HACKER Q&A
📣 vntok

Is there some sort of stigma around Qubes OS on HN?


I find Qubes OS ("A reasonably Secure Operating System") very interesting. Not only as a general proof of concept of what Information Tech could have looked like if designed otherwise from the start, but also -especially- in the context of today's third party risk: compromised package dependencies if you're a developer; malware in documents if you receive and open files locally; phishing if you're, well, anyone, privacy-stealing ads when browsing, and so on.

In our world where most PC owners typically perform dozens and dozens of completely independant tasks (gaming, emailing, banking, streaming, doom scrolling, online buying, web browsing, maybe working even) from a single machine, the current attack surface is enormous and, consequently, the benefits of turning that single machine into dozens of contextual yet independant VMs around a stripped down secure kernel have always appealed to me.

However, searching through HN posts and comments I can't find much (if any) discussion about Qubes OS or its vision, even in the numerous recent threads where people here lament constant data leaks, compromised NPM packages stealing API keys, fake hiring agencies that manipulate you into installing a RAT as part of the process, IA-generated video phishing, etc.

Curious to know more about why that is; surely in 13 years many on Hacker News have heard of Qubes. So why isn't usage of VM isolation in general and of Qubes OS in particular more discussed and more prevalent outside of cybersec and related fields (incident response, offense, malware analysis, activism).

Is there a particular bias against the team or the project? Is it so difficult to use not even HN technophiles even try?

  👤 genezeta Accepted Answer ✓
> searching through HN posts and comments I can't find much (if any) discussion about Qubes OS

I think there's a fair amount of submissions and discussions: https://hn.algolia.com/?q=Qubes

👤 nacozarina
Good MLS-enabled systems are a pain to use, bad ones are intolerable, and most ppl don’t really need MLS anyway.
👤 schonfinkel
I've been following the development of Spectrum OS, which seems to be Qubes with a "Nix take".

> Spectrum will, for now, be a Linux-based system, with packages from Nixpkgs but not derived from NixOS. This gives us an actively-developed base with good hardware support, powerful and optimised compartmentalization primitives in KVM, and the reproducible packaging and configuration system that is important for a maintainable compartmentalized system.

https://spectrum-os.org/

https://diode.zone/c/spectrum/videos

👤 palata
I tried to use QubesOS and I learned a lot. It was a fun experience.

But not having any kind of hardware acceleration made it unusable to me for my Desktop computer. It was a couple years ago, QubesOS did not support GPUs, and it felt like supporting GPUs was fundamentally going against the security model.

And the whole point of QubesOS is for the Desktop, right? Because for servers, I can run VMs without needing any of the QubesOS tooling.