Networking
Drew White
Just wondering why my Win7 has only 100 Mbit networking instead of Gigabit?
Is there any way to make it gigabit in the vm?
When I only have 1 or 2 VMs running, to use only 100 Mbit out of a 1000 Mbit NIC is just wasteful.
Please help.
Thanks in advance.
Chris Laprise
That's just a description of the emulated adapter.
Chris
Drew White
That's just a description of the emulated adapter.
No, it's the physical speed of throughput of data actually.
I'm not talking about a descriptor, I'm talking about the actual speed.
Chris Laprise
https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/
Chris
Drew White
On Friday, 1 July 2016 12:03:24 UTC+10, Chris Laprise wrote:
HVM drivers do have throughput issues...
https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/
Do you have anything that is remotely current?
Drew White
I've seen several solutions so far, but they are so far out of date they are currently no longer working.
Drew White
Why is it so hard to just have the e1000 put in as well as the drivers?
Generic virtualisation in linux, virtualisation with virtualbox or vmware in linux or windows will always be able to work.
raah...@gmail.com
Are you connecting your win 7 to some other machine on your home lan? IS it even possible to get even 100mb let alone 1000?
raah...@gmail.com
> I'm confused, is this some vm network within your qubes machine?
>
> Are you connecting your win 7 to some other machine on your home lan? IS it even possible to get even 100mb let alone 1000?
Just to clarify so you are talking 100 megabits which is like 10 megabytes, roughly.
I don't think many people are using their qubes machine as a vm lan lab. I'm not sure devs had that in mind. That being said are you really using up 100mbits all the time?
On my machine using a full speed all the time my cpu becomes the bottleneck more then anything...
Drew White
Just to clarify so you are talking 100 megabits which is like 10 megabytes, roughly.
I don't think many people are using their qubes machine as a vm lan lab. Â I'm not sure devs had that in mind. Â That being said are you really using up 100mbits all the time?
On my machine using a full speed all the time my cpu becomes the bottleneck more then anything...
raah...@gmail.com
raah...@gmail.com
How can I check what max speed is set to on the different vms. So it doesn't just go by what the netvm can do?
Drew White
> I have an i5 machine with integrated nic and ssd, and using a full 100mbps will make it noticeably slower. But I guess if you have a powerful machine, why not.
>
> How can I check what max speed is set to on the different vms. So it doesn't just go by what the netvm can do?
Easiest way...
Run monitor on the netVM, or firewall VM if that is where you are at for the forking of networking.
Do the same on the netVM too if you want.
After that, create a file on another PC/Server that has a Gigabit NIC.
Create a 5 GB file. Or less.. Maybe on 500 MB needed. Or 1 GB to be on the safe side.
Perform a WGET on that file. Watch the speed in each window.
In the Firewall VM you will see the speeds.
In the NetVM you will see the speeds too.
Drew White
You can set it to kbits/s or kbytes/s for each location targeting to and from.
So you will start one, watch the speed, start another and another and another.
Drew White
No, the NetVM is the NetVM. It has the NIC on it.
Everything behind that has a virtual NIC.
And that's only a 100 Mbps NIC. An older Realtec driver based, not even the E1000, but reading on changing to that is doable, but can cause stability issues and other things can go wrong too.
So I'd rather have it done professionally by those that make and improve Qubes as best as they can, that way it's tried and tested and all.
To have the options there, having the option in the creation of the VM to set it to different NIC types would be good, so that I can then set one to 10 Mbps, another to 100 Mbps and another to 1 Gbps. That way they have their own maximum bandwidth available to them.
If they could also include a 1 Mbps and modem speeds too, 96 baud would be fantastic too. I know it's a bit outdated to have that, but it would be advantageous to be able to pick network speeds available to each guest.
So yeah, either a specific NIC, or a variable NIC. Then I could set it to whatever I wanted, or else just a 1 Gbps or 100 Mbps. I know there would be speed implications for having a variable and others in there.
Just a thought... That's why it seems a bit all over the place.
Drew White
This slow speed is just horrific when you are managing servers.
Takes forever to upload a 4 GB iso.
And to copy a file from the network to local, or vice-versa, takes way too long.
raah...@gmail.com
oh ok only way i knew of was cat /sys/proc/net/interface/speed thought maybe there was some similar way to check settings for the virtual nic's since it didn't work there.
