Whats up everyone, it’s been a while.
I have been using QubesOS for a bit. For a few years I have been aware with their existence and their reputation as a ‘reasonably secure’ operating system. During a huge paranoid phase I had while I was in College I never got into using Qubes as I thought it would be too difficult and my PC to be too weak…
I was using a ThinkPad X230… turns out they are quite popular to run on Qubes, whoops! I had been using the Librebooted ThinkPad X200 for a while, which is still an excellent laptop in terms of Linux and free software performance and privacy. However a Librebooted X200 cannot be the best for security and is still just a niche for many reasons1.
My X230 has an i7-3520M, 16GB RAM, the UltraBase dock and a 9-cell battery. The 16GB RAM is needed for Qubes as it is a demanding operating system. The X230 is not the best laptop for performance but in my personal opinion The X230 is the best laptop to run Qubes on.
While the X230 is an old laptop, yes, but the older processor is more than sufficient to run with Qubes. It supports 16GB of RAM, the recommended amount, with an SSD running Qubes becomes more than good enough. You will not be running demanding software like video games for an operating system like this so the device speficiations should not be your largest priority.
In my personal opinion the aftermarket repair support for the X230 is incredible, you can find parts, batteries, screens and tons of info about mods for them. The X230 is a solid example of the reputation classic ThinkPads get for being sustainable devices. My X230 runs as good as new today and I had to replace a battery and a keyboard once in it’s lifetime. Most new laptops could never these days and it is such a shame.2
What’s more, ThinkPad X230’s can have their boot firmware flashed with open-source replacements like Coreboot, osboot, and heads3.Their prebuilt hardware can be replaced with free driver supported hardware like wifi cards very easily. These capabilities enhance the security and privacy of the device. While newer laptops may have greater specs, the support for flashable boot firmware is quite limited.
Almost all of the only few of the Qubes certified hardware are modified X230’s. The NitroPad X230 and the PrivacyBeast X230 are Qubes certified hardware with open-source boot firmware with removed mic/webcam. These devices are some of the highest security options but quite expensive. If you have the skills and the know-how I imagine you can do it for cheap.
If you don’t like the small size for the X230 for any reason… you can also get a ThinkPad T430, consider them a larger model of the X230! Now I have explained my device, I will go through my experience with Qubes.
Over the past few months, I have been pretty impressed with Qubes and most of my problems came with the installer although it was probably my own error. I put the Qubes installer onto a USB stick but I was unable to select installing Whonix on the USB, and the OS failed to boot. Reinstalling Qubes on a USB fixed this and I was also able to select installing Whonix on the Qubes installer.
That being said, post-install my experience with Qubes has been good overall. In fact I consider Qubes to be friendly compared to some other distributions out there. For a while I had a dead CMOS battery for my X230 meaning the clock would reset, this would make any connections impossible as they all went through Tor and I was able to fix this by doing ‘qvm-sync-clock’ in dom0 terminal. Little solutions for random problems like that go a long way.
I also love the customisation aspect of Qubes, colouring Qube windows, customizing window style etc, I know its prevalent for all distros to have this type of customization but a lot of security operating systems keep the features minimal. Because of how VMs work I can also be quite creative with what I do in these VMs.
I am writing brett.icu posts on the Vault VM, with Hugo installed on the template VM, this means I am editing my site completely offline, I am then using a disposable Tor routed VM to upload this site when I am finished. I do most of the online work on a Whonix VM through Tor otherwise.
In the future I would really like to go all-in on my X230. USB-C, IPS Display, X220 keyboard, external antenna seems the most interesting to me so far, I’ll see how the future takes me…
Devices like these focus on free software so much that they will sacrifice security for it. A good example is Replicant, the free-software Android operating system that only supports out of date phones, on an out of date Android version with little to no features due to hardware drivers not being free. ↩︎
Framework is a good modern laptop. ↩︎
Libreboot is a no-go, proprietary drivers needed, for more info on certified hardware see https://www.qubes-os.org/doc/certified-hardware/. ↩︎