[qubes-users] Configuring AppVMs for multiple NICs?

[JW]

I have two physical NICs on my machine.  I'd like most AppVMs to only connect 
to one of the networks, but other VMs to connect to both. Is this possible? 

The NICs are attached to different networks (one 192.168.*, the other 10.*)

Thanks for any tips!

-J

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c049eab9-2bd9-49e9-a622-d3971014a865%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removing of f23 template did not go as planned

[raahelps]

you might want to give example template name cause I was typing 
qubes-template-fedora-23 before realizing needed to be just fedora-23.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7da36aa7-3b76-45ed-bb6f-265b3f7cf96d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removing of f23 template did not go as planned

[raahelps]

it just happened to me

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54c6f4e7-0485-4469-a99f-852d09630357%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] postfix

[Ted Brenner]

On Wed, Mar 8, 2017 at 9:32 AM, Ted Brenner  wrote:

> On Wed, Mar 8, 2017 at 9:15 AM, Unman  wrote:
>
>> On Tue, Mar 07, 2017 at 09:56:02PM -0600, Ted Brenner wrote:
>> > Hi all,
>> >
>> > I'm trying to setup postfix following this guide
>> > . But I'm not able to get a few
>> > things to work.
>> >
>> > First, the commands I added to /rw/config/rc.local don't seem to run.
>> > Namely, it doesn't appear to be mounting the /usr/local/etc/postfix
>> > directory in /etc/postfix. Also postfix doesn't appear to be running on
>> > startup. How do we tell if that gets run correctly?
>> >
>> > Thanks!
>> > Ted
>> >
>>
>> Other have pointed out that you need to set the executable bit on
>> rc.local.
>> You might want to cnsider instead the use of bind-dirs :
>> www.qubes-os.org/doc/bind-dirs which provides similar functionality.
>>
>
> Thanks all. Yes, this was the issue. Still can't get postfix to work but
> that now appears to be due to missing the aliases.db.
>
> Is there a reason rc.local isn't executable by default?
>
> --
> Sent from my Desktop
>

Quick follow up. What user is running rc.local? Is it root or user? I
assume it is user since I'm seeing a permission denied when the call to run
postfix tries to access the aliases.db file. So should I throw a sudo in
front of the command to start postfix in the rc.local file? Or should I
change the permissions on aliases.db? Per the instructions I'm also doing a
mount command but that succeeds. Which is odd since if I try it as user, it
fails saying only root can do it. Which is why I ask which user is running
rc.local.

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZuty8XMqHEpOm58UaPQfgGez%2BHeAAWp4p9uh02fW_aPd5-Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage shortcuts to applications in DispVM?

[elsiebuck105]

Exactly:

Fire up dom0 terminal
cd to /usr/local/share/applications
sudo cp ./qubes-dispvm-firefox.desktop qubes-dispvm-opera.desktop
sudo nano qubes-dispvm-opera.desktop
change the EXEC line from *firefox* to opera | 
/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0   DEFAULT red
Then [ctrl]o to write the file and [ctrl]x to quit
Then cd /etc/xdg/menus/application-merged
sudo nano qubes-dispvm.menu
Add this line above or below firefox
qubes-dispvm-opera.desktop
Then [ctrl]o to write the file and [ctrl]x to quit
Then exit to exit the terminal and you're done.

would have been helpful.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/263cdecd-631a-4e6a-91c2-63bc922ab289%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage shortcuts to applications in DispVM?

[elsiebuck105]

nano

That's the answer to how to modify those files in dom0.

Thank you everyone!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dad1635-d1c2-4836-a798-48a58c978315%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS

[Unman]

