The biggest problem is the lack of a certified laptop. Librem13 was certified for R3 but as of now there is nothing certified for R4 [0]. Their stance on Intel ME is clear and good. I hope they don't give it up or water it down with commercial licensing. So theoretically if I approach them as a company and tell them I want to get Qubes on company laptops they should tell me no laptops are secure.
One of the most interesting OS project imo, I hope there will be some changes on the hardware side eventually but unfortunately I remain skeptical.
If you are already running an operating system on an Intel vPro (VT-d, TXT) laptop, you can likely run Qubes on that hardware.
If you are concerned about the Intel ME, you would need an Ivy Bridge vPro device like the Lenovo x230, plus skillz [0] that improves the security posture of all operating systems, including Qubes.
In principle every x86 operating system has this problem. The difference is in the expectations. If a laptop is certified for Windows 10 I expect it to run Windows 10 decently. If a laptop is Qubes OS certified, I expect it to run Qubes OS securely, with decent performance.
What kind of issues have you seen with Qubes on vPro laptops?
Security is only meaningful within the context of a threat model. Qubes, like every operating system, has many possible configurations, for different threat models.
Does this mean Qubes OS 4.0 will be delayed, as the team's efforts focus on supporting version 3.2 for enterprise? I assume this also means significant UI improvements will be delayed even further, because companies don't like user interfaces changing up on them every 2 years. Although I think they would also benefit from an improved and easier to use interface, which would ultimately decrease training time and costs.
It would be nice if we could get an updated roadmap soon, perhaps after the Qubes OS team already gets some enterprise customers and things are more stable. The other one is already almost 2 years old (and behind).
I find annoying when a project identifies itself as an "Operating System" that I didn't know about... until now, because I suspect that it may be a Linux distribution and not a new OS, but I can't tell from the main page.
I understand why (tying to avoid the "yet another Linux distro" stigma), but when you go to "What is Qubes OS?" in https://www.qubes-os.org/intro/ ; they fail to mention that is Linux based.
What Qubes is is a Xen hypervisor (as I understand it, hypervisor independence is a work in progress) with a particular configuration and set of tools to serve as plumbing between various virtual machines and the dom0 host.
They distribute Fedora, Debian and Whonix domU guest images (and the dom0 host that is installed is Fedora), but you're free to install BSD, Windows, or whatever else you can get to run as a VM guest.
It's a bit weird that they don't mention Linux on that page at all, but I agree with them that labeling it as a "Linux distribution" isn't very useful. From a user perspective they could swap the Dom0 operating system, where most of the important bits happen, out with something else and ideally that wouldn't be an important change.
For the guests that actually run the software you use directly, they provide templates for multiple Linux distros (and don't have their own brand) and support Windows as well, so I don't think the application-level is seen as part of it. Whereas I'd see "provides a more or less curated selection of applications + configuration" as an important part of a Linux distro.
While I entirely agree with you wrt the kernel, the separation and isolation bits they do is new and novel from a general purpose operating system's standpoint. Also, Xen really is a small microkernel that runs ontop of Linux, so their comments on the separation being more secure than if they used KVM actually do have merit. If you want something similar that actually is a different operating system, checkout the Muen Separation Kernel (which is pretty neat tech).
Qubes needs to spend more effort on easy of use. The only way that I found actually worked for using Qubes was to install it as the base OS on an entire machine. Running it in a VM, even just for demonstration, does not work. Furthermore, I even tried collaborating with the EmuLab team to get Quebes installed using bareal metal; however, even that is largely impossible due to both the no outside VM constraint as well as the networking isolation of Qubes.
There is a YouTube video where Qubes is installed on VMWARE, but I was not able to even come close to replicating it.
I think this is pretty awesome. In the short term it slows development but if they find some core costumers it will allow them to continually improve the OS long term and hopefully more hardware.
I've been trying to install onto a flash drive for a week now. Neither a 2015 MBP or a custom pc with an nvidia card seem appropriate intermediarys for what I've been assured is a "Simple process"
Qubes OS itself is a nice idea. I worry about the commercialization aspect, though.
Will the Qubes Team be sharing a portion of their commercial profit with members of the Open Source Community who have previously contributed to Qubes OS?
> Will the Qubes Team be sharing a portion of their commercial profit with members of the Open Source Community who have previously contributed to Qubes OS?
As one of the people who has contributed code to Qubes, I don't see why they should do that. I didn't contribute out of hope of financial gain, and I doubt anyone else did. They should use the money to pay for further developments on Qubes, not to pay for work already done and given away for free.
There is such a thing as more than one kind of obligation. Are they LEGALLY obligated to share? Likely no. Are they MORALLY obligated? That's definitely up for debate.
EDIT: The parent does not deserve down votes because you disagree with their opinion. Grow up.
One of the most interesting OS project imo, I hope there will be some changes on the hardware side eventually but unfortunately I remain skeptical.
[0] https://www.qubes-os.org/doc/certified-laptops/