I find Qubes OS ("A reasonably Secure Operating System") very interesting. Not only as a general proof of concept of what Information Tech could have looked like if designed otherwise from the start, but also -especially- in the context of today's third party risk: compromised package dependencies if you're a developer; malware in documents if you receive and open files locally; phishing if you're, well, anyone, privacy-stealing ads when browsing, and so on.

In our world where most PC owners typically perform dozens and dozens of completely independant tasks (gaming, emailing, banking, streaming, doom scrolling, online buying, web browsing, maybe working even) from a single machine, the current attack surface is enormous and, consequently, the benefits of turning that single machine into dozens of contextual yet independant VMs around a stripped down secure kernel have always appealed to me.

However, searching through HN posts and comments I can't find much (if any) discussion about Qubes OS or its vision, even in the numerous recent threads where people here lament constant data leaks, compromised NPM packages stealing API keys, fake hiring agencies that manipulate you into installing a RAT as part of the process, IA-generated video phishing, etc.

Curious to know more about why that is; surely in 13 years many on Hacker News have heard of Qubes. So why isn't usage of VM isolation in general and of Qubes OS in particular more discussed and more prevalent outside of cybersec and related fields (incident response, offense, malware analysis, activism).

Is there a particular bias against the team or the project? Is it so difficult to use not even HN technophiles even try?