Qubes, What are your thoughts on it?

If you have an Intel processor with "hyperthreading" don't bother. It negates completely all advantages of virtualisation.

Any advice for someone that wants to try it out? There is surprisingly little info out there beyond one somewhat usefull presentation.

Does GPU passthrough work?
Does it benefit from multiple cores and threads as much as one would think?
Is it possible (and easy) to choose which hardware such as memory sticks/printers/etc.. are opened in which qube?
Do you need to provide all the iso's, or is there something standard that works for a lot of functionality included?
Can you run a Windows VM for gayms?
Anything else you would share?

no i am smarter than all of them combined

It's just a theo de raadt pasta I couldn't not post.
marc.info/?l=openbsd-misc&m=119318909016582

>Does GPU passthrough work?
No clue. Just don't use it for games and you'll be fine. If you need to use hashcat or some shit use another rig
>Does it benefit from multiple cores and threads as much as one would think?
Most likely, only use it on my laptop (which is my main driver)
>Is it possible (and easy) to choose which hardware such as memory sticks/printers/etc.. are opened in which qube?
Yea it's extremely easy! Every device is under devices (such as PCI passthrough and so on). Everything related to usb is controlled through a USB proxy vm, where you can quickly choose what USB qubes where
>Do you need to provide all the iso's, or is there something standard that works for a lot of functionality included?
Qubes comes with Whonix, Debian & Fedora by default, but you can run basically any OS you'd want. If you want qubes functionality you need to compile it using the Qubes builder
>Can you run a Windows VM for gayms?
yes, but why would you?
>Anything else you would share?
Compiling shit for the driver can be difficult due to the way it's mounted.

Attached: Devices.png (1600x900, 278K)

>just pile on more virtualisation and gcc flags!
>it will fix all of the security flaws inherent to the software and hardware we use today!

Software without security holes doesn't exist. This we must accept. The person behind BSD has not much room to belittle others considering that any benefit in that area that BSD has, can be reduced to 'protection by obscurity'.

Considering that fact. Isn't it beneficial to take the natural solution of diversifying. Even if malware was made to infect on thing, it can't just adept to attack the VM software and then the host. Nothing like that has been out until now as far as I know. And I suspect it would be an absolute bitch to make it.

The other benefit is that you should get far better compatibility if the VM software works probably. Which I hope we can assume since Qubes is all about that. But that might just be my optimism and excitement about something new.

Attached: kanata_think.jpg (473x600, 70K)

Thank you for your time user!

feel free to ask anything else you'd like!
I once had a VM die on me, meaning I lost all my work done (but they do keep backup's of the qubes builds, I was just a dumbass and only managed to copy my memes folder)

I will then!

Can you use a VM for better compatibility? Printers and scanners are still a nightmare for me in Linux. I use Solus and do not want to learn how to compile sourcecode to be honest. I don't think it would pay off with most Linux software for that. So running a Windows VM for scanning and printing seems super convenient, with the drivers and software of the brand.

user-whonix but you're posting on here? how?

>OpenBSD is security by obscurity
No, OpenBSD aims to have security by correctness, and has a very good track record of fixing problems before they arise. As an example they disabled SMT in 6.4, before the entire MDS Intel fiasco. They also have privelege dropping with pledge(2), which Linux is sorely lacking.

This is a bit of a dumb question probably..

I'll see if I can run a mailserver Qube with BSD then. Should be fun.

>Can you use a VM for better compatibility?
Yes definitely!
But it depends a lot on the printer. If you have it connected through USB, you will most likely not need to do anything, since you can quickly just select under Qubes Devices, which VM the USB passthrough should go to.

If network, it's a bit different due to how the network is setup.
By default network is as follows:
sys-net (The original network PCI passthrough) --> sys-firewall (Here is the software firewall & basic security stuff) --> Final VM.
This means, that the VM it self cannot find ANY other devices on the network, so for a network printer to work, you'd most likely need to have a PCI passthrough of the network directly to the VM to avoid all the extra security
It's not dumb at all! It's how we all learn :)

I used to live in china, where oddly enough Jow Forums wasn't blocked, but google was, meaning I had to buy a pass to bypass the google captcha and post anyway (which also works for tor posting)

Attached: network.png (1600x900, 250K)

I've used a HVM Windows virtual machine with GPU pass through inside Qubes OS. It's a fucking pain in the ass to setup and you are SOL if you have an Nvidia card because there's no way to bypass code 43 with the Xen hypervisor. Even if you do manage to get it all working, you will probably get 2/3rd the framerate as you otherwise would. The recent patches for Intel security flaws now made it 1/2. I'm now considering dual booting windows and ONLY using it to install and play games - no web browsing, no discord, etc.

I forgot to mention, you will need to buy a separate PCI USB card to pass through to your Windows VM. The mouse input from the host OS will be unplayable for games.

every time i see a new operating system i feel like its just a way to rip off of people and mess up there computer. you dont really need a operating system just use windows , mac or hell even linux. they are both simplistic and easy to use. Plus you can just download a ISO file off a random website if you cant afford a product key. The hype for new OS's are just dying for me.

Attached: cgu3dm93q3v21.jpg (640x640, 23K)

That definitely sold it to me.

