System in dom0
303 views
Skip to first unread message
Andrzej Andrzej
Jul 5, 2018, 4:20:54 PM7/5/18
to qubes...@googlegroups.com
I do not understand one thing. Why is Fedora in host (dom0) having a short support period? Why is not a gradual release system used or at least with a long support period?
In my opinion, using such an outdated version of the operating system on the host (dom0) is irresponsible and reprehensible.
Why do I think so?
Qubes users do not need new features from new releases of Fedora?
Among other things, updates from various releases, Fedora 26-28:
48 bit aarch64 address space!
Improved systemd integration!
Improvements to the Anaconda installer!
GCC 8!
GHC 8.2
Golang 1.10
DNF 2.5
Pipewire!
Increased battery life !!!!!!!
Thunderbolt support !!!!!!!
Kubernetes 1.9
Reduced initial configuration of redundancy
You can also looking for errors in the security and stability of the fedora 25, which have been patched in newer editions of the fedora. I did not want to search so much because of the nature of Qubes OS and Xen.
In that case, who is Qubes OS for? Is it only for users of old computers? : D
What if the Qubes OS user had the latest equipment and components? For example, SSD NVM Pro, Intel I9, the latest motherboard and other components. In that case, he would definitely like to have the best possible support and would like his components to work as well as they can. Among Qubes OS users, there are definitely those who have or will have the latest equipment and will lack better support that newer versions of Fedora (or another systems) can give them.
I understand that a roll release systems may be a problem due to lack of control over updates and errors.
But you can use systems with a longer support period, for example: CentOS, openSUSE Leap, FreeBSD
However, if the roll release systems were not a problem, you can use: Arch Linux, openSUSE Tumbleweed.
In my opinion the most interesting solutions are CentOS and openSUSE.
I think that Qubes OS need to change the system at dom0 to a system with a longer cycle or roll release systems.
Links from which I received information about Fedora updates:
https://docs-old.fedoraproject.org/en-US/Fedora/26/html/Release_Notes/index.html
https://itsfoss.com/fedora-26-release/
https://fedoramagazine.org/whats-new-fedora-27-workstation/
https://fedoramagazine.org/whats-new-fedora-28-workstation/
https://www.fosslinux.com/2788/fedora-28-new-features-and-release-date.htm
https://itsfoss.com/fedora-28-release-features/
In my opinion, using such an outdated version of the operating system on the host (dom0) is irresponsible and reprehensible.
Why do I think so?
Qubes users do not need new features from new releases of Fedora?
Among other things, updates from various releases, Fedora 26-28:
48 bit aarch64 address space!
Improved systemd integration!
Improvements to the Anaconda installer!
GCC 8!
GHC 8.2
Golang 1.10
DNF 2.5
Pipewire!
Increased battery life !!!!!!!
Thunderbolt support !!!!!!!
Kubernetes 1.9
Reduced initial configuration of redundancy
You can also looking for errors in the security and stability of the fedora 25, which have been patched in newer editions of the fedora. I did not want to search so much because of the nature of Qubes OS and Xen.
In that case, who is Qubes OS for? Is it only for users of old computers? : D
What if the Qubes OS user had the latest equipment and components? For example, SSD NVM Pro, Intel I9, the latest motherboard and other components. In that case, he would definitely like to have the best possible support and would like his components to work as well as they can. Among Qubes OS users, there are definitely those who have or will have the latest equipment and will lack better support that newer versions of Fedora (or another systems) can give them.
I understand that a roll release systems may be a problem due to lack of control over updates and errors.
But you can use systems with a longer support period, for example: CentOS, openSUSE Leap, FreeBSD
However, if the roll release systems were not a problem, you can use: Arch Linux, openSUSE Tumbleweed.
In my opinion the most interesting solutions are CentOS and openSUSE.
I think that Qubes OS need to change the system at dom0 to a system with a longer cycle or roll release systems.
Links from which I received information about Fedora updates:
https://docs-old.fedoraproject.org/en-US/Fedora/26/html/Release_Notes/index.html
https://itsfoss.com/fedora-26-release/
https://fedoramagazine.org/whats-new-fedora-27-workstation/
https://fedoramagazine.org/whats-new-fedora-28-workstation/
https://www.fosslinux.com/2788/fedora-28-new-features-and-release-date.htm
https://itsfoss.com/fedora-28-release-features/
Marek Marczykowski-Górecki
Jul 5, 2018, 4:38:35 PM7/5/18
to Andrzej Andrzej, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, Jul 05, 2018 at 09:11:49PM +0200, 'Andrzej Andrzej' via qubes-devel wrote:
> I do not understand one thing. Why is Fedora in host (dom0) having a short support period? Why is not a gradual release system used or at least with a long support period?
