I've toyed with using 3.x as a daily driver, lately. From a non-security perspective, it works great at helping me compartmentalize my life, and that's the main reason that I like it. From a security perspective . . . I mean, it goes without saying. I'm way more of a Debian and VMware person, and I'm definitely cutting my teeth on Fedora and Xen, so please excuse my ignorance of them.
The thing that's keeping me from using Qubes regularly is that it is so resource-hungry. I understand why and that many of these reasons are security considerations. I have a M6800 laptop with 16GB of RAM, so I've got plenty of power. However, it pains me to see an AppVM running a single instance of Firefox eating up just under 4GB of RAM. Yes, much of that is the fault of the application developer, but some of it is also overhead needed to provide the high degree of isolation and security that exists in Qubes.
I've searched around for "performance tuning" guides for Qubes, but I haven't been able to find any. Does one exist, or is it possible to start to put something together? By "performance tuning," I even mean potentially changing settings that may include the sacrifice of some security for added performance and resource handling. I know, I know - that goes against everything that the project stands for. I used to work on the pen testing team at a Fortune 10 company, I understand why Qubes works the way it does, so hear me out. Some people (like myself) have different use cases, understand the risks, and are willing to give a little to gain a little. Much like rooting a phone, enabling "unknown sources"/USB debugging on Android, or even typing "sudo" at the command prompt, many power users are willing to take the risk because they know what they are doing.
Beyond just making a list, it would be nice to eventually make such settings available in the GUI. Add a checkbox somewhere to allow full-screen playback, but give a disclaimer to the user (again, just like enabling unknown sources on Android gives a warning). Have options to tune Xen's resource management, but make the user aware of what they are wishing to do. I'm not saying give checkboxes to do things like connecting dom0 to the network, but having options to decrease resource isolation from VM to VM would be great for those who prefer a little more performance over absolute security.
Thoughts?
First, I was just using the full screen thing as an easy example because it's something that I /know/ can be modified. I didn't want to suggest something that isn't an option since I'm a Xen noob.
With that said, I'll pose some options as a Xen/Qubes noob. Doesn't Qubes isolate memory and vCPUs between VMs instead of allowing for shared resources (which I believe is something that Xen does)? Things like that is what I'm after, I suppose.
I'm sure you're sick of hearing it, but man, I really wish my FirePro card had support under Qubes or that I could "sneaker-net" the appropriate drivers into dom0. ;)