Qubes 3.2 Review

I recently installed Qubes OS; this is my experience. In general it’s fantastic and easily facilitates the workflow I had evolved previously using Xubuntu, but effortlessly expands the security and privacy afforded by the qubes architecture.

The things I like most from my first impressions are:

Background #

The laptop I installed on is a Kirabook with an i7-4500U CPU, 8 GB RAM, 256 GB SSD.

Installation #

General Overview #

Installation was extremely simple and clear. I found it easier than installing ubuntu, which is very impressive indeed.

Keyboard Layout #

Having a keyboard layout indicator at all steps was fantastic, but was displayed slightly too narrow. This meant alternative keyboard layouts showed us(... instead of us(workman). It’s clear that some alternative layout is being used, but it would be great to see the whole layout, or have it as a title text on hover, or even the first letter of the layout, eg us(w....

Passwords #

Life would have been far easier if passwords could be shown, as is commonly an option when entering wifi passwords. I understand this isn’t a standard feature, and may be seen as an anti-feature for a security oriented os, but as a usability feature it would have helped me greatly.

My main need is to see that the password I entered matches the keyboard layout of my choosing. Having doubt about the keyboard layout is the primary concern, but it led to this secondary password-related concern. Confidence in the globalness of the keyboard layout would aleviate it (usb, ps2, inbuilt laptop, remote, yubikey etc).

Partitioning #

The wording ‘reclaim disk space’ confused me at first, perhaps ‘modify existing partitions’ might have been clearer, but that’s just the wording I’ve become used to.

Display #

The display during installation was very clear, despite my display being high density (2560 x 1440 on a 13" screen). Usually everything look tiny until the resolution or density is adjusted. This is something even Ubuntu, renowned for being using friendly, doesn’t get right, so big props to Qubes on this.

Post Installation #

HDD Decryption And Login #

I had an issue decrypting the hdd at boot (related to using a usb yubikey). This would have been less of a problem if the feedback was clearer, but all that happened was the password field flashed off and appeared again with no value. Some additional feedback on error would be very useful in this case.

It’s also unusual to have no blinking cursor in the password field. I like the minimalism of it, but for some users it may be disconcerting.

Wifi #

How to join wifi wasn’t clear at the start. It wasn’t too hard to work out it’s in ‘Network Connections’ application under the ‘sys-net’ NetVM. But it took a bit to understand the network pipeline from sys-net to sys-firewall to domain vms.

Coming from a system with a single network manager made me look to the top right of screen for a widget to connect to wifi. Perhaps a notice there for new users directing them how to connect to wifi would be a beneficial start to the networking experience.

Default VMs #

The default VMs being fedora rather than debian caused me to delete them all and replace them with debian ones. Just a familiarity thing again, but I reckon debian would be a more familiar and comfortable default for most users.

Global Configuration #

Setting up the global environment was very simple, thanks to the System Tools at the top of the Qubes menu at the standard top-left-of-screen.

The main changes were all in line with my old changes in Xubuntu, so it’s reassuring that Qubes can operate with settings I find comfortable.

The one thing I miss is a system-wide monitor of CPU usage and RAM consumption. The Qubes VM Manger is a pretty good alternative but I prefer to have a ticker / monitor in the top panel. When I added it to the panel (which is in the dom0 domain), it seemed to only monitor the cpu / ram for that vm, whereas I’d like to have an aggregate monitor.

A simpler option may be to have aggregate CPU / Memory data in the Qubes VM Manager rather than have a specific widget for it.

Remap Capslock #

The steps to remap caps to ctrl are

This is an XFCE thing and it would be good to see that desktop environment add this feature as a configuration setting in the Keyboard Settings.

Terminal Copy / Paste #

I’m used to using Ctrl+Shift+C / Ctrl+Shift+V to copy / paste into terminal, but this is now the shortcut to copy / paste to the global Qubes clipboard. I haven’t resolved this yet but it’s something that will certainly need my attention in the future.

As a short term solution I’m using right-click paste.

Global Keyboard Shortcuts for Domain App #

I use Super+T to launch the terminal, and would like to map this to the terminal for the personal domain rather than dom0.

This is achieved by setting a global keyboard shortcut to the correct command to launch the terminal in the personal domain.

