[mirimir]

This is interesting. However, I don't get how stuff in the cloud can be considered secure. Unless you trust them, anyway. And also, I'm reminded how little privacy seems to matter for Qubes devs.

Edit: OK, I take it back. Replacing VMs with discrete devices on local networks is very cool. I just wish that they'd emphasized that, and then talked about using cloud resources. Indeed, what boggled my mind is that someone would go through the hassle of learning Qubes, and then put some of it in the cloud.

[xelxebar]

The cloud stuff seems incidental to the article's main point. At least that's how I read it.

Rather, it sounds like they are trying to properly abstract the isolation technology away from any specific implementation. They then realized that this would also allow "Qubes on the Cloud" with relatively little extra effort.

From a personal choice standpoint, it seems we will still have the option of avoiding cloud zones completely if we so desire, so no harm there.

If we think about the sociology of security however, lowering the barrier to entry seems like an overall win, assuming we believe in the Qubes security model.

It's a lot like fingerprint readers on phones. Sure, they're not near as strong as a high entropy password, but they're convenient enough so people who previously never locked their phones now use a fingerprint lock.

[conradev]

I agree. I liked the diagram that showed separate machines on the same local network running qubes. Physical separation is stronger compartmentalization than Xen.

[mirimir]

Yes, I agree. And I wonder what a hybrid with Tinfoil Chat might look like. That is, using opto-isolators to make some device-qubes read-only.

[robryk]

You can put the untrusted VMs in the cloud, to get better isolation between them and more important stuff. This, e.g., is a way of preventing two colluding VMs from communicating.

[masklinn]

That's a very interesting take, you can run local network for trusted qubes and put more risky/untrusted qubes on "cloud" VMs, that way you strongly mitigate colluding VMs (same-machine & same-network) and VM excursion attacks on your hypervisors & physical machines.

[ecesena]

Uh!? What’s the issue with privacy? Qubes is great to make sure you don’t get a malware while you watch “youtube”, and this malware gets access to your bank account. I feel privacy is kind of out of scope here, not that you don’t need it, but you can plug it in with ease. There’s nothing in qubes design that prevents privacy.

Cloud is just a way to distribute computation, and make sure storage is always available to you. Everything should be assumed to be protected — I mean, they protect video memory among processes/apps, you’d bet they protect your data on the cloud.

[mirimir]

There is currently no way to keep cloud stuff private. Maybe one day homomorphic encryption will be usable. And without that, the cloud provider can see everything. You can, of course, encrypt stuff locally first. But that's only good for static data.

[jimktrains2]

That's all assumptions thought. I'm assuming they're protecting stuff. I'm assuming they're not looking at stuff. I'm assuming their underlying systems are patched. It's just assumptions that they're doing the right thing.