I would like to create some discussion here which i didn’t find it on the forum: Do you guys think that Qubes OS is stable enough? You think that if you have installed Qubes today, this same installation will still work after 4-5 years, for example? How much do you guys trust that this same Qubes installation will not die for any software problems and you will lose all your confidential documents?
If we could compare with any regular linux distro Like Debian, Arch, or, even better, with a BSD based system, like OpenBSD, which OS would you trust more to save yours importants documents?
In general: Data availability (and recovery) depends more on your habits (backup, backup, backup) than on the underlying system. That’s why I think your question is a bit misleading. I have never lost a single file in the last 15 years … thanks to 3-2-1 (pull) backups to ZFS servers, snapshots, and long enough backup retention. (No matter which system.) Do you use ECC-RAM? Does your storage have PLP? Do you run some UPS? If not, I think, your infrastructure could be “unstable” from a certain perspective …
I don’t understand the rest of your question. Why compare a type 1 hypervisor to (from a Qubes perspective) template systems? While you could run any of these template systems bare-metal, it’s the hypervisor that takes away the (traditional monolithic) pain of the former.
I mean, imagine that someone can’t do a online backup of some data due to security + privacy. The backup in that case would need to be offline, like a Air-Gapped VM or machine itself. In that case, for example: The person don’t have another disk to store some important data. Some data are so heavy and he can’t store it on a single pendrive. So the person have to trust 100% on the stability of the system that he is using to store these importants data. In that case, Qubes OS.
To compare stability. In theory, Qubes OS is more stable than any regular OS, since everything is compartmentalized. So if some aspect on the system fails or have any stability problem, it wouldn’t affect the Dom0 itself. So, you would just have to fix the problem with the target VM or just create another one. GUI stability problems - sys-gui, Audio driver problems - sys-audio, etc. But, in practice, Qubes OS is really more stable than any of these regular OSes that i mentioned before? How long would its installation lasts?
You could (and should) encrypt backup files. ZFS is encrypted OTF (though one could turn it off). You could (and should) transfer encrypted datasets via replication through ssh. And you should do pull backups (with control files) to prevent “poisoned backups”.
Your installation would probably last as long as you are doing things right. I would start here:
This is probably interesting for you as well:
Although I would guess that an electrical outage, fire/water damage, or hardware failure should be just as much of a concern.
Qubes OS releases are supported for six months after each subsequent major or minor release
As you can see in the table, in reality it is something like 1-4 years (closer to 1 year). In comparison with Debian or Ubuntu LTS, it is on the shorter side.
Considering the average lifetime, out of last four release upgrades, three were possible to upgrade in-place, and only major upgrade from v3 to v4 required full backup and re-install.
Assuming that only major releases require re-install, it is 4-6 years between re-installs (with some issues, i.e. early pre-releases of 4.0 cannot be upgraded to 4.1 in-place)
Subjective
I believe that QubesOS is stable enough as long as you follow the paradigm of not tinkering with dom0.
dom0 is the most important part of the system, it is somewhat minimal, and thus doesn’t receive too many updates. It is unlikely that something will break it.
Apart from that, all your documents should be stored in virtual machines. As long as OSes of these virtual machines are stable, you are fine.
I believe it will work (as long as there are no major releases), but I have a tangent to discuss.
Even if QubesOS works, it doesn’t mean guest OSes behave. Looking at you, FeDoRa.
What is stability, exactly?
If you air gap the system and do nothing, I believe it will work.
If you will apply updates to dom0, but otherwise do nothing, QubesOS-integrated guests may (or may not) lose some functionality or even fail at some point.
If you will apply updates to dom0, apply updates to QubesOS-integrated guests (which implies that you are going to update and maintain templates) it may get labor-intensive, and will work. If the system maintenance is labor-intensive, can the system be considered stable?
I’m a believer. You are unlikely to experience data loss even if it fails. AFAIK the whole storage is conventional lvm, you should be able to recover everything from another linux machine. Data recovery from a broken QubesOS installation sounds like an interesting topic, please share your findings if you are going to experiment with it.
When a Qubes OS install is unbootable or booting it is otherwise undesirable, this process allows for the recovery of files stored within the system.
These functions are manual and do not require any Qubes specific tools. All steps assume the default Qubes install with the following components:
LUKS encrypted disk
LVM based VM storage
Anything with sufficiently long support and ability to set up storage the way I need without too much fuss.
This question is a little wonky because QubesOS is capable of hosting all the systems you mention. This additional complexity has its advantages and disadvantages. On one hand, by hosting your preferred OS with QubesOS you lift a lot of responsibility from the guest: QubesOS can clone it, will keep volume snapshots, and can enforce immutability (up to totally amnesiac disposables). On the other hand, it adds new points of failure.
IMO Qubes is unstable, every new version of Qubes, template updates, simmilar things broken my setup. For example i wrote some scripts using iptables, but after update 4.2 they were broken. In first version 4.2 also didn’t work autostart scripts.
As far as the failed backup from the topic quoted above is concerned, it could still have nothing to do with Qubes as far as we know today. There is no technical description of how the backup was created. (Which medium, which transport route …)
I am of the opinion, for example, that USB controllers or SSD caches fail more frequently than tar or gzip in the event of voltage fluctuations in the power grid or BIOS vendors messing things up.
(A serious backup routine also includes testing the backups btw. At least as part of a weekly routine.)
