Re: [qubes-users] Launching speed of disposable VMs 15-18sec

['MirrorWay' via qubes-users]

On March 10, 2018 1:02 AM, 799  wrote:

> On 10 March 2018 at 01:48, 'MirrorWay' via qubes-users 
>  wrote:
>
>> Unlike regular dispvms, the lifetime of a named dispVMs is not tied to an 
>> app, you have to shutdown manually. Like regular dispvms, named dispVMs 
>> forget all changes to private storage after shutdown.
>>
>> To create a named dispVM called "disp-untrusted" that is based on the 
>> "untrusted" VM:
>> $ qvm-prefs untrusted template_for_dispvms True
>> $ qvm-create --class DispVM --template untrusted -l red disp-untrusted
>>
>> Your new named dispvm doesn't appear in the menu, so you'll need to rely on 
>> CLI to manipulate it:
>> $ qubes-vm-settings disp-untrusted
>> $ qvm-run disp-untrusted firefox
>> $ qvm-shutdown disp-untrusted
>
> but this VM is just one (1) VM that will be reset (including the home 
> directory) on each reboot, as such I can't start two of those VMs which are 
> separated from each other (like real disposable VMs)?

Right, they would not be separated. You'd just send both documents to the same 
running VM instance.

> $ qvm-prefs untrusted template_for_dispvms True
> I can't run this command. It seems something is wrong here
> I'm running Qubes 4rc5 and if I enter:
>
>  qubes-prefs --get
>
> I can't see a property template_for_dispvms

qvm-prefs, not qubes-prefs

> [799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZOQpYsq4KJ6YK7ClL-gGe-T1uCwN7gsnDUSELgSj3UkJiNjfDHBz55GqA2bjs9Xwdb2Cvrjymrq-GUakQ1r2VOX6HXtIl7dHAo4mKLEwVdA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

[Yuraeitha]

@Mirrorway
On Saturday, March 10, 2018 at 1:48:12 AM UTC+1, MirrorWay wrote:
> Unlike regular dispvms, the lifetime of a named dispVMs is not tied to an 
> app, you have to shutdown manually. Like regular dispvms, named dispVMs 
> forget all changes to private storage after shutdown.
> 
> 
> 
> To create a named dispVM called "disp-untrusted" that is based on the 
> "untrusted" VM:
> 
> $ qvm-prefs untrusted template_for_dispvms True
> 
> $ qvm-create --class DispVM --template untrusted -l red disp-untrusted
> 
> 
> 
> Your new named dispvm doesn't appear in the menu, so you'll need to rely on 
> CLI to manipulate it:
> 
> $ qubes-vm-settings disp-untrusted
> 
> $ qvm-run disp-untrusted firefox
> 
> $ qvm-shutdown disp-untrusted
> 
> 
> 
> At this point you can verify that changes to /home DO NOT persist. You can 
> also make sys-net, sys-usb disposable.
> 
> 
> 
> marmarek has some more posts about this.
> 
> 
> 
> I personally think this feature should be better advertised (e.g. added to 
> Create Qubes VM).

Agreed, there is sometimes some very interesting information/use-cases 
about/for Qubes, which is either lost in long detailed guides as a quick 
remark, or not documented at all. It's understandable that the developers are 
busy though, but it'd be interesting if we one day can get these interesting 
use-cases of Qubes highlighted more.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2526e793-2b6d-43c5-995a-b04e369230db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

[799]

On 10 March 2018 at 01:48, 'MirrorWay' via qubes-users <
qubes-users@googlegroups.com> wrote:

> Unlike regular dispvms, the lifetime of a named dispVMs is not tied to an
> app, you have to shutdown manually. Like regular dispvms, named dispVMs
> forget all changes to private storage after shutdown.
>
> To create a named dispVM called "disp-untrusted" that is based on the
> "untrusted" VM:
> $ qvm-prefs untrusted template_for_dispvms True
> $ qvm-create --class DispVM --template untrusted -l red disp-untrusted
>
> Your new named dispvm doesn't appear in the menu, so you'll need to rely
> on CLI to manipulate it:
> $ qubes-vm-settings disp-untrusted
> $ qvm-run disp-untrusted firefox
> $ qvm-shutdown disp-untrusted
>

but this VM is just one (1) VM that will be reset (including the home
directory) on each reboot, as such I can't start two of those VMs which are
separated from each other (like real disposable VMs)?

$ qvm-prefs untrusted template_for_dispvms True

I can't run this command. It seems something is wrong here

I'm running Qubes 4rc5 and if I enter:

 qubes-prefs --get

I can't see a property template_for_dispvms

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tMr2n9%2B_rOsrAZFLaAEXiX4kMqBScxL5GuLt2MbNuueQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

[Yuraeitha]

On Saturday, March 10, 2018 at 1:49:55 AM UTC+1, Unman wrote:
> On Sat, Mar 10, 2018 at 01:21:22AM +0100, 799 wrote:
> > Hello,
> > 
> > Am 10.03.2018 1:10 vorm. schrieb "'MirrorWay' via qubes-users" <
> > qubes-users@googlegroups.com>:
> > 
> > You can reduce the start time to almost zero by using an already-running,
> > named DIspVM, see marmarek's post in https://github.com/QubesOS/
> > qubes-issues/issues/2801.
> > 
> > 
> > That sounds very interesting.
> > I have looked at the link, but didn't figure out what to do, to get faster
> > DispVM boot up times.
> > What do I need to do?
> > 
> > 
> > You can set a cron job that ensures they shutdown at least once per day.
> > 
> > 
> > Why? The DispVM should be shutdown after I close the window.
> > 
> > [799]
> > 
> No, it wont be - what Marek suggests is creating a qubes with a
> disposableVM as its template. Then you can start this, and open term or
> firefox in it straight away. But that qube stays running until you
> actually close it.
> 
> Just qvm-create a qube with a dvm as the template.

the speed people reply around here is indeed scary sometimes, I didn't even 
chance to try correct my self after realizing I had read it all wrong before 
you posted a few seconds before me ^^; but I appreciate the explanation, it 
does make more sense now by reading your interpretation. I didn't catch the use 
of a dispVM as a template. That does however seem very fascinating.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbe7277d-8ce0-475b-8f5d-87da1c9f19d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

[Unman]

On Sat, Mar 10, 2018 at 01:21:22AM +0100, 799 wrote:
> Hello,
> 
> Am 10.03.2018 1:10 vorm. schrieb "'MirrorWay' via qubes-users" <
> qubes-users@googlegroups.com>:
> 
> You can reduce the start time to almost zero by using an already-running,
> named DIspVM, see marmarek's post in https://github.com/QubesOS/
> qubes-issues/issues/2801.
> 
> 
> That sounds very interesting.
> I have looked at the link, but didn't figure out what to do, to get faster
> DispVM boot up times.
> What do I need to do?
> 
> 
> You can set a cron job that ensures they shutdown at least once per day.
> 
> 
> Why? The DispVM should be shutdown after I close the window.
> 
> [799]
> 
No, it wont be - what Marek suggests is creating a qubes with a
disposableVM as its template. Then you can start this, and open term or
firefox in it straight away. But that qube stays running until you
actually close it.

Just qvm-create a qube with a dvm as the template.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180310004952.z2xfnxodxexhc3e4%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

['MirrorWay' via qubes-users]

Unlike regular dispvms, the lifetime of a named dispVMs is not tied to an app, 
you have to shutdown manually. Like regular dispvms, named dispVMs forget all 
changes to private storage after shutdown.

To create a named dispVM called "disp-untrusted" that is based on the 
"untrusted" VM:
$ qvm-prefs untrusted template_for_dispvms True
$ qvm-create --class DispVM --template untrusted -l red disp-untrusted

Your new named dispvm doesn't appear in the menu, so you'll need to rely on CLI 
to manipulate it:
$ qubes-vm-settings disp-untrusted
$ qvm-run disp-untrusted firefox
$ qvm-shutdown disp-untrusted

At this point you can verify that changes to /home DO NOT persist. You can also 
make sys-net, sys-usb disposable.

marmarek has some more posts about this.

