Nextgrid

I’m using this as a daily driver.

It’s usable and the security benefits are definitely important when working with multiple security domains (separate clients each with their own confidential data and third-party dependencies, where you don’t want one client’s malicious NPM dependency affecting the other).

However, there are cons. It’s only really usable in a stationary environment; it completely kills battery life and even basic tasks such as (non-HD) video display maxes out a single CPU core so it’s just not worth trying on a laptop. Hibernation doesn’t seem to be supported by default which becomes risky when combined with the extreme power usage.

isodude

I've been using this as a daily driver for at least 5 years now.

Only laptops so far, with 4+ cores and 32+GB RAM and 500G+ disk.

It was working fine on my Lenovo T470p, and it runs pretty sweet on Lenovo P14s. Except that suspend is not working. ( Hopefully is resolved soon ).

It's always a problem with battery, but with suspend working fine it's quite easy to get a solid 30 days uptime even though you move around. ~3h runtime with ~10 vms running.

I wouldn't say it's perfect, but I wouldn't choose anything else if I would do it all over. Totally worth the extreme learning curve ;-)

thinkmassive

Is it worth trying on a laptop with less RAM, like 8 or 16gb?

isodude

To make Firefox happy inside a VM it takes up about 2GB RAM. Dom0 eats up 1G RAM. sys-net, sys-firewall, sys-usb eats up another 1G RAM.

My collegue actually runs on 16G, but he has to consider memory when starting a VM, but it's doable.

You can run on 8G, but it wouldn't be a good daily driver. But maybe if you have a very specific purpose?

24G+ is comfortable. I'm currently at 48G and have 43G "mapped" to VMs. It's very easy to use a lot of RAM!

lapinot
sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.

edit: maybe i'm being a bit optimistic for sys-net, which is the vm hosting the driver for the network card: these drivers are included in the linux tree and would need to be extracted and packaged into an unikernel. But for every non-driver vm it "should be easy" to get an unikernel implementation (drivers for paravirtual devices are easy to write).