that said, ive used the gimp, watched movies, even toyed with video editing on a 6 year old laptop running qubes 3.2rc3. also played a bit with blender and it seems fine, but havent tried animating yet.
if your primary purpose is art/media i would not use qubes. maybe its ok if thats 2d / light3d. i think video editing should be fine, but id be iffy about high res compositing.
in the mean time, you can take a few ideas from qubes. i use vmware-fusion(virtualbox does not support nested virtualization) on my work computer, a macbookpro. all my work is done within virtual machines, most of which run linux. one runs os x, and i also have a vagrantbox of os x for development. all of them are generated with packer and controlled with ansible.
theres a special vm called "canary" that gets all the usb devices. it would also be possible to make a network vm to further isolate os x. (you can download updates offline) another special vm is called "vault". the only difference is the script types into the target vm instead of paste, because you can use firejail to protect apps from reading each others keystrokes, by giving all the apps their own x server. clipboard and fileshare is disabled in all the VMs, but i still dont want different apps within a vm reading each others keystrokes.
if your going this route, lookup sandbox for os x or firejail for linux. linux + kvm would be better than this vmware nonsense. i plan on trying that with fedora 25.
Other point are, however, accidental interferences with lockscreen. For example, I sometimes see Thunderbird popup on the lockscreen. I don't consider Thunderbird to be a malicious app (if it was, it would probably send my emails via Internet, which would be more practical), but it still leaks few information. There are also some complaints by other users, see discussions about Physlock (which might be also a way to address these problem).
Video drivers AFAIK differ in those three versions:
3.0 seems to have Fedora 20 drivers
3.1 has some updated drivers, despite being based on Fedora 20
3.2 is based on Fedora 23
However, I can see little-to-no benefits of Wayland for Qubes:
In dom0, it might be some differences in GPU support. This is probably the main (dis)advantage at the moment. I believe that Wayland will come there when dom0 (or maybe GUIVM in future) is upgraded to corresponding version of Fedora. It will probably require some changes to some scripts and patches for Xfwm. KWin patches seem to be X11-agnostic.
In domU (AppVMs), I don't see any difference except having to port GUI forwarding mechanism.
Non-advantages or dubious avdantages in Qubes:
Acceleration support:
In dom0, GPU acceleration seems to be mostly supported today. Moreover, it does not seem to be needed much there, because it would be used mostly (and maybe only) for Window manager effects if enabled.
In domU, there is a different issue with graphic acceleration: it is not supported by Qubes at all, for security reasons. There might be some progress in the future (probably either second GPU pass-through or Intel HW GPU virtualization), but none of them seems to be connected to X11/Wayland dilema.
Security: Qubes brings a different isolation approach. Well, Wayland might make some intra-VM attacks more difficult, but it would be probably much work to make some reasonable mitigation.
A side note on firejail: I don't consider this as a true sandbox. It might be an useful tool for hardening against less severe exploits or some mitigation technique against firejail-unaware attackers, but an untrusted or RCEd application with firejail-aware attacker seems to be able to escape the "sandbox" by many ways. At least unless a very restrictive (non-default) policy is applied.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/TyRFlTQnLeg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32659041-852c-4e77-88d8-b1b6495b8e27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.