On Wed, Mar 08, 2017 at 11:55:17PM +0100, 'Antoine' via qubes-users wrote:
> On Tue, Mar 07, 2017 at 09:08:07PM +, Unman wrote:
> > On Tue, Mar 07, 2017 at 09:56:23PM +0100, 'Antoine' via qubes-users wrote:
> > > On Mon, Mar 06, 2017 at 04:31:31PM -0800, Andrew David Wong wrote:
> > > > >> Filed a bug report:
> > > > >> 
> > > > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > > I have the same problem with Fedora 23, Debian 8 and Debian 9:
> > > 
> > > = Fedora 23 =
> > > [user@work ~]$ grep PRETTY /etc/os-release 
> > > PRETTY_NAME="Fedora 23 (Workstation Edition)"
> > > [user@work ~]$ cat /etc/resolv.conf 
> > > nameserver 10.137.2.1
> > > nameserver 10.137.2.254
> > > [user@work ~]$ dig +short gov.uk @10.137.2.1
> > > 23.235.33.144
> > > 23.235.37.144
> > > [user@work ~]$ dig +short gov.uk @10.137.2.254
> > > ;; connection timed out; no servers could be reached
> > > 
> > > = Debian 8 =
> > > user@cloud:~$ grep PRETTY /etc/os-release 
> > > PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
> > > user@cloud:~$ cat /etc/resolv.conf 
> > > nameserver 10.137.2.1
> > > nameserver 10.137.2.254
> > > user@cloud:~$ dig +short gov.uk @10.137.2.1
> > > 23.235.33.144
> > > 23.235.37.144
> > > user@cloud:~$ dig +short gov.uk @10.137.2.254
> > > ;; connection timed out; no servers could be reached
> > > 
> > > = Debian 9 =
> > > user@Email:~$ grep PRETTY /etc/os-release 
> > > PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
> > > user@Email:~$ cat /etc/resolv.conf 
> > > nameserver 10.137.2.1
> > > nameserver 10.137.2.254
> > > user@Email:~$ dig +short gov.uk @10.137.2.1
> > > 23.235.33.144
> > > 23.235.37.144
> > > user@Email:~$ dig +short gov.uk @10.137.2.254
> > > ;; connection timed out; no servers could be reached
> > > 
> > > Do you have an advise how to remove 10.137.2.254 from the list of
> > > default name servers?
> > 
> > Probaly more relevant would be for you to discover why the first
> > nameserver isnt reachable or isnt responding.
> > With multiple entries they are queried in the order given, so if the
> > first is working correctly the second entry wont be hit.
> > 
> > Thats the real problem.
> 
> I have understood why I have this problem.
> 
> On my LAN, the DNS recursive server (unbound) has a blacklist: it
> refuses to answer queries for tracking/ad domains. The problem is that
> when a program receives a "REFUSED" packet from its DNS query, it tries
> to solve the same host on the second DNS server in resolv.conf.
> 
> I can see the pattern clearly using tcpdump: Query -> fast answer
> REFUSED -> Query on the second DNS server -> no answer.
> 
> On the DNS resolver:
> # grep facebook unbound-blacklist.conf 
> local-zone: "facebook.com" refuse
> 
> on any Qubes VM:
> $ host facebook.com 10.137.2.1
> Using domain server:
> Name: 10.137.2.1
> Address: 10.137.2.1#53
> Aliases: 
> 
> Host facebook.com not found: 5(REFUSED)
> $ host facebook.com 10.137.2.254
> [... 10s ...]
> ;; connection timed out; no servers could be reached
> $ host facebook.com
> Host facebook.com not found: 5(REFUSED)
> $ ping facebook.com
> [... 10s ...]
> ping: facebook.com: Temporary failure in name resolution
> 
> I do not understand why this second DNS server is populated in all Qubes
> VM. Is there a simple way to configure only 1 DNS server?
> 
> Antoine
> 

If you had two servers on your network, or your DHCP server gave out two
addresses both would be used, I think.
If you want to lose one, you could overwrite it from rc.local or use
bind-dirs on resolv.conf: both methods are covered in the docs.  
Look at www.qubes-os.org/doc/config-files


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170309003021.GB5764%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to manage shortcuts to applications in DispVM?

[Unman]

On Wed, Mar 08, 2017 at 02:01:51PM -0800, elsiebuck...@gmail.com wrote:
> On Thursday, February 23, 2017 at 12:51:46 PM UTC-5, Nick Darren wrote:
> ...
> >After the modification on 'qubes-dispvm.menu', now I can see my custom menu
>  on XFCE. :-)
> 
> 
> How were you able to modify "DispVM: Firefox web browser"? I couldn't view 
> the contents to make a new one for Opera...

Let's say that the entry you need to run from dom0 is this:
"echo  opera | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0   DEFAULT 
red" 
(You can play around with the command line until you get it just as you
like.)

