I really wanted to embrace Qubes, like really really wanted. So much so that I nearly bricked my computer trying to get it to work. Well, actually, it works just fine, but I wanted it to work with my Librem Key (which I should add, I successfully did). The problem is that Qubes is great, secure, safe…but maybe just not practical enough, for me.
The fact that everything, and I mean everything, can open in virtual machine is great, and I built my laptop with this in mind, so beefed up the RAM to 32GB, thinking that I’d be running everything in a VM.
The problem, is that I like Debian, I understand it a little more than Fedora, and while this is not a major issue, I did have some trouble adapting to the various command line protocols in the differing operating system virtual machines.
When I looked at Qubes, what the deal was that I just wanted to support it, wanted to find a way to make it work when really, it is just not the right fit for me. Given I have the security at BIOS level with Heads and the Librem key the additional Qubes security was just a bit of overkill for the way I operate, so have gone back to PureOS, which I quite like in it’s own quaint manner…but in reality I think I just like Purism.
I would easily recommend Qubes for the hyper security conscious, or maybe even those with sub par security skills, but the issue with those folk is that they also usually have sub par computer skills in general, and Qubes has a pretty steep learning curve.
The reason Qubes is not necessary for me is that I store ALL my files in a fully encrypted external SSD. My pentesting box boots up from a USB (with persistence) and so PureOS is really just a skin for me. Sure I download various packages from the repository, and would need to download these again if I needed to do a fresh install, but to be honest, these are just not issues to me. Installing software in Linux could not be easier…apt-get install!
If my OS becomes infected then I’ll just reinstall it, it is no big deal. All my data will be safe on an external device, and I know my BIOS is safe with the Librem Key / Heads tandem.
Qubes is great, I think I am repeating myself, but for me, it is just a bridge too far, it arguably does too much. Whonix is awesome, but I can install TOR, VPN and other anonymity tools. I can use ‘macchanger’ if I need further network security. I know that Qubes allows me infinite security features, but how many of us really need this many? Yes, Edward Snowden recommneds Qubes, but he is an enemy of the state, most of us are not, and are not worried about State supported bad actors, just bad actors and viruses. That is why I’ll continue with my set up of PureOS (on my Purism laptop), an external encrypted hard drive and bootable flash drives for my disposable operating systems. This may seem cumbersome, inefficient, over the top, but arguably these are terms that could also be used to describe Qubes.
Oh, did I mentions that Qubes is great?!
I may, or may not revisit Qubes, but for now, I am happy with my set-up, it works for me, and really that is what a computer should do, work for you!
chameo
Latest posts by chameo (see all)
- udemy v itpro.tv // a battle royale - June 11, 2019
- purism librem 13 // my very own fingerprint magnet - June 8, 2019
- qubesos, a bridge too far - June 6, 2019