Why one would use Qubes OS?

Super easy backups, security through isolation, and heads compatibility. Whonix is a great feature too.

honestly i do not know. it sucks. in so many ways. it is very complicated to get into. but since i started using it i can not imagine going back to just monolithic systems anymore. being able to just create a new vm with just a few clicks to try something on a fresh machine without the need to worry about breaking anything is just awesome. and even though it is slow and complicated and all that i came to the conclusion that the things i want to do with computers are just simpler to do with qubes than with other operating systems. and it is very difficult to shake of the slightly scary feeling of doing something potentially stupid when opening my password manager on a device with direct connection to the internet.

In essence I only use an HVM if I have to.

So I forget about that one (or PV or PVH), and I focus on templates vs AppVMs, and whether the AppVM in turn is a disposable template, and whether the disposable is named or not. (And yes it’s unfortunately easy to confuse a disposable template with a templateVM.)

Another point of confusion is it can be hard to tell (until you learn the tells) whether clicking on an AppVM will open a disposable or not. And a named disposable will have its own distinct (and distinctive) entry in a menu, while a non-named one will not. I solved this by coming up with a naming convention; disposable templates for end in -dvmt (for disposable virtual machine template), named disposables end in -disp.

OK so here it is:

It helps to think of a computer’s file system as being divided into “user area” and “system area” The docs will tell you what locations exactly are in the two areas, but for a start /usr/bin (where software usually lives) is system, /home/user (where your data probably lives) is user.

A Template is basically intended to be a safe copy of a system area. Install software on it; the software goes into the system area. It does has a user area, but it’s of little use because the user area will NOT show up in AppVMs based on the template. A template will “remember” its own system and user areas from one startup to the next.

An AppVM when it’s not running basically ONLY has a user area. When you start it up, it makes a copy of the system area of the template it’s based on. So, when running it has both system and user areas. You can’t see the template’s user area from the AppVM, the one in the AppVM basically “overlays” it.

You can write to the system area on an AppVM, (provided you have the right permissions) but when you shut the AppVM down, those changes are lost. The next time you start the AppVM it has a fresh copy of the System Area from the template. Your user area, on the other hand, will “persist” the next time you run it. You can do whatever you want here and it won’t affect the template’s user area, just the one on the AppVM.

Now an AppVM might just be a disposable template. When a disposable is run, you get the Template’s system area, copied, and the disposable template’s user area, copied, and BOTH will go back to the way they were when you shut down the disposable.

Disposables come in two types: named disposables have the same name every time, and you can start them up like AppVMs. They will remain running until shut down. The unnamed ones are the ones named disp1234 or something like that; they only run until you shut down the program you started them with. For example if you click on a link in an email and it opens a browser in an unnamed disposable, the disposable shuts down when you close the browser. If it’s in a named disposable, it continues running after you shut down the browser.

OK hopefully that’s enough to get you started.

Thank you

I bookearked this to review a few more times
appreciated

Can’t live with it can’t live without it I feel that. I’ve since gotten acquainted with KVM as well on my qubesless systems because of how easily Qubes re-wired my brain to think in virtual machines. Now everything in my house is a virtual machine and I love it.

The cherry on top of Qubes for me though is definitely netvm’s. I have too many netvm’s. You just can’t beat netvm’s.

Totally agree. I have no fun using Qubes OS, but that the only OS that feels good enough to do sensitive work and allow experimenting.

Like a love-hate relationship The thing I know is: I love its modularization feature even more than its security benefits.