Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[pixelfairy]

This thread should be renamed ipv6, and there was such a thread in
qubes-devel. one of the issues is what to do when moving from an ipv6
enabled network to one without. netvm can easily note the difference and
adapt, but weather your bridging or natting, all the appvms wont know any
better and will start trying to use the non existent ipv6.

one possible solution is dns filtering. dont return  records when no
global address is present, but then your going down another rabbit hole.

On Thu, Jul 13, 2017 at 11:34 PM Alex  wrote:

> On 07/14/2017 05:30 AM, motech man wrote:
> > On Thursday, July 13, 2017 at 12:05:34 PM UTC-5, geoff.m...@gmail.com
> > wrote:
> >> A bit of thread necromancy here, but - if you're using a smartphone
> >> in the US with mobile data, there's a *very* good chance you're
> >> already using IPv6.
> >> [...]>>
> >> --Geo
> >
> > I also expect to see routers for home market that will talk ipv6
> > externally and ipv4 internally. That will help a lot of people
> > transition.
> Here in Italy (and a lot of other countries too) home routers just
> started distributing /64 internally, in full dual-stack mode, during
> this spring for the major ISPs.
>
> Public institutions are expected to be fully dual-stack connected and
> publicly available by the end of the year by law.
>
> I don't see any advantage in having a situation like you described - why
> not just full dual stack, and the devices connect to the technology they
> support?
>
> Apart from us qubes aficionados, any win10 pc, apple or android device,
> and the vast majority of linux workstation/server distros fully support
> dual stack configurations, and happily work preferring ipv6 when available.
>
> --
> Alex
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/rJYmO78ckxM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/809adbd0-7716-c7b8-9adf-df3d56787d34%40gmx.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACr%3DtZdrVO15Dc0FrEibXkH1Tz9_VwHrYHyMmx3t4oNxyXtpWQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[Alex]

On 07/14/2017 05:30 AM, motech man wrote:
> On Thursday, July 13, 2017 at 12:05:34 PM UTC-5, geoff.m...@gmail.com
> wrote:
>> A bit of thread necromancy here, but - if you're using a smartphone
>> in the US with mobile data, there's a *very* good chance you're
>> already using IPv6.
>> [...]>>
>> --Geo
> 
> I also expect to see routers for home market that will talk ipv6
> externally and ipv4 internally. That will help a lot of people
> transition.
Here in Italy (and a lot of other countries too) home routers just
started distributing /64 internally, in full dual-stack mode, during
this spring for the major ISPs.

Public institutions are expected to be fully dual-stack connected and
publicly available by the end of the year by law.

I don't see any advantage in having a situation like you described - why
not just full dual stack, and the devices connect to the technology they
support?

Apart from us qubes aficionados, any win10 pc, apple or android device,
and the vast majority of linux workstation/server distros fully support
dual stack configurations, and happily work preferring ipv6 when available.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/809adbd0-7716-c7b8-9adf-df3d56787d34%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[motech man]

On Thursday, July 13, 2017 at 12:05:34 PM UTC-5, geoff.m...@gmail.com wrote:
> A bit of thread necromancy here, but - if you're using a smartphone in the US 
> with mobile data, there's a *very* good chance you're already using IPv6.
> 
> Over 16% of traffic to Google is native IPv6: 
> https://www.google.com/intl/en/ipv6/statistics.html
> 
> And as of AUgust 2016, more than 50% of the traffic to Facebook from users on 
> the 4 major cellular (mobile data) networks in the US was via IPv6: 
> http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-major-milestone-over-50-ipv6-from-us-mobile-networks/
> 
> Akamai (one of the first CDNs) has some IPv6 adoption statistics, too: 
> https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp
> 
> So, IPv6 isn't quite as niche as a lot of folks in tech seem to think. My ISP 
> started rolling it out, and while I had to do a small amount of massaging 
> with my pfSense box to have it work properly, once it was functioning 
> essentially the way an ISP-provided router might... essentially everything 
> "just worked."
> 
> --Geo

I also expect to see routers for home market that will talk ipv6 externally and 
ipv4 internally. That will help a lot of people transition.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5762ce6f-1e55-4e6d-8832-8298a89f3d46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[geoff . maciolek]

A bit of thread necromancy here, but - if you're using a smartphone in the US 
with mobile data, there's a *very* good chance you're already using IPv6.

Over 16% of traffic to Google is native IPv6: 
https://www.google.com/intl/en/ipv6/statistics.html

And as of AUgust 2016, more than 50% of the traffic to Facebook from users on 
the 4 major cellular (mobile data) networks in the US was via IPv6: 
http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-major-milestone-over-50-ipv6-from-us-mobile-networks/

Akamai (one of the first CDNs) has some IPv6 adoption statistics, too: 
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp

So, IPv6 isn't quite as niche as a lot of folks in tech seem to think. My ISP 
started rolling it out, and while I had to do a small amount of massaging with 
my pfSense box to have it work properly, once it was functioning essentially 
the way an ISP-provided router might... essentially everything "just worked."

--Geo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66b15d74-c214-43db-a025-b6be98d70290%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[raahelps]

On Tuesday, January 31, 2017 at 9:30:41 PM UTC-5, RSS wrote:
> > > no support for ipv6  
> > 
> > not really a problem. it is 2017 and I still haven't encountered any
> > situation where IPv6 is actually being used, despite working a lot
> > with computers and routers (IPv6 is there but nobody is using it...
> > Never ever had to use those ridiculous IPv6 addresses, yet)
> 
> Actually, I run IPv6-enabled mail servers, and I am (at least some
> times) getting IPv6 connections with Google's mail servers. This is
> fairly recent behavior. A good chunk of Amazon AWS has recently enabled
> IPv6. 
> 
> I rent (very cheap) two servers that have no public IPv4 IP addresses,
> only IPv6.
> 
> IPv6 is coming, count on it.

my isp going to start pushing ipv6 in a week or two.  I'm scared lol.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df5ab178-35d7-4212-9340-6c0e7b275b2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[RSS]

> > no support for ipv6  
> 
> not really a problem. it is 2017 and I still haven't encountered any
> situation where IPv6 is actually being used, despite working a lot
> with computers and routers (IPv6 is there but nobody is using it...
> Never ever had to use those ridiculous IPv6 addresses, yet)

Actually, I run IPv6-enabled mail servers, and I am (at least some
times) getting IPv6 connections with Google's mail servers. This is
fairly recent behavior. A good chunk of Amazon AWS has recently enabled
IPv6. 

I rent (very cheap) two servers that have no public IPv4 IP addresses,
only IPv6.

IPv6 is coming, count on it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170128171003.39aae383%40armor-mail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[pixel fairy]

On Thursday, January 26, 2017 at 12:16:17 PM UTC-8, Oleg Artemiev wrote:
> what about using linux containers as vagrant provider or attempt to
> use Xen same way? See thread 'Slow performance of Docker containers in
> AppVMs' .

lxc or xen would work for developers only on linux. one of the benefits of 
vagrant is that you can share work with developers on other platforms. with 
lxc, theres also os limitations. at work we have linux and windows in our 
vagrant runs. xen could get around this, though the xen back end is pretty 
limited.

i think the best solution would be a qrexec vagrant back end, syntactically 
compatible with the more common backends (virtualbox,vmware etc),something i 
plan on looking into when get qubes running again. too many of the alt back 
ends (lxc, xen) have syntax thats not easily worked around, so they're really 
only good for that backend. an obvious drawback is the lack of nesting, but few 
need that. of course this would also need packer and/or vagrant mutate support. 
maybe qubes-lite is the better solution.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2b8bf97-a323-4597-a2d4-78189d397cce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[pixel fairy]

On Thursday, January 26, 2017 at 2:13:09 AM UTC-8, qmast...@gmail.com wrote:
> четверг, 26 января 2017 г., 6:12:56 UTC+3 пользователь jkitt написал:
> > On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com  wrote:
> > 
> > > I was sad when installed VirtualBox, tried launching it and it said that 
> > > something like "not supported on Xen hosts"
> > 
> > But why would you want to do that? You already have virtual machines at 
> > your disposal..
> 
> I need to use one app which is Mac OS X only and is not a cross platform 
> (doesn't have a version for Linux or Windows). So I wanted to install a 
> Hackintosh, but - while there are plenty of instructions about how to do it 
> at VirtualBox and VMWare, there are no instructions for Xen. And I doubt that 
> it could be done for Xen, because at their instructions for VirtualBox and 
> VMWare they are setting up virtual machine's UEFI to make it be acceptable by 
> Mac OS X, meanwhile - Xen does not have its own UEFI so I guess it cant be 
> done there 
> (one person tried some time ago, but without success - 
> http://wiki.osx86project.org/wiki/index.php/Snow_Leopard_Server_on_Xen )

its theorectically possible.

https://groups.google.com/d/msg/qubes-users/RiVntUzgJmY/it7OEQI-AgAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a130251-5a1a-4af3-8989-fbe5c869c05d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[qmastery16]

четверг, 26 января 2017 г., 6:12:56 UTC+3 пользователь jkitt написал:
> On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com  wrote:
> 
> > I was sad when installed VirtualBox, tried launching it and it said that 
> > something like "not supported on Xen hosts"
> 
> But why would you want to do that? You already have virtual machines at your 
> disposal..

