femme Ⓐ Ⓥ 🆓✅Apr 4, 2017

Yikes. https://www.qubes-os.org/news/2017/04/04/qsb-29/

Xen is looking more and more as a liability. Subgraph OS which takes a completely different approach (sandboxing + hardened kernel) has a much better track record with the only vulnerability being dirtycow. Qubes has been affected multiple times due to Xen bugs in recent years: https://www.qubes-os.org/security/xsa/

Show thread\u221e ✅Apr 5, 2017
@femme How does the comparison go when you account for the fact that Subgraph has a much shorter track record?
Show threadfemme Ⓐ Ⓥ 🆓✅Apr 5, 2017
@covalent The first subgraph os alpha was released in march of 2015 and has managed to not be affected by most public linux vulnerabilities (in fact all except dirtycow) as they either require unprivileged namespaces or are thwarted by grsecurity/PaX. Since march of 2015 according to the Qubes Security Bulletins there have been 17 separate issues affecting Qubes and that's not including the issues in the VMs people are running. So it looks really good for the two year old operating system.
Show threadfemme Ⓐ Ⓥ 🆓✅
@covalent 2016*, so one year
Apr 5, 2017 at 2:29amWeb