Solène Rapenne, who writes a lot about and contributes to operating systems like OpenBSD and Qubes OS, has published a primer about what, exactly, Qubes OS is.
I like to call Qubes OS a meta operating system, because it is not a Linux / BSD / Windows based OS: its core is Xen (some kind of virtualization enabled kernel). Not only it’s Xen based, but by design it is meant to run virtual machines, hence the name “meta operating system” which is an OS meant to run many OSes make sense to me.
↫ Solène Rapenne
Rapenne explains the various ways in which isolated virtual machines are used in Qubes OS, and it’s easy to see just how secure Qubes OS’ way of doing things is. At the same time, it seems quite cumbersome to me as a regular user, and I don’t think I’m up for dealing with all of that. If you do security research, handle private or classified data, are a whistleblower or an investigative journalist, thoug, Qubes seems like a natural choice.
Interesting to note is that Rapenne used to use OpenBSD for her security work, but moved to Qubes OS because its virtual machine infrastructure is far more robust, and hardware support is better, as well.
It is nice to see Qubes OS getting more recognition, especially as the world is moving into a terrible direction.
(Yesterday it was reported even nvidia’s own Windows setting app required ID checks for 18+. Make it make sense)
But I would say the Qubes OS own tutorial might be an even better introduction:
https://www.qubes-os.org/doc/getting-started/
… as many people are visual learners.
Qubes OS is very, very demanding, especially in RAM. Because when you launch Firefox for instance, it’s not just a browser you’re running, but a whole invisible VM backing the application. And with every application launched, another VM. Hence not only your RAM is eaten, but your patience too, because for every application launched, a whole VM has to start anew. So count about 40-50 seconds to start each and every application.
Kochise,
You might be interested in this:
https://forum.qubes-os.org/t/speeding-up-vm-startups/18854/4
I wonder if part of the slowness in bringing up new VMs is due to defaulting to Fedora for application instances. On bare metal Fedora is not really all that slow compared to other distros, but in VMs I’ve found it to be really heavy and slow. I wonder if one could change the default to something like Alpine or Void for spinning up new instances in Qubes to gain some performance (and with Alpine, some hardening as well). I don’t know enough about the plumbing in Qubes to know if this is even possible, but Alpine really shines when used in containers and VMs in my experience.