Hacker News new | ask | show | jobs
by fsflover 1344 days ago
Fortunately, on Qubes OS, only the networking VM can be exploited like this, and it will be clean again after its reboot.
2 comments
orblivion 1344 days ago
I installed 4.1 and only my firewall VM is disposable. Wouldn't that mean my net VM could still have an exploit that leaves something in the home directory? (Would be nice if it was easier to trash and rebuild it).
link
fsflover 1344 days ago
You can choose sys-net to be a disposable during the install. It's not the default. You can also make it a disposable manually: https://www.qubes-os.org/doc/disposable-customization/#using...

Beware that your WiFi password will be forgotten every VM reboot (but there is a workaround on the forums).

link
orblivion 1344 days ago
Thank you! (Yes I forgot that it was an option I chose; I probably went with the defaults, not knowing the implications of deviating)
link
Syonyk 1344 days ago
It's possible, but I believe the design is such that sys-net is untrusted, so an exploit there is no more risk than any other use of an unencrypted connection on the network.

But it sure looks like it was a wise idea to spend the resources on isolating network hardware!

link
lostmsu 1340 days ago
How's GPU support in Qubes these days? (Nvidia, CUDA)
link