The Linux Thread - The Autist's OS of Choice

[Knight of the Rope]

Another look at Qubes OS.

Does anyone use Qubes? I run the majority of my shit these days inside separate VMs or LXD containers so I seem like I'd be the target audience, but the idea of making literally everything a VM and waiting 30 seconds for applications to start (because it has to load the dedicated VM first, y'see) or waiting 20 seconds for a file transfer between VMs (which is every file transfer you'd need to do, because every application is tightly isolated from each other) is just wacky. It seems like trading too much convenience for security at that point.

 

[bippu_as_fuck_ls400]

Does anyone use Qubes?

I gave it a try last year and it seemed like a bit of a hassle for the reasons you mentioned. I find that Whonix works well enough for any of the threats that I might personally face.

A good resource for a noob like me when it comes to bash:

https://www.shellcheck.net/

 

[Aidan]

Does anyone use Qubes? I run the majority of my shit these days inside separate VMs or LXD containers so I seem like I'd be the target audience, but the idea of making literally everything a VM and waiting 30 seconds for applications to start (because it has to load the dedicated VM first, y'see) or waiting 20 seconds for a file transfer between VMs (which is every file transfer you'd need to do, because every application is tightly isolated from each other) is just wacky. It seems like trading too much convenience for security at that point.

I've trialed it a bit but found the limitations as annoying as you say, with the main one being it really needs (or needed) a ton of memory for mundane tasks since it spins up multiple VMs. It's supposed to properly manage the memory such that the VMs start at the minimum and only use what's needed but it wasn't working very well for me so I decided to wait before delving into it further.
That video makes it look like it's working better now so I'd like to give it another shot.

You definitely sacrifice a lot of convenience for the security and setting it up to suit your needs takes hours. Like bippu, I also find Whonix works well enough for my day-to-day as I care mostly about online tracking.

 

[Dread First]

Whatever happened to running Tails or OpenBSD if you want something secure?

 

[Aidan]

Whatever happened to running Tails or OpenBSD if you want something secure?

Tails shouldn't persist and Qubes ideally gives you your favorite features along with privacy instead of being forced into some other distro or what-have-you. It's not strictly for privacy, it's a security thing as well, there just tends to be a lot of overlap in the fields and demographics.
I wouldn't use Tails on a trip where I was checking my bank and other personal accounts but I would consider Qubes.

I hope Qubes keeps getting better as it's a good tool to have handy.

 

[Dread First]

Tails shouldn't persist and Qubes ideally gives you your favorite features along with privacy instead of being forced into some other distro or what-have-you. It's not strictly for privacy, it's a security thing as well, there just tends to be a lot of overlap in the fields and demographics.
I wouldn't use Tails on a trip where I was checking my bank and other personal accounts but I would consider Qubes.

I hope Qubes keeps getting better as it's a good tool to have handy.

If Qubes has anything on par with OpenBSD's man pages like afterboot 8 , I'll give it a shot.

 

[CryoRevival #SJ-112]

Does anyone use Qubes? I run the majority of my shit these days inside separate VMs or LXD containers so I seem like I'd be the target audience, but the idea of making literally everything a VM and waiting 30 seconds for applications to start (because it has to load the dedicated VM first, y'see) or waiting 20 seconds for a file transfer between VMs (which is every file transfer you'd need to do, because every application is tightly isolated from each other) is just wacky. It seems like trading too much convenience for security at that point.

I have a friend who uses Qubes as his daily driver, he loves it, though he was running his old OS essentially just to run a hypervisor anyway and is a pretty paranoid. So he was basically Qubes' core audience from the start.

Add to that he has a PC with specs whose purpose I would describe as: Use Machine Learning to develop Java applications.

So he doesn't really see the downsides.

I have it on a spare laptop. Personally, I have no strong emotions on ir as a user, though given how annoying it looks like it should be, its surprisingly user friendly, and their documentation has been quite sufficient for all my questions thus far.

 

[AmpleApricots]

This is only my opinion but Qubes is the perfect example of what happens when you don't have a clear idea of the threat model first. It's overkill. The Linux kernel has a lot of onboard tools to separate privileges and users, these systems are very simple to set up in layers and found weaknesses in them are very rare. Random internet drivebys by some russian hackers (at best) target the Browser of the normie who didn't update in six months and doesn't even run ublock, or his smartphone with the last security update from 2018. The absolute state of computer forensics in law enforcement in many countries leads me to believe that you're safe from them if you hide your manifesto.txt in the system32 folder in a windows installation, if you did something that interesting that is. If you have some three letter agency on your back, Qubes won't protect your shins from being worked over with a hammer and if you're not exactly in the media spotlight, you probably just will commit suicide.

