Qubes top priorities suggestions for me as an user.

[juri...@gmail.com]

1) qubes is a system for security and isolation. But when you install, you have no encryption options.
distros thinks that if a user wants some strong crypto thing, they must research themselves and do all manually. We dont even find nothing about qubes encryption in docs. That is wrong. First thing we must do out-of-the-box is to offer strong full disk encryption, like veracrypt ones, with options, iteractions, etc., and inform the user about that. Even tails for just a live browser with storage capability does that. Even distros like PARTED MAGIC for managing partitions now come with veracrypt installed as default in live-cds. To me, Qubes is neglecting what the user wants to read and do in encryption aspects.

I usually use mint strong encryption. But even that i must do manually. Imagine ALL users trying to do this on their own. They wont. i use appendix A configs from links below, much stronger.

https://community.linuxmint.com/tutorial/view/2026 (bios)
https://community.linuxmint.com/tutorial/view/2061 (uefi)

2) Qubes face 2 problems nowadays for engaging new users with real security.

a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for people that has WINDOWS and GAMES also, a good GPU, and wont waste their machine on a UNIQUE linux system at least without dual boot.

b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, network, etc, and people are suspicious amd too. But most consumers are from nvidia. nvidia now spy on hardware level. Does not matter the system security.

The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high end computers can use windows for what they need and even play games. Plus, if you do use nvidia in dom-0, they WILL capture the screen on hardware level. Nouveau is not working right for a long time. Onboard or gpu 1 for dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2 monitors, it can change the vga adapter from 1 to other to use windows after starting the vm. that would be perfect.

So we give a finger to nvidia and the drivers problems they cause, and we isolate their spying inside windows vm, plus eliminating the need for a dual boot and for everyone not using their gaming gpus.

So, XEN is not good for that? consider passing to KVM.

- To create a real secure isolation OS, it`s primal to ensure best disk encryption avaliable, with CHOICE for speed/security, eliminate the windows host multi boot needs, and make good use and usability for windows and gpus. You will reach that when you direct the efforts to adapting the system for what the global user WANTS AND NEEDS, and not adapting the user to the system that 1 person in 1 chair dream for its personal needs. Ubuntu did not follow this lesson with their unity thing and they paid the price.

3) Consider offering PFSENSE as optional firewall vm installed out of the box. It`s very hard and time consuming to do that inside qubes system without studying all, for managing internal ip structure etc. It is the most perfect firewall for use inside a VM, qubes is a system for VMs, and i did use it even inside windows in virtualbox. But i was in WINDOWS, and that means, no real security at all.

I would like also to give 2 more suggestions for people to considerate, concerning whonix, since patrick is a developer here:

4) People need a pop-up window to explain them to NEVER use an existing normal vm trough the whonix proxy vm, just NEW ONES. Because they have already fingerprints, identifiers, browser behavior, browser plugins identification, aplication updates, specially in windows. If they connect that with once used real wan IP, game over for anonymity.

5) i will use this post to state that tor behaves differently to connect in windows tor browser, or linux tor browser, compared to whonix, and i dont know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get this behavior for almost 2 years, and i dont have the expertize to know why. after some googling, i saw i am not the only one getting different special routes in tor using whonix.

Sorry for my bad english, is not my main language, i hope people can understand what i wrote. And forgive me if i wrote stupid things.

[Franz]

On Tue, Jul 5, 2016 at 2:46 AM, <juri...@gmail.com> wrote:

1) qubes is a system for security and isolation. But when you install, you have no encryption options.
distros thinks that if a user wants some strong crypto thing, they must research themselves and do all manually. We dont even find nothing about qubes encryption in docs. That is wrong. First thing we must do out-of-the-box is to offer strong full disk encryption, like veracrypt ones, with options, iteractions, etc., and inform the user about that. Even tails for just a live browser with storage capability does that. Even distros like PARTED MAGIC for managing partitions now come with veracrypt installed as default in live-cds. To me, Qubes is neglecting what the user wants to read and do in encryption aspects.

I usually use mint strong encryption. But even that i must do manually. Imagine ALL users trying to do this on their own. They wont. i use appendix A configs from links below, much stronger.

https://community.linuxmint.com/tutorial/view/2026 (bios)
https://community.linuxmint.com/tutorial/view/2061 (uefi)

2) Qubes face 2 problems nowadays for engaging new users with real security.

a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for people that has WINDOWS and GAMES also, a good GPU, and wont waste their machine on a UNIQUE linux system at least without dual boot.

b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, network, etc, and people are suspicious amd too. But most consumers are from nvidia. nvidia now spy on hardware level. Does not matter the system security.

The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high end computers can use windows for what they need and even play games. Plus, if you do use nvidia in dom-0, they WILL capture the screen on hardware level. Nouveau is not working right for a long time. Onboard or gpu 1 for dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2 monitors, it can change the vga adapter from 1 to other to use windows after starting the vm. that would be perfect.

So we give a finger to nvidia and the drivers problems they cause, and we isolate their spying inside windows vm, plus eliminating the need for a dual boot and for everyone not using their gaming gpus.

So, XEN is not good for that? consider passing to KVM.

- To create a real secure isolation OS, it`s primal to ensure best disk encryption avaliable, with CHOICE for speed/security, eliminate the windows host multi boot needs, and make good use and usability for windows and gpus. You will reach that when you direct the efforts to adapting the system for what the global user WANTS AND NEEDS, and not adapting the user to the system that 1 person in 1 chair dream for its personal needs. Ubuntu did not follow this lesson with their unity thing and they paid the price.

I fully agree with the idea of respecting user needs, but why do you think gamers are really interested in strong security? Only because they spend money for expensive computers?  It seems a poor motivation for me. Gamers may just spend money to play games as fast as possible and with less problems as possible and any virtualization system lowers the speed and creates problems for its very nature. Specially using Windows. IMHO gaming and serious security go in opposite directions because the users are different and there is no point trying to unify that in a single machine, specially a laptop which most Qubes users have. It is too difficult or impossible and Qubes developers resources are limited.

3) Consider offering PFSENSE as optional firewall vm installed out of the box. It`s very hard and time consuming to do that inside qubes system without studying all, for managing internal ip structure etc. It is the most perfect firewall for use inside a VM, qubes is a system for VMs, and i did use it even inside windows in virtualbox. But i was in WINDOWS, and that means, no real security at all.

I would like also to give 2 more suggestions for people to considerate, concerning whonix, since patrick is a developer here:

4) People need a pop-up window to explain them to NEVER use an existing normal vm trough the whonix proxy vm, just NEW ONES. Because they have already fingerprints, identifiers, browser behavior, browser plugins identification, aplication updates, specially in windows. If they connect that with once used real wan IP, game over for anonymity.

5) i will use this post to state that tor behaves differently to connect in windows tor browser, or linux tor browser, compared to whonix, and i dont know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get this behavior for almost 2 years, and i dont have the expertize to know why. after some googling, i saw i am not the only one getting different special routes in tor using whonix.

Sorry for my bad english, is not my main language, i hope people can understand what i wrote. And forgive me if i wrote stupid things.

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8efb8d91-de6b-4a6d-b215-65bca333a81f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Jul 04, 2016 at 10:46:52PM -0700, juri...@gmail.com wrote:
> 1) qubes is a system for security and isolation. But when you install, you have no encryption options.

Full disk encryption is enabled in default installation option.

> 2) Qubes face 2 problems nowadays for engaging new users with real security.
>
> a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for people that has WINDOWS and GAMES also, a good GPU, and wont waste their machine on a UNIQUE linux system at least without dual boot.
>
> b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, network, etc, and people are suspicious amd too. But most consumers are from nvidia. nvidia now spy on hardware level. Does not matter the system security.
>
> The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high end computers can use windows for what they need and even play games. Plus, if you do use nvidia in dom-0, they WILL capture the screen on hardware level. Nouveau is not working right for a long time. Onboard or gpu 1 for dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2 monitors, it can change the vga adapter from 1 to other to use windows after starting the vm. that would be perfect.
>
> So we give a finger to nvidia and the drivers problems they cause, and we isolate their spying inside windows vm, plus eliminating the need for a dual boot and for everyone not using their gaming gpus.

This was discussed many times, so search the archive for more detailed
answer. In short: GPU will always be able to see the screen content -
this is what GPU does. Having GPU passthrough done securely (for example
without increasing dom0 attack surface by launching qemu there) is quite
hard because GPUs use a lot of non standard tricks and hacks in addition
to standard PCI operation.

Implementing this is on our roadmap, but it is hard and will take time.

> So, XEN is not good for that? consider passing to KVM.

This is exactly what would expose dom0 ("host") for huge attack
surface from qemu...

> 3) Consider offering PFSENSE as optional firewall vm installed out of the box. It`s very hard and time consuming to do that inside qubes system without studying all, for managing internal ip structure etc. It is the most perfect firewall for use inside a VM, qubes is a system for VMs, and i did use it even inside windows in virtualbox. But i was in WINDOWS, and that means, no real security at all.

Feel free to send patches...

> I would like also to give 2 more suggestions for people to considerate, concerning whonix, since patrick is a developer here:
>
> 4) People need a pop-up window to explain them to NEVER use an existing normal vm trough the whonix proxy vm, just NEW ONES. Because they have already fingerprints, identifiers, browser behavior, browser plugins identification, aplication updates, specially in windows. If they connect that with once used real wan IP, game over for anonymity.

It depends on use case - you may want to use tor not only for anonymity,
but also to just hide your traffic from just your local ISP (public wifi
etc). In that case it's fine to use existing VMs.

But yes, for anonymity new VMs should be used. I think this is already
covered in Whonix documentation.

> 5) i will use this post to state that tor behaves differently to connect in windows tor browser, or linux tor browser, compared to whonix, and i dont know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get this behavior for almost 2 years, and i dont have the expertize to know why. after some googling, i saw i am not the only one getting different special routes in tor using whonix.

Strange, I haven't noticed such effect.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXe3NFAAoJENuP0xzK19csiAMH/1gfCmbwIyfMh4TfvbmWADsE
05rB9xXivGvDRCAddAB08LuycAzZxA4mPggrhlR4aaunbwupDUJGwU0sNBHmLTHy
djpPunx3NRqJCPHQe8p5oqHBLpwGivld+p1mgZnfkl3O1LRzNRCGHG8EB708b+SX
o0gmPdOvXvVdzQeKBMhzENUqgtY2uaGl7FZosP9KJsQdpwdFDrawS26q3RDBppvf
uIj5gl5k9CzSU9nswCsGuW+F6NrJ/3itp2ueRiF8K+RSjUeAXwXEJHgtaICjad46
DNyuM6rWe3rAJQUYf+lf3RXzk10qZ13DTWR4Gf3S+y1y/sAoZAQyhKg/hTdFUwE=
=tuBS
-----END PGP SIGNATURE-----

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-07-04 22:46, juri...@gmail.com wrote:
> 1) qubes is a system for security and isolation. But when you
> install, you have no encryption options.

Qubes uses full disk enryption by default:

https://www.qubes-os.org/doc/user-faq/#does-qubes-use-full-
disk-encryption-fde

> distros thinks that if a user wants some strong crypto thing, they
> must research themselves and do all manually. We dont even find
> nothing about qubes encryption in docs. That is wrong.

I added this page to our docs a week ago:

https://www.qubes-os.org/doc/encryption-config/

> [...]

