good you can make a bootable DVD or USB stick just to try it out.

I’d love to hear if other people like it!