But this is far too complex for users to property contextualize. The problem is, the word compromise (also meaning "I got hacked") is very close to compromised. The compromise here implies "less secure". And yes, it might be "less secure".
The fallacious interpretation is "then better don't use it". Less secure than what? Less secure than not using GUI domain at all? No.
What the real ordering from best to worst security is, as far as I understand is the following:
Here, we describe how to setup sys-gui that we call hybrid mode or referenced as a compromise solution in GUI domain.
The next source of confusion exaggerating this issue is the word passthrough which is easily understood and already tagged as a negative word in this context. This is because quote .
Attaching a PCI device to a qube has serious security implications.
PCI passthrough and GPU passthrough are historically have often been usability features. Not security features.
Using PCI passthrough has been used as a compromise to make certain devices work Or GPU passthrough might be useful for graphically intense applications such as gaming.
However, using passthrough of devices to a dedicated VMs sys-gui / sys-audio is a security feature, not a usability feature.
Qubes documentation is very technical but it lacks contextualization of the very essentials for laymen. These are easy to add. I can send some pull requests.
Instead of compromise I would suggest words such as reasonable or feasible. The compromise solution could be renamed to the hybrid solution.
adrelanos
commented
6 months ago
Quote https://www.qubes-os.org/news/2020/03/18/gui-domain/#the-compromise-solution
This can cause a lot of confusion.
I can follow your train of thought in the blog post.
GPU passthrough: the perfect-world desktop solutionVirtual server: the perfect remote solutionThe compromise solutionBut this is far too complex for users to property contextualize. The problem is, the word
compromise(also meaning "I got hacked") is very close tocompromised. Thecompromisehere implies "less secure". And yes, it might be "less secure".The fallacious interpretation is "then better don't use it". Less secure than what? Less secure than not using GUI domain at all? No.
What the real ordering from best to worst security is, as far as I understand is the following:
GPU passthrough: the perfect-world desktop solutionVirtual server: the perfect remote solutionThe compromise solutionThis also seems weird
compromise solutionis used in the following context:Quote https://www.qubes-os.org/doc/gui-domain/
The next source of confusion exaggerating this issue is the word
passthroughwhich is easily understood and already tagged as a negative word in this context. This is because quote .PCI passthrough and GPU passthrough are historically have often been usability features. Not security features.
Using PCI passthrough has been used as a compromise to make certain devices work Or GPU passthrough might be useful for graphically intense applications such as gaming.
However, using passthrough of devices to a dedicated VMs
sys-gui/sys-audiois a security feature, not a usability feature.Qubes documentation is very technical but it lacks contextualization of the very essentials for laymen. These are easy to add. I can send some pull requests.
Instead of
compromiseI would suggest words such asreasonableorfeasible. Thecompromise solutioncould be renamed to thehybrid solution.Please correct me if my understanding is wrong.