Strategy: Qubes needs flexible automation more than other OSes due to its security-by-separation architecture: Should we initiate a cross-platform project?

[Leeteqxv]

Below is a Spinoff from "[qubes-users] When Wi-Fi disconnects, it fails to reconnect: How to reset the Network interface (conveniently) without restarting everything?"

(Ref. "I wish there was a magical menu entry that could do this:"
- "Enforce restarting sys-net/sys-Firewall and temporarily take down any open VM that are blocking the restart, and then subsequently start them all again afterwards WITH all the software that was running inside each one too...")

(To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9cd39d03-b9db-1a2a-a2ac-938031621b99%40leeteq.com.)

************

(If that is too much to ask for a script, then imagine the daunting task every time one has to do that manually.)

Qubes has a deeper motivation for this kind of automation than other OSes due to the consequences of security dilemmas stemming from the separation of tasks/VMs etc.

Maybe Qubes does not have a choice, but to actually tackle this challenge at it roots.

If I am right about that, then we can look at this from a strategic point of view, as an oppurtunity to take the lead:

The above linked other issue is a good example on exactly what we want a computer to automate in general.

The world does not need the (overhyped) "Artificial Intelligence" developments so much as really flexible automation like this example. We are far away from creating anything intelligence-like, but these automation bits are well within our reach even without any "A.I."

Because we are all in the same boat regarding all the dilemmas, caveats and workarounds in the struggle to stay as secure as possibl as convenient as possible, Qubes has a unique challenge that is much larger and much more deep felt than any other OS users has: for a workable interface to this kind of automation.

Maybe an opportunity or potential benefit lies within this challenge:

Could we invite A.I. developers into a cross-platform Linux project that aims at providing tools to let users manage, configure, schedule, etc. automation like this through the GUI, so we make sure we are at the helm of such developments and thus have even greater influence to affect its direction to cover our (extra) needs?

- LeeteqXV

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-22 20:00, Leeteqxv wrote:
> *Below is a Spinoff* from "[qubes-users] When Wi-Fi disconnects, it

> fails to reconnect: How to reset the Network interface (conveniently)
> without restarting everything?"
>
> (Ref. "I wish there was a magical menu entry that could do this:"
> - "Enforce restarting sys-net/sys-Firewall and temporarily take down any
> open VM that are blocking the restart, and then subsequently start them
> all again afterwards WITH all the software that was running inside each
> one too...")
>
> (To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/9cd39d03-b9db-1a2a-a2ac-938031621b99%40leeteq.com

> <https://groups.google.com/d/msgid/qubes-users/9cd39d03-b9db-1a2a-a2ac-938031621b99%40leeteq.com?utm_medium=email&utm_source=footer>.)

>
>
> ************
>
> (If that is too much to ask for a script, then imagine the daunting task
> every time one has to do that manually.)
>

> *Qubes has a deeper motivation for this kind of automation than other

> OSes due to the consequences of security dilemmas stemming from the

> separation of tasks/VMs etc.**
> *
>
> *Maybe Qubes does not have a choice, but to actually tackle this
> challenge at it roots.*
>
> *If I am right about that, then we can look at this from a strategic
> point of view, as an oppurtunity to take the lead:**
> *

>
> The above linked other issue is a good example on exactly what we want a
> computer to automate in general.
>
> The world does not need the (overhyped) "Artificial Intelligence"
> developments so much as really flexible automation like this example. We
> are far away from creating anything intelligence-like, but these
> automation bits are well within our reach even without any "A.I."
>
> Because we are all in the same boat regarding all the dilemmas, caveats
> and workarounds in the struggle to stay as secure as possibl as
> convenient as possible, Qubes has a unique challenge that is much larger
> and much more deep felt than any other OS users has: for a workable
> interface to this kind of automation.
>

> *Maybe an opportunity or potential benefit lies within this challenge:*

>
> Could we invite A.I. developers into a cross-platform Linux project that
> aims at providing tools to let users manage, configure, schedule, etc.
> automation like this through the GUI, so we make sure we are at the helm
> of such developments and thus have even greater influence to affect its
> direction to cover our (extra) needs?
>
> - LeeteqXV
>

(Copying my reply from the other thread.)