>
> 5) i will use this post to state that tor behaves differently to
> connect in windows tor browser, or linux tor browser, compared to
> whonix, and i dont know why. Whonix gets always same speed, 250 to
> 500 Kbps, (not KBps) with speed of 30 to 60 kB/s of downloads, and
> in tor browser outside whonix, i get 500 to 1 Mb kB/s downloads.
> Thats really strange and wasn`t expected. I get this behavior for
> almost 2 years, and i dont have the expertize to know why. after
> some googling, i saw i am not the only one getting different
> special routes in tor using whonix.
>

This sounds like something that should be reported to the Tor project
or Whonix.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXe4O8AAoJENtN07w5UDAwVKgP/i1oNbYm7iPRscBw6bk+m5VC
QJvwPbvXefMq2TBRMCI+J/K/pviRl+OKTXtpEuurq6HOg2fIlGx8H25H4JGIcf0W
rFREbHo4SLiDIDH3fySzaRGp8SawTwf4ejIlMajRjbBIUzbUhveXC1o3n6jJP9s/
UkuH34xT0cUIitfhMIXlgLmZsDrConvkm+0ExCTFVXZnUS4Jz96tTkCVerTBuVei
C85OsqqJBN7guTq79iqMq/XE1r6kho0qF5qaX02MN6/M9NLRslGNI9AXjKoBKxAr
YPi6t3S2BbglCJuMzQvABNu2UXaTr3k8qSZI/sLbYf+XbIRSeiD21dDEKkLPoW12
MHrU1GwIex6SDlMfPDlxJ9FLNKDgDHr+LfF7yAOHKWEzoNjChcJtKutLK7zh28MG
3ab+0Ahwt/9MY8I/WFUX4eKVxbVLnFMFzMU6AfcxxgU1WdgEATbrUzIt5+vH6YKQ
6Mx0+utRDWz/ieE/SdKy02bCRkxVMMHZbcuUXFER27VgSPHh9uXYBtIt90ym6Qzp
fMQZIhhumbnglCgiS11T5rRal6urw7yAyQCdkLy1p/uOBKnWEnO96Gmuswmet5z3
x5mSJwDHBXYOx+Qqcnc+4vYFKiABfei1QVORv1h7LAOkGKXd7he3qqakKD6A4xUq
8oE0xfcW8xDdDkhaFivx
=eoZp
-----END PGP SIGNATURE-----

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/05/2016 10:38 AM, Franz wrote:

> I fully agree with the idea of respecting user needs, but why do
> you think gamers are really interested in strong security? Only
> because they spend money for expensive computers? It seems a poor
> motivation for me.

I'm playing games - while interested in strong security.
That's why I using Qubes on my laptop and running windows (as a gaming
platform) on my "gamer" desktop :)

But I would never ever mix the two. Not even with dual boot.


- --
Zrubi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXe4n2AAoJEC3TtYFBiXSvRuwP/A637kHTTdnY7gkuJ2IIStNC
DJ+c5rav6BzMgfCZlPJsE0bkOOTYp6h/aHzhE3f+d8fQTEINkWmclp1xjVK2hp32
X36GoadmErrt94jticCtKWZzEVQhCtE32xBKONsRgl6uc2Ig6R76bMreBj7R1JcH
GEGC4fY0DiF5MTedHkaULpKgNvdt8ayIAdtqWvOZT/rNoHpUVImUb7SVNh5AtmiL
9q+vpc1bORnRZy/BlENayeW3wzWzhsfurYUXXAzG69aPQXDf+wZgOpjRF1wLSpHt
IQ5yigOawq7Rk+FpLsgChvRDcu9PZmcuv6JtBUlaw4o32y0Ghq1ILtbszm1+4XtT
NnliW+t1Cay/4MBIyXbnsWVEG2kzVpJx6UglpzhqIVK5jUUnb5dUHYPcP1c90/tr
UYk3zyeA8fXhhNhkdlJJR6XPY4TslcK9Ne/uK95JtXWq6QgdPyoYDKVCuVYo5hpJ
JdHOtYrZlXFyzRtx9ly2e1EzPvNlZaeszthyU+No3lAh3rUIF1ni0TErzKXGB1Bq
NmhkjbFCISvMdaoxeV9zc+ZYnXRSluJq9gyv3XL2fkeoQy3tnKSI1SPXQlvMTRkx
AvHxaWKryICXW9w9n7XMGB7Dcvc1LPNV/BAf73uUlafsx7h+XfxE8kTqY8/lWTrv
Nejzf4uerTet73dzugGI
=V20z
-----END PGP SIGNATURE-----

[Chris Laprise]

On 07/05/2016 04:43 AM, Marek Marczykowski-Górecki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Mon, Jul 04, 2016 at 10:46:52PM -0700, juri...@gmail.com wrote:
>> 1) qubes is a system for security and isolation. But when you install, you have no encryption options.
> Full disk encryption is enabled in default installation option.
>
>> 2) Qubes face 2 problems nowadays for engaging new users with real security.
>>
>> a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for people that has WINDOWS and GAMES also, a good GPU, and wont waste their machine on a UNIQUE linux system at least without dual boot.
>>
>> b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, network, etc, and people are suspicious amd too. But most consumers are from nvidia. nvidia now spy on hardware level. Does not matter the system security.
>>
>> The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high end computers can use windows for what they need and even play games. Plus, if you do use nvidia in dom-0, they WILL capture the screen on hardware level. Nouveau is not working right for a long time. Onboard or gpu 1 for dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2 monitors, it can change the vga adapter from 1 to other to use windows after starting the vm. that would be perfect.
>>
>> So we give a finger to nvidia and the drivers problems they cause, and we isolate their spying inside windows vm, plus eliminating the need for a dual boot and for everyone not using their gaming gpus.
> This was discussed many times, so search the archive for more detailed
> answer. In short: GPU will always be able to see the screen content -
> this is what GPU does. Having GPU passthrough done securely (for example
> without increasing dom0 attack surface by launching qemu there) is quite
> hard because GPUs use a lot of non standard tricks and hacks in addition
> to standard PCI operation.
>
> Implementing this is on our roadmap, but it is hard and will take time.

I must ask: Does ITL have a list of well-behaved hardware on which this
can be accomplished? If there are any laptops out there with the kind of
workstation-class GPUs that would respond to passthrough predictably and
reliably--even just one model--then maybe it should be plastered on the
front page of qubes-os.org.

Beyond that, I think you know my views about Qubes needing more
comprehensive hardware focus--even design. From here, Qubes with
designed-for-Windows PCs looks like a strained marriage that's getting
worse, and the latter was never the kind of blank canvas that many
considered it to be.

BTW, I think jurisdan does have an excellent point on #4. It would be
prudent to flag anon proxy vms (the way rpm-sourced templates are
flagged) so that QM and tools can take preventative action under some
circumstances: Switching any appvm away from an anon-flagged proxy
should result in a warning dialog.

Chris

[ni...@kobschaetzki.net]

> On July 5, 2016 at 7:46 AM juri...@gmail.com wrote:
>

<snip>

> 2) Qubes face 2 problems nowadays for engaging new users with real security.
>
> a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for people that has WINDOWS and GAMES also, a good GPU, and wont waste their machine on a UNIQUE linux system at least without dual boot.

Well…my high-end computer is a Thinkpad X201 (2010) with 8GBs of RAM. Qubes runs well, even with close to a dozen of VMs at the same time and a couple of tabs in Chrome. Even KDE5 works on my machine flawlessly (or not worse than with KDE4 on Qubes 3.1).

Btw. when I want to play (which I obviously can only do with games that have not a lot of requirements) I swap my harddisks and put in the HDD with Win10. My threat-model does not include someone who attacks my Win10 to attack the BIOS to attack me though.

<snip nvidia>

>
> So, XEN is not good for that? consider passing to KVM.

Isn't the reason that Xen is used the small code-base in comparison to other solutions to reduce the attack-vector(s)?

Niels

[juri...@gmail.com]

Not trying to insult you, but:

1) i never said "gamers are really interested in strong security";
2) even less "Only because they spend money for expensive computers?"
3) or "how gamers spend money"

You seem to have a silogism problem in your mind. That would upset a lot people you try to debate with. You should start to pay a little attention to that.

But ok, there are no "gamers flooding to qubes". But what you must understand is that the average user nowadays has games, sometimes in free times they "also"play, there are people that play more, people that play less, i play starcraft like 2 or 3 times a week, i play counter strike once or twice in a month, but remember, average user is NOT a HEAVY GAMER.

But most HAVE games, did BUY some games, and did BUY some good GPU in their computer. PERIOD. And they WONT sacrifice dual boot and stop using gpu because of that. I have 300 frames per second with my geforce gtx 960 in best graphics settings in latest counter strike GO. For me would be no problem to sacrifice 10 or 20% of that to stay secure. By the way, in a group conference, 100% of people said if they could use their gpus inside qubes, in a single separated vga output, they would already be there after windows telemetry latest doings. Strike the iron while it`s hot. Qubes is the response to the average user. NOONE SAID that qubes is directed to the heavy gamer only user. Noone but you.

Plus, you better remember that:

Windows is sending telemetry things even hidden inside normal updates. They send data when you plug your camera on. They capture all keystrokes even of your credit cards and passwords. They communicate even when you tell them not to. If you let your computer alone for 15 min, it will start sending heavy data. The average user will play their LOL or Dota or counter strike with their gpus they did buy but will wanna work with safety. Or need to use windows for some activity.

http://arstechnica.co.uk/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/

And you better REMEMBER that if you are a simple TOR OR TAILS user, nsa will deep monitor YOU. What if you turn on QUBES? aaaah, then it`s for SURE:

http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance

http://www.infoworld.com/article/3012932/linux/the-nsa-might-be-spying-on-tor-users.html

http://www.theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/

So, when you DOWNLOAD AND INSTALL qubes, you WILL BE on deep monitoring. We are not talking about "GAMERS", dude. But you better learn that HIGH END cpus with good RAM will usually HAVE A GOOD GPU and WINDOWS NEED FOR THE USER. Mix that with a directed deep monitoring NSA attack into qubes users and you WILL have a problem.

[juri...@gmail.com]

Thanks! You are a very smart and ponderate person. I did not know KVM would expose dom-0 to those attacks, so i apologize for suggesting that. After what you told me, seems we need to urge the xen people to see if they can do something versus those virtualization detect patches from nvidia like kvm did.

[juri...@gmail.com]

Thanks, Andrew. But still... I did not find wich encryption is used by default in qubes documentation. And people still has to do it manually. Plus, when i went to the advanced partitioning, there were lots of bugs. We need to be able to chose serpent, aes, cascade, iteractions, etc.

[juri...@gmail.com]

Niels, i agree, but have something to remember also. if we go to BIOS in AHCI and you turn off some hard disk, qubes install will not see any disks, at least here. So i would have to open manually my case to change disks. And as you can see, most people here DO use windows and DO use dual boot and Do play. One way or another. Would be so good if we could have windows option totally inside a virtual cage, and also the gpu... We could still be windows users, and still play, but just for certain activities. For work and serious ones, enjoy the isolation.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Jul 05, 2016 at 08:47:33AM -0400, Chris Laprise wrote:
>
>
> On 07/05/2016 04:43 AM, Marek Marczykowski-Górecki wrote:
> > This was discussed many times, so search the archive for more detailed
> > answer. In short: GPU will always be able to see the screen content -
> > this is what GPU does. Having GPU passthrough done securely (for example
> > without increasing dom0 attack surface by launching qemu there) is quite
> > hard because GPUs use a lot of non standard tricks and hacks in addition
> > to standard PCI operation.
> >
> > Implementing this is on our roadmap, but it is hard and will take time.
>
> I must ask: Does ITL have a list of well-behaved hardware on which this can
> be accomplished? If there are any laptops out there with the kind of
> workstation-class GPUs that would respond to passthrough predictably and
> reliably--even just one model--then maybe it should be plastered on the
> front page of qubes-os.org.

Yes, we'll probably end up with having GPU domain supported only on
selected laptops (and "maybe working" on others, as optional feature).
But we haven't even started working on this feature, so cannot say now
how will it look like. Probably working GPU domain will be just another
column in the HCL table and/or certification requirement.

> Beyond that, I think you know my views about Qubes needing more
> comprehensive hardware focus--even design. From here, Qubes with
> designed-for-Windows PCs looks like a strained marriage that's getting
> worse, and the latter was never the kind of blank canvas that many
> considered it to be.
>
> BTW, I think jurisdan does have an excellent point on #4. It would be
> prudent to flag anon proxy vms (the way rpm-sourced templates are flagged)
> so that QM and tools can take preventative action under some circumstances:
> Switching any appvm away from an anon-flagged proxy should result in a
> warning dialog.

Whonix workstation will lock itself if not connected to Whonix gateway,
sot a big problem here. But non-Whonix AppVMs will not do that... So it
would be good idea to add such warning, but we don't have any place to
where it should be added properly in 3.x (not some nasty hack in just
qubes manager). It will be trivial in Qubes OS 4.x.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXfDv5AAoJENuP0xzK19csn5IH/iRLC+3P+d+Zs4wKbCOCpsY9
MdO/reZPGYgj9JlR08zgGVj1s2208xOhiuM9PFzul6r34pqOsRoiZ+/oZqleRcTA
yzmYNgtklEYqHyt8LyP7bzxjR011l5dOma7qJ3Bewqc3VWF3rzdcajwzq4Ho8A6M
Ii+QEUCgpLNucqClxwt/QFH7XDZuGhUnQbAlDC2qXqt/lyvbbklya04FVk0rKHyF
PduTvhtffFgLln1J2ow3+hi8xHoscvROT6MsB6J77+PCBdEeqbGVvrsE/g1hlm+c
KHSlEfvFJhhofBtkt8w4hs2uGFv9Rj90TtppgN+fWpnwyIilPesJllDGGMXSJsg=
=NkLc
-----END PGP SIGNATURE-----

[Chris Laprise]

On 07/05/2016 03:35 PM, juri...@gmail.com wrote:
>
> Thanks, Andrew. But still... I did not find wich encryption is used by default in qubes documentation. And people still has to do it manually. Plus, when i went to the advanced partitioning, there were lots of bugs. We need to be able to chose serpent, aes, cascade, iteractions, etc.
>

I don't think Qubes makes any special demands or tweaks of the disk
encryption used by Linux. The threat model for in-person (i.e.
"steal/copy the disk") attacks is virtually the same for any PC. Since
Qubes dom0 and installer is based on fedora, you could look to fedora
for an answer. But even then, they probably use whatever default
cryptsetup specifies.

You can see the cryptsetup default for creating LUKS volumes with
'cryptsetup --help'. It should say 'aes-xts-plain64' with some other
parameters.

Chris

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-07-05 12:35, juri...@gmail.com wrote:
> Em terça-feira, 5 de julho de 2016 06:54:14 UTC-3, Andrew David

> Thanks, Andrew. But still... I did not find wich encryption is used
> by default in qubes documentation.

Well, Qubes just uses cryptsetup/LUKS/dm-crypt from upstream, so you
should really be looking for that in the cryptsetup documentation (FAQ):

https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions

> And people still has to do it manually. Plus, when i went to the
> advanced partitioning, there were lots of bugs. We need to be able
> to chose serpent, aes, cascade, iteractions, etc.
>

Patches welcome!

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXfSWyAAoJENtN07w5UDAw3C4QAMA/sIgs5nXL6TJN/kyLslkK
vycm0sed8mLJy9caFbh1N2rgo6COaMD4ql6UHFast9JYpwugZ0ld6u0za2Nx7eoh
XPiuUpHY4r745UEz7VhAHEkJZtNXnPlzmcJlb7r79lq35Ck/oHlvbrUBGXfzRctJ
FYNK7CSoWqy385hFSNcH5EHrlySmwIpxFjs7zLYegN3MyBTjqmXlTex8whyiV7o7
zSdvsZsawKcB172LUbwxCcKTc33a7uFsFRsDpcdDjIlkoSBjKFfQVQovcXMLzxFU
dv7Sse3j6cmeV7MbegD9zYRNC4/KIE5rIva0bWM8rDwLhgIdpWyrdZyEl5PQf4Zz
prFRE8c0+6CCSAxFLVcK8GVtWmjHPN5IjeFDV/qNpL8/hRBI9B8U2liDaC+6XQhM
CEo7Cqx98ciOz+pP7Rq3PsArWmi57J/ZgjPtU/5ITDkuiU6MzIMuzVnhiQVMMV+p
VztfM4239yDQGc/Xh+lTRKeFqebFW7w4+02nm0VFslIYbmmkzvKcwkv2Zd6vTAGw
WfGnf5aTf0SdILL7QZ1gVHoPq6bPIM3Bxg9Bs1JhLACcRT18JJotCBnAmttcCUxJ
MDuBTkXPB5H27oWybgyv0KPnNFFLCjwWmU1vcMB9p426CGiOSdzoEemj4TdF1OvZ
6yl1Ymih9pRVSb6y/r88
=qvTi
-----END PGP SIGNATURE-----

[juri...@gmail.com]

I mean, what is the default encryption? what are the default iteractions? How many bits?
Plus, like i said, i am an USER. I am a LAWYER, not a programmer. The system should not be directed for people to, without ANYTHING in installer telling me things like i read in the link you pointed me like "aes-xts-plain should not be used for encrypted container sizes larger than 2TiB. Use aes-xts-plain64 for that" should be automatic warning in a pop up when the person chosing encryption inside the installer is chosing it!

Still the suggestion remains and with solid reasons:

1) a normal user DO NOT KNOW what WAS USED as encryption inside the installer. When i say that, i say AES? SERPENT? 128 bits? 256? Whirlpool? Not if it used LUKS, but even that is something that should be pointed, not just a "chose your password"

2) Outside the installer, is sad that is not in qubes faq or in the website.

3) And options to chose encryption are still a need. So the user can chose speed/security. For example, i dont trust AES intel thing, so i like to use serpent. Plus, when i typed wrong FDE password, i could try again VERY QUICKLY, so i doubt a good secure iteraction number was used.

Imagine i keep telling my windows friends that knows nothing about programming to install QUBES and then when they ask about the encryption i paste a link like that and say STUDY SOME HOURS AND SOLVE THE PROBLEMS EVERY ONE OF YOU. HOURS FOR EACH STEP SO YOU DONT MAKE DUMB THINGS. Thats kinda nonsense.

I mean, a security distro for desktop user, should have like a warning button pop up, "IF YOU USE SSD YOU CAN HAVE THE ISSUES X OR Y WITH ENCRYPTION", or other warnings everyone should know, in the programmer choice. For example, after i did read the link you pasted, i tought was VERY IMPORTANT to know that:
"CLONING/IMAGING: If you clone or image a LUKS container, you make a copy of the LUKS header and the master key will stay the same! That means that if you distribute an image to several machines, the same master key will be used on all of them, regardless of whether you change the passphrases. Do NOT do this! If you do, a root-user on any of the machines with a mapped (decrypted) container or a passphrase on that machine can decrypt all other copies, breaking security. See also Item 6.15." ... So... wth?? If you change the password, anyone with any password can read my encryption WITHOUT MY PASSWORD?
So, whats the point in changing password of a container in case was compromised?

I mean, giving warnings and orientations would be a very time consuming thing, i know, i was just mentioning the ideal scenario from a security distro installer, but giving the encryption choices woud not be so hard. For example, i dont know about license problems, but could not someone just copy that script part from another distro? I remember i had this options when i installed debian years ago. Must still be there.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-07-06 12:33, juri...@gmail.com wrote:
> Em quarta-feira, 6 de julho de 2016 12:37:31 UTC-3, Andrew David

> I mean, what is the default encryption? what are the default
> iteractions? How many bits?

$ cryptsetup --help
cryptsetup 1.6.4
[...]
Default compiled-in device cipher paramters:
[...]
LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing:
sha1, RNG: /dev/urandom

> Plus, like i said, i am an USER. I am a LAWYER, not a programmer.
> The system should not be directed for people to, without ANYTHING
> in installer telling me things like i read in the link you pointed
> me like "aes-xts-plain should not be used for encrypted container
> sizes larger than 2TiB. Use aes-xts-plain64 for that" should be
> automatic warning in a pop up when the person chosing encryption
> inside the installer is chosing it!
>

aes-xts-plain64 is already the default, so there's no need for such a
pop-up warning. That would just unnecessarily confuse users and
clutter up the installer.

The same applies for most other settings. Sensible defaults are
already in place, and there's a limit to how much information users
are willing to digest and read through in order to go through with the
installation. The information presented must be prioritized, since
users' cognitive resources are limited.

> Still the suggestion remains and with solid reasons:
>
> 1) a normal user DO NOT KNOW what WAS USED as encryption inside
> the installer. When i say that, i say AES? SERPENT? 128 bits? 256?
> Whirlpool? Not if it used LUKS, but even that is something that
> should be pointed, not just a "chose your password"
>

A normal user doesn't need to know these details. An advanced user can
easily find out, or even configure things themselves:

https://www.qubes-os.org/doc/encryption-config/

> 2) Outside the installer, is sad that is not in qubes faq or in
> the website.
>

Feel free to help us improve the documentation:

https://www.qubes-os.org/doc/doc-guidelines/#tocAnchor-1-1-2

> 3) And options to chose encryption are still a need. So the user
> can chose speed/security. For example, i dont trust AES intel
> thing, so i like to use serpent.

Again, patches are welcome.

> Plus, when i typed wrong FDE password, i could try again VERY
> QUICKLY, so i doubt a good secure iteraction number was used.
>

Again, you can configure this yourself:

https://www.qubes-os.org/doc/encryption-config/

> Imagine i keep telling my windows friends that knows nothing about
> programming to install QUBES and then when they ask about the
> encryption i paste a link like that and say STUDY SOME HOURS AND
> SOLVE THE PROBLEMS EVERY ONE OF YOU. HOURS FOR EACH STEP SO YOU
> DONT MAKE DUMB THINGS. Thats kinda nonsense.
>

Not necessary. The defaults are fine for most users.

> I mean, a security distro for desktop user, should have like a
> warning button pop up, "IF YOU USE SSD YOU CAN HAVE THE ISSUES X OR
> Y WITH ENCRYPTION", or other warnings everyone should know, in the
> programmer choice.

Again, too many pop-ups of that sort would create unnecessary
cognitive load on users. In cases where something is truly dangerous,
either a sensible default is chosen, or if the user must make a
choice, a warning will be shown. Otherwise, we make sure to clearly
state such warnings in the documentation.

> For example, after i did read the link you pasted, i tought was
> VERY IMPORTANT to know that: "CLONING/IMAGING: If you clone or
> image a LUKS container, you make a copy of the LUKS header and the
> master key will stay the same! That means that if you distribute an
> image to several machines, the same master key will be used on all
> of them, regardless of whether you change the passphrases. Do NOT
> do this! If you do, a root-user on any of the machines with a
> mapped (decrypted) container or a passphrase on that machine can
> decrypt all other copies, breaking security. See also Item 6.15."
> ... So... wth?? If you change the password, anyone with any
> password can read my encryption WITHOUT MY PASSWORD? So, whats the
> point in changing password of a container in case was compromised?
>

I think you're misreading that. That only applies under a very
specific set of circumstances (described in the quotation).

> I mean, giving warnings and orientations would be a very time
> consuming thing, i know, i was just mentioning the ideal scenario
> from a security distro installer, but giving the encryption
> choices woud not be so hard. For example, i dont know about license
> problems, but could not someone just copy that script part from
> another distro?

You mentioned above that you're a lawyer, not a programmer. I imagine
this is somewhat like saying, "I'm not a lawyer, but writing a
contract for this deal shouldn't be hard. Can't you just copy part of
some other contract?"

In reality, things are never as simple as they seem, and implementing
one thing has a tendency to break other things, which means that
changes need to be tested.

It also sounds like you might be confused about things from a
technical perspective. It's not simply a matter of copying some script
to make different cipher options show up in the installer. Those have
to be supported by the kernel, as well. Check the output of:

$ cat /proc/crypto

If you're using the default kernel, you'll find that many of the ones
you listed are missing.

