Where to Learn How to Use Qubes OS?

I am new to qubes but I have read the documentation and watched some random YouTube tutorials but I would like some recommendations on other free resources or communities to learn from. I would appreciate any help. Thanks.

1 Like

There is something that seemed weird to me when starting to learn how to use Qubes OS, it’s that there is a lot of community guides on this forum. So, check this:

And feel free to tell us what exactly do you want to learn :slight_smile:

1 Like

@HarryBo, do you have any idea of what specifically you are interested in learning? :slight_smile:

Seconded :slight_smile:

1 Like

I just want a greater understanding on how to get around. I used to use windows and got comfortable with it but qubes has alot to it which I think I am probably oblivious to. I saw there were advanced guides on the documentation. I want to learn what is required for me to be more advanced and to comfortably get around.
I understand how to find all the tools and use the qubes manger well. I would like to know what else is important to learn and where to find it.

1 Like

Here are a couple of approaches to organize your workflows:

See also:

2 Likes

Well, it’s still too broad to answer you correctly :slight_smile:

@fsflover is right about the importance of partitioning your usage into different qubes. It’s not something you will learn in the documentation, but by thinking about your own (and unique) way of using your computer.

Some generic questions could be:

  • are you able to backup and restore your system? (should be your top priority)
  • do you use disposable qubes when possible?
  • same question with Whonix.
  • are you able to restrict or allow some operations between qubes? (see RPC policies files)
2 Likes

@parulin is right. “More advanced” is like someone saying “I want to be more ‘private and secure’.”… It doesn’t really say much :stuck_out_tongue:

It helps if you think of Qubes OS VMs as more like separate computers on a physical network (such as your home wifi).

Each separate computer has ways in, ways out, and their own set of rules that determine whether they will do what another computer asks of them (ACCEPT), tells the other computer “No, I won’t do that” (REJECT), or just ghosts them completely as if they weren’t there (DROP).

Similarly, all the network devices that the computers use to communicate with each other has a similar set of rules about who is allowed to talk to whom (ROUTING RULES/FIREWALL) and in some cases, what about (PORT FORWARDING).

If they do decide to allow them to communicate, then these network devices will also decide whether they will tell the recipient who the original sender of the message is (FORWARDING) or act as a middleman and put their own name on it (MASQUERADE).

Because of all of this, it is possible to control the information that each computer on the network can learn and become aware of, with very fine detail.

Such things like:

  • What other computers are on the network, and where they are
  • Which computer is allowed to send what information, and to whom

This is very useful if/when one of those computers goes rogue and tries to do something that it shouldn’t. For example, if one of the computers wanted to ask all network devices for other information :slight_smile:

If this was all just one computer (with shared resources like RAM, CPU, storage, etc.), then it could be possible that one program could actually read the data of another program, and learn some information, which you, the user, did not knowingly and voluntarily give out “on your terms”.

For this reason, usually, on a (enterprise/large-scale) computer network, you will have each critical process on a separate computer, so that no outside interference can take place. It also limits, to a certain extent, the damage that can be done if a single computer were to go rogue. (Well, that’s the theory, at least… :stuck_out_tongue:)

This is one of the reasons why in Qubes OS, sys-net and sys-firewall exist.

disp4592 be like
“I guess sys-firewall must be the router on the LAN network that I’m on…”

sys-net be like:
“I have a wifi card, and not much else, but wow, sys-firewall sure is chatty…”

Meanwhile, sys-firewall be like:
image

Qubes OS is easier to grasp if you think of it more like this. A single computer is essentially pretending to be all of this inside itself (VIRTUALIZATION).

Once you get your head around this, your creative mind will have no difficulty cooking up all sorts of “advanced” things that you can do with Qubes OS :sunglasses:

2 Likes

I find this visual metaphor a good representation. Not perfect, but it’s a start.

1 Like