I think Qubes is aimed more at everyday home and small business office users. But I guess if they want to reach corporate audience and corporate admins this is something that should be looked into.
Drew White
> oh ok only way i knew of was cat /sys/proc/net/interface/speed thought maybe there was some similar way to check settings for the virtual nic's since it didn't work there.
>
> I think Qubes is aimed more at everyday home and small business office users. But I guess if they want to reach corporate audience and corporate admins this is something that should be looked into.
On my NetVM I'm running bwm-ng.
I had 1 VM copying data out... running at 100 Mbps.
I had another one copying in... running at 100 Mbps.
I know it was because the data for each machine never went over 100 Mbps on their interface.
I then had 2 copying data out. both running at 100 Mbps.
Their VIF interface was 100 Mbps each, and the data on the external side was running at 200 Mbps (aggregate of the internals)
So my 1Gbps connection isn't even being touched.
I copied data from an external source to the NetVm that had the NIC, and it's throughput went up to almost 60 MBps. So that's about 480 Mbps. That's about half of what the whole system can do on that 1 NIC.
As expected, there is some degradation due to drive performance and the fact of the virtualisation and the performance the other end, as well as threads I've assigned to my NetVM and the threads available the other end too.
But all in all, I could be copying from 5 machines, and get all 1 Gbps used on my own NIC.
At home, on my HOME machine, I use Qubes a different way to here, but the fact is, the Network performance is really bad, even for home use.
Qubes is aimed at those that want security and performance side by side. It has most of that, just the network performance is lacking.
Many home users these days have Internet connections that are lower than 100 Mbps. But there are some that have 1 Gbps internet connections.
Corporate users OR home users, doesn't matter, the 100 Mbps network performance is just horrid.
I have 4 VMs running right now behind the NetVM.
They all use network at times. But when I want to use the network I want the network, not a slow connection.
Corporate users and other businesses, and us programmers want security. Home users, they don't really, not all the time, or very much at least. (from what I've seen and heard and been told when I've gotten people to use qubes)
Lots of home users, their children use the PC to play games and all under Windows. They don't want the virtualisation overhead or anything like that.
So you know...
I am a "small business office user".
So if it's aimed at me, networking isn't fast enough.
If it's aimed at me as a home user, networking isn't fast enough.
As a corporate GENERAL ADMIN that doesn't need much data throughput, then yes it's fine.
As a technical admin, too slow.
I think it just needs to be gigabit all the way through, and then just loadbalanced for the machines that are requesting data.
Even have the options for prioritising the data.
I want my Web browser to be second priority for data.
I want my movie watcher to be third priority.
I want my remote support machine to be first priority.
I want my dom0 update vm to be lowest priority.
All gigabit, all prioritised. everything then has it's place and knows it's place.
Andrew David Wong
Hash: SHA512
https://github.com/QubesOS/qubes-issues/issues/2160
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXgGwoAAoJENtN07w5UDAwPJgP/RpCkmOAHf9ZtXH+Jz3fTC0W
D6JEgtbW/Hz3+GS2+Jpro++BZg4hQaM3GTabJWGOqnClg4ubnEUZzbS8sKABj784
cn8ITQ2phHqkotjyDf6ONgzKzaOdBRppDoEKW5C4Yoeg+b8TWaA4c56SGVgiY2Sb
fRl8A3lUCDlgCNYwPo5fdgQ5gXr4HS42RDD8MSkau3vP+ONLAZnMPTEII2aDqu7Z
fWkd8LCDBEsECTGZWReKmFAeyDoLy3f34dhcswanKNYrmP2YP/HDsowXY9TDQmLa
nMi5O6vlmqyb7YfrF3UH890eeXBxBshaAzJnMTkeGAPQaWBZEO84/aM95gOgreYx
yPutYWGKCAZp4QY5J6rX+ILPqTGCiIY9mFIaMUCcGpBBOJx+CB20+dslEY3dyEiz
Yf0uOEITgdZuVa+EB5HRpIeu0/CrMsmjPbx/KLTT0L3iynOZs3Vtky+WY9d5hYTf
DZGep5PKAKIJral1aBlOCYSGPDvDGseiHqr9cc4SW+LGL2bih2aODag1nx+qWXFl
zabz7FtKo2s/QP1gxuyymcC09j06trSqmbOuE9Pt0xhg9YBFnCm9+DlDjYUFldhA
hpC0dFCPmyTRBnurfWPu6VGaqdlJHeGivH7/EmAtQRVjUqi+FTt/UK2domsvaLBM
K92v9jMKgkeLArcBcO1i
=4/J2
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Hash: SHA256
limit than your hardware. For example I get this:
[user@testvm ~]$ wget -O - qb/pub/bigfile >/dev/null
- --2016-07-09 14:10:19-- http://qb/pub/bigfile
Resolving qb (qb)... 192.168.191.16
Connecting to qb (qb)|192.168.191.16|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3320903680 (3.1G) [application/octet-stream]
Saving to: ‘STDOUT’
- - 100%[===================>] 3.09G 99.5MB/s in
33s
2016-07-09 14:10:52 (96.4 MB/s) - written to stdout
[3320903680/3320903680]
99.5MB/s is just about 1000Mbps
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXgOplAAoJENuP0xzK19csU4EH/0f/nNXwSJLzyoCMKZQbePDW
KIrenQZG/+Sn1O/g4XIqjCBZJEuoCM3n80BhBSRGCCZN1Ivt5S/1ioOyDnbd9WEo
m2Oe0AT4Jur4OYJYfmuGLAmq8h7XV/1gNZH5ofXvFzRfYUGNL5AxOP7208fdgROB
m2KcOgvL1DqJlDKkGuGOkRalY/3haRNxDc/cujlUKiM3nGAiBSHS92JJP78ysHZH
g4NMkuaNiPQlqfgl/K0IJT2s7xdAb0aB0SIU2GYq2DXuMEaIP65T99x9uIVn0Gyh
ntdvPVQ/C/EohMFgozu286rT1HkT6YLcmk+0P3drua2EU+9tMP6kor7Wo7BFaaM=
=OKnj
-----END PGP SIGNATURE-----
Drew White
> Replace your 100Mbps network card with a 1Gbps one. There is no other
> limit than your hardware. For example I get this:
>
> [user@testvm ~]$ wget -O - qb/pub/bigfile >/dev/null
> - --2016-07-09 14:10:19-- http://qb/pub/bigfile
> Resolving qb (qb)... 192.168.191.16
> Connecting to qb (qb)|192.168.191.16|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 3320903680 (3.1G) [application/octet-stream]
> Saving to: ‘STDOUT’
>
> - - 100%[===================>] 3.09G 99.5MB/s in
> 33s
>
> 2016-07-09 14:10:52 (96.4 MB/s) - written to stdout
> [3320903680/3320903680]
>
> 99.5MB/s is just about 1000Mbps
Drew White
Drew White
I have 2 x 1Gbps NICs.
1 is a broadcom that won't work in Qubes.
The other, from a NetVM that is connected to it, it works perfectly at 1 Gbps, as I stated earlier, but as soon as I use it from a machine BEHIND the NetVM, it's only 100 Mbps.
Drew White
I have multiple things monitoring the network activity, and it only ever gets to 100 Mbps.
Even if I have 3 running, there are 3 VIF+ interfaces running at 100 Mbps AND the external is moving data at the same speeds.
If you can find the resolution for it, I'd be very happy.
entr0py
-------------------------------------------------
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Drew White
> Driver?
Good thought, but no.
I check all that sort of stuff before I say anything generally.
Because if it was something as simple as that, then it would be easy to fix, but since it's NOT that, since it is only in the guests BEHIND the NetVM, then I know for a fact that it is NOT the NIC's driver.
It is in fact an issue with Qubes.
Marek Marczykowski-Górecki
Hash: SHA256
to FirewallVM (testvm -> sys-firewall -> sys-net) doesn't affect performance.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
FUbJVrrxJqKzLz9qtCAIF8BpoMdL3dmA/ATk011wK0pFW5XRAspcuMzJO+CEof/l
69TiL+EqY4NPrp24Nnr11kjMBmnbAC+++kdnfhirXkdglUqA3/5OhNtDEQuv5qQz
HxQBeULEvkjFSZtniUU3X4jIgV3vrJASJM3EJI0sJIWX68/xyr1V9euozeKHp2uK
TvcSua2v1zOzyjx8nVwO+hbzd8oKfcv1FOuBH7NPnJq4ek5ExGLp/JPzhUS0ienQ
IJ3xt6pTiG34tbNAEyWlrgofZgWSyh9zjSvlylGh8vgXVVzU9eTZ2/85SMa+vXg=
=/RHt
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Hash: SHA256
> On Saturday, 9 July 2016 22:13:30 UTC+10, Marek Marczykowski-Górecki wrote:
> > There is no other limit than your hardware.