> I remember i had this options when i installed debian years ago.
> Must still be there.
>

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXfWnrAAoJENtN07w5UDAwuh4P/iPcFmP7Al+Kc/dsBLmqfWCw
coZcFvAX46qbR1zNjz7euyETeWBJF3mRNwhSPlYUE+8de8hDnyYKbhn+2kHeW0Nh
WWHNH9wFlV8BUcXPVzHejUhwtdPV59SxyLcifAWSk5aPE1vGzoeRlEzVxPKhX5Yw
MyF/I0NiGozXAGsfM/amZs0nYnU1UAD5NBKEpnYmWR3Dy7a7KZijxf+c4x4KuUbw
EJ73aNl/FjpvHtFe0LT8WC6yE4AaOIYhrUf4aqroPiSp/GvGatZknqRHlJrmXbYK
3MGD2a8IV+UUfiTlbAFOld7CdroL/csI7XZGka1kEkWi2T19wLSsoYC/bttJA96T
RTvXj3ReuJn8iUl5KkRhecyAunn/mvTvreOcOkiP+//clkIRqFud1QnjxzebSL3H
GASCx/lrcR4dZl5cgZz+mdd2FDZdbjO/2GDV1x8gi27VdU7F67Wv9hLRux6xvXbH
wYIFyJ30Rq8WK5Z0zRWQpZcsrJKCwdpkGUj6NQ2cSg9/B5wWTCUvd4crN9OzWPMK
EDP+QgFFgHQb674ZfLotgRZi8eTVhuVMTuL0zajvj1zbIsmC6NIwdyWDpTUkb8dJ
g87khGHH0tDy/I2QmOQ8lNVRombYCp5sznwIuDssHKJgwkGTEjv8uxXpNCpUy/Fr
I8XGDZCAUb576aE3jbMb
=l2FU
-----END PGP SIGNATURE-----

[juri...@gmail.com]

Guess you are right in most things. That default encryption is good. I still have a doubt about the iteractions, is there none?

Of course we can copy part of a contract when is something trivial, we just edit some things. i think 80% of what would be needed is there.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-07-06 14:24, juri...@gmail.com wrote:
> Em quarta-feira, 6 de julho de 2016 17:28:49 UTC-3, Andrew David

> Wong escreveu: On 2016-07-06 12:33, juri...@gmail.com wrote:
>>>> Em quarta-feira, 6 de julho de 2016 12:37:31 UTC-3, Andrew
>>>> David Wong escreveu: On 2016-07-05 12:35, juri...@gmail.com

>>>> wrote: I mean, what is the default encryption? what are the

> Guess you are right in most things. That default encryption is
> good. I still have a doubt about the iteractions, is there none?
>

The default is however many iterations can be performed in one second
on your hardware at the time the container is created. You can see
this in the LUKS header:


$ sudo cryptsetup luksDump <device>
[...]
Iterations: <number>
[...]


Again, this is configurable:

https://www.qubes-os.org/doc/encryption-config/

> Of course we can copy part of a contract when is something trivial,
> we just edit some things. i think 80% of what would be needed is
> there.
>

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXfaEqAAoJENtN07w5UDAwYF0QALbF5bi1VijV9Syn4i0KTw/w
b+ifRySMeU8FQ3Llgb7tBVa1KQY832Ls0nOHUjzsniiJM04KzVT+Dub2F/CnwSft
e3Jmr6PvqQK4MCYzEArGsE11LYup1aqzLxcVwwfmtX9YzXaPzS+P3+z/7jvSSHiD
7mN+fgShkGqEgkfORm33pOm6KSawDEUFZPBwpHLw51f2SUikhsIo7GQVO+Pebdlk
H0yRGLhPAWdp0l3FSItdkcIYWGfOLsOa65XW1khTVrxjUk18QgLn5qn235x0zRnI
Z9OocfQeamqCizHQvQxtpfXI0j8abArWIBWpFUqcjsNg0t7ADCNeq9Gm4cnJKoSO
qru4VKHVbMtNlVjUTXshkZWQvzQAVDCYCk6evHN9V3LrjyT4icnFAzPzrE5HWssC
oxCWj/U/nboNT+PYFnZo+69mEXJG67LQvLUu1QSX3AfSSYZbN2PSOIidBChl21ZK
W3+r3gQs4FOYeKp+lUZBqzmezz2C3BMABxPZ6j9NFS5HMHVwlvJ11TLwud4v/nCC
20as+cAqaOIPFW9C2vLc2kUB5k+0Jx+bVyy9VSk7QJzOjadyq7zrwZzK6rBuT4qQ
d40NZPHKMAZaEgCboHxSp0wR015fAPekzksJCnEa/PUWj4gbHIKMMRxDZso/bLUH
jM68fOpclYEPJVsWoDVP
=NkYQ
-----END PGP SIGNATURE-----

[raah...@gmail.com]

I'm not so adamant about wanting gpu passthrough on qubes, cause imo, gaming online usually means all security is out the window. Plus I feel as though gpu is much bigger attack surface for side channel attacks then net card. I could be wrong because I have no clue about low level stuff, but I feel it would somehow undermine purpose of using qubes. Maybe I'm wrong.

Plus as a gamer myself, I always want the most fps the machine can dish, and that's definitely not by running games in a vm.

I have a separate machine for sensitive and daily tasks running qubes. Most people use consoles for gaming now anyways. Hardware industry has been dying for a decade and I never had any reason or thought I would ever build a custom pc again, until qubes! :)

[Chris Laprise]

On 07/06/2016 09:42 PM, raah...@gmail.com wrote:
> I'm not so adamant about wanting gpu passthrough on qubes, cause imo, gaming online usually means all security is out the window. Plus I feel as though gpu is much bigger attack surface for side channel attacks then net card. I could be wrong because I have no clue about low level stuff, but I feel it would somehow undermine purpose of using qubes. Maybe I'm wrong.

I think this is wrong because many kinds of apps rely on GPUs now: Media
decoding and creation, 3D design and printing (I would love to have even
just SketchUp on Qubes!), and any other responsive 3D interface that app
designers want to offer. This even includes web pages, crypto-currency,
and many scientific apps. GPUs are now general processing engines that
embody MOST of a typical computer's processing power.

This is not about games.

Furthermore, there is no getting around the fact that visual rendering
is integral to security. The GPU can see any private info that you can,
and if compromised can take steps to trick users into sabotaging their
own privacy and security. Like the CPU, the GPU must be accepted as a
core component of trust, and protected as such... at least any GPU that
operates the admin and trusted domains.

It is fortunate that we at least have a trend of integrated GPUs (in
APUs) where the GPU is manufactured into the same package as the
(implicitly) trusted CPU. For the time being, this is a boost to Qubes'
compatibility and security even if the GPUs are under-utilized.

For Qubes to either 1) give up on GPU support, or 2) relegate them to
untrusted status would be an _irretrievable_ error in judgment. It would
make the OS a 21st century terminal application, because the lions share
of the power expected by PC users would be missing (as it is currently).

Chris

[Duncan Guthrie]

On 7 July 2016 03:28:48 BST, Chris Laprise <tas...@openmailbox.org> wrote:
>On 07/06/2016 09:42 PM, raah...@gmail.com wrote:
>> I'm not so adamant about wanting gpu passthrough on qubes, cause
>imo, gaming online usually means all security is out the window. Plus
>I feel as though gpu is much bigger attack surface for side channel
>attacks then net card. I could be wrong because I have no clue about
>low level stuff, but I feel it would somehow undermine purpose of using
>qubes. Maybe I'm wrong.
>
>I think this is wrong because many kinds of apps rely on GPUs now:
>Media
>decoding and creation, 3D design and printing (I would love to have
>even
>just SketchUp on Qubes!), and any other responsive 3D interface that
>app
>designers want to offer. This even includes web pages, crypto-currency,
>
>and many scientific apps. GPUs are now general processing engines that
>embody MOST of a typical computer's processing power.
>
>This is not about games.
>

I think this is wrong. Most heavy computer users work in offices and do word processing and spreadsheets, the 'average' casual use is generally web browsing and light media consumption.
Qubes works fine for using Libreoffice, web applications and social media, and programming e.g. in Python. Graphics designers can use GIMP or InkScape, or any of the Windows programs that they commonly use.
It is true that you won't be able to use 3D applications like SketchUp, but I do not think such tasks constitute most of the average workload as you say. Perhaps they make up most of your workload, but I don't think that you speak for everyone here. I have found Qubes works for me, and people I know do similar tasks on their computers.

>Furthermore, there is no getting around the fact that visual rendering
>is integral to security. The GPU can see any private info that you can,
>
>and if compromised can take steps to trick users into sabotaging their
>own privacy and security. Like the CPU, the GPU must be accepted as a
>core component of trust, and protected as such... at least any GPU that
>
>operates the admin and trusted domains.
>
>It is fortunate that we at least have a trend of integrated GPUs (in
>APUs) where the GPU is manufactured into the same package as the
>(implicitly) trusted CPU. For the time being, this is a boost to Qubes'
>
>compatibility and security even if the GPUs are under-utilized.
>
>For Qubes to either 1) give up on GPU support, or 2) relegate them to
>untrusted status would be an _irretrievable_ error in judgment. It
>would
>make the OS a 21st century terminal application, because the lions
>share
>of the power expected by PC users would be missing (as it is
>currently).
>
>Chris
>

I dispute this argument. Dropping "GPU support" (I am not sure where you get this impression) is hardly going to make Qubes a terminal application. You can use anything that uses 2D graphics, and can play music and movies, and do word processing, and email, and software development, and... The list goes on. Qubes is about security, and allowing such high level access for the GPU is a terrible compromise.

>> Plus as a gamer myself, I always want the most fps the machine can
>dish, and that's definitely not by running games in a vm.
>>
>> I have a separate machine for sensitive and daily tasks running
>qubes. Most people use consoles for gaming now anyways. Hardware
>industry has been dying for a decade and I never had any reason or
>thought I would ever build a custom pc again, until qubes! :)
>>

If you are doing something really heavy like statistical work you often would use a dedicated server for this. As far as I know connecting to such servers would be possible using Qubes. At any rate you could always use Qubes for personal use and then have a dedicated work computer for stats, 3D development, etc.

These are just my own observations.
Hope it helps,
D.

[Chris Laprise]

I am not proposing that domUs have direct access to graphics systems
operating in dom0. GPU access needs to be properly virtualized, and
thankfully some groundwork by Intel (and probably others) has been laid
for it. Alternately, a specification for well-behaving discrete graphics
could make graphics passthrough a realistic option for many people.

Marek has already stated that any domU used for primary graphics (as
unrealistic as that may be, given the state of passthrough
compatibility) will be a trusted one, and that the purpose of such an
implementation would be to facilitate the use of Linux graphics drivers
while the rest of the OS slims down and experiments with microkernel
admin and storage vms.

The current state is, of course, one of trusting the GPU. That poses a
problem for those who want both discrete graphics and anti-tampering
(AEM) but otherwise? I don't see the compromise you mention.

Defining personal computing and what most people want as a list of
traditional activities--instead of using examples of innovative apps and
the kind of directions app developers can go--is a mistake that leads
projects into an unbearable surfeit of unsupported corner cases. And
seriously-- if that's what it would come to then just develop a
convenient firmware verification and re-flashing system and run TAILS on
the hardware; it would save considerable time and effort.

An accurate view of use cases would hardly stop at office software and
playing music because almost everyone has make-or-break corner cases.
Teleconferencing and 3D printing, for example, are now SMB and home user
activities that benefit from GPUs, which become more necessary due to
the extra CPU overhead of domain isolation.

As for suggesting server-based processing of large jobs to Qubes
users... I'm not even sure where to start with that one.

Chris

[Duncan Guthrie]

What are you suggesting then? You are criticising Qubes for not having good GPU support, but recognise that you can't have good security when GPU has access to hardware? I am sorry but I don't understand your point fully, and would appreciate it if you could elaborate further. What is your solution, do you want there to be virtualised domains for GPU? If I remember correctly, this is a feature being worked on.

>Defining personal computing and what most people want as a list of
>traditional activities--instead of using examples of innovative apps
>and
>the kind of directions app developers can go--is a mistake that leads
>projects into an unbearable surfeit of unsupported corner cases. And
>seriously-- if that's what it would come to then just develop a
>convenient firmware verification and re-flashing system and run TAILS
>on
>the hardware; it would save considerable time and effort.
>

I wasn't really trying to "define personal computing", sorry if it appeared that way. What I am trying to say is that Qubes is aimed at a wide audience, and I think that Qubes adequately accomplishes the tasks I mentioned already, which are undoubtedly common tasks and use cases. It does the basics and more reasonably well while being reasonably secure. Certainly more can be done, though. I just think that some tasks that make heavy use of OpenGL are quite niche, like use of SketchUp, and at any rate on low-end systems (and some high-end systems) would be so slow as to be somewhat difficult, for example video games and use of software such as Blender.

