Is there a lightweight QUBES like OS ( or should we build a "fork"? )

Software & Operating Systems Linux
1

What we want / need

Highly secure, compartmentalise OS. Where everything is working in “sandboxes”. That is easy to use.

So a “user friendly” alternative to QubesOS. If it exists already - let me know.

If it doesn’t - how do we make one?

Why not just feedback to the qubesOS team & community ?

Unfortunately some has tried to do so. However QubesOS principle respectfully is driven primarily by security at all cost principles.

As such vGPU support has been a “hard no”, because of lower security implications.

Which I admire, but would respectfully want a compromise.

So how would a fork potentially work ?

We can fork and start with the following (lower hanging fruit)

  • Figure out a Fork Name
  • Maintain qubesOS repository as an “upstream”, to ensure the project get continued security updates. And start with the following
  • Rebrand/Reskin with the fork OS name
  • Fix productivity killers
    • Add support for “Virtio-GPU / Virlgl” in the root OS
    • Add the option to synchronise the “clipboard” before/after “copy and paste” short cut occurs
    • Add easy support for doing a screenshot (at root level), and saving it easily into any of the VM’s
      • Moving anything from root to VM (and vice-visa), is intentionally made difficult in qubes.
    • Add the option, to stream a desktop screen, as a “looking glass” window in a VM
      • This makes the occasional web conference screen share much easier (assuming we can get the GPU support first, cause thats the bigger killer)
    • Add the option to share “camera” / “microphone” with multiple qubes VM easily. Right now the USB “plug in and out” sometimes create driver issues, that require hard reboots.
    • Fix other major productivity killers, that may affect other users (based on feedback)

Once we get the basic productivity killer stuff done, we can look into nice to haves

  • Make it easier to attach dedicated GPU’s for VM’s, for gaming
  • Looking glass support - reduce that screen latency
  • Make it easier to install and configure
  • Make it easier to setup “common apps” into “profiles”, and to manage them.
    • This is meant to make it easier to setup for common office workers, allowing this OS to potentially be the “default” for common office work.
    • This could be based on the ubuntu snap store ?
  • Make it easier to setup a “profile” behind a “VPN” : which is extreamly useful for the rising Work From Home pattern
    • This is already one major use case for me, due to my need to constantly switch between multiple VPN environments, for different profiles. This automates that process for me. Instead of requiring me to constantly login/out of networks on my macos laptop.
  • Various other things to improve overall ease of use, while limiting compromises in privacy

How would this benefit FOSS / QubesOS community

Despite the “reduced security”, because it still enforces applications to be run in VM sandboxes. This is already superior security and privacy to every existing consumer OS.

This could potentially be a unique selling point, for the OS the compete in enterprise environment, as long as we do not compromise on productivity, or userbility.

The goal is not to compete or replace all other linux OS, but to complement them.

If you want more control over your UI, you probably may want the more common linux distros
If you want more security, go upstream and use QubesOS instead.

I would argue, because only a small percentage of the population would want the “security at all cost” model of QubesOS. A successful user friendly fork, would literally serve as an onboarding ramp for new users to linux, as their security risk changes. ( Eg. Journalist, who was daily driving it originally, but is now moving into covering an active warzone )

What feedback do I need / How can anyone help ?

I am relatively new in general to customising linux OS’es - sure i have tried abit for common ones (like ubuntu) for my own use. But to customize a full OS, and provide installer disks, etc. Is a huge undertaking for me. And would like to know if anyone in the community has direction / feedback on this.

Also my idea on how this should work, is developed in my head in a bubble. And I would really want some community feedback, if this even make sense, would you consider using such a OS, if most of the annoying QOL features that was stripped out in qubesOS was added back.

1 Like
2

My background story

From a productivity perspective - I love QubesOS - at least on paper. Along with its high bar on security (huge bonus).

Specifically the ability to segment, and isolate software into “VM sandbox” everywhere.

I have different profiles, for personal, for low security work (public communication), and high security work (infra code and keys). I been daily driving it for about a half a year.

But recently, due to needing to be on the move, I have switched back out to a “macbook air” (the only working thin & light laptop on hand).

And damn, I dun think I can switch back as of now.
But I really want to do so, because a part me wants to take a stand against apple.
However not being able to GPU accelerate properly, is a huge drain on battery. So hence this post.

While there was a huge gain in productivity in being able to strongly “compartmentalise” different apps, and use cases. But the following are huge downsides, that made it hard to switch back from other “normal” OS. These are my field notes.

huge deal breakers

  • lack of GPU acceleration, making lots of the modern web a pain
    • i would hope this should not be a deal breaker, but I cant decide how the web works
  • overly complicated operations for taking “screenshots” or sharing files between VM’s

other small annoyance

  • copy and pasting rituals of strings
  • transferring of files is more complicated then it need be
  • how its nearly impossible to share screens between VM’s
  • lack of customisation of the OS UI
  • complications in managing networking, when u have more then 1 network provider
  • obscure driver issues / lack of compatibility in hardware (worse then most linux distro)
  • volume and audio control routing is “complicated” at times, or even non functional at worse
  • how difficult it is to do simple things like monitor CPU / RAM usage or have a “task manager”

other potentially useful UI

  • an easy “appstore”, where you can designate the “profile” to
2 Likes
3

| reserved - in case i need to pin notes on this project in the future