Qubes OS: A reasonably secure operating system
43 comments
·January 12, 2025irundebian
dmm
> dropped it because of bad graphics performance (only software rendering supported, many frame drops when watching HD videos on YT)
Around Firefox 92 or 93 the new GPU-based renderer ported from Servo was made default and performance under Qubes became much worse. Unfortunately, it seems applications increasingly assume the presence of video acceleration and don't prioritize software rendering.
jwrallie
I could tolerate no graphic acceleration and battery issues as part of the virtualization overhead, but I had issues with sleep (it would sleep and wake up perfectly only with when plugged in) and other related problems such as Windows VMs crashing when waking up from sleep.
I was using it well at home but could not stand it when I travelled around with my laptop.
I think Xen is mostly at fault for the issues, but I’m sure using something like KVM would be insecure, or they would have migrated already.
dmm
Does sleep and wake work for you with a standard Linux distro? If so a newer kernel might help,like the kernel-latest-qubes-vm package, might help:
https://www.qubes-os.org/doc/managing-vm-kernels/#installing...
NegativeK
Given the tendency for people to lower their unknowingly compromise their security for the sake of convenience, I can understand why a project wouldn't do that. Knowingly is different and is what you're requesting -- it's when someone is following some Stack Overflow post or some such and doesn't have the training (similarly with the SO commenter, potentially) to know the implications.
It kind of feels like a tradeoff between protecting users who are critically in need of something like Qubes or expanding its reach to people who are less at risk and won't use it if it's too inconvenient.
Etherdrake
QubesOS is best enjoyed with a hefty CPU, lots of SSD space and a multi-screen set-up (in my opinion). Have you tried using Freetube instead of Youtube? In my experience it works a little better.
jwrallie
The most annoying issue I had was that even using mpv would lead to audio samples being dropped. I think I fixed it eventually by increasing buffer sizes, but I would expect at least audio should work out of the box.
Dalewyn
>bad graphics performance (only software rendering supported, many frame drops when watching HD videos on YT)
It might help if you used a computer with CPU horsepower that actually exists.
And in case this sounded facetious, any reasonable CPU from the past 15 years can handle software decoding of high resolution video just fine.
This all said however, if you do actually need full use of all hardware resources then being constrained to software is certainly a factor worth considering.
crest
You have to do more than just decode the the video stream to display it as smoothly playing video without dropping frames or audio samples or loosing sync. It requires always scheduling the context switches correctly between different virtual machines when using Qubes OS, performing multiple copies across protection domains.
Brute force helps a lot, but do you want a ≥5GHz multi-core CPU burning 150W just to watch a single video stream with maximum paranoia settings?
Crontab
Even though I never used Qubes OS I used to really enjoy Joanna Rutkowska's passion for it.
Other women who's computing enthusiasm I enjoyed was Jessie Frazelle's writing and speaking about running everything in Docker on her laptop and Sacha Chua's love for Emacs.
Fnoord
There's a lot of awesome females in the infosec community. Check out the podcast Darknet Diaries for a glimpse. Some of the coolest red teaming podcasts were (IMO) with women.
In this context, I'd like to mention Dr. Melanie Rieback. She is 'the CEO/Co-founder of Radically Open Security, the world’s first non-profit computer security consultancy company.' Previously in the 00's known for her research in RFID security.
Or have a look at hack conferences such as recently 38C3.
nine_k
Let me also add the brilliant https://justine.lol
zvmaz
With zero-click exploits that we certainly do not know of, Qubes OS offers some peace of mind.
armSixtyFour
Unless there's a zero day in Xen in which case the entire security model falls apart. With all these cloud providers using Xen, I have no doubt that there's already one out there.
zvmaz
This is true. But the code base of Xen is significantly smaller than that of a full operating system running bare metal, so the likeliness of a zero-day comprising Qubes is less likely (but possible).
