As part of the FLOSS rooting crowd, I'd really like that to happen. But we have to face reality: on the desktop, after decades we're still fighting for 2% of the marketshare.
Not that progress hasn't happened. Quite on the contrary. Linux on the desktop experience nowadays is VASTLY superior to even 5 years ago. Of course, users from other camps will complain of features that have been lacking for many years (thumbnails in the file picker!) but alternatives aren't without their problems either: get a seasoned linux to try MacOS or Windows and you'll recognize weaknesses on the other approaches too.
For me, linux on the desktop has been ready for a long time. I don't care if the market share is still in the single digits if it is good enough for me. Since I like the freedom, privacy, security and (yes) ease of use of desktop linux and do not depend on non-multiplatform software and services, there's just no better OS for me. Not everybody has this choice though.
So, linux on the desktop not being popular is not a problem. If it continues popular enough not to be ignored by hardware vendors and service providers, everything else will continue to improve over time.
Gnome's file picker is notoriously, offensively bad - to the point that it makes me completely lose trust that any thought has been put into the human factors of the rest of the system. Plasma, on the other hand, continues to surprise with its thoughtful and accommodating design choices.
Life is too short, and brainpower too limited, to justify wasting either on frustrating software.
I love KDE too. It's so configurable and just plain powerful. And looks great as well.
I really felt so empowered when I left macOS for FreeBSD with KDE and I still do. I found I really hate opinionated software because usually I don't have the same opinions :)
It's great for me. It runs for months as a daily driver without any issues. No crashes. In HiDPI also.
However I run it on a desktop NUC with wired everything. I don't use WiFi, Bluetooth or Suspending. I'm not sure if the more laptop-related usescases will be ok. For example I had to turn off my bluetooth controller because it hangs the boot process. I think this is just a peculiarity of my particular controller though.
Also I have one weird key repeat thing I still have to investigate :) But I think my Apple keyboard is just a bit funny.
Not just manual installation but fully automated remote installation too. From a manageability perspective, the 2000 series was a leap forward, with Active Directory and Group Policy. I always found it odd that Apple never even attempted to provide a proper solution for remote management of their OS and just left it to 3rd parties like JAMF. (I know they've made inroads into "enterprise" since then, but this definitely hamstrung them there for a long time)
It's funny you have concerns with Windows using too much memory at idle, I actually have no idea how much memory my daily-driver Ubuntu install uses at baseline, but my #1 issue with desktop Linux is how badly it behaves when low on free memory. Windows and MacOS will at least warn/prompt you to kill programs. On Linux, by default....the mouse just stops moving and you can't do anything. You can fiddle with settings and install tools like earlyoom to mitigate it, but the default behavior is insanely bad for a desktop OS. Despite having 32GB of RAM I still run into it occasionally and it drives me nuts.
The more I am using Linux the more I wish I had gone with Fedora for my personal desktop when I was forced to switch from Windows to Linux a couple of months ago (forced by hardware issues with an unused onboard video controller which I can set Linux to fully ignore but sends Windows in an infinite reboot loop).
Don’t get me wrong. Out of the Windows, Mac and Ubuntu machines I have, the Ubuntu one is still my favorite (especially since switching from 20.04 LTS to 20.10) but Fedora is doing things so much more along the lines of what I want.
It’s more cutting edge but still very stable and well tested. It doesn’t force snaps onto me. I’d much rather install flatpak software. And it has a cleaner Gnome interface. Even though I kind of like the Ubuntu sidebar dock, it’s not worth all the other awkward behaviors with Ubuntu trying to override Gnome (for example, the existence of the Ubuntu Software store really annoys me since it doesn’t support Flatpak and simply seems to run a lot worse than the Gnome software store that I also have installed).
Indeed, I think I'm going to make the jump to Fedora from 20.04. Really hard decision too as I've been an Ubuntu guy for the majority of my computing life.
