Do you isolate different aspects of your computer activities to improve security?
For example, if you install a game on Steam, the creator of that game now has full access to all your personal files, which might not be the most ideal of situations.
The same goes for any other software of course. That NPM library you just installed? Well, it can copy your SSH keys, and so on.
@loke I use 'firejail' in Linux for Firefox, and snap does it for Chromium, both utilize the kernel container system (aka namespace isolation). Any programs which requires internet to function. Sure, VM isolation is safer, I use that for anything Windows related, but also takes a lot more RAM to run practically.
@loke Yes, I contacted Qubes OS, specifically Joanna Rutkowska (founder) several years ago because it looked so promising except that they rely on rpm packages and updates which could compromise everything, and eventually it did: https://www.qubes-os.org/news/2021/03/19/qsb-067/
@loke Found the tweet to Joanna (QubesOS founder) from 2016, no mention of RPM there specifically (might have done that via email), but the dom0 update part: https://twitter.com/modrobert/status/793406741925007360
@loke In general I think the threat has changed the past decade from being blackhat hackers doing things to government hacking directly through APT groups (https://en.wikipedia.org/wiki/Advanced_persistent_threat) and otherwise government sponsored groups/individuals, their focus is different, and so are their methods. I think central package handling systems and repositories are at risk now more than ever. Their focus are on spyware and backdoors. We need a smart system where binaries can be matched with open source code and checksums stored immutable against blockchain or similar tech.
@modrobert VM's does use more memory, which is something Qubes OS obviously also suffer from. A Qubes OS system is note really usable unless you have 16 GB RAM, and you definitely want more than that.