Qubes vs. Mirimir's Isolation System

Pretty much any decent linux distro will have Virtual Box and OpenVPN available in their software repositories. I wouldn't worry about whether the distro comes with Virtual Box or OpenVPN out of the box.

If you're really going to have a host OS only for the purpose or running Whonix and some other Linux distro in a separate VM, you might want to consider having the host OS being one of the more secure and stable distros, like CentOS, which has a much longer support cycle (about eight years or more), than even Ubuntu's long term release. Normally, CentOS isn't the best for a desktop system, because setting up stuff to use multimedia, flash, etc., can be a bit of a hassle. (Although there's a great distro called Stella that gives you CentOS with the multimedia stuff set up for you.) But if you're not doing that stuff in the host OS, it doesn't matter anyway.

Also one (I think) big advantage to CentOS for the host machine is that it uses the Anaconda installer, also used by Fedora, which by far is the best and easiest for setting up a fully encrypted hard drive. I don't think Ubuntu will do full disk encryption through the installer. And I think Mint doesn't even support encryption in its installer, which doesn't mean you can't use encryption with Mint, but it's going to be a pain for someone new to Linux.

Then for your distro that you surf the clear internet with in a separate VM, maybe choose one of the distros that's easy to use out of the box and has most of the software you would want. Ubuntu's fine. Linux Mint is probably the best for pure everything works, out of the box, experience. But there's lots of distros. You may want to read around some, to figure out what appeals to you.

The other thing with Linux is that there are a lot of different desktop environment options, most of which are generally availabe in any major distro. So the desktop you're actually working with is not dependent on the particular version of Linux you're using, but that will largerly determine you experience, workflow-wise and in terms of easthetics. Popular desktops are Gnome 3 (and Mate the fork of the older Gnome 2), KDE, XFCE, LXDE, desktops based on Fluxbox or Openbox window managers, and then there's some distros with their own special spins, like Ubuntu's Unity based environment, Mint's Cinnamon spin on Gnome 3 that makes it more like the older Gnome 2, and so on.

If you're completely knew to Linux, you may want to download a few different live cd images of Linux, boot them from a USB stick, and just play with the desktops a bit to see which ones you like.

As I think about it, if you're new to Linux, just setting up the host OS is a bit or a learning curve in and of itself, let along getting into VMs, although once you've dealt with setting up Linux on your bare machine, using it in a VM is not much different. But be prepared for some learning and configuring. Getting into Linux and VMs at the same time is kind of jumping into the deep end, as a way to start.

 

By that, I mean: 1) I'm confident that it's not spyware or backdoored, notwithstanding the Dock-Amazon thing; and 2) I've gotten used to Unity, and even like it in some ways.

Few if any Linux distros come with openvpn, and none with VirtualBox. The best source for openvpn is the Ubuntu repository. For VirtualBox, I prefer the Oracle site (virtualbox.org) because the Ubuntu repository is often not current.

 

There are alternate install disks for both Ubuntu and Xubuntu (but not for Mint) that use the old character-based Debian installer, which does auto dm-crypt LUKS and also full manual disk partitioning, which you need for RAID plus dm-crypt LUKS plus LVM. There are instructions for that here: https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-4

 

You know what, on second thought I'm going to revise a bit what I said above.

If you're new to Linux it would probably be easiest if all of the versions of Linux you use, for the two VMs and the host OS are based on the same distro. This way the methods for installing software from the repositories, updating the system, and any configuration files you have to edit, will be the same on all three distros and you won't have to be learning different ways to do the same thing at the same time, which could be kind of confusing.

Since Whonix is based on Debian, that means use only Debian based distros, which is a good option since Debian is one of the main distros one which many other distros are based.

I think for your host OS you should use Debian Stable. It's more secure and stable ultimately, than even Ubuntu LTS (long term support). It's a popular distro for servers (like CentOS that I mentioned above). Debian also has a good installer which will do full disk encryption for you (as I said, Ubuntu and Mint aren't going to do that).

