I've been using it as my daily dev machine for ~5 years now.
As per the article, the usability tradeoffs are considerable. But the separation of domains into separate VMs is really lovely. If nothing else, having a separate VM per client just feels "right". No intermingling of code and, even more importantly, secrets or credentials or even comms. Being able to use the same physical machine for personal stuff as well as work is also a bonus.
One of the killer features of Qubes when I used it was the ability to "pause" a VM and all of the apps running in it. That's something I've tried to replicate with tools like tmuxp but I've never found an abstraction as clean as "serialize the whole process tree to disk" like Qubes has.
I gave up on it for usability reasons, but that feature is killer. Anybody else aware of anything similar?
The amount of hidden state modern hardware uses is humongous, it's infeasible without abstracting it in a VM. I remember some Win9x software that would let you save the process state to disk and restore it later, but even in that much more primitive era it was hit and miss.
I have used VMs to configure gaming keyboards. Razer's huntsman v2 red silent is an amazing office keyboard, but you need the brain vomit "Synapse" to configure it. I just start a VM, install Synapse and go to town instead, leaving my regular system pristine.
Trying to run ZFS on a bunch of disks was hard. When I ran it on a laptop power management was miserable. It's just hard to use as a desktop system -- I switched to Arch and it's a lot easier for day-to-day.
This is the same concept as CoreOS, which now lives on as Flatcar, though with harder isolation guarantees because VMs.
I love the idea. Extremely minimal attack surface.
At the moment, I'm working on building a virtual version of the NUC that I purchased that will also run Flatcar so that I can test the configuration of my Docker Compose services.
I hope Qubes OS developed a solution for GPU passthrough by now, as, reading the article, that's the only thing that's missing, back in 2023. Similar to how sys-net and sys-usb work, we need sys-pci and ... done.
I've been using it as my daily dev machine for ~5 years now.
As per the article, the usability tradeoffs are considerable. But the separation of domains into separate VMs is really lovely. If nothing else, having a separate VM per client just feels "right". No intermingling of code and, even more importantly, secrets or credentials or even comms. Being able to use the same physical machine for personal stuff as well as work is also a bonus.
One of the killer features of Qubes when I used it was the ability to "pause" a VM and all of the apps running in it. That's something I've tried to replicate with tools like tmuxp but I've never found an abstraction as clean as "serialize the whole process tree to disk" like Qubes has.
I gave up on it for usability reasons, but that feature is killer. Anybody else aware of anything similar?
Look at https://criu.org/Main_Page - it's meant for exactly that, though the problem space is genuinely hard.
The amount of hidden state modern hardware uses is humongous, it's infeasible without abstracting it in a VM. I remember some Win9x software that would let you save the process state to disk and restore it later, but even in that much more primitive era it was hit and miss.
and yet, Microsoft do it on their consoles with the "quick resume" feature.
3 replies →
I have used VMs to configure gaming keyboards. Razer's huntsman v2 red silent is an amazing office keyboard, but you need the brain vomit "Synapse" to configure it. I just start a VM, install Synapse and go to town instead, leaving my regular system pristine.
There used to be cryopid in the days of 32 bit x86 and it was great and Bernard is cool.
https://github.com/maaziz/cryopid
Somehow I doubt it's still a thing but haven't had a reason to check.
What is your use-case for it? Hibernation?
> I gave up on it for usability reasons
Pray tell what were those reasons?
Trying to run ZFS on a bunch of disks was hard. When I ran it on a laptop power management was miserable. It's just hard to use as a desktop system -- I switched to Arch and it's a lot easier for day-to-day.
More reasons to use it: https://news.ycombinator.com/item?id=42099398.
This is the same concept as CoreOS, which now lives on as Flatcar, though with harder isolation guarantees because VMs.
I love the idea. Extremely minimal attack surface.
At the moment, I'm working on building a virtual version of the NUC that I purchased that will also run Flatcar so that I can test the configuration of my Docker Compose services.
I hope Qubes OS developed a solution for GPU passthrough by now, as, reading the article, that's the only thing that's missing, back in 2023. Similar to how sys-net and sys-usb work, we need sys-pci and ... done.