undefined | Better HN

0 pointsfsflover6mo ago0 comments

> massive risk

Are you saying that the Qubes OS security model is worse than the GrapheneOS one?

0 comments

It's a different approach to compartmentalization and the security risk of root in Grapheneos is different to that in QubesOS. But you know this looking at your bio, you just chose to ignore it.

fsfloverOP6mo ago

Can you elaborate on the differences in the compartmentalization? When the existence of root is equivalent to a broken security, it doesn't look secure to me at all. Are you talking about the security from the user?

By the way, personal attacks are against the HN Guidelines.

IlikeKitties6mo ago

Ah yes thats a real good faith argument you got there.

GrapheneOS is designed so you don’t need root to run apps or manage the device. Compartmentalization is on an per app level. And you already know how qubes does compartmentalisation.

1 more reply

subscribed6mo ago

Non sequitur?

GOS is not running a flavour of mainline Linux, but Android. They're nevertheless planning on moving to virtualisation as well https://discuss.grapheneos.org/d/24154-grapheneoss-roadmap-r...

For now it's as good as it gets.

strcat6mo ago

Linux doesn't mean systemd, GNU coreutils, glibc, GCC, GNU binutils, GNOME, etc. GrapheneOS is a Linux distribution and supports the Linux 6.1, 6.6 or 6.12 LTS branches. 6.12 is the latest LTS branch. Using Linux is a pragmatic thing, not a positive one for privacy or security. A huge monolithic kernel written in C is not the future for a highly secure OS. Moving away from the Linux kernel is important. QubesOS exists as a workaround for the insecurity of Linux. If the OS was using a highly secure microkernel in the first place, their hardware virtualization approach wouldn't be needed.

fsfloverOP6mo ago

> If the OS was using a highly secure microkernel in the first place, their hardware virtualization approach wouldn't be needed.

Do you have any statistics to show about how secure a micro-kernel is? I can't believe it can be better than this: https://www.qubes-os.org/security/qsb/

2 more replies

j / k navigate · click thread line to collapse

0 comments

IlikeKitties6mo ago

It's a different approach to compartmentalization and the security risk of root in Grapheneos is different to that in QubesOS. But you know this looking at your bio, you just chose to ignore it.

fsfloverOP6mo ago

By the way, personal attacks are against the HN Guidelines.

IlikeKitties6mo ago

Ah yes thats a real good faith argument you got there.

GrapheneOS is designed so you don’t need root to run apps or manage the device. Compartmentalization is on an per app level. And you already know how qubes does compartmentalisation.

1 more reply

subscribed6mo ago

Non sequitur?

GOS is not running a flavour of mainline Linux, but Android. They're nevertheless planning on moving to virtualisation as well https://discuss.grapheneos.org/d/24154-grapheneoss-roadmap-r...

For now it's as good as it gets.

strcat6mo ago

fsfloverOP6mo ago

> If the OS was using a highly secure microkernel in the first place, their hardware virtualization approach wouldn't be needed.

Do you have any statistics to show about how secure a micro-kernel is? I can't believe it can be better than this: https://www.qubes-os.org/security/qsb/

2 more replies

j / k navigate · click thread line to collapse