Agree on all points as well - Vanilla GNOME > Unity, Flatpaks > Snaps. The Snap Store is just GNOME Software with some plugins/tweaks FWIW, this is changing (has changed?) soon though. I learned this by investigating a memory leak https://gitlab.gnome.org/GNOME/gnome-software/-/issues/942
Get a good amount of swap on ssd, the default 2GB on most distros is not nearly enough to save you when you really need swapping. IIRC you can even make it sparse to not occupy disk space when you're not using it.
> IIRC you can even make it sparse to not occupy disk space when you're not using it.
While this sounds great, not allocating storage for swap means either you'll have that space unallocated or you won't have any swap because your system is full.
Administrative overhead is simpler though, and sparse files don't have any performance overhead in later kernels (Citation needed, read somewhere on some wiki)
I have a couple of sparse swap files handy for when I know I'll need them.
And it happens with some very specific and predictable use cases.
Usually it's when I need to load some big timeseries csv files from pandas and parse a datetime index. Or when I need to process big images. It's useful to be able to attach some additional swap when you need it and drop it afterwards.
For everyday use I never even exceed 16GBs... Guess everyone has different needs, but there is no way it swaps over 32GB for normal applications, even taking into account overcommitting.
I'm gonna go wild and crazy and assume you work with IT in some way since you're on HN.
How on earth does idle RAM consumption matter to you when a GB of RAM is cheaper than a beer?
I'm not a Windows fan, I don't let Windows control any hardware other than a GPU on any of my systems but i do run it in a VM for gaming. I just don't see the problem, more RAM usage could even be better for performance. It's a useless metric.
I have 40GB RAM (Weird number indeed, 8GB soldered, 1x 32GB stick) in my machine. The problem I have is that even with 2 WDS500G2B0C-00PXH0 NVME in RAID1 it takes awhile for the machine to hibernate and resume from hibernation, It's faster to boot the system cold (but then I don't have state).
I've been reading but never really figured out. Can ZSWAP or ZRAM write compressed to disk somehow too?
>to the point that it makes me completely lose trust that any thought has been put into the human factors of the rest of the system.
This doesn't really make any sense. The issues with the file chooser are known, what's missing are design and development resources to do a redesign. The main problem is actually that the human design effort is being put into the rest of the system and not here; losing trust because of this is somewhat of a self-sabotage that you probably want to avoid.
I can't stand KDE/Plasma for what many would consider a silly reason: I want Confirm/OK/Next actions to be in the lower right side of dialogs, and Cancel/Back in the lower left.
I have a vague memory of this being configurable a long time ago (maybe KDE 3), but this setting disappearing in later versions.
Is it possible to change this in later versions of KDE?
KWin is great, as are Dolphin, the 'System Settings' GUI, and many other KDE applications. But for the life of me I cannot understand the praise of Plasma. It crashes or otherwise breaks regularly for me (for instance, my autohiding panel will sometimes disappear completely, forcing me to kquitapp5/kstart5 plasmashell to get it back) Edit mode is a usability nightmare, I feel like I need to be super careful about where I move my mouse while using it because otherwise it does things I didn't intend with errant mouse hovers. And while it may not be the fault of plasmashell itself, many of the plasmoids are broken, janky, or generally just not very good. While I use KDE, I try to avoid all the plasma stuff as much as possible.
> after decades we're still fighting for 2% of the marketshare
I was using desktop linux for several years and recently switched back to a Mac because of the massive hardware improvements Apple made with its M1 chip.
As much as I loved Linux, it's no longer just a software UX thing. The battery life and speed of the new Macs beats any Linux machine I could have bought for a comparable price.
This is only a temporary thing though. Linux will be made to work on M1 hardware (getting pretty close already) and Intel is already heading in the same direction.
Not trying to take away anything from the amazing Asahi Linux project, but as far as I know it doesn’t include the embedded GPU as of yet — so pretty close may unfortunately be a little bit further away still.
>get a seasoned linux to try MacOS or Windows and you'll recognize weaknesses on the other approaches too.
The tricky part of identifying “weaknesses” coming from and going to any two OSes or desktop environments is figuring out exactly what qualifies as a weakness and what is simply unfamiliar.
Like for example, a lifelong Windows user is probably going to think that anything that’s not the spitting image of a Win9X style desktop is chock full of “weaknesses”, and a diehard tiling WM veteran Linux user is going to see anything not built around tiling as “weak”, when neither is fully true in an objective sense.
