Qubes OS
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
Qubes OS claims to be the most secure OS in existence.
>Separate VM for everything on your computer
>Every program runs on a VM
>Claims to have superior control over VMs
Is it overkill? Is it worth it? Why bother?
Discuss
I'm genuinely surprised i haven't seen a thread about this before.
bump
>>54354328
>>54354224
https://www.whonix.org/wiki/Comparison_with_Others
it's based on ubuntu?
>>54354594
Tehnically it's based on Xen, it's up to you to add any templates you want
Whonix, Debian and Fedora are the base templates but I've seen people running Windows 10 on Qubes so I wouldn't be surprised if Ubuntu works
Do you think bug companies run every program they use on bare metal? Running everything in VM's in case of fuckups and security is standard practice in the IT world. Sure if you don't have enough SysAdmins in your team, and you lack the experience then go for it but otherwise just use something else.
>>54354224
It is nice but also utterly painful to use. The devs appear to hate any kind of usability, and absolutely will not compromise any security for usability either.
Things like video card, web cam, any USB device that isn't basic file transfer will not work. (Or will not work without huge amount of effort).
I appreciate the effort, but it's only really worth it if (A) you have a serious reason for security, and (B) you can survive with very basic hardware support
I would love to see a "lite" version of this with full hw support in dom0, but the nice integrated VMs for say casual browsing and anything that doesn't require much hw support.
>>54354224
New hardware is backdoored so who cares, also xen can still have vulns.
>>54354224
It's the coolest OS around. It allows you to have arch's up-to-date programs alongside debian programs, there is never any library conflict and you can have however many versions of any packages you want. Plus, there's the actual separation going on, and autorouting through arbitrary gateways like whonix of all programs transparently, just a button click away.
The only reason not to use it for everyday use is that it actually virtualizes everything and there's no lightweight virtenv available yet (e.g. openvz support is only theoretical), so your hardware is isolated (a good thing for security but not usability) and gpu passthrough is inconvenient (but still works interestingly well due to the architecture of the OS).
Another major flaw it has is that it's based on fedora (so, systemd et al. - anything running pid1 on that kind of setup is a recipe for disaster), and I think you simply can't use arbitrary DEs or WMs because they absolutely want to show muh borders and to prevent fullscreen without an special option being given.
>>54356101
>Things like video card, web cam, any USB device that isn't basic file transfer will not work.
Literally add 2 lines in your templatevm config.
>>54357585
can you provide an example please
I use it as the main OS on my desktop currently, but I think I'm going to switch soon. It just does an awful job at managing partitions across disks.
I have a small SSD, a moderate size SSD, and a large HDD. I want to keep / and /boot on the small SSD, /home on the moderate SSD, and ~/Downloads on the large HDD. But afaict, there's no way to get this working in Qubes. Even if I explicitly set up my partitions this way in another distro, because it's just Xen, once you're in one of your VMs, all three drives are just one partition, or 2 of them don't exist.
>>54354224
>Every program runs on a VM
Sounds really secure. Also really restrictive and inefficient.
