Small Templates

[Drew White]

Has anyone managed to work out a miniature template that works for Qubes with all the additions?

I'm just talking about super small versions.

Are there any versions that are nice and small?

Has anyone got pfsense working properly with Qubes?

[awokd]

On Tue, April 17, 2018 12:32 am, Drew White wrote:
> Has anyone managed to work out a miniature template that works for Qubes
> with all the additions?
>
> I'm just talking about super small versions.
>
>
> Are there any versions that are nice and small?

fedora-minimal is pretty minimal!

[Drew White]

it is minimal in what it thinks is minimal, but it is still not nice and small, or what I asked about "super small"

[799]

Drew White <drew....@gmail.com> schrieb am Mi., 18. Apr. 2018, 02:10:

On Tuesday, 17 April 2018 22:22:35 UTC+10, awokd  wrote:

(...)

> fedora-minimal is pretty minimal!

it is minimal in what it thinks is minimal, but it is still not nice and small, or what I asked about "super small"

You could take a look what is installed on a Qubes fedora-minimal template using dnf list installed and then remove everything you don't want.

Further reading:

https://docs-old.fedoraproject.org/en-US/Fedora/25/html/System_Administrators_Guide/sec-Listing_Packages.html

Or - in case you have already a running version of your preferred super-minimal (I think the name "fedora-nano" or "fedora-core" would be great) - you check which packages are installed there and compare it to the fedora-minimal template, then you know which packages you need to look at.

Make sure not to remove important qubes packages.

Out of interest:

What do you thing is the benefit of running a minimal fedora minimal?

Is it because of storage/performance capacity or because you think that this will ensure additional security? 

[799]

[Drew White]

On Thursday, 19 April 2018 02:17:54 UTC+10, [ 799 ] wrote:
> Drew White <drew....@gmail.com> schrieb am Mi., 18. Apr. 2018, 02:10:
> On Tuesday, 17 April 2018 22:22:35 UTC+10, awokd  wrote:
> (...)
>
> > fedora-minimal is pretty minimal!
>
>
>
> it is minimal in what it thinks is minimal, but it is still not nice and small, or what I asked about "super small"
>
>
> You could take a look what is installed on a Qubes fedora-minimal template using dnf list installed and then remove everything you don't want.
>
>
> Further reading:
> https://docs-old.fedoraproject.org/en-US/Fedora/25/html/System_Administrators_Guide/sec-Listing_Packages.html
>
>
> Or - in case you have already a running version of your preferred super-minimal (I think the name "fedora-nano" or "fedora-core" would be great) - you check which packages are installed there and compare it to the fedora-minimal template, then you know which packages you need to look at.
> Make sure not to remove important qubes packages.

Pretty much, remove anything and it removes the Qubes stuff.

>
>
> Out of interest:
> What do you thing is the benefit of running a minimal fedora minimal?
> Is it because of storage/performance capacity or because you think that this will ensure additional security? 

I don't want an insecure system that crashes every 5 seconds, so I want one hat has no SystemD. Until then, smaller template.

[cooloutac]

ya but the thing about Qubes is the software is considered insecure in the first place. and if your system is crashing every 5 seconds thats super suspicious. and beauty about Qubes is being able to quickly wipe and reinstall a vm or template. the more super custom you go the more tedious that becomes.


as far as no systemD well thats gonna be super tough. It seems you do alot of tough work setting up your Qubes but it seems qubes is designed to be default and universal in mind. but its funny seeing other fsf guys on the forums who don't want secure boot but not mentioning how much worse all software is. I mean I don't know what your reasons are for not trusting systemD, but the same fingers are in all the gui's prolly too.

[Drew White]

On Thursday, 19 April 2018 20:36:36 UTC+10, cooloutac wrote:
> ya but the thing about Qubes is the software is considered insecure in the first place. and if your system is crashing every 5 seconds thats super suspicious. and beauty about Qubes is being able to quickly wipe and reinstall a vm or template. the more super custom you go the more tedious that becomes.

Exactly, but I still want less software so I have better software on there as I would build my own software to take over most of the functions.
I'm also replacing most of the python scripts too, because they are so cumbersome it's not funny.

It isn't crashing literally every 5 seconds, it's an exaggeration. Well, for most of my PCs, I did have one that crashed when starting EVERY TIME.

> as far as no systemD well thats gonna be super tough. It seems you do alot of tough work setting up your Qubes but it seems qubes is designed to be default and universal in mind. but its funny seeing other fsf guys on the forums who don't want secure boot but not mentioning how much worse all software is. I mean I don't know what your reasons are for not trusting systemD, but the same fingers are in all the gui's prolly too.

