[HN Gopher] New user guide: How to organize your qubes
___________________________________________________________________
New user guide: How to organize your qubes
Author : andrewdavidwong
Score : 46 points
Date : 2022-10-30 17:35 UTC (5 hours ago)
(HTM) web link (www.qubes-os.org)
(TXT) w3m dump (www.qubes-os.org)
| Phlogi wrote:
| How is the performance if you run like 5 VMs incl. a Windows one?
| agiacalone wrote:
| Running Qubes 4.1 on a Lenovo Thinkpad T460s i7 6600U, 12GB
| DDR4 RAM.
|
| VMs (Qubes) work like a snap. I typically run 8-10 with various
| utilities/browsers and wouldn't even be able to "tell" that
| it's running in a VM if I didn't know any better. The entire OS
| feels very lightweight and snappy. I also prefer minimal UIs,
| so that helps a bit. I can see where the UI might "put off"
| some modern users, as it reminds me a lot of the old CDE
| interface without the bottom status bar that CDE used to have
| (I believe Qubes uses GTK-2, IIRC). The included Linux Qubes
| (Debian, Fedora, Whonix) all work well and provide a "seamless"
| enough experience, considering that you are always working with
| multiple virtual machines.
|
| Others in the thread have echoed concerns about the funky
| copy/paste feature, but it works well for me once I got the
| hang of it. I sometimes now even accidentally do the two-step
| copy/paste even when I'm not using Qubes.
|
| Windows 10 in a Qube, on the other hand, is only okay-ish.
| It'll get the job done running Office 365, but I wouldn't
| exactly call it a pleasant experience. It's a bit sluggish and
| will only run in full VM mode, which is a resource hog.
|
| Although I don't really call Windows a pleasant experience in
| most cases. ;)
| fsflover wrote:
| Depends on the hardware and what exactly you do. See also:
| https://www.qubes-os.org/faq/#can-i-run-applications-like-
| ga....
| alex_sf wrote:
| I have not run a Windows VM in Qubes, and I've been using it
| full time for only about a week now, but: performance has not
| been an issue with up to at least 8. This is with an NVMe
| drive, Ryzen 5600G, and 32GB of RAM.
|
| Usability, however, is a bit wonky, but that's the trade-off
| for security. I'm sure my relative inexperience with it is at
| play there, as well.
| allanbreyes wrote:
| The secure copy and paste feature always seemed to address the
| wrong threat model or use case for me. Sure, it's great that it
| keeps things isolated and compartmentalized across VMs, but it
| doesn't help much if you accidentally paste it into a phishing
| site. I wish there was just better browser integration for it, so
| you could have a password manager that could only access secrets
| on-demand + also automatically verify the domain or site you're
| trying to enter credentials into.
|
| Anyway, still very cool stuff. I used Qubes for a few years
| before I made the mistake of purchasing a laptop that wasn't
| fully supported, but I often think about picking it back up or
| trying to install it again.
| alex_sf wrote:
| In practice, the Qubes C/P thing isn't unpleasant. There's also
| no reason browser integration can't be done right now; I use it
| with Qubes.
|
| I have a primary 'vault' qube that holds all the credentials
| for all qubes, and then use Firefox's built-in password
| management on a per-qube basis. There is an initial 'config'
| step where I'll need to pass credentials from the Vault qube to
| an App qube, but after that it's smooth+automated.
|
| Alternatively, you could use a vault-per-qube model.
| Linuxwindows wrote:
| Can it be used on any laptop like Asus Zenbook?
| fsflover wrote:
| Here is a list of tested deviced: https://www.qubes-os.org/hcl.
|
| Here is a list of devices recommended by the community:
| https://forum.qubes-os.org/t/community-recommended-
| computers....
| Linuxwindows wrote:
| Thanks, just two more quetions.. How is with dual
| installation of qubesOs and Windows and how is with privacy?
| I know that some laptop manufacturers preinstall some kind of
| spyware on their laptops to gather user data
| fsflover wrote:
| Dualbooting is possible but not ideal:
| https://github.com/Qubes-
| Community/Contents/blob/master/docs....
|
| Qubes doesn't preinstall any spyware. It provides privacy
| with Whonix: https://www.qubes-os.org/faq/#how-does-qubes-
| os-provide-priv.... If your BIOS is compromised, then it
| might be game over; coreboot is recommended.
| uri4 wrote:
| Interesting. I found it great to evaluate some random github
| projects. Virtual machines do not work very well on multiple
| monitors. I can also separate such projects from internal lab
| network.
| eduction wrote:
| This is nice but misses one vital step IMO: Do your basic web
| surfing in a disposable VM.
|
| The article mentions using a disposable VM to view email
| attachments but considering how much malware is delivered through
| the web I like to keep my web activity highly comparmentalized by
| default. The trick is to configure the browser and set your
| bookmarks etc first in the disposable app vm template. You can
| even have some accounts pre logged in, ideally using Firefox's
| container tab system for extra security.
|
| For a more advanced setup: I have one dispvm template for general
| web surfing and another for my social activity, with container
| tabs and live logins for various social platforms, and then a
| third dispvm template where I'm logged in to some things I care
| more about like Google Docs. Then all my really sensitive stuff
| is in a fourth, non disposable vm where I _only_ use it for
| things like bank, mutual fund, 401k, credit cards, etc (all in
| container tabs for extra security). No web surfing ever in that
| vm.
| agiacalone wrote:
| > This is nice but misses one vital step IMO: Do your basic web
| surfing in a disposable VM.
|
| This cannot be emphasized enough. :)
___________________________________________________________________
(page generated 2022-10-30 23:01 UTC)