By ‘Qubes’, I mean both VMs and the OS proper, as two separate questions:
How often you restart your VMs as a matter of procedure, just to wipe the slate clean once in a while?
How often you restart your entire Qubes OS to ‘refresh’ Xen?
Despite the fact that virtually all my VMs are disposable, sys-VMs included, I restart my PC quite often as a matter of habit. It’s a time-consuming habit, so I was wondering if I’m just wasting my time.
*Edit: Added polls below. *
Only those with trust level 1 and above can vote. Votes have been set to ‘private’, so other users cannot view who voted for what, but it is safer to assume that this information is recorded in the back-end.
How often do you restart your VMs as a matter of procedure? (Select closest option)
Multiple times a day
Once a day
Once a week
Once a month
Once every few months
Never voluntarily
0voters
How often do you restart your entire Qubes OS as a matter of procedure? (Select closest option)
This happens to me too. I haven’t seen a consistently working reboot across my devices, nor have I seen a working suspend (i.e. I can’t close my lid otherwise I can’t log back in).
Don’t know–there’s just a correlation in my mind between rebooting and increased security.
I don’t have any issue, with other commands, just it took really long for reboot and i never seen the log too, but i suspect it’s does have issue with the disk error (software related).
I don’t think so, dom0 is secure (event it isn’t, at least my template and dom0 doesn’t have network). if there’s anything isn’t secure, it’s my template.
I suspend my laptop each evening and I usually reboot after a few days. I have a little graphical glitch when waking from suspend. Most of the time it is only noticeable when watching a video, so it is no big deal. In the past I didn’t have this issue and I haven’t found the cause. It might have to do with specific drivers I installed in the past or something completely different.
When I find the time I will have to do another fresh install on a spare drive and compare some issues I am having right now.
I am used to the relatively time-consuming procedure of rebooting and starting all the daily VM. I don’t think much of calculating “wasted time” concerning these little things like booting up your computer or watching a mediocre movie.
I reboot dom0 very rarely, when it updates. Always use suspend instead, without issues. AppVMs are typically rebooted after the templates are updated. Also no issues with reboot itself.
How often you restart your VMs as a matter of procedure, just to
wipe the slate clean once in a while?
I use the shutdown-idle script, VMs are starting and shutting down all
the time. This is necessary because I run 24 qubes plus various
disposable qubes for maximum compartmentalization.
At any given time I have 12+ qubes running.
4 of those are service qubes running all day.
there are also 18 templates but they only run during update
Everything is debian-minimal (+ 1 Windows HVM).
I have 16 GB of RAM and that is plenty even doing the above. The memory
allocation per qube is 150M (proxy) - 4G (win hvm).
Qube startup time is 8 seconds.
How often you restart your entire Qubes OS to ‘refresh’ Xen?
Every evening before going to bed I start a full backup (all qubes +
dom0) to an external USB drive and tell the machine to shutdown when
done. That backup usually runs for about 4 hours, which doesn’t bother
me because I am asleep
I keep full backups of the last 40 days.
Despite the fact that virtually all my VMs are disposable, sys-VMs
included, I restart my PC quite often as a matter of habit. It’s a
time-consuming habit, so I was wondering if I’m just wasting my
time.
There is one solid security reason to shutdown your PC entirely: when
you are away. You don’t want suspend. You want those encryption keys out
of memory. And you want Heads or AEM.
I have a bad habit of not rebooting. I use disposable appvm’s for many things, so I do restart my browsers maybe weekly. Should probably do it daily.
Basically only when I’m forced to. I suspend my machine every day, and sometimes it just happens that Linux fails to resume (maybe once every two months or so). Instead of resume, it reboots. That’s my restart . Another case is when I’m away for longer time.
The problem with restarting is in the way I work. I like to keep 8-9 appvm’s running various applications all the time. I just hate to start them up, arrange things back to my taste etc. after reboot.
@turkja you could either follow @unman’s KDE recommendations and use
Activities for that or hook up a bash script under XFCE’s “Application
Autostart” along with some Devilspie2 for positioning of the windows on
screen(s) and in different workspaces.
If you like KDE you should go with that. I tried many times to become
friends with it but always return to XFCE. Couldn’t tell you why.
Maybe because I have everything already setup exactly the way I want it
using the above method and replicating it in KDE is just too much work
(but probably less work then doing what I did from scratch – plus it
requires basic scripting skills).
Thanks for the usage outline @Sven, I’ll give it a go.
@adw@Sven If you can create an issue in the most appropriate GitHub repo and ping/mention me there, I’m happy to write usage docs and open a pull request. (My handle on GitHub is the same as in this forum.)
Restarting VMs is not a time-sink, especially if you use the qvm-shutdown --all and then a qvm-start [VM] [VM] [VM}. This, I expect other users would do quite often (at least daily).
I think this is the default among users–rebooting VMs using the qvm-shutdown --all command and only rarely rebooting dom0, with updates as exceptions. I need to figure out how to fix my suspend.
Is there anything that might help encourage you to reboot or restart your VM more often? Restarting something as exposed as browsers weekly sounds less-than-ideal to me. However, I’m not sure the qubes-app-idle-shutdown script would help here assuming the browser window is continually open, blocking the trigger.
This is hardcore, at least to me, but I can see why it might necessary for some. Wouldn’t running four hours of backup every night wear out your storage devices quickly? (Both backup and original).
This is good advice–something I had forgotten about. Powering up is a pain, but disk encryption is worthless otherwise.
I’d love to see a guide to minimum memory for various VMs, which would be helpful for new, old, and especially aspiring Qubes users since lack of RAM seems to be a common hardware deficit.
I’m pretty practical with this, so I don’t always aim for ideal. If I think my bad habits before Qubes… I mean like running the same browser without restart for months (or as long as I could before it choke on its memory usage) on a typical bare metal Linux. This has been a huge improvement.
True. A large part of security IMO is opsec (operational security?), and habit formation is a big part of that. Having formed good habits to the point where not doing them feels wrong is a worthy goal, but sometimes it takes time to undo and replace the bad habits one has already built up (while not forcing oneself), so slow and steady improvement seems to be important for fundamental opsec habits (as opposed to, say, hastily adopting new measures that you then forget and revert back from just as quickly since the habitual foundation isn’t there).
I do use “qvm-shutdown --all” before rebooting or shutting down. I always close all VM before shutting down. Like I explained, I have to reboot from time to time to get rid of the graphical glitch that I experience after waking from suspend.
)
. Another case is when I’m away for longer time.