Look in /usr/local/share/applications:
Copy the qubes-dispvm-firefox.desktop to qubes-dispvm-opera.desktop
Edit qubes-dispvm-opera.desktop and change the EXEC line to
whatever command line you have found works.
Obviously change the Name line also.

Then look in /etc/xdg/menus/application-merged
Edit qubes-dispvm.menu

You want a line that says:
qubes-dispvm-opera.desktop

Either add this line below the other Filename entries or replace the
existing firefox entry.

That's all you need to do.

You can., of course, use exactly the same mechanism for starting ANY
application in your disposableVMs. I just use a keyboard shortcut to
spin up xterm and launch from that. Your choice.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170309001920.GA5764%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

['Slideshowbob' via qubes-users]

 Original Message 

Subject: [qubes-users] Re: Why is there no built-in nvidia driver support? aka 
GTX 980 issues
Local Time: March 8, 2017 11:58 PM
UTC Time: March 8, 2017 10:58 PM
From: rkny...@nymantechnology.com
To: qubes-users 
almightyl...@gmail.com

Did this ever get resolved? I am fighting this very battle. I'm assuming that 
trying to hack through anaconda JUST TO GET THE INSTALLER TO WORK is a waste.

Is there something I can try? How can I help?

=rk=

I had lots of weird errors and a non working installer, too. Booting using 
nouveau.modeset=0 made all my issues go away. Worth a try :).

ssb

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dWMc4j2yqNwyZD_B_TCnLp6wg7INl83-Lu6r5XJH84mYp-0Ohpmtm7LFo0K8KdaH1IzKqjh-q0GE9FRp8yo90RB62jIEvTo1ugEBSu0yXcc%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

[Daniel Moerner]

On Wednesday, March 8, 2017 at 8:51:06 AM UTC-5, tai...@gmx.com wrote:
> I realize that it is an integral part of fedora and debian (gross), but 
> it is a serious security hole and qubes should consider migrating away 
> from it by maybe choosing another orgin distro.

It would be helpful for you to make clear what exactly in that pile of links is 
a threat to Qubes.

More generally, I think you significantly underestimate the benefits Qubes 
receives from integration with established distributions. These distributions 
have more users, more developers, better infrastructure, etc. All of this 
contributes to security, and the infrastructure is particularly important when 
it comes to trusting the distributions you use for your templates. The 
alternative distributions have much smaller userbases. The same holds true for 
systemd alternatives. How long will OpenRC, or sinit, or uinit, or the latest 
new proposed replacement be supported? Even if systemd has some problems, I 
think the benefits we get from Fedora and Debian outweigh the costs.

Daniel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dcbbd15-2974-4500-9c92-4997d9367d0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 - Walk The Talk

[raahelps]

