Hello,
I found a project called Spectrum OS that addresses some issues with Qubes OS and is trying to build a better operating system than Qubes OS. Are these issues fixed in the current version of Qubes OS?
Thank you.
2 Likes
Related discussions:
2 Likes
One might think those (loosely defined things) are âissuesâ, some are threat them just as side effects, some might call them features 
3 Likes
I hope undocumented command line utilities donât count as a feature)
Documentation also came up on the mailing list (where I canât reply) recently.
My search skills are failing - can anyone provide a link?
1 Like
- First issue is true, especially with dedicated graphic cards.
- Broad statement with no citations.
- GUI applications are functional, so existing command line tools are a separate workflow option now.
- True.
5 Likes
Isolation between applications in the same domain can never be as strong as the Qubes virtualization. Qubes doesnât promise you what you shouldnât expect.
4 Likes
Looks like the development of Spectrum OS is infrequent:
1 Like
Going by the funding+contribution picture, it looks very small (though I canât see funding amounts on the GH page) still after 5 years. However, the EU institutional funding is interesting.
2 Likes
Command line utilities documentation got a lot better during last year or so of development, and the writing style have improved as well.
3 Likes
Hello,
Thank you so much for your reply.
The EU institutional funding?
2 Likes
Hello,
This is the first time Iâve heard that containers are more secure than virtual machines!!!
If Docker security was acceptable, Podman wouldnât have been created.
3 Likes
âExtremelyâ is subjective. Iâd say this is no longer true. Itâs nowhere near as limited as it used to be.
Itâs true that buying a new computer for Qubes is often necessary, but thatâs not Qubesâ fault. Thatâs just the nature of computer security right now. Itâs not as though Qubes imposes extra hardware requirements beyond what it needs to provide security. In fact, it does the opposite by allowing you to run it on computers that lack important hardware security features, since even a partial increase in security is better than nothing.
There are now several Qubes-certified computers to choose from that come with Qubes preinstalled, so there should be no struggle to set them up.
Depends on your situation. If you use a desktop or mainly use your laptop while plugged in, this doesnât affect you. If youâre constantly on the go and need to maximize battery life on your Qubes machine, then this will affect you.
One of the earliest descriptions of Qubes included the phrase âlightweight AppVMs,â so evidently the creators of Qubes OS do not think Qubes VMs are heavy. âHeavyâ is both subjective and relative, so the statement âVMs are heavyâ without any qualification or explanation is basically meaningless.
Also, you canât eliminate the âheavinessâ of VMs without sacrificing security. Lighter solutions like containers arenât as secure, so the âcostâ of VMs are worth the security benefits (for people who need high security).
There doesnât need to be any isolation between applications within the same VM, because itâs easy to have many different VMs. The whole point of Qubes is to do things in different VMs, not the same VM. This is like criticizing a screwdriver for not being good at hammering in nails or a hammer for not being good at screwing in screws.
Well, all software is buggy, but the GUI applications donât seem buggier than usual now. I think most of the CLI tool documentation has been added at this point.
You donât have to maintain that many different templates. Itâs a choice.
I donât find them that difficult to manage, but maybe Iâm just used to it.
Theyâre not.
5 Likes
Iâm also interested in finding out. I never heard about Spectrum OS before but I heard about nix OS and I remember there are some bad things about the devs maybe a year ago, lots of arguing that ended badly. Both the funding and the dev issue leads me to say that the most important thing when deciding on an OS is which dev team do you trust the most. For example I would use qemu/kvm on debian if I trusted debianâs devs more than qubes devs, even though qubes os has better security features and better user experience. But I donât trust debianâs devs entirely. I think pretty much all operating systems are to some degree untrustworthy but I trust qubes devs more than all the others.
It also matters how long time an OS as existed without any scandals. The longer time then that adds trust. A transparent view to dev process and docs and well commented code to help people understand the code and contribute. All these things help.
I think what harms a dev teamâs reputation the most is if there is any kind of connection to usaâs deep state such as getting money from USAID. Or if the devs interests seem to be influenced by the deep state by for example blocking any attempts to have improved privacy/anonymity. Those are the kind of things I generally look out for in the FOSS world.
Maybe I went too in depth into my explanation without being asked to but itâs what I thought about when I read about institutional funding.
2 Likes
Itâs NixOS
4 Likes
A KVM-based alternative or fork of QubesOS would be interesting. KVM has become the standard for multi-tenant cloud environments. I wonder what the security story of KVM vs XEN looks like today.
Iâm not sure whatâs up with Spectrum OS. Itâs always looked like a dead project to me, but thereâs still a commit or two every few weeks.
1 Like
Glad to see that there are other distributions that are intending to explore security models that are similar to Qubes. Qubes does suffer from limited hardware compatibility and lack of hardware acceleration, but these problems are slowly being worked with each release. Once Intel stops dragging their feet and integrates SR-IOV into the mainline Linux kernel, hardware acceleration will be possible for modern Intel CPUs and we should be able to experience a much smoother experience with browsing, gaming, and watching movies.
As for Spectrum vs Qubes? I trust the maturity of Qubes as a product, the original design that Joanna and the Rafal created, and the security decisions that Marek and the rest of the team have made since taking the helm several years ago. As far as I am aware, SpectrumOS is only in its conceptual stages, and while sounding good as an idea, has yet to be demonstrated as reasonably secure in implementation.
Time will tell, but I happy to hear about it and welcome another security focused OS.
2 Likes
3 Likes