Last week, I switched from Fedora (fc27 iirc) to Qubes OS on my home laptop. It's an old and heavy Asus ROG laptop that I typically don't use for development purposes. My current main system is an iMac pro, "almost FuLLy loaded".
I'm not paranoid about privacy and security, but I think that I needed a reminder that those things are more important nowadays.
- Does privacy even exist anymore on the web? Did it ever existed?
- How easy is it to hack for a "script kiddie" nowadays, and what about for an "experienced hacker"? What if we replace "experienced hacker" with "organizations that have resources"?
- What about the "Intel Management Engine" and its AMD equivalent? What do those things actually do? How bad is that code in IME or PSP, in terms of new vulnerabilities to expect? Hopefully such those "features" will become opt-in features for customers with options to fully disable the functionality.
- What about security in our IOT devices? It's always funny to log-in into your internet provider router UI and see wifi passwords displayed in plain text. If your internet provider does such things, what do you think usually happen for other types of services when it comes to security or basic programming practices?
- What about antivirus software? I'll never forget the early years of Kasperksy on my first PC a while back (1999-2000), it would always detect viruses, that is after infection and sometimes without any possible remediation... Do you believe that antivirus software can detect most viruses nowadays?
So many questions, in any case let's jump to Qubes OS...
System requirements
RAM
I recommend at least 16 GB of RAM. On the Qubes OS website, they mention 4 GB minimum. With 4 GB and on a system that employs significantly virtualization, the experience cannot be pleasant. If this will be your main and only OS, I suggest 32 GB of RAM, if you can. I run Qubes OS on an "old" gaming laptop with 16 GB of RAM.Storage
While an HDD will work fine, an SSD is much better. I can't really stand waiting for I/O operations on old devices. My laptop has 2 TB (HDD) while my main machine has a 4TB SSD, night and day from a performance standpoint.Ease of use
I do not believe that Qubes OS is good for the Linux newbie, it could be a very frustrating experience, especially if the system doesn't recognize all devices, on top of other issues.The main concepts to understand are around Qubes OS way of doing things, its tooling (clipboard, utilities, etc.) and Xen virtualization, other than that, it's just Linux (Debian and Redhat based VMs).
I only spent few days on Qubes OS and my setup is far from complete.
PC or laptop recommendations??
I do not really have anything to suggest. If you have a recent enough machine and you're able to boot the ISO image, I think that it should be possible to deal with other issues later (drivers and other problems).I think that with a Thinkpad or possibly pricy Librem laptop things should go smoothly. For new Librem laptops, I believe that Qubes OS supposedly works "out of the box".
I did struggle with Broadcom wifi drivers that used to work fine with "old" Linux kernels, after 2 days I decided to just purchase a Linksys USB wifi adapter. I got tired of chasing old kernels and specific driver versions for BCM4352: other approaches that used to work don't work anymore.
Qubes OS maintains a Hardware Compatibility List webpage.
Screenshot of Qubes OS on my laptop
There's still work to do for my VPN proxy setup outside the sys-net VM, vault and other stuff, etc. My typical laptop usage is about surfing the web, watching videos and "accidentally" working (SSH or other remote access approaches).
I tend to prefer Fedora for user programs and Debian for services. I was not successful at setting up other community provided template VMs: build fixes -> build -> install -> startup failures
My ideal final Qubes OS setup would involve the following:
- OpenBSD as firewall VM, I'm only familiar with FreeBSD to an extent.
- Arch Linux, Alpine or anything else that is lightweight for "proxy/services/servers" VMs.
- A customized DWM window manager on DOM0 instead of XFCE to keep it "light": few bash or python scripts to automate small things? On the average day, on DOM0, I just need to attach USB devices, connect to wireless access points and run the Qubes VMs manager.
Few resources
- The official website: https://www.qubes-os.org
- The issue tracker: https://github.com/QubesOS/qubes-issues
- Mailing lists: https://www.qubes-os.org/support/
No comments:
Post a Comment