Live Kicksecure with Live VM
A live Kicksecure host cannot run a VM.
Is it possible to develop a fully stateless system that would function with a live Kicksecure host running a live Whonix VM (set to Immutable in Virtual Box)?
See image of error message here:
– drive. proton. me /urls/ ATVJSDRBS0#2L5gpa2yNrUJ
– drive. proton. me /urls/ PMZPCBGZA0#j0B4BZFjRiAx
(FYI, KVM seems the more secure virtualization technology to me since I have seen Oracle’s software crash many times on Fedora hosts. But I understand the Company’s expertise can come in handy from time to time.)
A few additional security observations:
‘hardened-kernel’ is a highly appreciated feature in Kicksecure.
wiki/Hardened-kernel
Other software is far more susceptible to kernel crashes. For example, both Qubes (Fedora Dom0) and Graphene OS have observable soft-spots in their kernel and it would be very unfortunate if one stored a wallet with Amethyst, etc (Android) or in a weak Fedora host. Building Mobian on Pine64 towards a mobile Kicksecure spin would be awesome for secure mobile crypto wallets that could interact with POS IRL
forum qubes-os org /t/ vm-sigkill-at-will-d-bus-broker-service-and-qubesd-fail-to-boot-attack-disables-qubes-updater/30344
– drive. proton. me /urls/ T0VY01P1E4#jr2QDZ4xppax
– drive. proton. me /urls/ YK1ASHFKWM#ghFIFlLQ5FnQ
- virtualization not strong - i.e. rpc and qrexec really all connected
article / 10.1007/s41870-019-00294-x
Native sandboxing like Firejail is also a good place to direct one’s efforts in developing Kicksecure. https:/ /www. kicksecure. com/wiki/Sandbox-app-launcher
After extensive testing, it would appear that the MAC control and permission hardening paradigm of TAILS is stronger than the compartmentalization and isolation through virtualization strategy of Qubes OS.
Dual Strength Tor Level options – If one takes a look at Nym (Chaum mixnet - Free Haven whitepapers) VPN, you can see that there is a Wireguard level and a mixnet level for secure messaging and confidential layer blockchain. I would recommend something similar if not handled on an app-by-app basis for levels of tor: one layer with Vanguards and another layer for low-latency tor.
Kloak - keystroke anonymization is also a very interesting Kicksecure feature under development that is not offered in any other major distribution.