That's just a description of the emulated adapter.
HVM drivers do have throughput issues...
https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/
Are you connecting your win 7 to some other machine on your home lan? IS it even possible to get even 100mb let alone 1000?
Just to clarify so you are talking 100 megabits which is like 10 megabytes, roughly.
I don't think many people are using their qubes machine as a vm lan lab. I'm not sure devs had that in mind. That being said are you really using up 100mbits all the time?
On my machine using a full speed all the time my cpu becomes the bottleneck more then anything...
Just to clarify so you are talking 100 megabits which is like 10 megabytes, roughly.
I don't think many people are using their qubes machine as a vm lan lab. Â I'm not sure devs had that in mind. Â That being said are you really using up 100mbits all the time?
On my machine using a full speed all the time my cpu becomes the bottleneck more then anything...
How can I check what max speed is set to on the different vms. So it doesn't just go by what the netvm can do?
Easiest way...
Run monitor on the netVM, or firewall VM if that is where you are at for the forking of networking.
Do the same on the netVM too if you want.
After that, create a file on another PC/Server that has a Gigabit NIC.
Create a 5 GB file. Or less.. Maybe on 500 MB needed. Or 1 GB to be on the safe side.
Perform a WGET on that file. Watch the speed in each window.
In the Firewall VM you will see the speeds.
In the NetVM you will see the speeds too.
So you will start one, watch the speed, start another and another and another.
No, the NetVM is the NetVM. It has the NIC on it.
Everything behind that has a virtual NIC.
And that's only a 100 Mbps NIC. An older Realtec driver based, not even the E1000, but reading on changing to that is doable, but can cause stability issues and other things can go wrong too.
So I'd rather have it done professionally by those that make and improve Qubes as best as they can, that way it's tried and tested and all.
To have the options there, having the option in the creation of the VM to set it to different NIC types would be good, so that I can then set one to 10 Mbps, another to 100 Mbps and another to 1 Gbps. That way they have their own maximum bandwidth available to them.
If they could also include a 1 Mbps and modem speeds too, 96 baud would be fantastic too. I know it's a bit outdated to have that, but it would be advantageous to be able to pick network speeds available to each guest.
So yeah, either a specific NIC, or a variable NIC. Then I could set it to whatever I wanted, or else just a 1 Gbps or 100 Mbps. I know there would be speed implications for having a variable and others in there.
Just a thought... That's why it seems a bit all over the place.
Takes forever to upload a 4 GB iso.
And to copy a file from the network to local, or vice-versa, takes way too long.
oh ok only way i knew of was cat /sys/proc/net/interface/speed thought maybe there was some similar way to check settings for the virtual nic's since it didn't work there.
I think Qubes is aimed more at everyday home and small business office users. But I guess if they want to reach corporate audience and corporate admins this is something that should be looked into.
> oh ok only way i knew of was cat /sys/proc/net/interface/speed thought maybe there was some similar way to check settings for the virtual nic's since it didn't work there.
>
> I think Qubes is aimed more at everyday home and small business office users. But I guess if they want to reach corporate audience and corporate admins this is something that should be looked into.
On my NetVM I'm running bwm-ng.
I had 1 VM copying data out... running at 100 Mbps.
I had another one copying in... running at 100 Mbps.
I know it was because the data for each machine never went over 100 Mbps on their interface.
I then had 2 copying data out. both running at 100 Mbps.
Their VIF interface was 100 Mbps each, and the data on the external side was running at 200 Mbps (aggregate of the internals)
So my 1Gbps connection isn't even being touched.
I copied data from an external source to the NetVm that had the NIC, and it's throughput went up to almost 60 MBps. So that's about 480 Mbps. That's about half of what the whole system can do on that 1 NIC.
As expected, there is some degradation due to drive performance and the fact of the virtualisation and the performance the other end, as well as threads I've assigned to my NetVM and the threads available the other end too.
But all in all, I could be copying from 5 machines, and get all 1 Gbps used on my own NIC.
At home, on my HOME machine, I use Qubes a different way to here, but the fact is, the Network performance is really bad, even for home use.
Qubes is aimed at those that want security and performance side by side. It has most of that, just the network performance is lacking.