Qubes Menu > System Tools > Keyboard > Application Shortcuts > Add

qvm-run -q --tray -a personal -- 'qubes-desktop-run /usr/share/applications/gnome-terminal.desktop

Multiple Monitors #

Multiple monitors worked out of the box, exactly the same way as my previous xubuntu installation. Very pleasing.

USB Keyboard and Mouse #

During installation I chose to have qubes isolate usb devices to their own vm. This makes good sense for plugging in potentially infected usb drives etc.

I usually use a USB keyboard and mouse through a USB hub. This didn’t work when I plugged it in. It probably also explains why my yubikey appeared to not work.

My debugging process went like this:

Neither keyboard or mouse via usb hub worked.

The mouse direct to usb worked (ie without the usb hub).

The keyboard direct to usb didn’t work.

The keyboard needed tweaking as per the docs on How to use a USB keyboard

The keyboard worked after adding the following line to the top of /etc/qubes-rpc/policy/qubes.InputKeyboard

sys-usb dom0 ask,user=root

Both devices now work plugged directly to a usb port and from the usb hub.

Appearance #

The only issue I have with the appearance is lack of contrast on the close / minimize / maximize buttons in the title bar of the window from the default theme.

I switched to Bluebird which is much easier to see.

Qubes Menu > System Tools > Window Manager > Style > Theme > Bluebird

I also changed the style to Clearlooks

Qubes Menu > System Tools > Appearance > Style > Clearlooks

The use of different colors for window borders depending on the vm is a challenge for the visual aesthetic, but it works very well and the default choices are surprisingly pleasing for such a tech-focused os.

Performance #

The performance is definitely not as snappy as I’m used to (as expected). It’s perfectly usable, but my main problem is not having dedicated graphics (entirely my own problem!). My laptop is fairly beefy (see Background above), initially intended for running mulitple vms from virtualbox. Qubes definitely puts that grunt to use.

Boot time is comparable to xubuntu.

Login time is extended because of the need to decrypt the hdd first, which takes about 10s.

The time to start chromium from a vm that’s currently off is 19s

The time to start chromium with a blank homepage from a vm that’s currently on is about 2s. This is really quite slow.

Starting terminal from a hot vm takes less time, around perhaps 0.5s. Still not as fast as I’m used to, but definitely usable.

Opening new tabs in the browser is instant, so it’s only the starting of applications that seems affected. The actual performance of applications is excellent.

Memory allocation is very high. My system has 8GB or memory; right now the dom0 vm is allocated nearly 3 GB and the personal domain about 3.5 GB. The system vms (usb, net, firewall) are allocated 300 - 700 MB each, which is fairly efficient.

There’s no easy way in the Qubes VM Manager to see how much memory each vm is actually using, which is something I like to see. The memory display does indicate the total allocation as a number, but the consumption only as a bar which isn’t easy for me to read. I’d prefer a number for consumption as well as allocation.

htop shows the personal vm running chromium with some heavy web apps (gmail etc) at just under 1 GB. This is in line with what I’d expect.

My issue of having no dedicated graphics is not trivial. Google maps is almost unusable. I’m a light-weight user of graphics, no gaming and minimal video / photo work. So I’m not in a good position to judge graphics performance, but my experience of graphics-heavy applications so far hasn’t been great.

Recommended Reading #

I spent about an hour researching before deciding to install Qubes. The information I found most useful was

Overall Impression #

Qubes is an amazing operating system. The design of the user experience is phenomenal, and closely matches my previous modus operandi but at the os level rather than just the browser level.

The technical achievements are simply awesome. The degree of isolation adds so much flexibility, most of which will go unused in day-to-day operation, but when it’s needed is easy to use and very powerful.

I’ll be happily using qubes as my daily os. The inital setup was understandly slightly more involved than a standard ubuntu install, but I’m amazed at how simple it is to use. My main motivation for using qubes was from a privacy perspective, but it naturally goes hand-in-hand with the security component. I’m very happy to have both in a simple-to-use os.

Putting the technical merits of the qubes security model aside and only considering the visual and experiential design, it’s a beautiful accomplishment and I’m really enjoying using it.

 
24
Kudos
 
24
Kudos

Now read this

JavaEE Simple Web App with GlassFish

This is a guide to starting a basic web project for JavaEE. It’s assumed that JavaEE is set up and ready to go. Download Eclipse for JavaEE. It’s here: https://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/lunasr2... Continue →