Why I use Qubes

quantum · October 2, 2022, 6:41pm

After seeing so many posts on how Qubes can be changed I think it’s a good idea to focus on what works, i.e., please keep doing this.

Security is my number one reason to rely upon the protection provided by Qubes versus the privacy of Tails. Increasingly sophisticated attacks show it’s only a matter of time before my system is hacked, if not already. Besides some not-for-public-consumption operating systems Qubes is the only game in town providing this level of security and I hope it stays.

Debian available as a standard template is an outstanding choice. Pretty much any program I’ve used from calculators to mainframes is available on Debian in some form or another. And any OS you use has to do what you need. Debian also has the stability of a rock. Both big selling points. (I use unchanged Fedora templates for all system functions.)

XFCE works. I know that many would want to use what is familiar, such as GNOME or MacOS, but the simplicity and flow of XFCE is an excellent foundation for Qubes.

With that said, the KDE port unman released and its use of Activities may point to a future Qubes desktop. Qubes certainly demands a higher level of expertise than most, so seeing such movement towards a Qubes-unique OS may help bridge that gap.

Do I have any suggested changes? Sure, but that’s not the point of this post. I’ve read a lot of the items posted about the Qubes internals and its’ very bright Team ought to be proud of what they’re doing. Please keep it up!

aronowski · October 2, 2022, 7:20pm

XFCE works. I know that many would want to use what is familiar, such as GNOME or MacOS, but the simplicity and flow of XFCE is an excellent foundation for Qubes.

IMHO there has been no better foundation for a user interface than the good old Windows 95 Explorer and whatever came after it. That said, I respect the people who prefer other interfaces such as DWM and I’m glad we have a community that made a port so it works well with the goodies provided by Qubes.

With such a strong community it’s no wonder we have such system that respects people and makes their computer work for them however they want it to work and be malware-proof.

SteveC · October 2, 2022, 7:35pm

Ironically, for someone who bashes Micro$haft on a regular basis, I do find their file explorer to be most versatile…so I see where you’re coming from! Over in Linux land we have Thunar, Dolphin, and the like, and every one of them has some quirk or omission I really hate. (I think Nautilus is probably the worst; it’s hard to navigate “up” in it.)

Back to the main topic, yes, I’ve enjoyed my time on Qubes. Yes, it is sometimes a bit rough around the edges, but those things are being worked!

I have been able to customize the daylights out of it. I’ve even been able to build totally new stuff on it; the split veracrypt I just wrote a post about is a major part of the infrastructure and I suspect most people wouldn’t realize it’s something I hacked together instead of something that came with the system. (At least not until they find one of the glitches in the user experience that I haven’t been able to resolve yet.)

I used to have an XUbuntu online machine with Oracle Virtual Machine on it, and an airgapped Windows 7 box.

I completely got rid of the Xubuntu machine (even selling the hardware off, since it’s not totally obsolete); I moved my Qubes box over to where the Windows box used to sit, moved the Windows box to where the Xubuntu box used to sit. I did that months ago. I still haven’t plugged the Windows box back in. I will probably need it for something, someday… But the point is Qubes gives me the warm security fuzzies to the point where I am willing to do my windows 7 stuff on a virtual machine, rather than an airgapped physical machine. Because I know what it’s doing and how it connects VMs to networks, whereas with Oracle VirtualBox I had to trust them.

Confused · October 2, 2022, 11:35pm

Qubes, Qubes devs, Qubes team, Qubes project, Qubes contributors, Qubes community, all amazing! Qubes a present millennia “wonder of the world” imo. Qubes documentation is excellent. Marvelous also Whonix and Heads.

Why I use Qubes?

Win7 offline legacy stuff on virtual machines give me security fuzzies + less hardware. Came from CentOS host Win7 guest VirtualBox desktop pre snowden and coreboot Tails laptop after until jump in Qubes 4. To last millennia self Heads Tails Qubes Whonix in x230 in 2020 be a miracle. Where Qubes et all be in 2025? 2030? hope to see.

aronowski · October 2, 2022, 11:46pm

Oh, we’re almost in the same boat! But I take a different approach here: me in an online mode can use Internet Explorer 11 for what it was designed for - exploring the Internet - and since it’s all being done in a disposable VM, the browser’s security might be close to zero and it still wouldn’t matter anyways - the attacker would still not be able to steal my assets that I have in AppVMs.