Many home users these days have Internet connections that are lower than 100 Mbps. But there are some that have 1 Gbps internet connections.
Corporate users OR home users, doesn't matter, the 100 Mbps network performance is just horrid.
I have 4 VMs running right now behind the NetVM.
They all use network at times. But when I want to use the network I want the network, not a slow connection.
Corporate users and other businesses, and us programmers want security. Home users, they don't really, not all the time, or very much at least. (from what I've seen and heard and been told when I've gotten people to use qubes)
Lots of home users, their children use the PC to play games and all under Windows. They don't want the virtualisation overhead or anything like that.
So you know...
I am a "small business office user".
So if it's aimed at me, networking isn't fast enough.
If it's aimed at me as a home user, networking isn't fast enough.
As a corporate GENERAL ADMIN that doesn't need much data throughput, then yes it's fine.
As a technical admin, too slow.
I think it just needs to be gigabit all the way through, and then just loadbalanced for the machines that are requesting data.
Even have the options for prioritising the data.
I want my Web browser to be second priority for data.
I want my movie watcher to be third priority.
I want my remote support machine to be first priority.
I want my dom0 update vm to be lowest priority.
All gigabit, all prioritised. everything then has it's place and knows it's place.
Good thought, but no.
I check all that sort of stuff before I say anything generally.
Because if it was something as simple as that, then it would be easy to fix, but since it's NOT that, since it is only in the guests BEHIND the NetVM, then I know for a fact that it is NOT the NIC's driver.
It is in fact an issue with Qubes.
I should state, this is the HIGHEST that it got to, not the average for the CPU%
It would often fluxuate from lower up to there.
And as I had said, uses between 25% and 50% of CPU constantly on the NetVM.
The AppVM typically was 40-60 % during the transfer of data for this test.
Perhaps you missed what I said earlier, it's both, at least in Qubes 3.1 it is.
Just put 3.2 on here, and it seems to work fine for Linux.
around 40 MBps / 320 Mbps.
So whatever the difference in 3.2 compared to 3.1, it's improved.
Not to mention, I have less resources applied to the AppVM and NetVM than I did in 3.1.
So only a problem for windows vms in 3.1 but not 3.2? weird. Maybe you've done some configuration changes in 3.1 that messed things up. Maybe something happened with your router.
Only a problem for Windows VMs in ALL of Qubes versions.
If you read what I said... "Just put 3.2 on here, and it seems to work fine for Linux."
As I said... LINUX.
Still doesn't work fine for Windows.
ok so what I said the first time then. Its only the windows vms you have problems with.
In 3.2, yes. 3.2 has about 500 different bugs that cause it to be close to unusable. (number exaggerated because I lost count at 137 sand couldn't remember if I'd counted specific bugs before or not)
In 3.1, which is stable, no.
In 3.0, no.
in 2.x, no.
lol, are you sure you are not creating problems for yourself? You would make a great beta tester, but it doesn't seem you are using qubes like a normal person.
Strange that it would work on 3.2 but not in 3.1. I wonder why that is. I was just guessing that it worked after you immediated testing after a fresh install. I'm sure if we gave you time on 3.2 you'd do something it on there too lmao...
*to break it on there too.
lol, not at all. I'm using like a normal person actually.
I'm using it as a developer at work, and a normal person at home. I'm having the same issues when at work or home, whether I'm using it as a developer OR a "normal person".
I mean, I'm a user, not an end-user, when at home.
Qubes isn't really made for end-users anyway. It's too complicated for the general end-user.
And no, even on a FRESH INSTALL, it has the same issues.
Even when using a 4 Gbps NIC, it has the same issues in 3.1
Nothing broken or altered at all, and the issue exists.
So I'm not to blame for the issue. I don't know who/what is, but I know it's not me. (at least for this issue/problem [lol])
As a beta tester, I would be good, because I push things to their limits, unlike other people who just think "this is what it's mean to be able to do, I'll only do half of that".
So.. Please define "Normal Person"...
3.2 has some changes to it. The networking works perfectly from linux -> linux -> Network.
What is different I don't know, but it works. and it has the SAME CHANGES that I made in 3.1 to improve security and all. And it works fine.
Windows is the only one that has a 100 Mbps NIC inside Windows, instead of Gigabit.
Qubes really isn't that hard to use, but for some reason its got that stigma attached to it. Its different is all it is. Anyone who uses windows and doesn't need to play games can use it imo. I taught my family how to update qubes, attach usb block device from usbvm, use the different vms for different tasks, copy and paste, transfer files between vms. Its all with mouse and gui, whats the big deal?
I dunno I just wonder how you find 200 bugs lol. most people using qubes don't have such problems. When your a normal person you don't go looking for problems. As long as it can do what you want to do. All these problems don't seem to be the case for most users. Is there really a difference in networking between 3.1 and 3.2? I wonder what it is. You sure you using the best drivers? Maybe the kernel is the difference.
How do I find 200 bugs? I read the screen. I see what it says. I don't go looking for them, they just appear there. Just like the bugs in the Qubes manager that have been there since version 2.0 of Qubes, maybe even earlier, and they have not even been fixed, and yet I see them every say on my screen, often shows 100 times or more in one day... I don't see how a bug like that could be missed.
Yes, there does appear to be something different in the networking. Not to mention the KDE crashes in 3.2 whenever you change any settings in the Qubes Manager. What they changed I have no idea. but in 3.1 I can't get more than 100 Mbps from any Unix or Windows guest through a NetVM, but in 3.2, it all works find from Unix based guests, but Windows is still only 100 Mbps.
ok I owe you an apology man. You are probably right.
the list of problems for me keep growing also. I guess because I'm such a fan and want Qubes to be more mainstream its hard to admit. And even though Qubes is easy to use, you really have to walk on eggshells to not break things or keep them functioning properly. So I guess in that sense its not as user friendly as it could be.
For example i have to remember to shutdown all appvms or else it doesn't even shutdown properly and i have to hard power off. Or having to remember to unmount and detach block devices to avoid having to restart pc cause of error if wanting to re-attach them. (which happens sometimes anyways with multiple devices attached) Or loading or shutting down vms too fast which cause errors.
Then there are bugs that annoy me like firefox not being able to go fullscreen without freezing in Qubes. Or wake and suspend issues i'm not starting to have. And this is not even counting the random bugs that causes vms not to shutdown or templates not to update or qubes manager to crash.
So basically I'm very wrong to doubt your issues, because I have alot of problems myself when I'm not even doing anything as advanced as you. It seems Qubes is not easy to develop for and I imagine its a hell of alot of work for one guy. And its not your typical project that is basically just a custom debian. Its a whole nother thing altogether and I just hope it succeeds because I really do believe the whole idea and philosophy of Qubes is the future.
You don't owe me an apology because there is nothing to apologise for.
> the list of problems for me keep growing also. I guess because I'm such a fan and want Qubes to be more mainstream its hard to admit. And even though Qubes is easy to use, you really have to walk on eggshells to not break things or keep them functioning properly. So I guess in that sense its not as user friendly as it could be.
I'd love for it to be mainstream, but the way it is, with bugs still from the beginning of Qubes, and version 2 and 3 in there, it's hard to get it to go mainstream.
I've told many people about Qubes, and then Qubes got changed in some way, and it broke, and they used it and asked me why I said that it was good when it was broken.
I've had version 3.1 for ages, and then 3.2 they bring out with Fedora 24 and KDE 5, which is so broken it just keeps breaking. That put off numerous people, fixing something that isn't broken instead of fixing what is broken and concentrating on that.
> For example i have to remember to shutdown all appvms or else it doesn't even shutdown properly and i have to hard power off. Or having to remember to unmount and detach block devices to avoid having to restart pc cause of error if wanting to re-attach them. (which happens sometimes anyways with multiple devices attached) Or loading or shutting down vms too fast which cause errors.
I've not had that issue since version 2.1 of Qubes. Back then it needed that, but since then everything shuts down correctly. But I've also edited templates to put my startup scripts in, put protection on, and more. So they don't take long to shutdown beecause I've removed stuff that takes forever to shut down/die/stop.