But back to the question of comparison: The fact that Qube’s latest technologies are integrated early and templates are EOL comparatively quickly is due to security. But conversely, to believe that you only have to rely on an Ubuntu LTS or Debian to be on the safe side (in terms of availability) is a mistake. Bugs and regressions happen in every project. With different frequency, agreed. But the relative frequency doesn’t matter, because I personally can’t predict whether I will be affected by this or that kernel or firmware bug. Unfortunately, I can’t buy anything from the statement “it was unlikely that it would happen to you”. So again, the only solution is to reduce trust as a neccessity and assume, that some backup will fail anyway … but not all of them when done right.
Finally, technical failure is a far more common problem than many people assume. And when I read that someone backs up to USB thumb drives … what can I say?
I agree. The reason i found it was a interesting topic to bring here is simple. Basically, i’m linking all my personal and important data to my machine running Qubes OS. Like a VM dedicated to 2FA, one for private documents, another to store logins, etc. Before using Qubes OS, everything was linked to my phone. 2FA was from my phone and the backup of data too. Also, i encrypted and stored some on OneDrive and linked it to my PC, in case of stability problems. But the problem is: My phone i use everyday. So there’s a chance of being robbed, the phone falls and breaks and then i would have so many problems later from that. My phone is very old too, so it could be an attack vector, since exploiting him would be very simple. I don’t consider ideal storing personal data on my phone in such a case.
I have a friend that has a machine Running Windows 10 and the installation of him is still working even after several years of daily use (8 years). No problems, no bluescreen, nothing. I found that a bit interesting and questioned myself if Qubes can do a similar thing. I mean, the less you have to re-install everything in you computer, better it is. You save time, since you don’t have to install and configure everything over and over. You could deserve more your time actually working than reinstalling and re-configuring your entire system.
As i said before, i made that question not to compare something about the Qubes with these OSes, but to compare stability. For example, if OpenBSD can have a installation working fine about for 4 years, a Qubes installation would work for that time, too? If not, it would be less or more? That was my question. Like i said before - in theory, Qubes OS is more stable than any regular OS, since everything is compartmentalized. So if an hardware our software error occurs, it would be isolated to that specific VM that run the hardware/software and would not affect the entire system (dom0). So the same installation would still work, even after this problem of stability. The same would not happen with any other regular OS. Like Windows, which crashes the entire system with any critical software error or hardware error.
This is very efficient. In my case, if i had another computer or mobile device which i don’t use everyday, i would use it to make a persistent store air-gapped, in case of my main pc die. Unfortunately, i can’t do that.
Asking for the stability of Qubes is, in my opinion, a rather difficult and complex question, which has no simple answer, because there are several quite different aspects to be considered. So I’ll try to treat them separately.
If you are asking, like several of you did already, for protection against data loss, that depends more on the availability of a decent backup system - and using that system appropriately! - than on the operating system itself. Here Qubes is quite o.k., but it could still be improved by adding functions for incremental backup, e.g. by using wyng as its standard backup tool and integrating that into the qube manager.
If you ask for a (rather) bug-free system that does its work without errors or even crashing, then the answer is that Qubes is much better than most of the currently available systems. I have been using it for about seven years, and I have a habit of breaking things, but Qubes has proven to be more reliable than the Linux systems and much more reliable than any Windows system that I use.
If you ask for that type of stability even in the presence of hacker attacks, Qubes is superior to most (all?) other systems available today if used correctly. Even if there is a successful attack against a part of it, the system as a whole will survive due to its compartmentalization and, in many cases, will allow it to be repaired without too much trouble.
If you are asking for long-term stability, however, the picture is different and comparable to most other current systems, which is not so good at all. Let me explain that a bit more. Coming from an OpenVMS environment, long-term does not mean to me two or even five years, but considerably longer times. (Recently, I had to revive a thirty-year-old software package, and this worked without any changes within minutes!). Such a type of stability requires two things:
Any interfaces, libraries, etc., have to support their use without any changes. Existing functions must not be dropped or changed in any case, and should be usable without the slightest changes forever if they were offered at one point in time. Current software in a Linux or Windows environment does not look good at all in this aspect, and Python, which is used a lot in Qubes, is a special and very bad example with its permanent changes from one version to the next.
Furthermore, a system version put in use at one time should remain usable for a long time, at least for the time that is offered by the Linux LTS versions, but hopefully even longer. Here, I find the current Qubes strategy of putting a version EOL already half a year after the appearance of the next one very disconcerting, to say the least. I am still using version R4.1.2, because R4.2.4 still does not support all the functionality I need, especially full and reliable support for Windows 7, which I need for a special software environment. (I think I can dare that, because for this system, I have a rather low threat level to expect.) It would be very helpful for such a case if at least security updates were provided for a much longer time than the current half year after the release of the next version. Due to the very limited development resources available, such long-term support would probably reduce the capacity available for the development of the new versions, but it has to be weighed what is better. Being a conservative type, I would plead for the longer support of the old version, but that is my personal bias.
I hope these considerations may help to make this interesting question somewhat clearer.
Also, I believe we should always have reversibility in mind, whatever strategic choice we are making. I mean, I do have alternative scenarios to maintain similar security and anonymity standards in case my Qubes OS setup is broken.
It did! Thank you! For me, the most important type of stability is long-term stability. I mean, when you are a developer or something, is not all about data losses but configuration too. I’ve already spent too much time configuring my entire Qubes to suit all my needs. After i done with these tweaks, this question came to my mind. “If my Qubes dies somehow and i have to reconfigure everything again?” this is so much time lost, in my opinion. You would need to spend time re-configuring your entire system again and restore things from your backup. This is what i prioritize the most. It’s so good when you are using your system and you are comfortable that your system is not going to become unbootable and unusable at all for software problems. For me, the most important things on an OS are security and long-term stability, for sure.