Qubes OS first impressions

Last week, I switched from Fedora (fc27 iirc) to Qubes OS on my home laptop. It's an old and heavy Asus ROG laptop that I typically don't use for development purposes. My current main system is an iMac pro, "almost FuLLy loaded".

I'm not paranoid about privacy and security, but I think that I needed a reminder that those things are more important nowadays.
- Does privacy even exist anymore on the web? Did it ever existed?
- How easy is it to hack for a "script kiddie" nowadays, and what about for an "experienced hacker"? What if we replace "experienced hacker" with "organizations that have resources"?
- What about the "Intel Management Engine" and its AMD equivalent? What do those things actually do? How bad is that code in IME or PSP, in terms of new vulnerabilities to expect? Hopefully such those "features" will become opt-in features for customers with options to fully disable the functionality.
- What about security in our IOT devices?  It's always funny to log-in into your internet provider router UI and see wifi passwords displayed in plain text. If your internet provider does such things, what do you think usually happen for other types of services when it comes to security or basic programming practices?
- What about antivirus software? I'll never forget the early years of Kasperksy on my first PC a while back (1999-2000), it would always detect viruses, that is after infection and sometimes without any possible remediation... Do you believe that antivirus software can detect most viruses nowadays?


So many questions, in any case let's jump to Qubes OS...

System requirements

RAM

I recommend at least 16 GB of RAM. On the Qubes OS website, they mention 4 GB minimum. With 4 GB and on a system that employs significantly virtualization, the experience cannot be pleasant. If this will be your main and only OS, I suggest 32 GB of RAM, if you can. I run Qubes OS on an "old" gaming laptop with 16 GB of RAM.

Storage

While an HDD will work fine, an SSD is much better. I can't really stand waiting for I/O operations on old devices. My laptop has 2 TB (HDD) while my main machine has a 4TB SSD,  night and day  from a performance standpoint.

Ease of use

I do not believe that Qubes OS is good for the Linux newbie, it could be a very frustrating experience, especially if the system doesn't recognize all devices, on top of other issues.

The main concepts to understand are around Qubes OS way of doing things, its tooling (clipboard, utilities, etc.) and Xen virtualization, other than that, it's just Linux (Debian and Redhat based VMs).

I only spent few days on Qubes OS and my setup is far from complete.

PC or laptop recommendations??

I do not really have anything to suggest. If you have a recent enough machine and you're able to boot the ISO image, I think that it should be possible to deal with other issues later (drivers and other problems).

I think that with a Thinkpad or possibly pricy Librem laptop things should go smoothly. For new Librem laptops, I believe that Qubes OS supposedly works "out of the box".

I did struggle with Broadcom wifi drivers that used to work fine with "old" Linux kernels, after 2 days I decided to just purchase a Linksys USB wifi adapter. I got tired of chasing old kernels and specific driver versions for BCM4352: other approaches that used to work don't work anymore.

Qubes OS maintains a Hardware Compatibility List webpage.

Screenshot of Qubes OS on my laptop

There's still work to do for my VPN proxy setup outside the sys-net VM, vault and other stuff, etc. My typical laptop usage is about surfing the web, watching videos and "accidentally" working (SSH or other remote access approaches).

I tend to prefer Fedora for  user programs and Debian for services. I was not successful at setting up other community provided template VMs: build fixes -> build -> install -> startup failures

My ideal final Qubes OS setup would involve the following:
- OpenBSD as firewall VM, I'm only familiar with FreeBSD to an extent.
- Arch Linux, Alpine or anything else that is lightweight for "proxy/services/servers" VMs.
- A customized DWM window manager on DOM0 instead of XFCE to keep it "light": few bash or python scripts to automate small things? On the average day, on DOM0, I just need to attach  USB devices, connect to wireless access points and run the Qubes VMs manager.

Few resources

• The official website: https://www.qubes-os.org 
• The issue tracker: https://github.com/QubesOS/qubes-issues 
• Mailing lists: https://www.qubes-os.org/support/

Recalling when and why I stopped using MS Windows at home

I have used few operating systems over the years. On some occasions, I had the luxury of running a non-Windows OS at the office too (8 years or so).

At home, I have to confess that I stopped using Windows a "very long time" ago. I do not really play around with any OS since 2007, I'm just the average John Doe doing "simple things" in front of the PC.

Discovering a non-Windows world

Around the end of my bachelor, I realized that there was something called Linux that I didn't know anything about. A friend helped me install it and he showed me some basic commands.

I was eager to learn and I found all daily tasks challenging at first. How do you find solutions when you don't know the problem or the keywords to type?? I think that many recall Google searches with almost no results, daily forums visits, IRC chats with RTFM comments ☺.

The fact that .Net was not open-sourced kept me on Linux too, as I quickly started programming in Java during my master. I became a bit obsessed with the command line and discovering a "new world" was very addictive.

The days of the preacher

At some point, I wanted "help" others switch to Linux. All operating systems have their annoyances in my opinion.

 

 The days of the marginal

I didn't know many individuals running only Linux in my "bigger entourage".

• Why don't you use Windows like anybody else?
• Where is Internet Explorer? Why isn't StarOffice/OpenOffice just like Microsoft Word? 
• Why are you often in a terminal?? 
• Why do you go through so many steps to mount Novell Network drives?
• etc.

 

The John Doe days

My day to day Linux/OSX usage is the same as anybody on Windows. I'm the average John Doe watching videos and browsing the Web, I forgot many things, but there's still lots of muscle memory left. I think that Ubuntu really changed the Linux scene years ago (easier installation, good docs, etc.).

I occasionally get the "Uh, this is Linux?" and that's it, no real stigma. Most of the tools, that I care about are available on Linux or OSX.

Experimenting with Unix/Linux over the years

At work, I do not always have the choice to use the OS of my liking, I'll run any OS that the client prefers. At home, I stopped running Windows a while ago.

2001-2002 until 2008 - Linux and BSD

My first "real Linux distribution tryout" was Mandrake Linux. In order to become comfortable with Linux I decided to simply wipe my Windows installation. What can you do when you've got no other options :-) ? Install it Linux - break it - reinstall - rinse and repeat
During this period, I tried several distributions (Debian based distros including Ubuntu, Redhat based distributions, Gentoo, Arch Linux, Slackware, etc.).
For a year or so, I run FreeBSD as my main Desktop OS. I also spent few months on Solaris.

2008-2010 - Tasting the $$Apple

I had a Hackintosh for about 2 years (roughly 24 hours of dedication for major releases upgrades -> kernel panics and general issues). I created installation guides to help others, as there was nothing working well for my hardware specs at the time, I won't post any webpage links...

If you can afford it, I recommend buying Apple products instead of pursuing other ways for running Mac OS. Installing and upgrading a Hackintosh can be tedious, accordingly to your hardware specs.

2012 - 2019

Nowadays, I run OS X on my home-office machine (iMac), as well as Linux (laptop). As of mid 2019, I've been experimenting with Qubes OS and other specific purposes distributions.

Linux wishes

• It would be great to forget about device drivers (compatibility issues, buggy or unsupported drivers for some hardware).
• Missing or unsupported Kernel drivers: My broadcom wireless card is problematic with new Linux kernels and distributions... Depending on the Linux distribution, solving driver issues can be challenging.
• Less memory hungry tools: If I recall correctly, I first run a Linux desktop on a 256MB of RAM machine, I'm not sure that this is easily possible anymore.
• Recalling tools and conventions across Linux distributions is difficult: switching package managers, tools and conventions is not easy. I'm more comfortable with Debian and Redhat based distributions.

Back at it

This blog is alive again! It's been a while and I'm planning on blogging again on a regular basis.