What Is Qubes OS?

Anyone use this as a daily driver? I tried installing it and it crashed on first run. Should have looked at the list of compatible laptop models first. It’s a bit overkill for my needs. My threat model doesn’t require me to spawn a disposable Fedora VM just to read a PDF document. I just open a PDF in Google Docs.

I tried probably half a year ago, and it installed fine, but I just couldn't wrap my head around how to use it right.

Daily driving for years now. Only thing to really keep in mind is having sufficient RAM. Otherwise, it's great for development. You can keep TemplateVMs for all of your development environments and tear them up and down, duplicate them, assign to a VPN, etc. Not good if you need GPU acceleration for anything, but some people have worked on GPU passthrough.

I have in the past before I became bound to doing windows-compatible development. It was actually really great. I didn't hate it at all.

I liked the ability to run multiple linux distros and a windows 7 VM for stuff that needed that, but scrubbing PDFs I think is one of those underrated things considering how much malware comes in through those. Like I would rather not do that in a docker container of all broken condoms. Right now I just have a seperate computer to take care of that. I'd probably use qubes if I had an intel laptop as my daily driver again.

Oh and the only other thing was laptop battery life. Maybe an hour and a half tops.

Yeah 16gigs+ is what you want here. Not rare in modern computers.

same here. the entry bar is really high on qubes.

I have for about five years. Install has been fine for me across three laptops (various ThinkPads), with the caveat that I chose models known to work well with linux (you’re booting into fedora, which runs Xen as dom0). Also, the one time I had to do a lot of work was when I bought a newly released version of a laptop; a few months later I upgraded to a later version of Qubes and it installed normally.

There is an up front investment in figuring out how to partition your computer use/apps into VMs and then setting up the VMs. If you’re not already a Linux user there is also the usual learning curve of switching to Linux (most qubes users use mostly Linux vms, windows takes more work to get going, I have windows 10 working but it took some effort).

I absolutely love the disposable VM model. I do all my web surfing (except some financial sites) in disposable VMs and cannot fathom going back to downloading and executing untrusted code (JavaScript) outside a dispVM. Similarly, I cannot imagine opening documents from untrusted third parties outside a vm of some sort. Even software I don’t fully trust (e.g. Zoom, bluRay ripping software) I like to run in disposable VMs or at least their own dedicated vm.

Qubes is like any other specialized tool - it’s worth investing the time if what it offers (security and privacy) is something you especially value. Having seen supposedly exotic and advanced threats become more commonplace over the last 20 years I think we all will end up using systems to some extent similar to Qubes, at least inspired by Qubes. Some of what’s not in your threat model today will be, eventually. The only question is how much.

In practical terms, it is in some ways like going from having one computer to having a network of computers. You do become something of a sysadmin. There is some pain there especially up front but I am at the point where I am expert enough that the ongoing time and pain investment is quite minimal.

More than anything, I feel completely exposed on other OSes. I wish other operating systems (like macOS) would steal the best ideas from qubes. For example, let people open files in disposable VMs when they want to, and cause this to happen by default for downloaded files, and by default have people surf the web in the rough, more seamless equivalent of a disposable VM, possibly with some carve outs for ease of use (like make it almost transparent, with some red flag, to move downloads out of the browser vm, and do likewise with uploads). Also, Qubes has “vaults,” which are just VMs with no internet where you put your most sensitive files; I put basically all my files there because they really don’t need live internet. You could translate this on a “regular” OS into some kind of area that’s extra protected from other processes somehow. For example unprompted access to files in the vault would require explicit authorization, and files in the vault could not cause network connections by default. Something along those lines.

I have been using it for over 5 years for all personal things like email, banking, and paying bills. Once you find good hardware for the OS, it runs very well, but you either need a lot of memory or to close each VM as soon as you're done with it and run only one-two VMs at a time. I would say minimum of 16 GB RAM with 32-64 GB preferred.

Works fine on an older ex-windows laptop, repurposed for throwaway VMs, trying things... Could not get it to run on a 2015 MacBook Pro, would be using it more if I had.

I couldn't agree more. Secure computing adoption requires easy usability.

We helped push technical adoption through skeuomorphic design patterns, but left engineers to figure out how to educate users on permissibility. That's a failure on us as an industry. We should be building to keep people safe from the dangers we all know about FIRST, then and only then should we build the access controls to allow access to other resources and interoperability.

I feel like chromiumos is the closest we have to a mainstream solution for this, but a combination of Nix and Qubes would be even better.

Writing from Qubes right now. x230 with 16gb ram and it runs just fine. Still figuring some things out tho.

I do. I use it in a Librem 15v4, with 32GB of RAM.

It's not only about threats, it's pretty convenient. I do all my dd operations, feeling confident a mistake won't wipe out my HDD. I have a work vm and a personal vm (and many more), and I can share full screen on my work vm knowing that all personal windows are hidden.

I have files and programs organized by vms. I can try installing new applications in a disposable vm knowing well that all their files will be wiped out when I close the vm.

Using Qubes over a year on my personal laptop, I found 16GB to be too fussy and I constantly had to fiddle with VM RAM sizes. I would recommend 32GB.

https://spectrum-os.org/ at least in its goals and design looks promising in that regard.

One can also ask for help on the Qubes forum: https://forum.qubes-os.org.

My super-short introduction: https://forum.qubes-os.org/t/newbie-tutorial-s/9349/4

You simply do everything in virtual machines. Here is why: https://forum.qubes-os.org/t/how-to-pitch-qubes-os/4499/15

how does it cope with multi-monitor setups?

I put 64gb ram in a librem 14. Cost around $200. The only thing I feel is lack of GPU. The hardware all works great. (The librem build itself is meh, but it all works perfectly with qubes without any tinkering.)

An external screen works fine for me. It's just xfce (or KDE).