Post AePiOBLIVnabSFepma by alwayscurious@infosec.exchange
 (DIR) More posts by alwayscurious@infosec.exchange
 (DIR) Post #AePiOBLIVnabSFepma by alwayscurious@infosec.exchange
       0 likes, 0 repeats
       
       @QubesOS is _not_ the most secure operating system ever.  It _is_, however, the most secure operating system that is not only used by tens of thousands of people, but is also used for its own development.  The official Qubes OS installation images are built on Qubes OS, and the infrastructure that does this uses Qubes OS-specific features.To the best of my knowledge, no other compartmentalized operating system meets this criterion.  @GrapheneOS and various operating systems based on @sel4 are awesome, but they aren’t used for their own offical builds and day-to-day development because they are not suitable as development platforms.  To be usable as a development environment, a new OS must:- Be able to run complex, existing applications, such as web browsers, that typically were not written with that OS in mind.  This means that existing applications can and have been ported to it if necessary.- Be able to execute code that was just compiled.  This is typically incompatible with strict W^X.  There are workarounds but they are generally very ugly hacks incompatible with many build systems.- Support spawning tasks in response to a human’s command, and possibly allocating a very large fraction of system resources to these tasks.  This means that the system is able to adapt to workloads that were not known when the system was created, and excludes any OS that relies primarily on static partitioning.In short, “Is this used for its own development?” is a very good test to distinguish operating systems that are general-purpose from those that are not.  Most general-purpose OSs do not focus on security and most secure OSs are not general-purpose.  Qubes OS is both secure _and_ general-purpose, and only another secure general-purpose OS can truly be a competitor to it.