Software – Words from fallingstuff

Qubes OS – A Privacy Operating System

A quick disclaimer to start off – this is not an in depth examination or review of Qubes OS. Qubes OS has a picky list of requirements that most people would not be looking for. Instead, this just my experiences and neat things I tried while taking the OS for a test drive.

Qubes OS, “A reasonably Secure Operating System” as the distro’s website declares, is a privacy and security focused operating system which heavily leverages (Xen) virtualization technology to isolate critical OS components to reduce the chances of the whole system being compromised. In other words, the virtualization technology of Xen provides the ability to used trusted environments for things like online banking or working from home and also create temporary (or untrusted) environments that provide a clean slate without the risk information being spread preventing shady websites from drop malicious browser plugins or scrape session tokens to hijack a Discord account.

Below is a diagram borrowed from the Qubes OS site describing how it all works .. which can be a little complicated. The key part of the diagram is that everything is separated from everything else mostly. A thumb drive that is plugged in does not get to talk to the network or the hypervisor (the thing that runs the show) because that drive is isolated to its own little world. There are actions that allow you to share things like files and hardware between qubes, but out of the box you have to consciously click the actions to share (like send file you downloaded in a personal qube to save long term in the vault qube).

Qubes OS trust diagram — Qubes OS Trust Diagram

That isolation of components opens the door for some cool tricks.

Untrusted Firefox and a Personal Firefox — 2 Firefox enter only 1 is trusted

Cool tricks like having a Firefox session that remembers all my personal settings, history, plugins, and so on while running another session that remembers nothing. But I can the comments now – “So what? Big deal, that can be done with a private window” which is true, but this forgetful Firefox that remembers nothing has a special trick. When I start the forgetful Firefox (that is Firefox running in a disposable qube that resets to a clean copy on every restart), another qube is started to provide the internet for forgetful. That other network qube starts up and automatically begins running a VPN connection so the forgetful Firefox and ONLY the forgetful Firefox is running through a VPN connection.

Starting a mullvad qube — Starting a VPN qube

Firefox is not the only thing you can run inside a qube, and a disposable qube that starts a VPN qube is more complicated than most people would run, but the concept is similar; multiple little “worlds” of applications that can only interact with other applications in that little world. For instance, in the image below, all of these applications in Yellow will all run in the “Personal” qube and keep all those settings and options isolated to just those applications. This isolation is great for testing things OR maintaining different levels of anonymity.

You are not limited to the qubes that are created at install time either. In the event you want to have a completely different little world, say for testing or research, then you can create a different, custom qube that has a specific set apps for just that situation.

Qubes OS is not too great for gaming and and, in my experience, playing very high quality videos will likely studder since most of the system is a bunch of virtual machines (and resources are shared between those virtual machines. So if you want to be paranoid about privacy or security you might want to take a look, and if you want to be ULTRA paranoid the installer provides options to encrypt the hard drive at install time.

Hosting a Website on the Go

Recently (relatively) I was going through some video recommendations and came across a video describing on how to host a website on a Raspberry Pi from just about anywhere including while traveling (like hotel WIFI or a mobile hotspot).

HakByte: Learn Web Hosting on Your Raspberry Pi with Dataplicity

Checking out the dataplicity site, the service is intended for management of IoT devices by making it convenient to connect to them wherever, without needing to jump through a lot of hoops (like configuring firewalls). I had a spare Raspberry Pi so why not give this a try and I went about setting it up.

The setup process is really simple, I am not going to spell it out here since the documentation is really clear – set up the Pi, connect it to the internet, run the script. Once complete, the Pi shows up in a dashboard letting one connect to the terminal or providing a randomized URL to connect with a web browser.

Once the Pi is reporting to the console and the URL is created then the next step is to create the website on one’s favorite webserver, which is a lesson for another time. All said, when finished, I did not really feel this would be useful as I thought for anything I might need, but it is kind of cool to explore … maybe something in the future.

Diskpart – How Clean is Clean?

BEFORE selling or throwing away a machine I cleaned the drive.