I personally think this feature should be better advertised (e.g. added to 
Create Qubes VM).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/tuSp8G46MAfqiSHVBBKxwOnpqGFSUUt9zaZZSV7T9RKlaQCWxP2CzP2peugTNZRDRWcnlmKcKmWxO_PZ-y6t5dGqQkgFaVv8JQ51A8d5Qhg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

[Yuraeitha]

On Saturday, March 10, 2018 at 1:21:25 AM UTC+1, [ 799 ] wrote:
> Hello,
> 
> 
> 
> Am 10.03.2018 1:10 vorm. schrieb "'MirrorWay' via qubes-users" 
> :
> 
> You can reduce the start time to almost zero by using an already-running, 
> named DIspVM, see marmarek's post in 
> https://github.com/QubesOS/qubes-issues/issues/2801.
> 
> 
> 
> 
> That sounds very interesting.
> I have looked at the link, but didn't figure out what to do, to get faster 
> DispVM boot up times.
> What do I need to do?
> 
> 
> 
> 
> 
> 
> 
> You can set a cron job that ensures they shutdown at least once per day.
> 
> 
> 
> Why? The DispVM should be shutdown after I close the window.
> 
> 
> [799]

nice CPU/virt_mode/memory benchmarks! That was a really interesting read.

btw I think what Mirrorway meant is if it automatically shutting down are to 
make up for down-time, for example if you don't use dispVM's for a full day or 
longer, then it'll shutdown on it's own and start again. Thereby, I believe, 
you prevent any potential internet based attacks by reloading fresh and clean 
system-files from the template. It seems like a pretty cool idea, it automates 
everything even if not using the computer for a period of time. Maybe make it 
more frequent, say once every 3 or 6 hours?

btw I found this too just now
https://github.com/QubesOS/qubes-issues/issues/2253

It seems even if the dispVM is shutdown, it can be made much faster too with a 
savefile. But if I understood it right, as Marek write in the first post they 
lack the manpower to get a savefile working for Qubes 4. But Qubes 3.2. has 
one, as it can be seen in Marek's time comparison in his second post.

but whoa, in Qubes 3.2. a savefile makes a difference from 25,5 seconds to 4 
seconds, on this particular hardware. Considering this is a completely shutdown 
dispVM, that is some pretty impressive speed differences. 

I wonder what would happen on Qubes 4 with PVH mode, savefile enabled, powerful 
CPU with a really fast NVMe SSD and RAM, all cores assigned but one which is 
kept in dom0, just how fast would it be then? In theory it should be less than 
4 seconds at least if Marek's number on Qubes 3.2. can be seen as a maximum 
here for hardware, which is hardware that right now isn't the fastest 
available. What speeds would be possible here? Once a savefile is made for 
Qubes 4, this could probably be possible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32d92eb2-f5a2-4c62-a931-713fd227d78c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

[799]

Hello,

Am 10.03.2018 1:10 vorm. schrieb "'MirrorWay' via qubes-users" <
qubes-users@googlegroups.com>:

You can reduce the start time to almost zero by using an already-running,
named DIspVM, see marmarek's post in https://github.com/QubesOS/
qubes-issues/issues/2801.


That sounds very interesting.
I have looked at the link, but didn't figure out what to do, to get faster
DispVM boot up times.
What do I need to do?


You can set a cron job that ensures they shutdown at least once per day.


Why? The DispVM should be shutdown after I close the window.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tAXrTGAT35HzixtYHz5A5SppS0RmirEo6%2BYPj%3Dz2CmGw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Launching speed of disposable VMs 15-18sec

['MirrorWay' via qubes-users]

You can reduce the start time to almost zero by using an already-running, named 
DIspVM, see marmarek's post in 
https://github.com/QubesOS/qubes-issues/issues/2801.

You can set a cron job that ensures they shutdown at least once per day.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eww0NIFhdQ_-sR_NahvQm2TT8YayiHW6J22VygHk2KUxY7s40V1BJeb217hqn3Zq64NNkwPdI_mq2o0LBqWIVUL4wFihmBFWDgdtvdw0sPs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.