Hacker News new | ask | show | jobs
by Syonyk 492 days ago
QubesOS is very much not "Linux on the hardware." It is silos of isolation, interacting freely at the window level.

I wrote on it some while back: https://www.sevarg.net/2023/07/29/qubes-os-silos-of-isolatio...

The concept is that you have a lot of isolated "AppVMs" running applications, in silos that cannot talk to each other. So, right now, I'm logged into HN with my "random-web" VM - that has nothing of interest in it beyond some PDFs I've downloaded. This, for instance, has zero access (except by exploiting and passing through Xen) my "sysadmin" VM, which contains my SSH keys for various things, and which I use for sysadmin type tasks. I've got other silos as well. All the windows from all these VMs interact like normal on my desktop - I'm not dealing with "Okay, this VM is for this, that VM is for that." Things just work smoothly and as expected.

A side effect of this, though, is that the AppVMs have no hardware acceleration of anything graphical. It's all software rendering in them. So gaming is normally right out - except, this talks about how to pass another GPU through to do this sort of thing, if you want.
1 comments
vlovich123 492 days ago
> Things just work smoothly and as expected.

Do you have the ability to pass files between or drag and drop files between isolated levels? Can I mount a shared folder into multiple isolated apps so they all have access? I like QubeOS in theory but I’m hesitant to try it due to (perhaps misplaced) UX concerns.

link
Syonyk 492 days ago
You have the ability to push files from one AppVM to another - they appear in ~/QubesIncoming/[source-vm-name]/ and you can do what you want with them from there. I do this regularly and it works perfectly fine. It's not drag-and-drop, there be demons. It's either a command line utility or a context menu in the file explorer.

There's no concept of a local shared folder you can mount in multiple AppVMs, though as networking exists, you could easily do so, if you wanted - share a folder in StorageVM and mount it in others. Though doing so would defeat a lot of the point of isolation, if VM1 can corrupt a file that will then attack VM2 when read. You'd want to really think hard about your threat models and what you would and wouldn't want, with such a setup.

My advice? Dual boot. Yes, at some level, dual booting raises the risk of QubesOS compromise from the other booted OS, because it could pop /boot, and such. But in practical terms, you're no worse off doing that, than you are with another OS running full time - and as a lot of the threats are things like "ad-delivered malware" or "random PDF to your inbox being malicious," you gain quite a bit even if you still dual boot into something else on occasion. My daily driver X250 has a straight Ubuntu install on a separate SSD that I use on occasion, in theory. Mostly, it exists to run a VM to talk to a car, except I've not had to do that in a long while. Oh, and movie playback on long flights. Power efficiency for video playback on Qubes is "not good." Except I don't do those anymore either. So, every few months, I boot into the Ubuntu install and update it.

Caution: QubesOS, to the right sort of person, may as well be a virus. It took less than a year to go from "Play OS on a random laptop I was in the process of selling" to "Primary daily driver OS on several machines." And then I realized I didn't actually use the desktops anymore.

link
transpute 492 days ago
If you _really_ want to break isolation between untrusted VMs, they should be stateless so that malware cannot persist after VM reboot.

"Converting untrusted PDFs into trusted ones: The Qubes Way (2013)", https://news.ycombinator.com/item?id=42401904.

link
fsflover 491 days ago
https://www.qubes-os.org/doc/how-to-copy-and-move-files/
link