Yeah, SystemD is just insecure and super vulnerable. When SystemD crashes, the whole PC freezes. That's why init and sysv was so much better, because they started everything properly and separately. They did it the right way.

Well, we can only hope that people realise and thus start moving back away from SystemD in the near future.

[Manuel Amador (Rudd-O)]

On 2018-04-19 00:50, Drew White wrote:
> I don't want an insecure system that crashes every 5 seconds, so I
> want one hat has no SystemD. Until then, smaller template.

It pisses me off whenever you post because you always post destructive /
nonconstructive nonsense such as this one post above this line (among
many).  You're using Fedora / Debian templates.  They use systemd (learn
to spell it, it isn't SystemD, that means a completely different thing
related to an economic population in Southeast Asia).  Deal with reality
or use something else.  And, quite frankly, I don't know what the fuck
is wrong with your computer -- I haven't had a system crash in months
while using Qubes OS, and I haven't had a systemd-related crash in Y E A
R S.  Literally YEARS since a systemd bug caused a kernel panic (because
that's how a systemd crash looks like, it's an init-related panic).

You, Drew, specifically you, always have complaints, but almost never
ever do you have solutions.  Most of your blame-assigning is entirely
fabricated and political.

So how about you start coding something that will replace the work
others have done, and then post it as a pull request?  Maybe if you
don't want to code, then you can plonk a good amount of cash for people
to code what you want.  But I, sure as iron, do not want you to continue
polluting and poisoning the environment with your useless complaints and
non-suggestions.  Every time I open the mailing list, you're there,
making useless comments or destructive quips.  I'm so, so turned off by
your destructive participation.

Thank you in advance for your courtesy in either stopping your posting
or contributing working code that (1) will be useful to others (2) will
be accepted either in Qubes OS or upstream (3) will be less whiny and
more constructive.

Enough!

--
Rudd-O
http://rudd-o.com/

[Drew White]

1. Read what I say.
2. Understand what I say.
3. How about you reply constructively like I ask about things instead of just attack like you do.
4. systemd is always running, it monitors everything, you obviously know nothing about systemd because you say it is ONLY relating to init.
5. If others actually asked questions then they would get helpful answers.
6. I would contribute if it was Pascal instead of bloated Python, which I don't know enough about.
7. I am constructive, but people, like you, just don't read what I say the way I said it and mean it and so you take it the wrong way.
8. Nothing is wrong with any of my computers, there is something wrong with systemd.
8. I am building a non systemd version, but not knowing enough about python YET it is taking time, but I am putting in the time, since very few others in Qubes Forum here reply to most things. Or else they aren't coders.
9. Start reading Rudd-O, you always have had issues with me, and attacked me just because you wanted to. So go away and stop replying just to attack me.
10. Would be appreciated if you pull your head out of your arse, pull your head in, and just start replying normally.

[Drew White]

On Saturday, 21 April 2018 11:56:04 UTC+10, Manuel Amador (Rudd-O) wrote:

> I haven't had a system crash in months
> while using Qubes OS, and I haven't had a systemd-related crash in Y E A
> R S.  Literally YEARS since a systemd bug caused a kernel panic (because
> that's how a systemd crash looks like, it's an init-related panic).

That only means you don't do enough to push Qubes hard enough like I do.

[Drew White]

On Saturday, 21 April 2018 11:56:04 UTC+10, Manuel Amador (Rudd-O) wrote:

> On 2018-04-19 00:50, Drew White wrote:
> > I don't want an insecure system that crashes every 5 seconds, so I
> > want one hat has no SystemD. Until then, smaller template.
>

> They use systemd (learn
> to spell it, it isn't SystemD, that means a completely different thing
> related to an economic population in Southeast Asia).  Deal with reality
> or use something else. 

Take your own advice, be constructive not destructive. All you did was attack, all you had to do was politely correct my error from other peoples mis-spelling of it. All you EVER do is attack me.

> You, Drew, specifically you, always have complaints, but almost never
> ever do you have solutions.  Most of your blame-assigning is entirely
> fabricated and political.

I complain because I provide solutions and they are not taken.
All I get told is that they aren't an issue when they are.
Even when I give logs and proof I get told it isn't a bug even when it is.

So I complain, and I don't try to give evidence or help or anything until it is requested.

You should have left me blocked.

Now block me again and get the hell out of my life.

[Ivan Mitev]

FWIW I've been using Qubes *exclusively* for the past 2.5 years and I
probably had less than half a dozen crashes over that period, which is
consistent with what I had with plain Fedora before (and then the
crashes would happen because of exotic stuff like undocking/docking the
laptop while suspended, with many USB devices plugged and additional
screens, so they are probably not related to Qubes).