DrWhax
QubesOS was my main driver for a couple of years, but I have to say that the low battery life compared to only software rendering got pretty annoying after a while. Depending on the hardware, you'll need to possibly disable certain options in the BIOS/UEFI, like for an t490 that I documented: https://groups.google.com/g/qubes-users/c/Z0Kfm53zMxQ/m/IV-A...
gjsman-1000
I would say, a little more hesitantly, that it deeply depends on what you are doing.
When interacting remotely with untrusted services, apps, or documents, Qubes cannot be beaten.
However, if I was afraid of my laptop getting attacked with an evil maid attack, I’m sticking with my Mac, Secure Boot, and FileVault; so that my Lock Screen is less likely to be patched against me. If I’m afraid of persistent malware, I want a platform that isn’t necessarily game over if the malware gets sudo privileges once. If I’m afraid of PIN guessing attempts to break in by brute force, I want something like a modern iPhone where the guessing limit is hardware enforced, not a Linux phone where it’s software enforced.
Same for if I were in a country with a hostile government. Nothing screams “I’m hiding something and I’m malicious” like using GrapheneOS or Qubes in Russia or China. They might not see your work, but the uncommon choices by itself makes you suspect. An iPhone and Mac over there suggests wealth, and would possibly socially increase your benefit of the doubt due to white collar associations; GrapheneOS and Qubes would shred all benefit of doubt you may have enjoyed.
I sometimes think of the Tor incident at a US College. I’m not encouraging this behavior, but a college student sent bomb threats to his university. He was identified, arrested, and convicted because he was the only one using Tor on the university network. A perfect example of how the “more secure” thing used without strategy can shoot yourself in the foot.
The point is: If you are reporting on military activity in the Donetsk region, don’t be the only person in the area using Qubes and Tor. Don’t be the only person in the area with a phone pinging GrapheneOS update servers, or a laptop pinging Qubes package repositories. Heck, don’t be the only guy with a phone on the cell network identifying as Android that inexplicably never talks to Google.
accassar
sudohackthenews
AEM is a little sketchy though, you need to trust a flash drive to hold it, and make sure that drive doesn’t get overridden by a malicious attacker. Your link goes more into depth about the disadvantages
transpute
In some threat models, it's more feasible to protect a portable flash/SSD drive than an entire laptop.
In other threat models, laptops/tablets/phones could be physically secured in a safe, or kept under direct physical supervision.
woctordho
In China we have ways to obfuscate those unusual traffic into usual ones like WeChat video calling
mjg59
It's probably worth mentioning that secure boot is trivially circumventable given physical access on any Intel Mac (including T2 Macs), so you want at least an M1 to feel safer here
Fnoord
> When interacting remotely with untrusted services, apps, or documents, Qubes cannot be beaten.
Sums up WWW.
But I believe you could use a VM or container and use such. For example, with Whonix (which also works in Qubes!)
What I'd like is use such in macOS but alas Jobs & Cook ask premium price for RAM on Macs.
With regards to Donetsk example (I like the example). There is a good reason being hidden in plain sight is blending in with masses. It is difficult to get such OPSEC right, and you need to consider different techniques for if one gets burned.
andy_ppp
How stupid, if you’re going to send bomb threats do it from someone else’s computer…
Dalewyn
There's an age old saying in Japan that if you want to hide a tree you should do so in a forest.
dang
Related. Others?
Converting untrusted PDFs into trusted ones: The Qubes Way (2013) - https://news.ycombinator.com/item?id=42401904 - Dec 2024 (45 comments)
Why one would use Qubes OS? (2023) - https://news.ycombinator.com/item?id=42200987 - Nov 2024 (16 comments)
Counter argument against QubesOS more secure by being a type 1 hypervisor - https://news.ycombinator.com/item?id=41401318 - Aug 2024 (1 comment)
Qubes OS 4.2.2 has been released - https://news.ycombinator.com/item?id=40959109 - July 2024 (5 comments)
Working with Qubes OS at the Guardian - https://news.ycombinator.com/item?id=39949882 - April 2024 (74 comments)
Qubes OS 4.2.1 has been released - https://news.ycombinator.com/item?id=39833245 - March 2024 (11 comments)
A modest update to Qubes OS - https://news.ycombinator.com/item?id=39490264 - Feb 2024 (31 comments)
Qubes OS 4.2.0 has been released - https://news.ycombinator.com/item?id=38690597 - Dec 2023 (21 comments)
QubesOS – A reasonably secure operating system - https://news.ycombinator.com/item?id=36684946 - July 2023 (135 comments)
Qubes OS 4.2-rc1 is available for testing - https://news.ycombinator.com/item?id=36178205 - June 2023 (3 comments)
New user guide: How to organize your qubes - https://news.ycombinator.com/item?id=33396604 - Oct 2022 (15 comments)
Opsec considerations when using WiFi - https://news.ycombinator.com/item?id=32148920 - July 2022 (2 comments)
What Is Qubes OS? - https://news.ycombinator.com/item?id=32036899 - July 2022 (82 comments)
Automated OS testing on physical laptops - https://news.ycombinator.com/item?id=31281107 - May 2022 (4 comments)
Qubes OS: A reasonably secure operating system - https://news.ycombinator.com/item?id=30776103 - March 2022 (97 comments)
Qubes OS 4.1.0 has been released - https://news.ycombinator.com/item?id=30215210 - Feb 2022 (1 comment)
Ask HN: Qubes OS or just separate VMs for separating work and private files? - https://news.ycombinator.com/item?id=29537961 - Dec 2021 (6 comments)
Qubes OS 4.1-rc1 has been released - https://news.ycombinator.com/item?id=28856957 - Oct 2021 (5 comments)
Qubes OS 4.0 has been released - https://news.ycombinator.com/item?id=16699900 - March 2018 (39 comments)
Qubes OS: A reasonably secure operating system - https://news.ycombinator.com/item?id=15734416 - Nov 2017 (144 comments)
Reasonably Secure Computing in the Decentralized World - https://news.ycombinator.com/item?id=15566563 - Oct 2017 (44 comments)
Toward a Reasonably Secure Laptop - https://news.ycombinator.com/item?id=14743238 - July 2017 (100 comments)
“Paranoid Mode” Compromise Recovery on Qubes OS - https://news.ycombinator.com/item?id=14218504 - April 2017 (14 comments)
Qubes OS Begins Commercialization and Community Funding Efforts - https://news.ycombinator.com/item?id=13069615 - Nov 2016 (24 comments)
Qubes OS 3.2 has been released - https://news.ycombinator.com/item?id=12604417 - Sept 2016 (30 comments)
Security challenges for the Qubes build process - https://news.ycombinator.com/item?id=11801093 - May 2016 (17 comments)
Qubes OS 3.1 has been released - https://news.ycombinator.com/item?id=11260857 - March 2016 (44 comments)
Converting untrusted PDFs into trusted ones: The Qubes Way (2013) - https://news.ycombinator.com/item?id=10538888 - Nov 2015 (5 comments)
Intel x86 considered harmful – survey of attacks against x86 over last 10 years - https://news.ycombinator.com/item?id=10458318 - Oct 2015 (169 comments)
Qubes – Secure Desktop OS Using Security by Compartmentalization - https://news.ycombinator.com/item?id=8428453 - Oct 2014 (49 comments)
Introducing Qubes 1.0 ("a stable and reasonably secure desktop OS") - https://news.ycombinator.com/item?id=4472403 - Sept 2012 (59 comments)
Qubes: an open source OS with strong security for desktop computing - https://news.ycombinator.com/item?id=2645170 - June 2011 (16 comments)
Review: Qubes OS Beta 1 — a new and refreshing approach to system security - https://news.ycombinator.com/item?id=2504274 - May 2011 (1 comment)
The Linux Security Circus: On GUI isolation - https://news.ycombinator.com/item?id=2477667 - April 2011 (47 comments)
Qubes Beta 1 has been released (strong desktop security OS) - https://news.ycombinator.com/item?id=2439096 - April 2011 (3 comments)
Qubes Architecture - actual security-oriented OS - https://news.ycombinator.com/item?id=1796384 - Oct 2010 (1 comment)
