Re: [qubes-users] Another "Best Hardware" 4 VMs setup question.

2018-01-20 Thread Davidson H



On 20.01.2018 20:16, taii...@gmx.com wrote:

On 01/20/2018 02:08 PM, Davidson wrote:



I just forgot. I noticed that some places (librem I think, and 
System76 
<https://duckduckgo.com/l/?kh=-1=https%3A%2F%2Fliliputing.com%2F2017%2F11%2Fsystem76-will-disable-intel-management-engine-linux-laptops.html>) 
are selling computers with ME (partially) disabled on their intel 
procs, does anyone know about either buying just procs or mobo/proc 
combos with (partially) disabled intel ME procs?



Purism is a scam, ME can't be disabled.
Please note their "coreboot" is simply a shim loader layer, the
hardware init is done by the intel FSP binary blob moving the trust
layer from the vendor+intel to just intel which I argue is not a real
improvement to justify the high price of their devices.

https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
https://goblinrefuge.com/mediagoblin/u/onpon4/m/what-purism-s-road-to-fsf-ryf-endorsement-chart-should-look-like/

Google tried to get intel to free ME, if they can't do it then no one 
can.


System76, Purism etc are all using me_cleaner a tool which they didn't
develop so you can buy pretty much any laptop and get the same results
if ME is your only concern although considering the massive security
problems with intel CPU's now I wouldn't buy one.

My laptop recommendation as always is a lenovo G505S, no ME/PSP and
coreboot with open source cpu/ram init (blobs for video/power, but are
removable due to no hardware code signing enforcement unlike intel or
new amd stuff). It works with Qubes 4.0.

For a desktop/workstation I recommend the libre firmware available
KCMA-D8/KGPE-D16 (coreboot with entirely open source hardware init)
they also feature OpenBMC for libre remote management.


As I understood it, its not *totally* disabled but is *partially* 
disabled (like the TCP/IP stack).
Anyway. Your KGPE-D16 suggestion is interesting (thx!), and that mobo+ a 
12core 2014 opteron seems like it would be fairly speedy? Certainly 
compared to my old i3/8gb tower. This may sound silly but in the VM 
context, would a 12 core processor be excessive or would it be "fully 
utilized" by Qubes?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/663a4163cee48ba6c31a1f9c548f0185%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Another "Best Hardware" 4 VMs setup question.

2018-01-20 Thread Davidson



On 01/20/2018 01:51 PM, Stumpy wrote:
I have been reading through the forum about the various 
recommendations for hardware. The general consensus seems to be "more 
mem and ssd drive". I am running 3.2, have 16gb mem, and a Samsung ssd 
drive and it still takes 10 sec (timed it) to put up a terminal in a 
new vm. While I can tolerate that I'm really wanting to explore 
options that can give me a faster start up for apps (and appvms). Its 
been awhile since I bought my CPU so I can't remember what it is 
beyond a i5, if the /proc/cpuinfo is right (its a bit confusing for me 
as I don't understand if its showing the nfo for the proc or a virtual 
proc?) then I have a Intel Core i5-4570 CPU @ 3.20GHz and it displays 
for processor 0 and processor 1 so I will go out on a limb and assume 
its a dual core?


Considering my current setup, and the fact that I wholly plan on 
upgrading to qubes v4 once its stable, and that I am willing to fork 
out for a new system (though with a pretty limited budget ~500) could 
anyone make suggestions on the most logical route to take? (hopefully 
not "grin and bear it").

Cheers

PS I have 30 VMs BUT don't usually run more than 10 at a time (due to 
mem i guess) but would probably run about 15 regularly if I could.


I just forgot. I noticed that some places (librem I think, and System76 
) 
are selling computers with ME (partially) disabled on their intel procs, 
does anyone know about either buying just procs or mobo/proc combos with 
(partially) disabled intel ME procs?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0969c612-8160-951d-099d-b336628f463c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] Qubes Controller as the new Qubes-Manager

2018-01-20 Thread Davidson



On 01/06/2018 06:27 AM, 'Tom Zander' via qubes-users wrote:

On Saturday, 6 January 2018 00:11:43 GMT Franz wrote:

I would add some way to make some order in the
applVM list, so that a standard view may show only the most commonly used
VMs, while rarely used VMs are hidden and shown only clicking a button. To
do that, there should be a flag to differentiate the visibility of VMs.

I made a start with this based on my own usage; See the attached
screenshots.
Going from screenshot1 (showing all my qubes) to 5 by removing ones based
on;
* being templates for disposable VMs. (you likely never want to start them
after initial configuration).
* being a "network" VM.
* Being a template.
* Being halted.

Naturally you can combine those settings in any way you want to show the
subsection of qubes you use.
I expect that I''l end up using the settings as "snapshot4" shows it most of
the time.
  

This may be helpful also in a corporate environment when an administrator
can decide which VMs should be shown and which should be hidden.

This is a great idea, I recall that root added tags in 4.0. I have not tried
them yet, but it sounds like a good fit.

Thanks for the ideas!


Hey, thanks again for your work, much appreciated.

Another thought just occurred to me, a collapsible tree like option. I 
have like "work" VMs (one for libre office stuff, another for email, 
another for vid confer) and for general communications (one for IRC, 
another for Signal, another for personal email) and anon stuff (crypto 
wallets, email via tor, browser, etc), the list I have is really quite 
long and I find myself sorting/re-sorting naming etc. I use tree-style 
addon in firefox which has the fantastic option to let you stack tabs 
among other things, considering that and how I have my file manager 
setup to show a tree of the folders I have it would really be quite 
handy to organize VMs into a collapsible tree.

Just a thought :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/088ebdd6-d9fa-6e94-e55b-2b0ecedea6d0%40posteo.net.
For more options, visit https://groups.google.com/d/optout.