Probably still at Fedora 32.
Sorry, I just couldn’t resist

SteveC · October 3, 2022, 2:51am

That’s true too!

Though I don’t want Windows 10 / 11 to phone home even from a DVM (it still tells Micro$haft what I’m doing) I could at least run them in offline mode; and I can upgrade (if necessary) the disptemplate VM, which will simply tell Micro$haft that all I’ve done is get upgrades!

aronowski · October 3, 2022, 2:59am

Oh, that’s a good point! All I was thinking about was Windows 7, which I utilize and it should not have that heavy home phoning capabilities as the later versions have.

That said… this post reminded me of myself a bit with how much stuff I was able to do completely offline. In this current day and age when we are almost always connected and with enough patience and determination a lot of development can be done offline. Yes, I was actually doing that without access to sites such as StackOverflow.

Back on the topic, I’ll definitely find Qubes a fun platform to do some development on and easily test the code on multiple platforms. I can switch templates easily after all.

There was one situation where I wanted to quickly test different versions of virt-manager, how it behaves on Enterprise Linux 8 and on Fedora 36. All that with a few clicks.

ckN6QwSZ · October 3, 2022, 8:33am

Because Qubes is awesome.

I used to run a bunch of VMs via KVM/Qemu/Libvirt on an Arch Linux host. I chose Arch Linux because they have the best wiki. And the Arch Distro is truely bleeding edge. It’s like cloning the developer’s repos and compiling their stuff as soon as they have pushed a new version. You learn a lot about linux if you use Arch.

Anyway, since I worked with VMs a lot I decided to give Qubes a try. The way Qubes utilizes XEN isn’t as versatile as KVM, however, I love it’s implementation for networking and templates. For me the security enhancement resulting from this architecture is just a useful side effect. Performance is pretty decent considering you are running VMs.

Debian really is the old aunt, but Fedora is doing fine. And @unman gave us an Arch template. Niiice.

I’m looking forward for sys-gui and hope that support for HVMs is going to improve. For instance it would be cool if you could insert a sdcard with RaspiOS (arm64) and run it. KVM/Qemu and other virtualization software like Virtualbox, Parallels and so forth can do that, XEN/Qemu should be able to do that as well.

Confused · October 3, 2022, 1:16pm

Today I Learned @aronowski is malware researcher

Sorry, I just couldn’t resist

enmus · October 4, 2022, 3:12pm

Because I’m responsible.

fsflover · October 8, 2022, 9:03pm

Installer: `Failed to start udev Wait for Complete Device Initialization`

opened 12:31PM - 11 Apr 22 UTC

patranger

T: bug C: installer P: default hardware support needs diagnosis

[How to file a helpful issue](https://www.qubes-os.org/doc/issue-tracking/) #…## Qubes OS release Qubes release 4.1.0 (downloaded in last week from https://ftp.qubes-os.org/iso/Qubes-R4.1.0-x86_64.iso) Hash verified and was okay. ### Brief summary For several years I have been using Qubes OS on a laptop every day, so I wanted to install it on a new desktop computer. I downloaded the latest ISO image and then write it on a USB stick with the DD command sudo dd if=Qubes-RX-x86_64.iso of=/dev/sdY status=progress bs=1048576 && sync according to the recommendations from Qubes OS DOC (https://www.qubes-os.org/doc/installation-guide/). Then I put the pendrive into every possible USB port and started it from BIOS. Of course, I previously enabled virtualization for AMD in the BIOS under the name SVM (Secure Virtual Machine). **The problem was that no matter which USB port the flash drive was in and no matter if I turned it on in legacy or uefi mode, text was popping up every time with: "dracut-pre-udev:modprobe: ERROR: could not insert 'floppy'" like here https://forum.qubes-os.org/uploads/db3820/original/2X/e/e4000f9eaa27ab737160949fe6bdfeb4393889d3.jpeg** I am currently using Qubes OS on a laptop with: Disk SSD 512 GB. 8GB RAM Intel i5-3320M NVIDIA GEFORCE I wanted to install Qubes OS on a desktop computer with: Motherboard Gigabyte B450M NVIDIA ASUS GTX 1650 64GB RAM AMD Ryzen 9 5900X 2 x 2T HDD ### Expected behavior Correct launch of the Qubes OS installer.