Except the usual mail/web surfing/office stuff I transcode videos, use
windows VMs with heavy CAD and 3d modeling software, or Fedora VMs with
QGIS and huge data sets, and I never had a system crash because of high
resource usage. Curious about you mean by "pushing hard", and if you
tried the same usage pattern that you get crashes with on plain fedora.

Re- systemd: I never had a crash related to it - be it on my Qubes
install or on the servers I administrate. With my experience as a
sysadmin I can tell you that systemd is a reliable, well thought out
collection of programs and thanks to it I don't have to write kludges to
work around deficiencies in sysV anymore. It takes a bit of time to
learn though, which is probably why people criticize it (leaving aside
conspiracy theories).

[Drew White]

I just hate that systemd being put into linux makes linux like windows.
That is the issue that made me start to hate it in the first place.

[Drew White]

On Monday, 23 April 2018 15:23:04 UTC+10, Ivan Mitev wrote:

> On 04/23/2018 07:32 AM, Drew White wrote:
> > On Saturday, 21 April 2018 11:56:04 UTC+10, Manuel Amador (Rudd-O) wrote:
> >> I haven't had a system crash in months
> >> while using Qubes OS, and I haven't had a systemd-related crash in Y E A
> >> R S.  Literally YEARS since a systemd bug caused a kernel panic (because
> >> that's how a systemd crash looks like, it's an init-related panic).
> >
> > That only means you don't do enough to push Qubes hard enough like I do.
>
> FWIW I've been using Qubes *exclusively* for the past 2.5 years and I
> probably had less than half a dozen crashes over that period, which is
> consistent with what I had with plain Fedora before (and then the
> crashes would happen because of exotic stuff like undocking/docking the
> laptop while suspended, with many USB devices plugged and additional
> screens, so they are probably not related to Qubes).

Yeah, it isn't very Laptop-Docking friendly (yet). But my issues are mainly with a workstation. My Laptop doesn't do it because I shut it down every night because of docking issues with Qubes.

Normally Qubes runs fine. But so much drive space is used. That's why I wanted some small templates without the "crap" that just consumes resources. The minimal template still has a lot.

So I was just hoping for a real minimal version of things. That was all this thread was about.

> Except the usual mail/web surfing/office stuff I transcode videos, use
> windows VMs with heavy CAD and 3d modeling software, or Fedora VMs with
> QGIS and huge data sets, and I never had a system crash because of high
> resource usage. Curious about you mean by "pushing hard", and if you
> tried the same usage pattern that you get crashes with on plain fedora.

I have 18 guests running most of the time these days on my workstation.
That includes the sys-net, sys-firewall, anon-gw, and many more.
They are always doing things and consuming RAM and CPU.
For windows I run XP through to 10. For testing purposes.
I have compilers running for compiling software.
I have browsers open running things from Debian and Fedora and Whonix.
I have 90% of my RAM used most of the time.
My CPU sits high usage, 75%+.

> Re- systemd: I never had a crash related to it - be it on my Qubes
> install or on the servers I administrate. With my experience as a
> sysadmin I can tell you that systemd is a reliable, well thought out
> collection of programs and thanks to it I don't have to write kludges to
> work around deficiencies in sysV anymore. It takes a bit of time to
> learn though, which is probably why people criticize it (leaving aside
> conspiracy theories).

I've had my system freeze,and I wonder why.
I reboot and check my logs, and it's something that caused systemd to just stop working. and that was a bland install, and systemd stopped. everything runs under sysstemd, where it used to be everything was separate. so if systemd stops, everything stops. that is windows methodology. (That's when i lost interest in systemd and it has not changed.

[Ivan Mitev]

On 04/23/2018 09:45 AM, Drew White wrote:
[...]

>> Re- systemd: I never had a crash related to it - be it on my Qubes
>> install or on the servers I administrate. With my experience as a
>> sysadmin I can tell you that systemd is a reliable, well thought out
>> collection of programs and thanks to it I don't have to write kludges to
>> work around deficiencies in sysV anymore. It takes a bit of time to
>> learn though, which is probably why people criticize it (leaving aside
>> conspiracy theories).
>
> I've had my system freeze,and I wonder why.
> I reboot and check my logs, and it's something that caused systemd to just stop working. and that was a bland install, and systemd stopped. everything runs under sysstemd, where it used to be everything was separate. so if systemd stops, everything stops. that is windows methodology. (That's when i lost interest in systemd and it has not changed.

I see that you're upset with systemd but if I were you I'd try to debug
the cause of your problem and submit an issue/bug report so that fellow
users don't run into the same problem.

As a side note I didn't test to kill systemd (PID 1) but I sort of
expect that the whole system would go down if PID 1 "stops". It's not
different from sysV's PID 1 init.