random(4) - OpenBSD manual pages seems to indicate there is a single seed. But then all randomness sources available is used to get feed the arc4random stream.
This matches what I know of arc4random stream MagicPoint presentation foils
I don’t think there is an issue using twice the same seed, it exists in the first place to avoid a lack of entropy at boot. But I’m not entirely sure either about the consequences to be honest.
After reading the presentation again, there is a seed created at boot too @unman, so it should be good enough for a disposable use case.
The gory details …
As I have repeatedly said, my notes
are just that - notes. The only ones that could be thought to be a guide
are those on salt, and they are notes from a training course on using
Salt in Qubes. Most of these notes are like steps - users must
throw away the ladder after they have climbed it.
When I wrote the OpenBSD notes 5 years ago, they set out a procedure for using
OpenBSD as a sys-net. They were not unclear to their target audience, and
I dont think that many knowledgeable users would find them “unclear”.
It’s the same procedure you have written up now.
As to your snarky “noteworthy” comment, I have no idea if I’m tagged in
a discussion or not, because I interact with the Forum by email. The
only way I can know if I’m tagged is if I have already read the thread.
Also, for what it’s worth, I’ve been in and out of hospital for most of
the last year and my involvement with Qubes has been much reduced. So it
goes.
you are really funny for sure.
Thanks for a good guide.
As for your remark about having some basic knowledge, I am long term qubes user, but not a developer or anything. I don’t have time for that stuff to learn so well written guides are only way to go if I want to experiment with something new.
People have different works, not everyone is developer or something and they may be quite knowledgeable in other fields.
While trying to build Mirage firewall while using sys-net-openbsd and mirage firewall as network gateways it is not possible as loading metadata fails even after multiple attempts.
Building VM is based on fedora41.
Building while using linux sys-net and sys-firewall success.
Interesting, can you provide more information in detail?
Do you use a VPN?
When I built mirage-firewall it just worked.
To make sure is your connection like this
sys-net-openbsd → mirage-firewall ← Building VM
@unman I want to make it clear that my comment about your notes, which I mislabelled as a guide, isn’t intended to be disparaging. Your notes are clearly intended for those who are both technical and experienced (both things I am/was not) and your contributions here and elsewhere have been highly valuable.
I hope you get well and stay healthy; and thank you for the work you put into this community.
I am not using any vpn. And yup my networking is exactly like you said. I mean mirage firewall handling both appvm and sys-net-openbsd.
@fiftyfourthparallel Thanks you for your kind post.
I should apologise to you, @qEawma5f, and everyone for my comments -
it takes some time for my meds to kick in in the morning, and I really
shouldn’t post until they do, as I can be very tetchy, (more than usual).
@qEawma5f, thanks for your work on this guide.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
is there an openbsd template for the lazy one?
Also, what are recommended memory requirements?
OpenBSD amd64 can work with 48 MB but it’s super tight and will use a lot of swap at boot due to kernel and libraries reordering (it’s a security feature).
So if you put it 128 MB it should be fine, but I’d recommend to give it 256 or 512 MB to give it a lot of room, depending how much you can afford to throw at it. More than 512 MB does not seem any useful to me.
256M should be enough for network and PF
drop quick OS windows
Will think on including it in Liteqube as an option
please share a (buggy) template for the lazy people to play with.
Share some logs from mirage-firewall, only building does not work? does normal browsing work?
There’s no need to apologize for your health situation. I truly appreciate your contributions to QubesOS, and I wish you a speedy recovery and good health. I was simply trying to explain your work in simpler terms, and I understand that writing a guide can be quite challenging. Together, we are working towards a better more secure operating system. My apologies too for my snarky comment.
@unman I don’t see why you should apologize. As I’ve said elsewhere a while back, a community that’s too focused on manners is one that becomes saddled with indirectness and superficiality, and I feel that’s just as unpleasant as a forum loaded with hostility and passive-aggressiveness.
For some reason I can imagine book clubs for wealthy Hollywood housewives being loaded with all four horsemen: indirectness, superficiality, hostility, and passive-aggressiveness. And Ozempic.
Anyways, this is a tech forum, not a midwestern Bible study group, so manners aren’t at the top of most people’s priorities.
