New to Qubes - Wondering how to set things up and other questions

Hello, I am a long time linux user with a strong desire for privacy and security. Qubes always felt like the logical conclusion to that but I just assumed it would be uncomfortable to use.
Just installed it on a flash drive today to test it and as it turns out, it is quite the opposite: I have to give the team a huge compliment on how good the docs are and how simple the installer is. I’ve used various distros before, lastly some more minimal ones because I thought they would have a smaller attack surface, but getting up qubes just felt so extremely comfortable.

My plan now is to try it for a week or so on the flash drive before I decide if I finally want to switch. I only have one laptop with one ssd, so I either have to make a full switch or don’t. Before that, I have some small questions and concerns, maybe someone is willing to give me some insight:
What is the performance like for you? I know that this obviously depends heavily on the type of application, the hardware and so on but right now, everything is pretty slow. I assume that is because of the flash drive and will be better with the NVMe SSD, I just fear that the virtualization will make everything painfully laggy even then. As for my specs, I have lots of of ram and disk space, my CPU however is not the fastest. In day to day work I don’t think this will be a problem, but sometimes I need to cut videos or do some CAD work, not sure if that will be possible. I heard that especially graphics intensive stuff will work not as good, do you think it would be a better solution to have a dualboot with another small distro that I only use for video editing? If so, how can I tell the qubes installer to leave out a small part of my disk and not use everything for the luks container? And regarding the CAD: Has anyone tried using Fusion360 in a Windows qube?

Another thing I am wondering about is whether it makes sense to stick to fedora templates, as most people seem to do, or if there are any benefits to debian apart from personal preference. Is one more resource intensive? And are community templates usually just as reliable and stable as official ones? In that case I might as well use arch.

If you have some time, it would also be great to know how you have set up the various qubes yourself. For me as a newbie, it takes some time getting used to the concept. I yet need to find a satisfying way to split up what has previously been my home directory into multiple VMs. I so far can’t really decide which seperation would make the most sense, there are some files I would need on multiple VMs for sure which makes me wonder how I should best structure that as well as other things. I found this Contents/docs/user-setups at master · Qubes-Community/Contents · GitHub which has been really useful in understanding how others set up qubes, but the more I can read the better I will understand it before trying myself.

What are the problems that bug you the most when using qubes as a daily driver? I read about video conferencing being a bit annoying, but as far as I understand it you simply need to attach webcam and microphone and you’re good to go. I also read a bit about I2P which also sounds a bit annoying to set up but maybe that works better now, I haven’t really had the time to look into it yet. What is most often quoted as the number one problem is the clipboard, which is of course a feature not a bug and wouldn’t really annoy me, I just haven’t really figured out how to copy from a terminal yet since the shortcut is usually ctrl+shift+c which collides with the qubes global shortcut. What did I miss here?

As a last question, are there any active irc channels for qubes users? I prefer that over forums or mailing lists for quick questions. Would be nice if they were accessible for tor users as well.

Thank you if you read up to this point, please don’t feel intimidated by the amount of questions I wrote, if you would just answer one partially that would be of a lot of use to me. I am just very excited to have found a way to use computers again without constantly feeling uneasy about sensitive information and theres a lot of stuff in my head right now. I hope this belongs here, but I thought it was not quite fitting for support either.

Hmm, long post and questions, but I guess most of us don’t have time for long answers. So -in the end- I will try to give some short answers.

• what (after that week with the USB), if you just buy a new SSD and install QubesOS on there and leave your current one untouched to have a way back, if it’s not what you want (after some weeks)?
• performance should be okay, if your machine has a i5 or i7 with (let’s say 8. Generation) and 16GB RAM minimum. Here are people around, who running their Qubes on a i7 3. Gen with 16GB RAM. I decited to start from scratch with a i7 8. Gen. and 64GB RAM, cause I didn’t wanted to do half things…
• I’m not really sure, if you will have the same pleasure with cutting videos, CAD work cause “Graphics intensive stuff won’t work that way you know”. Maybe you should switch back then to your old system on that other SSD…
• Regardless of Fedora or Debian - you always will have the oppotunity to use both systems. You don’t need to decite for only one system…
• I would suggest to run your personal qube the way, you did with your previous system(s), learning to drive Qubes and later split up everyting in the way you think as a result of your learnings… Nobody can use QubesOS in the way it was build for, from start.
• community templates are same reliable as the official ones, as long as they’re updated by the community (and by you on your system).
• problem, what probably bug everyone most is the video/graphic thing - cause it have to be clear, that it’s all about virtual machines. There are ways out, but -at the time- it’s to early to confuse you with those things.
• speaking about IRC channels > there are some Matrix channels about Qubes, the forum here and a Google newsgroup. Thats it for the time and maybe there are some IRC also out there, but I guess, those are not that frequented.

Feel free to use this topic for any further questions. Assume there’s always a good mind around, who will put in some answers…

Not officially, but there are some unofficial ones:

I started Qubes a month or so ago, so no Qubes pro here (although I’m using a Qubes-like Xen system, since 4 years), but I’ll try to answer regarding my experience so far.

• distro Fedora/Debian/others : choosing one or the other seems like on any other VM host, or even any bare metal install. It boils down to software availability and personal preference. As always, use the one you’re most confortable with. The way Qubes uses them is the same from my nooby perspective. It’s just that with exotic distros, you’ll have to create your templates, or use normal/full installs.

• the advice from thegardner about having a secondary SSD makes sense. Or you could use lightweight live distros like Slax, booted from a USB stick, for things that would not work on Qubes, if your hardware and/or software does not cooperate with virtualization.