Last question: Do you run VPN on the host (I assume you got used to using that because of the CCP and their shenanigans)? Or is there a seperate qube for the firewall and stuff through which it all goes, and do you have to configure it in there?
If that is how it works. Does it even matter or make any difference which one you pick?

Attached: serious.jpg (602x328, 45K)

I don't use Nvidia, and definitely not for Linux considering AMD has better official support. And I never bought into Intel either. Other than an i5 6600 I got on ebay for my Deskmini 110.

But yeah. Less framerate for gaming is a shame, hopefully it won't be much of a real latency problem since I hate newer games and older games run fast. Not going use more than 1080p. So hopefully that all mitigates those problems. If not, I am with you on the dualboot idea. I use a swapdrive or install it on another disk that I select in the bios.

>Do you run VPN on the host
I use a seperate VM, which get's it network through sys-firewall, where I then connect the vpn VM to the final VM. Else you can just configure the vpn inside the VM.

>Does it even matter or make any difference which one you pick?
Not really, but try and avoid modifying the sys-net & sys-firewall too much. It's better to just make a new VM that provides network and calling it VPN

in terms CCP, that's another story, although quite interesting.
I could tell you about some networking stuff I did in china, shoot me an email if you want to talk about it! Gentoo@riseup(dot)net

I would get 240+ fps in Overwatch on native windows and I get 80-125 on the sane settings. That's with the Xen paravirtualized Windows drivers too.

Forgot to mention that's with the 8700k,

Holy smokes.
If that happens with games like Overwatch, and to such an extent, then it is of the table yeah.

Pre Intel security patches it was 130-180.

I thought Intel HT was not used much in games? Did the fixes for speculative also hurt the rest of it's performance?

I might consider upgrading to the new Ryzen 8C, which should do about as about or almost as your prefix 8700k. Depends on my work. Then again, we are assuming I could even get all that shit configured like you did. A performance hit is unavoidable,

The most recent patches are what affected the frame rate.

install gentoo

>appeal to authority
This is a logical fallacy. You need to prove your case.
If so many people say it is so, I'm sure you can interpret, understand, and reiterate their points as to why. If you can't then you should probably keep your mouth shut, stop being a faggot sheep, and use your brain a little more.
If you don't know, ask, but don't use someone else knowing as an argument. They are not here and they cannot defend their points, and they cannot attack others points for you. You need to be mentally capable of doing it yourself.
Fucking summerfag teenagers.

Its going to be or this or fedora on my not so new desktop

I've been thinking of switching to Fedora from Ubuntu lately too. It just means taking the time to do that, and my desktop is a Kodi media server for the family, so that takes lots of fucking with to get back the same usability for them, and my laptop I run my business from which would probably be easier to transition honestly. Just backup gnucash data and etc and reinstall.

gaymers talking about security

lmfao

do you run kodi on ubuntu..? And what do you mean by a media server do you boot it from network?

I really want to try it

Xen, not KVM.

You shouldn't be listening to some autist talk about authority fallacies while believing anything Theo de Raadt says without a grain of salt or even understanding the full context of his conversation.

For his subject, Theo is right, when you add a new kernel, the virtualization software and hardware implementations, you are adding attack surface and worse, on uncharted territory since virtualization is not as tried and tested as the kernel general security. But they are talking about the kernel side of the business.

Virtualization however is useful in isolating the userspace in a cost effective manner. Most of the vulnerabilities are in userspace, most bug reports are in userspace, you are more likely to be fucked by your browser than from a kernel vurnerability. That's the reason companies around the world see virtualization as a safer and cheaper option to protect themselves from all their userpace crap in their servers.

But it all comes down to the threat model, if you running a few process on a very bare bones OS, likely you're increasing your attack surface if you choose virtualization, however, on a Desktop full of crap, you are safer using virtualization and this is the objective of Qubes, to isolate userspace as well as it can, reducing programs access to network, memory, metal and disk.

Of course, Qubes is not a safer option than using physical isolation, therefore removing the virtualization added attack surface out of this scenario, but it's not easy, practical or cheap to run and maintain something like this.

As for, my thoughts on Qubes, it's frozen and it's likely not a OS you want to waste your time on.

Founders have already left the project and the only people left are just squashing the hundreds of bugs, it's not going anywhere in terms of features and goals.

They hit that stage where the novelty has passed and there's not enough people using it to push for improvements while bugs just keep pilling up.

The string of processor security bugs published in the last few years proves that sandboxing and virtualization are pointless as security measures.

>4.14
nice

Don't drop reddit fallacies without understanding what they mean nigger.

It's absolutely based. Currently running 4.0.1 on my ThinkPad.

is there an identical alternative?

That's why everyone uses amd64

Its great but a bitch to set up. I gave up after a few weeks, will try to rice it to oblivion when I have the free time.

does this need a shitload of RAM?

It depends on how much multitasking you want to do. I think they have 8GB as the recommended on their website.

Don't protect you against intel ME (ring -3)... Hi there glowing niggers!

>Founders have already left the project and the only people left are just squashing the hundreds of bugs, it's not going anywhere in terms of features and goals.

Does it really lack anything it should have though? Just getting rid of bugs and plugging holes could be good enough right? Since the capabilities of the OS depend on the VMs anyway.

Attached: mechazawa_lament.jpg (225x225, 5K)