Building onto Parting the Disk we can see how DiskPart might be applied to clean up drives BEFORE selling or throwing away a machine. I did not have a machine convenient to test the cleaning of drives, but I DID have a Windows 10 Install USB, so that will have to do for the purposes of this test…

First, looking at the drive in explorer there are files present. I am going to skip the highly technical part where ‘files in explorer we see are pointers to the actually data” in favor of “deleting the picture does not make the file disappear completely. To prove that the files are not actually removed, I am going to look at the drive in a hex editor which will show the bits on the drive, the actual data and more than the picture in the file explorer.

Now, we see we have files and data, so now comes DiskPart and use the clean command, and see what we have left in the same spots as before …

Third position … yep, there is still stuff here too …

So, even after ‘cleaning’ the drive the bits are still present, which means that even though we do not see files when we look at the drive in Explorer, they can be put together some way. Now for giggles, we know that if we create a partition now on this “empty” drive there will be no files … but will the data still exist that could be recovered? Again, we DiskPart and this time run the commands to Create Partition Primary.

This looks just a little bit different …

From the looks of it, part of the data looks different – meaning the files are “missing”, but the actual bits of the data are still left behind. This means that the bits could be recovered and the files put back together … not a great cleaning method. Maybe there is another way the drive could REALLY be cleaned …

Looking at the drive in explorer there are files present. I will still skip going into the highly technical part where ‘files in explorer we see are pointers to the actually data” in favor of “deleting the picture does not make the file disappear completely. To prove that the files are not actually removed, I am going to look at the drive in a hex editor which will show the bits on the drive, the actual data and more than the picture in the file explorer.

Now, we see we have files and data, so now comes DiskPart and use the cleanall command, and see what we have left in the same spots as before …

Judging by the fact that there is a whole lot of zeros there, the drive is clean and data irretrievable, so if I did want to save something off there … I cannot anymore. For now, this wraps up my ranting about DiskPart and how it can clean up files you do not want people to find. I wanted to look at this myself for a while, and hopefully it helped out and now second-hand drives will be clean from now on.

Does the Windows 10 Upgrade Still Work?

So I had a thought the other day, back when the Windows 10 launched, Microsoft allowed users with Windows 7 to upgrade their computers to Windows 10 without having to pay for an upgrade. Supposedly this upgrade ability was turned off, but has it? I have a Windows 7 laptop let us find out …

The upgrade process is launched from a Windows 10 USB install instead of a downloaded install

Confirming the settings and what to migrate.

At this point of the process I am convinced that if the upgrade engine were to bail out because the upgrade to 10 was no longer supported, it would have done it by now.

Out with the Windows 7 and in with the Windows 10 …

So the answer is yes, the upgrade process does still work despite the fact that Windows 11 has become a thing and being actively pushed out by Microsoft. I have updated several laptops in the last year or so and it has worked well every time, safe to say … the upgrade process has not been disabled.

Get Windows 11, No Rules

As we know, Windows 11 came out with some serious system requirements… requirements that a lot of family computers just do not have the resources for meaning a lot of new computers will be bought in the next few years, or does it? The fact is that it may still be the case that new computer will need to be purchased, but maybe there is a way to squeeze a little bit more life out of that old computer and still try Windows 11.

To be honest I really expected this to be a lot more difficult, but it turns out that there are a huge number of ways to bypass the system requirement check. Posts from XDA Developer and Make Use Of have mostly the same methods, except for probably the easiest method, found on the Make Use Of site – simply copy over the install ESD from 11 to 10.

To complete this I built 2 USB drives using the media creation tool for Windows 10 to create one USB drive and the creation tool for Windows 11 to create a second USB with Windows 11; using a larger 16GB drive for the Windows 10 more about that here in a minute. The tools take a few minutes to build out the drives and when complete you have a USB drive for installing Windows 11 and a second for Windows 10. Just to be see what the failure looks like, boot up to the Windows 11 drive …

Can’t run Windows 11

Now we know what message comes out when the hardware is not Windows 11 compatible, time for the last step in this process. Copy the install.esd file from the sources folder of the Windows 11 USB and copy to the sources folder of the Windows 10 USB.

