[qubes-users] Qubes OS hardware costs

2022-04-10 Thread Frédéric Pierret 

Dear all,

I would like to share with you all the list of hardware that I have allocated 
for the Qubes OS Project's infrastructure: continuous integration, daily and 
weekly builds, and reproducible builds.

# CI/CD runners (all Qubes OS repositories)
HP DL360 Gen8:
  - Operating system: Debian
  - 2 * Intel(R) Xeon(R) CPU E5-2670 @ 2.60GHz
  - 128GB ECC RDIMM DDR3
  - 8 * 146GB HDD (SAS)

# CI/CD runners (Weekly ISO builds and Gentoo repositories (build and serve))
# Reproducible builds runners (see https://beta.tests.reproducible-builds.org/)
# Remark: only allocated at half of the global resources; the other half is my 
work machine.
DELL PowerEdge R730:
  - Operating system: Qubes OS
  - 2 * Intel(R) Xeon(R) CPU E5-2690 v4 @ 2.60GHz
  - 128GB ECC LDIMM DDR4
  - 8 * 300GB HDD (SAS)
  - 8 * 256GB SSD

# CI/CD runner for next generation Qubes builder
Custom Computer:
  - Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
  - 16 GB Non-ECC DIMM DDR3
  - 2 * 256GB SSD

# openQA runners
HP DL360 Gen8:
  - Operating system: openSUSE
  - 2 * Intel(R) Xeon(R) CPU E5-2670 @ 2.60GHz
  - 128GB ECC RDIMM DDR3
  - 8 * 146GB SAS HDD

# openQA runners
HP DL360 Gen7:
  - 2 * Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
  - 64GB ECC RDIMM DDR3
  - 8 * 146GB SAS HDD

# Reproducible builds snapshot.notset.fr service (key for rebuilding Debian)
HP DL380e Gen8:
  - Operating system: openSUSE
  - 2 * Intel(R) Xeon(R) CPU E5-2430L v2 @ 2.40GHz
  - 32GB ECC RDIMM DDR3
  - 8 * 4TB HDD (SATA)

This is hardware I've paid for out of my own pocket over the past four years 
and that I run at home in a controlled environment. I've recently finished 
optimizing the on-demand startup and auto-shutdown of the GitLab and openQA 
machines.

All of this was and continues to be a non-negligible cost (several thousand 
euros over the years) for me in terms of energy and hardware. As this is 
refurbished hardware, from time to time I need to replace some drives and 
failing memory modules. To give you an idea, as of today and since the middle 
of January 2022, all of this hardware (including auxiliary networking and 
firewall hardware) has consumed 2023 KWh (according to my watt-meter and with a 
daily average rate of ~20-25 KWh).

If any of you could possibly be financial or hardware sponsors, I would greatly 
appreciate your generosity and support. Please don't hesitate to contact me or 
Marek if you can help with this. We already have some machines in the cloud 
that were generously offered by the Qubes OS community. (Marek can provide 
details about the hardware.) In general, renting similar machine specs in the 
cloud as what I can run at home is very expensive, and we cannot afford that. 
This is why I prefer to invest in hardware that we control, especially when 
part of it is used to deliver content like the Qubes OS weekly ISO builds.

Best regards,
Frédéric

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25d24f3f-ac60-d29d-e4ed-6c4fedb0ad04%40qubes-os.org.


OpenPGP_signature
Description: OpenPGP digital signature

[qubes-users] "Windows integration work in Qubes 4.1 by the tabit-pro team" by Ivan Kardykov

2022-04-10 Thread Andrew David Wong 

Dear Qubes Community,

We've just published a new guest article by Ivan Kardykov from
tabit-pro, who we've invited to explain the work
the tabit-pro team contributed to Qubes 4.1.


"Windows integration work in Qubes 4.1 by the tabit-pro team"
by Ivan Kardykov
https://www.qubes-os.org/news/2022/04/10/windows-integration-by-tabit-pro/


The Markdown source of the article is reproduced below as a courtesy to 
plain text email readers.


8<

In this article, I'll briefly describe the code contributions we made to
the latest Qubes 4.1 release, most of which focus on improving Windows
integration.

