Re: [qubes-users] Re: Wine/PlayOnLinux Best Practices
On Tue, Jan 31, 2017 at 7:16 PM, mojosam wrote: > > As for security, imagine my surprise when my Linux desktop started > popping up malware ads, which ran quite happily in Wine. > > Precisely my concern! > > I will probably eventually create a Windows HVM and just run necessary > stuff in there. I didn't want to run an entire instance of Windows just to > run the Kindle app. > > As for my experience yesterday attempting to set all of this up, it was > not pleasant. It took me many hours. Maybe half of that was learning > where and how Qubes deals with installed software. That really does > complicate things. Beyond that, I encountered numerous bugs and many > crashes with PlayOnLinux and Kindle. I don't know how people can think POL > (and presumably Wine) is a viable option. > > What this has (re)taught me is the evils of DRM. There are a lot of books > that are Kindle only. If I don't want the dead tree version, I'm stuck > with Kindle. I live in a country (USA) that is very hostile to fair use. > I'm now investigating DRM removal techniques. If that works out, I'm > purging this disaster that is POL and Kindle app. > > yes I have a userVM that is devoted only to taking DRM out of kindle books that I buy on Amazon. For that to work have POL installed in a cloned template from which that userVM depends. Any risk is limited to those two VMs. Best Fran -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/f449c819-592c-4eaf-95fb-de31cdf32741%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAZKC-TGzO5J38C3bhtvVzjUuUi4-g8ujuzqcsnVUkbVA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine/PlayOnLinux Best Practices
> I will probably eventually create a Windows HVM and just run necessary stuff > in there. I didn't want to run an entire instance of Windows just to run the > Kindle app. There's a good chance you don't need to just for Kindle. I've run many applications in bare Wine, until I found good replacements for them. > > I don't know how people can think POL (and presumably Wine) is a viable > option. As I mentioned above, they aren't actually 1:1 in terms of working or not working. Wine works, the caveat is that you have to make it work with your app, which can be a real PITA. > > What this has (re)taught me is the evils of DRM. There are a lot of books > that are Kindle only. I believe for a while I was able to use Chrome and the Kindle store to read kindle books? Perhaps that's an option. As for DRM, well that's why I still buy physical books. The ones who really suffer are the authors, since DRM forces so many people who would have paid for the content to find an alternative that works. I used to use a lot of commercial software on Windows, but after two years the validation servers would cease to exist and my apps went *p00f*. Thousands of dollars of unusable software. I've since happily spent money for apps and media that don't require DRM. I won't buy anything with DRM. Vote with your wallet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/839df4c7-cc98-4098-a652-4d3a32a93287%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine/PlayOnLinux Best Practices
> As for security, imagine my surprise when my Linux desktop started popping up > malware ads, which ran quite happily in Wine. Precisely my concern! I will probably eventually create a Windows HVM and just run necessary stuff in there. I didn't want to run an entire instance of Windows just to run the Kindle app. As for my experience yesterday attempting to set all of this up, it was not pleasant. It took me many hours. Maybe half of that was learning where and how Qubes deals with installed software. That really does complicate things. Beyond that, I encountered numerous bugs and many crashes with PlayOnLinux and Kindle. I don't know how people can think POL (and presumably Wine) is a viable option. What this has (re)taught me is the evils of DRM. There are a lot of books that are Kindle only. If I don't want the dead tree version, I'm stuck with Kindle. I live in a country (USA) that is very hostile to fair use. I'm now investigating DRM removal techniques. If that works out, I'm purging this disaster that is POL and Kindle app. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f449c819-592c-4eaf-95fb-de31cdf32741%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine/PlayOnLinux Best Practices
> I was rather shocked to see that PlayOnLinux hogs 800 MB on my hard drive. I > guess there's support in there for just about every freaking service that any > Windows application might want. I had just assumed that that stuff would be > installed on an as-needed basis (Maybe standalone Wine does this?). > It's been a while since I used wine (I prefer just using an HVM for this) and PlayOnLinux, but here's the gist: wine and wine dependencies are relatively light, but will create a "windows" simulated directory under ~/.wine which holds all the actual app executables. Wine would go in TemplateVM and run in an AppVM. It WILL eat up space in the AppVM. PlayOnLinux creates (Last time I used it) MULTIPLE windows directories (one for each app?) on the AppVM, which eats a ton of space. You probably only need PlayOnLinux if you are actually running a DirectX game etc. PlayOnLinux includes EVERY addon to Wine (Wine->OSS->PulseAudio) with patches to make specific applications work. If you can get it running in just Wine, you can select which extensions get installed. As for security, imagine my surprise when my Linux desktop started popping up malware ads, which ran quite happily in Wine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b0e506c-760f-4528-9430-179c6d9a7f34%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine/PlayOnLinux Best Practices