This is a bit of a frustration for me as someone who primarily uses macOS but dabbles in Linux: most people haven’t used macOS extensively, and so Mac-style desktops tend to be seen by the individuals who develop DEs as full of “weaknesses”, and as a result there are no Linux DEs that are mac-like beyond the surface. There’s no shortage of Winlike DEs though.
FWIW I've (mostly) moved from Mac to Linux for around a year now & decided on elementary OS which has Mac as a primary influence: https://elementary.io
I don't like everything about it but it has been the most usable/value-aligned Linux distro I've encountered so far.
Sometimes I wish everyone in Linux just came together and worked together in one big kumbaya. Arch it’s rolling release base, with Nix for configuring it, Elementary its UI and UX and pop_OS’s willingness to put users ahead of principle. Top it off with Red Hat backing and Ubuntu popularity and oh baby.
I know I know, strength in diversity. But a man can dream..
I’ve been keeping my eye on that and it will probably come closer than anything else to date, but I’m skeptical that it’ll nail everything so long as it’s using Qt. Much of what makes macOS interesting is rooted in Cocoa, so a good macOS clone is going to have to be built in something that’s a close analogue (if perhaps modernized in some ways) to Cocoa.
graphics drivers alone are in the tens of millions of lines of code (counting both kernel and user mode). there's no way open source community can do that amount of work for free every couple years as long as new hardware is being developed.
this may become the case once hardware is good for 20 years. we aren't there yet, though we're closer than a decade ago. (typing this on an aging 8 year old desktop, which is really due for an upgrade).
The FOSS community depends on contributions from GPU vendors to have their products supported on Linux in a reasonable timeframe. As long as the contributions are released under a FOSS license, the vendors are part of the FOSS community.
Intel provides excellent Linux support for its GPUs through open source drivers,[1] and is about to launch a line of dedicated GPUs in early 2022 with the same level of support.
AMD has provided good support for essential GPU features through its open source Linux driver since 2015,[2] but compute features such as full OpenCL support (for most AMD models) are still locked in its proprietary drivers.[3]
Nvidia's open source Linux driver contributions are minimal, and they've earned a bad reputation for that. The reverse-engineered open source Nouveau driver is an incredible effort, but falls behind Nvidia's proprietary driver in performance and feature support.[4] This is what happens when the hardware vendor doesn't cooperate with the FOSS community.
I've got to agree, nvidia have lost any love I might have had for them, and I'm definitely not going to be buying another product from them any time soon.
I'm still very impressed with the great work the nouveau people are doing to work around nvidia's stubbornness though, so congratulations to them.
So does Intel also include their compute features in the mainline drivers, unlike AMD?
That'd be something to push me towards them when GPUs become available and somewhat reasonably priced again
Intel's compute features are in a separate open source package called Intel Graphics Compute Runtime.[1] Integrated graphics from 2014 (Broadwell) and later are supported. Support for discrete graphics (2020 onward) is in development.[2]
AMD provides an open source OpenCL solution for Linux called ROCm, but the project is too limited to be helpful in many use cases. ROCm supports a total of 6 GPU models, all from previous generations,[3] and does not support GUI-based software applications such as Blender.[4]
It will rise up to 5% if they just fixed their god damn installers.
I've installed Linux tens of times and the gui installers have NEVER left the system in a bootable state, not even when I choose the 'wipe everything' option.
Just a note that linux is ridiculously unsecure in the default daily user mode. You have no sandboxing, everything runs as the same user with the same privileges, etc. Just a rogue app writing a single line of code (with no permission problem at all) to bashrc can basically do whatever it wants on your computer, including screensharing, key logging, encrypting your whole home folder, sending ssh folders to somewhere. The only thing it can’t do is install a goddamn video driver (as per the relevant xkcd comic) — but with keylogging it will see the sudo password sooner or later.
Fortunately, Fedora does have SELinux, which makes it a bit better but a proper sandboxing solution is way overdue (firejail and flatpak are not necessary the best solution, it should be automatic). Like, at least copy what android does on the exact same OS.