>An accurate view of use cases would hardly stop at office software and
>playing music because almost everyone has make-or-break corner cases.
>Teleconferencing and 3D printing, for example, are now SMB and home
>user
>activities that benefit from GPUs, which become more necessary due to
>the extra CPU overhead of domain isolation.
>

Yes, this is true. However, 3D printers are fairly niche use cases (at least where I live); we don't have a 3D printer in every street for example. I am also pretty certain we can run teleconferencing software such as WebRTC (in Firefox Hello) and the various proprietary ones without much trouble. I'm willing to sacrifice some speed for security. You are right about Qubes benefiting from GPU, but I can't see how we can improve the performance without sacrificing security at the moment. At any rate GPU domains are being developed? I'm not entirely sure about this one.

>As for suggesting server-based processing of large jobs to Qubes
>users... I'm not even sure where to start with that one.
>
>Chris
>

I meant that statisticians and computer programmers often do tasks that require considerable computer power on an external server at their place of work. It is not a good example perhaps but I am saying that Qubes performance for intensive tasks (some of which might require GPU heavily) is not necessary a bottleneck in certain use cases, as such tasks are often accomplished on another computer anyway. It should have been clearer, so apologies on this one.

Thanks for your correspondence,
D.

[Chris Laprise]

Qubes doesn't have good GPU support; It is a work in progress on many
fronts.

I mentioned that it could go in the direction of GPU virtualization or
better passthrough support, or both. In either case, there would still
be a protected primary graphics card that would at least render dom0 and
other trusted domains. But with the former, the primary graphics can
also safely process requests from untrusted domains. With the latter, a
secondary graphics card is still necessary (and indeed, that one becomes
untrusted at least during the untrusted session); this has little to do
with how the user controls the system, however.

>
>> Defining personal computing and what most people want as a list of
>> traditional activities--instead of using examples of innovative apps
>> and
>> the kind of directions app developers can go--is a mistake that leads
>> projects into an unbearable surfeit of unsupported corner cases. And
>> seriously-- if that's what it would come to then just develop a
>> convenient firmware verification and re-flashing system and run TAILS
>> on
>> the hardware; it would save considerable time and effort.
>>
> I wasn't really trying to "define personal computing", sorry if it appeared that way. What I am trying to say is that Qubes is aimed at a wide audience, and I think that Qubes adequately accomplishes the tasks I mentioned already, which are undoubtedly common tasks and use cases. It does the basics and more reasonably well while being reasonably secure. Certainly more can be done, though. I just think that some tasks that make heavy use of OpenGL are quite niche, like use of SketchUp, and at any rate on low-end systems (and some high-end systems) would be so slow as to be somewhat difficult, for example video games and use of software such as Blender.

The wide audience is the kicker: The list of use cases get smaller only
when your target audience becomes (much) more narrow. People also like
Qubes because the promise of strong isolation suggests greater freedom
to try things and explore without nasty side-effects; I believe this is
a reason why Windows support was an early priority. But if the type of
supported hardware and apps becomes too narrow, the freedom seems more
like a mirage and the appeal of Qubes can fade.

What we define as the basics can come back to haunt us as a community or
a tech 'ecosystem'. VR is making new inroads as we speak, and calling
that 'games' is inaccurate to say the least; The applications are
wide-ranging. Even in the case of simple 3D drawing... how many would
want to go through college today without access to similar apps? Even if
needed for only part of a semester? What about 2D note-taking apps that
do heavy compositing and recognize handwriting and voice?
Teleconferencing is a really big one... so our 'terminal' is not even a
/good/ one. It goes on and on.

>
>> An accurate view of use cases would hardly stop at office software and
>> playing music because almost everyone has make-or-break corner cases.
>> Teleconferencing and 3D printing, for example, are now SMB and home
>> user
>> activities that benefit from GPUs, which become more necessary due to
>> the extra CPU overhead of domain isolation.
>>
> Yes, this is true. However, 3D printers are fairly niche use cases (at least where I live); we don't have a 3D printer in every street for example. I am also pretty certain we can run teleconferencing software such as WebRTC (in Firefox Hello) and the various proprietary ones without much trouble. I'm willing to sacrifice some speed for security. You are right about Qubes benefiting from GPU, but I can't see how we can improve the performance without sacrificing security at the moment. At any rate GPU domains are being developed? I'm not entirely sure about this one.

OK... Although 3D printing was meant to /suggest/ innovative directions,
lets assume we rule out that use case for Qubes. So now almost every
savvy techie under the age of 35 becomes uninterested in Qubes because
3D printing is something most of them want to *explore*, even if they
never own a printer and use UPS stores instead... or if they never get
around to it. That kind of explicit deprivation (vs the deprivation
caused by 'it doesn't work /yet/') will be linked in their minds with a
very uneasy feeling about the unknown variety they are losing out on.
Think about how skewed that kind of demographic (for a piece of
technology) really is; Its unhealthy and starves the platform.

Qubes should be about simple and very strong isolation, wherein you can
deposit 'whatever' XYZ app and not have to fear for insidious malware,
surveillance, etc. Especially if I can make an untrusted Windows VM,
then why not?

>> As for suggesting server-based processing of large jobs to Qubes
>> users... I'm not even sure where to start with that one.
>>
>> Chris
>>
> I meant that statisticians and computer programmers often do tasks that require considerable computer power on an external server at their place of work. It is not a good example perhaps but I am saying that Qubes performance for intensive tasks (some of which might require GPU heavily) is not necessary a bottleneck in certain use cases, as such tasks are often accomplished on another computer anyway. It should have been clearer, so apologies on this one.

Yet this does suggest a kind of.... terminal.

In any case, I believe the concept of an OS somehow relegating graphics
overall to untrusted status to be a physical impossibility. Its not like
storage where the drives can be untrusted and handle encrypted (e.g.
unintelligible to the device) data with ease... encrypting a display
would be absurd.

>
> Thanks for your correspondence,
> D.
>

My pleasure,
Chris

[raah...@gmail.com]

I'm also confused, you say gpus are so insecure and that qubes is not doing enough to isolate them? Excuse me for being noob but doesn't qubes not allow most gpu functions to go past dom0. And so you would rather have them in domu domains with similar isolation as the netcard vm (which has no choice) and you would feel that more secure? I'm no expert so dont' know if thats true. If not would even having the ability on machine make me more vulnerable even if not applying it myself? excuse my noobness.

Most people also dont' have two gpus in their machine, which you imply would be the most secure way to use this feature? Only people I know of that do are gamers. If you do graphic designing and need to use special professional programs that require gpu processing I would recommend using a separate computer. But it seems this might be a feature in the future on Qubes. I wouldn't call it a priority though.

I think Qubes is fine for normal everyday users doing everyday tasks for home and office use. I can still edit photos, watch movies, create greeting cards, view almost any webpage. Only thing I can't do is play video games. And thats fine I have another machine for that, since i consider playing video games one of the most dangerous things you can do online anyways.

Its nice that you have so much faith in Qubes and that it can stop all attacks, but that is unrealistic. There is still always danger when doing untrusted tasks even when using Qubes, even with its hardware isolation. People should realize what. Qubes themselves describe it as "somewhat" secure, meaning much better then a traditional os, but nothing is 100%.

[juri...@gmail.com]

I think programers have some kinda problem.
They insist in trying to transform linux in something already is, something that wont bring windows users, just people into the IT world. So lemme tell you. I posted a HOW TO in a 300k people group this week. NORMAL people. Not what YOU think that are normal people. Not 3d pinters. Just a facebook group in wich i have 3k friends and lots od people read what i post. The thread had 700 comments. 99% OF PEOPLE WILL NOT INSTALL AND ABANDON WINDOWS IF THEY CANT FULLY USE VIRTUALIZED WINDOWS INCLUDING GAMES. AND MOST PEOPLE HAVE A DEDICATED GPU. Specially the new generation. They do not live without games. PERIOD. Most will still KEEP their unsafe windows profiles for facebook, skype etc. With qubes they will CREATE new safe and isolated profiles for different purposes. If you had paid an expensive market research you would learn hat. Even canonical that HAS a good budget on this made a mistake to force people to change too much to use their product. Because of a single start menu button they wanted to EDUCATE people not to use.

If you want to REMAIN WRONg, you

- consider some kinda autistic thinking about to WHO is qubes directed with a limited mind about what are the activities of a NORMAL PERSON inside a computer.

- insist to ignore that people that pass from windows to linux are from 16 to 26 years mostly and that their profile nowadays is of people that do not live without their games or their windows tools they used the whole life and that qubes must provide ALTERNATIVES of isolated use for things that APPEARS with profiles.

- insist to ignore that qubes users has high end computers and that MOST has a second dedicated GPU

- insist to ignore that most people WILL have a nvidia and that its use in dom-0 or dual monitor will compromise the qubes security.

- insist in ignore that NOONE that has spent money in a dedicated gpu will retire the gpu.

- insist to ignore that qubes is also not directed to office public, in office work, because qubes dont even have isolation for physical acess. I can not even go to sleep and leave some stranger into my computer or a girl with some gui menu that allows me to only release ONE vm for him to mess while i am away and lock all other vms. We have NO way of locking the acess to dom-0 yet and in a lock screen have button or a password to release one vm. That is an idea a had but in this stage with so many to do, is not a priority to isolate the physical machine from normal unwanted guests to acess

- ignore that all the distros that WORKED outside it world has a MAIN reason that is providing a SMOOTH pass from windows to linux. wine, virtualization, etc. AND that more than 90% of people, not to say 99% if they are not from IT world will ONLY use windows WITH DUAL BOOT.

- if qubes provides a gpu passtrough will steal ALL users from ubuntu, mint and even from microsoft windows, specially if it provides information about WHY pass to qubes in main page reporting microsoft spy thing in main reason.

- even if the person has 1 monitor only, but 1 dedicated gpu, is a MUST to provide a way for him to DISCONNECT HIS PLUG FROM onboard where he will use his dom-0 to another vga port where he will use windows or even other linux vm. Intel CAN ALSO spy, but is LESS than nvidia. And since vga hardware CAN SPY, is main to understand that vga isolation is a requirement. Even if the person has not a main use for windows, just to secure a different vga environment for some machine he might want isolated.

I will repeat. The qubes growing field is NOT to grab users from another distros. qubes future is conditioned to grab windows users with windows funtionality. period. And that includes dedicated gpu. Do not try to imagine things like 3d printers. And do not incur in the error to call a normal user that play games a GAMER like it is the main activity of a person and the only one in life.

Even here you see people that has TWO COMPUTERS reserving ONE to use windows. Even in the IT world you eill have AT LEAST 50% of people that WILL use windows to play games or something. dual boot or dual machine. In normal world, that becomes 99%.

The future of qubes depends on gpu passtrough. Doesnt even matter if it will use KVM instead of xen and be more vulnerable because of that.
Of course, a little more attention to encryption, some gui options and improve iteractions and a new submenu in start called ENCRYPTION or at least in dom-0 submenu with veracrypt same way other distros like partition magic does.

GPU PASSTROUGH - THAT is the main step in virtualization that can change all. And NVIDIA does know that. AND THAT is the reason they DETECT AND BLOCK passtrough. Microsoft and nvidia KNOWS that. And they HAVE a budget on spying.

What NVIDIA and MICROSOFT fears is that YOU finally realize that doing this you will ruin their spy network a lot.

The stupid normal people do not even STROP TO THINK AND UNDERSTAND why things like WTAHSAPP worths dozens of billion dollars spending bandwidth and paying people NOT CHARGING THE USER AND NOT MAKING ADVERTISING. Normal stupid people dont know whatsapp budget and other comes from USER DATA THEY SELL.

And when you manage to make a gpu passtrough, you will FINALLY DO provide ANDROID EMULATION. Something every user in the world desires and they can not do cause is SLOW without gpu in virtualization.

