I want to love Qubes, but it is a lot more heavyweight than I want to pursue. I have no crypto fortune or government/industrial secrets worth stealing, so it would be putting on a lot of pain knowing I am not a person of interest. I already run my development work inside a VM, but that has some papercuts. Going full Qubes would probably get even more annoying.
replyA security/isolation layer like this I could use for free feels like it would get me so close to the Qubes ideal without having to completely change how I interface with my machine.
IMHO the whole point of Qubes is that it does not do the compartmentalization at the level of individual applications, but groups of applications. Otherwise you'd need to very clearly specify how/when exactly the applications can exchange data, what data, etc. I'm not saying it's impossible, but "apps in the same qube VM can do whatever" is a much easier concept.
reply