Done with Qubes

[O K]

Thanks for all the help but I've been trying to figure out how to get Qubes running for months and I've decided it's just a giant waste of my time because every time I get one bug fixed, two more show up to take it's place.  I think it's a brilliant idea but it needs a lot of work and streamlining before it's ready for public use.  It's a shame because my privacy and anonymity online are a matter of my personal safety and it would be nice to have a secure OS.  TAILS is not a fully usable system either.  I will have to install Ubuntu.  Good luck, everyone.

[799]

Hello Oak,

O K <oak...@gmail.com> schrieb am Fr., 23. Aug. 2019, 02:39:

Thanks for all the help but I've been trying to figure out how to get Qubes running for months and I've decided it's just a giant waste of my time because every time I get one bug fixed, two more show up to take it's place.  I think it's a brilliant idea but it needs a lot of work and streamlining before it's ready for public use.

Maybe it's helpful if you throw in a list of what hardware you was using and which bugs was wasting your time.

This would allow two things:

1) warn other users, not use Qubes (sarcasm)

2) allow others to fix bugs

Or do mean you just want to run one (1) Standalone Ubuntu in Qubes?

Which shouldn't make a big difference vs a baremetal Ubuntu installation.

[799]

[Sergio Matta]

Thanks for all the help but I've been trying to figure out how to get Qubes running for months and I've decided it's just a giant waste of my time because every time I get one bug fixed, two more show up to take it's place.  I think it's a brilliant idea but it needs a lot of work and streamlining before it's ready for public use.  It's a shame because my privacy and anonymity online are a matter of my personal safety and it would be nice to have a secure OS.  TAILS is not a fully usable system either.  I will have to install Ubuntu.  Good luck, everyone.

I suggest you to keep trying. I am using Qubes since 3.2. I spent many months to know it. Today, if there is any bug, It does not bothers me.

I have specialized templates, the -srv runs my docker services, the -data keeps all my data, the -app runs my personal, the -wks runs my work and -sec runs banking and crypto things. Bind-dirs keep my data servers isolated.

All templates and windows - with sound but I do not like games - runs very fast using SSD with my old DDR3 AMD motherboard. It has auto initialization procedure.

I keep my configuration files, installed programs list and data saved with timeshift. Easy and fast to reinstall.

There is no chance I return to traditional linux anymore.

[Jackie]

O K:

Hi,

Qubes definitely has a learning curve, but i think it's worth it (and
i'm definitely no linux expert).

But if you don't want to use qubes, one thing you can do for better
security and privacy is install debian/ubuntu and use non-qubes whonix
(you can use virtualbox, which is pretty easy to use). You can have
multiple whonix workstations, and you can create other VMs like debian
as well to compartmentalize your workflows. A solution like this is more
insecure than qubes, but definitely less insecure than just using bare
metal debian/ubuntu for everything. You still get the benefits of
virtualization and compartmentalization, but without the extra security
features of qubes (i'd recommend not using the host os for anything
directly, and doing everything in VMs).

[scurge1tl]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



O K:

Dear oak2572,

I understand your sentiment about the issues rising during your usage
of the OS. You need a reliable and just working thing.

My 2 cents to this are simple, and it solved all my issues with
QubesOS. In my case it was simply a matter of hardware selected. It
can be tricky to select the right one, but we have the excellent and
updated list of supported HW. Im my case and for my use I am
absolutely happy with the Asus Zenbook UX305F. It is not a beast, but
is capable to run qubes without any issues.

I also recommended QubesOS to other friends and it ended up same way
as in your case - they gave up cause of need to heavily mod the
existing HW and its SW part.

If security, privacy, anonymity (you consider Tails too, right?)
matters to you, try to reconsider the HW you try to run the QubesOS
on. I am pretty sure this solves the issues fast and it will simply be
a breeze.

Good luck and fly safe!

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1jdNxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwZChAAjLQSzAqsX3nk6f1w4l2uFClGueXYtJZgKvyvP3TCOzaD5ZxzvXJLLgtr
5DyLUcQGJ4hX1xdIGkevPxQy05jz0swr8Bi+yJWJhrfza0GQvRvkVlDN9AkZ5cgu
6HBPDVi2IeZicWfKBAfr1ed+Onx/vmwbLqzqqFBs/f4/4U2VDJBfv52eX6NkGn/n
RIOT5UQ3pRBsig69HviXR9Awvuh231Ltxu/CCUdcwECWkZVEhNr62EAsMNPiyCoL
4ge8d62tY/AQD+EWvRLmPsfA6NEvSdzlyMuMFDZNn5CRFaRZnwzaVzdaq4DNaaXs
ST9/99WQAYkKSdogGa2Gm7jKg+uUynSHzCW85y+vJu4DIYpVB/8sllsCLWUMdmgx
ZLw/gDhPEredszfeixrQd3cLxe5ZyQrE0HCGmWR8X4ABkAA/VQs6tC39I5rwfUUU
98OHKrGh0aKEYYz9K9ESkPZH233+CyyOGaXXbUiaqtm6a41pEHQNcyICJEQUqR6O
lSm9nveZU+C7Ekd/VOUdckyd9cqcVNRidnAVw/DQseIBGSpVdJyxrpLFLYLdVowa
rIVnlf9UZ0LxsheqXzZmqkNIA3KtlBbvBDBPjkbqbjtlOGWDWC7UT4WYGzJkBRn8
G2w6IJ4WRr5S373y9+fi5+Fh7wHTk9+BlwH8mcWRXjH8F0VwkJk=
=oZve
-----END PGP SIGNATURE-----

