|| Phlog 30 - Qubes! || || || || || ancient Devuan MacBook Air || || Kitchen Table || I first read about QubesOS after looking up what OS to put on a spare laptop to experiment with. After reading the docs and Solene's articles, I was pretty excited to try it. The elevator pitch is that it's similar to running a VM on your desktop machine, but what if everything was sandboxed including your networking, firewall and peripherals? It's a pretty fascinating concept and it honestly works in practice. The install isn't crazy difficult at all and the templates included are enough to get started and working. Organizing Qubes is basically up to you - want one for emulators and Linux gaming? Perfect! Build one just for that which you can run beside a work-centric Qube that's locked down where they won't affect one another. Want to build a new firewall Qube to use instead of the built-in template? There's an option on new Qube buid to have them provide traffic. Along with these separate Qubes that are either stand-alone or based on a template, there's also the option to fire up a disposable Qube to test something you're unsure of or just flat out do not trust. This particular install was on a Thinkpad X220 - not overly powerful, but I was still able to run 3 Qubes alongside the whonix, firewall and USB Qubes that run in the background. With a larger-spec desktop or laptop, you should be able to run more comfortably. Differences I noticed vs. a regular machine with Virtualbox or VMware Workstation + Things are really and truly segmented away from each other - devices need to be presented to the Qube to use them and low level things like networking and system things can't accidentally be exposed to the Qube (at least not without some config tinkering, as far as I could see?) One of my favorite touches is the color coding that's consistent from the color of the Qube's stats in the Qubes Manager to the border of the window of each of the Qube's applications. Qubes that have been compromised still can't pretend to be a Dom 0 window as its color is reserved or pretend to be a system dialog as those are a unique color as well. Even if something malicious tries to pop up a fake window, you'll know which Qube it's originaing from. + The Dom 0 hypervisor layer is safely tucked away from the Qubes its hosting but things like wifi, networking and a system-wide clipboard service are shared nicely + The Qubes Manager is an incredbly polished, one-stop tool to adjust settings, resources and verify if a Qube is running, stalled, etc. Again, the color coding is wonderful! - Setting up apps and web services that need camera/microphone access is a bit of trial & error exercise - a lot of this was probably user error on my part but it was an extra step or 3 to get jitsi & Zoom (I didn't try Slack or Teams) working correctly. I'm thinking I'll just keep a dedicated Qube for these with some scripts and everything configured just so. +/- Depending on how hardcore a Linux gamer you are, you may or may not find Qubes to your liking. Settings up an "emulation" Qube was fun and easy and everything up to SNES- ish generation worked well (I'm old.) Steam works without any hassle. I played around with some older DOS-era games and Sierra & Lucas Arts point-and-click goodness and was impressed. This is a great setup for me; if you're after bleeding-edge 3D stuff like Cyberpunk, Baldur's Gate II, etc. you may need to keep Linux on your gaming machine. Day to day this was very easy to setup and use for work and office and even some light gaming tasks. I'm not a dev other than some lazy Admin scripting so I can't speak to how well QubesOS would be as a Dev machine - I can see some fun possibilities of running a development environment and some tests Qubes, though. Getting on wifi at home, work and public stops was as easy as any other OS. Most everything is prety easy to figure out and configure, but should you want to add more security or apply a non-standard config the documentation on the QubesOS site (linked below) is really, really well done! I can see this as a Daily Driver laptop, especially while traveling and haven't found anything I've been hamstrung by using QubesOS yet. QubesOS https://www.qubes-os.org/ HCL https://www.qubes-os.org/hcl/ Solene's Article https://dataswamp.org/~solene/2023-06-17-qubes-os-why.html QubesOS Documentation https://www.qubes-os.org/doc/#project-security Gaming with a GPU in QubesOS https://forum.qubes-os.org/t/is-qubes-viable-for-gaming/7572