[HN Gopher] A modest update to Qubes OS
___________________________________________________________________
A modest update to Qubes OS
Author : voxadam
Score : 130 points
Date : 2024-02-24 09:13 UTC (13 hours ago)
(HTM) web link (lwn.net)
(TXT) w3m dump (lwn.net)
| aborsy wrote:
| I installed 4.2 and was rather happy with the UI. The new GUI is
| better.
|
| The gnome desktop will be important for adoption. XCFE looks ugly
| in comparison. Equally important is the ease of installation,
| hardware support, documentation for the bios settings, etc.
| crtasm wrote:
| Can you switch to gnome for dom0? I thought KDE was the
| alternative.
|
| Also:
|
| >Another interesting change with this release the use of Xfce
| editions for Fedora and Debian instead of GNOME to reduce
| memory usage and provide a better selection of default
| applications. Marek Marczykowski-Gorecki said that Fedora's
| GNOME template has too many ""problematic"" packages that
| ""either conflict with something or simply don't work with our
| GUI agent"".
|
| I prefer Xfce FWIW.
| seanhunter wrote:
| I generally use i3 for dom0 on my qubes boxes. It works
| great. There is generally support for a few different options
| in dom0 but clearly since dom0 is special you need to be
| mindful of reducing the software footprint as much as
| possible in my view.
| crtasm wrote:
| I can see that reasoning but also have no idea how much
| testing/fuzzing/etc. i3 gets compared to Xfce?
| BodyCulture wrote:
| XFCE looks very good, but it can look however you make it look.
| Most people are using it because of technical reasons, not
| based on how it looks, because they know how to dive deep under
| the surface of things.
| adultSwim wrote:
| > Most people are using it because of technical reasons, not
| based on how it looks
|
| Plenty of us consider both. Qubes is the only game in town,
| and also competing with macOS 14 and Windows 11. These
| systems look good and are quite usable out of the box.
|
| The take-it-or-leave-it attitude popular with some community
| members doesn't help much with retention either.
|
| I already know the Qubes-specific bits (templates etc). I
| don't want to have to put a lot of work into set up just to
| make it usable visually.
|
| I left Qubes as a daily driver because I could never get
| watching videos to be a pleasant experience. I believe this
| is due to the lack of GPU acceleration.
|
| For the modest amount of developer resources they have, 4.2
| appears to be a rather significant release.
| sureglymop wrote:
| I used Qubes a few years ago. I highly agree.
|
| I found a very good looking theme for XFCE back then, but
| to make it usable I had to edit it myself and add the
| colored borders. It's been a while so no longer have all
| the files.
|
| It needs to look good right out of the box to help
| adoption.
| crtasm wrote:
| Perhaps try KDE?
|
| https://www.qubes-os.org/doc/kde/
| fsflover wrote:
| > I left Qubes as a daily driver because I could never get
| watching videos to be a pleasant experience.
|
| https://forum.qubes-os.org/t/improving-video-playback-
| speed/...
|
| https://forum.qubes-os.org/t/hd-video-playback-on-qubes-
| os-o...
|
| https://forum.qubes-os.org/t/improve-video-playback-
| performa...
|
| and
|
| https://github.com/QubesOS/qubes-issues/issues/8962
| circusfly wrote:
| Gnome is terrible. I will choose either KDE or XFCE any day.
| chaxor wrote:
| Does Xfce work on Wayland? I would imagine qubes would either
| use wayland or not provide any windows management if they're
| focused on security. As I understand it, X11 has a lot of big
| security vulnerabilities that Wayland fixes, but not having any
| of that code or functionality to review makes it a lot easier
| to secure. Like the Alpine mentality.
| kop316 wrote:
| Not yet, but they are working on switching over.
| seanhunter wrote:
| It's worth trying to understand the qubes security model a
| bit because it's very different from a normal distro.
| Essentially dom0 runs the xen hypervisor and then all your
| "actual work" gets run in various sandboxed vms which are
| highly protected. Normal vms have the system directories wipe
| and reset on reboot and there are also transient "tempvms"
| that literally get completely burned down and have no
| sideeffects. You can lock down which hardware is accessible
| from which vms as well as very finegrained control of things
| like network traffic (including ingress and egress).
| Clipboard is not shared between vms (although there are ways
| to explicitly choose to do crossvm cut and paste) and other
| copying or sharing between vms is also very tightly
| controlled.
|
| In that context, security vulnerabilities in X11 don't have
| the same impact as they would in a normal distro. User
| processes running in a VM don't have the ability to exploit a
| problem in X11.
|
| Go here https://www.qubes-os.org/faq/ and scroll down to "How
| does Qubes OS provide security?" to understand better.
| fsflover wrote:
| However switching to Wayland will improve performance:
| https://github.com/QubesOS/qubes-issues/issues/3366
| seanhunter wrote:
| For sure. I would really like them to do it.
| fsflover wrote:
| > The gnome desktop will be important for adoption
|
| Gnome is too opinionated to adjust it for Qubes:
| https://github.com/QubesOS/qubes-issues/issues/1806#issuecom...
|
| However you can easily install KDE.
| SuperNinKenDo wrote:
| Great to see them work on discoverability. A general problem in
| modern UIs these days, and very important in such a complex
| system.
|
| I've been giving serious thought to trying out Qubes lately, it
| looks like a pretty cool package.
| ethbr1 wrote:
| If this has an RFP for eating babies buried at the very end, it
| wins best titled article ever.
| fsflover wrote:
| There are a couple imprecise or omitted details about the OS in
| the text.
|
| > Qubes OS is designed to be a single-user desktop operating
| system
|
| At the moment, it's true, but multi-user support is planned:
| https://github.com/QubesOS/qubes-issues/issues/8958
|
| > Note that the Qubes website and documentation tend to use the
| term "VM" and "qube" interchangeably
|
| This is because in the future a "qube" will be able to run on
| independent hardware: https://www.qubes-
| os.org/news/2018/01/22/qubes-air. Then, VM and qube will not
| necessarily be the same thing.
|
| > For example, installing software on a Fedora desktop is usually
| as simple as "dnf install package". But installing software to
| use within a Fedora-based qube requires several additional steps
| on Qubes OS, plus restarting VMs
|
| If the software is from the main repo, you do the same "dnf
| install package" in a template. There are no other steps apart
| from restarting the App VM (which can also be avoided if
| necessary).
|
| > Then again, it's also not encouraged--Bluetooth isn't
| considered secure, so why focus on making it easier to configure?
|
| You _can_ use Bluetooth securely on Qubes OS (but it does require
| some effort to set up): https://github.com/QubesOS/qubes-
| issues/issues/7750#issuecom...
| tryauuum wrote:
| so, what laptop do you use for Qubes?
| fsflover wrote:
| I use Librem 14. See also: https://forum.qubes-
| os.org/t/community-recommended-computers...
___________________________________________________________________
(page generated 2024-02-24 23:00 UTC)