On 5/10/19 12:16 PM, Marc Griffiths wrote:
Hi everyone. Nice critique John. To throw in my perspective as an experienced Linux user switching to Qubes as sole laptop OS a few months back. Primary usecase for me is #1 increased security when using crypto exchanges and #2 the feeling of spinning up an environment that I have confidence in being private, for the writing of personal notes and reflections.

The concept is awesome, perfectly designed for protection against malicious applications, websites and devices. Although it offers no protection against Intel Management Engine.

There is much more to low-level vulnerabilities than IME: PortSmash, Foreshadow, Rowhammer, etc. Overall, AMD processors appear to be less vulnerable than Intel.


My experience of installing on a Lenovo Yoga 720 was seamless, everything worked including the touch screen. However, I experienced a lot of random browser crashing. Chromium dead birds on a fairly regular basis. Vivaldi, Chromium, and Firefox browser windows disappearing without error, on both Fedora and Debian. Upgrading to Fedora 29, and upgrading dom0 didn't resolve the problem. A few times the desktop became unresponsive, and while I was able to ctrl+alt+F2 to dom0, it wasn't clear how I could view processes running on a particular VM.

Sorry to hear about the stability issues. You might try updating your UEFI firmware to see if that helps.. the precise way that it configures advanced hardware features (seldom used by other operating systems) does have an impact on both compatibility and stability. This is also a good reason to stick with business-oriented computers because vendors take more care to get advanced features working correctly on them; its one of the reasons why Thinkpads are so popular among Qubes users.


I'd be interested in knowing what audience Qubes is aimed at. With the rapidly increasing public awareness on cyber-security and privacy, Qubes could very easily find itself in high demand. At present though it's only going to appeal to experienced Linux users, which is a shame, because it wouldn't be that much work to make it far more accessible.

If the Qubes team is interested in a larger audience, I would suggest:

  * Include Ubuntu based VM as default, or at least make the process of
    adding a Ubuntu template significantly easier
  * Include a brief getting started guide that covers essentials such as
    cross VM copy/paste, accessing devices, upgrading software etc
  * If we're limited to XFCE, then include guides on customising to be
    more like other environments. Most critical for me was adding
    shortcuts for switching desktops and moving windows between
    desktops: System tools > Window Manager > Keyboard
  * A guide on the limitations: what does Qubes protect you from, what
    does it not protect you from, what are the next steps to improve
    security. Having a colour-coded grid to communicate this would be
    excellent.

You're not limited to XFCE, and in my experience KDE works better.


Next step for me is ordering a T400, which doesn't have Intel Management Engine, supports Libreboot, and has proven itself as an uncrashable workhorse. I used to run Windows and SUSE on this laptop back in 2008-2011, it never crashed, despite running a complex J2EE dev environment. I will miss having 16GB RAM, but the i7 I can happily part with.

I doubt that Qubes will install or run on a T400. Qubes was initially developed on Sandy Bridge-era hardware, and the requisite virtualization features in chipsets was still maturing up to that point.

I feel obliged to mention that if you want to avoid management engines and a raft of other processor vulns, you should look to the AMD 15h generation of chips (circa 2013). In the form of a Lenovo G505s A10, installing Qubes first requires re-flashing the firmware with Coreboot... an exercise that I'm about to try. :)

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1025b4f-2c6d-84a9-47cb-fcfacb88ecdb%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to