A lot of people instinctively think Tails, just because it is known for running live in RAM. However, Tails is horrible for security, when compared to Qubes. Just because Tails efficiently runs in RAM, does not mean it is securing your apps & files & hardware very well as it runs. Regardless of running from a drive, or live in RAM, once up and running, the security strength of Xen/Qubes is what is also important over Debian/Tails. Qubes OS wouldn’t be a necessary or important security project, if monolithic Linux systems were good enough for strong security. Qubes’ original Arch Spec whitepaper, as well as Joanna’s talks and blog posts, are a good source for understanding the general weaknesses of monolithic Linux systems and why Xen/Qubes is fundamentally stronger security (not perfect or without bugs, but fundamentally stronger architecture). Getting live RAM-based properties for Qubes OS is what is very important for me (which Qubes in tmpfs provides), as well as getting rid of regularly cloning and managing the local hard drives across the dozens of machines I manage (which is what sys-pxe will hopefully provide). Huge time savings for me, with some subtle but meaningful security benefits thrown in.
Yes. That is totally fine with me. I personally love running Qubes OS in a more stateless and disposable way from RAM. Super clean. Just reboot to an “instant” clean install of the whole Qubes OS. Across multiple machines, the hard drives and updates/maintenance start becoming a serious nuisance though (hours and hours of regular maintenance tasks for me), so sys-pxe to the rescue for central management and deployment across multiple machines!
Yes. No problem. Computers have RAM and specs are growing into the future. Already successfully running RAM-based Qubes in tmpfs this way, and it takes ~6GB RAM for holding Dom0 in RAM, so no problem. PXE network booting a RAM-based Qubes OS just changes the boot source from local hard drives to a centralized image stored on the LAN.
This becomes a solution to a natural problem for just about anyone if you do run a RAM-based OS across several machines, whether Qubes, Tails, etc (doesn’t matter the OS).
Regularly updating the OS and recloning the drives, over and over for a lifetime, is a heavy ongoing maintenance burden across dozens of machines.
PXE network booting will be a big releaver of pain, as you then just need one central OS image that all of the client computers can network boot from. Just update the one central image on the PXE server and reboot all your machines. Fully updated and clean state for all. End of maintenance. Done.
People are so used to running their OS from local hard drives.
Running from RAM and PXE network booting are just a couple different ways of operating & thinking about interacting with your OS.
Cutting the umbilical cord to the hard drives brings freedom to a superior way of computing that is closer to fully “stateless”.
It’s like the freedom gained when you first learn to run more of your tasks through DisposableVMs.
Except you get to treat the entire Qubes OS as disposable, which is quite freeing once you get it and experience it regularly.
Thinking about whole Qubes OS machines as disposable nodes to work with is pretty neat and useful.