>
> If this is true, then please, why is mine only 100 Mbps behind the NetVM when I have a 1Gbps NIC?
>
> I have multiple things monitoring the network activity, and it only ever gets to 100 Mbps.
> Even if I have 3 running, there are 3 VIF+ interfaces running at 100 Mbps AND the external is moving data at the same speeds.
ethtool eth0 - or whatever interface is named). Also check CPU
utilization during the transfer - maybe your CPU can't handle more when
passing data between VMs?
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
K/bD5llzZobeBIX3uM/PE5z54Rf87G74NwLdspx5Pg8WkiSKintmIgt25kwzqERR
MnTBZkvxVchdf1ysru6vjJVjKeSj7rYzEOEQuQy1DIj8Pt5RV793pBFvZb4vOMSV
U1Y5KEzn2xepROpxy0SJTUk2z2NVGK6h0pJtfyDLqCBC5cb3qDS08+7F0PECuuH1
oH2dr+lXbzYtWQ9qgh2euFQ2EjSn0LnjHbiHwFbiPJVErlaDTTarI0mfLfjE7qvC
a2DPIfyZuZflBPmiXLoq8Ail5v3DIgwAyqr/UfZxU90Pjcvg4QxfWqtui4masRo=
=kWJN
-----END PGP SIGNATURE-----
Drew White
> Check at what speed your connection was negotiated in netvm (sudo
> ethtool eth0 - or whatever interface is named). Also check CPU
> utilization during the transfer - maybe your CPU can't handle more when
> passing data between VMs?
-------------- NetVM - Fedora 23 ---------------
[root@**NetVM** ~]# ethtool enp0s0
Settings for enp0s0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised pause frame use: Symmetric Receive-only
Advertised auto-negotiation: Yes
Link partner advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Link partner advertised pause frame use: Symmetric
Link partner advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: MII
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: g
Current message level: 0x00000033 (51)
drv probe ifdown ifup
Link detected: yes
-------------- AppVM - Fedora 23---------------
[root@**AppVM** ~]$ ethtool eth0
Settings for eth0:
Link detected: yes
Drew White
> ethtool eth0 - or whatever interface is named). Also check CPU
> utilization during the transfer - maybe your CPU can't handle more when
> passing data between VMs?
I have xentop and bwm-ng running at all times to keep an eye on things.
NAME STATE CPU(sec) CPU(%) MEM(k) VCPUS NETS NETTX(k) NETRX(k)
AppVM --b--- 484 80.6 1048564 3 0 0 0
NetVM --b--- 200 58.0 1042420 2 0 0 0
NetVM can go at 1 Gbps with ease.
AppVM only goes 100 Mbps, roughly.
Drew White
> NAME STATE CPU(sec) CPU(%) MEM(k) VCPUS NETS NETTX(k) NETRX(k)
> AppVM --b--- 484 80.6 1048564 3 0 0 0
> NetVM --b--- 200 58.0 1042420 2 0 0 0
I should state, this is the HIGHEST that it got to, not the average for the CPU%
It would often fluxuate from lower up to there.
And as I had said, uses between 25% and 50% of CPU constantly on the NetVM.
The AppVM typically was 40-60 % during the transfer of data for this test.
raah...@gmail.com
Drew White
> Is it only windows vm's that have this problem?
Perhaps you missed what I said earlier, it's both, at least in Qubes 3.1 it is.
Just put 3.2 on here, and it seems to work fine for Linux.
around 40 MBps / 320 Mbps.
So whatever the difference in 3.2 compared to 3.1, it's improved.
Not to mention, I have less resources applied to the AppVM and NetVM than I did in 3.1.
raah...@gmail.com
So only a problem for windows vms in 3.1 but not 3.2? weird. Maybe you've done some configuration changes in 3.1 that messed things up. Maybe something happened with your router.
Drew White
> So only a problem for windows vms in 3.1 but not 3.2? weird. Maybe you've done some configuration changes in 3.1 that messed things up. Maybe something happened with your router.
Only a problem for Windows VMs in ALL of Qubes versions.
If you read what I said... "Just put 3.2 on here, and it seems to work fine for Linux."
As I said... LINUX.