• for setting up the Qubes, I think there are as much setups as there are people ^^ You’'ll have to think “compartmentalized”. What activities can be mixed, and not ? Only you can answer ! Start with the defaults (work, personal, untrusted) and spread usage later.

• performance wise, it depends on how you use Qubes. If you only fire up a few domUs, and not a lot concurrently, you can be quite amazed. I don’t know all your use cases, but for me, games and firefox are the most RAM intensive … I said games because they may use the system like a CAD software ? You’ll have to enter the tough world of GPU passthrough … And by the way, it’s not a Qubes problem, it’s more general. You’ll have to wander the web about VFIO, libvirt, KVM and Xen experiences (keywords), to check how your hardware reacts. If supported, GPU passthrough is almost like bare metal performance. I converted a bare metal Win7 games install to virtualized, I didn’t see a difference.

• for virtualization in general, RAM is the most wanted ressource, and for Qubes specifically, you’d need a correct SSD, as disposables domUs start and shutdown “all the time”. But don’t hesitate to strip down and monitor the RAM usage of the VMs in Qubes manager. For instance a stripped down Debian can boot @125MB RAM, like the sys-net and sys-fw, or even the vault (but try 300/500Mo first). CPU wise, I have an old Ryzen 1700X pro (Zen 1st gen), it simply works.

• for the clipboard in a terminal, I use the right-click copy/paste, then Qubes shortcuts to pass data. You could also create keyboard shortcuts (but that would a bit defeat the purpose of compartmentalized clipboards). It takes a moment to get used to it, but Ctrl-C/V and Ctrl-Shift-C/V are so close, the habit will come quick. That’s fun when not using Qubes, you’ll double every action ^^

• last thing, take care about some CAD software, I’ve read that some don’t like to run virtualized, there can be some licensing problems.

All of your replies have been really helpful, thanks a lot! This and the last couple of days where I have tried to do a few things in Qubes have reassured me that I am probably going to try installing it as my main os soon. I will comment on a couple of your points:

buy a new SSD

I’m a bit short on money so this is not a possible option right now, I am planning to do a full backup of my current system on an HDD however so that I could still easily go back. I see that having separate drives would also be the more elegant way of having another OS for stuff that doesn’t work too well with Qubes, but unfortunately I have no empty slot in my laptop and switching out the primary SSD is a bit of a hassle.
On the dualboot issue I have done a bit of research, I would accept the risk of firmware modification by a compromised OS but what makes me a bit uncomfortable is the unprotected /boot. Why doesn’t the Qubes installer encrypt this too? It should work with GRUB2, right? I still think I am going to go the dualboot route though, maybe make the second OS airgapped. I still haven’t really found out how to make the Qubes installer let a part of a disk unused, or can I just tell it to use one partition on a disk?

performance

I appreciate your input, my CPU is worse than everything you have quoted (its a i5 but quite a significant bit older than 8. gen) but I will just try it. RAM is not an issue, I have enough. As for graphics intensive applications, GPU passthrough is not an option since I do not even have a dedicated GPU. As you might imagine, video editing and CAD is not a lot of fun even without virtualization, but it works. I don’t need either for work anyways, its just hobby stuff I do occasionally, so even if that doesn’t work perfectly I will probably still be happy with Qubes.

irc channels

Thanks for your suggestions, I haven’t yet looked into them but I will check out the one on liberachat and the matrix channels for sure. I always like learning by reading in those channels how other people solve problems.

debian or fedora

If there is no difference in either performance or security, I will just stick to debian for size of repos, as I have no real experience with either.

ctrl+c in terminal

Right-clicking sounds a bit slow, but I figured out that you can switch Qubes shortcuts to Win+C instead of Ctrl+Shift+C. In that case, it should work with the terminal I think but I yet have to try it myself.

proper compartmentalization and setup

Yes, I think I will just start with less different qubes in the beginning and split them up as I see how it works. I’m still thinking about which qubes exactly I will start with, but of course I agree that this is not a problem you can help me with without knowing the details of my specific computer usage. Work/personal split makes sense, as for untrusted ones I think I should create multiple ones for each piece of software I have to run but don’t trust so the other untrusted machines are not compromised if one is.

As I said, you could install a lightweight OS on USB (aka live persistent).
I mentionned Slax (now Debian based), it starts ridiculously fast and is light on ressources, and the system is writable (on the USB ofc), so you can then install what you need, it will persist.
There are many others, it’s just the one I use for quick repairs ! ^^
Ofc, security-wise, any “parallel” OS could mess with your Qubes GRUB and your firmwares.

Another possibility is you could partition your HDD and install any alternative OS on it. It will be slow, but at least you have that possibility.
I wouldn’t recommend using Qubes from a HDD though.

Concerning partitioning the SSD from the Qubes installer, my experience on R4.1 is that anaconda, the fedora installer, has a few bugs especially with LUKS partitions and/or blivet (reported & confirmed by RH bugtracker), so take care.

While original shortcuts are CTRL+Insert -> SHIFT+Insert and are extremely friendly (one hand doing ALT+TAB, the other one copies and pastes, which is impossible with traditional 3-keys), I’m still confused why people don’t use xfce4-terminal in Qubes and its built-in feature "Automatically copy selection to clipboard"?

Because of this feature, I installed it everywhere.

Sorry to flood, but wanted to say thanks, you just spared me tons of “copy” right-clicks ^^
I’m so used to using the “select to copy → middle-click paste” on *nixes that I never realized xfce4-term was doing it this way ^^ Is it checked by default ?

You are welcome. It’s not checked by default, as I can recall.

This belongs into ‘User Support’ (moved it)