Then you can use Whonix in one VM and some other Debian based distro for your other VM. Ubuntu is fine (based on Debian), Linux Mint is based on Ubuntu which is based on Debian, so its fine. (I would not use the version of Linux Mint based on Debian directly, called LMDE, it's more advanced and complicated to use, and buggy. It's based on the testing/unstable version of Debian.) Snow Linux actually has a pretty good out of the box experience and is meant to be easy to use. CrunchBang (that mirimir mentioned) is popular for a lighter weight desktop. Those are probably the best options for a person new to Linux.

Good luck!

 

I think that just makes it kind of complicated for a person new to Linux. I don't see any reason not to just use Debian Stable for the host OS. It's the most secure and stable option (except for CentOS). The installer already has full disk encryption, including in the graphical installer. It just seems easier and cleaner for the purpose of the host OS, especially for a beginner, but really for anyone.

[Edit: I guess the one argument I see for using Ubuntu LTS with an alternate installer, for the host OS, is that if RollingThunder also decides to use Ubuntu for the second VM, then it would be simpler to have the same OS in those two instances. Same desktops, less to learn. That being said, I still think since the whole point of this is security, Debian Stable is a better choice for the host OS--and again, it will do full disk encryption with its graphical installer, not just the character based one, so that's a little easier. In the end, I suppose either choice is fine. Although, using Ubuntu LTS for the host OS will introduce the Virtualbox complication below. So maybe both choices have their minor complications, in which case I guess I'm still leaning toward Debian Stable for the host OS.]

*

I actually tried a distro recently that had Virtualbox in the base distro. I can't remember what it was, but I was surprised. Anyway, it really doesn't matter, because Virtualbox is easy to install.

I'm going to disagree about using VirtualBox from the Oracle site. For a beginner that's going to be another complication in a long list of things to learn. It's easier to just use what's in the distros repository--and getting used to the whole idea of repositories and what that's about. And you're not going to automatically get updates, when you run updates on the system, so that will also be more complicated to keep track of (either that or the source for Virtualbox will have to be added to the sources.list, which seems like another unnecessary complication for a beginner). Also, if RollingThunder uses Debian Stable for the host OS, as I suggest, I feel pretty confident that Debian will provide a secure and stable version of VirtualBox with security patches when necessary. Just seems cleaner, easier, and good enough for a beginner.

I guess I just think if RollingThunder really does this, he's biting off a lot to chew already, as someone new to Linux. Why add complications?

 

I should add that I am not noob user. I've been around the block a bit. I have been a Microsoft hater for years. I have investigated several iterations of Linux. I am leaving Microsoft. That part is settled. I am going to Whonix. That is settled. I am too deep into the TOR network to not go Whonix. I have purchased a separate drive for this project, thus, I am not completely tearing down my existing infra-structure. This is a migration. A project I am commuted to! With all the NSA revelations from this past summer I cannot allow myself to stay in MS country any longer. I hope that explains my positioning. CB, I gleaned from your comments the inference that suggested that this is not a casual endeavor, more of a committed process that is not going to happen over-night. I agree and fully concur if I have correctly read your intent.

 

Ah, sorry. I had the impression from your intial posts and some of the questions you asked that you had not used Linux before.

I guess how difficult the setup is depends on how much experience you have installing Linux, partitioning the drive you're going to use, setting up full disk encryption, installing software from the repositories for whatever distro you choose, and other little configuration issues that tend to come up (which usually mean at least a little time on the command line, looking at the settings in configuration files, and searching around for guides online). Also are you familiar with the different ways that different distros do things? Arch vs Debian vs Fedora representing probably the three biggest divides (I guess there's Gentoo based distros also and a few other more obscure ways of doing things--let's not even get started thinking about BSD based systems, which is not even Linux, but has its advantages for security, though I have no experience with them, just read about them some).

If that all sounds familiar to you, then it's probably not that big of a deal. If that all sounds like a bunch of gibberish (as well as much of what I said in my previous posts), then it's just a lot of things to learn at once. That's why it seemed like it would simplify the process a lot to use only Debian based distros for the whole setup. (Just following mirimir's guides and adapting to your needs would probably also be a relatively easy way to go.)

I was trying to think of my first endeavors into Linux, when I wrote my posts. A lot of things that are simple and obvious to me now, took a while for me to originally figure out. Although honestly, even for me it would not be completely simple to set up the sort of system you're talking about (I called myself an intermediate Linux user, who's fiddled with a lot of different distros and used Linxu exclusively for several years.) I could do it no problem, but I wouldn't assume I was going to get it all running how I like in one night. And I'm sure there would be a few things I'd have to research and double check.

If you're committed to it though, you'll figure it out. There's plenty of help and guides on the internet.

 

It is not all familiar too me, no. However, I am an advanced enough computer user to be able to handle it. In truth I have not dealt with Linux that much but am familiar with the repository, have partitioned a root, swap and main partition before. The Linux command line is kind of frightening too me. I have never dealt with it. I work in IT. I should do fine. I hope you guys are ready for my plunge. I created this account because I knew it was going to be necessary with the plans I have been making. I have a bad habit sometimes of talking a bit more basic then I actually am. If I did that and gave off the wrong impression I apologize.

 

No reason to apologize. I just misunderstood where you were coming from. It was my mistake.

I think if you work in IT and are already familiar with the repository concept and partitioning, then you'll be fine.

No reason to be afraid of the command line. It's' kind of fun and for most of the things you're going to do not that complicated. Like I said, there's lots of guides out there. People will tell you the exact commands you need to use. You'll just follow things like a recipe and then start to get a hang for what things actually mean. At the end of the day, the command line (and configuration files) are just an interface. It's not as pretty, like a GUI, but it's not necessarily any more complicated.

And don't forget that whatever distro you use has its' own forums. Any problem you come across has very likely already come up and been answered in an already existing thread. Google (or Startpage if you prefer) is your friend. And if you can't find an answer it's fine to ask questions there too.

I also think it's good that you have a separate drive for this purpose. That will make setting up the host OS easier and you don't have to worry about dual booting and screwing up an existing install of another OS. It leaves you some room to make some mistakes and start over if you have to.

 

I picked Ubuntu (or Xubuntu, in older versions) because they're a little more user friendly than Debian. However, using Debian 7 for host and VMs would arguably be more secure. As I understand it, adrelanos picked Debian for Whonix because its repository is best secured, and because, with the largest developer base, there are more eyes on it.

 

Yeah, believe it or not I have ten years of Acronis images devoted to XP. As much as MS ~snipped~ me off it is going to be tough leaving the sophistication I have tweaked Windows into over the years. Ten years is a long long time to tweak an OS.

 

Hmm, in what way do you find Ubuntu to be more user friendly? I've used both and they're pretty similar, since Ubuntu is based on Debian. The only thing that was more complicated with Debian, to me, was getting multimedia stuff working. But if Debian is just the host OS and it's only purpose is to run VirtualBox and openvpn, I can't see how the two would be different at all. Certainly for the VM used for surfing the internet in the clear I can see Ubuntu being better (though I'd say Mint would be even easier).

Yeah, I used to have a lot of Acronis images of XP. But now that I understand Linux pretty well, it's just so much better, more logical, cleaner. And it's fun to get to try out the different desktops. Personally I prefer Mate (former Gnome 2). It's a little old school these days, but to me it's way more usable than Windows or OS X. And the mere fact that you have a choice of desktops is pretty novel, coming from either Windows or OS X. Every time a friend or family member asks me to fix their Windows system, now I feel like: Oh yeah, this OS is crazy. And I just scratch my head at the unnecessary complexity. Even OS X is pretty stupid much of the time.

 

Chuckle, I try not to get roped into those types of social issues. I have one and only one old man I take care of free of charge. He is enough.

 

The major thing is Ubuntu Spftware Center. Both Debian and Ubuntu have good searching for installed apps. But it's harder in Debian to find a new app when you don't know the name, just what you want it to do.

I do agree that Debian is a great choice for the host OS.

 

Ah, I don't have much experience with Ubuntu's Software Center. I my days with Ubuntu, it was just Synaptic, like Debian, which is okay. But I generally just use Google to research new apps for a particular purpose and then install from the command line.

 

Ok, how does one install from the command line?