Still doesn't work fine for Windows.
raah...@gmail.com
ok so what I said the first time then. Its only the windows vms you have problems with.
Drew White
> ok so what I said the first time then. Its only the windows vms you have problems with.
In 3.2, yes. 3.2 has about 500 different bugs that cause it to be close to unusable. (number exaggerated because I lost count at 137 sand couldn't remember if I'd counted specific bugs before or not)
In 3.1, which is stable, no.
In 3.0, no.
in 2.x, no.
raah...@gmail.com
lol, are you sure you are not creating problems for yourself? You would make a great beta tester, but it doesn't seem you are using qubes like a normal person.
Strange that it would work on 3.2 but not in 3.1. I wonder why that is. I was just guessing that it worked after you immediated testing after a fresh install. I'm sure if we gave you time on 3.2 you'd do something it on there too lmao...
raah...@gmail.com
*to break it on there too.
Drew White
>
> lol, are you sure you are not creating problems for yourself? You would make a great beta tester, but it doesn't seem you are using qubes like a normal person.
>
> Strange that it would work on 3.2 but not in 3.1. I wonder why that is. I was just guessing that it worked after you immediated testing after a fresh install. I'm sure if we gave you time on 3.2 you'd do something it on there too lmao...
lol, not at all. I'm using like a normal person actually.
I'm using it as a developer at work, and a normal person at home. I'm having the same issues when at work or home, whether I'm using it as a developer OR a "normal person".
I mean, I'm a user, not an end-user, when at home.
Qubes isn't really made for end-users anyway. It's too complicated for the general end-user.
And no, even on a FRESH INSTALL, it has the same issues.
Even when using a 4 Gbps NIC, it has the same issues in 3.1
Nothing broken or altered at all, and the issue exists.
So I'm not to blame for the issue. I don't know who/what is, but I know it's not me. (at least for this issue/problem [lol])
As a beta tester, I would be good, because I push things to their limits, unlike other people who just think "this is what it's mean to be able to do, I'll only do half of that".
So.. Please define "Normal Person"...
3.2 has some changes to it. The networking works perfectly from linux -> linux -> Network.
What is different I don't know, but it works. and it has the SAME CHANGES that I made in 3.1 to improve security and all. And it works fine.
Windows is the only one that has a 100 Mbps NIC inside Windows, instead of Gigabit.
raah...@gmail.com
Qubes really isn't that hard to use, but for some reason its got that stigma attached to it. Its different is all it is. Anyone who uses windows and doesn't need to play games can use it imo. I taught my family how to update qubes, attach usb block device from usbvm, use the different vms for different tasks, copy and paste, transfer files between vms. Its all with mouse and gui, whats the big deal?
I dunno I just wonder how you find 200 bugs lol. most people using qubes don't have such problems. When your a normal person you don't go looking for problems. As long as it can do what you want to do. All these problems don't seem to be the case for most users. Is there really a difference in networking between 3.1 and 3.2? I wonder what it is. You sure you using the best drivers? Maybe the kernel is the difference.
Drew White
> Qubes really isn't that hard to use, but for some reason its got that stigma attached to it. Its different is all it is. Anyone who uses windows and doesn't need to play games can use it imo. I taught my family how to update qubes, attach usb block device from usbvm, use the different vms for different tasks, copy and paste, transfer files between vms. Its all with mouse and gui, whats the big deal?
>
> I dunno I just wonder how you find 200 bugs lol. most people using qubes don't have such problems. When your a normal person you don't go looking for problems. As long as it can do what you want to do. All these problems don't seem to be the case for most users. Is there really a difference in networking between 3.1 and 3.2? I wonder what it is. You sure you using the best drivers? Maybe the kernel is the difference.
How do I find 200 bugs? I read the screen. I see what it says. I don't go looking for them, they just appear there. Just like the bugs in the Qubes manager that have been there since version 2.0 of Qubes, maybe even earlier, and they have not even been fixed, and yet I see them every say on my screen, often shows 100 times or more in one day... I don't see how a bug like that could be missed.