On Wednesday, March 8, 2017 at 12:03:08 PM UTC-5, Wojtek Porczyk wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Wed, Mar 08, 2017 at 11:18:51AM -0500, 'Sudoyum' via qubes-users wrote:
> > First of all I would like to congratulate the Qubes team and their very
> > pro-active User community on creating their highly regarded Qubes OS.
> > 
> > As an IT professional working for a large multi-national, I have been
> > following, closely, the development of Qubes for some time, with the
> > ultimate intent of perhaps rolling out Qubes on an experimental basis within
> > our IT Department.
> > 
> > As you'd expect, when we consider entering into a partnering relationships,
> > our primary considerations after costs are reliability and integrity - it is
> > imperative that all our partners "walk the talk". In other words, if new
> > software is planned to be released on a forthcoming date, that date must be
> > met. If problems exist they need to be discussed in an open and honest way
> > and if necessary revised dates agreed.
> > 
> > I hope this short note explains what most professional Clients demand of
> > their Suppliers. Keep up the good work and do your best to give us
> > a reliable release date for Qubes 4.
> 
> As an IT professional working for a large multi-national, you are very much
> welcome to send inquiries about any offered partnership (which would include
> agreement about deliverables and their deadlines) to bussin...@qubes-os.org.
> This way your enterprise needs will get proper attention. Until then, we work
> on "when it will be ready" schedule, in cooperation with our open and
> sometimes very honest community.
> 
> 
> - -- 
> pozdrawiam / best regards   _.-._
> Wojtek Porczyk   .-^'   '^-.
> Invisible Things Lab |'-.-^-.-'|
>  |  |   |  |
>  I do not fear computers,|  '-.-'  |
>  I fear lack of them.'-._ :  ,-'
> -- Isaac Asimov `^-^-_>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJYwDU0AAoJEL9r2TIQOiNRWw0P/13R4igDcmGLefXcQMeyhKZA
> 3YcfnXsNBeis2qI2RTbHgf4Sefmlm4uPysw8/zWD/4UGjYrgRsdk+RRDIG0rMGG0
> YRMldMVh+BOVF5oRd526/+psbZLwxBWF8qghrX/m+COAuaPHb+NEZfSuNG3HWJSE
> GtnW7jupNEoyDS1XxIh0L6zbNNpwI4k7JPySi4TpNrNg/KDwpjz4oopQYkQtumLA
> LVehvvt57E0GbRZjFHyUTL+v/K/KjYrwy/9bbJJiltu+kvnnFoKohyAL6yDA5DlI
> dzA2+1f4hT2zzJZahc+ZUZ3DRxXuXIqrnEkavPd4gc3+j3MB0BKq+zBCURAuVqIT
> iNWET4Z8eq1cTbOarEYZozEKrBwuFg0LdHNC/GSqesTSp8qjBjjE+opNClPZwmZE
> 4iANkoIpYz7Wby3lio7pZs17GKc42QyivTpWboHf9MByw6aECnYsMFGqJ/ye6E8L
> jiiBj3Ca8RH6xa3SdkX6dliiUWZrUfj+KIyDDSTuAnGcQVbVpGKlaz+LLnHtVT8Y
> e+w6oXqE7ut3tcegjhpnTeoPH74O+8Y+kA7MCmxonXtFayHYRSV21NPQ29viBcZW
> CAatoEFDyaN8hDvusySLcmS8dHzICEGVBEoLzzMAtGaRu9trer9phc6r+wwPtqSp
> WVMpB4NFWzwV3ML5nqS+
> =RJtW
> -END PGP SIGNATURE-

I always thought large businesses were always leary about wanting newly 
released versions of software to fix what isn't broke.  Unless they is a 
specific feature they are waiting for they usually stick with older versions 
they know are stable.  For example most businesses still use windows 7.  Debian 
stable goes a long time before a major release.  

Its usually the home user that always wants the latest versions of software for 
no particular reason.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c79e9755-9fcc-4615-b5fa-928e9004779e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

[rknyman]

Did this ever get resolved? I am fighting this very battle.  I'm assuming that 
trying to hack through anaconda JUST TO GET THE INSTALLER TO WORK is a waste.

Is there something I can try?  How can I help?

=rk=







On Saturday, September 17, 2016 at 1:54:55 AM UTC-7, almigh...@gmail.com wrote:
> I have been doing some tests using a GTX 1070, on Qubes R3.2, I think it is 
> fair to say GTX 900 and 1000 series cards are unusable right now going by 
> user reports.
> 
> Booting in BIOS mode without self-test:
> Starting installer, one moment...
> *black screen*
> 
> Booting in BIOS mode with self-test:
> Starting installer, one moment...
> *scrolls too fast to read*
> 17:47:03 Not asking for VNC because we don't have a network
> 17:47:03 X startup failed, falling back to text mode
> 
> Then I am placed in the anaconda CLI install. Trying to go through with the 
> CLI installer fails while trying to set an install destination. Selecting 
> LUKS results in the following errors:
> 
> Generating updated storage configureation
> storage configuration failed: autopart failed:
> Encryption requested for LUKS device sdc2 but no encryption key specified for 
> the device.
> 
> Booting using UEFI doesn't work either. It shows the 4 tux images and says:
> 
> [ 0.00] efi: EFI_MEMMAP is not enabled.
> [ 0.00] esrt: ESRT header is not in the memory map.
> [ 5.760317] dracut-pre-trigger[401]: cat: /tmp/dd_disk: No such file or 
> directory
> [ 37.945613] hid-generic 0003:1044:7A03.0008: item 0 1 0 8 parsing failed
> [ 38.003314] hid-generic 0003:1044:7A03.0008: No inputs registered, 
> leaving
> [ 39.170611] sd 6:0:0:0: alua: Attach failed (-22)
> { 9.139264] dracut-initqueue[506]: mount: /dev/sdd is write-protected, 
> mounting read-only
> 
> The display then freezes, trying to switch tty doesn't show any effect.
> 
> I think this has something to do with nouveau. Searching around shows nouveau 
> only got support for the GTX 1000 series in July. Perhaps Qubes is using an 
> outdated version?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8ad4dad-e383-41ea-abc3-11c2fd4da32b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS

['Antoine' via qubes-users]

On Tue, Mar 07, 2017 at 09:08:07PM +, Unman wrote:
> On Tue, Mar 07, 2017 at 09:56:23PM +0100, 'Antoine' via qubes-users wrote:
> > On Mon, Mar 06, 2017 at 04:31:31PM -0800, Andrew David Wong wrote:
> > > >> Filed a bug report:
> > > >> 
> > > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > I have the same problem with Fedora 23, Debian 8 and Debian 9:
> > 
> > = Fedora 23 =
> > [user@work ~]$ grep PRETTY /etc/os-release 
> > PRETTY_NAME="Fedora 23 (Workstation Edition)"
> > [user@work ~]$ cat /etc/resolv.conf 
> > nameserver 10.137.2.1
> > nameserver 10.137.2.254
> > [user@work ~]$ dig +short gov.uk @10.137.2.1
> > 23.235.33.144
> > 23.235.37.144
> > [user@work ~]$ dig +short gov.uk @10.137.2.254
> > ;; connection timed out; no servers could be reached
> > 
> > = Debian 8 =
> > user@cloud:~$ grep PRETTY /etc/os-release 
> > PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
> > user@cloud:~$ cat /etc/resolv.conf 
> > nameserver 10.137.2.1
> > nameserver 10.137.2.254
> > user@cloud:~$ dig +short gov.uk @10.137.2.1
> > 23.235.33.144
> > 23.235.37.144
> > user@cloud:~$ dig +short gov.uk @10.137.2.254
> > ;; connection timed out; no servers could be reached
> > 
> > = Debian 9 =
> > user@Email:~$ grep PRETTY /etc/os-release 
> > PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
> > user@Email:~$ cat /etc/resolv.conf 
> > nameserver 10.137.2.1
> > nameserver 10.137.2.254
> > user@Email:~$ dig +short gov.uk @10.137.2.1
> > 23.235.33.144
> > 23.235.37.144
> > user@Email:~$ dig +short gov.uk @10.137.2.254
> > ;; connection timed out; no servers could be reached
> > 
> > Do you have an advise how to remove 10.137.2.254 from the list of
> > default name servers?
> 
> Probaly more relevant would be for you to discover why the first
> nameserver isnt reachable or isnt responding.
> With multiple entries they are queried in the order given, so if the
> first is working correctly the second entry wont be hit.
> 
> Thats the real problem.

I have understood why I have this problem.

On my LAN, the DNS recursive server (unbound) has a blacklist: it
refuses to answer queries for tracking/ad domains. The problem is that
when a program receives a "REFUSED" packet from its DNS query, it tries
to solve the same host on the second DNS server in resolv.conf.

I can see the pattern clearly using tcpdump: Query -> fast answer
REFUSED -> Query on the second DNS server -> no answer.

On the DNS resolver:
# grep facebook unbound-blacklist.conf 
local-zone: "facebook.com" refuse

on any Qubes VM:
$ host facebook.com 10.137.2.1
Using domain server:
Name: 10.137.2.1
Address: 10.137.2.1#53
Aliases: 

Host facebook.com not found: 5(REFUSED)
$ host facebook.com 10.137.2.254
[... 10s ...]
;; connection timed out; no servers could be reached
$ host facebook.com
Host facebook.com not found: 5(REFUSED)
$ ping facebook.com
[... 10s ...]
ping: facebook.com: Temporary failure in name resolution

I do not understand why this second DNS server is populated in all Qubes
VM. Is there a simple way to configure only 1 DNS server?

Antoine

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308225516.3coxi2iautyfbfuj%40fedora-23-dvm.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] How to manage shortcuts to applications in DispVM?

