HCL report table and qubes-hcl-report should be completely remade
I think the current app for making HCL reports qubes-hcl-report and the resulting table should be remade completely. Currently its reports are almost useless. When user opens current HCL table, the most valuable column for them is Remark and link “see more” if available. It destroys the whole concept of having a table.
All other columns, that were generated by qubes-hcl-report are nearly useless for different reasons:
Some of them can be filled from device specs even without touching hardware,
Some of them are outdated for modern hardware (like HVM, it should not be present green by default, only huge red sign in case it is not available),
Some of them are not relevant, e.g. TPM column is almost completely filled with unknown value. It should be removed and add to Remarks in rare cases when it’s known, or filled based on specs.
Some of them does not mean much without additional tests (e.g. number of USB controllers, it can be 3, but in fact it is only 1 available to the user and all devices connected to it, quite common situation).
Qubes, Xen, Kernel versions should stay, but not sure how important to have them as columns, because they do not reflect the device properties, just version it was tested on.
=> Almost all columns expect Remark are kind of useless. Something should be changed, and reorganized with HCL reports and HCL table.
Some users send report without Remarks and such reports can go directly to trash, because they are not giving valuable info on choosing/buying the reported device.
What user really wants?
To know what is working and what is not:
installation process (latest kernel? additional options were required?),
sound,
video,
ethernet,
wifi,
bluetooth,
suspend,
do wifi and bluetooth survive suspend,
video performance,
maybe the number of USB controllers and what those are connected to.
and etc.
The full list can be made based on good HCL reports on forum with a lot of details.
What HCL report application should do instead?
The HCL report application should ask user about all that, preferably providing buttons to test it if possible, or at least instructions what should be done to check each point. User can skip points if they like. All the lsusb, lspci outputs should still be preserved, user can be asked about the removal of serial numbers and preview the results of such steps.
The main problem we should solve: the HCL table is not helping with choosing the laptop
Currently the HCL table is not providing enough information to choose the laptop at all, we see it on forum all the time. Also there is not mass market laptop available that would be recommended to users. Some of modern Thinkpads are working quite well with Qubes OS and can be recommended, because not everybody can nor want to buy certified model with delivery over the sea.
Loosing potential users for community
I think Qubes OS is loosing a lot of potential users, because they try to buy hardware and try Qubes OS, but there are:
No proper guides what exactly to buy on mass market,
No way to understand it from HCL table,
Even when people on forum ask about it, they got actual no solution, except info that a couple of certified models are supported. People leave the forum and Qubes OS dissatisfied, staying on GNU/Linux or something like that.
Some valuable columns instead of current ones can be:
Year the device was presented. And age filtering is desired, to avoid seeing 15 years old devices that are impossible to buy new.
Max Memory column. Not out of box memory but how much can be added in total.
CPU scores. Laptop models can have different CPU models, their single/total score should be present for all options or as a range. Because Qubes OS experience is very much about CPU and memory. Good source of comparable CPU scores: PassMark - CPU Comparison.
Would be happy for discussion here on the forum. Maybe I am not the only one who thinks there is a major issue with the current HCL reports and HCL table approach.
I hope it will help potential HCL-maintainers to see the current state, current problems with the system, and see the room for improvement or even reinvention of the current system.
Maybe somebody will like the idea and will be happy to participate in this way too, improving the situation with HCL table and helping the Qubes OS community.
My view is that the main problem with the HCL is the combinatorial rate of growth of entries because there are so many independent factors/parameters for each entry. Each laptop manufacturer, model and version has multiple options in CPUs, memory configurations, storage devices, etc., and it’s a fools’ errand to try to validate each and every one of those options. It also makes the list unwieldy when someone is simply trying to buy a new laptop and get a recommendation on what works or doesn’t work. But if we go by what most experienced people in the forums advice in practice, this typically gets summarized in perhaps a few manufacturers and models, with a few caveats based on things that don’t work.
I think that there is still significant value in compiling what actually works in detail in the HCL, for a number of reasons, but perhaps the HCL is not the first resource that a Qubes newbie should consult when trying to buy a new device. Having a central place with a few hardware recommendations (low end, medium, high end) for both, used and new laptops, may solve the most common problems expressed here (of course, with the appropriate disclaimers on no association with the manufacturers themselves).
With respect to the HCL, it would be great if someone could make qubes-hcl-report available directly from a live boot image in an easy to use way (even if that means a special image that boots Qubes, runs qubes-hcl-report, uploads the report and thanks the user). That way, people and hardware manufacturers could pop in a USB drive with Qubes, boot from it, select an entry from a menu and generate a report without needing to even bother installing, learning or using Qubes. This could create a very easy incentive for hardware manufacturers to add a “Qubes certified” label to their units and provide a growing base of new devices to add to both, the “what should I buy” wiki entry and the HCL.
I’m conscious that I haven’t addressed the original question posed by the OP with my post, or perhaps I did. In my opinion, there is significant value in the HCL for the Qubes developers, since it helps identify issues in Qubes that can be addressed and provides a good compass for priorities (for example, those issues that are the most frequent among multiple entries). But, in my opinion, sending every Qubes newbie to consult the HCL before they buy their first Qubes laptop is never going to be a very good option.
Wouldn’t it make more sense to let the HCL be what the name implies, a list that helps you gage how compatible a given system is with Qubes OS.
If you want a list that helps people make decisions about what computer to buy, it would make more sense to expand the community recommended hardware list.
The HCL can be a long list, and the recommended list being the short list of best suited systems for running Qubes OS.
