[xdma]

Hi, I'm an SGOS dev. I don't know what you mean by "mostly a patched Linux", but here's what Subgraph OS is so far -- and it's a young project: we have a kernel patched with grsec/PaX/RAP, but we have also developed our own application sandbox framework (namespaces + limited fs + seccomp bpf whitelisting), app firewall, event monitoring subsystem, usb disable on desktop lock (based on grsec), etc. Here's a walkthrough of our sandbox framework:

https://github.com/subgraph/oz/wiki/Oz-Technical-Details

[jsnathan]

Hey, cool project! Any chance you could give a quick rundown of how this compares to Qubes? Like, the tradeoffs, etc.

[mtgx]

You may find this talk between the Qubes, Subgraph and TAILS representatives helpful:

https://www.youtube.com/watch?v=Nol8kKoB-co

I believe Joanna from Qubes also set-up this forum for discussions on secure operating systems:

https://secure-os.org/

Joanna also talked a bit about the trade-offs between the two here:

https://secure-os.org/pipermail/desktops/2015-October/000002...

I believe initially there were some discussions to integrate Subgraph into Qubes as a TemplateVM (just like the Debian VM, Ubuntu VM, etc), but the Subgrapth guys thought Grsecurity wouldn't work well with Qubes OS. I think that situation has improved, and there is some progress in making Grsecurity work with TemplateVMs and AppVMs.

https://twitter.com/Phoul/status/801114260881424384

However, even if it does work, I'm not sure how excited the Subgraph guys are about making their OS "just" a Qubes OS TemplateVM. They may think that's the wrong business strategy for them as a company. I'm just saying this as someone watching from the outside. They may actually not believe that at all.

However, I did also notice the relationship between the two projects got a little colder, at least for a while, and in public, after Edward Snowden called Qubes his preferred secure OS.

[xdma]

It was me, at Subgraph, that setup the Secure Desktops mailing list and website. We hope to collaborate more with other projects in the future. There is already interest from other projects in things we've built for Subgraph.

As for Subgraph in Qubes, being a template OS, etc, maybe later? We haven't even had a real release yet and are still building. I wouldn't recommend it anyways unless all of the Qubes VMs have hardened kernels by default.

[artemist]

Having a subgraph TemplateVM will get easier with Qubes 4.0, as Qubes switches over to HVM (I think just HVM with PV drivers, PVH in Xen is not ready yet). grsecurity and PaX do not work with paravirtualization, which is pretty limiting in terms of memory management and such (It also opens up some vulnerabilities, which is why Qubes is switching).

[arnebr]

Thanks for the interesting stuff.

Even if Snowden called out Qubes, you have to decide on your own security level which system is best for your needs.

[SEJeff]

I suspect that it doesn't at all seeing as how it is a Linux distribution with some nice features for security and privacy baked in by default.

[ryanlol]

Many believe that Qubes places an unreasonable amount of trust on Xen.

Read: https://www.qubes-os.org/doc/vm-sudo/

The issue isn't only with trusting Xen, but trusting it so much that it makes all other security features meaningless.

[mtgx]

No updated iso since June. Any plans for an update soon?

Also, shouldn't you just use Wayland for the stable 1.0 release? Why even bother with X11 at this point?

Do you plan to support flatpaks as well?

[xdma]

The new ISO is coming very soon. We've just been busy with consulting we do to support the project and there were some issues with gpg2.

Wayland is one huge reason why we aren't even calling this "beta". Wayland is absolutely part of the plan. We are working on integration now.

Flatpaks: probably not. Different vision. Flatpak is an 'appstore' type model, not sure we will want that in Subgraph OS, but it's worth a deeper investigation than the thought I've given it so far. There are things in Flatpak that we can benefit from, such as the UI advantages of "Portals". We'll probably be adding support for it to Oz.

[mtgx]

Good to hear you're considering it. It may be worth looking into appimages as well. They don't seem to focus as much on security, but perhaps their isolation is better? Flatpaks seem to share quite a bit with each other, and I worry it may create another X11-situation. Flatpaks may still be better overall, though, if they can also have good isolation.

I doubt you should even bother with snaps. They don't seem to be that well supported outside of Ubuntu, and I doubt they will ever be.

[xdma]

We use Xpra to do desktop isolation for now, by the way. It's similar to Qubes' display mechanism, but we didn't write it, and don't really like it as a security control. Just serves as PoC until we can jump to Walyand.

Therefore Subgraph OS isn't in the worst possible x11 situation, which is the default for every desktop Linux except I think the most recently released Fedora.

Re: iso / updates, we have rolling updates. Installed users are kept current if they install the OS and regularly apply updates and do dist-upgrades.

[jcao219]

Hi! Why did you choose the name Subgraph OS?

[tptacek]

It's named for their company, which does other things too.

[xdma]

Yup. Subgraph is a nearly 7 year old open source software company. We wrote a web scanner (Vega) that's sadly neglected, though still used regularly by thousands of users. We also do consulting, like pentesting, etc.

The name was inspired by work I was following at the time (10 years ago?) by Halvar Flake etc, on applying graph theory methods to reverse engineering / runtime analysis.

[nickpsecurity]

It's catchy, sounds technical, and non-technical people can still spell it. Great name. :)

[eggie]

It is a precise technical term, and using it for a company name is unsettling to a graph theorist. But, it's probably cool for almost everyone else.

[xdma]

When the domain was registered by me and idea originally hatched, the vision was to have the company focused on reverse engineering and the application to it of ideas from graph theory. But things change. Name stuck.

[petre]

Linux = kernel.