Hacker News new | comments | ask | show | jobs | submit login

This is approaching the idea of Qubes OS, which is a good direction IMO and something I've been waiting for stability to try.



NixOS may also be something to look at. It's doing things a bit differently compared to Qubes, but seems to have similar kinds of goals. I've not used it before but the idea seems to be neat.


It’s worth noting that NixOS and Qubes aim to solve very different problems. NixOS (and Nix itself) tries to improve package/dependency management, allowing for things like rolling back upgrades and flexibly using multiple versions of the same package. Qubes targets sandboxing of individual services/apps, with the goal of preventing lateral movement within an endpoint between applications.

NixOS doesn’t sandbox apps by default (obviously, the user could run all their apps using containers/VMs/etc, but the same is possible on other distorts).

Also worth noting that Qubes uses VMs (Xen) with whole guest OSs as the isolation mechanism, whereas Silverblue uses containers (Flatpak) to isolate individual apps. Qubes is great if you're paranoid and want to keep your banking VM isolated from your web browsing VM. Flatpak and Snaps are great if you just want to grab the latest LibreOffice without pulling a ton of dependencies into your package manager. I guess there's no reason you couldn't install Silverblue as a guest OS in Qubes...

Qubes not only seems complicated but my main goal is to have one script that defines my whole laptop / workstation experience - the "in one place" idea is what matters to me here.

I think qubes or something like it will be the right way to go for safety in "the future" - but Inwoukd like a really simple way to define my qubes upfront- really really simple.

maybe they have it - not looked deep enough

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact