And just as I was hoping for when I first found out about Qubes - It already seems perfect! The concept of Qubes OS is everything I’ve ever wanted when I think about how I use the internet, and I finally found an OS that accommodates that desire and need. After getting over some initial bugs, it’s easy for me to navigate and look up info, and I’m already pretty comfortable using it and whatnot.
Here’s the thing though. I’m pretty nervous to make the change. I’ve always used Windows as my primary OS my entire life - because it’s the default and everything is designed around it. I had no reason to look at anything besides Windows until recently. Currently, I have Windows and Linux Mint on my primary desktop. I’m concerned about replacing them both in favor of something like Qubes. It’s everything I want, but such a drastic change is hard. I haven’t even really used Linux Mint because I have everything saved on my Windows OS.
It’s not unfounded for me to be nervous about such a change. First, even though I am not a hardcore gamer by any means (I load up a game for 2 hours like every 3 months), having the option to run games at their full specs would be nice.
Second, having to setup Windows as a template and so on doesn’t seem like a simple task and might require additional technical knowledge I’m afraid of messing up. (it’s one thing to mess up on a laptop I don’t care about, it’s different when it’s my primary desktop)
I understand it boils down to what is more important to me and what my goals are.
I guess I’m making this post to hear about people’s experiences from transiting from a different OS to Qubes, and if they feel that change was worth it. Or if you would recommend something to help me decide my choice.
Being nervous at uncertainty isn’t unreasonable. However, I think once you start using Qubes you’ll find it to have been unwarranted (mostly—I say this because I don’t know details). One of the great things about Qubes is that, unless you mess up in dom0, you can very easily start over. There is a lesser-known feature where you can roll back recent changes here:
As far as windows, I bought a new laptop for Qubes and kept my old laptop, but in practice I never used it again. I don’t play games, so maybe that’s different, but it’s usually easy to replace hard drives, so maybe buy a new SSD for Qubes and keep Windows just in case. I’m glad I kept my old laptop because even though I never meaningfully used it again, it was there had something gone terribly wrong.
As for the Windows qube, it is actually pretty easy to install. The current problem is that Qubes Windows Tools is currently a security risk due to driver issues, so it will be very isolated, and without many convenient Qubes features. You won’t be able to passthrough a dGPU to it either, but I think this is in the works IIRC.
Qubes in practice, especially on certified hardware, is pretty stable unless you’re excessively tinkering. My main recommendation is that you use certified hardware (or at the very least commnity recommended hardware–check the HCL) if you don’t want trouble. The main problem with Qubes is the steep learning curve; if you like it and are adjusting well, you shouldn’t be afraid to transition. But still don’t put all your eggs in one basket. Just because Windows is about as attractive as a rat baked in sewage, doesn’t mean it doesn’t have things it’s good at or that Qubes/Linux cannot do. Just make sure to use your hazmat gear. /j
You should be able to passthrough a dGPU to the Windows HVM without Qubes Windows Tools installed. Additionally you may want to passthrough a separate PCI USB controller to the Windows qube to use the USB keyboard/mouse directly in Windows to lower input lag.
The main inconvenience with using Windows with dGPU passthrough is that you have to use KVM switch to connect a single set of display + keyboard + mouse to the dom0/sys-usb or to Windows qube or to have two separate sets of display + keyboard + mouse for dom0/sys-usb and for Windows qube.
I’m a qubenoob and I’m finding it pretty easy. I started off with Windows and Mint in Qubes but have soon found that I’m only opening Windows for windows-specific activities and not really opening Mint at all now I have installed my unix apps into a Debian based qube (both Mint and Ubuntu are Debian based).
Also the community is excellent and the documentation is are rare combination of detailed enough and comprehensible enough. No idea about GPU but I see that has already been answered, just wanted to add my $0.02
It sounds like you already have two computers: one with Qubes and one with Windows. Why not just stick with that setup as long as it meets your needs? You might find that you gravitate toward the Qubes machine for more security-sensitive tasks and the Windows machine for more gaming- and media-related tasks.
Test Windows under Qubes for performance and your main use-cases
Decide whether or not to continue
It sounds like performance and functionality will be the main thing, rather than getting to know Qubes, once you’re at the point of the Windows VM basically working. Then you’re in control of moving individual workloads onto other qubes as/when/if suits you and can tinker and learn without putting your daily work at risk.
