Good day,
I’m sorry, but I’ll have to get slightly unfriendly now.
If you recall, in December we had a very similar situation with you: Lana's Linux Security Education
You are blissfully unaware of some of the most basic aspects of CS, development, modern security concepts, cryptography, projects planning, execution, the way the Linux kernel has been designed, as well as open source and what it entails in regard to adopting new features and ideas in general.
Furthermore, you seem to lack even the most basic knowledge needed to even understand some of the things you believe you are able to cover properly. As can be seen by previous discussion in this thread: Own Whonix for ten minutes. you appear to only spent a minuscule amount of time researching the things you try to discuss without knowing any details about them, as can be seen by your attempt to bring projects like Linux from Scratch into this, something I’m assuming you only found via Google a few minutes ago. Furthermore, you didn’t even know anything about basic compilation before I attempted to explain it (though I believe you still don’t know what it is, seeing how/what you write).
Furthermore, if we look back, you did maintain the (unreasonable) believe that the Linux kernel in itself was insecure, something I tried to explain to you though you didn’t reply: Lana's Linux Security Education - #4 by Ego
Did you change your opinion on “having to rewrite the kernel in its entirety”?!
Next up, Whonix is an OPEN SOURCE PROJECT. That means, you may use, change, modify and redistribute the source code used by Whonix in a lot of ways. However, you are not, under any circumstances in the position to even assume that any request you have (especially a ridiculous one like this) will be honored. Maybe, if you ask kindly and do a major amount of initial work yourself, we will be able to help you. But I doubt it, seeing how you think having drawn a few boxes with some of the most simple, basic and not in any way new security terms constitutes as a concept.
This is what we call a concept: https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
Extensive, well worded and reasonable as well as easy to follow.
Next up, let’s cover your argument against Qubes. You claim that you:
So? Nobody cares. Even if your “concept” for lack of a better word was better than Qubes (it isn’t) there would still be a reason to maintain compatibility.
Adding to all of that, you COMPLAINT in your “own Whonix in 10 minutes” thread that the Whonix documentation was to long. If you would know even the first thing about CS, coding, forking or cryptography, you wouldn’t even say that as a joke. If you want to modify software, there CANNOT be an extensive enough documentation.
Last but not least, your “concept” is plain bad. Look at Qubes. Look at their source code. Or at least, read the paper I linked above.
Their system is more than “just a host”. It protects from a host of hardware attacks. It protects your networking card. It lets you have multiple Qubes for different things, not just one Workstation and Gateway. It keeps your networking, USB devices, firewall and clipboard separate while still giving you as a user the ability to access all of them, if required.
All of these things are not really a “thing” in your “concept” which is, again, nothing new, just a host running KVM. Because, almost all the things (actually just THREE) you set to “add” to the host add ZERO security for a Whonix-Workstation as that is in any case SEPERATE FROM THE HOST. If you had read our HOMEPAGE, you’d know that. Only OpenVPN would have an effect, as to hide Tor from your ISP.
But that’s not all because:
YOUR “CONCEPT” WEAKENS ITSELF
If you go to all that extent of trying to lock out other programs, why do you then allow SELinux or AppArmor to run Tor? Why do you need it on the host? If you go to all that extent of locking down things, why leave that?
But wait, there is more! Because, and I cannot write this in a large enough font:
YOUR “CONCEPT” ACTUALLY HARMS SECURITY SEVERLY MAKING ATTACKS ON THE HOST EASIER!
You simply said “lets “lock down” everything not related to Tor/VM” right? Well, you also would lock down UPDATES! Great job! Makes the host a very easy target. And, as you probably know, once you have the host, it’s over…
I am very sorry if that was a bit mean now, but you see, I can somewhat tell when a user lacks the knowledge or ability to understand certain topics. Now, that is completely fine, we are after all here to learn. However, when a user displays not only a fundamental lack of basic knowledge, but also a massive amount of unjustified arrogance, thinks he/she has any right to tell maintainers of an OPEN project what to do and how to do it and is completely unwilling to educate him/herself, learn anything or accept the input from others, that is when even I am starting to become a bit impatient.
Have a nice day,
Ego