Hacker News new | past | comments | ask | show | jobs | submit login
Qubes OS 4.2.0 has been released (qubes-os.org)
59 points by andrewdavidwong on Dec 19, 2023 | hide | past | favorite | 21 comments



Anyone using Qubes as a daily driver on laptops (for basic work, not gaming, GPU or video related tasks, etc).

I worry that there will be issues with updates, and so on.


I've been using QubesOS for years, and I highly recommend it. Not only for security (which of course), but also for the cleanliness of not polluting your computer with a myriad of dependencies for projects you just tried once.

And of course, the high-risk activities that we all have to do at some point (now at least their risk is limited to their virtual machine) :

  - curl|bash or similar 
  - pip install, npm install etc
  - run any random github project
  - sudo install the drivers of my Brother printer
  - install zoom
  - plug random cheap USB devices to eg update their firmware


Why not just do all that in a throwaway container?


Hardware virtualization is much more secure.


Not any more it isn't. Rootless non-root containers are about as secure as VMs today.


Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself: https://en.wikipedia.org/wiki/Blue_Pill_(software)

How is it about the containers?


>Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself:

Have you been living under a rock [0]?

>How is it about the containers?

Container security aka OS virtualization has been quite secure for a while now.

[0] https://www.csoonline.com/article/551445/significant-virtual...


> Have you been living under a rock [0]?

I think you don't understand: Qubes relies on hardware, not software virtualization: https://en.m.wikipedia.org/wiki/Hardware-assisted_virtualiza...


I think you don't understand. Qubes relies on software virtualization in conjunction with hardware assisted virtualization instruction sets. The aforementioned vulnerability existed in Qubes Xen.


It seems the aforementioned vulnerability (XSA-133) didn't even affect Qubes: https://www.qubes-os.org/security/xsa/. Also, such vulnerabilities were the reason for them to switch to VT-d by default: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qs....

I'm not an expert, but how could it affect the VT-d even in principle? AFAIK VM escape is impossible with software exploits in this case, only side-channel attacks are.


Which issues?

I'm very happy with Qubes OS, using it as a daily driver for many years. It helps to organize your digital life and gives a great sense of security and control over your computer. I tried to list its advantages here: https://forum.qubes-os.org/t/how-to-pitch-qubes-os/4499/15

Another report from a user: https://news.ycombinator.com/item?id=36267756


I installed Qubes OS last year. First, the installation was not smooth. I had to play with the UEFI BIOS settings to get the installer work. It can be picky with respect to hardware. That’s OK, but it’s unclear what works and what doesn’t, and you have to spend time searching the internet. If you look at their FAQs and forum, you will find all sorts of known problems that may arise just around the installation and booting. Then, the updates sometimes failed (and were slow, but that was OK). The main problem was that after a short while, one day it stopped booting, and I had to spend time in forums again. It felt unpredictable and fragile.

For an operating system to be used as a daily driver, it has to be stable, and reliable. The laptop may be forced to shutdown, even during an update installation. Some functions should always work: boot, WiFi/ethernet, HDMI, etc.

I would love to replace desktop Linux with Qubes. I work in Qemu VMs anyways. I would probably give 4.2 another go.


I never experienced fragility of Qubes OS, it's been rock solid for me for years.

You can find information on recommended hardware that works smoothly here: https://forum.qubes-os.org/t/community-recommended-computers...

And HCL lists all known hardware-related problems: https://qubes-os.org/hcl


I just installed 4.2, and it was indeed smooth.

Impressive improvements, and I like the new interface! I probably test the battery usage and applications, see if I can switch my workflow to Qubes!


The biggest issue for people updating could be the switch from iptables to nftables, which may break many firewall scripts.

There is a documentation update pending merging in the official documentation that covers how to do use the Firewall in 4.2.

https://github.com/QubesOS/qubes-doc/blob/86a6f12e2a882dfffb...



Looking at the release notes: Dom0 is now using fedora 37. Isn’t fedora 37 EOL (end of life) already?



In this context, Dom0 is completely disconnected from the internet. It is used for running the Xen hypervisor. Dom0 doesn't run any apps at all (except for the window manager). It does not process external untrusted input. The VM template is based on the most recent version.


Is there any update on the archlinux templates? This is my only problem with Qubes as a daily driver





Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: