Menu

Subscribe

Qubes OS

So I just installed Qubes OS on a Dell laptop. The installation procedure was interesting – my trackpad didn’t work for the install so I used the mouse. After reboot you still haven’t setup a user account, so after decrpyting the install you create a user and login for the first time. The top left window shows you the running VMs and their respective memory usage.

It’s a pretty impressive setup. I installed this on a laptop and I’m pleased with the speed of opening several VMs simultaneously. The hardest thing to wrap my head around is that any installed application will dissapear betweeen reboots of the VM unless they’re installed in the root OS template the VM is based on.

For instance, I might be using the Debian 8 template for my Work instance. Let’s say I’m in my Work instance and I need to install an application, say gpick. I run the following:

sudo apt-get install gpick

This installs gpick flawlessly! I run the application happily and productively and then shut down. Here’s the interesting part―when I restart the Work instance gpick is not installed. All my files are there, but gpick is not. Why? Each time I start my work instance it starts up a fresh copy of the Debian 8 template (that does not have gpick) along with my Work files. So, if I want to have gpick in my work instance I need to install gpick permanently in my Debian 8 template. Also, if my Personal instance also uses the Debian 8 template, it would now have gpick1 as well.

This makes you ask a different type of security question: if I’m trying to be secure, do I want all other VMs based on this template to have this software installed by default? It’s like you’ve instantaneously gained perspective on how bizarre the tradeoff is on a standard machine.

There are, of course, other security implementations on the horizon. Wayland was just released for Fedora 25, and while this is not solely security-focused, it appears to separate applications better than Xorg.

At any rate, these are just my first impressions of the OS. With further use will come greater understanding (and likely appreciation). Subgraph OS is another I’d like to try at some point.

  1. gpick is totally broken on Wayland [return]