Laan Tungir's avatar
Laan Tungir lt@laantungir.net 1 month ago
FIPS + Qubes-OS GM. Yesterday I integrated FIPS into Qubes-OS. Here is a short description of what each of them does, and the resulting setup. FIPS - a permissionless internet. To get a domain name, you need ask for permission.  To get https, you need to ask for permission. To get an IP address, (the final boss) you need to ask for permission. FIPS is a permissionless internet. You use a nostr address instead of an ip address, and through some cool engineering, you get a permissionless internet. So for example: http://npub1crpldvy49ef8z34wlacwujnfudy4nd7k96aqdx5wgn6ckztz7z8q9t59ud.fips/  gets you to my web page if you are running FIPS, and you don't need permission, and neither do I. We just need nostr addresses.  QUBES-OS - the securest OS. Running agents locally can be a real security issue which is originally why I switched to Qubes-OS. Qubes-OS lets you run several operating systems on one machine, and encloses them in what are called "qubes". You can run whatever OS you want in each qube, all on the same machine, all securely separated and isolated. You can also route internet THROUGH a qube. So a nice example is setting up your vpn in a qube, and use it like the following: image It forces everything you run in Debian to pass through the vpn qube, else no internet. image You can send multiple OSs through the vpn. Turns out you can also create a FIPS qube. That is what I did yesterday, and part of my setup now looks something like this: image You can check out FIPS here:
GitHub
GitHub - jmcorgan/fips: The Free Internetworking Peering System
The Free Internetworking Peering System. Contribute to jmcorgan/fips development by creating an account on GitHub.
 Qubes OS here:
Qubes OS
Qubes OS: A reasonably secure operating system
Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digita...
 Follow FIPS here: @npub1y0gj...00ly Follow the FIPS creators here: @Johnathan Corgan @Arjen If you are going to attempt to do this, point your agent to this repo and it should save you some tokens. There were some gotchas that it took a long time for Claude and Codex to figure out. https://git.laantungir.net/laantungir/fips_setup

Replies (19)

tuco's avatar
tuco 1 month ago
Nice. Tor does something similar. You can open services to one onion address or many
1 replies ↓
Laan Tungir's avatar
Laan Tungir lt@laantungir.net 1 month ago
Absolutely. The advantage FIPS has is that it allows you to utilize the nostr web of trust. Spam is huge problem on privacy networks.
Johnathan Corgan's avatar
Johnathan Corgan 1 month ago
I'll have to take a look at that at some point, thanks for the reference.
Laan Tungir's avatar
Laan Tungir lt@laantungir.net 1 month ago
I got burned a couple of times having restarted a qube, and finding out that the agents saved information in a place where it isn't stored between reboots. I have a really good machine with lots of memory and storage, so I just by default now run full VMs so I don't have to worry about that problem. Maybe someday I will optimize more, but at the moment it isn't worth it to me, being a Qubes newbie and having ample storage and memory.
1 replies ↓