[lepuski]

Given how common supply-chain vulnerabilities have become, I’m surprised more teams haven’t adopted Qubes. To compromise a Qubes setup you’d need a Xen sandbox escape which is possible but vastly more difficult than running a simple bash script from a post-install script.

I’ve daily-driven Qubes for about a year and it’s been easier than I expected. The main drawback is gaming because you need a second GPU and the GPU passthrough setup is annoying. I don't game much, so I use the CPU's integrated GPU for dom0 and reserve my dedicated GPU for general hardware-acceleration e.g. smoother youtube playback.