>
> In my opinion, using such an outdated version of the operating system on the host (dom0) is irresponsible and reprehensible.
>
> Why do I think so?
> Qubes users do not need new features from new releases of Fedora?
>
> Among other things, updates from various releases, Fedora 26-28:
> 48 bit aarch64 address space!
> Improved systemd integration!
> Improvements to the Anaconda installer!
> GCC 8!
> GHC 8.2
> Golang 1.10
> DNF 2.5
> Pipewire!
> Increased battery life !!!!!!!
> Thunderbolt support !!!!!!!
> Kubernetes 1.9
> Reduced initial configuration of redundancy
Well, most (all?) of the above are irrelevant to dom0. Note that
you should _not_ do any work in dom0, so things like Kubernetes or GHC
doesn't sense there.
We do provide updates for some key components in dom0, like Linux kernel
or Xen, regardless of dom0 distribution lifecycle.
See also here:
https://www.qubes-os.org/doc/software-update-dom0/#why-would-one-want-to-update-software-in-dom0
> You can also looking for errors in the security and stability of the fedora 25, which have been patched in newer editions of the fedora. I did not want to search so much because of the nature of Qubes OS and Xen.
>
> In that case, who is Qubes OS for? Is it only for users of old computers? : D
> What if the Qubes OS user had the latest equipment and components? For example, SSD NVM Pro, Intel I9, the latest motherboard and other components. In that case, he would definitely like to have the best possible support and would like his components to work as well as they can. Among Qubes OS users, there are definitely those who have or will have the latest equipment and will lack better support that newer versions of Fedora (or another systems) can give them.
>
> I understand that a roll release systems may be a problem due to lack of control over updates and errors.
>
> But you can use systems with a longer support period, for example: CentOS, openSUSE Leap, FreeBSD
>
> However, if the roll release systems were not a problem, you can use: Arch Linux, openSUSE Tumbleweed.
>
> In my opinion the most interesting solutions are CentOS and openSUSE.
Those are actually good ideas for VM distributions, for those tired of
major template upgrade every half a year. And there is even some
progress on CentOS template.
> I think that Qubes OS need to change the system at dom0 to a system with a longer cycle or roll release systems.
Please search the list archive first, this subject was discussed before
many times, I don't want to repeat myself.
In short: we want dom0 as minimal as possible, we are in the process of
moving GUI (X server and stuff) out of it, so you wouldn't interact with
it at all. Then, dom0 could be made out of something really minimal,
perhaps Alpine Linux. And there will be even less reasons to update "dom0
distribution" (whatever it will be), as there will be very few things at all.
> Links from which I received information about Fedora updates:
>
> https://docs-old.fedoraproject.org/en-US/Fedora/26/html/Release_Notes/index.html
> https://itsfoss.com/fedora-26-release/
> https://fedoramagazine.org/whats-new-fedora-27-workstation/
> https://fedoramagazine.org/whats-new-fedora-28-workstation/
> https://www.fosslinux.com/2788/fedora-28-new-features-and-release-date.htm
> https://itsfoss.com/fedora-28-release-features/
>
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAls+gcQACgkQ24/THMrX
1yw6bQf8Cn1nfnlvLNLGXkSND2rymFHKuZ0lPvQY+k0788I3yItkwZL73NcOIYW5
9RD77EazkcCWk+F5055laTelkVWY9AW3YvIAUhtBLMkd3wNvbE/4tF6MI52xozh/
NkzfQ8XePI3PaL8pqCib+rq0HHLu9PDwEu+5nyplDheg/CExIs5WAR+E65Gj1fnt
g85LguYQgukkyqXjwL5pCEwUv9UjLQze/fIvj1RU+7oyk+lmUmkI1vqvbI70+bvm
i9nyuv6rB36QhLfwehpgqDlysVQJDF02PWzxqC/S/t86QG+0xspoKXLXcoqnS9vH
UnQ93Xy5lIbLZUHFgNnjizwFYhb/BA==
=c73f
-----END PGP SIGNATURE-----
Hash: SHA256
On Thu, Jul 05, 2018 at 09:11:49PM +0200, 'Andrzej Andrzej' via qubes-devel wrote:
> I do not understand one thing. Why is Fedora in host (dom0) having a short support period? Why is not a gradual release system used or at least with a long support period?
>
> In my opinion, using such an outdated version of the operating system on the host (dom0) is irresponsible and reprehensible.
>
> Why do I think so?
> Qubes users do not need new features from new releases of Fedora?
>
> Among other things, updates from various releases, Fedora 26-28:
> 48 bit aarch64 address space!
> Improved systemd integration!
> Improvements to the Anaconda installer!
> GCC 8!
> GHC 8.2
> Golang 1.10
> DNF 2.5
> Pipewire!
> Increased battery life !!!!!!!
> Thunderbolt support !!!!!!!
> Kubernetes 1.9
> Reduced initial configuration of redundancy
you should _not_ do any work in dom0, so things like Kubernetes or GHC
doesn't sense there.
We do provide updates for some key components in dom0, like Linux kernel
or Xen, regardless of dom0 distribution lifecycle.
See also here:
https://www.qubes-os.org/doc/software-update-dom0/#why-would-one-want-to-update-software-in-dom0
> You can also looking for errors in the security and stability of the fedora 25, which have been patched in newer editions of the fedora. I did not want to search so much because of the nature of Qubes OS and Xen.
>
> In that case, who is Qubes OS for? Is it only for users of old computers? : D
> What if the Qubes OS user had the latest equipment and components? For example, SSD NVM Pro, Intel I9, the latest motherboard and other components. In that case, he would definitely like to have the best possible support and would like his components to work as well as they can. Among Qubes OS users, there are definitely those who have or will have the latest equipment and will lack better support that newer versions of Fedora (or another systems) can give them.
>
> I understand that a roll release systems may be a problem due to lack of control over updates and errors.
>
> But you can use systems with a longer support period, for example: CentOS, openSUSE Leap, FreeBSD
>
> However, if the roll release systems were not a problem, you can use: Arch Linux, openSUSE Tumbleweed.
>
> In my opinion the most interesting solutions are CentOS and openSUSE.
major template upgrade every half a year. And there is even some
progress on CentOS template.
> I think that Qubes OS need to change the system at dom0 to a system with a longer cycle or roll release systems.
many times, I don't want to repeat myself.
In short: we want dom0 as minimal as possible, we are in the process of
moving GUI (X server and stuff) out of it, so you wouldn't interact with
it at all. Then, dom0 could be made out of something really minimal,
perhaps Alpine Linux. And there will be even less reasons to update "dom0
distribution" (whatever it will be), as there will be very few things at all.
> Links from which I received information about Fedora updates:
>
> https://docs-old.fedoraproject.org/en-US/Fedora/26/html/Release_Notes/index.html
> https://itsfoss.com/fedora-26-release/
> https://fedoramagazine.org/whats-new-fedora-27-workstation/
> https://fedoramagazine.org/whats-new-fedora-28-workstation/
> https://www.fosslinux.com/2788/fedora-28-new-features-and-release-date.htm
> https://itsfoss.com/fedora-28-release-features/
>
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAls+gcQACgkQ24/THMrX
1yw6bQf8Cn1nfnlvLNLGXkSND2rymFHKuZ0lPvQY+k0788I3yItkwZL73NcOIYW5
9RD77EazkcCWk+F5055laTelkVWY9AW3YvIAUhtBLMkd3wNvbE/4tF6MI52xozh/
NkzfQ8XePI3PaL8pqCib+rq0HHLu9PDwEu+5nyplDheg/CExIs5WAR+E65Gj1fnt
g85LguYQgukkyqXjwL5pCEwUv9UjLQze/fIvj1RU+7oyk+lmUmkI1vqvbI70+bvm
i9nyuv6rB36QhLfwehpgqDlysVQJDF02PWzxqC/S/t86QG+0xspoKXLXcoqnS9vH
UnQ93Xy5lIbLZUHFgNnjizwFYhb/BA==
=c73f
-----END PGP SIGNATURE-----
ser...@da.matta.nom.br
Jul 6, 2018, 9:36:27 PM7/6/18
to qubes-devel
Qubes is fantastic! But you should start thinking dom0 as the user desktop. People who use Qubes needs information, utilities, docks and panels, active and video stream backgrounds, better window manager, toys like desklets and much more. I wonder when it will be 360 ...