[elsiebuck105]

On Thursday, February 23, 2017 at 12:51:46 PM UTC-5, Nick Darren wrote:
...
>After the modification on 'qubes-dispvm.menu', now I can see my custom menu
 on XFCE. :-)


How were you able to modify "DispVM: Firefox web browser"? I couldn't view the 
contents to make a new one for Opera...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ab7b611-5998-4972-aca1-fafbaa0e23e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 Release Date

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-07 08:37, 7v5w7go9ub0o wrote:
> On 03/07/2017 08:04 AM, qube...@tutanota.com wrote:
>> Back in July 16 Joanna announced
>> (http://qubesos4z6n4.onion/news/2016/07/21/new-hw-certification-for-q4)
>> that Qubes 4 was due to be released later that year in Sept 16. 
>> Has Qubes 4 been scrapped? Anyone any idea if/when it will be
>> released?
> 
> 
> Their priority is to get it right; their response to 
> questions/complaints like this have historically been that it'll be
>  released when it's ready.
> 
> Given the number of users now using or wanting to use Qubes, the
> range of their technical abilities, and that the new users want to
> use Qv4 as plug-and-play full production, ITL would be smart to
> take their time on releases from now on and get them *very* right.
> 

7v5w7go9ub0o is correct. Qubes 4.0 development is alive and well, but
nothing will be released before it's good and ready.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYwH5YAAoJENtN07w5UDAwK+QP/i0563VqRMXSpqDM11rkQ4+p
Bw9Lb3J7UA7A7YudLINPfXL4/pDOmXeg8QVczWhlDUP8LtIQDRCT4bi57+ye9zVk
C3w3pAl0bSJ9P8CLEufHZ+joEqv9aY/8GFo8AgQwxR6D9Wnk/drYjV3taORiojfC
mSubiEu5gDjW8kmHikx1x/c8VDlh/GTxT1AcMK7BeaWeVt3UlIsI543FT8YcudAu
aUfOsREZo9nXNt3bTWDF0Jts9llv0HXD7oSTrWLfe3kIVY3QTZvW2PbNpas+xTAr
F1PtVo6RndTkbJKjy0GWcr4sSIdlP+eHznzAJY5vh1qu9mgncSJm/BkFmhfsQxag
c1nb/+xy7tpG9YXbdVVxWo5Odu5Q/bUiedRwFPK2/qUKNzgIrDv2VjCsfrHY4uvn
TzWYL7phSzYDHNHUDhELchr/L4II8HtN7pB7l6jrMbCo+GUXrauw+nW4dFR/GEzO
WJot+7myK2HJXV+bGzNSzAWYa9P4DLawO/MCFBGdPSbZJ5s4EGNs9+7n7qu1onHQ
tf2u6L+AIE/5qxy3wlREG3mjjcF1o9pkffvYEc8S/NGHuTCZII7NE0Qf1CsbTCfl
kmCV0HZyUuPo19VQ4Vd/eaG4xQhvsNKka9tp1FL18DxEycnoDJmglBRMJp5e2p1x
BzAeENcwjpC9odZm9Nbn
=HwT/
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ba68440-a2b3-3cfe-65ea-01f2f38c57c1%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] GSoc Student Applying

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-08 07:43, Neil Yale wrote:
> 597/5000 Nǐmen hǎo, wǒ shì Yale. Hěn bàoqiàn xiànzài cái gěi nǐmen
> fāchū zhè fēng yóujiàn. Zhīqián cānjiāguò de péngyǒu gàosu wǒ,
> cānjiā GSOC zuìdà de shōuhuò jiùshì míngbáile kāiyuán de yìyì.
> Yīzhí yǐlái wǒ yīzhí yòngzhe kāiyuán de xiàngmù, zhǐ zhī suǒqǔ, bù
> zhīdào gòngxiàn. Xiànzài, yǒule GSOC de huódòng de tuīdòng xià, wǒ
> xīwàng zìjǐ nénggòu tōngguò GSOC zhèngshì cānyù kāiyuán, jíshǐ zài
> GSOC jiéshù zhīhòu yě néng jìxù wéi kāiyuán shèqū zuò chū zìjǐ de
> gòngxiàn.
> 
> Yóuyú jùlí jiézhǐ rìqí yǐjīng hěn jìnle, suǒyǐ wǒ jiù zhíjiē qiērù
> zhèngtí hǎole. Yīxià shì wǒ de yīxiē yíhuò:
> 
> 1. Nǐmen liè chūlái de xiàngmù shì bùshì shuō yóu dǎoshī tígōng
> dàtǐ de fāngfǎ ránhòu wǒmen qù shíxiàn, háishì shuō ràng wǒmen zìjǐ
> qù shíxiàn. Rúguǒ shì zìjǐ de proposal nà jiù xūyào zìjǐ qù liánxì
> qiánzài de dǎoshī tǎolùn kěxíng xìng zhī lèi de shìqíng? 2. Néng
> fǒu rùxuǎn cǐ cì huódòng shì yóu nǐmen juédìng háishì gǔgē
> juédìng? 3. Rúguǒ shì xuǎnzé nǐmen tígōng de tímù, nàme dǎoshī
> xuǎnzé xuéshēng de biāozhǔn shì shénme? 4. Jiē xiàlái de shíjiān lǐ
> wǒmen shì bùshì yīnggāi zhíjiē qù liánxì xiāngyìng de dǎoshī?
> 
> Zài wǒ fā zhè fēng yóujiàn zhīqián, wǒ cháguò hěnduō xiāngguān de
> zīliào, shènzhì gěi wǒ tígōngle xiě xìn gěi nǐmen de móbǎn. Dànshì
> wǒ shì yīgè bǐjiào zhíjiē, zhíshuài de rén, suǒyǐ wǒ cái zhírù
> zhǔtí. Wǒ xiāngxìn wǒ de wèntí shì suǒyǒu cānyù de xuéshēng zuì
> gēnběn yěshì zuì xiǎng yào zhīdào dá'àn de.
> 
> Dāng wǒ shōu dào nǐmen de huíxìn hòu wǒ huì lìkè ànzhào xiàng yīng
> de dá'àn lái yāoqiú zìjǐ, zuò hǎo zhǔnbèi. Wǒ láizì zhōngguó, suǒyǐ
> hé měiguó (dà bùfèn zǔzhī yīnggāi dōu shì měiguó de) yǒu shíchā,
> kěnéng huì wúfǎ jíshǐ huífù, zhè yěshì wǒ xǐhuan yòng yóuxiāng ér
> bù xǐhuan yòng IRC de yuányīn (shìshí shàng zuì zhòngyào de shì 
> wǒmen xuéxiào 23.00 Zhīhòu tíng wǎng)
> 
> rú yǒu dǎrǎo, hái wàng jiànliàng. Xīwàng nǐmen nénggòu jǐnkuài
> huífù wǒ, xièxiè. Hello yeah, I'm Yale. I'm sorry to send you this
> email now. Before the friends have told me to participate in the
> GSOC biggest gain is to understand the meaning of open source. I
> have been using the open source project, only to ask, do not know
> the contribution. Now, with the help of GSOC, I hope I will be able
> to participate in open source through GSOC, and I will continue to
> contribute to the open source community even after the end of the
> GSOC.
> 

Hi Yale,

Thanks for your interest in Qubes for GSoC 2017! If you haven't
already, please read our GSoC page, which includes an overview of the
process and the steps that you should take, starting right now:

https://www.qubes-os.org/gsoc/

> Because the deadline has been very close, so I directly cut into
> the title is good.

The student application deadline isn't until April 3, so you still
have some time:

https://developers.google.com/open-source/gsoc/timeline

> What is some of my doubts:
> 
> 1. Are you listing the project is not said by the mentor to provide
> a general approach and then we go to achieve, or let us to achieve
> their own. If it is their own proposal that they need to contact
> the potential mentor to discuss the feasibility of such things?

If a project idea on our list doesn't have a mentor, it's because we
haven't been able to find anyone who is willing to be a mentor for it
yet. You should still feel free to express interest in this project
(which might encourage someone to be a mentor for it!).

> 2. Can you choose this event by your decision or Google?

Project decisions are left up to each mentor organization.

> 3. If you choose to provide the subject, then the mentor to choose
> what is the standard?

The mentor, in conjunction with Qubes, will evaluate each student's code.

> 4. The next time we should not go directly to the corresponding
> mentor?
> 

It's perfectly fine -- and encouraged -- to communicate directly with
your (potential) mentor. Please don't hesitate to do so.

