I love Qubes a lot, I daily drove it for a few years and still have it on a laptop. but i would not recommend it even to most technical people, mainly because you forfeit the ability to run things on bare metal. "dom0" is the same as on normal xen - it is a VM and has the associated overhead still. On top of that, the official Qubes dom0 runs a very outdated fedora version.
I am instead writing my own code to automate libvirt to replicate much of Qubes' functionality (ephemeral roots for vms, disposable vm support, GUI isolation) so i can still have Qubes security for most of my apps but fully exercise my hardware when I want.
There are also some minor criticisms i have of Qubes' default, mainly that appvms have passwordless sudo by default and less importantly, no MAC such as apparmor. Passwordless sudo arguably makes it somewhat easier to break out of the VM and no in-vm sandboxing means you have to run every in a separate VM unless you want to set that up yourself.
For example i don't really want my work thunderbird to have access to my work browser, so a single "work" domain isn't enough for me.
replies(4):