It’s usable and the security benefits are definitely important when working with multiple security domains (separate clients each with their own confidential data and third-party dependencies, where you don’t want one client’s malicious NPM dependency affecting the other).
However, there are cons. It’s only really usable in a stationary environment; it completely kills battery life and even basic tasks such as (non-HD) video display maxes out a single CPU core so it’s just not worth trying on a laptop. Hibernation doesn’t seem to be supported by default which becomes risky when combined with the extreme power usage.
The other problem is memory. I have to decide to between Signal Desktop and development sometimes.
But it's my main machine for what I care. I love the peace of mind running random things if the need comes up. For more intensive stuff, media games etc, I have a previous machine running Ubuntu.
I still wonder why kernels can't just handle this properly.
I've seen it in both Windows and Linux systems, something takes all the CPU or I/O or RAM, and the UI is so starved that you can't kill it.
Shouldn't that already be handled by things like virtual memory, and the kernel scheduler? Why do modern OSes, that have to protect against such complicated attacks like Spectre, struggle to do what the very first multi-tasking kernels promised before I was born?
Only laptops so far, with 4+ cores and 32+GB RAM and 500G+ disk.
It was working fine on my Lenovo T470p, and it runs pretty sweet on Lenovo P14s. Except that suspend is not working. ( Hopefully is resolved soon ).
It's always a problem with battery, but with suspend working fine it's quite easy to get a solid 30 days uptime even though you move around. ~3h runtime with ~10 vms running.
I wouldn't say it's perfect, but I wouldn't choose anything else if I would do it all over. Totally worth the extreme learning curve ;-)
>The magic SysRq key is a key combination understood by the Linux kernel, which allows the user to perform various low-level commands regardless of the system's state. It is often used to recover from freezes, or to reboot a computer without corrupting the filesystem.[1] Its effect is similar to the computer's hardware reset button (or power switch) but with many more options and much more control.
There is mlockall() but it's a loaded footgun by default, and is rlimit-ed by default because it's not something you want users on a multiuser system to be able to do willy-nilly.
My collegue actually runs on 16G, but he has to consider memory when starting a VM, but it's doable.
You can run on 8G, but it wouldn't be a good daily driver. But maybe if you have a very specific purpose?
24G+ is comfortable. I'm currently at 48G and have 43G "mapped" to VMs. It's very easy to use a lot of RAM!
edit: maybe i'm being a bit optimistic for sys-net, which is the vm hosting the driver for the network card: these drivers are included in the linux tree and would need to be extracted and packaged into an unikernel. But for every non-driver vm it "should be easy" to get an unikernel implementation (drivers for paravirtual devices are easy to write).
Linux has many and a set of low level responses to keybondings that must remain responsive that don't have a UI nor ability to kill individual applications.
To be fair in current systems Linux UIs normally remain responsive until memory exhaustion which is handled very badly. You will probably reboot before the oom killer assassinates the offender. The fix is a user space daemon like earlyoom which activates at a configurable level and targeting rather than absolute exhaustion when even killing the offender is challenging and usage has been hard for tens of minutes.
You or your environment can also set your UI process to a higher priority as far as processing and io.
If your UI doesn't remain responsive it's because your distro isn't using existing tools to achieve this.
Now you can't find that kind of computer with swappable batteries anymore and I have work in 3D to do, I don't trust Intel anymore and try to buy AMD, so I'm stuck with windows haha how time have changed.
I'd buy another box capable of running this if I needed a VM lab type setup again. Very cool for that.