This is the base rate fallacy thing I was referring to. You’re assuming that:
Qubes+bluetooth=0
Arch+bluetooth=80
Windows+bluetooth=? (probably >0)
Sorry, where did I say this?
Qubes+Bluetooth is always gonna be more secure than Arch+Bluetooth. Windows is out of the question when we’re talking about security. My point is threefold: That using anything other than Windows (particularly Linux) is a major step up, that relative to using Windows, there is not much difference between Arch (properly set up) and Qubes from a security perspective (because 99% of threats have been prevented by not using Windows), and that Bluetooth introduces the same threat vectors whether you’re using Arch, Windows, or Qubes (assuming bluetooth requires dom0 access, which is what this article says). In other words, imagine a ventilation system, and that we’re running ventilation system version number 5.2 where all ventilation systems running that version are all exactly the same. Install that ventilation system in house 1 (a farmhouse) and house 2 (a suburban unit), the way in, and the way out, are both exactly the same. There’s only differences at each endpoint.
@Syonyk If you’re dating and you meet a girl who smokes…and smoking is a deal-breaker…why continue to date? If I learned of the issues I mentioned in my original post before using Qubes, I probably wouldn’t have used it when I did. They are deal breakers for a daily driver, not deal breakers in general. Again, as I mentioned in my original post, I love Qubes and will continue using it - just not as my daily driver.
I wouldn’t recommend Dual-Booting with Qubes, since the other OS could compromise the integrity of the Qubes install.
Speakers aren’t an alternative to bluetooth. If I wanted to use speakers, I would have no problem plugging them in. I don’t use speakers. I use headphones, and headphones are for your head…which has a tendency to move around more.
I have used USB bluetooth dongles. While they are okay, they aren’t as good as internal or onboard devices. Also, since bluetooth is bluetooth, it introduces the same threat surface.
You may be able to live without wireless headphones but I can’t imagine it.
You misunderstood. It would be 100 up until the moment dom0 is compromised. That’s how any system works. It’s secure until it isn’t. It is said that security is a journey, not a destination. Security is a destination that can’t be reached. There are only mitigations. There’s no such thing as 50% security for the same reason that if one person out of a group of 10 people is untrustworthy, the whole group becomes untrustworthy so long as you don’t know who that person is.
It’s perfectly fine for CPU bound tasks. It just lacks GPU acceleration in the AppVMs, which should be no surprise to anyone who’s done a tiny bit of reading on it.
You’re literally defining system performance as “GPU accelerated video playback,” which is only one task among many.
FYI: There is a simple fix to securely using bluetooth headphones with a Qubes system, without compromising Qubes with bluetooth security vulnerabilities.
Solution is to get an audio cable to bluetooth transmitter.
Here is one of these products:
Your computer sends its audio out the normally wired audio cable and this discrete external bluetooth transmitter sends the audio wirelessly to your bluetooth headphones.
Bluetooth headphones working with no need to mix bluetooth insecurity to the inside of your Qubes system.
Why would I watch video beyond work-related which hardly goes above FHD or enable bluetooth on my Qubes computer? I just never do that anyway. I have plenty of other hardware for entertainment purposes. This is just as pointless as complaining you cannot use Qubes for graphics-intense gaming.
I really love Qubes, but the suspend/sleep issue with amdgpu is the main problem that stops me from using it. I don’t really mind keep my PC awake all the time, but that will shorten its screen time.
If I don’t limit the performance of my Ryzen 5600u, 1 hour’s web browsing can decrease the battery level by 15% or 20%. I understand that it is CPU rendering that draws much power, but I prefer to wait until more power-efficient machines come into existence. Maybe Ryzen 6000s are efficient enough. Maybe e-core in 12th Core are enough. I’m simply waiting for more feedback.
As with all things, your mileage may vary. It depends a lot on what you do, how much interest you have in doing it, how much configuration you are capable of and will put up with, etc.
I had an older Lenovo tower given to me with an 8C Intel (probably 2012 model) and no GPU. I put an SSD in it along side a HDD for non-VM use and 32GB of RAM. I have a 1080p screen. It does everything I need for daily work. I do keep a Windows PC around because I use that for gaming.
But, gaming doesn’t need high security. In qubes, I email, surf, 3d design, play videos, play music, record podcast, write books and blogs, chat, manage online portfolios, etc. It does everything I need for daily use.
Do I want more power? Yes, but I never spend more than I have to until I’ve found the limits to the system I am using and until I use the system extensively so that I am confident that issues are not “me”. Maybe in another year I’ll get a new gaming PC and use the old one for Qubes with 4k, etc.
That is the mark of a master (that was the best knighting emoji I could do…)
Yes, that would work, but I’m not really a fan of “have you tried using our stuff the way we designed it?” being used as a scapegoat when feedback is being given…
100%. But if a USB qube isn’t created, then any USB Bluetooth controllers will also go straight into dom0 by default. No, they won’t have any kind of firmware or software in dom0 to be able to use it, but still, not exactly something you’d want if you can easily avoid it…
@Syonyk A valid point. A week of using Qubes OS may not be enough to get a deep and complete understanding of it, particularly if you have not been able to execute your daily tasks that you’re used to. You haven’t had enough time to find a ways to do them (and then improve Qubes OS as a result)…
But still, @88uhbvpqboufpcez does make some good points even after using it for only a week (and@88uhbvpqboufpcez took the time to write some pretty decent feedback points), so I’ll give @88uhbvpqboufpcez that…
But if we listen to the feedback, we can make it become a viable option for more people like this in the future as well as existing users, no?
