Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gruez 3 hours ago

>Latest attempt: https://news.ycombinator.com/item?id=47182376

Your Qubes OS comparison doesn't really work because Android distributions need extra work to support each new device, whereas for Qubes OS, they're probably using some virtualization framework that makes it pretty trivial to add support for CPUs without virtualization. There's nothing stopping you from starting a new fork that supports your motorola phone, for instance.

fsflover 3 hours ago | parent [-]

I understand that supporting new phones is a lot of extra work. My only question is whether the developers of GrapheneOS would accept patches from community for such support without full set of security features.

throawayonthe 2 hours ago | parent | next [-]

"accepting patches" is still a lot of work and often means taking on the maintenance burden; i suspect that if qubes had to do extra hardware enablement work/maintenance for VT-d-less devices they might've had the same position

handedness 2 hours ago | parent [-]

Qubes hasn't always shipped Xen patches nearly as quickly as I would like. It's the unfortunate reality of the situation they're in, simultaneously trying to catch up with broad-spectrum device support, with a miles-long HCL with many entries having sub-threads attempting to resolve significant compatibility issues. Don't buy hardware that's too new, don't buy hardware that's too old, certified hardware doesn't necessarily stay certified, and so on. It's a mess.

I love what they're doing and it's my preferred daily driver, but from a security standpoint they're still pushing molasses up a sandy hill.

handedness 2 hours ago | parent | prev [-]

You keep coming back to this. GrapheneOS accepting community patches with a reduced feature set (hardware security) degrades the nature of the project. It's an absurd proposal.

Fork it, make your own. Not only are they OK with that, they're actively supportive of it.

Criticizing them for not actively supporting the Balkanization and unavoidable dilution of the security and therefore total value of their project makes me wonder whether the strength with which you hold your opinions has any meaningful connection to the extent to which you even understand the subject matter. It's just mind-boggling the things you assert every single time an OS you don't even use comes up.

Your love of Qubes OS (which I share) somehow even increasingly seems rooted in something that just isn't reality. If it were, you'd be able to fairly assess both projects and see the relative strengths and weakneses of both with useful accuracy.

As it stands, you're just spouting harmful noise. Please don't do that.