@rysiek@mastodon.technology I'm a big fan of the Qubes separation model, less of a fan of the "run heavy weight Linux installations in each VM" model. It seems like there should be a modern design using KVM and a lightweight immutable control domain, a video domain with GPU pass through, and firecracker/unikernels for the various helper VMs.