On 01/31/2017 02:24 PM, mojosam wrote: >> it does protect you from user errors. e.g.: >> you have some malicious pdf in a vm. >> if you have noting to open the pdf, you can't accidentally open it and >> corrupt your vm. > Isn't that the concept behind "attack surface"? If the code is there, > something malicious might have the ability to call it. I think there was > malware that was recently discovered that could exploit the floppy disk > controller in either VMware or VirtualBox. > > The bigger practical concern is that PlayOnLinux expanded my template by 800 > MB. Is all of that cruft duplicated on the hard drive for every VM, or is it > just accessed from the template as needed when the VM is activated? > Accessed from the TemplateVM from the AppVM if needed, assuming all of your AppVMs are based on the same TemplateVM and PlayOnLinux installed it in the root partition. Clearly, it needs to do so when you first install the package, but all of your programs that you install in Wine including different Wine versions, libraries, etc once you start the PlayOnLinux client all get stored in /home/user/.PlayOnLinux and those are only accessible through the AppVM that you launched it from. A different AppVM based on the same TemplateVM wouldn't be able to access those apps unless you were to reinstall them on the new AppVM as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o6r071%24a45%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Wine/PlayOnLinux Best Practices
On Mon, Jan 30, 2017 at 8:31 PM, Reg Tiangha wrote: > On 2017-01-30 03:48 PM, mojosam wrote: > >> I am in the process of installing PlayOnLinux into my Fedora 24 >> template. Currently, my only use for it is the Kindle app. I suspect I'll >> find further need for it in the future. My original plan was to just use >> the Kindle app in one of my existing app VMs. In the future, I might want >> some other application available in a different app VM. >> >> I was rather shocked to see that PlayOnLinux hogs 800 MB on my hard >> drive. I guess there's support in there for just about every freaking >> service that any Windows application might want. I had just assumed that >> that stuff would be installed on an as-needed basis (Maybe standalone Wine >> does this?). >> >> This got me thinking about attack surface. Since this is in my regular >> Fedora 24 template, won't this codebase be included in every app VM I run, >> whether I'm running PlayOnLinux in that app VM or not? Presumably none of >> that code would be running, but it would still be accessible to malware >> that wanted to call it. >> >> Related to that, if I am using a PlayOnLinux application, then whole >> hunks of that codebase would now be running in that app VM, so any >> preexisting malware/bugs would now be alive and fermenting within the app >> VM. >> >> To minimize these effects, I'm now thinking that the best thing to do is >> to install PlayOnLinux in a standalone VM and run all of its applications >> in that VM only. >> >> I'd kind of like to minimize the rampant spread of standalone VMs in my >> system, but it seems like this one might be justified. >> >> > Or rather than a standalone VM, you make a separate TemplateVM just for > the wine stuff. That's what I do. But, those are different paths up the > same mountain. I just make it a TemplateVM rather than standalone to get > all the benefits of the Template/AppVM model. All the user PlayOnLinux > stuff gets stored in /home anyways and I have the free disk space, so why > not? > > I do the same. you ha the additional advantage that you may install different windows programs in different userVMs. > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ms > gid/qubes-users/o6oid8%24i06%241%40blaine.gmane.org. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBiwQMXay9JUbfBwg1U5Awiio1SipXg47-zuMrT5zsrnw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine/PlayOnLinux Best Practices
On 2017-01-30 03:48 PM, mojosam wrote: I am in the process of installing PlayOnLinux into my Fedora 24 template. Currently, my only use for it is the Kindle app. I suspect I'll find further need for it in the future. My original plan was to just use the Kindle app in one of my existing app VMs. In the future, I might want some other application available in a different app VM. I was rather shocked to see that PlayOnLinux hogs 800 MB on my hard drive. I guess there's support in there for just about every freaking service that any Windows application might want. I had just assumed that that stuff would be installed on an as-needed basis (Maybe standalone Wine does this?). This got me thinking about attack surface. Since this is in my regular Fedora 24 template, won't this codebase be included in every app VM I run, whether I'm running PlayOnLinux in that app VM or not? Presumably none of that code would be running, but it would still be accessible to malware that wanted to call it. Related to that, if I am using a PlayOnLinux application, then whole hunks of that codebase would now be running in that app VM, so any preexisting malware/bugs would now be alive and fermenting within the app VM. To minimize these effects, I'm now thinking that the best thing to do is to install PlayOnLinux in a standalone VM and run all of its applications in that VM only. I'd kind of like to minimize the rampant spread of standalone VMs in my system, but it seems like this one might be justified. Or rather than a standalone VM, you make a separate TemplateVM just for the wine stuff. That's what I do. But, those are different paths up the same mountain. I just make it a TemplateVM rather than standalone to get all the benefits of the Template/AppVM model. All the user PlayOnLinux stuff gets stored in /home anyways and I have the free disk space, so why not? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o6oid8%24i06%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
