Ask HN: Is there some sort of stigma around Qubes OS on HN?
I find Qubes OS ("A reasonably Secure Operating System") very interesting. Not only as a general proof of concept of what Information Tech could have looked like if designed otherwise from the start, but also -especially- in the context of today's third party risk: compromised package dependencies if you're a developer; malware in documents if you receive and open files locally; phishing if you're, well, anyone, privacy-stealing ads when browsing, and so on.
In our world where most PC owners typically perform dozens and dozens of completely independant tasks (gaming, emailing, banking, streaming, doom scrolling, online buying, web browsing, maybe working even) from a single machine, the current attack surface is enormous and, consequently, the benefits of turning that single machine into dozens of contextual yet independant VMs around a stripped down secure kernel have always appealed to me.
However, searching through HN posts and comments I can't find much (if any) discussion about Qubes OS or its vision, even in the numerous recent threads where people here lament constant data leaks, compromised NPM packages stealing API keys, fake hiring agencies that manipulate you into installing a RAT as part of the process, IA-generated video phishing, etc.
Curious to know more about why that is; surely in 13 years many on Hacker News have heard of Qubes. So why isn't usage of VM isolation in general and of Qubes OS in particular more discussed and more prevalent outside of cybersec and related fields (incident response, offense, malware analysis, activism).
Is there a particular bias against the team or the project? Is it so difficult to use not even HN technophiles even try? I've been following the development of Spectrum OS, which seems to be Qubes with a "Nix take". > Spectrum will, for now, be a Linux-based system, with packages from Nixpkgs but not derived from NixOS. This gives us an actively-developed base with good hardware support, powerful and optimised compartmentalization primitives in KVM, and the reproducible packaging and configuration system that is important for a maintainable compartmentalized system. Coincidentally I started toying around with it this week. It's pretty cool. I've known about it at least since Snowden namedropped it, but the main reasons I hadn't tried it before: - I already isolate workloads between VMs or containers - Wayland support isn't really there yet without breaking the interop that Qubes provides - Personal Qubes use cases (e.g banking) overlap with GrapheneOS profiles for me, which I already use. Though Graphene profiles are less ergonomic in that they don't support templating yet. But I've thrown it on my carry-around Thinkpad to give it a shot and I like it so far. I tried to use QubesOS and I learned a lot. It was a fun experience. But not having any kind of hardware acceleration made it unusable to me for my Desktop computer. It was a couple years ago, QubesOS did not support GPUs, and it felt like supporting GPUs was fundamentally going against the security model. And the whole point of QubesOS is for the Desktop, right? Because for servers, I can run VMs without needing any of the QubesOS tooling. Good MLS-enabled systems are a pain to use, bad ones are intolerable, and most ppl don’t really need MLS anyway. > searching through HN posts and comments I can't find much (if any) discussion about Qubes OS I think there's a fair amount of submissions and discussions: https://hn.algolia.com/?q=Qubes Sure but those are mostly old to very old (7y+). I counted only 7 threads in the past 3 years with at least 10 comments, and if you filter by past year there's no thread with more than one comment. Basically zero traction here recently, while I would have intuitively thought the vision would spread with recent trends: AI spread, privacy concerns, OS enshittification, disinformation wars, device attestation/control, GDPR...