I agree completely I don’t care if it’s not mainstream. Desktops are usually gaming computers from what I see in my groups no reason to have Linux on there. Linux is on all the servers, most mobile devices, and I mentioned even Sony cameras run Android.
I don’t see any benefit to Linux on desktop being mainstream. I like that it keeps away a lot of users since making things too easy since they’re unwilling to compile from GitHub is a feature, not a bug. It’s a mostly a programmer OS for programmers.
I find this attitude completely elitist and counter productive. Why shouldn’t Linux be for everybody, usable on every type of device? Why should we need to rely on proprietary software for our day-to-day tasks? Don’t you think there is benefit to this?
I have to agree with the OP. If Linux OS going to be for mainstream users, it will eventually succumb to the same issues that plague proprietary OSes. Like low configurability (gnome is already doing this). Mainstream users want very different things from a computer than we do. And in many cases they don't even want a computer anymore, they'll just use their phone or iPad for everything.
I also don't think the mainstream really care about privacy and control. Most of them are really happy in their walled gardens. As a power user I don't want to 'dumb down' my experience and work towards that, so if they really want it they'll have to buy it from a vendor that does it for them. Most of the big names are trying to get there already (like canonical)
And yes eventually a company will make another walled garden based on Linux but it will suck because of the vendor lock-in, limited access to its internals ("because otherwise we can't support it"), and commercial to subscription services. Basically this is exactly what ChromeOS is already.
Personally I just think that a Linux that's for everyone is simply not Linux as we know and love it anymore.
I think the problem is mostly that mass popularity is sort of at odds with the cowboy attitude of a lot of Linux desktop users. Creating a "standardized experience" like Windows usually means that configurability goes right out the window. It's how you get abominations like dconf or the GNOME music player that won't let you change the directory to read your mp3s from. And a lot of people see things like Wayland this way. Sure, maybe its easier for the average user to have all these formerly separate components like hotkey daemons or screenshot software integrated into one compositor. But why shouldn't I be able to run xbindkeys or sxhkd or whatever hotkey dameon I want? (I know there are reasons for/against, I'm just summarizing the argument.)
Wayland doesn’t prevent you from doing that. It just prevents you from doing that without privilege, because let’s be honest, who thought it was a good idea to let any random program snoop every single keypress?!
>Creating a "standardized experience" like Windows usually means that configurability goes right out the window. It's how you get abominations like dconf or the GNOME music player
I don't understand how you connected these dots and I'd suggest against calling things abominations. You don't have to use dconf or the GNOME music player, those aren't standardized. If someone does like them I think they're perfectly fine, they do exactly what they're advertised to do and nothing more than that. It's also fine if you don't like them, they're just two options from the many configuration databases and media players that you can choose from.
>But why shouldn't I be able to run xbindkeys or sxhkd or whatever hotkey dameon I want?
In some ways you actually can but it depends on the hotkey daemon and how it's implemented. The reason for that is technical, those are implemented with X grabs which are an X11-only API and they have a number of usability and security issues. There are a few key rebinding daemons that use evdev directly so they work with both X11 and Wayland, and also on the console:
But these also do have similar security issues to X key grabs, in that they effectively operate as keyloggers. If you're looking for an API that works purely within Wayland and lets unprivileged clients request key rebinding, that doesn't exist yet. Somebody would need to specify what that API looks like and figure out a good way to make it secure. What would the end goal of the API be, and how could the system (and by extension, the user) tell the difference between a legitimate hotkey daemon and a malicious keylogger? And would it actually be any better than the approach of snooping evdev? I don't know the answer to these questions but you may have more experience with this than I do.
>Why shouldn't Linux be for everybody, usable on every type of device?
It is, but you often have the effort to put into it. Windows isn't usable for everyone, but that doesn't make me elitist, OSX is hard for others, but I don't see that being a problem. Some people can't do everything you do, and there are differences in our abilities. If you expect everything to be easy, and people not willing to put in work to have a functional OS, you should not expect them to use linux, it offers no benefits to most users, its made by hackers to hack on, Android is linux for everyone, and even then they find it hard. Don't expect people to run when they can't crawl.
>Why should we need to rely on proprietary software for our day-to-day tasks?
Because the free stuff sucks, GIMP still sucks. They stuck to having 3 windows open forever, GNOME doesn't like being configured, GTK always breaks stuff, and I just want stuff that "just works". When FOSS does it well like KDE being better than Windows's UI, or Firefox being better than IE6 I will choose it. I don't pick based on their principals, I just want good software, and like most people I am willing to pay for quality. I refuse to use a pinephone out of principal, I refuse to make my life hell.
>FYI, Gimp have a single window mode since about a decade.
I know, I used it recently. They are so bad with the UI I find myself using Krita as a better photoshop replacement.
>I think saying it sucks is just being rude against one of the most amazing foss project of all times and it’s maintainers.
Comparing it to Krita, it is hard to compliment any of it, the UI, the features, the difficulty. Its been 25 years, and lots of FOSS stuff has caught up with paid options, and I see Krita being a photoshop replacement way before GIMP becomes usable.
If you can't pitch it yourself, I don't see the point, the first link is just about paranoia.
Were you ever curious but afraid:
– to click on that link in the email,
– to open that email attachment,
– to go to that shady-looking website,
– to install and run that suspicious program or even a virus,
– to insert that USB stick from someone untrusted?
Wth Qubes you do it all securely in a disposable VM and your personal files are safe. The worst thing which might happen is that the disposable VM breaks.
If the pitch is to make people paranoid to run a new OS they need to learn isolation on, there are way easier ways like running a normal VM, which most people are still not going to understand very well or do.
> If you can't pitch it yourself, I don't see the point
I linked my own text.
Security is one benefit, and I agree that it's not so important for everyone. There are other benefits, as described. A normal VM is much less secure, because the host OS will have the Internet access and you will not benefit from hardware virtualization. It's also less convenient in my opinion. The UX of Qubes is really good.
>Were you ever been concerned about opening your personal email (controlling numerous online accounts) in the same browser where you go to random websites? Actually, even when the browsers are different it can be a problem on a monolithic OS!
Mozilla has containers that people also barely use.
>On Qubes OS, you open those things in separate VMs, isolated with hardware, not software. It’s often better 2 than physical (air-gap) isolation. Recommended by Snowden.
>Are you tired of remembering tens of complicated passwords, or using a password manager? On Qubes OS, you can save all your passwords as plain text (in a dedicated offline VM) and copy them into the necessary fields (in other VMs) whenever needed.
Password managers are fine, why would someone tire of them?
I don't think you are pitching it correctly, if you want to succeed at selling Qubes, remember most people use laptops, the amount of ram required to run Qubes and the battery drain is not worth it for the performance hit. It would be much better to sell it as an OS on a remote computer that uses Xen, there are huge problems like audio quality, slow loading, and I would never recommend it as a mobile device OS. Most of the benefits are done with less resource intense methods, and learning a new OS for most of these features and mainly drawbacks is not a good pitch. I think it would be great on a remote device with your computer as a thin client, but it has very little day to day practical use.
> Mozilla has containers that people also barely use.
Does this mean that nobody needs security or privacy? It just means that it's too hard to use (not transparent to users) and probably that most users do not recognize the dangers.
> Password managers are fine, why would someone tire of them?
Well, at least for me plain text file looks quite a bit easier to manage. Thank you for the feedback, I will try to improve that.
The performance hit mostly comes from the lack of GPU acceleration. RAM is getting cheaper and more available with time. My laptop has 32 GB. Battery drain could be worth the added security and organization of the workflows. It is for me. I did not notice any problems with the audio quality.
> It would be much better to sell it as an OS on a remote computer that uses Xen
I am not sure what you mean here. Could you elaborate the use case? By giving the remote access to dom0 you are practically breaking the whole security model of Qubes. Although it is possible.
> Most of the benefits are done with less resource intense methods
It's a huge difference. When was the last time someone escaped VT-d virtualization?
