Tuesday, June 18, 2019

Qubes OS first impressions


Last week, I switched from Fedora (fc27 iirc) to Qubes OS on my home laptop. It's an old and heavy Asus ROG laptop that I typically don't use for development purposes. My current main system is an iMac pro, "almost FuLLy loaded".

I'm not paranoid about privacy and security, but I think that I needed a reminder that those things are more important nowadays.
- Does privacy even exist anymore on the web? Did it ever existed?
- How easy is it to hack for a "script kiddie" nowadays, and what about for an "experienced hacker"? What if we replace "experienced hacker" with "organizations that have resources"?
- What about the "Intel Management Engine" and its AMD equivalent? What do those things actually do? How bad is that code in IME or PSP, in terms of new vulnerabilities to expect? Hopefully such those "features" will become opt-in features for customers with options to fully disable the functionality.
- What about security in our IOT devices?  It's always funny to log-in into your internet provider router UI and see wifi passwords displayed in plain text. If your internet provider does such things, what do you think usually happen for other types of services when it comes to security or basic programming practices?
- What about antivirus software? I'll never forget the early years of Kasperksy on my first PC a while back (1999-2000), it would always detect viruses, that is after infection and sometimes without any possible remediation... Do you believe that antivirus software can detect most viruses nowadays?


So many questions, in any case let's jump to Qubes OS...


System requirements


RAM

I recommend at least 16 GB of RAM. On the Qubes OS website, they mention 4 GB minimum. With 4 GB and on a system that employs significantly virtualization, the experience cannot be pleasant. If this will be your main and only OS, I suggest 32 GB of RAM, if you can. I run Qubes OS on an "old" gaming laptop with 16 GB of RAM.


Storage

While an HDD will work fine, an SSD is much better. I can't really stand waiting for I/O operations on old devices. My laptop has 2 TB (HDD) while my main machine has a 4TB SSD,  night and day  from a performance standpoint.

Ease of use

I do not believe that Qubes OS is good for the Linux newbie, it could be a very frustrating experience, especially if the system doesn't recognize all devices, on top of other issues.

The main concepts to understand are around Qubes OS way of doing things, its tooling (clipboard, utilities, etc.) and Xen virtualization, other than that, it's just Linux (Debian and Redhat based VMs).

I only spent few days on Qubes OS and my setup is far from complete.

PC or laptop recommendations??

I do not really have anything to suggest. If you have a recent enough machine and you're able to boot the ISO image, I think that it should be possible to deal with other issues later (drivers and other problems).

I think that with a Thinkpad or possibly pricy Librem laptop things should go smoothly. For new Librem laptops, I believe that Qubes OS supposedly works "out of the box".

I did struggle with Broadcom wifi drivers that used to work fine with "old" Linux kernels, after 2 days I decided to just purchase a Linksys USB wifi adapter. I got tired of chasing old kernels and specific driver versions for BCM4352: other approaches that used to work don't work anymore.

Qubes OS maintains a Hardware Compatibility List webpage.

Screenshot of Qubes OS on my laptop


There's still work to do for my VPN proxy setup outside the sys-net VM, vault and other stuff, etc. My typical laptop usage is about surfing the web, watching videos and "accidentally" working (SSH or other remote access approaches).



I tend to prefer Fedora for  user programs and Debian for services. I was not successful at setting up other community provided template VMs: build fixes -> build -> install -> startup failures

My ideal final Qubes OS setup would involve the following:
- OpenBSD as firewall VM, I'm only familiar with FreeBSD to an extent.
- Arch Linux, Alpine or anything else that is lightweight for "proxy/services/servers" VMs.
- A customized DWM window manager on DOM0 instead of XFCE to keep it "light": few bash or python scripts to automate small things? On the average day, on DOM0, I just need to attach  USB devices, connect to wireless access points and run the Qubes VMs manager.


Few resources






Friday, June 14, 2019

Recalling when and why I stopped using MS Windows at home

I have used few operating systems over the years. On some occasions, I had the luxury of running a non-Windows OS at the office too (8 years or so).