github.com/QubesOS/qubes-issues

R4.0.4 installer problem on new laptop

opened 05:19AM - 09 Oct 22 UTC

patranger

T: bug P: default

### Qubes OS release R4.0.4 ### Brief summary A few days ago I bought a new… laptop and wanted to install Qubes OS 4.1 on it, but due to the error described in this thread: https://github.com/QubesOS/qubes-issues/issues/7433 I couldn't do that. The same situation was for version 4.1-rc4 rc-3 etc. until I got to version 4.0.4 and knowing the problems of this version when installing with UEFI (my laptop already has only UEFI) I followed the guide https://www.qubes-os.org/doc/uefi-troubleshooting/ I tried this solution: ``` # noexitboot = 1 # mapbs = 1 ``` and (options = console = none) ``` [qubes-verbose] options = console = none efi = attr = uc # noexitboot = 1 # mapbs = 1 kernel = vmlinuz inst.stage2 = hd: LABEL = Qubes-R4.0-x86_64 i915.alpha_support = 1 ramdisk = initrd.img ``` but unfortunately the effect is the same each time. Nothing happens when booting from a pendrive. It doesn't even have a menu, there's nothing. Just as if the system didn't exist but it exists when I mount it to Garuda and check it. I burned it with this: `sudo dd if = Qubes-RX-x86_64.iso of = / dev / sdY status = progress bs = 1048576 conv = fsync` Asus ROG Strix G15 (2022) AMD Ryzen™ 9 6900HX NVIDIA® GeForce RTX™ 3070 DDR5-4800 NVM ### Expected behavior Hassle-free installation

Surprisingly, the R4.1 version installed on the old 6-year-old laptop without any problems, but the installer does not want to run on a laptop from a few months ago. So, for some time now, I’ve seen it’s time to stop using Qubes and switch to Garuda. I have been using Qubes for 4-5 years but I have never had as many problems in other distributions as I have encountered and reported in Qubes. I have devoted a lot to the Qubes system, such as the limitations related to android emulation when you want to write programs for it, buying disks specifically for Qubes and the system is so buggy that it is a drama. Currently I can’t use R4.1 so I can’t use Gentoo or Kali as a template and I have to use them in HVM which is less convenient when you have to run like this every day for 10 hours.

The fact that for two years the creators have been ignoring the requests of different people to add more colors to the extent that there are some polls made for colors, I do not need to mention because it is an embarrassing matter. It’s just colors.

I use the Qubes system because I love security but I don’t like when the system has bugs already in the installer so I will probably stop using it because of many bugs and still alpha state.

renehoj · October 9, 2022, 6:25am

How is that surprising?

The HCL exists because a lot of newer hardware isn’t supported, every time someone asks they are told to buy older hardware known to be supported.

You decided to buy something known to be difficult to get working, and then acts like it’s surprising it doesn’t work.

drtduit · October 9, 2022, 6:46am

Exactly, here’s the problem. There should be more focus on equipment newer than 8 years old, because who buys 8 years old equipment, no one because sometimes some need to have not only qubes but also windows or freebsd for something and in work their need to have strong latest hardware. Well written because for systems such as Qubes we need more RAM, a better processor, so instead of Intel i3 from 9 years ago, most users will choose the new Ryzen 9, the latest Intel i7 - i9 or Threadripper and the latest RAM to be able to take full advantage of Qubes. That’s why I think the problem is to focus too much on old devices and too little on new devices.

Even if someone wants to play on the second system once a month, they cannot afford to buy too old devices, and you never know whether the new Qubes equipment will work without a problem or with a problem, which is why it is a lottery. Same as I have an old 9 year old laptop not from HCL (Getac G) but everything works fine except for a weak processor, low RAM, and no NVM support.

HCL support is one thing, and reliable answering to GitHub problems and updating HCL based on user reports and interest in problems is another, and as we see, there is a growing problem with it.

Therefore, it is best to focus just as noted on devices not older than a certain period of time. I suggest not older than 5 years.

Statistics don’t lie. More people prefer to buy newer equipment and if Qubes wants to attract new users, they have no choice.
If the system is for users, it is the only option, but if it is only for the creators of the system, that’s another matter.

