

Introducing Qubes OS - Kototama
http://theinvisiblethings.blogspot.com/2010/04/introducing-qubes-os.html

======
nzmsv
I think there will be more projects like this. Apps running in a sandbox,
thinking they have the OS to themselves. The next logical step is to have all
new apps written in managed code, and use virtualization for the "legacy"
native code.

Come to think of it, isn't it supposed to be the purpose of an operating
system: letting programs think they own the hardware? Now they can pretend to
own the OS too :)

I think we'll get to microkernels, but through evolutionary steps like this
rather than ground-up redesign.

~~~
plesn
Could someone point me at a clear explanation of the difference between a
micro-kernel and an hypervisor?

Maybe I need to see something like the Xen presentation at Fosdem again.

Edit: [http://www.ok-labs.com/blog/entry/microkernels-vs-
hypervisor...](http://www.ok-labs.com/blog/entry/microkernels-vs-hypervisors/)
is quite ok.

~~~
AndrewDucker
I'm not an expert, but I'll give it a try.

A hypervisor runs multiple Operating Systems, having each one think that it
has access to the whole of the hardware.

A microkernel is one way of writing the kernel of the Operating System, so
that each part of it is a separate process, routing messages to each other in
a safe manner to get things done, rather than doing direct calls to each
others code.

With a hypervisor you wouldn't expect each of the OSes to have any
communication with each other at all, whereas with a microkernel you'd expect
the different processes to talk to each other a lot.

You can, apparently, repurpose a microkernel as a hypervisor, but I don't know
anything about that at all. Presumably the infrastructure is quite similar.

~~~
soren
An example for a microkernel running a Linux OS is L4Linux (<http://os.inf.tu-
dresden.de/L4/LinuxOnL4/overview.shtml>).

There is a lot of controversy about the distinction between VMMs and
microkernels. A view from the microkernel side is given in
[http://www.ertos.nicta.com.au/publications/papers/Heiser_UL_...](http://www.ertos.nicta.com.au/publications/papers/Heiser_UL_06.pdf)

------
soren
Similar work was done in the OpenTC project (<http://www.opentc.net>), i.e.,
running legacy OSs in isolated compartments and multiplex their visual
interfaces using a "secure GUI", which labels the windows/interfaces according
to certain properties. It also supported OpenGL in the "AppVMs", which is
currently omitted in Qubes OS.

The isolation of drivers in separate VMs and enforced isolation using VT-d is
definitely interesting. A paper on the disaggregation of dom0 for improved
security is <http://www.xen.org/files/xensummit_fall07/22_DerekMurray.pdf>

------
gosub
_"All problems in computer science can be solved by another level of
indirection"_

~~~
gaius
Except the problem of too many levels of indirection.

~~~
stcredzero
Actually, that one too. Just hide the levels of indirection. Now you have the
problem of complex hidden levels of indirection. (Cheating with one's
definition of "solved.")

------
Kototama
_Qubes implements Security by Isolation approach. To do this, Qubes utilizes
virtualization technology, to be able to isolate various programs from each
other, and even sandbox many system-level components, like networking or
storage subsystem, so that their compromise don’t affect the integrity of the
rest of the system._

------
stcredzero
_Qubes GUI virtualization presents applications like if they were running
locally_

Site needs some editing.

------
barnaby
:-) it seems there's a news story every day on HN about a new Linux based OS
on the market. I do like this one much better than the North Korean one with
the lockdown of user freedoms.

~~~
zppx
It's not exactly a new "Linux based OS", Joanna is a well known security
hacker and so if you think about the reasons them you will see that what she's
trying to do is a new security computing model for operating systems based on
virtualization, just like Google Chrome was a new model for browser
security[1].

Virtualization will be huge in the future, probably we will have common
desktop hardware with bare metals hypervisors implemented directly on the
hardware in the next 15 years or so, virtualization is already used in
datacenters, network appliances and used extensively in the "cloud", how will
we use it in the desktop is still open, but I do believe the first application
will be running legacy application on modern operating systems and security.

[1]:
[http://communities.intel.com/community/openportit/vproexpert...](http://communities.intel.com/community/openportit/vproexpert/emergingcomputing/blog/2008/09/03/google-
chrome-the-compute-
model;jsessionid=FF47CE75A7EA96018F2A0F5EB6E0213E.node5COMS)

~~~
stcredzero
So "legacy" = implemented in the 60's and 70's but became widespread in the
90's. "Modern" = implemented in the 60's and 70's but became widespread after
2010.

~~~
zppx
upvoted that was a good one.

------
beilabs
Is it just me or is that using the fedora symbol in the bottom right corner in
some of the screenshots?

------
kraemate
I hope their server isn't running on this OS because the performance is
pathetic