You can simply change sys-firewall's NetVM to "none," restart sys-net,
then switch it back again. Sample script:

```
#!/bin/bash
echo "Restarting sys-net..."
qvm-prefs -s sys-firewall netvm none
sleep 3
qvm-shutdown sys-net
sleep 3
qvm-start sys-net
sleep 3
qvm-prefs -s sys-firewall netvm sys-net
sleep 1
echo "Done."
```

We don't need AI-level automation to solve this one. :)

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYXOO4AAoJENtN07w5UDAwY5wP/A+fF3sKSRZKULniV+JZ2NJu
UlmIjuSVJAm2Xz/Qad6aulbLJHCqq3krdDAzfB7l8GrvYQIWrvxmz2bVOHQR7Oyl
uwTWDRe58WJrb6fT0dacM+JIFypJJp1sD6yp+dQxOfVIPUREc6Y0YeMcz+ukJ9CG
Hp89XeAab5uwjXmQpLlcvPkXhSKtDDlG5J2BPEYsK7oQNUYG0/ckVX4k3DLJfVRS
7aT1cpIcchbM+UIszLhEILVd6REyS5lfNvzepqBIP6fr1gCY3v7GiOQspLdwDO7J
m8bv3RQIoX5V3QAF8o1388TnZmu0AgUoyQhphBSSAJ2C3WY8MQumTl+Zi+98a33a
LY2CDeyWMpYU4IDm4eGgtaik+hRuhMODKjtdXmcpGkMG1FxQA71/+enqxHXVg5u6
caPpXxGiQ76el7lc3R8TsmPN9yRNbQTyc+A2E6NgK3E7L6OUDhqV+D3bk78ci69T
UP51QEFpgud4HuEIPJwkNt5NRfR05RbAprwjC/fu5GwctvKSuoTcmjON+jDgJ5Fl
CBwhOwV8wLD5L6Qq0J1AO77F7BWiSFxt72Bmm7fYqE1X6PCpgiZbIgeX0cH2wACJ
uVM8RUL/lIGm9xtNN7KuSANHm4hBKiY6aDRofkSdK0Dz8A8zAXotzRHdaPKkhWjz
YYegni9DZLi9TLpMaDP/
=4xbS
-----END PGP SIGNATURE-----

[Jean-Philippe Ouellet]

On Thu, Dec 22, 2016 at 11:00 PM, Leeteqxv <teqle...@leeteq.com> wrote:
> (Ref. "I wish there was a magical menu entry that could do this:"
> - "Enforce restarting sys-net/sys-Firewall and temporarily take down any
> open VM that are blocking the restart, and then subsequently start them all
> again afterwards WITH all the software that was running inside each one
> too...")
>

> (If that is too much to ask for a script, then imagine the daunting task
> every time one has to do that manually.)

You mean like this?
https://gist.github.com/jpouellet/aaeecdf34b2d066371a5acfead978467/d23fcecb7150fa10921c54ba9dac9ed7f0e5c20a

But it is likely that you actually want this instead:
https://www.qubes-os.org/doc/wireless-troubleshooting/

> Qubes has a deeper motivation for this kind of automation than other OSes
> due to the consequences of security dilemmas stemming from the separation of
> tasks/VMs etc.
>
> Maybe Qubes does not have a choice, but to actually tackle this challenge at
> it roots.
>
> If I am right about that, then we can look at this from a strategic point of
> view, as an oppurtunity to take the lead:
>
> The above linked other issue is a good example on exactly what we want a
> computer to automate in general.

Or... we could focus on the massive backlog of qubes-specific problems to solve.

> The world does not need the (overhyped) "Artificial Intelligence"
> developments so much as really flexible automation like this example. We are
> far away from creating anything intelligence-like, but these automation bits
> are well within our reach even without any "A.I."
>
> Because we are all in the same boat regarding all the dilemmas, caveats and
> workarounds in the struggle to stay as secure as possibl as convenient as
> possible, Qubes has a unique challenge that is much larger and much more
> deep felt than any other OS users has: for a workable interface to this kind
> of automation.
>
> Maybe an opportunity or potential benefit lies within this challenge:
>
> Could we invite A.I. developers into a cross-platform Linux project that
> aims at providing tools to let users manage, configure, schedule, etc.
> automation like this through the GUI, so we make sure we are at the helm of
> such developments and thus have even greater influence to affect its
> direction to cover our (extra) needs?

There is already way more work to do than man-hours available.

[@LeeteqXV (Twitter)]

On 23/12/16 09:43, Andrew David Wong wrote:
> (Copying my reply from the other thread.)
> You can simply change sys-firewall's NetVM to "none," restart sys-net,
> then switch it back again. Sample script:
>
> ```
> #!/bin/bash
> echo "Restarting sys-net..."
> qvm-prefs -s sys-firewall netvm none
> sleep 3
> qvm-shutdown sys-net
> sleep 3
> qvm-start sys-net
> sleep 3
> qvm-prefs -s sys-firewall netvm sys-net
> sleep 1
> echo "Done."
> ```
>
> We don't need AI-level automation to solve this one. :)
>

Heh, so that was a bad example to throw into this suggestion, ok. :-)
Thanks for the script sample, will come in handy I think.

Regardless of this bad example, my suggestion stands:
I think there are good reasons / perspectives for why Qubes should
consider taking this kind of initiative.