Hacker News new | comments | ask | show | jobs | submit login

NixOS may also be something to look at. It's doing things a bit differently compared to Qubes, but seems to have similar kinds of goals. I've not used it before but the idea seems to be neat.


It’s worth noting that NixOS and Qubes aim to solve very different problems. NixOS (and Nix itself) tries to improve package/dependency management, allowing for things like rolling back upgrades and flexibly using multiple versions of the same package. Qubes targets sandboxing of individual services/apps, with the goal of preventing lateral movement within an endpoint between applications.

NixOS doesn’t sandbox apps by default (obviously, the user could run all their apps using containers/VMs/etc, but the same is possible on other distorts).

Also worth noting that Qubes uses VMs (Xen) with whole guest OSs as the isolation mechanism, whereas Silverblue uses containers (Flatpak) to isolate individual apps. Qubes is great if you're paranoid and want to keep your banking VM isolated from your web browsing VM. Flatpak and Snaps are great if you just want to grab the latest LibreOffice without pulling a ton of dependencies into your package manager. I guess there's no reason you couldn't install Silverblue as a guest OS in Qubes...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact