Moving away from Qubes OS

I boiled down the pros and cons of Qubes vs other Linux distros to this: Qubes has way better security, even if I just use a few qubes I suppose, and it’s easy to improve on this security. But distros are better in every other way.

  • Even when I used Qubes with XFCE on my T480, I couldn’t open two you tube videos and play one of them without freezing firefox most of the time. Even if it magically didn’t freeze, it was slow with videos. Specified intel drivers.
  • Qubes isn’t reliable enough to have video conferences since it relies on the CPU for graphics stuff, again for security reasons but that sucks. I either bring another computer, or bring an internal SSD with an adapter that has another OS on it. But that breaks up my workflow.
  • The sites I want to use may have too much sidebars or something so it’s also laggy (but usable) on Qubes. Brave is smoother than firefox.
  • And just the other day, my whole system froze. That has only happened maybe three other times within a year, but that just adds more to the sort of negative experience.
  • Yeah there’s the bad battery life but, back when I had a T480 that did charge, I just changed the built-in thresholds.

I’m fond of Qubes OS, but I don’t really have the time or patience to optimize or fix these problems anymore. So why do you stick around with Qubes? What’s your use case? Are there any decent and mature alternatives to Qubes? (That’s not tails or Whonix)

Sounds like you could be using the default driver, did you configure xorg to use the intel hardware?

I have no problems with video playback on my T480.

1 Like

Well now I’m on a HP Elitebook 840 G5. I guess I’ll look into configuring xorg anyway, thanks. My current computer actually has perfect suspension, hibernation, and the screen turns on in about a second without any troubleshooting, unlike my T480…

How many videos can you open in firefox (and play one at a time) without lag?

Dou you happen to have a resource/how-to for this? It sounds exactly like the issue that I am having with a T470. YouTube is absolutely unusable.

Edit: to answer the original author’s questions:

At work we build our entire security concept around Qubes. Admittedly, we are a very small company (around 10 people) and therefore it is feasible to manually set everything up. As an IT security company we feel that Qubes gives us the control and isolation that we need to operate securely. For meetings, presentstions and some special purpose work we use dedicated Laptops, often with Windows. To some that might be bothering.

As a private person however, I have also migrated away from Qubes. For me it was recurring issues with my E495, which uses a modern AMD processor und just seems to not be supported well by Xen. I would have loved to use Qubes privately. I think it is the best option for strong segmentation through virtualization that currently exists. And that’s something that neither Tails nor Whonix aim to be, so I wouldn’t even consider them alternatives.

1 Like

You need to run sudo xorg :1 -configure and copy /root/xorg.conf.new to /etc/X11/xorg.conf

You can double-check the driver option in xorg.conf, to make sure if matches your actually hardware, but normally it will auto-detect the correct driver.

2 Likes

The only way forward for Qubes OS on laptops - is to use modern 11/12-Gen Intel CPUs or AMD alternatives. Those can run youtube in 1080pX2 properly.

I do not have that, probably also a problem of outdated CPU of T480.
The recommended list of laptops should definitely be modified to avoid outdated devices.

At least to limit applications of internet (GNU/Linux still has no proper per-application firewall, 20 years passed and none, Windows has dozens). And limit other activities. E.g. when you enter password in keepass or copy password of anything to the clipboard - all applications has access to it. For me that is unacceptable level of lacking simplest, basic security from GNU/Linux.

None that I know of. A couple of projects existed in beta stages but died. I also do not understand why some people wrongly consider Tails to be an alternative to Qubes OS as it is VERY not a one.

1 Like

I just tried starting Firefox 10 times with all 10 browsers playing a YouTube video, maybe there was a slight lag at times, but it wasn’t bad.

My $0.02

How video playback from a centralized service becomes a measure of value of very flexible, security conscious distro bewilders me, truly.

1 Like

Personally I’ve found downloading vids, either in the browser with invidious or in the terminal with youtube-dl, is usually very efficient and avoids lagging altogether. Downloading is just as fast in my T430 Qubes machine as it is in MacOS. I’ve only ever noticed lagging while streaming over Tor, which is to be expected.

1 Like

It’s an easy indicator of performance. If the system can not even handle two videos, it’s likely to run slowly just loading some web pages. If it can’t even handle one, it’s worse than that.

I just fixed it by adding 20-intel.conf in /etc/X11/xorg.conf.d/and writing generic Intel statements. You can find how-tos with that keyword.

Video playback is laggy when I use mpv though and I don’t really feel like fixing that… The only way to genuinely get better performance is buying yet another laptop with a better CPU.

But what about video conferences? And by that I mean Zoom.

I’ve only used VLC and have never experienced lagging (T430 or gen7 Carbon X1), so it doesn’t seem like a CPU issue.

My D used zoom on her T430 and experienced occasional video lags, but never anything that distracting or bothersome. It has been over a year now though, so I can’t vouch for more recent versions of zoom on Qubes.

I can respect that. Everyone has to judge for themselves what trade offs between comfort, usability, security and privacy are appropriate for their own situations. I had some rough spots myself recently during which I contemplated giving into the “feudal security” approach and return to Mac / OS X.

Ultimately for me this won’t work because Qubes OS has opened a whole new world of how I use computers to me that goes far beyond the security / compartmentalization aspect of it. Your situation might differ.

Beyond the obvious security benefits it’s the ability to have a whole laboratory of computers in one. Yes I could run VirtualBox or Parallels or whatever on the Mac but it would never approach the level of integration and goodness I get with Qubes OS.

I deal with many different projects that all need their own specific versions of stuff and environment. The only way to deal with that and not loose sanity are VMs.

Standard office stuff: emails, documents, lots of Teams and WebEx meetings, code reviews, embedded development. … definitely no YouTube / HD videos. If that were an itch of mine I’d get a $200 Android tablet and call it a day.

Not sure you can get your hands on SecureView although they do list “Business” and “Education”.

Yep. :slight_smile:

If that’s the “make it or break it” use case, why bother with Qubes OS?

Well, the premise is flawed. You can have fluid video playback in Qubes OS, even on 10+ year old hardware. But it might not be “out of the box” and not with every “box”. That’s the actual complaint here as I see it: that it can be exceedingly difficult to get Qubes OS to run to ones satisfaction on a specific piece of hardware. That’s neither new nor anything we hide. It just is.

3 Likes

OK, fair enough; I withdraw my comment. Still, if one IS trying to watch YouTube videos (and I do do that, in disposable split-browser qubes) it’s nice to know you can handle multiples of them if you can.

And yes, we all seem to have our situations where fussy hardware causes issues. Just for instance, I never did get sys-audio to do a damned thing, though I may give it another go. And since I am going all-in putting QubesOS on my laptop as well as my desktop system, I will see if that works better.

It’s very straightforward to fix though: mpv --vo=x11

The manpage recommends to combine it with --profile=sw-fast but I haven’t seen that make a noticeable difference.

1 Like

Qubes claims to a single user desktop system, I don’t think it’s unreasonable to assume that a desktop system handle video streaming, any other desktop system has been able to do this for +10 years.

That said, I have used qubes on 3 laptops and 2 desktop system, and video has worked without any issue on all of them.

Let’s break it down what’s going on when you play a video in YouTube:

  • your choice of template OS, your choice of browser, how much memory you assigned
  • how many other qubes are running and how much CPU they are consuming
  • software based rendering into a shared buffer
  • that shared buffer is then rendered in dom0 or sys-gui using the driver/hardware available

I ran Qubes OS so far on three different computers: a DELL laptop (R3.2), a ThinkPad P51 and a ThinkPad T430. One should reasonably expect that the far new, much faster laptop (P51) would show better video performance then say the 10+ year old T430. But that’s not the case.

Is this a Qubes OS issue? A driver issue? A Fedora issue? Did I monkey it up by template/browser/memory choice?

It’s complex. If you run on a bare metal box with Linux/Windows/Mac you don’t have these issues, because you have direct hardware access and the OS can control how much CPU goes to the other processes. Of course it’ll be smoother there. But what about security? … compartmentalization?

My point: all this grandstanding about what one should be able to expect is besides the point… because you simply can’t compare those other systems to Qubes OS. They are not the same thing. They don’t work the same way. Hence you got interested in Qubes OS in the first place – right?

4 Likes

I don’t know how hard or easy video playback is in a VM, maybe the rendering is more complex in Qubes OS, but it works in every other VM I use.

Not working in the same way doesn’t mean broken and expect nothing to work, I absolutely do think that people should expect to largely be able to do everyday tasks in Qubes OS as they would in Linux.

Qubes doesn’t have the same hardware support, and there are limitations and added complexity from the virtualization, I don’t think you should expect something like video playback to not work.

Maybe this is a glass half full or half empty situation, but I believe YouTube not working to be the exception, not the norm.

Did you switch between templates to rule out the possibility that a missing or bad driver happened to be shipped with the template that you are currently using? There was a time when I found video playback in fedora-based VMs was extremely laggy, but in debian-based it was quite smooth.

The problem with your visiting websites being slow is probably due to those websites having too many effects and JS scripts, and the CPU rendering nature of QubesOS. You can try with NoScript enabled, or uMatrix if you want some of its effects to work, and test if that makes the website render faster.