With systems like that I always feel the added considerable complexity is inherently more dangerous as it leads to either a) user error decreasing security because he didn't use it correctly or b) user bypassing some of the security on purpose because it's just too inconvenient, ending up making the whole thing less secure than a simpler setup would be (such hacks are usually spur of the moment things and not well thought out) c) more room for exploits to be overseen because of the underlying complexity making it hard to snuff bugs out. Know your threats first, and THEN implement security measures against them. The other way around just doesn't make sense.

For some things, I wouldn't even bother with VMs these days. You can get perfectly capable non-gaming computers in the $100 range. An entirely physically separated system is even safer (hardware bugs bypassing the security offered by VMs for example don't matter, because y'know, if you wanna be that paranoid - there were quite a few escape exploits in VM stuff) and also at the same time simpler to use.

 

[AnOminous]

Tails shouldn't persist and Qubes ideally gives you your favorite features along with privacy instead of being forced into some other distro or what-have-you. It's not strictly for privacy, it's a security thing as well, there just tends to be a lot of overlap in the fields and demographics.

You can create persistent storage, or at least make the rest of the drive visible to it, but depending on your use case, this kind of defeats the point of using it at all. Even doing relatively minor things like changing the size of the web browser window can leak potentially identifying information.

 

[Doppelmonger]

Does anybody had tried to install linux on an iBook G4 (the last model)? I have one and I want to give it a shot as a learning experience but I would like to have some advice about what distro is better suited for it since I plan to use it mostly for web forms and music playback at my home.

 

[updoot farmer]

linux on an iBook G4 (the last model)?

Your distro options are fairly limited to ones that still support PPC. Debian is fairly out of date for the platform. I'd look at something like Adelie or Void Linux. The other option is, as always, Gentoo. If you're just looking at web browsing -- FreeBSD/OpenBSD might be a better option.

Take a weekend off and do some distro hopping.

 

[Snigger]

Qubes is extremely bulky and it takes a high degree of autism to integrate into your workflow

 

[Knight of the Rope]

For some things, I wouldn't even bother with VMs these days. You can get perfectly capable non-gaming computers in the $100 range. An entirely physically separated system is even safer (hardware bugs bypassing the security offered by VMs for example don't matter, because y'know, if you wanna be that paranoid - there were quite a few escape exploits in VM stuff) and also at the same time simpler to use.

Ah, but my threat model is myself. I mainly use VMs so that I keep all of my different shit separated. I have different VMs for different work clients for software dev work that I do, etc, which mainly helps for reproducibility (e.g. since I only work on X's stuff on this VM and literally nothing else, then everything in .bash_history is all of the tweaks I needed to get shit working, if that ends up mattering later).

I also have a VM dedicated to shitposting and goofing off (this one), which keeps all of my meme/edgelord/fun stuff deliberately separate from my big-boy professional work stuff. Sure, in theory VM escape is possible and I could end up using gamer words in a work email because something leaked. But my threat model is myself and I'm pretty sure I couldn't code such a VM escape exploit, so that's some decent safety right there.

 

[gooseberry-picker]

Does anyone use Qubes? I run the majority of my shit these days inside separate VMs or LXD containers so I seem like I'd be the target audience, but the idea of making literally everything a VM and waiting 30 seconds for applications to start (because it has to load the dedicated VM first, y'see) or waiting 20 seconds for a file transfer between VMs (which is every file transfer you'd need to do, because every application is tightly isolated from each other) is just wacky. It seems like trading too much convenience for security at that point.

I used to run Qubes with the special color-coded patched version of the i3 window manager. It worked alright, but my VMs would often end up in a degraded state, forcing me to have to recover them every time. It's a good OS, so long as you don't need to do a ton of things with the GPU.

There is a project under development called Spectrum that is trying to do the same thing but with KVM and virtio graphics:
https://spectrum-os.org/

Some information about Spectrum's design.
https://spectrum-os.org/design.html

Does anybody had tried to install linux on an iBook G4 (the last model)? I have one and I want to give it a shot as a learning experience but I would like to have some advice about what distro is better suited for it since I plan to use it mostly for web forms and music playback at my home.