At home, I have to confess that I stopped using Windows a "very long time" ago. I do not really play around with any OS since 2007, I'm just the average John Doe doing "simple things" in front of the PC.

Discovering a non-Windows world

Around the end of my bachelor, I realized that there was something called Linux that I didn't know anything about. A friend helped me install it and he showed me some basic commands.

I was eager to learn and I found all daily tasks challenging at first. How do you find solutions when you don't know the problem or the keywords to type?? I think that many recall Google searches with almost no results, daily forums visits, IRC chats with RTFM comments ☺.

The fact that .Net was not open-sourced kept me on Linux too, as I quickly started programming in Java during my master. I became a bit obsessed with the command line and discovering a "new world" was very addictive.

The days of the preacher

At some point, I wanted "help" others switch to Linux. All operating systems have their annoyances in my opinion.

 

 The days of the marginal

I didn't know many individuals running only Linux in my "bigger entourage".
  • Why don't you use Windows like anybody else?
  • Where is Internet Explorer? Why isn't StarOffice/OpenOffice just like Microsoft Word? 
  • Why are you often in a terminal?? 
  • Why do you go through so many steps to mount Novell Network drives?
  • etc.

 

The John Doe days

My day to day Linux/OSX usage is the same as anybody on Windows. I'm the average John Doe watching videos and browsing the Web, I forgot many things, but there's still lots of muscle memory left. I think that Ubuntu really changed the Linux scene years ago (easier installation, good docs, etc.).

I occasionally get the "Uh, this is Linux?" and that's it, no real stigma. Most of the tools, that I care about are available on Linux or OSX.

Experimenting with Unix/Linux over the years

At work, I do not always have the choice to use the OS of my liking, I'll run any OS that the client prefers. At home, I stopped running Windows a while ago.

2001-2002 until 2008 - Linux and BSD

My first "real Linux distribution tryout" was Mandrake Linux. In order to become comfortable with Linux I decided to simply wipe my Windows installation. What can you do when you've got no other options :-) ? Install it Linux - break it - reinstall - rinse and repeat
During this period, I tried several distributions (Debian based distros including Ubuntu, Redhat based distributions, Gentoo, Arch Linux, Slackware, etc.).
For a year or so, I run FreeBSD as my main Desktop OS. I also spent few months on Solaris.

2008-2010 - Tasting the $$Apple

I had a Hackintosh for about 2 years (roughly 24 hours of dedication for major releases upgrades -> kernel panics and general issues). I created installation guides to help others, as there was nothing working well for my hardware specs at the time, I won't post any webpage links...

If you can afford it, I recommend buying Apple products instead of pursuing other ways for running Mac OS. Installing and upgrading a Hackintosh can be tedious, accordingly to your hardware specs.

2012 - 2019

Nowadays, I run OS X on my home-office machine (iMac), as well as Linux (laptop). As of mid 2019, I've been experimenting with Qubes OS and other specific purposes distributions.


Linux wishes

  • It would be great to forget about device drivers (compatibility issues, buggy or unsupported drivers for some hardware).
  • Missing or unsupported Kernel drivers: My broadcom wireless card is problematic with new Linux kernels and distributions... Depending on the Linux distribution, solving driver issues can be challenging.
  • Less memory hungry tools: If I recall correctly, I first run a Linux desktop on a 256MB of RAM machine, I'm not sure that this is easily possible anymore.
  • Recalling tools and conventions across Linux distributions is difficult: switching package managers, tools and conventions is not easy. I'm more comfortable with Debian and Redhat based distributions.





Monday, January 14, 2019

Back at it

This blog is alive again! It's been a while and I'm planning on blogging again on a regular basis.

Saturday, August 10, 2013

Moved

This blog has moved to wordpress!

Please update your bookmarks.

Friday, July 26, 2013

Review of the Grails Gradle Plugin

UPDATE: Using the bootstrap configuration for the Tomcat plugin excludes it from the grails-war task.

See https://github.com/grails/grails-gradle-plugin/pull/43


Gradle support for Grails is maturing slowly and I must say that I can't wait for Grails 3.0. "Oh yeah, I'm excited!" :-), almost.

There are still few bits that I'm not clear about though in terms of how tight the integration will be, not specifically from an IDE usage perspective.

I watched a presentation from Luke Daley (aka alkemist) on Youtube(gr8conf 2013). It showcased the Gradle plugin for building Grails applications using the grails-gradle-plugin.

I was able to create a small POC and I want to share that experience with you.

General notes

Building a war and running Grails commands? Not a problem.
gradle grails-run-app
gradle grails-war

You can configure the Grails environment using -PgrailsEnv as command line argument.
-Dgrails.env= or -Pgrails.env= doesn't seem to work.

Arguments can be specified using -PgrailsArgs
gradle -PgrailsArgs='com.Domain' grails-create-domain-class

For some reason, the grails-gradle-plugin seems to require a closure with a Grails version specified twice (assuming that version is only used for bootstrapping the initial call??, while grailsVersion is used for building). I think that it should probably be consolidated...

grails {
  grailsVersion '2.2.3'
  version '2.2.3'
}

Below is a build.gradle file that does work for the Grails Gradle plugin 2.0.0-SNAPSHOT. Dump the file into some folder and run gradle init first.

buildscript {
  repositories {
    mavenCentral()
    maven { url 'http://repository.jboss.org/maven2/' }
    maven { url 'http://repo.grails.org/grails/repo' }
    maven { url 'http://repo.grails.org/grails/plugins' }
    maven { url 'http://repository.springsource.com/maven/bundles/release' }
    maven { url 'http://repository.springsource.com/maven/bundles/external' }
    maven { url 'http://repository.springsource.com/maven/libraries/release' }
    maven { url 'http://repository.springsource.com/maven/libraries/external' }
  }

  dependencies {
    classpath 'org.grails:grails-gradle-plugin:2.0.0-SNAPSHOT',
    'org.grails:grails-bootstrap:2.2.3' 
  }
}

version='0.0.1'

apply plugin: 'grails'

repositories {
  mavenCentral()
  maven { url 'http://repository.jboss.org/maven2/' }
  maven { url 'http://repo.grails.org/grails/repo' }
  maven { url 'http://repo.grails.org/grails/plugins' }
  maven { url 'http://repository.springsource.com/maven/bundles/release' }
  maven { url 'http://repository.springsource.com/maven/bundles/external' }
  maven { url 'http://repository.springsource.com/maven/libraries/release' }
  maven { url 'http://repository.springsource.com/maven/libraries/external' }  
}

grails {
  grailsVersion '2.2.3'
  version '2.2.3'
}

configurations {
  all {
    exclude module: 'commons-logging'
    exclude module: 'xml-apis'
  }
  test {
    exclude module: 'groovy-all'
  }
  compile {
    exclude module: 'hibernate'
  }
}

dependencies {
  compile( "org.grails:grails-crud:$grails.grailsVersion",
           'org.grails:grails-gorm:1.3.7')

  bootstrap "org.grails:grails-plugin-tomcat:$grails.grailsVersion"
}

Sunday, June 30, 2013

About Java Software Installers and Launchers

1 Introduction

In the early stages of your software projects, it's a good practice to think about the distribution aspect. It doesn't matter how good a product is, if no one can perform the installation or run the application.

Generating software installers is not always easy, regardless of the installer product used.

If you're lucky enough to have a good commercial software installer, you can generate quickly packages without too much pain:

  • Easy generation of application launchers.
  • Good default settings with flexibility for splash screens, installer icons, pre-installation/post-installation actions, etc.
  • Generation of software packages for a variety of platforms (OSX, Unix, Linux, Windows, etc.).

2 Application launchers

Now that your application development phase is complete, you may be worried about writing couple of launchers.