> and learning a new OS for most of these features and mainly drawbacks is not a good pitch
Actually you do not need to learn anything serious unless you need some advanced things. Qubes relies on Linux VMs, and you just use all their apps and stuff. This could probably be another pitch point.
>According to your own link, these XSAs do not affect Qubes 4.0
Yes its been updated since, but the point is its still PCI linked, which you probably use.
>Does this mean that nobody needs security or privacy? It just means that it's too hard to use (not transparent to users) and probably that most users do not recognize the dangers.
It means that this is overkill, and even when its easier to use its still not being utilized.
>The performance hit mostly comes from the lack of GPU acceleration. RAM is getting cheaper and more available with time. My laptop has 32 GB. Battery drain could be worth the added security and organization of the workflows. It is for me. I did not notice any problems with the audio quality.
Needing to buy 32GB of ram to run an OS on a laptop that works fine now isn't a selling point, I had tons of crackling.
>I am not sure what you mean here. Could you elaborate the use case? By giving the remote access to dom0 you are practically breaking the whole security model of Qubes. Although it is possible.
It would be better as a server OS you VNC into.
>It's a huge difference. When was the last time someone escaped VT-d virtualization?
In the real world, it doesn't matter, its a nuclear bomb shelter, I would rather build a house with a fancy kitchen for cheaper.
>Actually you do not need to learn anything serious unless you need some advanced things. Qubes relies on Linux VMs, and you just use all their apps and stuff. This could probably be another pitch point.
It isn't easy to get used to the isolation of all instances especially if you use more than one computer, and other people's computers.
The pitch is that your computer is more secure (from what real world threats?) at the cost of huge battery drain, going from needing 8GB comfortably to 32GB, slower from PVH that gives problems like no GPU acceleration, while its still running insecure backdoors like Intel ME, or AMD PSP, which are far more dangerous.
> while its still running insecure backdoors like Intel ME, or AMD PSP, which are far more dangerous
My computer has disabled and neutralized Intel ME.
Qubes PVH virtualization has no practical effect on performance. Qubes works great for me for everything that a non-sophisticated user would want, except games. RAM is cheap.
> (from what real world threats?)
Any serious privilege escalation which happen every month on all other systems.
>My computer has disabled and neutralized Intel ME.
So why don't you make that the top priority before Qubes? Isn't it essential to make sure every user of Qubes does the same? Locking the screen door without locking the front door isn't at all secure. Do you expect the people worried about an email to flash the BIOS with an clip connected to their Pi or Arduino they programmed first? Its a sales pitch that ignores bigger issues. Most people from that pitch if convinced will have a false sense of security when the real threat is an ever present backdoor that can be hacked.
>Qubes PVH virtualization has no practical effect on performance. Qubes works great for me for everything that a non-sophisticated user would want, except games. RAM is cheap.
People like to play games, not everyone has removable ram or multiple slots, and if it has no practical performance effect, what computer do you have? I bet your computer isn't a generic dual core that most people have. You said it has no GPU acceleration, which a lot of browsers use, so it wiil be much slower for most people.
>Any serious privilege escalation which happen every month on all other systems.
Again, what real world threats? You say serious, but these threats are not serious, if they were, you wouldn't need to convince anyone to use qubes. There are not real issues, BSD servers that don't update or reboot for years wouldn't exist if there were actually any serious threats. Windows has automatic updates, Linux has quick patching, OSX had a bunch of RCEs corrected and no hacks. You fail to name a single concrete threat. Its cool if you want to run a bunch of VMs, but on a laptop that you need 32GB of ram, that depletes battery life more, and for some vague "serious privilege escalation"? Its a hard sell, better to suggest it as a remote desktop that you can control with a thin client.
Yes, it would be ideal to have everything open and controllable. However you need to take into account the bitter reality and go step by step. Are you aware of any possibility of remote access with Intel ME? I'm not. See also: https://forum.qubes-os.org/t/intel-me-real-threat-for-ordina....
> Do you expect the people worried about an email to flash the BIOS with an clip connected to their Pi or Arduino they programmed first?