Install.esd

In the above I renamed the original ESD file before copying the Windows 11 one over – just as a precaution, but you can just as easily replace the one on the Windows 10 drive with the one from the Windows 11 drive. From there, just boot up to the Windows 10 drive with the Windows 11 ESD and proceed with install.

Installing normally

The Windows 10 installer puts down the Windows 11 bits and configures without any other warnings or error (at least from the Windows perspective). Once the installer finishes (if there were no other errors) the machine will be left on the Windows 11 OOBE (Out Of Box Experience) screen just waiting for someone to log in!

Out Of Box Experience

Unraid the NAS

A few years ago I was looking for a new backup solution as I had outgrown the dual drive network storage I was using and since said drive network storage had also just failed. That is when I found some videos on Unraid and made the jump. … This post has taken me way too long to write. I think I started off planning to write a long thesis on Unraid, but Unraid is actually pretty straightforward and does exactly what it says on the package – build a storage server out of more or less anything.

I have been using Unraid for some time now, I started off with a Dell PowerEdge T20 and filled it up with as many drives as I could. That worked very well for some time (a good year or 2) until I found I had more drives than the little server chassis would hold, so I upgraded to a consumer Asrock board and a low end consumer AMD processor. The upgrade was as simple as moving the data and USB drives from the Dell chassis to the case with the Asrock board and then reconnecting and powering up the whole lot again. All the drives and storage were recognized and nothing was lost especially since I had mismatched hard drive sizes – a cool feature for Unraid, not all the drives of the storage array have to be the same size.

One would think consumer hardware would not be good for a 24/7 storage server but it turned out to be super stable, until I ignored a failed drive … and had a second drive fail. If the storage had been configured as a RAID 5, or something along those lines the array would have been lost along with the data, however this did not happen. The loss of 2 drives definitely put the whole data set down until they were replaced, but not all the data was lost – only what was stored on those 2 failed drives, the data on the rest of the array was safe and came back when fresh drives were put in.

Since that time I added extra parity drives to handle multiple drive failures, swapped out the consumer motherboard for server board and Xeon CPUs, and even expanded the array with larger drives with no major failures to report. The server runs as my backup and network data storage, Plex server, NFS ISO storage for virtualization servers among other roles as needed without any noticeable headaches. There is some cost associated with Unraid, but I highly recommend it (not a paid shill) for the ease and flexibility of the software – one can start off with a less expensive license to get started and upgrade as more drives are needed – really handy and really useful.

fdisk – The Forgotten Skill

“What is the Dos utility that allow you to partition a hard drive?” Without a doubt, this one question kept me from getting a job with the Geek Squad back when it rolled into the Best Buy stores. Looking back, yeah, I still do not feel bad about not getting that job.

I do have a twinge of remorse though from a short time back while I was working on some retro machines. I had some smallish, older hard drives (around 120gig) drives that I decided would work as portable drives for moving files to and from old machines (Windows 98). I was quickly reminded only after moving the drives to enclosures, that Windows 10 cannot format volumes over 30GB with FAT32. Thanks Microsoft. Now, there are 3rd party tools that can do this but I knew it was possible without them.

I plugged the drives into the Windows 98 machine and … did not get much farther. Well, since the tools in today’s Windows cannot do the job, time to break out the time machine and go back in time to dust off those dos tools and break out fdisk.

First, we need a command line as fdisk is a dos utility and does not have a graphical interface (unlike disk management in Windows 10). A bit of Start run magic …

Entering in fdisk in the command prompt gets into the program and the first question to answer

Large disk support turned on and at the main menu. Before going much further, let us check the current partitioning and switch to the drive we need to work on

New drive selected, no current partitions on it … Perfect! Time to create a new partition then.

We have a primary partition the size of the second hard drive, but we are not able to put any files on the drive yet since it is not formatted yet. Unlike preparing a drive on a system today, Windows 98 and earlier required the machine to be restarted to pick up the new partitions / drives. Then once rebooted …

Behold, a formatted hard drive! Of course there are a lot more things fdisk can do, but those are beyond what I needed right now, which was to add that second hard drive to use to store stuff. Now that the second drive is created and blank, time to put things on it.