Yes, there does appear to be something different in the networking. Not to mention the KDE crashes in 3.2 whenever you change any settings in the Qubes Manager. What they changed I have no idea. but in 3.1 I can't get more than 100 Mbps from any Unix or Windows guest through a NetVM, but in 3.2, it all works find from Unix based guests, but Windows is still only 100 Mbps.
raah...@gmail.com
ok I owe you an apology man. You are probably right.
raah...@gmail.com
the list of problems for me keep growing also. I guess because I'm such a fan and want Qubes to be more mainstream its hard to admit. And even though Qubes is easy to use, you really have to walk on eggshells to not break things or keep them functioning properly. So I guess in that sense its not as user friendly as it could be.
For example i have to remember to shutdown all appvms or else it doesn't even shutdown properly and i have to hard power off. Or having to remember to unmount and detach block devices to avoid having to restart pc cause of error if wanting to re-attach them. (which happens sometimes anyways with multiple devices attached) Or loading or shutting down vms too fast which cause errors.
Then there are bugs that annoy me like firefox not being able to go fullscreen without freezing in Qubes. Or wake and suspend issues i'm not starting to have. And this is not even counting the random bugs that causes vms not to shutdown or templates not to update or qubes manager to crash.
So basically I'm very wrong to doubt your issues, because I have alot of problems myself when I'm not even doing anything as advanced as you. It seems Qubes is not easy to develop for and I imagine its a hell of alot of work for one guy. And its not your typical project that is basically just a custom debian. Its a whole nother thing altogether and I just hope it succeeds because I really do believe the whole idea and philosophy of Qubes is the future.
Drew White
> > ok I owe you an apology man. You are probably right.
You don't owe me an apology because there is nothing to apologise for.
> the list of problems for me keep growing also. I guess because I'm such a fan and want Qubes to be more mainstream its hard to admit. And even though Qubes is easy to use, you really have to walk on eggshells to not break things or keep them functioning properly. So I guess in that sense its not as user friendly as it could be.
I'd love for it to be mainstream, but the way it is, with bugs still from the beginning of Qubes, and version 2 and 3 in there, it's hard to get it to go mainstream.
I've told many people about Qubes, and then Qubes got changed in some way, and it broke, and they used it and asked me why I said that it was good when it was broken.
I've had version 3.1 for ages, and then 3.2 they bring out with Fedora 24 and KDE 5, which is so broken it just keeps breaking. That put off numerous people, fixing something that isn't broken instead of fixing what is broken and concentrating on that.
> For example i have to remember to shutdown all appvms or else it doesn't even shutdown properly and i have to hard power off. Or having to remember to unmount and detach block devices to avoid having to restart pc cause of error if wanting to re-attach them. (which happens sometimes anyways with multiple devices attached) Or loading or shutting down vms too fast which cause errors.
I've not had that issue since version 2.1 of Qubes. Back then it needed that, but since then everything shuts down correctly. But I've also edited templates to put my startup scripts in, put protection on, and more. So they don't take long to shutdown beecause I've removed stuff that takes forever to shut down/die/stop.
> Then there are bugs that annoy me like firefox not being able to go fullscreen without freezing in Qubes. Or wake and suspend issues i'm not starting to have. And this is not even counting the random bugs that causes vms not to shutdown or templates not to update or qubes manager to crash.
I have firefox full screen when I want it to be, in 3.1.
I find the wake issue is due to the manager and it's memory leak. Thus I've had to make my own cure for that, as usual, since I've had to for many other things too.
> So basically I'm very wrong to doubt your issues, because I have alot of problems myself when I'm not even doing anything as advanced as you. It seems Qubes is not easy to develop for and I imagine its a hell of alot of work for one guy. And its not your typical project that is basically just a custom debian. Its a whole nother thing altogether and I just hope it succeeds because I really do believe the whole idea and philosophy of Qubes is the future.
At work, I'm a coder and a developer. At home I'm just a standard user. And there are things I don't do, like YouTube and videos and all like that. So I'm actually not using as a "normal user", but I am a "normal user" when I'm at home.
Qubes is good, and it could be so much better.
The upgrade to Fedora 24 and KDE5, totally unnessicary. They never should have done that.
They could have had Fedora 20, and kept the repos somewhere. Then Just secured and kept it up to date with a stable system, instead of going unstable, even just for a candidate it's too unstable.
raah...@gmail.com
Ya debian still uses kde4. There is probably nothing kde5 can do better security or functionality wise.
Some people still have the shutdown issue. I had it on 3.0 and i believe on 3.1 also on two machines. I know Eva on the mailing list have the issue it depends on whats running. But I haven't noticed it lately.
