From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-1.5 required=3.0 tests=ALL_TRUSTED, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=3.4.3 Received: by atuin.qyliss.net (Postfix, from userid 496) id E3B2B698A; Fri, 12 Jun 2020 11:54:26 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id B2AAE68EF; Fri, 12 Jun 2020 11:54:15 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id 4C3E368EA; Fri, 12 Jun 2020 11:54:13 +0000 (UTC) Received: from localhost (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id B024768E9 for ; Fri, 12 Jun 2020 11:54:09 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Subject: Re: Comparison to Qubes OS From: =?utf-8?q?infokiller_=E2=80=8B?= To: discuss@spectrum-os.org Date: Fri, 12 Jun 2020 11:54:09 -0000 Message-ID: <159196284966.15924.16876974660333010445@localhost> In-Reply-To: <30b730a5-773e-41e8-e94e-5abec26018a4@hackerspace.pl> References: <30b730a5-773e-41e8-e94e-5abec26018a4@hackerspace.pl> User-Agent: HyperKitty on https://spectrum-os.org/ Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 4R52X53HVCY74K4J7KQFFQ5WH54CZWYG X-Message-ID-Hash: 4R52X53HVCY74K4J7KQFFQ5WH54CZWYG X-MailFrom: joweill@icloud.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.1 Precedence: list List-Id: General high-level discussion about Spectrum Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Thanks for a useful reply Micha=C5=82! Some responses below. Micha=C5=82 "rysiek" Wo=C5=BAniak wrote: > Hi! >=20 > A QubesOS user here for about a year and a half, let's see if I can hel= p out here. >=20 > On 6/12/20 11:06 AM, joweill(a)icloud.com wrote: > > Going over each usability issue mentioned in the > > motivation doc: > > =20 > > - "Hardware compatibility is extremely limited": I don't believe thi= s is > > really the case for the minimum Qubes 4 requirements [4]: most modern= computers people buy > > support these. Is there anything I'm missing?=20 > I got a shiny new Thinkpad T490 a few months ago. 3d acceleration (KDE = user > here, I demand my wobbly windows!) is simply not available, because the= dom0 > system is too old. >=20 > My other laptop, a T470, was specifically selected for QubesOS, and the= re were > still issues (for instance, disabling Thuderbolt got me almost double t= he > battery life). >=20 > Generally speaking, one can buy almost any laptop today and expect it t= o mostly > work with plain GNU/Linux. However, most might not even be able to boot= QubesOS. >=20 > > - "People are reluctant to use Xen on their > > computer for power management etc. reasons." Can you elaborate on the= se issues? > >=20 > The T470 had easily a 10-12h battery life on plain Kubuntu. On Qubes, 4= -5h is > maximum I can squeeze out of it, and that's *after* the Tunderbolt fix. >=20 > Running virtual machines is extremely resource-intensive, there's no wa= y around it. But if the issues stem from running VMs (and not switching from Xen), the= y won't be resolved with Spectrum's current design, right? >=20 > > - I know that Qubes considered using KVM and decided > > against it for security reasons [2]. My understanding is that the dow= nside of this > > decision is the limited hardware support, which is one of the things = that Spectrum views > > as an opportunity for improvement. Can you elaborate on this decision= ?=20 > Can't speak for the developers, but the way I see Spectrum is as a comp= romise > between regular GNU/Linux distro (with all the related security problem= s) and > QubesOS (with the limited hardware support and >=20 > > - "VMs are heavy": How will Spectrum improve > > on this without sacrificing security?=20 > I'll leave this to the developers, but will say that I expect *some* se= curity to > be sacrificed. There are always trade-offs. >=20 > I feel one needs to be an expert to use QubesOS, but a regular user (wi= th some > basic training) can use a Mint or Ubuntu-based system. And I think it m= akes a > lot of sense to offer a middle ground. Agreed, but I think the current design of Spectrum may improve Qubes' har= dware issues, but not the other issues the doc mentions. Possibly switchi= ng to containers (which something like gVisor) may solve some of the othe= r issues of Qubes, though that would further degrade security. >=20 > > - "GUI applications are buggy, command line tools > > are mostly undocumented": I assume that the reason for this is the la= ck of resources > > the Qubes project has. However, I don't see how this will be be > > better in the case of Spectrum which is a new project with one dev= eloper.=20 > That's a fair point. Things to consider: > 1. *probably* certain things can be easier (thus, less bug-prone) in Sp= ectrumOS > than in QubesOS (kvm easier to work with than Xen, bigger potential com= munity of > users and developers due to improved hardware support, etc); > 2. perhaps some QubesOS tools could be used in SpectrumOS, thus limitin= g the > amount of work needed >=20 > > More generally, I'm wondering whether this > > projects' goals couldn't be better achieved by trying to work with th= e Qubes > > developers to integrate Nix. It may very well be that they would reje= ct it for > > some reason, but then the logical next step would be to fork Qubes.=20 > My feel is that QubesOS and SpectrumOS might have a bit different threa= t models > in mind, and thus things that make sense for SpectrumOS (like using kvm= ) are a > no-go for Qubes. But that's just guesswork on my part. >=20 > > Have you reached out to the Qubes developers? > > =20 > > Thanks in advance! > > =20 > > ## References > > =20 > > [1] https://spectrum-os.org/motivation.html > > [2] > > https://www.qubes-os.org/faq/#why-does-qubes-use-xen-instead-of-kvm-o= r-some=E2=80=A6 > >