WHEN gpu passtrough is finally reached... When 1 monitor people has a gui warning "CHANGE YOUR VGA PLUG TO GPU X AND PRESS ENTER - after 30 seconds if did not work change plug back" thing or at least dual monitor. When you have an ANDROID MENU in vms. When you reach this, you will make qubes reach the world.

[juri...@gmail.com]

Ah and just 1 more thing. Dont forget that a large part of users has FAMILY that uses the computer. And family WILL keep wanting to use windows. And wont allow people to change the system if their fully working windows is not there.

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If somebody is happy with his/her windows/MAC/Ubuntu/WhatEver, then no
problem at all. They should keep using it.

Qubes is not for everyone. Especially not for the "happy windows users".

First priority for Qubes is security and privacy. On windows those tho
phrase not even exists. Maybe that is the reason for the Windows users
not even care about those as well.

BTW Windows itself is not ready for Qubes. It cannot be run as a
template based system because of:
- - legal shit. Let's consult your windows licencing expert about this.
- - It has no real file system standards,
- - Moreover don't even keep any standards.
- - I is keeping all kind of thing in the registry.

These points prevents it from running from template. Or at least make
your life really hard.

And it is just the OS, then we can start using software made for such
OS ;)

Most of those are unable to run on a template based windows because
placing it's shit all over the system, including registry -> they will
not survive a reboot and/or messing up everything.


Only the real "portable" apps are compatible.



Ohh, and I'm just a hapy Qubes user - for ages.

- --
Zrubi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXf2GjAAoJEC3TtYFBiXSvqCoP/AiL5a2pRcBngzUG54WBOq+s
bMh86xkOPFjD+Qb7uhumnGR8lPlE/CBus7TbWppyV6Knil26j7QgJODpIHqqhm07
YM5uQ7J/z0bgHcIq/hubc3MD7ZYxEXLhtRpqpK8SUPPy6pyjF019LwMyesSiXRCm
sVfuOeFU+hemZo3SxmNmkmF+2b+g2PovRtpX04qJvuwK8L+aGg9Dcae17Lg/u2V8
YRBZBE5EJEow7wRZDWgZ7xlDk2qCN7FtqO52iIl6k9+bhw6Gy/iRLYFxq2Vd/Mhj
xokQ5kmo2tK3w0gbzQxpkjMMHGlt0mFwpLQ14iNaHLrySwII/wRUSEcpl6LugXiX
sQXZvwklDF1k+3Kc8SKirMgMWObq/zR6gLypTUVAsRak/+NGwtenbnUkG+fU9g7n
DlZLtmMSDwWbP77ecJbrRq0xAp4k4jOiJjnZr9EsuGpEyGKd0tEEC5e2ivNyRcYP
mrPacgCiUwTcR6l8FLM/BU5Ujlwda5oLnpKeEUFcT/OwF2YB5BmFHeoFzBpCNC2p
5vJYelE+0sufI6Y9Wmgt6pHOMp6R8JV5j8bYs46paKwXTc97BrJvLtPiJS8Ni2xy
3BoxMJuy2RMqtXYMdcKXYSKh5mKydVgznFbWSFOaN6qbVKRQ12bEfSJidky76lKd
ed9yLHLGj0c6FbKrz4F7
=HkUz
-----END PGP SIGNATURE-----

[juri...@gmail.com]

I did not like your tone and i will take that as an insult. If you were happy with a TYPEWRITER, you should keep using it.
That is your way of thinking.

Sory to say, but you have a limited mind. If you failed to understand that gpu passtrough is a security problem, try to read again.

Noone cares, and should not care if it reaches YOUR personal needs as an IT user.

If you think that qubes is directed to provide security to a VERY SMALL AND RESTRICT group, congratulations. You failed again. At least as a thinker to direct the ship. You may even be good in isolated tasks, but you are unable to see the whole picture. i am sorry.

In the post i teached how to use TAILS, there are HUNDREDS of people that uses it now. Qubes? There were hundreds interested. The main question was FULL WINDOWS FUNCIONALITY. And that lack made almost all give up untill that funcionality is ready.

If you are happy with what you have, dont invent nothing else.
That is a real stupid way of thinking. You are someone destinated to work for others. a sheep.

Noone told you to PROVIDE A WINDOWS TEMPLATE. People install it. It is not forbidden.

If you are HAPPY WITH WHAT YOU HAVE, do not upgrade anymore. Do not use NONE of new funcionalities. Stop. Freeze your system to make it become like your brain.

[juri...@gmail.com]

Em sexta-feira, 8 de julho de 2016 05:17:54 UTC-3, Laszlo Zrubecz escreveu:

SORRY PEOPLE I APOLOGIZE!!! i have a NVIDIA GPU. I failed to understand that if gpu spy is a security problem, i must not use my second monitor. I FAILED to understand that i NEED TO USE it in dom-0 and fail in security or throw it in garbage according to this guy. Virtualization of qubes is made to web browse and send e-mails.
Seems i failed to understand that GPUS FOR QUBES USERS IS TO USE IN DOM-0 without virtualization! THAT is the idea of security!!! Ah!!!
Remember to tell qubes developers to REMOVE windows tools! "Qubes is not made to use with windows", let them stay in their OS. Let EVERYONE stay in the OS they use.

Is that what you want people to reach? Your way of thinking?
One that is exclusive yours? ok.
HE IS HAPPY with what he has so you need not to improve nothing else on qubes, did you understand developers?

[juri...@gmail.com]

Em sexta-feira, 8 de julho de 2016 05:17:54 UTC-3, Laszlo Zrubecz escreveu:

HERE!!! This is the perfect qubes solution according to this guy.

https://www.qubes-os.org/doc/install-nvidia-driver/

Install nvidia proprietary driver on dom-0 and be happy with the huge security it will provide!!!! And "BE HAPPY" like he is!!!
Dont forget to remove the security warnings about installing those drivers from the page. Oh, there is none. Cool.

I am glad someone so smart came to tell how to "be happy" now!!! Thats what you do when you have a gpu. Don`t isolate it to use, just use in dom-0! great!

[juri...@gmail.com]

Here, lazlo!!! I found a tale for you. is about HAPYNESS ang ignorance.
it is 1 page only, from a guy named VOLTAIRE.

http://www.online-literature.com/voltaire/4411/

"The Good Brahmin
DOES HAPPINESS RESULT FROM IGNORANCE OR FROM KNOWLEDGE?"

read it. And REMAIN HAPPY! I chose knowledge.

[Duncan Guthrie]

On 8 July 2016 08:51:00 BST, juri...@gmail.com wrote:
>I think programers have some kinda problem.
>They insist in trying to transform linux in something already is,
>something that wont bring windows users, just people into the IT world.

You do realise that most of us are not programmers? Just because we understand Qubes doesn't make us programmers. We use Qubes for general tasks because it suits us. Qubes is a general purpose operating system, albeit with some restrictions due to its unique design.

>So lemme tell you. I posted a HOW TO in a 300k people group this week.
>NORMAL people. Not what YOU think that are normal people. Not 3d
>pinters. Just a facebook group in wich i have 3k friends and lots od
>people read what i post. The thread had 700 comments. 99% OF PEOPLE
>WILL NOT INSTALL AND ABANDON WINDOWS IF THEY CANT FULLY USE VIRTUALIZED
>WINDOWS INCLUDING GAMES. AND MOST PEOPLE HAVE A DEDICATED GPU.
>Specially the new generation. They do not live without games. PERIOD.

If they want to use Qubes nothing is stopping them. But allowing GPU passthrough even more than now will destroy security. Then Qubes is just another GNU+Linux distribution. Can't these kids learn to compromise?

>Most will still KEEP their unsafe windows profiles for facebook, skype
>etc. With qubes they will CREATE new safe and isolated profiles for
>different purposes. If you had paid an expensive market research you
>would learn hat. Even canonical that HAS a good budget on this made a
>mistake to force people to change too much to use their product.
>Because of a single start menu button they wanted to EDUCATE people not
>to use.
>
>If you want to REMAIN WRONg, you
>
>- consider some kinda autistic thinking about to WHO is qubes directed
>with a limited mind about what are the activities of a NORMAL PERSON
>inside a computer.

You didn't need to say this. It stigmatises autistic people.

>
>- insist to ignore that people that pass from windows to linux are from
>16 to 26 years mostly and that their profile nowadays is of people that
>do not live without their games or their windows tools they used the
>whole life and that qubes must provide ALTERNATIVES of isolated use for
>things that APPEARS with profiles.
>

I know people who don't play video games heavily in this age group. They are quite knowledgeable about computers and not tethered to anything by games. And even if they were, they have a good mindset and are willing to compromise to protect their security. You criticised people on this thread for defining typical computing activities, and then make a generalised assertion about an entire age group based on your Facebook friends.

>- insist to ignore that qubes users has high end computers and that
>MOST has a second dedicated GPU
>
>- insist to ignore that most people WILL have a nvidia and that its use
>in dom-0 or dual monitor will compromise the qubes security.
>

For a start, I use a computer from 2008 (a ThinkPad X200) and it is below the minimal hardware requirements. It works fine, and is hardly high-end by today's standards. If I also recall, dom0 supports 3D acceleration as it has access to hardware, I'm not sure where you get the idea you need a dedicated GPU. There are efforts to make GPU more secure by putting it in a domain so it in theory has no access to userspace programs running.

>- insist in ignore that NOONE that has spent money in a dedicated gpu
>will retire the gpu.
>
>- insist to ignore that qubes is also not directed to office public, in
>office work, because qubes dont even have isolation for physical acess.
>I can not even go to sleep and leave some stranger into my computer or
>a girl with some gui menu that allows me to only release ONE vm for him
>to mess while i am away and lock all other vms. We have NO way of
>locking the acess to dom-0 yet and in a lock screen have button or a
>password to release one vm. That is an idea a had but in this stage
>with so many to do, is not a priority to isolate the physical machine
>from normal unwanted guests to acess
>
>- ignore that all the distros that WORKED outside it world has a MAIN
>reason that is providing a SMOOTH pass from windows to linux. wine,
>virtualization, etc. AND that more than 90% of people, not to say 99%
>if they are not from IT world will ONLY use windows WITH DUAL BOOT.
>

The IT world I assume is computer R&D and offices. If these people you refer to want games, then they should understand Qubes doesn't work for heavy gaming, as its design is to be secure. These people on Facebook who say they would switch, most will not. It is much easier not to. If they haven't switched to other GNU+Linux systems then they aren't going to switch to Qubes. Unless we let the games run in raw hardware (they are proprietary, incredibly complex, require many libraries) they won't be very fast. That would defeat the point of Qubes entirely. Tell your Facebook friends to run the games on a dedicated computer which has no sensitive information on it, and try Qubes on a laptop or something. Or just make a compromise and stop playing games while they install Qubes, without dual-boot, even for a few months.

I should also comment that you can play games on Qubes. For example you can play games in the repositories of the templates like The Battle for Wesnoth, Super Tux, Mahjongg. You can also emulate old console games. So these people just need to try new things.

>- if qubes provides a gpu passtrough will steal ALL users from ubuntu,
>mint and even from microsoft windows, specially if it provides
>information about WHY pass to qubes in main page reporting microsoft
>spy thing in main reason.
>

Unfortunately, people are not going to radically turn to Qubes if we allow full GPU access. It would defeat the point if Qubes and the games would still be slow (unless you allow the games full access to hardware), so Qubes would lose its unique strength of security through isolation. If people switch just because they want consumerist qualities rather than reasonable security there is no point at all in them staying after they find something more fun and easy to use. It would be short-lived popularity, one suspects. If they don't want spying but want heavy proprietary video games they are not being entirely realistic about the state of security on computers. That is why they should play them on a dedicated computer and then use Qubes for everything else. It's their choice.