[O K]

You mean I create a VM with Whonix OS installed (using virtualbox I'm guessing)?  I will have to research that, but yes I do need to use a VM, or multiple VM's.  I'd also like to find a way to use Firejail to sandbox whatever browser I'm using, if that's possible.

[Jackie]

O K:

> You mean I create a VM with Whonix OS installed (using virtualbox I'm
> guessing)? I will have to research that, but yes I do need to use a VM, or
> multiple VM's. I'd also like to find a way to use Firejail to sandbox
> whatever browser I'm using, if that's possible.

The whonix website has pre built images for virtualbox you can download
and install. You can run firejail inside whonix workstation too.

[Stuart Perkins]

Instream...

On Tue, 27 Aug 2019 11:39:06 -0700 (PDT)
O K <oak...@gmail.com> wrote:

>You mean I create a VM with Whonix OS installed (using virtualbox I'm
>guessing)? I will have to research that, but yes I do need to use a VM, or
>multiple VM's. I'd also like to find a way to use Firejail to sandbox
>whatever browser I'm using, if that's possible.
>

What I used to do before I found Qubes was snapshot my running VM's...have one just for "sandbox" like work. Whenever I shut them down, I would just revert to the snapshot. This ensures that the programs were not modified...similar to a Qubes template.

When a VM prompted for updates, I would revert to snapshot, do updates, take new snapshot. This way the chances of something sneaking in were minimized. Not perfect, but almost a model of qubes and templates. Multiple VM's for different tasks as well. When I discovered Qubes it was very familiar already.

Whonix comes in the gateway and browser VM's for VirtualBox too, and I even had that running on my home server before I went Qubes. If you play the same snapshot/update game with them you can maintain a reasonable level of security.

For persistent data, use an attached HD image which is NOT part of the snapshot, or some NAS serving VM which does nothing else.

Not perfect, but reasonable.

[pixel fairy]

didnt think you were still on this thread.

when im stuck on hardware or a workload that qubes doesnt work for, i usually do vagrant with virtualbox or kvm depending. its not as good, of course, so still be careful. use packer to make your vagrant boxes. 

github has a lot of great starting points to work from. when making your vagrant boxes, make sure you set the mic off in virtualbox, and, of course, disable clipboard sharing. you can temp make it single direction when copying passwords. you can script it with vagrant ssh and X11 commands (xsel / xclip). just make sure your using X11 and not wayland. eventually you'll have to adapt to wayland. they're may be a way to script it with vboxmanage. or virsh if your using kvm.

also remember to disable sym links with vboxsf, VAGRANT_DISABLE_VBOXSYMLINKCREATE=1 in shells start up files should work. 

firejail will be great with wayland. right now, working around x11 is a pain. i used xnest (xephyr) and that seemed ok. xpra was took flakey but maybe its better now. was years ago.

if you just want it for tor browser, heres their notes on using apparmor https://www.whonix.org/wiki/AppArmor#Maintain_Tor_Browser_Functionality

if you go with vagrant-libvirt, you can run vagrant/virtualbox in it with nested virtualization in case anyone sends you a virtualbox vagrant file. outside of nesting, the two tend to not play well together. should also work with vmware which is pretty solid in nesting.

[O K]

IDK, I'm a bit nervous about Whonix.  I know alot of people use it, but their info says it's put together by non-professionals in their spare time - not exactly a vote of confidence.  

On Friday, August 23, 2019 at 6:03:55 PM UTC-4, Jackie wrote:

[O K]

Do you think using Qubes off a live usb would help bypass some of my hardware issues?

[799]

O K <oak...@gmail.com> schrieb am Sa., 31. Aug. 2019, 15:17:

Do you think using Qubes off a live usb would help bypass some of my hardware issues?

I think that it might help just to try it out, instead asking, if it would.

We don't know which hardware issues you are referring to and this list is mainly about Qubes OS an not that much about helping finding an alternative if the topic is already named with "Done" with Qubes.

I would just download some other possible option and give them a try.

Before I found out about qubes I was running a Debian minimal with a customized x-windows which has Virtual Box installed, which was running my virtual machines.

For disposable VMs I used VMs, which had snapshot and ten revert to the snapshot.

Basically what you get is:

- a bit more security instead of a normal OS because you're using different VMs for different tasks

- more overhead -> full OS + VirtualBox which is more complex and has a larger attack surface and is therefore less secure

- much more manual overhead.

Therefore I would always go back to Qubes.

[799]