A long time ago I was quite “technical”, deeply focused on system mechanics, and almost unaware of those using the systems I was tasked with maintaining. Such is the life of the mildly autistic young engineer.
Today about four out of every five people I talk to see me as some sort of expert, and for them I am - because I will listen carefully, “ride along” while they work, evaluate tools and methods, and I am absolutely relentless when it comes to heading off trouble. But I am much closer to the end of my career than the beginning, so I try to find places where young people are solving complex problems, and I pick through what they’re doing with an eye on what those in the field can actually use.
This thread caught my eye because it 1) appeared to be a issue in the foundation Qubes 2) that would only affect those in the most dangerous of places 3) but which could be remediated by scrubbing dom0.
Reading further, I find this one has been talked to death long ago, the vulnerabilities are such that other terrible things will have happened before it’s exploitable, and the long term plan is replacing Fedora dom0 with Alpine, or perhaps an Qubes internal minimalist distro.
So while the reason this thread exists IS a problem, it’s already well understood, it’s highly unlikely to be an operational issue, and the project managers have a solution on the roadmap. The audience to whom I am responsible do not need to worry about this.
Qubes is an absolute riot of innovation, and conversations like this are part of that. But another part of this riotous environment is that people who should be using Qubes aren’t, because if I’m puzzling over what to do and why, a South American journalist or Ukrainian refugee will simply throw up their hands and keep using what’s familiar.
I am grateful for the amazing work that’s been done on Qubes, but I see a lot of need for clarification and standardization, too.