HACKER Q&A
📣 samuell

Qubes OS or just separate VMs for separating work and private files?


Hi HN,

Where I work we get a laptop which we control quite a lot, except requirement to encrypt and backup the work data.

I do also a lot of open source and hobby coding on my free time, and I feel it would be very wasteful to have a separate laptop just for this.

Thus I have been thinking of different ways to keep work and private files on the same computer but separated.

It seems Qubes OS [1] could fulful this need, as well as provide good security.

On the other hand, Qubes seems to require a fair bit of time and energy to get set up and maintain. Thus, it struck me that a thin linux host system without many apps, and then keeping work and private projects and files in virtual machines in e.g. virtualbox, would provide similar basic benefits, without the technical savvyness needed by Qubes OS.

So I was wondering, does anybody have experience of any of the two setups, and could provide some pointers and feedback with pros and cons of them?

[1] https://www.qubes-os.org/

  👤 99112000 Accepted Answer ✓
I have something to say about this as I have ran both setups:

* Qubes for 5 years

* Windows with VMs (1 year)

Long story short I would go with Qubes unless you require Mac OS virtualization, then I would go with a DIY VMs on KVM.

Things I hate about both setups:

* Screensharing, you can only share whatever is in the VM

* Overhead, you need more RAM than you would expect to keep things running smooth, every VM loads it's own kernel. Even in Qubes I typically just run HVMs to keep it simple, installing software in template VMs is kinda annoying

Qubes Pros:

* You get to learn about Xen

* Proper hardware separation easily

* Super easy disk encryption

* UX feels better as you can easily mix windows of different VMs

* Expanding storage is relatively easy and backing up as well

Qubes Cons:

* You get to learn about Xen

* Takes time to setup, audio, camera, mic, video ports not always working as expected

* no way to virtualize Mac OS natively

* No secure boot

I would recommend Qubes, yes it's a pain to setup, but you will learn new things. It will be a more secure environment if done properly.

👤 GekkePrutser
The 'problem' I have with Qubes is that it uses XFCE. I'm not a big fan of that, it's too barebones for me.

I tried it for a while but I didn't find the UX great. It's very powerful, meant for a multitude of different VMs with different security and networking configurations, which seems a bit overkill for your situation. It was for mine anyway. I wanted it as a secure workstation but it's a bit heavy for that, and the added security kind of gets in the way of what I find a great user experience.

In the end I moved to FreeBSD which allows to even containerise GUI applications (not docker, but FreeBSD jails). It's not as secure as Qubes obviously but usability is better for me. It's all about finding a balance that works for you. It will require a lot of tech savvyness though to set it up that way.

I don't think you need a lot of tech savvyness for QubesOS though! If you can manage Virtualbox you can manage Qubes just fine.

I would recommend trying Qubes nonetheless. They have some great ideas. It was just not the best fit for me at that point.

👤 isaac21259
Have you considered nix os? I personally don't use it but I think it could fulfill your needs. You could have a work user with the home directory encrypted and a seperate personal user. Then you can install packages in a user independent way and you won't have any cross over between your users.
👤 foothall
I used Qubes for a few years, but gave up due to having weak control over the VM templates, and difficulty playing games.

Using Qubes would allow you to familiarize yourself with VM-oriented workflows.