It sounds like either you’re concerned about your backup/restore process, or the time it’ll take to set up a working Qubes. Messing with the laptop should give you a decent idea, but having confidence in backup/restore is a must (not Qubes-specific).
With this frequency it’s a shame if there aren’t more options for just renting a separate machine for a day. I don’t want to think through the threat model or economics for that right now, but it could be an interesting conversation to have with local suppliers. If your threat model is quite casual and you’re more about internet privacy than hardware security (they’re not completely separate, though), you could just boot from a separate hard disk.
you could use Geforce Now streaming service if you have enough bandwidth and live “near” a server, they have a ~10€ / day pass if you play once in a while so you can play with full specs. Works on smart TV, android and a web browser with graphical acceleration so not on Qubes OS unfortunately.
I wrote a review of the service. (they also have a free offer to play 1h maximum after waiting a bit in a queue if there are too much demanding for free servers, which is still good enough for occasional gamers).
I might. My primary concern with that concept is that I wouldn’t ever use my laptop over my desktop besides maybe only with security sensitive tasks, but I wouldn’t use it to browse daily on which is where I think Qubes would benefit me the most. When you spend so much $ on your primary computer, any error or delay on anything else feels frustrating, if that makes sense.
One thing that I’ve found so far is that Qubes OS requires full virtualisation. Some processors don’t offer enough virtualisation, and nor do some computers. If a computer doesn’t provide enough virtualisation then Qubes OS just won’t work.
Qubes OS requires a lot of memory to work, about 32 GB. Windows takes about 2 GB for itself, Qubes OS takes 16 GB just to get out of bed. Otherwise it will install on quite old hardware.
Please ensure that you have enough resources, otherwise you will be disappointed.
I can’t say how you’re using your system. But on my 32 GB workstation, Dom0 is taking about 4 GB; USB and networking Qubes about the same. Add it all up, and it’s at least 16 GB. That’s before I run anything else. So I’ve got to wonder if you’re getting a lot of swapping. People have said that swapping is a problem.
My recommendation is to use the Qubes backup tool on a regular basis. Why? You may break something, sure, but in my experience Qubes is pretty hardy as long as what you’re doing is in the documentation. Missteps happen. But more naturally, as you learn and grow with Qubes, you may want to do things differently than with your first time.
Little things like whether or not to use SYS-USB (I do). Or have networking attached to SYS-USB (I don’t). Having the freedom to rebuild your Qubes without losing templates or AppVMs will make adjustments easier. And they’re backups. So good practice.
In my experience with using Qubes, getting it set up and running was really easy. If I wanted a program, I’d start the template, install it, turn it off, and restart my AppVM. I “rearranged my house” as I got comfortable a few times until I settled on an taxonomy that worked well for me.
Finally, welcome to the Qubes Community. In my view, Qubes OS is a premier operating system. Its documentation is first rate, the community is, on the whole, quite helpful, and its security is unparalleled (more of a comment on other OS architectures). I really hope you enjoy using it. I do so much that even when I made a mistake and needed to redo things, I didn’t regret my decision to switch. I hope you have a similar experience.
I could bet if I offered you $100k out of the blue your first reaction would be the same. Rejecting/denial/anger,fear/acceptance. Meaning, it’s normal.
So, I can recommend to read for example
You’ll realize it’s not about Qubes. It’s about us as such.
As implied by the link in the previous post, the amount of memory currently assigned to a VM is not necessarily the amount of memory required. A back-of-the-napkin test follows.
I initially had 8 VMs running: dom0, sys-net, sys-firewall, sys-whonix, sys-usb, a standalone HVM with fixed memory, and 2 normal AppVMs. Each one had roughly 4GiB RAM assigned. I started a bunch of disposables and sys-firewall dropped to about 2.5GiB. However, my upload/download speeds were roughly the same regardless of how much memory sys-firewall had assigned to it (263 down/17 up with 4GiB; 269 down/17up with 2.5GiB) indicating that the drop in assigned memory did not impact the performance metric relevant to that VM’s purpose.
After thinking about it for a while, I feel like this is the best option. I need to look into how to do this, but I feel like it’d give me some time to test it on my primary equipment and see how I like it.
It’s very easy if you watch a couple videos. I’ve worked on many different pieces of hardware, and the only thing you need is to be careful: if it doesn’t move under a little force, it’s not supposed to or you’re doing it wrong. If you follow that you should be fine.