Ask HN: Is there some sort of stigma around Qubes OS on HN?
6 points
2 hours ago
| 4 comments
| HN
I find Qubes OS ("A reasonably Secure Operating System") very interesting. Not only as a general proof of concept of what Information Tech could have looked like if designed otherwise from the start, but also -especially- in the context of today's third party risk: compromised package dependencies if you're a developer; malware in documents if you receive and open files locally; phishing if you're, well, anyone, privacy-stealing ads when browsing, and so on.

In our world where most PC owners typically perform dozens and dozens of completely independant tasks (gaming, emailing, banking, streaming, doom scrolling, online buying, web browsing, maybe working even) from a single machine, the current attack surface is enormous and, consequently, the benefits of turning that single machine into dozens of contextual yet independant VMs around a stripped down secure kernel have always appealed to me.

However, searching through HN posts and comments I can't find much (if any) discussion about Qubes OS or its vision, even in the numerous recent threads where people here lament constant data leaks, compromised NPM packages stealing API keys, fake hiring agencies that manipulate you into installing a RAT as part of the process, IA-generated video phishing, etc.

Curious to know more about why that is; surely in 13 years many on Hacker News have heard of Qubes. So why isn't usage of VM isolation in general and of Qubes OS in particular more discussed and more prevalent outside of cybersec and related fields (incident response, offense, malware analysis, activism).

Is there a particular bias against the team or the project? Is it so difficult to use not even HN technophiles even try?

schonfinkel
1 hour ago
[-]
I've been following the development of Spectrum OS, which seems to be Qubes with a "Nix take".

> Spectrum will, for now, be a Linux-based system, with packages from Nixpkgs but not derived from NixOS. This gives us an actively-developed base with good hardware support, powerful and optimised compartmentalization primitives in KVM, and the reproducible packaging and configuration system that is important for a maintainable compartmentalized system.

https://spectrum-os.org/

https://diode.zone/c/spectrum/videos

reply
palata
1 hour ago
[-]
I tried to use QubesOS and I learned a lot. It was a fun experience.

But not having any kind of hardware acceleration made it unusable to me for my Desktop computer. It was a couple years ago, QubesOS did not support GPUs, and it felt like supporting GPUs was fundamentally going against the security model.

And the whole point of QubesOS is for the Desktop, right? Because for servers, I can run VMs without needing any of the QubesOS tooling.

reply
genezeta
2 hours ago
[-]
> searching through HN posts and comments I can't find much (if any) discussion about Qubes OS

I think there's a fair amount of submissions and discussions: https://hn.algolia.com/?q=Qubes

reply
vntok
1 hour ago
[-]
Sure but those are mostly old to very old (7y+). I counted only 7 threads in the past 3 years with at least 10 comments, and if you filter by past year there's no thread with more than one comment.

Basically zero traction here recently, while I would have intuitively thought the vision would spread with recent trends: AI spread, privacy concerns, OS enshittification, disinformation wars, device attestation/control, GDPR...

reply
nacozarina
2 hours ago
[-]
Good MLS-enabled systems are a pain to use, bad ones are intolerable, and most ppl don’t really need MLS anyway.
reply