Privacy meme

I also do that because it lets me

• limit charging with ACC
• use microG as network location provider (microg installer revived)
• fix SafetyNet
• YouTube ReVanced
• Make using other App stores easier (updating can happen automatically in more recent Android versions, but first installs still require confirmation outside the Play Store)

Graphene os for security, lineage os is for debloated aosp experience, root is for things like wifite2 on smartphone, cheat engine like apps on smartphone, deep control of your smartphone and etc

I did not give it much thought really, I just wanted my previously rooted phone with no google things. But mainly the SafetyNet thing.

e.g. for better charging control, to allow f-droid to update apps automatically

No independent audit is a bad sign. It also is unstable with a giant code base.

According to the threads I found privacy guides:

• It mostly just doesn't work well.
• It hasn't been independently audited

https://discuss.privacyguides.net/t/add-jami/20052

https://discuss.privacyguides.net/t/why-is-jami-not-listed-in-pg/12500

I have run it on a laptop in the past, and I think it's a good option for a mobile system that you may be using on public/unsafe wifi and/or if your laptop is your primary computer and is actively carrying sensitive data (e.g. PII, financial records, health records, etc) that you want to keep in a separate environment from normal activities (though my advice would still be to keep such data on an external drive that is normally unplugged). It's not a good choice if you want to use that system for gaming - the hardware driver abstraction and segregation causes problems.

I don't really have a use case for it at the moment so I don't have any systems running it. It's OK for general use if you're not doing anything particularly complicated. Document editing, web browsing, code development - no problem. I wouldn't recommend it if you're doing CAD/3D modeling, graphics, audio/video editing, &etc - it's not really a good platform for doing creative work, too many complications.

The base system is not particularly heavy, though obviously the more VMs you run concurrently the more resources you'll need. It does require specific virtualization features for the CPU (documented in Choosing Hardware), which are not always available especially on laptop processors. My laptop had a mobile version of AMD Ryzen which worked. That was a 13" lightweight laptop, nothing too beefy, and it ran Qubes with a couple Debian VMs just fine.

Once you understand the basics of using dom0 to control the other VMs (and that you don't ever use dom0 for anything besides configuring and launching the other VMs) it's fairly straightforward. You do have to get used to virtually unplugging any USB devices from one VM and then plugging them into another (no bridging VMs via USB, that would break data security) but it makes sense if you think of those VMs as separate computers.

I think it's great if you're traveling a lot with a personal laptop and you won't have control over the networks you connect to, because you can basically seal off any sensitive data from any external/untrusted connections in completely separate virtual environments. You can have VMs which just don't ever have network access and so are "air gapped" by virtue of not even having network drivers installed, and then just manually transfer specific pieces of data as needed.

cool 👍

If all you want to do is run VMs, Qubes is not what you are looking for. Even virtual machine manager (and other abstractions over libvirt and KVM) need to be hardened to avoid compromising the host.

Example: By default virt-manager uses a NAT bridge to allow for the guest VM to access the host and the LAN. A couple of weeks ago vulnerability was found in CUPS print server, allowing a hacker to do RCE. If a guest VM was compromised (previously or because of the vulnerability), since the host also likely has CUPS the hacker could use the guest system to compromise the host. This is avoided on Qubes because the host has minimal software.

Virt-manager offers no where near the same Security as Qubes. Qubes has a security hardened host and strong Desktop security model. Everything runs in VMs (aka qubes) including different parts of the system to further improve isolation. Sure, you could replace Qubes OS with an off the shelf Linux distro and run VMs, but that is nothing like Qubes, offers none of the convenience, and isn't hardened or debloated (reducing host attack surface).

No Linux distro comes close. Qubes is designed for a specific job. I am not saying Qubes is the "best OS ever" when I say Linux distros dont come close, I specifically mean that no Linux distro is designed with as strong of a focus on Desktop security model and isolation-based workflow.

No No I don't mean the icons but the Blocktext points along OGG and ODT.

You've got it, Buddy :)

I think that the arch-based distro is Xerolinux

Thank you for the detailed breakdown! Lots of new ones on there for me

I see, thank you!

The FSF-approved distributions that are shown are: Trisquel, Parabola and GNU Guix (this one is actually quite neat, it's based on NixOS with its own ideas like the importance of being able to bootstrap an entire system from a minimal binary seed)

The browser with logo shown is GNU IceCat, with binary blobs removed and with some extra security and privacy features (among them an addon that prevents the browser from running proprietary javascript)

lynx is a simple TUI web browser and w3m also is a similar browser but running in GNU Emacs

The last three are all the GNU Emacs logo.

Between IRC and the picture representing the idea of self-hosting, there's the XMPP logo, which like IRC, is an instant messaging protocol (but with more features than IRC).

Isn’t qute just a chromium wrapper?