Writing a Java application launcher can become fairly complicated depending on :

  • The amount of libraries dependencies used by the program.
  • The configurations and properties to resolve or create in order to run the application properly.
  • Any tasks that need to be executed prior to launching the application.

For Java based applications, below are the common steps performed by launchers scripts:

  • Find the Java executable (JAVA_HOME detection if needed, common locations depending on the Operating System).
  • Validate the Java version requirements as well as potential optional settings.
  • Setup any environment variables or system properties needed by the application.
  • Construct the Java classpath from the application dependencies.
  • Perform any actions need prior to launching the program.
  • Invoke the Java command with the classpath and JVM arguments to start the application.

ClassWorlds is a simple Java application launcher framework that has been around for a while. It superseeded the forehead framework launcher. Forehead was used by many tools such as Maven (now using ClassWorlds).

What makes ClassWorlds compelling is that it's really easy to bootstrap an application launcher without much effort. All that Classworlds needs is a simple java command that references a boot jar file and your application configuration file(to load libraries).

3 Software Installers and packaging

Depending on the application's type, target audience and operating systems, many options are available. Commercial Software package generators usually provide good results without too much work. Decent to really good products for Java software packaging include InstallAnywhere and Install4j.

Some free Java-oriented installers generators can be found on java-source.net. A popular choice is IzPack.

Generating software packages by hand still gives you an overall better user's installation experience at the expense of time and potential bugs (typos, logic errors, etc.).

When your installation packages are ready, you then need to test them on all supported platforms, just to be safe.

Zip distributions are very convenient for many users:

  • No administration rights needed most of the time, which is useful when you don't have administrative rights on a machine.
  • One step installation, just a matter of extracting a software archive.
  • Easy uninstallation which is a simple folder deletion.

When generating software packages, don't forget the simple way of distributing files via zip archives.

Saturday, June 22, 2013

A good dev Linux Distribution - Fast with many packages

Fast with many packages is not the only selection criteria for a Linux distribution, but it's important. "Click and wait... Download manually packages on a regular basis??" -> "no thanks".

I've used many Linux Distributions over the years: Redhat, Mandriva(previously Mandrake), Debian, Gentoo, Slackware, CentOS, Fedora, Knoppix, Suse, Zenwalk, Ubuntu, etc.

My main machine at work usually runs some Linux variant. I was lucky enough to always have that luxury since I started to work "As long as you don't need support and you can work with it, you can run Linux on your PC".

Linux distributions perceived speed
Redhat based distributions have to be the slowest around, so I tend not to use them, unless I have to. Among the fastest Linux distros(non minimalistic), I would count in Slackware, Gentoo and few others.

Today I tried Arch Linux for the first time. I must say that I'm very much impressed with the raw speed. I would even dare to say that it feels faster than Gentoo or Slackware, without any additional optimization or custom kernel compiled.

Linux distributions with nice package managers
Couple of years ago, RPM based distributions were annoying. It was a real dependency hell depending on where you grabbed your RPM package... Nowadays things are better(yum, etc.), but RPM dependency resolution traumatized me for good...

As soon as I was introduced to Debian, I never looked back. For a quick install in few minutes Ubuntu will do and for a server a pure Debian distro is nice. Once in a while, I try couple of Linux distributions just for fun.

Having a nice set of packages available is cool especially when your distribution has a "reliable and powerful" package manager.

What a dev like me wants from a Linux distro
These days, I only need few things from a Linux distro:
  • It has to be fast, as I like to multitask but I also have couple of GB of RAM to spare.
  • No RPM based distro, Debian or something else. I've always preferred Debian for its apt-get super powers. apt-get has been around for a while and I like it a LOT.
  • I don't need a graphical installer but I also don't want to a full installation from chroot with tons of steps, unless I have time to kill...
  • Many packages should be available via the package manager of the distribution, as I try to avoid compiling too many applications.
  • Flexible installation options (base system vs full desktop/server system). When I have time, I build a system with only what I need...