Agreed. Well said.
That was for Qubes 3, a LONG TIME AGO
The legendary @fsflover has linked quite a few forum threads about it. Yes, the information you need is there, but it’s a bit all over the place (documentation is coming!).
Plus, if you run into any trouble, ask us by all means
I have a friend that has an 82" 8K TV with a PC connected to it, being driven by an AMD RX 6900 XT to play 8K video and 8K gaming. He jokes that he doesn’t need the heater on when he’s watching a movie
But it’s a Qubes OS thing. Hardware acceleration is currently disabled by default for “security reasons”.
This might (and probably will) change in the future, though
Oh I would too
This page definitely helped me get the frame rates up for high resolutions:
Lowering the screen resolution seemed to have a decent effect on video playback, too.
(But no, that’s definitely not a “fix”. It’s more of a “workaround”)
I got what you meant
To be fair, hardware drivers weren’t as much of a “bloated black box” 5 years ago as they are now; so maybe that might be why…?
Then there will be a way to get Qubes OS to work in both cases
Careful. The person who originally came up with that metaphor is probably on this forum
But there are so many cool things you can do with a GPU. Don’t worry, work is being done on this
@qforo1 Very cool idea. But I guess any buttons on the headphones would be useless, so it still isn’t a complete “fix”
Qubes focuses on security rather than anonymity. When the gaming PC is carefully placed and managed, it cannot leak any sensitive information, as long as you process those information (including audio and images) only on Qubes. That’s because it doesn’t have access to that! So-called "air-gap’.
The real threat that a separate gaming PC poses is mostly related to social identities. That isn’t Qubes’ main objective.
I am not sure if I was replied with this, but I will paste from the link:
The technological and social risks of online games should be understood by anyone who enjoys them. These include the following:
• risks from social interactions with strangers who may trick you into revealing
personal or financial information
• risks from computer intruders exploiting security vulnerabilities
• risks from online and real-world predators
• risks from viruses, Trojan horses, computer worms, and spyware
That’s why the one should (try to) practice gaming on Qubes.
Oh yes. Gaming is definitely the least risky thing from a security perspective you could do
(Look, look, I’m winking. Look at my eye… )
There’s nothing like having a desktop full of icons, and then opening a game, having it go full-screen, playing for a few hours, quitting a game, and then seeing only one icon on your desktop:
A text file called “pls_read.txt”
OF COURSE THEY’RE DANGEROUS, especially now since they all seem to require an internet connection by default!
To be fair, I’m more of an offline gamer (yes, they still have their risks, but they can be somewhat mitigated), when I have any spare time
I would love to be able to game in Qubes. The best I could get was mupen64plus to emulate Donkey Kong 64 at 16 fps. Playable, but you couldn’t really “have fun with it”…
I agree, absolutely. Me, too. But I am sure there are tons of things we would love to be able to do in and with our lives. Some things we can’t and some we can, but we consider the costs and tradeoffs of (not) doing them. And it’s all legit. But we mustn’t allow ourselves to blame others for our own choices.
For me, each complaint on Qubes features (“missing” or “bad ones”) are translated as devs weren’t thinking through their job well (enough). Insulting almost, if I’m asked. Especially because as I see it, Qubes is one of the best, if not the best concepts I’ve ever faced, and at the same time realized almost to the maximum possible level at each moment. Thought to a decade ahead at least (yes I still have my concerns about Qubes Air). I can’t remember I complained about any feature, the one I miss, or the existing one. At most, I asked for help how I could provide it for myself.
Now, this doesn’t mean no one should ever question anything about Qubes, it’s just that I’m missing showing respect to the project and devs. And when that is missing, it shows to me absence of understanding threats starting from the sys-net and further out (not to speak about hardware itself). And that’s when and why I’m not surprised about quitters
To conclude: @alzer89, you and I would love to be able to play games, but we can’t. Do we quit Qubes because of that, or anything else?
Well, no, because I have enough benefits of using Qubes OS than I have costs…
I’ll happily forego my round of Pipedream or the Aloha Ice Jam on SSX Tricky or getting up to mischief as Michael, Trevor or Franklin in Qubes OS if it means my machine won’t be ransomed and my private keys stolen. To me, that’s a rather good deal.
But I’m sure there are people out there to whom this is important enough to be a deal-breaker…
I’d imagine getting professional video game players (Their lawyers have just served me with a letter stating that their official job description is called “E-Sports Athletes” ) to use Qubes OS as a daily driver would be an uphill battle to say the least, because they need the hardware acceleration (and probably have the budget to have a security team monitoring them 24/7)
sys-gui-gpu will likely be the way forward for us to get our gaming “fix” in future, once it’s out of the over and nice and crispy and golden-brown.
But any feedback is good feedback, and if there’s a way too take it onboard without anyone being negatively impacted, then why not give it a go, I say
If you have 110% control over the “Air” part, then I think it would be awesome. In any case, a very very fun thing to tinker with.
I just never do that anyway. I have plenty of other hardware for entertainment purposes. This is just as pointless as complaining you cannot use Qubes for graphics-intense gaming.
(that was the best knighting emoji I could do…)
) to use Qubes OS as a daily driver would be an uphill battle to say the least, because they need the hardware acceleration (and probably have the budget to have a security team monitoring them 24/7)