As I wrote, this is not the only problem in Qubes, but also the ignorance of users’ needs, this is the first time I meet with users having to ask for a crap for a long time like the number of colors. In systems like Arch, Garuda, or BlackArch, things like this are done in weeks when many times the community asks for it. Community asking for more colors and there is a problem and another users must wrote their own script in bash to add more colors. And we talk only about small think, not change all components and change dom0 only adding colors xd

renehoj · October 9, 2022, 7:07am

I’m running Qubes on a 12th gen Intel with 64 GB memory and 980 Pro NVMe drives, I don’t have any issues. There are other people doing the same, Qubes does runs on current hardware.

Qubes is never going to be support by all hardware, it’s on the user to buy something that works, you are given the tools to make the right choice.

Qubes has limited development resources, the result is that it works with limited hardware, if you have 5 years experience with Qubes you should know this.

drtduit · October 9, 2022, 8:10am

I am using one of the most popular B450 motherboards with Ryzen 9 in PC and I am having problems with 4.1 so that means something is wrong and therefore we need to fix some basic errors in Qubes more because it stopping new users. How can I recommend something that doesn’t work to my friends and at work? System must try to support all hardware because it is difficult to force all users to buy specific hardware because then it would be suspicious.

They already made this mistake in the case of Librem, ignoring the community, which is why Pine64 won with them instantly, gaining the support of most system developers like eg Manjaro.

Some people use Qubes so much that they need the most powerful processors and motherboards, so Qubes should have no problem with supporting more powerful devices because we must not forget that it is a system based on Xen virtualization, which is by definition for more powerful hardware and no one will want to try running it on 2G RAM of an old laptop that only RedoxOS is suitable for.

The limited resources of Qubes are due to insufficient effort to expand popularity and little care for the community. For example, Ubuntu has grown to such enormous popularity that they even post job offers all over the world. The BSD community, on the other hand, has regular conventions in every major city and lots of chat rooms where you can get help on any topic and no one has a problem.

If we want to have more users, we need to fix the basic problem of supporting more hardware so that there are no basic problems, otherwise we will become a small community where donations will decrease until the project will be dead.

When going to the store to buy a computer or a car, we do not take whatever the manufacturer gives us, we have requirements and the manufacturer tries to interest us. So do everyone who care of users do that. Foundations, operating system developers, corporations, who do not do this for a long time slowly begins to lose popularity and the interest of the last people and the project remains in a niche, such as Librem.

Since Qubes enables the donation options, it’s mean that Qubes want gratitude of users, i.e. it tries to think about the users, which is why it is not like you wrote that the user chooses the equipment indicated by HCL, only HCL is created based on what users want.

renehoj · October 9, 2022, 8:41am

Every single motherboard doesn’t need to be supported, it would be great if it was, but it’s completely unrealistic. It would only be possible if users like yourself could fix compatibility problems, and submit fixes back to the Qubes OS project.

If you don’t have the technical knowledge to fix the issues that comes with using unsupported hardware, then you should follow the recommended guidelines and use hardware someone else has confirmed to be working.

Maybe HCL is too difficult to read for some users, and there need to be more clear recommendations.

adw · October 9, 2022, 1:01pm

Just a general reminder that there’s Qubes-certified hardware:

There’s also the community-recommended computer list:

Meanwhile, the HCL is not a list of recommendations. Rather, it’s a database of user experiences with trying to install and use Qubes on various hardware. (The reason it is not a list of recommendations is that sometimes those experiences are bad. However, recording both good and bad experiences makes for useful data for others.)

enmus · October 9, 2022, 7:57pm

… it has to become Windows or macOS. Or Android. Large Ubuntu community? Of how many Linux users in the world comparing to the former OS? Qubes can’t attract enough devs, not to tell users.

And, Qubes is not about users. It’s about security.
Uncompromising. That’s

Why I Use Qubes

Respect!

fsflover · October 9, 2022, 8:01pm

AFAIK, it’s not even the Qubes developers who are working on the hardware compatibility but Linux and Xen developers, which have significantly more resources. Qubes is standing on the shoulders of giants and it’s not the work of Qubes developers to do everything.

No, there is a large number of users who are not happy with the security of Windows, Mac, Linux, but unaware of Qubes OS, or thinking that it’s more complicated than it actually is.