I did not do it myself and I don't expect that people will do it, too. I bought my Librem 15 as it is, and recommend to everyone. (It's not sold anymore, Librem 14 replaced it.) See also recommended computers: https://forum.qubes-os.org/t/community-recommended-computers.
> I bet your computer isn't a generic dual core that most people have.
It's actually dual-core i7-6500U.
> People like to play games
Sure. These people unfortunately are not the target audience of Qubes, unless they are ready to do GPU passthrough (which has been shown to work).
> not everyone has removable ram
So what? Do you suggest to give up? People who are aware of dangers of the Internet could choose their next machine to be compatible with Qubes and allowing more security and control.
> You said it has no GPU acceleration, which a lot of browsers use, so it wiil be much slower for most people.
Bloated websites are slow, almost independently on what machine you have. User-friendly websites work flawlessly for me. Youtube works fine.
> but these threats are not serious, if they were, you wouldn't need to convince anyone to use qubes.
Are you implying that every person knows everything about their threats and makes perfectly logical decisions? This is not a game with complete information: https://en.wikipedia.org/wiki/Complete_information. People need security even if they do not realize it yet (until their data is leaked, which happens very often nowadays).
> BSD servers that don't update or reboot for years wouldn't exist if there were actually any serious threats
I don't see the logic here. There are millions of hacked servers in the world used for spam and DDoS attacks. Where do you think they come from? (hint: not just from IoT devices)
> Windows has automatic updates, Linux has quick patching
Before it is patched, you are vulnerable. It's called a "zero-day vulnerability". And you are typically not aware of it when it happens. Also, vulnerabilities in browsers are also numerous and frequent.
> better to suggest it as a remote desktop that you can control with a thin client
I don't get it. You are going to connect to a "secure" server from an insecure machine with full access. Do you expect that your server stays secure after that?
You also did not mention that Qubes defends you from simply broken software which you sometimes have to install, which could make your system unstable.
> but on a laptop that you need 32GB of ram, that depletes battery life more
Are you aware that a lot of people today are using a laptop as their desktop home computer? I do.
Also, note that I'm not trying to literally sell anything. I'm just a happy Qubes user and I think that more people deserve better security for their computing.
I see pitching as sales. Yes, I think qubesOS is perfect for people who worry about privacy, opening emails, still want a PC over a tablet or phone, do not have Intel ME/AMD PSP and will spend much more for lesser hardware to purchase one without or are willing to do so themselves, do not play games, battery life not as important, have an i7 with expandable ram up to 32GB, do not install patches often, and are willing to isolate their programs in VMs.
>Are you aware that a lot of people today are using a laptop as their desktop home computer? I do.
False, most are using mobile like phones and tablets as their main computer, desktops and laptops have declined for over a decade.
>I don't get it. You are going to connect to a "secure" server from an insecure machine with full access. Do you expect that your server stays secure after that?
Lots of ifs, like if I installed a hardware keylogger onto your computer.
>I don't get it. You are going to connect to a "secure" server from an insecure machine with full access. Do you expect that your server stays secure after that?
Yes, XEN and hardware virtualization keeps it all safe. VMs like those on Qubes work the same way. Most laptops don't have good virtualization hardware, expandable ram, or decent processors. Connecting to a server doesn't compromise it in any real world scenarios, the same way if I remote access your laptop through mine, root ssh is not common, and you'll have it isolated in a VM anyway won't you?
Not that progress hasn't happened. Quite on the contrary. Linux on the desktop experience nowadays is VASTLY superior to even 5 years ago. Of course, users from other camps will complain of features that have been lacking for many years (thumbnails in the file picker!) but alternatives aren't without their problems either: get a seasoned linux to try MacOS or Windows and you'll recognize weaknesses on the other approaches too.
For me, linux on the desktop has been ready for a long time. I don't care if the market share is still in the single digits if it is good enough for me. Since I like the freedom, privacy, security and (yes) ease of use of desktop linux and do not depend on non-multiplatform software and services, there's just no better OS for me. Not everybody has this choice though.
So, linux on the desktop not being popular is not a problem. If it continues popular enough not to be ignored by hardware vendors and service providers, everything else will continue to improve over time.