I’m currently using Linux Mint and although I like it, I want to make the switch to Qubes. Mostly just for the fun of trying something quite niche and it seems like the multi VM use sounds more organized. I’m also not what you would call a Linux mastermind, so maybe throwing myself into the deep end will help me learn.
I’m using a Thinkpad t480 with 64gb ram. As far as I’m aware that is plenty of ram to use Qubes. But I’m curious as to what problems one might face during installation?
Some use cases and various VM’s off the top of my head
1-Whonix with persistence for hosting certain apps.
2-Whonix in live mode for general browsing.
3- A VM for using Qbitorrent.
4- An offline VM for using VLC + Calibre
5- A VM for using Reto-Swap
6- A VM for using a Crypto Wallet (feather)
7- A VM for hosting various “productivity” apps like a note taking app, calendar, libre office etc etc. This one would be for doing school work I guess.
These would all be permanent VM’s. I guess for banking and online shopping I could use a disposable VM?
I have T-480 with 64 GB RAM. Install is as described in documentation. No spectacular issues, unless you do something unusual. Qubes prefers to be the only OS on the SSD. Which is a good idea from a security standpoint, as well as easier to do.
If you have any issues, if a quick look at documentation does not solve it. Just describe the issue on the forum. Folks will be happy to help.
Dont know where you live, but if you need a vpn for downloading all those linux isos on qbittorrent its also really convinent to set up a vpn net-vm qube. Set killswitches on it and any qube routing its traffic through your sys-vpn will be safe. And sounds like you’ve got a good attitude. For all the flak qubes gets for its massive learning curve, it also has a lot of its out of the box, or easy to set up perks. As you mentioned, the organizational aspect is hugely valuable with minor personal optimizations !
On 4 I use an offline qube to store media, and an offline disposable
for using VLC, Calibre etc. This means that you can use such files with
relative safety, whatever the source.
I have this packaged at https://qubes.3isec.org/tasks.html as
sys-multimedia, but you can relatively easily create it for yourself.
Again, I would use a disposable for 7, but you must weigh the balance
for yourself. It depends, I think, in whether the work will all be
generated by you, or will use use material from others, and what risks
you may think attach.
You can always change things about once you have been testing out Qubes
enjoy your use of it.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
That wasn’t what I said.
My suggestion was that you split the storage of such files from the
qubes where they are executed.
Media - store in an offline qube, execute in an offline disposable.The
advantage is that whatever the source, you are only storing the files,
so you have reduced the risk of an offensive file. Executing the file is
done in a disposable so any unpleasant effects are limited.
The same applies to your “work/research & general learning” qube -
though I would separate out those activities in to separate qubes and
store the results of your research in a separate offline storage qube.
Again, you can review those files in an offline disposable. Also, dont
forget that there are useful applications to sanitise images and PDF
files: though the latter will remove the ability to search files.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Are you by any chance using some passthrough GPU along with that to be able to use VLC on media files etc? Or do you use low res, small screens etc etc?
No to both.
There are ways to improve performance if this is an issue - @solene has
covered one. But even if there were an issue that cant be resolved, the trade
off between high-res on 4k, and the security that Qubes brings, is imo a
no brainer. But this is a decision that you must make for yourself.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Thanks for taking the time. I’m still a bit unsure of your strategy. All my media is stored on an external SSD, so there wouldn’t be any need for an offline qube for storage. What is the benefit of having a disposable qube for hosting VLC + Calibre as opposed to one that was not disposable?
I’m new to this so unfamiliar with all the jargon and technical terminology that is used for QubesOS.
As far as the “School work, research, general learning” Qube is concerned it would not be offline. There is software that I would like to have be able to sync with my mobile device (GOS). Such as NotesNook,Anki and a calendar app…maybe Tuta. I would have a browser also, either Librewolf or Mullvad and it would need Notesnook webclipper +Libdirect extensions.
What I would most likely doing with this VM is logging into various learning platforms such as TryAndHackMe/ Coursera/ CodeAcademy. These three sites may or may not already have my real world identity associated with them as I may be a paying customer.
I understand that it is always better to isolate EVERYTHING! But for this purpose it just seems so unpractical.
I’m not sure if it is always better. I think @unman provided some ideas to improve your setup but to me what you want to do is already better than staying on an OS without isolation. You can start to follow your plan right now, and see later if @unman ideas are worth implementing for you.
I started to use Qubes OS with an online personal qube where I was using Thunderbird, Firefox, Libreoffice and storing personal documents, etc. Now I have several qube for each mail account, some offline qube for storing different kinds of personal documents, disposables for browsing, etc. Qubes OS allows you to experiment a lot and improve your setup step by step. Just be careful in dom0
So I’ve got the ISO files downloaded and got my USB’s ready. I’ve backed up my Keepass, Reto, Wallet databases. All my media is already stored on an SSD. Anything else you guys think I should do before jumping in?
its also really convinent to set up a vpn net-vm qube. Set killswitches on it and any qube routing its traffic through your sys-vpn will be safe. And sounds like you’ve got a good attitude. For all the flak qubes gets for its massive learning curve, it also has a lot of its out of the box, or easy to set up perks. As you mentioned, the organizational aspect is hugely valuable with minor personal optimizations !