Qubes 3.2 After One Month

Having spent nearly a month with Qubes, this is the record of my observations.

Summary #

I love the way the system works and plan to keep it. However, performance, especially graphics performance, is the main cause for doubt about keeping qubes. I would probably buy a different laptop rather than stop using qubes, so that’s a fairly strong endorsement!

File Copying #

I couldn’t see a progress dialog while copying files in sys-usb, which was unusual. (edit: this was because in the Fedora template the file explorer shows the file copy dialog in the file window, not as a separate dialog).

Also some unexpected behaviour when copying a second batch of files while a batch was mid-copy. It interrupts the first lot of copying. I’m used to FIFO file copy priority, not LIFO.

Browser Cursor #

Cursor in browser only shows default, eg no pointer (hand). I find this frustrating, but not a deal breaker.

My guess is this is a deliberate design decision for security reasons, and found this is indeed the case. Read more - https://github.com/QubesOS/qubes-issues/issues/1551

Battery Life #

Battery life seems identical to previous install, which is about 6h on a full charge with light load (web browsing and text editing). I don’t use the battery much, but it’s good that the vm overhead isn’t causing any noticable drain.

Disposable VM for incognito browsing #

I prefer to do all my surfing in incognito mode, so it’s a natural step to do that within a disposable vm.

The setup was a little bit more complex because I wanted to use chromium rather than firefox, so had to modify the base disposable vm template based on debian.


The raw commands I used to create my dvm template are:

user@dom0 $ qvm-create-default debian-8
user@dom0 $ qvm-run -a debian-8-dvm gnome-terminal
user@debian-8-dvm $ chromium # customize chromium here
user@debian-8-dvm $ # any other dvm customizations here
user@debian-8-dvm $ touch /home/user/.qubes-dispvm-customized
user@debian-8-dvm $ poweroff
user@dom0 $ qvm-create-default-dvm debian-8

The launcher command I use in one of my desktop panels to launch a disposable incognito chromium browser is

sh -c 'echo "chromium --incognito" | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT gray'

When the base template (debian-8) is changed the disposable vm (debian-8-dvm) needs to be updated manually which is a bit of pest. If it isn’t updated, chromium does not have all the bookmarks I usually would expect to be there (instead it loads as a fresh chromium).

To get chromium back in sync with the updated debian-8 template:

user@dom0 $ qvm-create-default-dvm debian-8

Template Inheritence #

To my mind the next logical step is to have package management be inherited. This would keep the base template clean and allow different vms to have different packages installed without needing to create lots of different templates.

It seems a waste to clone the debian template for every vm, eg I want to have sshfs in workvm but not personalvm but have both be based on debianTemplate. To do this cleanly I need to clone the debian template, ie create workTemplate and personalTemplate. It’d be cool if the package management could be abstracted to a separate layer so rather than have the hierarchy of
template > appvm
it would be
template > packagesABC + packagesXYZ + ... > appvm

It makes the UX more complex, but this would be very handy to have.

Utilities #

The debian vm was lacking applications I often use for basic tasks. Not a big deal but worth a note.

I installed

In hindsight, I wish I’d kept the debian-8 template completely clean and cloned it for each particular use case.

Max HDD Size #

I ran into an issue decompressing some files - the default file size for the VM is only 2 GB so I had to pump this up. Not a big deal, but it was illuminating how simple this was to resolve.

The error wasn’t particularly useful, but it was easy to figure out why it was happening using df and the settings for the vm in Qubes VM Manager.

This setting can be changed without stopping the vm. I was impressed by that!

CPU Allocation #

For my personal VM which I use the most heavily, I set the VCPUs to be able to use all four cores. The default was only two. No restart of the vm required, very cool!

Disposable Changes #

Changing anything in a vm that isn’t in the home directory only survives until the next reboot of that vm. I am surprised at how useful this is, especially for testing out bits of software and not worrying about bloating the system. I use this feature much more than I expected and fits well with my workflow.

Multimedia #

I tried running some 4K videos from my phone. In VLC only a single frame showed, with max CPU. I’m guessing this is due to the limitations of my graphics in xen.

I then tried loading the video file in my browser, and it played at about 2 fps, which was better than VLC but still not watchable.

Lower resolution videos worked just fine (I tested with an SD video with no issues in playback).

Youtube works well, as does any other video or audio site.

One point is that fullscreen video will still have a window title bar so there is no ‘true’ fullscreen. This may impact on presentations etc which require fullscreen. For my uses it’s not a problem, but is something to be aware of. Again, this is a deliberate security feature which can be overridden by right-clicking on the window title bar. ‘True’ fullscreen can be enabled but I have not - https://github.com/QubesOS/qubes-issues/issues/1551

Conclusion #

I love using Qubes and it fits my desired workflow very nicely. My main issue is performance, especially graphics performance.


Now read this

The engineering response

Recently I submitted an issue for a software project. It was something like “The column for total shows NaN when it should be a number” and a bit of speculation about why this may be happening. Turns out I was wrong with why it was... Continue →