Void Linux PPC is the best that I've seen so far for that hardware. At least a couple regular Void Linux devs also contribute to the unofficial PPC project. I've installed Void Linux PPC on the last model of 12" iBook G4 with no issues whatsoever.
https://voidlinux-ppc.org/

The Gentoo PPC community is pretty dead, so you may have trouble getting help on their IRC if you get stuck. (Gentoo on SPARC is still very lively last I checked, though.)

 

[Ahriman]

DT reviews Slackware

I also love the fact that they went with KDE for it. Gnome Footcels BTFO again.

 

[Doppelmonger]

Oh, tank you @updoot farmer and you too @gooseberry-picker for the suggestions. It is a long weekend here in Tacoland and this iBook was the perfect excuse to learn firsthand about Linux.

 

[Pushing Up Tiddies]

Slackware

Thank you Patrick Volkerding you based potato nigger.

 

[Trans Fat 41g]

DT reviews Slackware

I also love the fact that they went with KDE for it. Gnome Footcels BTFO again.

I've pretty much cemented myself into using stable distros, even super stable ones. I may dip my toes into Slackware, just the mentality behind its development alone sells it.

 

[AmpleApricots]

Ah, but my threat model is myself.

Always has been.

Well if it works for you, for me that would be way too complicated. The nice thing is that we can all do whatever we want with our own tools we use. If we all did the same thing and not care how good or bad it is for us we might as well all install Win10 Home. If some mouthbreather tells you the mere existence of another tool or way to do a thing "just fractures the Linux community further" he's a retard and you can safely discard all subsequent opinions.

You also don't really want to compile bigger packages on PPC for Gentoo. As soon as it gets in the area of mesa and such you need quite a few heavy dependencies and a browser and that'd be a bit painful on a machine like that, especially if you plan on updating regularly. I mean it's certainly possible and there are worse, but not many people have that kind of pain threshold. I could also imagine not everything compiles without problem anymore. It sometimes doesn't even with ARM, which is a lot more widely used.

Spoiler: I want to sperg out about gentoo for a moment if I can

In general, lately I even feel gentoo is too heavy and overbearing. In a way that's also the fault of the insane dependency hell linux userland suffers from but the distro maintainers of gentoo make a lot of questionable choices too and many ebuilds are very sloppily written and pull things in they don't need (e.g. newer btrfs-progs ebuilds suddenly failing without an *udev installed, even when upstream doesn't even need it, lots of packages pull in dependencies they plain don't need or even worse, just assume certain configurations that are not necessarily a given in gentoo) without even giving you an use flag, this brings usually in software I don't want on my system and generally leads to waste. I feel lately it's been a bit of an uphill battle of masking and modifying ebuilds (and also hiding away ebuilds there because stuff gets removed even though it still works fine just because a maintainer felt it's "stale") in my local overlay and it's all kinda annoying, constantly working to undo pointless changes that appear more and more to be made for change's sake. The less there's said about things like acct-user/group, the better.

I'm not into distro politics much so I don't really know who is who and what insane (maybe even tranny) politics might go on behind the scenes but it's just what I've been noticing, that a lot of stuff is simply not very sensible anymore. Gentoo as sort of a meta distribution was meant to support everything and I do understand with such a wide scope package quality is bound to suffer sometimes, but news notifications about (often quite invasive) changes have started to become quite a bit defensive if not hostile from the get-go in recent years and consistently seem to push "the supported way to use gentoo, take it or leave it" which really doesn't sit well with me. Forums' posts by some devs on the gentoo forums I sometimes stumbled upon support that view.

I've stumbled across a tiny source-based distribution called KISS Linux recently, and my first impression was very good. I installed it in a chroot to play around a little and after a few minutes I already added packages for some of my software and wrote scripts to automate a few things. The whole distribution part is basically just a bunch of scripts you need to expand on and it's meant to be maintainable by you and nobody else when the need arises. It seems to have a small but high quality community too. I kinda want to use it but I feel a complex setup with this could be quite painful. I was thinking of just giving up on compiling bloaty and dependency-heavy (especially build time dependency) software myself like e.g. firefox and just install it in some chroot alpine linux container or something (probably without docker) and maintain my lightweight system base and software that's important to me myself. I feel if planned properly it'd give me maximum freedom and be less painful than constantly fighting the gentoo maintainers and dependency hell at this point.

E: Oh and from searching around I found out hacker news hates it, which means it has to be good

 

[Dick Justice]

everyone talks about gentoo but no one talks about funtoo and I've never understood why