## OEM activation support

When Windows comes preinstalled on a computer, license activation is
based on a certificate embedded in the hardware. Technically, this uses
one of the ACPI tables called "SLIC," which is readable by the host OS.
This option is not available in Qubes OS, since each qube is a Xen
virtual machine (VM) that has no physical hardware of its own. However,
a small change in Xen allowed us to copy the necessary data onto the
appropriate memory partition of the VM (thanks to OpenXT for the working
patch). This can be done simply by [extending the VM configuration with
the SLIC data via the libvirt template
extension](https://github.com/QubesOS/qubes-issues/issues/5279#issuecomment-525947408).
This fix has been included in stable packages for a long time. In fact,
it is also available for Qubes 4.0 users.

## Audio support

Audio virtualization in Qubes OS is based on communication between
PulseAudio services running in each VM, including dom0 (described in
more detail [here](https://www.qubes-os.org/doc/audio-virtualization/)). 
Unfortunately, this

method is problematic in the case of Windows VMs due to the lack of
PulseAudio support in Windows, and attempting to support it
independently seems like too time-consuming of a task (see
[#2624](https://github.com/QubesOS/qubes-issues/issues/2624)).

An alternative is to use QEMU, which allows for the emulation of
different audio devices and docking with PulseAudio. In our case, the
main obstacle for this method is the complexity of the connection to
QEMU, which is isolated by a stubdomain. We developed a patch that
allows for building and starting the necessary components for PulseAudio
in a minimal environment with vchan support. We also worked out a
separate version for building the stubdomain image with extended
functionality (the `xen-hvm-stubdom-linux-full` package). This mode is
activated in HVMs by setting the `audio-model` feature (using
`qvm-features`) and specifying the type of audio device, for example,
`ich6`. (Device variants are described in the QEMU documentation.)

## USB support

We used a similar approach to improve support for USB devices. In the
extended stubdomain, we proposed including qrexec and USB-proxy services
and including libusb features in QEMU (see
[qubes-app-linux-usb-proxy](https://github.com/QubesOS/qubes-app-linux-usb-proxy)).
As a result, we didn't even need to increase the available memory in
order to achieve stable operation of the extended stubdomain, although
it may be a problem when using some devices (e.g., webcams). There was a
question of which controller type QEMU should emulate. After
experimenting with different devices, we settled on the NEC XHCI, in
part due to the availability of Windows 7 drivers. The activation of
this emulation mode in HVMs is done by setting the `stubdom-qrexec`
property (using `qvm-features`). Details of user testing can be found on
the [Qubes
Forum](https://forum.qubes-os.org/t/windows-usb-integration-with-r4-1/5001).

## Not only Windows

The advantage of this approach is that there is no need to install guest
tools for attaching audio and USB devices, which allows the emulation to
be used not only with Windows, but with any OS (e.g., Linux live images,
Android x86, and probably ReactOS).  At the same time, there are also
disadvantages. In particular, the additional workload can slow down the
VM and affect the sound quality. (Even at minimum workload, you may
notice crackling.)

## Qubes Windows Tools

A relatively long time ago, we proposed building all the components of
Qubes Windows Tools (QWT) in a Linux environment using MinGW and Wine,
which allows us to use our existing CI tools and simplify the
maintenance of changes. We also worked a lot on improving the stability
of all the components, in particular, eliminating the causes of freezes
and performance degradation. In recent weeks, all of our proposed
changes have been approved and merged, and the
[cross-build](https://github.com/QubesOS/qubes-windows-tools-cross)
project has been added as a Qubes OS component. I'm sure everything will
be available in the stable repositories soon.

## Conclusion

The result of our work is full integration of Windows 7, 10, and 11 in
Qubes OS and significant improvements in usability for even
inexperienced users.

Thanks to

Re: [qubes-users] Where to configure target dir of `qvm-move`/`qvm-copy` (`/home/user/QubesIncomming`)?

2022-04-10 Thread airelemental via qubes-users 



> See subject line - I'd like to remap the `/home/user` bit to `/tmp` to
> enforce cleanup ...
>
> Thanks for any pointers.
>
> Joh
>
In /rw/config/rc.local, you can create /tmp/QubesIncoming. Then replace 
~/QubesIncoming with a symlink to /tmp/QubesIncoming

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/N-62xhy--7-2%40tutanota.com.