Spectrum OS vs Qubes OS Issues

Hello,
I found a project called Spectrum OS that addresses some issues with Qubes OS and is trying to build a better operating system than Qubes OS. Are these issues fixed in the current version of Qubes OS?

Thank you.

2 Likes

Related discussions:

2 Likes

One might think those (loosely defined things) are ‘issues’, some are threat them just as side effects, some might call them features :wink:

3 Likes

I hope undocumented command line utilities don’t count as a feature)

Documentation also came up on the mailing list (where I can’t reply) recently.

My search skills are failing - can anyone provide a link?

1 Like
  1. First issue is true, especially with dedicated graphic cards.
  2. Broad statement with no citations.
  3. GUI applications are functional, so existing command line tools are a separate workflow option now.
  4. True.
5 Likes

Isolation between applications in the same domain can never be as strong as the Qubes virtualization. Qubes doesn’t promise you what you shouldn’t expect.

4 Likes

Looks like the development of Spectrum OS is infrequent:

1 Like

Going by the funding+contribution picture, it looks very small (though I can’t see funding amounts on the GH page) still after 5 years. However, the EU institutional funding is interesting.

2 Likes

Command line utilities documentation got a lot better during last year or so of development, and the writing style have improved as well.

3 Likes

Hello,
Thank you so much for your reply.
The EU institutional funding?

2 Likes

Hello,
This is the first time I’ve heard that containers are more secure than virtual machines!!!
If Docker security was acceptable, Podman wouldn’t have been created.

3 Likes

“Extremely” is subjective. I’d say this is no longer true. It’s nowhere near as limited as it used to be.

It’s true that buying a new computer for Qubes is often necessary, but that’s not Qubes’ fault. That’s just the nature of computer security right now. It’s not as though Qubes imposes extra hardware requirements beyond what it needs to provide security. In fact, it does the opposite by allowing you to run it on computers that lack important hardware security features, since even a partial increase in security is better than nothing.

There are now several Qubes-certified computers to choose from that come with Qubes preinstalled, so there should be no struggle to set them up.

Depends on your situation. If you use a desktop or mainly use your laptop while plugged in, this doesn’t affect you. If you’re constantly on the go and need to maximize battery life on your Qubes machine, then this will affect you.

One of the earliest descriptions of Qubes included the phrase “lightweight AppVMs,” so evidently the creators of Qubes OS do not think Qubes VMs are heavy. “Heavy” is both subjective and relative, so the statement “VMs are heavy” without any qualification or explanation is basically meaningless.

Also, you can’t eliminate the “heaviness” of VMs without sacrificing security. Lighter solutions like containers aren’t as secure, so the “cost” of VMs are worth the security benefits (for people who need high security).

There doesn’t need to be any isolation between applications within the same VM, because it’s easy to have many different VMs. The whole point of Qubes is to do things in different VMs, not the same VM. This is like criticizing a screwdriver for not being good at hammering in nails or a hammer for not being good at screwing in screws.

Well, all software is buggy, but the GUI applications don’t seem buggier than usual now. I think most of the CLI tool documentation has been added at this point.

You don’t have to maintain that many different templates. It’s a choice.

I don’t find them that difficult to manage, but maybe I’m just used to it.

They’re not.

5 Likes

I’m also interested in finding out. I never heard about Spectrum OS before but I heard about nix OS and I remember there are some bad things about the devs maybe a year ago, lots of arguing that ended badly. Both the funding and the dev issue leads me to say that the most important thing when deciding on an OS is which dev team do you trust the most. For example I would use qemu/kvm on debian if I trusted debian’s devs more than qubes devs, even though qubes os has better security features and better user experience. But I don’t trust debian’s devs entirely. I think pretty much all operating systems are to some degree untrustworthy but I trust qubes devs more than all the others.

It also matters how long time an OS as existed without any scandals. The longer time then that adds trust. A transparent view to dev process and docs and well commented code to help people understand the code and contribute. All these things help.

I think what harms a dev team’s reputation the most is if there is any kind of connection to usa’s deep state such as getting money from USAID. Or if the devs interests seem to be influenced by the deep state by for example blocking any attempts to have improved privacy/anonymity. Those are the kind of things I generally look out for in the FOSS world.

Maybe I went too in depth into my explanation without being asked to but it’s what I thought about when I read about institutional funding.

2 Likes

It’s NixOS

4 Likes

A KVM-based alternative or fork of QubesOS would be interesting. KVM has become the standard for multi-tenant cloud environments. I wonder what the security story of KVM vs XEN looks like today.

I’m not sure what’s up with Spectrum OS. It’s always looked like a dead project to me, but there’s still a commit or two every few weeks.

1 Like

Glad to see that there are other distributions that are intending to explore security models that are similar to Qubes. Qubes does suffer from limited hardware compatibility and lack of hardware acceleration, but these problems are slowly being worked with each release. Once Intel stops dragging their feet and integrates SR-IOV into the mainline Linux kernel, hardware acceleration will be possible for modern Intel CPUs and we should be able to experience a much smoother experience with browsing, gaming, and watching movies.

As for Spectrum vs Qubes? I trust the maturity of Qubes as a product, the original design that Joanna and the Rafal created, and the security decisions that Marek and the rest of the team have made since taking the helm several years ago. As far as I am aware, SpectrumOS is only in its conceptual stages, and while sounding good as an idea, has yet to be demonstrated as reasonably secure in implementation.

Time will tell, but I happy to hear about it and welcome another security focused OS.

2 Likes
3 Likes