Ultimately security is incompatible with backwards compatibility. All OSes in prod today need to be rebuilt from the ground up to be secure for the next century. That means throwing out a lot of code too. It's the cost to pay.
It’s not just power users either. Regular Windows users howled with outrage when they had to enter their password to permit software to do a privileged task.
Not necessarily “all the safeties off.” I’d define that as like, running as root always.
It’s more about not being locked out of actual admin access to my own computer.
I expect to have at minimum a developer mode that allows me to enter my password to allow me to run whatever code I want without OS vendor blessing. Heck, add a small coding challenge to unlock it. Whatever.
It kind of sounds like you're advocating the type of security where the computer is secure against its owner, can't be programmed by its owner, doesn't support modifications to the OS, and so on. Is that right, or so you envision a highly secure system that can be controlled by its owner?
Compartmentalization is only a part of the solution. Once you have that finished, you still need to deal with the actual vulnerabilities in guests, which will contain your secrets and be exposed to the internet, one way or another.
In what way are [1] not “full OSes”? They’re minimal templates, but afaik they still run systemd, the kernel, etc. needed to boot the standard Linux systems they are.
If you set it up, users can run anything themselves. Just use the start menu and the apps will automatically run in the corresponding VMs (shown as windows with colored borders).
I set up Qubes OS for and with technical, less-technical and non-technical people and I very much disagree. It only works well for those who are prepared and motivated to learn, and even then, it sometimes can be frustrating.
The copy-pasting between VMs, mentioned in a sibling, requires four steps: (1) copying to the source VM's clipboard, (2) copying to the global clipboard, (3) copying to the destination VM's clipboard, and (4) pasting to the destination. The shortcuts become part of your muscle memory after some use, but until they are, that is just one way in which Qubes gets in the way of productivity.
There are a bunch of minor quirks, often specific to the hardware, which the user needs to learn about and find workarounds for. But if they do, Qubes is probably the most seamless way to work with tons of (well-isolated) VMs. For example, SecureDrop [0] is based on Qubes and does seem to work well for journalists for securely receiving and working with documents from anonymous sources.
Everything that works on Linux will generally work on Qubes, apart from the GPU-heavy applications [0], which will be addressed in the future [1]. Copying and pasting works fine [2]. OK, music production may not be possible at the moment [3].
Can't comment on music production since I don't produce music (could be the need for realtime).
Discord runs fine both in-browser and in application. Raptor Lake seems to have zero issue with video voice chat, whereas Comet Lake can drag a bit in large rooms without a GPU. Qubes OS makes it dirt easy to multiprofile from all around the world.
I don't really game like others do; eye candy doesn't draw me in, but solving interesting puzzles/challenges does.
Copy & paste is superior in Qubes, skill issue sorry not-sorry. GIT GUD!
And likely, upsetting power users who want to run with all the safeties off.