Quick Quality-of-Life Improvements

fiftyfourthparallel · January 18, 2024, 12:20pm

I’m on the fence about adding this as a tip.

This should be part of a tip on how to turn SMT on, otherwise it just lacks context.
Enabling SMT has potentially severe security implications, which is why SMT was disabled by the devs to begin with. While it’s hard to argue that increased performance is a niche desire, increased performance at the cost of security is a different matter. Tips with security implications, if allowed at all, must be marked with clear warning labels, but I fear that even when marked, just having the tip published might give the false perception that it’s less-risky.

Mods (@Deeplow @sven @gonzalo-bulnes , etc.), do you have any thoughts on the matter?

gonzalo-bulnes · January 18, 2024, 12:34pm

Regarding publication of tips with clear security implications, I’ve no strong feelings either way. I think I’d default to saying that everything in the forum should be taken with caution, and that applying changes you don’t understand well is likely unwise. ()

On whether this instamce is a tip in itself without the “how to enable SMT” context… I agree with your judgement:

Thay being said, I suspect that the trick works because the smt=off line is managed by Salt (educated guess), which has convenience functions that ensure a content is present in a file, in a way that adds it if missing and does nothing if present.

Leaving the line in the file and overriding it would work in any similar situation. So that may be a useful technique to know of.

Now, does it fit the category: “Quick Quality Improvements”? I’d say no. “Tips and tricks”? Maybe.

Sven · January 18, 2024, 2:34pm

Since the forum is almost entirely made up of
non-security researchers, non-developers and non-Xen experts I see no way to even begin assessing posts.

Also I don’t think it makes sense for the community to try to take user’s “at the hand”. Instead it should go like this:

If you have security concerns, use Qubes OS in its default congratulation without any modifications. Only follow instructions clearly published by the core team / official project. Expect each and every community post to be a malicious attempt to weaken your security.

If you are using Qubes OS as a hobby or to learn or you are sure you understand the implications of your configurations well enough to bet your security on it… by all means have at it.

fiftyfourthparallel · January 20, 2024, 1:09am

Thank you mods for your input

I’ll take Sven’s suggestion and not do any hand-holding here–we can have tips that have security implications as long as they’re clearly labeled as such.

@renehoj Would you like to post a tip on how to turn ~~off~~ on SMT, which includes your grub modification?

solene · January 20, 2024, 9:00am

SMT is off by default

fiftyfourthparallel · January 20, 2024, 11:25am

Typo; good catch

Zeno · January 20, 2024, 3:12pm

Would be helpful to add Qubes version next to each tip.
Something like:
[Tested for 4.2]

Good guide.

adw · January 20, 2024, 7:32pm

This is more of a “Fedora tip” than a “Qubes tip,” but it seems like a lot of people don’t know about dnf history, which is useful in dom0:

fiftyfourthparallel · January 21, 2024, 1:25am

Good idea, but we’ll do the negative version of this to save words: Whenever a new release comes around, everything gets tagged with Untested for R4.X which get removed as tip creators/users report failure or success

Nice tip–added.

Zeno · January 21, 2024, 7:05pm

Then you’ll have to repeat it each time, for each new version.
Even more wording

barto · January 22, 2024, 12:58pm

renehoj:

If you are running your system with SMT enabled, you need to add the following lines to /etc/default/grub
GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT smt=off"
GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT smt=on"
It’s the only way to keep kernel updates from disabling smt, by automatically adding the smt=off line to the end of the file.

Good idea to leave the default line and override it!
I always add “sched-gran=core” with “smt=on”; it avoids running different VMs on the same core, mitigating some (potential) data leaks between different VMs.
So the last line would be:

GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT smt=on sched-gran=core"

Lace · February 24, 2024, 2:33am

Can someone here tell me how to “undo” pkill? I didn’t know I could set a timer on it, as shown in the script here on this thread, so I did it without a timer and I did it globally to an admin user … because I didn’t know how to change the admin user name without killing the 3120 process running and thought maybe pkill everything would be easier and well it was and was not because I got to change the user name but now can’t use that admin user anymore until I resume all the processes for that account and I have no idea how

ruza · April 14, 2024, 4:36am

Root terminal keyboard shortcut in focused VM

Using i3 there is an way how to open terminal in the VM of the focused window ($mod+Enter by default).

Sometimes you’d want to be root in that terminal easily. You can define yet another keyboard shortcut to do so ($mod+Shift+Enter in the following example).

in dom0:~/.config/i3/config:
bindsym $mod+Return exec qubes-i3-sensible-terminal
bindsym $mod+Shift+Return exec qubes-i3-sensible-terminal.root

fiftyfourthparallel · May 1, 2024, 5:28am

Added; thank you

Would you or anyone else happen to know how to do the same without i3?

apparatus · May 1, 2024, 6:11am

fiftyfourthparallel · May 1, 2024, 2:41pm

Thank you; added.

@unman, @ruza, and/or anyone else should double check my interpretations of the above two entries.

After much deliberation, I decided to place @ruza’s i3 version under “etc.” because I feel a tip for i3 isn’t mainstream enough to warrant prominent placement.

ruza · May 1, 2024, 3:40pm

Sure, anyone could use favourite window manager to assign keyboard shotcuts to run corresponding commands.

ruza · May 1, 2024, 3:43pm

Having a monitors with a multiple inputs (i.e. HDMI and DisplayPort) you can switch monitor inputs using a keyboard without a need to do so physically on the monitor.

steffen · May 1, 2024, 9:15pm

Screenshot

Lets the user take a screenshot based on rectangular selection and sends it to the currently focused VM

#!/bin/sh
# lets the user take a screenshot based on rectangular selection and sends it to the currently focused VM

CUR_WIN_ID=`xdotool getwindowfocus`
CUR_VM=`xprop _QUBES_VMNAME -id $CUR_WIN_ID | cut -d \" -f 2`

if [[ "$CUR_VM" != "_QUBES_VMNAME:  not found." ]]; then
	xfce4-screenshooter -r -o "qvm-copy-to-vm $CUR_VM"
	notify-send "Screenshot sent!" "Your selection has been sent as a screenshot to $CUR_VM!"
fi

From here:

github.com/QubesOS/qubes-issues

[Contribution] qvm-screenshot-tool

opened 05:24PM - 08 Mar 15 UTC

marmarek

T: enhancement P: critical community dev S: needs review C: contrib package

**Community Dev:** @evadogstar **PoC:** https://github.com/evadogstar/qvm-scree…nshot-tool **Discussion:** https://groups.google.com/d/topic/qubes-users/dcsRRPf0Fxk/discussion ----- **Reported by axon on 16 Feb 2015 11:02 UTC** The ability send dom0 screenshots directly to an AppVM/DispVM from the screenshot app is an oft-requested feature (see below). The ability to transfer saved screenshot files from dom0 to other VMs is [ already available](CopyToDomZero), but it is neither obvious nor easy for most users to do this. User requests/queries about this: https://groups.google.com/d/topic/qubes-devel/m8TfyvSqvf4/discussion https://groups.google.com/d/topic/qubes-devel/CwSPqtPYTRQ/discussion https://groups.google.com/d/topic/qubes-devel/_a7KxHbkSJo/discussion https://groups.google.com/d/topic/qubes-users/l6vOqhsd7ss/discussion https://groups.google.com/d/topic/qubes-users/etxwrc6rsIM/discussion https://groups.google.com/d/topic/qubes-users/_7FzKv6eJqA/discussion Migrated-From: https://wiki.qubes-os.org/ticket/953

fiftyfourthparallel · May 3, 2024, 3:43pm

Thanks; added