>- even if the person has 1 monitor only, but 1 dedicated gpu, is a MUST
>to provide a way for him to DISCONNECT HIS PLUG FROM onboard where he
>will use his dom-0 to another vga port where he will use windows or
>even other linux vm. Intel CAN ALSO spy, but is LESS than nvidia. And
>since vga hardware CAN SPY, is main to understand that vga isolation is
>a requirement. Even if the person has not a main use for windows, just
>to secure a different vga environment for some machine he might want
>isolated.
>
>I will repeat. The qubes growing field is NOT to grab users from
>another distros. qubes future is conditioned to grab windows users with
>windows funtionality. period. And that includes dedicated gpu. Do not
>try to imagine things like 3d printers. And do not incur in the error
>to call a normal user that play games a GAMER like it is the main
>activity of a person and the only one in life.
>

I think Qubes is to grab people from anywhere, who want privacy. If we allow full GPU access to hardware, just for the sake of attracting 'gamers' then we defeat the point of Qubes and won't adequately protect privacy any more, it is sad to say, and then we would fail in the original purpose.

Look, Qubes is never going to cater to everyone. That isn't the point. Qubes is designed for people who value privacy and computer security. If people you know on Facebook don't, then what does Qubes offer them? Rather than make Qubes less secure in order to attract a wave of new people, we should try and make people value privacy and security more. Whether they use Qubes as a result of that isn't the point (as educating people about privacy is a worthy goal in itself), although there is a reasonable chance they might.

Hope that helps,
D.

[Duncan Guthrie]

I agree that installing the Nvidia driver is definitely not a good idea in dom0, and that Qubes shouldn't be recommending how to install the driver, but there is no need to be so mocking. It is their computer after all.

I definitely think we should remove that guide though. Nouveau supports almost all Nvidia cards, and Qubes includes the signed firmware required for the newer Nvidia cards. With Nouveau we can now have 3D acceleration in dom0 without the proprietary driver. From hardware support perspective we don't need to show people how to install proprietary driver in dom0, if they want to, can't they just ask on the mailing list? It is also bad for people's software freedom to support the proprietary driver. Thoughts?

D.

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/08/2016 10:40 AM, juri...@gmail.com wrote:
> Em sexta-feira, 8 de julho de 2016 05:17:54 UTC-3, Laszlo Zrubecz

> escreveu: On 07/08/2016 09:54 AM, juri...@gmail.com wrote:
>>>> Ah and just 1 more thing. Dont forget that a large part of
>>>> users has FAMILY that uses the computer. And family WILL keep
>>>> wanting to use windows. And wont allow people to change the
>>>> system if their fully working windows is not there.

> I did not like your tone and i will take that as an insult.

Sorry to hear that, because that was not my intention.

However I would never talked to you that way you did.



I'm only referring to your sentences like:

> And family WILL keep wanting to use windows. And wont allow people
> to change the system if their fully working windows is not there.

> 99% OF PEOPLE WILL NOT INSTALL AND ABANDON WINDOWS IF THEY CANT
FULLY > USE VIRTUALIZED WINDOWS INCLUDING GAMES

Those people will never ever be the target audience of ANY other
operating system. Because they not really need the SOLUTIONS that
Qubes can provide. They already sacrificed all the things Qubes can
give: Security and Privacy - in turn they can play games and use skype.


And all your thinking are around windows?? A commercial, proprietary
product of Microsoft. - Who the heck cares about that thing???


(I'm also using that OS anyway, but only for gaming on a SEPARATE machin
e)


This is an open source desktops solution. If ANY would care about
running windows under Qubes for real, why not managed to get a team of
programmers to make that work??

- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXf4ViAAoJEC3TtYFBiXSvKAcP/3adVRMei3RDo4Ji8F1b7gsm
Ldp0QdsipTGTosVIQ3ea+ucGnYwHUWrENAVL9SAOPCfGcu7Q4MOlbyAwqwy03eU/
vdN9/dSKLs4m9sfcS2tl7rvKsyYSN93kIKRGK48SsLmu+pQP1jXQ2Q6pltjGUg2y
wLEGU42bkLu2eFwV3XGEhCffbpWUPr41xGQH0nhj4HCUNJgVQUK6cve/hWG/Y3WT
wRX+n59EFt9N9Ot4dgKVYyWd79yVwtTr08cAFrNl7PaT51qQc+asb0CDac+sJ7FE
8HGktDt+uYiYsLqbjcsxsvLvFE3pB7LzR9FBS/NLCEFWnLlqz1x5qTkxZeFhrESC
BfkoFFCOrVeTVtwdpe0Q1/VqVeSdVGx0bLWDQDLuQQVLiZZFW8I6z1M6qnNSOpA6
rZ4VsI+2O+xL239rM3Z2yA3M6odvDCHFRoWbD/be1bWZzwe1Kh/VUC/y8LN7zi5u
G3cZLNzxy/GSpEFrmMgfKxvyI19/YGvvO4P4icuglsjwsHMNpaO0IU8KDaSgRJn+
3mHOK/8odIyJYh8bgQtYtA2S92EzwOaRxW2qwjrOxfr4DNqyRYKLRiP0W2f4cvQi
t4E+TF/qrv0td4utlVtBDw8smOPaDaz7koW0Sbb90kxfujN9xmEc84cgcwRWBGkH
kYTtnzJEf0UKXCKDRGNv
=0d0k
-----END PGP SIGNATURE-----

[Laszlo Zrubecz]

On 07/08/2016 10:56 AM, juri...@gmail.com wrote:

> Install nvidia proprietary driver on dom-0 and be happy with the huge security it will provide!!!! And "BE HAPPY" like he is!!!
> Dont forget to remove the security warnings about installing those drivers from the page. Oh, there is none. Cool.
>
> I am glad someone so smart came to tell how to "be happy" now!!! Thats what you do when you have a gpu. Don`t isolate it to use, just use in dom-0! great!

Seems, you have absolutely no clue about Qubes, Xen and virtualization
in general.


--
Laszlo Zrubecz

[juri...@gmail.com]

And you, about humans. You have such a limited mind...
If you wanna change to a "ad hominem", let`s see what you wrote here:

https://groups.google.com/forum/#!topic/qubes-users/tKOVanAupFE

=======================

feature request: luksAddNuke
How difficult would it be to implement Kali Linux's luksAddNuke patch to
Qubes, ideally on a per-VM basis?

https://www.kali.org/how-to/emergency-self-destruction-luks-kali/

Suggested operation:

password 1 -- decrypts drive, normal operation
password 2 -- nukes a predetermined list of VMs
password 3 -- nukes the whole disk

Laszlo Zrubecz
17/02/15
Re: [qubes-users] feature request: luksAddNuke
Just wonder what situation called this feature to reality?

The only one I can imagine is if your data worth much more than your life.

==================================

So, you CAN NOT IMAGINE a situation where someone would need to nuke a list of VMs? lol. There are DOZENS of situations. Anyone could name a lot BUT YOU. I had a friend that had to give his key in an airport... Noone did copy his Hard Drives lol. He just had to let them in to examine. Last Week, a good friend of mine.. His wife found some lipstick in his clothes and made him turn over his facebook password and his veracrypt full disk encryption password. If he was a qubes user, he would had a profile to speak with his lover. And would want a password to nuke some specific vms. In your short sized mind, common things are beyond your imagination. Just hollywood CIA scenes.

Dude, i think the only thing about isolation you proved to know is that you managed to have an isolated mind. Isolated from common sense. And, i am sure, isolated from the real world, since you have zero common sense.

If you think is better to let people install nvidia drivers in dom-0 to make the system work is better than provide gpu passtrough... Assuming that anyone will have onboard video too... And that think otherwise is to "have absolutely no clue about virtualization"... What can i say?

There are A LOT of people that ARE INTERESTED TO INSTALL QUBES but ONLY IF they can bring their windows with them... With their games, their working skypes, their capture screen devices... The world uses WINDOWS, there are not just GAMES using gpus inside windows. When you say "they are happy there, leave them there" with a lack of judgment of that huge size, i think to myself that the task is not to enlighten you about ONE subject, but to fix your mind kernel.

How to teach you that the WORLD that USES windows is LOOKING for security? How to tell you that there are Billions of people out there using android and windows and depends on them for a lot of things? You seem to know nothing about them.

Just to name ANDROID EMULATION... The best and safest one is in ISOS to be used inside a VM... But you will not find not even 10k people in the world using it. Someone made BLUESTACKS using the computer gpu power... They have HUNDREDS OF MILLIONS users now.

GPU passtrough would bring a flood of users bigger than what you imagine, would release them from the hands of closed source, would bring the WORLD an incentive to open source security.

If we have to trust intel, that doesnt mean we must trust nvidia or throw away
our gpus in garbage, dude. Gpu passtrough is the ANSWER.

You have ZERO capability of understanding social enginnering. You proved that in every comment you gave until now. You can not even realize that nvidia FORESAW and BLOCKED acess when it detects is being in a virtualized environment. Why your "isolated inside qubes" mind think they did that? They work in a cartel. In a single battle front. You dont even understand why Linus gave a finger to nvidia in public. Why the fight and what is the game.

If you not even with a bomb in your ears can understand that GPU is nowadays the ONLY bottleneck that stops the flood from people coming into linux world, and that qubes would be the answer...

i will tell you something. If people saw an easy to install system, self proclaimed with the best disk encryption of the world, and with the ease of use of a virtualbox, and they could pass usb devices and gpu to there, you coudnt imagine how many would flood and how larger qubes project would become.

Go check ORACLE virtualbox or even VMware statistics... People use virtualization for security uses, but there will be 1 installing them on linux for 10k installing in windows. IF YOU WERE inside oracle, for example, you would say "nah, dont make a windows version, they dont care about security" or something, and would make them bankrupt. rofl.

But u made me think.. Is that all just ignorance or are you in someone pocket? Because this is a game of BILLIONS and NSA money flows anywhere you see a security software that would be "the solution". Or you just think that 1 person inside xen is served better than 1k persons insite kvm? (IF kvm were the answer what i think it not)

https://en.wikipedia.org/wiki/Usage_share_of_operating_systems

here. keep fighting among all distros for the 1,46% of linux users.
Not to forget that ANDROID virtualization is still a need. And NEEDS passtrough. is not hard...

https://www.reddit.com/r/pcmasterrace/comments/2z0evz/gpu_passthrough_or_how_to_play_any_game_at_near/

http://superuser.com/questions/895096/is-host-gpu-on-on-android-emulator-same-as-gpu-passthrough

wow... OUCH... 130 million users??? They did managed to pass the gpu INSIDE WINDOWS...

http://www.bluestacks.com/pt-br/index.html?__dlrd=1

Plus... Bluestacks is being PASSED BEHIND by other android viurtualization solutions... hummm... U know WHY?

Ima tell you: GAMES. GAMES made people go to bluestacks first and after to other solutions. See if people that WORKS with android virtualization will use the SAFEST solution inside like virtualbox for their work or if they will use a WINDOWS BLUESTACKS version that screws the hole system and makes the computer slow and filled with bloatware. Hmmm yes, that is right. They choose the SCREW YOUR WINDOWS version. Cause has gpu acceleration. ok.

In your mind, the 300 million people in the world using android virtualization should BE HAPPY there in their smartphones.

Plus, i had it. There is no point in enlightening you.
It is clear that you are against gpu passtrough. Not only you dont see the clear advantages, but you DO NOT SEE the security disvantages of not providing gpu passtrough. And EVEN IF you WERE right, what you are NOT, you wont never provide total security since intel has their microcode backdoors, since google and ISP tracks your different profiles, using the SAME IP, since NSA funds 70% of tor budget etc.

Maybe someone with vision appears and forks the qubes to a kvm and make it spread to the world. Maybe xen manage to do it. Those are maybes, but is clear that wont happen so soon. I also like to use skype, watch screens in conferences, and linux skype sucks and is full of limitations, plus i like my games, once in a while, so ima try kvm.

Ah, and dont forget to check this hundreds of windows aplications too. They all use gpu. Tell their millions of users to stay happy inside windows and to forget security or isolation. Nvidia needs to track what they do inside their computers too, imagine all those poor people using isolation, would be real bad for their security inside a dom-0.

https://www.nvidia.com/content/gpu-applications/PDF/gpu-applications-catalog.pdf

[Chris Laprise]

On 07/08/2016 12:27 AM, raah...@gmail.com wrote:
> I'm also confused, you say gpus are so insecure and that qubes is not doing enough to isolate them?

