Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> All OSes in prod today need to be rebuilt from the ground up to be secure for the next century

Qubes OS solves this with hardware virtualization, which is really fast and secure.



Compartmentalization is only a part of the solution. Once you have that finished, you still need to deal with the actual vulnerabilities in guests, which will contain your secrets and be exposed to the internet, one way or another.


Guests don't have to be exposed to the Internet [0] or even run full OSes [1].

[0] https://www.qubes-os.org/doc/how-to-organize-your-qubes/

[1] https://www.qubes-os.org/doc/templates/minimal/


In what way are [1] not “full OSes”? They’re minimal templates, but afaik they still run systemd, the kernel, etc. needed to boot the standard Linux systems they are.

When I clicked the link I was expecting something like a unikernel, eg https://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewa...



> You certainly can run distros without systemd

Does it then become not a full OS anymore? Mirage is what I linked to above.


> Does it then become not a full OS anymore?

Probably not. I mentioned it, because you mentioned systemd. And yes, I saw your Mirage link and showed how you can use it on Qubes.


Qubes is nigh impossible for normal users, even if setup for them. They need extension training and discipline.


If you set it up, users can run anything themselves. Just use the start menu and the apps will automatically run in the corresponding VMs (shown as windows with colored borders).


I set up Qubes OS for and with technical, less-technical and non-technical people and I very much disagree. It only works well for those who are prepared and motivated to learn, and even then, it sometimes can be frustrating.

The copy-pasting between VMs, mentioned in a sibling, requires four steps: (1) copying to the source VM's clipboard, (2) copying to the global clipboard, (3) copying to the destination VM's clipboard, and (4) pasting to the destination. The shortcuts become part of your muscle memory after some use, but until they are, that is just one way in which Qubes gets in the way of productivity.

There are a bunch of minor quirks, often specific to the hardware, which the user needs to learn about and find workarounds for. But if they do, Qubes is probably the most seamless way to work with tons of (well-isolated) VMs. For example, SecureDrop [0] is based on Qubes and does seem to work well for journalists for securely receiving and working with documents from anonymous sources.

[0]: https://securedrop.org/


> and I very much disagree

> The shortcuts become part of your muscle memory after some use

So you agree that it's doable, just that it requires a bit more effort. It's definitely true.

> bunch of minor quirks, often specific to the hardware

Which is why there is a list of recommended hardware: https://forum.qubes-os.org/t/community-recommended-computers...


Anything, except for practical applications that people actually use.

* music production software * discord * games * copy and pasting


Everything that works on Linux will generally work on Qubes, apart from the GPU-heavy applications [0], which will be addressed in the future [1]. Copying and pasting works fine [2]. OK, music production may not be possible at the moment [3].

[0] https://www.qubes-os.org/faq/#can-i-run-applications-like-ga...

[1] https://github.com/QubesOS/qubes-issues/issues/8552

[2] https://www.qubes-os.org/doc/how-to-copy-and-paste-text/

[3] https://forum.qubes-os.org/t/question-quality-of-external-us...


I run LM-Studio and [can run] Siemens PLM NX inside a Windows Server qube. GPU passthrough is no issue for me at least.


Can't comment on music production since I don't produce music (could be the need for realtime).

Discord runs fine both in-browser and in application. Raptor Lake seems to have zero issue with video voice chat, whereas Comet Lake can drag a bit in large rooms without a GPU. Qubes OS makes it dirt easy to multiprofile from all around the world.

I don't really game like others do; eye candy doesn't draw me in, but solving interesting puzzles/challenges does.

Copy & paste is superior in Qubes, skill issue sorry not-sorry. GIT GUD!


> Copy & paste is superior in Qubes, skill issue sorry not-sorry. GIT GUD!

How is it superior? Gamer insults aren't going to win folks over here. They're more likely to cause people to dismiss you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: