/tech/ - Technology

Been wanting to try it out for a while, it's a distribution with a very original idea. Just a little concerned that it might be too hardware intensive.

ive been working on setting up my qubes environment, been lazy
the default qubes are kind of ass, and the documentation is total ass in the bad way
it's pretty good though, it works
what DE do u have going on with it? i want i3 for the ease of use because dragging windows around and finding the tiny x with a fucking nipple is hell, but i worry it will mess up the windows and things
can rofi replace the qubes app shit? idk where things are kept
the file system is cryptic to me so far, but i havent tried too hard to explore i guess>>8691

>>8704
It's picky about hardware because it needs hardware virtualization support. Honestly, it may just be easier to buy a second hand ThinkPad. The most common one people use is the X230. Max out it's RAM, put in a SSD, neutralize Intel ME and you have an ideal Qubes machine.
https://www.qubes-os.org/hcl/

Because it uses hardware acceleration, it's not CPU intensive for most tasks. There's no difference in speed for most applications. The only problem is it's not good for gaming or anything that requires the GPU because the VMs usually can't access the GPU. There are GPU passthrough tutorials out there.

>>8709
>what DE do u have going on with it?
i3. Awesome also works on Qubes, but unfortunately not dwm.

Super easy to install, just one line in the dom0 terminal. You can switch between i3 and XFCE at the login screen.
https://www.qubes-os.org/doc/i3/

>can rofi replace the qubes app shit?
I don't know much about rofi, it looks like a dmenu replacement. If you don't know how to find something in dmenu, then you can always log in to XFCE and use the drop-down menus. How could it replace AppVMs? Maybe my understanding of rofi is off.

>the file system is cryptic to me so far
Maybe there is more documentation about Xen that will explain it. It's a pain to add extra storage.

Does installing Qubes without MediaTest pose a security threat at all?
>>8730
>neutralize Intel ME
Do you use a custom BIOS for that?

>>8740

I've done it before. You can "soft disable" it through a BIOS update, but really if you want to neutralise the shit out of it, you need to buy a SOIC 8 clip and a chip programmer to dump your BIOS, run an open source python script on it, then reflash it. If you're going that far, you might as well install coreboot as well.

https://github.com/corna/me_cleaner
https://github.com/n4ru/1vyrain
https://www.coreboot.org/Intel_Management_Engine
https://www.coreboot.org

this is only literally relevant to this thread, but does anyone know if whonix or something has problems with using sid packages?
i added unstable repo to a whonix template and installed some stuff from apt, and ever since the qube based on that template crashes and i have no clue why

How does it run with an emulator?

Pretty good. I used it for years, but the start-up time and delays did get to me when I didn't need to boot up Tor, plus I didn't have an adversary beyond surveillance capitalism (passive).

>>8740
Do you mean testing the install media? Maybe, it's more likely that there are errors writing to your install media than a security threat. Either way, I don't know why you wouldn't test it.
>>8743
It's possible to put coreboot on your BIOS with 1vyrain. This is probably the best option, all you need is a USB stick.

>>8751
yes, but in order to disable (for the most part) the Glowie Management Engine, you need to do spooky hardware things

https://spectrum-os.org/

This looks interesting

>>8843
It does and for the average person, it's probably better than Qubes because they don't have to manage VMs. For me, I'll still use Qubes because I like having different VMs to run different OSes and software.

>>8843
It sounds good, but I wish somebody would make a Nix fork that didn't use an ugly-ass DSL.
inb4 Guix, built for Linux-libre which has no MAC system and is unsuitable for security reasons because of that

>>8691
It's fucking great

Seems too much for me, an idiot who really only care about surveillance

>>8915
That's the point, if you care about surveillance, you should use Qubes. It is not that hard to use.

>>8922
>That's the point, if you care about surveillance, you should use Qubes
Son of a petit-bourg spotted
No, anon, that's completely unreasonable and won't scale.
Whonix? Sure
TailsOS? definitely

Qubes OS? No.
But it is great for superusers and the security/privacy emphasis.

which is better for GPU passthrough fedora or qubes (how do i make the usb persistent)

im reluctant to try out redhat since they are the ones in control they force the linux standards (based on what i leaned from past chan boards)
is Xen CoC compiliant? i hope not since its not systemD based right? (rumors has it that the linux kernel contains obfuscated code)
i wish calub veim (computernewb) shared their KVM configuration since they can run nested VT-D android emulator inside the VM and DX11 games run perfectly fine how did they even do it? sorry if this is offtopic

>>8730
will it work on normal generic hardware since i bought a new motherboard from a repair shop

>>8740 (apologies if i look like a glowie)
how do i disable the other security features on qubes its too inconvenient and im afraid of data loss from encryption
gpu passthrough is hard on ubuntu and manjaro i coudn't understand the tutorial (i only need VM isolation)

>>8843
unraid seems promising but i dont like web interfaces also where can i find a crack

>>8979
>which is better for GPU passthrough fedora or qubes (how do i make the usb persistent)
Fedora because you have one less thing in the way (no hypervisor), but you can do GPU passthrough to Fedora VMs in Qubes.

>systemd
Qubes uses systemd in dom0. I read about some guy developing a fork that uses systemvinit, but that hasn't progressed into anything that you can download.

Thankfully, there is isolation between VMs, even your AppVMs and dom0. So most security problems with systemd in dom0 (which to anyone else reading, has not proven to be less secure than other init), will be stuck in dom0.

It's possible to set up a systemd-less templateVM and make your AppVMs systemd-less. It's not easy, but it's easier than making dom0 systemd-less.

As for the code of conduct, every Linux distro seems to use the same CoC template (except maybe Apartheid Linux.) It's the community that brings drama to the distro or not. So far, it has a good community, and most of the devs are hobbyists or they get independent grants. There's no corporation like Red Hat behind the scenes.

>will it work on normal generic hardware since i bought a new motherboard from a repair shop
Probably. Most of the problems are with older hardware without hardware assisted virtualization.

>how do i disable the other security features on qubes
Like what?

>im afraid of data loss from encryption
You don't need to encrypt the hard drive, it's an option at installation.

>>8849
> built for Linux-libre which has no MAC system and is unsuitable for security reasons because of that
Elaborate? Linux's mandatory access controls are not free software?

>>9025
No, they are free software. It's just that nobody maintains a version built for the libre kernel. It shouldn't be THAT hard to do because I don't think the things Linux-libre cleans out should overlap with SELinux/AppArmor all that much, but nobody has bothered to do it yet.