I don't think that's what I implied. But trying to be concise on a
complex subject can leave some people with the wrong impression, so I
apologize if I've left out too much.

Two issues with GPUs I'm assuming are that they represent a target for
malware (being a large computing resource), and also that when we try to
isolate them most do not respond well to bus commands that enable things
like passthrough (i.e. they do not 'behave' in IOMMU isolation).
Passthrough is also clunky, requiring at least another display output.
GPU virtualization is another way for domU apps to access GPU functions,
and it shouldn't require separate displays or secondary graphics chips.

> Excuse me for being noob but doesn't qubes not allow most gpu functions to go past dom0.

AFAIK, Qubes doesn't allow any GPU functions whatsoever from domU into
dom0. Qubes graphics are virtualized in a 2D, non-accelerated way.
Having limited developer resources, that is a good first step to making
the system secure and I'm glad it works that way--for now. But I also
realize that needs to be a transitional phase and to not remain the
status quo.

Graphics vendors are currently demonstrating GPU virtualization
technology that would make GPU utilization safe, inviting developers to
use it. ITL says this would take a lot of developer effort, however.

> And so you would rather have them in domu domains with similar isolation as the netcard vm (which has no choice) and you would feel that more secure? I'm no expert so dont' know if thats true. If not would even having the ability on machine make me more vulnerable even if not applying it myself? excuse my noobness.

Hmmm, no. I think the choice is to either leave the GPU in a privileged
domain such as dom0 and employ GPU virtualization to allow safe access
from domUs, or to improve in some way the current (impractical) practice
of isolating secondary graphics cards in domUs so that they actually
work when they're properly isolated.

> Most people also dont' have two gpus in their machine, which you imply would be the most secure way to use this feature? Only people I know of that do are gamers. If you do graphic designing and need to use special professional programs that require gpu processing I would recommend using a separate computer. But it seems this might be a feature in the future on Qubes. I wouldn't call it a priority though.

A lot of people have two GPUs and don't realize it. Even so, its not
like we are talking about great expense here: Even having access to
weaker GPUs could make a big difference in Qubes' power and usability.

> I think Qubes is fine for normal everyday users doing everyday tasks for home and office use. I can still edit photos, watch movies, create greeting cards, view almost any webpage. Only thing I can't do is play video games. And thats fine I have another machine for that, since i consider playing video games one of the most dangerous things you can do online anyways.

Projecting our own personal routines on the issue will probably not be
of much help. And I think I've already made the case against framing
this as a games issue; I'd urge the community not to look down its nose
on graphics in this way or we will find the world of graphics can stare
back at us more sharply. If it gets to the point where OpenBSD is
recommended over Qubes because the latter "can't do much" and "lack of
GPU virtualization sounds pretty insecure" then I think we'll be in real
trouble. :)

> Its nice that you have so much faith in Qubes and that it can stop all attacks, but that is unrealistic. There is still always danger when doing untrusted tasks even when using Qubes, even with its hardware isolation. People should realize what. Qubes themselves describe it as "somewhat" secure, meaning much better then a traditional os, but nothing is 100%.

That is always a factor no matter what we do with Qubes. But it seems to
me that the simple Qubes interfaces have already been used to enable
some pretty complex functionality "securely". I don't think it follows
that accessing GPUs through them necessarily incurs unacceptable risk;
but even if this is a possibility, it requires further investigation.
Since GPU manufacturers now have an incentive to not appear as an
element that undermines security (hence, the GPU virtualization
initiatives they're taking) there is a good chance that some reasonably
secure accommodation can be made for primary graphics.

The alternative is to endow Qubes systems with secondary graphics that
work nicely with passthrough. Currently, users can experiment with this
in a piecemeal fashion and likely meet with failure.

Chris

[Achim Patzner]

Am 08.07.2016 um 10:56 schrieb juri...@gmail.com:
> HERE!!! This is the perfect qubes solution according to this guy.

Whatever they prescribed you, please take your pills. You really need them.

To the rest: Could everybody please stop feeding the troll; some of us
had quite a busy week and it is bad enough having to catch up with this
list without having to wade through this kind of bullshit.


Achim

[juri...@gmail.com]

> I definitely think we should remove that guide though. Nouveau supports almost all Nvidia cards, and Qubes includes the signed firmware required for the newer Nvidia cards. With Nouveau we can now have 3D acceleration in dom0 without the proprietary driver. From hardware support perspective we don't need to show people how to install proprietary driver in dom0, if they want to, can't they just ask on the mailing list? It is also bad for people's software freedom to support the proprietary driver. Thoughts?
>
> D.

Duncan, nouveau is kinda bugged, new distros are starting to have this issues in their forums or add an NVIDIA or AMD option in their grub menu (nomodeset option), for example, check the small distro FATDOG 64 (puppy linyx) grub menu, for the problematic new cards that doesnt work with those old drivers anymore

[Duncan Guthrie]

Links, evidence?
Newer cards do work, with signed firmware, which Qubes includes. Look at the supported cards page on Nouveau.

D.

[juri...@gmail.com]

Sorry, got no links. But i have a nvidia gtx 960. Is not working with nouveau combined with my onboard intel in all distros. This last month i tested like 8 or 9 distros and i had problems with all. The only solutions are the proprietary driver or grub nomodeset. FatDog 64 has nvidia and amd options in main grub menu for problematic new gpus.

[Duncan Guthrie]

Oh, I see. This means Nouveau works, it is just that Fedora doesn't set the right GRUB options.
What you should do is raise the issue with Fedora as a bug. They will probably fix it.

Hope that works,
D.

[juri...@gmail.com]

Btw, i did NOT test to remove the combined gpus (onboard + nvidia) from bios and did not try to use exclusively just the nvidia. Maybe if i do that might work.
Qubes also gave problem in both UEFI and BIOS to install. I had even to disconnect my second monitor to install, or else i saw some writings in a black "DOS" screen with a green "taskbar" in working menu and the graphical installer was sent into the nvidia problematic monitor.

Nvidia has a new "CAPTURE SCREEN AND STREAM" dedicated function to help people to stream their games without a drop in the FPS. I was VERY suspicious when i saw that function. Plus, they install nvidia network.

In the end, they started to FORCE people to use GEFORCE EXPERIENCE to deliver driver updates. Check in these comments how people reacted:

https://forums.geforce.com/default/topic/885587/forcing-us-to-use-geforce-experience-/

It is amazing how many enemies nvidia is doing with this "you do what i want i dont care if you like" posture. Thats why i do not trust nvidia at all.

Plus, i leave my windows comodo firewall in paranoid config, and nvidia try to communicate with several processes to several ips spread around the world all the time.

Thats the main reason i would NEVER let nvidia inside a linux host. Specially with their proprietary drivers and their "telemetry" terms of use that allows them to spy on you, thats important to remember too.

The only "most secure" approach is to run the host inside INTEL (we have to trust their intel hardware like it or not, since they can install ring-0 backdoors with deniability) to ISOLATE nvidia and let it see ONLY one virtual machine we choose to use with passtrough, but NEVER use the newer cards in the main system.

So, i would like to use a good GPU in my good desktop. But would not like to dedicate it to be spyed. And i do not recommend anyone to use nvidia inside qubes, not even with nouveau. UNLESS with a passtrough in a SEPARATED monitor.

[juri...@gmail.com]

Achim. Don't forget YOU are the homosexual, NOT ME. That's a mental disease, doesn't matter if for political reasons was removed or not from disease list.

By the way, you are not THAT secure, are you? Too bad for you there are no pills to heal your condition. That kinda porn can get you in jail, you know?

lol "pills"; right. Listen, communist: Do NOT forget that it is YOU that got medicated because of depression. If you have nothing to say about the matter, BE QUIET. Or get back to your pills. I never needed them.

And NO, i am not "trolling", this "security expert" noob got hacked by a friend of mine, and was discovered he is gay and communist. Back to YOUR pills, depressed noob. They record everyone that takes those pills, do you know that? pffffff

Thanks Marek, Andrew Wong, Chris Laprise, Niels, and Duncan, for your usefull and smart comments.

Achim, if you have nothing to say about nvidia in dom-0 and it's telemetry, just remain quiet. I do not like gay people anyway.

For Qubes, is a great and secure alternative for computers without nvidia gpu. Maybe the BEST. But i concluded that WITH nvidia, kvm passtrough is more secure than Xen.
Compared with the nvidia spy telemetry and the need to use proprietary drivers, the bigger kvm code poses a smaller treath.

We are FORCED to use USA hardware anyway. When USA forced companies to start using CLOSED source in hardware (yes, that was forced), IBM was against and they made a deal to boost it for the agreement. They changed the RIGHT and for the first time you buy a closed box without the right of being proprietary of all inside.

Since that, things went worst, until the LAVABIT incident where i saw and checked USA laws and saw that they are doing this with hardware companies too. And they must agree by the power of usa law. So, you will not escape usa spy if you usa usa hardware. But nvidia went too far.

I will still use a computer with nvidia, but isolate it. Can`t do it in qubes. Moving to KVM. Thanks to all.

[raah...@gmail.com]

I find the opposie. nvidia drivers on the latest de's have all sorts of screen tearing issues and fullscreen flickers due to compositing effects. the noueveau drivers have no issues though.

[raah...@gmail.com]

I should of said regarding my card 650 ti, which just might be too old now. But I've always liked linux distros because it didn't force me to ugprade my hardware all the time, maybe things are changing...

[raah...@gmail.com]

On Friday, July 8, 2016 at 3:54:30 AM UTC-4, juri...@gmail.com wrote:
> Ah and just 1 more thing. Dont forget that a large part of users has FAMILY that uses the computer. And family WILL keep wanting to use windows. And wont allow people to change the system if their fully working windows is not there.

I've converted family members from windows to qubes, its not hard. They don't play games. Just had to teach them how to update, compartmentalize certain tasks to sepcific vms, how to attach usb block device. You don't even need command line to do anything in qubes.

[raah...@gmail.com]

> A lot of people have two GPUs and don't realize it. Even so, its not
> like we are talking about great expense here: Even having access to
> weaker GPUs could make a big difference in Qubes' power and usability.
>

> Projecting our own personal routines on the issue will probably not be
> of much help. And I think I've already made the case against framing
> this as a games issue; I'd urge the community not to look down its nose
> on graphics in this way or we will find the world of graphics can stare
> back at us more sharply. If it gets to the point where OpenBSD is
> recommended over Qubes because the latter "can't do much" and "lack of
> GPU virtualization sounds pretty insecure" then I think we'll be in real
> trouble. :)
>

You are right, happened to me once when I didn't realize I had onboard gpu on my system when I could of used it until it was too late.

Well I dunno man, I only would need gpu passthrough for gaming. Maybe thats my personal reasons, but I'm sure that is the reason for most people. Do I really live in a bubble? I'm not so sure. I guess the only other reason would be now that you mentioned the 3d printing and VR. Although I don't think many people are doing that even though its always interesting news. And imo, although I'm no expert, exposing hardware more to do that, even if isolated in some way, feels like more of a security risk to me.

I remember the reading the forum arguments pax team had with joanna online, and one was so what if the vm is isolated. The one actual fact besides spenders usual temper tantrum ranting, for claiming it was false sense of security, was when he talked about exploiting the gpu for persistent compromise. That was his only poc example he had. And thats not even considering the gpu passthrough and 3d rendering you are calling for.

And I know i'm very paranoid, but sometimes I think people ask questions on the forums on how to do things that qubes was not designed to do, or want certain features added, to make it easier for them to hack qubes users. LMAO. I know I will get flamed for saying that, but its how I feel sometimes. Maybe because I'm a noob, but I feel like the more abilities and features we give qubes the more attack surface we give it, which defeats the purpose of even using it. If people can't give up gaming to use qubes, then they don't care about serious security on the machine anyways, imo. But like i said I don't know the technicals really of how isolation works in qubes and I'm talking out of my ass, so maybe I'm wrong.

[raah...@gmail.com]

This conversation also reminds me of one of the devs that left the qubes-whonix team. Because he said the project "is becoming less about privacy and security, and more just about cool tech" I think this is thread is an example of that.