One thing that could make sense with the HCL is to combine all version of the same model in one entity, you really don’t need 50 unique reports saying that the X230 or T430 works with Qubes OS, and the same is true for most of the popular laptop models.
I think that we are both saying the same thing, when it comes to the purpose of the HCL versus the community recommended hardware. However, the HCL has a lot of value to identify potential hardware support issues in Qubes that could be of use to Qubes developers, as they tailor their roadmap towards the most widely used hardware (or newer models). I’m not sure that collapsing entries is a good idea, especially if a variation on something like a GPU manufacturer or model could create a significant issue to Qubes support.
But it is empty. Or isn’t it? I mean there are several certified laptops, and none that were accepted from users (I am talking about not-outdated mass market offers that are mentioned there). And where is the list exactly there? I see a topic on forum without list.
Completely agree. As I said in the starting post, one of the problems is that the list is full of outdated (and not possible to buy new) hardware and this hardware is present multiple times.
I would vote for manual human mangement of this table, that should collapse models, keeping all the data (no data loss). Like the links of all reports should be present for the model, and the “working” state of features should be based on the latest reports and/or most detailed.
It also shows that there is no need to add columns with exact kernel/xen versions, just show the latest Qubes OS version. All other details about tested versions can be unfolded by click.
About a new version of qubes-hcl-report tool. It does not seem to be happening, as it is not a top priority. So, maybe new HCL reports table should be filled manually based on feedback from the users on the forum. In case something is not clear, the maintainer can ask the user to test it, if possible. It will not require to remake qubes-hcl-report tool immediately, even if this tool currently does not provide much useful information.
I would like to echo @balko in that the community recommended list is completely useless in 2023, and in my opinion is in fact detrimental to a new user trying out Qubes. It de-facto does not add any hardware that isn’t certified. If you tell someone that your software product works best on computers 5+ years old only, I get a really bad first impression.
Currently the community recommended list only works for people with extremely restrictive threat models, and makes absolutely 0 sense for the average person. The average person works with what they have, or can reasonably get, and do not have 100 hours to throw into getting a minor in cybersecurity and flashing Heads on a T430.
I think this could be remedied by splitting it → have a list for people that need absolute security, and have a list for people that need a computer that will boot qubes and will work without issue. There is value in describing the sad state of modern computer security and noting that newer hardware may have serious flaws, but at the end of the day I think it is a disservice to everyone to discourage use of newer hardware when it does give you a better experience/compute power which is something people like and need.
The list clearly isn’t useless, both the X230, T430 and the other certified hardware are all very well suited for running Qubes OS. Anyone who actually needs Qubes OS for its designed purpose isn’t going to go wrong with the certified hardware, saying the list is useless is beyond hyperbolic.
I do think the list should be expanded with more easily available and cheaper hardware, but that doesn’t mean the current version of the list is useless.
I also don’t understand what prevents anyone from maintaining a list to their liking. All the data is public, the people who generate that data when submitting their HCL reports are on the forum, and the existing list of recommended hardware is a forum topic.
I’d love to see folks go ahead and creating better documentation and sharing it when they feel the need for it. I’m pretty sure that would be useful, assuming that there is as much need for it as stated.
I don’t see why it would have to compete with the list of recommended hardware. Multiple lists can very well co-exists, as soon as someone is maintaining them.
Now, wishing that existing tools were different, and that people maintaining them were working more for use case X, Y or Z doesn’t strike me as useful or likely to succeed. Folks putting work into Qubes OS community projects usually think a lot about what to do and why, believe me.
On the other hand, I don’t know anyone in that position who wouldn’t love to see other people create, maintain and nurture community interest in tooling for use cases that are closer to their hearts. I sure would love to see that, and would peruse those new hardware lists myself!
Well, I think, @hypercube and I were talking about community recommended list. And you say it is not useless, because it contains X230 and other certified hardware. But we are not talking about certified hardware, we are talking about community recommended list.
Does it exist? What does it include (I would love to see THE LIST)? Except certified hardware that can be considered Qubes OS Team recommended list, not community.
Maybe I am missing something.
But it does not mean I am against the community recommended list. Quite the opposite, I think it should exist (unlike now), and it should include mass-market solutions, like some of modern gen10+ Thinkpads for example. With detailed list of what works and what does not.
The current rules and criteria for including to the community recommended list make the list empty => these limitations should be removed.
I am fine to buy a laptop that will work well with Qubes OS, even if I will have to add a script or two (that will be explained by the link in the list/table) or set permissive mode for wifi or something. It is way-way more valuable to have such good laptop instead of Intel Gen3 one, that stuggles with HD video playback and has dead battery, with possible modified firmware from previous owner.
Max memory column – might be useless. First, this is likely in the specs. Second, I don’t expect many users to test it. And unless something has changed, it should be usually enough to check the CPU specs and ignore MoBo specs, because memory controller is in the CPU.
My uses of HCL:
a. Find specific HW.
b. Find experience with similar HW (maybe filtering by manufacturer and year would make it easier)
Reminder (or highlight for anyone who hasn’t seen it yet): the folks maintaining the list of community-recommended computers have created a built-in feedback mechanism in it!
I tried to get the T480 added to the list, it’s by far the most cost-effective ThinkPad you can get at the moment, and it works flawlessly with QubesOS which is documented by more than 10 HCL reports.
It got rejected for no clear reason, which to me makes it seem like the feedback mechanic doesn’t work, or it works and there is no interest from the maintainers to expand the list.
(Edited by me!)