Firefox only use to freeze full screen for me in 3.1 with fedora templates. But worked in debian and whonix. Ever since debian dropped the firefox weasel to firefox esr for some reason now on my machine it has same issue fedora always had in Qubes.
I have disliked fedora since fedora 20, Fedora 19 was a good one. But ever since then more and more unstable. And I think it was fedora 22 that introduced dnf which I dont' like and a whole lot of other problems. But I agree i have no problem with the older DE versions. I don't need the new fancy desktop themes or for my old hardware to become unsupported. And for new hardware like skylake stuff I'm sure they could just upgrade kernels and keep lts or older ones available.
Right now everyone is demanding gpu passthrough lol.
Drew White
> Ya debian still uses kde4. There is probably nothing kde5 can do better security or functionality wise.
> Some people still have the shutdown issue. I had it on 3.0 and i believe on 3.1 also on two machines. I know Eva on the mailing list have the issue it depends on whats running. But I haven't noticed it lately.
I mainly found that whenever I had the trouble, it was just an IRQ issue, Or else the rare, "the guest has shutdown but I have not been told" issue.
> Firefox only use to freeze full screen for me in 3.1 with fedora templates. But worked in debian and whonix. Ever since debian dropped the firefox weasel to firefox esr for some reason now on my machine it has same issue fedora always had in Qubes.
I hate any of the new firefox since 24, so I mainly use ESR myself, because it's one of the last ones, ESR24, that still has the COR$RECT options that we need and want. But I've never had the fullsccreen issue, on any system.
> I have disliked fedora since fedora 20, Fedora 19 was a good one. But ever since then more and more unstable. And I think it was fedora 22 that introduced dnf which I dont' like and a whole lot of other problems. But I agree i have no problem with the older DE versions. I don't need the new fancy desktop themes or for my old hardware to become unsupported. And for new hardware like skylake stuff I'm sure they could just upgrade kernels and keep lts or older ones available.
Exactly. I hate systemd. I hate wanky GUI stuff. I want functionality, not pretty crap. That was ONE of the things about the GUI they were going to have for the new manager, it lost 99% functionality, and gained 500% bloated graphics and lost realestate, not to mention the display of data that is good.
YUM is better than DNF.
The thing with that is... "qubes-dom0-update" runs.. and the firewall vm passes it from the YUM call to the DNF call.. Qubes didn't even remedy that when the templates were moved from 21 - 23.
KDE5 is laggy, jumpy, unstable, not user friendly, menu system sucks (unlike KDE4), crashes every 2 seconds, has issues with updates to itself, can't handle multiple monitors easily (only 2, I'd hate to see it with the 5 monitor combo)..
It has got more bugs than it fixed.
> Right now everyone is demanding gpu passthrough lol.
Why....? Why passthrough??? If they want that then they are NOT "normal users" which it's aimed at.
I have had GPU passthrough since Qubes 2.0. So I don't know what they are wanting it for when it's already there.
raah...@gmail.com
The shutdown issue for me I assume is something gets stuck and does not shut down properly, Cause it never happens when I shutdown the apps manually. Happens on all my qubes machines.
Interesting you don't get the fullscreen firefox issue I thought that also affected everyone and that they just use chrome or chromium lol
They want GPU passthrough for gaming, VR, 3d printing, some windows apps etc... I don't know if normal users or not but definitely not as serious about security or privacy. Unless there is actually some security benefit to having it. I'm too noob to fully understand that.
Drew White
> The shutdown issue for me I assume is something gets stuck and does not shut down properly, Cause it never happens when I shutdown the apps manually. Happens on all my qubes machines.
Weird. I have no resolution then for you regarding that. Do you have the graphical version off? Or do you keep the RHGB option for boot?
I remove the "rhgb" and "silent" options. That way I can actually see what is going on. Do it on yours, and then when you shutdown, it will tell you where the failing is. You can se eif it's locked, or just waiting, because if it's waiting and hasn't been notified that the guest has shut down, then it will not continue shutting down.
> Interesting you don't get the fullscreen firefox issue I thought that also affected everyone and that they just use chrome or chromium lol
Interesting. But I have an aversion to Chrome and Chromium. I hate those browsers with spyware, so FireFox ESR 24 is my limit.
> They want GPU passthrough for gaming, VR, 3d printing, some windows apps etc... I don't know if normal users or not but definitely not as serious about security or privacy. Unless there is actually some security benefit to having it. I'm too noob to fully understand that.
