Do you isolate different aspects of your computer activities to improve security?
For example, if you install a game on Steam, the creator of that game now has full access to all your personal files, which might not be the most ideal of situations.
The same goes for any other software of course. That NPM library you just installed? Well, it can copy your SSH keys, and so on.
@loke I use 'firejail' in Linux for Firefox, and snap does it for Chromium, both utilize the kernel container system (aka namespace isolation). Any programs which requires internet to function. Sure, VM isolation is safer, I use that for anything Windows related, but also takes a lot more RAM to run practically.
@modrobert VM's does use more memory, which is something Qubes OS obviously also suffer from. A Qubes OS system is note really usable unless you have 16 GB RAM, and you definitely want more than that.
@loke Yes, I contacted Qubes OS, specifically Joanna Rutkowska (founder) several years ago because it looked so promising except that they rely on rpm packages and updates which could compromise everything, and eventually it did: https://www.qubes-os.org/news/2021/03/19/qsb-067/
@loke Found the tweet to Joanna (QubesOS founder) from 2016, no mention of RPM there specifically (might have done that via email), but the dom0 update part: https://twitter.com/modrobert/status/793406741925007360