 

First, to ensure that the machine has the latest package info:

sudo apt-get update

Then, to install openvpn, for example:

sudo apt-get install openvpn

To get the latest versions of all installed packages:

sudo apt-get upgrade

Note that "upgrade" does not upgrade to a new release

For all the details:

man apt-get

 

@CB @Mirimir: Wholly guacamole, you guys are torturous. I just got a wild hair to start the download for Debian 7.20. Are you kidding? Three 4 gig freaking disks plus an update disk? Good gosh. I am going to harass the wife and go to bed. Grinz

 

Sorry for not responding in a timely fashion. I have a lot going on now and I can only deal with this stuff on weekends. I ordered two big books in order to really learning (at least a little) how things work. The basics so to speak. One is on Linux, the other on cryptography.
To answer your question, I only have a root partition with about 20GB and a swap partition with 8 GB. I don’t know if it makes sense to have a /home partition? I didn’t know that you should have at least 32 GB of space. I installed Qubes R2 months ago and I am not sure if the system requirements stated 32 GB as a minimum then. I do have enough disk space (750 GB) for all systems. I was a little confused when reading about the disk space but maybe I just missed it.

I know what you’re talking about. Maybe I should work a little more with other Linux distributions before starting with Qubes. I am learning the basic commands in Linux to use in a terminal but I am struggling with Qubes because I don’t know what to do when I get an error message. For example, I tried to copy a file from an external hard drive and I tried to use the copy command in the interface with no result. A lot of things only work for me with commands in a terminal. Using the GUI often does not work. But then I think it’s just some things I don’t fully understand.
I definitely will try and learn more about Linux in general and hopefully I will come to terms with Linux somewhere along the way.

 

I haven't installed Debian in a long time. But that sounds weird to me. Most distros require about a single 1-2 Gb .iso image.

I have no idea what they have on those three disk images, but it must be everything under the sun, every desktop, application, utility, you could possibly every want. It sounds like the purpose is that once you have the disk images, you never need an internet connection again to install something. (In fact, reading around a little bit it does sound like those images contain the entire Debian repositories. You don't want that.)

Anyway, I think what you want is one of the live install images: http://www.debian.org/CD/live/ Those look more normal to me. Just pick which desktop you want.

Or if you have a fast internet connection, download the 200 Mb network install image and then the installer will download everything else you need during the install process: http://www.debian.org/distrib/netinst

 

Thans for the info. So when you installed you used the manual partitioning method and then just assigned / and swap partitions for Qubes and that's it? From reading around more, it does sound like Qubes doesn't really use /home the same way as other Linux distros (it's just part of /).

As far as I can tell, Qubes is quite different from most other Linux distros. I've installed Linux a lot of times and as you can see, at the moment I'm befuddled by what I would know exactly how to do with any other Linux system.

In addtion, because Qubes is not used by many people, there aren't a bazillion howto guides out there, like there usually would be. So that makes it a bit harder to figure out.

So yeah, if you're unfamiliar with Linux, setting up Qubes first may really be diving into the deep end. On the other hand, you've already gotten this far. And if Qubes is what you want to use then why not just learn it? Spending a bunch of time with other Linux distros first, only to have to relearn things the Qubes way may just be a diversion. Still, if you get frustrated with Qubes, you might want to install another Linux distro just to see that it can be pretty easy and have something you can enjoy and experiment with.

Good luck! And thanks again for sharing your experience with Qubes so far.

 

Thanks, I am going there now!

 

No problem, I'd sort of forgotten that Debian has this somewhat idiosyncratic set of different ways to be installed. As I said, most distros just have the approximately 1-2 Gb live cd image, providing different ones for different desktops. And if they have other ways of being installed, they tend to be buried a bit in the details for the more advanced users.

But on the Debian download page it is not totally obvious at first, if you're not used to installing Linux, which way is the usual way of doing things. Now that I've looked at it again, I remember scratching my head a bit, when I first installed Debian, over which way to do it.

Just be happy you're not installing Arch. That is a crazy distro to install and they've only made it more insane over the years.

 

I removed Ubuntu and have just installed Linux Mint 13. From what I understand its based on 12.04 Ubuntu, so does it still have the Amazon tracking? Because I read that Amazon is tracking Ubuntu keystrokes, is this correct?

 

That's a little extreme.

By default, Dock search terms get forwarded to Amazon, to find relevant products.