> Then there are bugs that annoy me like firefox not being able to go fullscreen without freezing in Qubes. Or wake and suspend issues i'm not starting to have. And this is not even counting the random bugs that causes vms not to shutdown or templates not to update or qubes manager to crash.
I have firefox full screen when I want it to be, in 3.1.
I find the wake issue is due to the manager and it's memory leak. Thus I've had to make my own cure for that, as usual, since I've had to for many other things too.
> So basically I'm very wrong to doubt your issues, because I have alot of problems myself when I'm not even doing anything as advanced as you. It seems Qubes is not easy to develop for and I imagine its a hell of alot of work for one guy. And its not your typical project that is basically just a custom debian. Its a whole nother thing altogether and I just hope it succeeds because I really do believe the whole idea and philosophy of Qubes is the future.
At work, I'm a coder and a developer. At home I'm just a standard user. And there are things I don't do, like YouTube and videos and all like that. So I'm actually not using as a "normal user", but I am a "normal user" when I'm at home.
Qubes is good, and it could be so much better.
The upgrade to Fedora 24 and KDE5, totally unnessicary. They never should have done that.
They could have had Fedora 20, and kept the repos somewhere. Then Just secured and kept it up to date with a stable system, instead of going unstable, even just for a candidate it's too unstable.
Ya debian still uses kde4. There is probably nothing kde5 can do better security or functionality wise.
Some people still have the shutdown issue. I had it on 3.0 and i believe on 3.1 also on two machines. I know Eva on the mailing list have the issue it depends on whats running. But I haven't noticed it lately.
Firefox only use to freeze full screen for me in 3.1 with fedora templates. But worked in debian and whonix. Ever since debian dropped the firefox weasel to firefox esr for some reason now on my machine it has same issue fedora always had in Qubes.
I have disliked fedora since fedora 20, Fedora 19 was a good one. But ever since then more and more unstable. And I think it was fedora 22 that introduced dnf which I dont' like and a whole lot of other problems. But I agree i have no problem with the older DE versions. I don't need the new fancy desktop themes or for my old hardware to become unsupported. And for new hardware like skylake stuff I'm sure they could just upgrade kernels and keep lts or older ones available.
Right now everyone is demanding gpu passthrough lol.
> Some people still have the shutdown issue. I had it on 3.0 and i believe on 3.1 also on two machines. I know Eva on the mailing list have the issue it depends on whats running. But I haven't noticed it lately.
I mainly found that whenever I had the trouble, it was just an IRQ issue, Or else the rare, "the guest has shutdown but I have not been told" issue.
> Firefox only use to freeze full screen for me in 3.1 with fedora templates. But worked in debian and whonix. Ever since debian dropped the firefox weasel to firefox esr for some reason now on my machine it has same issue fedora always had in Qubes.
I hate any of the new firefox since 24, so I mainly use ESR myself, because it's one of the last ones, ESR24, that still has the COR$RECT options that we need and want. But I've never had the fullsccreen issue, on any system.
> I have disliked fedora since fedora 20, Fedora 19 was a good one. But ever since then more and more unstable. And I think it was fedora 22 that introduced dnf which I dont' like and a whole lot of other problems. But I agree i have no problem with the older DE versions. I don't need the new fancy desktop themes or for my old hardware to become unsupported. And for new hardware like skylake stuff I'm sure they could just upgrade kernels and keep lts or older ones available.
Exactly. I hate systemd. I hate wanky GUI stuff. I want functionality, not pretty crap. That was ONE of the things about the GUI they were going to have for the new manager, it lost 99% functionality, and gained 500% bloated graphics and lost realestate, not to mention the display of data that is good.
YUM is better than DNF.
The thing with that is... "qubes-dom0-update" runs.. and the firewall vm passes it from the YUM call to the DNF call.. Qubes didn't even remedy that when the templates were moved from 21 - 23.
KDE5 is laggy, jumpy, unstable, not user friendly, menu system sucks (unlike KDE4), crashes every 2 seconds, has issues with updates to itself, can't handle multiple monitors easily (only 2, I'd hate to see it with the 5 monitor combo)..
It has got more bugs than it fixed.
> Right now everyone is demanding gpu passthrough lol.
Why....? Why passthrough??? If they want that then they are NOT "normal users" which it's aimed at.
I have had GPU passthrough since Qubes 2.0. So I don't know what they are wanting it for when it's already there.
The shutdown issue for me I assume is something gets stuck and does not shut down properly, Cause it never happens when I shutdown the apps manually. Happens on all my qubes machines.
Interesting you don't get the fullscreen firefox issue I thought that also affected everyone and that they just use chrome or chromium lol
They want GPU passthrough for gaming, VR, 3d printing, some windows apps etc... I don't know if normal users or not but definitely not as serious about security or privacy. Unless there is actually some security benefit to having it. I'm too noob to fully understand that.
Weird. I have no resolution then for you regarding that. Do you have the graphical version off? Or do you keep the RHGB option for boot?
I remove the "rhgb" and "silent" options. That way I can actually see what is going on. Do it on yours, and then when you shutdown, it will tell you where the failing is. You can se eif it's locked, or just waiting, because if it's waiting and hasn't been notified that the guest has shut down, then it will not continue shutting down.
> Interesting you don't get the fullscreen firefox issue I thought that also affected everyone and that they just use chrome or chromium lol
Interesting. But I have an aversion to Chrome and Chromium. I hate those browsers with spyware, so FireFox ESR 24 is my limit.
> They want GPU passthrough for gaming, VR, 3d printing, some windows apps etc... I don't know if normal users or not but definitely not as serious about security or privacy. Unless there is actually some security benefit to having it. I'm too noob to fully understand that.
Then they should just attach the GPU to the Guest. simple. That's what I do if I want to have a passthrough.
I use kde. I just hit esc at the splash screen to see the boot log.
I've gone back and forth over the years, last time i went back to firefox was when they one again got caught with issue regarding mic and camera haha. Like they often do. But now i'm back to chromium after firefox was not in the latest pwn2own so i guess its a choice between privacy vs security? I use apparmor on both.
Regarding gpu its my understanding something still has to be for dom0? or at least that would be easier so user would need two gpus on the system at least an onboard and another pci plugin adapter. vms can attack each other and I consider gaming one of he most dangerous things you can do online nowadays. i'd say especially for fps games lmao, so i game on another machine keep qubes machine for everything else.
KDE or not, it's Linux, I don't have RHGB or Silent on, that way wether it's boot or shutdown, I can see what's going on.
> I've gone back and forth over the years, last time i went back to firefox was when they one again got caught with issue regarding mic and camera haha. Like they often do. But now i'm back to chromium after firefox was not in the latest pwn2own so i guess its a choice between privacy vs security? I use apparmor on both.
Does it work well?
> Regarding gpu its my understanding something still has to be for dom0? or at least that would be easier so user would need two gpus on the system at least an onboard and another pci plugin adapter. vms can attack each other and I consider gaming one of he most dangerous things you can do online nowadays. i'd say especially for fps games lmao, so i game on another machine keep qubes machine for everything else.
That's where I have the advantage, I have 1 GPU that I have available for passthru. since I have 2.
But still, adding to an AppVM, means it's no longer assigned to Qubes, but when the VM shuts down, it's back in use by Qubes. So it's only removed from Qubes when it's running.
First things I've always done is take off quiet and disable ipv6 on bare metal linux grub. haven't bothered on qubes.
Ya chromium works good in qubes. I don't get the fullscreen issue. and default apparmor works fine with it too. You can see how to setup apparmor from whonix instructions, and use same method on debian template. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add some alias lines documented here > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as
woop forgot to ctrl shift c, here is instructinos for apparmor https://www.whonix.org/wiki/Qubes/AppArmor
apt-get install apparmor apparmor-utils apparmor-profiles the files are in /etc/apparmor.d
I did too, and rhgb. I hate the graphical boot screen. Just comes with being a sys-admin I guess. I like to see what the computer's doing. ipv6, yeah, I always have that disabled. It's not needed after all. I turn it off in all guests too.
> Ya chromium works good in qubes. I don't get the fullscreen issue. and default apparmor works fine with it too. You can see how to setup apparmor from whonix instructions, and use same method on debian template. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add some alias lines documented here > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as
I'll have to take a look at apparmor, but I wish it wasn't american product.