Qubes install observations

Discussion in 'privacy problems' started by Palancar, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I already marked up Mirimir's other thread enough. I loaded Qubes on an external today and took the first few steps.

    1. Pleasantly, the distribution does a great job with DM/LUKS so the entire OS is wrapped in solid encryption.

    2. I could not load the OS on my usb flash. The distribution looks for free space/unallocated on a device. Windows will not let you delete and/or multi partition a flash drive. Even after deleting the partition using a nice partition wizard the partition was still seen to be there. I may go back in a day or so using Linux and mess with partitioning the flash, which windows cannot do. I am mentioning this to help others assess ease of use for an "average" computer user. You will have to prep a flash with linux, if that even will work. In a few days I'll report back on this step if I get around to it.

    3. I had no issues at all installing the OS on the free space of a usb external drive. As you know, windows can easily partition a usb hard drive, which is handled differently than a flash. I free'd up enough space to easily accommodate Qubes.

    4. The speed is beyond my ability to accurately report on because I threw this trial run on an older usb2 external I had laying around. Still the page loads were decent and it seemed peppy!! I am virtually certain the speeds would be awesome installed true bare metal on this machine. USB2 is "snail mail" compared to my USB3 drives. Unfortunately I only had a USB2 available.

    5. Initial observation; this OS is absolutely NOT created with a normal home user in mind. If I gave this to my friends or brothers it may as well be written in a language they don't speak. I was easily able to log online and cruise around, but then again I live on computers.

    6. TouchPad - I was and have been unable to get "touchpad" settings on my laptop to work acceptably. The mouse portion is slick and smooth but I have to hard click the touchpad to open things. I would never subject my touchpad to that treatment long term. I did open system settings and played around with all the touch pad settings (the OS saw the correct touchpad by name) but it didn't seem to help. Caveat: I plugged in a conventional usb wired mouse from my desktop. It worked flawlessly and in fact better than on my desktop. This laptop touchpad clicks by just my finger weight using Ubuntu 12.04. The debian drivers are exceptional for this device. I may look into copying over the drivers but for now that is beyond me on the OS.

    7. Learning curve promises to be steep based upon my simple 2 hour test drive. For home use of untrusted internet and general surfing I had it up in under 10 minutes. Graduating to tunnels, etc... it would take some learning "pains". I read a bunch and understand what they are doing via a "black box" presentation. It is another thing to put the rubber on the road with it though. The theory is amazingly secure and I love the concept.

    I would be interested in hearing some observations from anyone here that has tested this OS.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Do they have templates for VPN and Tor networking modules?

    Or do you need to roll your own from a basic template?
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I just looked up Qubes. Looks pretty cool. Can you download stuff or is it more like a VM where everything is limited within a container?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Qubes is (loosely speaking) like Lixux plus VirtualBox.

    But it doesn't run full OS VMs, but rather single-app VMs.

    Or rather, key pieces of OSs are separately virtualized, and isolated from each other.

    It's very elegant.

    I've forgotten what's involved in copying stuff from one app to another.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi caspian,

    You can download the DVD ISO and burn it onto a 32GB (at least) USB 3.0 flash drive and run it on a 64-bit machine from the flash drive.

    There is a System Requirements and Hardware Compatibility List on the Qubes website.

    -- Tom
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I tried to upload a Qubes Architecture pdf for you but its 1.6 meg and the website won't allow it. One item worth mentioning is how Qubes handles your "unique" AppVMs. By unique lets for example say that you create one for Wilder's usage only. There is a template that in a sense hosts all the unique appVM's. Using this method you have a very small unique setup for Wilder's because most of the general stuff used in a VM is contained in the general template. Here is where it gets a bit technical under the hood. The template is READ ONLY and so any unique appVM cannot change one single "mark" inside the template. Not ever. You only need to keep the template updated and then each restart of a unique appVM remains up to date. By using VT-d Qubes is able to isolate each appVM completely. Its much more secure (in theory) than a traditional VM will ever be. You must have the proper hardware to capture all the advantages of Qubes. Even without VT-d there are some advantages, but with VT-x and VT-d (processor and motherboard bios enabled) there are extreme isolation possibilities.