Then they should just attach the GPU to the Guest. simple. That's what I do if I want to have a passthrough.
raah...@gmail.com
I use kde. I just hit esc at the splash screen to see the boot log.
I've gone back and forth over the years, last time i went back to firefox was when they one again got caught with issue regarding mic and camera haha. Like they often do. But now i'm back to chromium after firefox was not in the latest pwn2own so i guess its a choice between privacy vs security? I use apparmor on both.
Regarding gpu its my understanding something still has to be for dom0? or at least that would be easier so user would need two gpus on the system at least an onboard and another pci plugin adapter. vms can attack each other and I consider gaming one of he most dangerous things you can do online nowadays. i'd say especially for fps games lmao, so i game on another machine keep qubes machine for everything else.
Drew White
> I use kde. I just hit esc at the splash screen to see the boot log.
KDE or not, it's Linux, I don't have RHGB or Silent on, that way wether it's boot or shutdown, I can see what's going on.
> I've gone back and forth over the years, last time i went back to firefox was when they one again got caught with issue regarding mic and camera haha. Like they often do. But now i'm back to chromium after firefox was not in the latest pwn2own so i guess its a choice between privacy vs security? I use apparmor on both.
Does it work well?
> Regarding gpu its my understanding something still has to be for dom0? or at least that would be easier so user would need two gpus on the system at least an onboard and another pci plugin adapter. vms can attack each other and I consider gaming one of he most dangerous things you can do online nowadays. i'd say especially for fps games lmao, so i game on another machine keep qubes machine for everything else.
That's where I have the advantage, I have 1 GPU that I have available for passthru. since I have 2.
But still, adding to an AppVM, means it's no longer assigned to Qubes, but when the VM shuts down, it's back in use by Qubes. So it's only removed from Qubes when it's running.
raah...@gmail.com
First things I've always done is take off quiet and disable ipv6 on bare metal linux grub. haven't bothered on qubes.
Ya chromium works good in qubes. I don't get the fullscreen issue. and default apparmor works fine with it too. You can see how to setup apparmor from whonix instructions, and use same method on debian template. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add some alias lines documented here > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as
raah...@gmail.com
woop forgot to ctrl shift c, here is instructinos for apparmor https://www.whonix.org/wiki/Qubes/AppArmor
raah...@gmail.com
apt-get install apparmor apparmor-utils apparmor-profiles the files are in /etc/apparmor.d
Drew White
> On Wednesday, July 20, 2016 at 9:59:28 PM UTC-4, Drew White wrote:
> > On Thursday, 21 July 2016 10:56:42 UTC+10, raah...@gmail.com wrote:
> > > I use kde. I just hit esc at the splash screen to see the boot log.
> >
> > KDE or not, it's Linux, I don't have RHGB or Silent on, that way wether it's boot or shutdown, I can see what's going on.
> >
> >
> > > I've gone back and forth over the years, last time i went back to firefox was when they one again got caught with issue regarding mic and camera haha. Like they often do. But now i'm back to chromium after firefox was not in the latest pwn2own so i guess its a choice between privacy vs security? I use apparmor on both.
> >
> > Does it work well?
> >
> >
> > > Regarding gpu its my understanding something still has to be for dom0? or at least that would be easier so user would need two gpus on the system at least an onboard and another pci plugin adapter. vms can attack each other and I consider gaming one of he most dangerous things you can do online nowadays. i'd say especially for fps games lmao, so i game on another machine keep qubes machine for everything else.
> >
> > That's where I have the advantage, I have 1 GPU that I have available for passthru. since I have 2.
> >
> > But still, adding to an AppVM, means it's no longer assigned to Qubes, but when the VM shuts down, it's back in use by Qubes. So it's only removed from Qubes when it's running.
>
> First things I've always done is take off quiet and disable ipv6 on bare metal linux grub. haven't bothered on qubes.
I did too, and rhgb. I hate the graphical boot screen. Just comes with being a sys-admin I guess. I like to see what the computer's doing. ipv6, yeah, I always have that disabled. It's not needed after all. I turn it off in all guests too.
> Ya chromium works good in qubes. I don't get the fullscreen issue. and default apparmor works fine with it too. You can see how to setup apparmor from whonix instructions, and use same method on debian template. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add some alias lines documented here > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as
I'll have to take a look at apparmor, but I wish it wasn't american product.