-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
*A Critique of Qubes*
Before discussing Qubes, I want to give you a bit of background about
me. I do not want to tell my life-story, I doubt anyone is interested.
However, I want you to know "where I am coming from" and what I want
from Qubes. I am keeping in mind that what I want is just that and
Qubes may not be intended to satisfy, or interest in satisfying my
wants and needs -- that is, I may simply be part of the wrong
demographic.
* Retired roughly 2 decades
* 73 years old
* Degree in Computer Science
* Started out programming mainframes in Assembly Language (machine
code)
* Later, large-scale software development (various roles) -- R & D,
telecoms and mission-critical apps (those involved in health-care are
regulated)
* Proprietary H/W and OSes, then various Unixes.
I am not paranoid over privacy and security, but I recognize there are
many individuals who, rightfully, fear for their privacy and anonymity
- -- their livelihood and even their lives may depend on it.
Wants:
* Reliability -- do not fail on me or, if something goes wrong, fail
gracefully.
* Reasonable security -- more than is provided by the more standard
Linux distributions (I am a fan of Linux Mint).
* Reasonable privacy (I hope that is not an oxymoron); though perhaps
it is too late in the game for me (though I have never been a fan of
social media, or anything Google)
* No need to spend large amounts of time tinkering with my basic
personal computer setup.
* Ease of use and administration, including software installation.
* GUI for virtually everything unless there is a really, really, really
good reason to use a CLI. Do not get me wrong, I am comfortable with
CLI's, but I do not want to spend my time researching various Linux
administration tools. Consider me lazy if you wish.
* No need to build my own tools to use Qubes (I do some website and
server- side development to keep the neurons firing -- I can do all
the programming I want in that environment).
Basically, my personal computer(s) is a tool. If I write some software
on it, that software will be for some other purpose and not to
complement the OS.
- -
Critique:
I started using Qubes for my main computer about two months ago. I had
previously experimented with release 3.2 and 4.0 on my HP laptop and
ran into various problems -- discussed by many users ad nausium in
qubes-users. I got a nice little desktop computer for Christmas (from
my wife :-) -- an Intel NUC7i7 (32 GB RAM, 512 GB SSD).
So I started from the beginning. Installing Qubes 4.0.1 was relatively
straightforward, although it did require researching the use of a USB
mouse and keyboard.
Basic configuration was no worse than any Linux distribution I have
played with. Software installation was not as straightforward. I was
forced into using the CLI (I do have two proprietary programs: VueScan
and Bcompare). Installing other software can be problematic. I
installed Chromium. The install appeared successful. I was able to add
Chromium to an appVM. When I started the appVM and launched Chromium
from the menu... nothing! No window, no error message. I tried a number
of times (the reason for just re-trying will be mentioned below).
Issues...
* When launching a program from the Qubes menu, particularly if the
target appVM has to be started, the program often fails to be
launched. This happens very frequently with the Text Editor.
This is annoying as one waits a bit in case one is simply being
impatient, or at least I do, so as not to launch two copies of the
program by accident.
* When a USB device is attached to an appVM, there is an appropriate
notification. When it is detached, there is a notification that the
device is being detached, but no notification to indicate that it has
been successfully detached so how long should one wait before
unplugging it?
* Ignoring whonix (I do not use it... yet), there are two template VMs
in the vanilla Qubes 4.0.1 installation: Fedora and Debian. However,
they have not been treated equally, with Debian being the loser. The
Qubes documentation indicates that Fedora was favoured for security
reasons.
Since I had been using Linux distributions based, directly or
indirectly, on Debian, when I first set up Qubes, I created my appVMs
based on Debian. That was painful as I then had to install a lot of
basic software.
When I re-read the documentation, I realized the security reasons,
so I switched all my appVMs (except one!) back to Fedora. It was not
painful, but I would have rather have spent the time doing something
else.
The kicker came when Firefox stopped playing Flash content in my
untrusted appVM, complaining that I needed an up to date version of
Flash. I installed the most recent version, but that did not solve
the problem. The problem is/ was something to do with