Andrew David Wong
Jul 6, 2018, 9:40:01 PM7/6/18
to ser...@da.matta.nom.br, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
That's part of the motivation for bifurcating dom0 into separate Admin
and GUI domains:
https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/#the-gui-domain
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltAGeYACgkQ203TvDlQ
MDAZ2RAAm0HtFpvR7nffX9v3xih3Ut9T4L729TbKA6jo+Tm1XhC32o5oR4BMXOjy
Nu1YCmt8fITCX7xu5nzWo8tHC7RWntVvYfoHXS53a4CjRQ902VMsuG8Q1o7l1h3n
/WUFK22NZu2O03BKcKJjDNgtIhrQQPW5RY+BCjvDKV2WN5AUKdR8Dx5al53RbYCR
Iv9IpYMmhHWDj5MSD/z/vaPWuOIksFelbE1lZ/pFAqdHa+ngpeJsVfBwc/5Pi6o1
6ZhUjfHOa5eGM+9KYMSuzsYWo6aQurOf61dlNpWlyloQNp/8p/1mHAqA33xmc4FE
t60eQ1ZvhoKDsh2XfccfGxijOzg2gFbcxd3y7JllMydnA6mXdfMEsg6V0TWdoMye
isCtAcLWR8Z0ijbunUzivDN9WFQCdiyLHyc8QW5UMDFkTcML5xstXVQf+rSWR3i3
oTsLyrHg3iO+PpWBD6vV3HCZrY0QpCIz7AUeDdevoffQd6+hq6y00LTz/u1WWMxq
em/lkiiVc11hnuXsBYM6wcvi1yJ8Bv4SXZIRAnzIhXFpK+hbffmn4FNTso2HXrwn
H0Uggzrxz95YmLgvR9KmnUADE4YDMrHxyJ/wMliAIvq2ClLGIyJr9GdcbcMmOpbs
Ds2HS2SGRWRqYT7MnsATo5lwTqTTlirPxDazRoE3bfPmN+i5ecs=
=g4Bn
-----END PGP SIGNATURE-----
Hash: SHA512
and GUI domains:
https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/#the-gui-domain
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltAGeYACgkQ203TvDlQ
MDAZ2RAAm0HtFpvR7nffX9v3xih3Ut9T4L729TbKA6jo+Tm1XhC32o5oR4BMXOjy
Nu1YCmt8fITCX7xu5nzWo8tHC7RWntVvYfoHXS53a4CjRQ902VMsuG8Q1o7l1h3n
/WUFK22NZu2O03BKcKJjDNgtIhrQQPW5RY+BCjvDKV2WN5AUKdR8Dx5al53RbYCR
Iv9IpYMmhHWDj5MSD/z/vaPWuOIksFelbE1lZ/pFAqdHa+ngpeJsVfBwc/5Pi6o1
6ZhUjfHOa5eGM+9KYMSuzsYWo6aQurOf61dlNpWlyloQNp/8p/1mHAqA33xmc4FE
t60eQ1ZvhoKDsh2XfccfGxijOzg2gFbcxd3y7JllMydnA6mXdfMEsg6V0TWdoMye
isCtAcLWR8Z0ijbunUzivDN9WFQCdiyLHyc8QW5UMDFkTcML5xstXVQf+rSWR3i3
oTsLyrHg3iO+PpWBD6vV3HCZrY0QpCIz7AUeDdevoffQd6+hq6y00LTz/u1WWMxq
em/lkiiVc11hnuXsBYM6wcvi1yJ8Bv4SXZIRAnzIhXFpK+hbffmn4FNTso2HXrwn
H0Uggzrxz95YmLgvR9KmnUADE4YDMrHxyJ/wMliAIvq2ClLGIyJr9GdcbcMmOpbs
Ds2HS2SGRWRqYT7MnsATo5lwTqTTlirPxDazRoE3bfPmN+i5ecs=
=g4Bn
-----END PGP SIGNATURE-----
Holger Levsen
Jul 7, 2018, 10:11:09 AM7/7/18
to qubes-devel, ser...@da.matta.nom.br
yes.
> But you should start thinking dom0 as the user desktop. People who use Qubes
> needs information, utilities, docks and panels, active and video stream
> backgrounds, better window manager, toys like desklets and much more.
no (not in dom0).
--
cheers,
Holger
> But you should start thinking dom0 as the user desktop. People who use Qubes
> needs information, utilities, docks and panels, active and video stream
> backgrounds, better window manager, toys like desklets and much more.
--
cheers,
Holger
ser...@da.matta.nom.br
Jul 7, 2018, 1:34:51 PM7/7/18
to qubes-devel
> no (not in dom0).
>
:-) I agree. We just need video pci passthrough to use any hvm as desktop.
Andrzej Andrzej
Jul 8, 2018, 10:08:35 AM7/8/18
to qubes...@googlegroups.com
I do not know why I forgot about it but forgot to add that the latest Fedora 29 is supposed to have default support for LUKS 2 which is probably very important for users of Qubes OS. I do not know what the Alpine Linux case looks like.
"Well, most (all?) Of the above are irrelevant to dom0. Note that
We do provide updates for some key components in dom0, like Linux kernel
or Xen, regardless of dom0 distribution lifecycle. "
I mentioned GHC and Kubernetes in Fedora because sometimes I use them when I want to try to add an original functionalist to a system. Updates of key components in dom0 are not always sufficient due to hardware support (like NVM disks or other components, you can have better and worse support and many people want better support).
"Those are actually good ideas for VM distributions, for those tired of
major template upgrade every half a year. And there is even some
progress on CentOS template. "
If we are talking about VM distributions then you could also add official support for FreeBSD with the installer in the repository. Some people use FreeBSD and it can be useful to them. In addition, it is also light so it gives birth to some ideas.
"In short: we want to house as minimal as possible, we are in the process of
moving GUI (X server and stuff) out of it, so you would not interact with
https://fedoramagazine.org/whats-coming-fedora-29-anaconda/
"Well, most (all?) Of the above are irrelevant to dom0. Note that
you should _not_ do any work in dom0, so things like Kubernetes or GHC
does not sense there.
We do provide updates for some key components in dom0, like Linux kernel
or Xen, regardless of dom0 distribution lifecycle. "
"Those are actually good ideas for VM distributions, for those tired of
major template upgrade every half a year. And there is even some
progress on CentOS template. "
"In short: we want to house as minimal as possible, we are in the process of
moving GUI (X server and stuff) out of it, so you would not interact with
it at all. Then, dom0 could be made out of something really minimal,
Alpine Linux perhaps. And there will be even less reasons to update "dom0
distribution "(whatever it will be), as there will be very few things at all."
In my opinion, it's a great idea to minimize the dom0. You can even go further and minimize the "main" Fedora template. Because the template based on Fedora uses too much RAM, for a firewall. In the case of debian, it is also not better. More than 1000 MB is a lot for a firewall through which traffic only goes, for example related to mids.com. You could add a minimalistic VM template (another than Fedora) to support, among others, firewall, sys-net and sys-usb.
https://fedoramagazine.org/whats-coming-fedora-29-anaconda/
awokd
Jul 8, 2018, 12:58:00 PM7/8/18
to Andrzej Andrzej, qubes...@googlegroups.com
On Sun, July 8, 2018 2:08 pm, 'Andrzej Andrzej' via qubes-devel wrote:
> In my opinion, it's a great idea to minimize the dom0. You can even go
> further and minimize the "main" Fedora template. Because the template
> based on Fedora uses too much RAM, for a firewall. In the case of debian,
> it is also not better. More than 1000 MB is a lot for a firewall through
> which traffic only goes, for example related to mids.com. You could add a
> minimalistic VM template (another than Fedora) to support, among others,
> firewall, sys-net and sys-usb.
https://www.qubes-os.org/doc/templates/fedora-minimal/
> In my opinion, it's a great idea to minimize the dom0. You can even go
> further and minimize the "main" Fedora template. Because the template
> based on Fedora uses too much RAM, for a firewall. In the case of debian,
> it is also not better. More than 1000 MB is a lot for a firewall through
> which traffic only goes, for example related to mids.com. You could add a
> minimalistic VM template (another than Fedora) to support, among others,
> firewall, sys-net and sys-usb.
ser...@da.matta.nom.br
Jul 18, 2018, 5:10:40 PM7/18/18
to qubes-devel
>
> That's part of the motivation for bifurcating dom0 into separate Admin
> and GUI domains:
>
> https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/#the-gui-domain
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
>
LookingGlass A11 Released
May 28 at 4:29am
preventBuffer was altered to be more compatible. This may cause high CPU usage on NVidia cards due to poor driver implementation by NVidia. If you are affected turn off this feature with -o OpenGL:preventBuffer=0
a FPS limiter was added which defaults to 200FPS for those running without vsync.
New client option -K to specify the FPS limit
Unix socket support for spice was added, specify port 0 to use.
Added AMD Pinned Memory support for AMD cards, improves performance with later AMD cards.
Added kernel module (KVMFR) for inter-vm communications (Linux VM guest -> Windows VM guest), see README in the module directory for more information.
Fixed numerous cursor bugs
Decoupled cursor data stream from video stream, this helps (but doesn't solve) with performance and micro stutter issues.
Implemented memcpySSE in pure assembler to squeeze every possible bit of performance out of it.
OpenSSL has been replaced with nettle and hogweed due to GPL license incompatibility reasons.
See: https://github.com/gnif/LookingGlass/releases/tag/a11
Reply all
Reply to author
Forward
0 new messages