    I ordered some more RAM today so I'll have plenty in about a week. I have been playing with running Linux in RAM anyway so now I'll never have to even consider physical limitations.


    lotuseclat79, my 32GB flash would not work with the Qubes installer. Have you actually used a flash and if so what PREP work did you do on the flash before attempting the install?
     
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi Palancar,

    I do not as yet have a 32GB usb3.0 flash drive. I do have 1 16GB, and most others are 8GB, and an odd assortment of 4,2, and smaller usb flash drives.

    The usual PREP work I do for usbs is in one of two ways:
    1) I usually fire up Disk Utility to format an MBR and then format a bootable fat32 volume which usually works for Tails, but for Tails I usually use the burn from ISO option on a previously formatted Tails either release candidates (RC) versions or totally new numbered versions between two different usb flash drives and the Tails utility to burn ISOs.

    2) I have also had success with using the dd command from an ISO to a totally unformatted usb flash drive - which you can unformat with the Disk Utility.

    Of course, the test is to boot from them after attempting to burn the ISO to the usb, and possibly try again from the start by unformatting them and attempt both methods again - as I have had success after several attempts at the dd command method, and on the MBR method as well.

    -- Tom
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    On my end the MBR approach didn't work (as I posted above). Even when I deleted the single flash partition windows seemed to throw a FAT32 partition back on the flash. I did the usual mbr rebuild and partition deletes. I do these all day long on conventional media and it goes off without a hitch. Windows handles an actual flash in a way that doesn't seem to be able to actually unformat and leave a flash media "partition free". I mentioned earlier that my thought is to use Linux to handle the task. I am glad that you have had successful experiences "unformatting" your flash media with dd.

    The Qubes installer simply would not let me select any reclaim option for my flash because it doesn't see any free space. I could actually click on the reclaim option but nothing happened. Once I clear off the formatting with linux it may work without a hitch. "fingers crossed".
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    After running Qubes for a few days I have decided that its not really for me, or specifically not for my current set of needs/uses. I realize that security and privacy run hand in hand, but they employ vastly different skillsets and models. I do feel like I have the OS security side pretty solid at this point. I backup all my stuff and create VM templates for all my machines. In other words it takes seconds to constantly have a fresh clean OS to start out the day with. The theory behind Qubes is rock solid but frankly its just not FUN to drive, even acknowledging that I am early on in the learning curve. My passion lies in the privacy dimension of what I consider a hobby of sorts. I think about and try new privacy approaches weekly. Its fun and challenging. So there you have it from my perspective.

    For those of you that may of heard about the major credit card HACK of Target Stores in the USA, maybe someone should have sent Qubes to Target management. LOL!!
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @Palancar

    That was more or less my reaction when I played with it a year or so ago. The focus is heavily on security, and there wasn't much energy about privacy, anonymity, etc.

    Are there ready-to-use templates for VPN and Tor network modules?
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I never got that far. When I start on a project such as this I first configure like a basic homeowner. Just surfing the web and only using operations where I don't need trust (such as a bank or personal email). At the same time I consider backing up and keeping the system "clean". I studied the architecture and played with a bunch of stuff. Although I guess I could have run away in the privacy configs, to me that is not something I would do until I had a firm handle on how it all works "under the hood".

    I am not saying I won't come back to this, but for now this project needs many more eyes on it. Open source is valid with substantial qualified peer review, which is not me on the Qubes platform. My .02
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Sounds really cool. I guess I could also run it from a large truecrypt volume too. I'm going to give it a try! Thanks
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for the explanation, Mirmir. Very interesting.
     
Thread Status:
Not open for further replies.