Open source Qubes OS is ultra secure - https://news.ycombinator.com/item?id=1249857 - April 2010 (7 comments)
Introducing Qubes OS - https://news.ycombinator.com/item?id=1246990 - April 2010 (20 comments)
behnamoh
A simple screenshot of the OS environment would have been nice. But generally, I don't think people adopt operating systems just by seeing new recommendations on Hacker News or different forums. Most people have settled on macOS and then Linux and then Windows. and within the Linux ecosystem most people just use Ubuntu or Fedora and that's it. I don't see anyone using these other esoteric operating systems as a daily driver. For servers it's a different story. We have OpenBSD and FreeBSD. and of course Linux. But that's about it. Even supercomputers run Linux. creating an operating system in 2025, aside from intellectual curiosity, isn't really pragmatic.
liamwire
Qubes is far from esoteric in spaces where security is paramount. Your lack of familiarity with it doesn’t mean it’s obscure. It’s more a tool for a specific subset of people and purposes, rather than an OS meant for wide adoption.
wongarsu
CubesOS is the choice if you need a very high level of security, are willing to accept some workflow changes to achieve that, but still want a modern graphical operating system that runs all your normal software in a unified workspace.
Nothing else provides a similar mix of security and usability. The alternatives are either much less secure or have much worse usability.
Of course only few people have these kinds of requirements. I'd recommend Qubes OS if you are an investigative journalist or working in offensive or defensive IT security. Everyone else can safely ignore it.
Still, even if it's not made for most of us it makes interesting design decisions that are very much of interest to this forum. And a lot of the people it is made for are here too
johannes1234321
> A simple screenshot of the OS environment would have been nice.
cspeterson
FWIW, seeing Qubes on HN some weeks ago got me to try it out, and it's been my daily driver since. Good timing since I had holiday vacation to spend time with it before going back to $JOB on the machine.
PS Qubes is Linux. The base domain hypervisor is Fedora-based, and while it is possible to run Windows in a "Qube," the docs and tooling clearly concentrate upon Linux (Fedora and Debian) as the primary use case.
mtreis86
Qubes is a Linux OS. It's like if you took Fedora and installed xen on it and booted up some VMs and the windows for them opened within the base OS instead of in individual system windows. Plus some cool magic with the file system to reduce redundancy and how many times you have to update things.
accassar
And cooler magic to colour code your window borders. Effectively gives you a VM running Firefox and you only see the Firefox window.
This will let you run your email in one window, and click on a link to open it in another VM.
chefandy
I don’t think qubes is targeted at mainstream users— even mainstream developers— and I don’t think something has to be targeted at the mainstream to be interesting, especially here. There are probably a lot of people here that won’t ever use it that will still find the idea and ethos interesting.
accassar
Qubes is great as a development platform. The simple integration of VM's into a desktop is surprisingly useful and seamless for day to day development, testing and work.
I've used it for a number of years.
Have used it for several months as my daily OS and dropped it because of bad graphics performance (only software rendering supported, many frame drops when watching HD videos on YT) and bad battery management. Due to software rendering the overall systems perfmance also dropped. So I cannot recommend it for people with high requirements on graphics and battery duration. Besides that it was an interesting and good experience.
I think it would be good to make it possible to deactivate certain security features such as strict graphics isolation so that users can adjust their settings to their risk acceptance level. It would also be interesting to be able to optionally replace Xen with lighter isolation mechanisms, even if the user would compromise on security here too.