I need to use one app which is Mac OS X only and is not a cross platform 
(doesn't have a version for Linux or Windows). So I wanted to install a 
Hackintosh, but - while there are plenty of instructions about how to do it at 
VirtualBox and VMWare, there are no instructions for Xen. And I doubt that it 
could be done for Xen, because at their instructions for VirtualBox and VMWare 
they are setting up virtual machine's UEFI to make it be acceptable by Mac OS 
X, meanwhile - Xen does not have its own UEFI so I guess it cant be done there 
(one person tried some time ago, but without success - 
http://wiki.osx86project.org/wiki/index.php/Snow_Leopard_Server_on_Xen )

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2da9f2d-513c-493e-b83f-292e17f7a494%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[pixel fairy]

On Wednesday, January 25, 2017 at 7:12:56 PM UTC-8, jkitt wrote:
> On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com  wrote:
> 
> > I was sad when installed VirtualBox, tried launching it and it said that 
> > something like "not supported on Xen hosts"
> 
> But why would you want to do that? You already have virtual machines at your 
> disposal..

for development purposes, you might want other kinds. for example, vagrant is a 
big sticking point. its how we share and collaborate across platforms, so if 
you want to work on those projects, you better be able to run its vagrantfile. 
its also used as codified description of processes, sometimes across machines. 
so you can have a vagrantfile for your a web project that includes a vm for the 
back end database. more on that here, https://www.vagrantup.com/ 

another reason you might want it is nested virtualization for its own sake. for 
example, developing hypervisor management software.

for both cases, i just made a vagrant server to use remotely. but that has 
obvious limitations. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d9aba2e-0e6e-4e77-b549-3d30c12ea788%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[jkitt]

On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com  wrote:

> I was sad when installed VirtualBox, tried launching it and it said that 
> something like "not supported on Xen hosts"

But why would you want to do that? You already have virtual machines at your 
disposal..

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92fe7061-0ef1-4d28-9ebe-bf9e927f9b39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[qmastery16]

вторник, 24 января 2017 г., 12:50:56 UTC+3 пользователь pixel fairy написал:
> On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote:
> > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
> > e5f3c2ea89...@tutanota.com написал:
> > > ... It makes you feel significantly less safe when using anything other 
> > > than Qubes :]
> > 
> > Haha you are a master of clickbait titles :]
> 
> lets make it real then.
> 
> - picky about hardware. probably the biggest issue now.
> 
> - no 3d acceleration. xengt / kvmgt might fix that, but last i checked, that 
> was a huge attack surface which no one at itl wants go over.
> 
> - some hardware will have performance issues even just watching videos as a 
> result of the above.
> 
> - no nested virtualization. again, big, complex attack surface. two common 
> use cases are vagrant and android development.
> 
> - only a few border colors to choose for appvms, so its easy to end up re 
> using colors.
> 
> - for some reason, dom0 borders are blue, one of the appvm colors. 
> 
> - you can copy / paste, but not copy / autotype into a vm. the support seems 
> to be in the gui protocol, just no interface to do it. tried to script it 
> with xdotool, but couldnt get window ids. 
> 
> thats all i can think of as real disadvantages. i would like to see qubes on 
> wayland. i think it greatly reduce attack surface and probably benefit 
> performance.
>
> also, no support for ipv6, though i think thats slated for qubes 4.x
>

> no 3d acceleration

There is 3D acceleration but its only for dom0 (on Qubes R3.2 it is through 
Mesa 11.1.0 which gives OpenGL)

> no nested virtualization

I was sad when installed VirtualBox, tried launching it and it said that 
something like "not supported on Xen hosts" :P At other Linux distros it is 
possible to nest virtualizations one inside another, but only for 32 bit OS for 
inside VMs (last time I checked)

> no support for ipv6

not really a problem. it is 2017 and I still haven't encountered any situation 
where IPv6 is actually being used, despite working a lot with computers and 
routers (IPv6 is there but nobody is using it... Never ever had to use those 
ridiculous IPv6 addresses, yet)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00befe3c-b949-48e2-a668-c2adaaa8031d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[pixel fairy]

On Tuesday, January 24, 2017 at 1:50:56 AM UTC-8, pixel fairy wrote:
> On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote:
> > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
> > e5f3c2ea89...@tutanota.com написал:
> > > ... It makes you feel significantly less safe when using anything other 
> > > than Qubes :]
> > 
> > Haha you are a master of clickbait titles :]
> 
> lets make it real then.
> 

also, no support for ipv6, though i think thats slated for qubes 4.x

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5f8b49d-2e2c-44d2-a222-fff62735e6c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[qmastery16]

суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
e5f3c2ea89...@tutanota.com написал:
> ... It makes you feel significantly less safe when using anything other than 
> Qubes :]

Haha you are a master of clickbait titles :]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/386ce3bd-71aa-4ae5-a326-2e4b1835d5b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.