> Before I made this e-mail, I checked a lot of relevant information,
> and even gave me a letter to write to your template. But I am a
> relatively straightforward, straightforward person, so I went
> straight into the subject. I believe that my question is that all
> the students who participate in the most fundamental and most want
> to know the answer.
> 
> When I receive your reply I will immediately follow the appropriate
> answer to ask yourself, ready. I am from China, so and the United
> States (most organizations should all be in the United States) have
> the time difference, may not even reply, which is why I like to use
> the mailbox and do not like to use IRC (in fact the most important
> thing is our school after 23.00 Stop network)
> 
> If disturbed, but also forgive me I hope you can reply to me as
> soon as possible. Thank you.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

Re: [qubes-users] Can I change from firefox to opera in the disposible vm?

[elsiebuck105]

On Wednesday, March 8, 2017 at 2:29:55 PM UTC-5, Unman wrote:...
> Of course you can - there are instructions here on custonmizing the
> diposableVMTemplate:
> www.qubes-os.org/doc/dispvm-customization/

Did that... I can use the terminal to get to Opera, but that's not actually 
what I wanted... 

> and if you look in the mailing list archive just a few weeks ago, you'll
> find a thread on managing shortcuts in DispVM - that seems to cover
> exactly what you need.

I'm looking for it... Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/767e6bc6-f7ee-4f6f-98d6-a47e6b466811%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes Canary #11

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes community,

We have just published Qubes Canary #11. The text of this canary is
reproduced below. This canary and its accompanying signatures will always be
available in the Qubes Security Pack (qubes-secpack).

View Canary #11 in the qubes-secpack:

https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-011-2017.txt

Learn about the qubes-secpack, including how to obtain, verify, and read it:

https://www.qubes-os.org/doc/security-pack/

View all past canaries:

https://www.qubes-os.org/doc/canaries/


```
---===[ Qubes Canary #11 ]===---


Statements
- ---

The Qubes core developers who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is March  7, 2017.

2. There have been 28 Qubes Security Bulletins published so far.

3. The Qubes Master Signing Key fingerprint is:

427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).

5. We plan to publish the next of these canary statements in the first
two weeks of June 2017. Special note should be taken if no new canary
is published by that time or if the list of statements changes without
plausible explanation.

Special announcements
- --

None.

Disclaimers and notes
- --

We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently
compromised.  This means that we assume NO trust in any of the servers
or services which host or provide any Qubes-related data, in
particular, software updates, source code repositories, and Qubes ISO
downloads.

This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other
means, like blackmail or compromising the signers' laptops, to coerce
us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to demonstrate
that this canary could not have been created prior to the date stated.
It shows that a series of canaries was not created in advance.

This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to
anybody. None of the signers should be ever held legally responsible
for any of the statements made here.

Proof of freshness
- ---

$ date -R -u
Tue, 07 Mar 2017 12:33:12 +

$ feedstail -1 -n5 -f '{title}' -u 
https://www.spiegel.de/international/index.rss
Democracy in Europe: EU Commissioner Pushes for Hard Line on Poland
Security Holes: German Parties and Ministries Vulnerable To Hacking Attacks
Let's End the Submission: Refugee Crisis Prevents Honest Dealings with Turkey
The Dutch Donald: Geert Wilders Rides Populism Wave
Doping Investigation: Suspicions Surround Elite Nike Running Team

$ feedstail -1 -n5 -f '{title}' -u 
http://rss.nytimes.com/services/xml/rss/nyt/World.xml
Turkish Referendum Has Country Trading Barbs With Germany Over Free Speech
New Travel Ban Garners Same Verdict in Middle East: A Slap at Muslims
North Korea Launch Could Be Test of New Attack Strategy, Japan Analysts Say
British Woman’s Revolt Against High Heels Becomes a Cause in Parliament
The Best Country in the World? Survey Says It’s Switzerland

$ feedstail -1 -n5 -f '{title}' -u http://feeds.bbci.co.uk/news/world/rss.xml
Kim Jong-nam death: Malaysia and N Korea in tit-for-tat exit bans
Mosul battle: Troops retake main government office
EU leaders embrace multi-speed Europe amid tensions
Tignes avalanche: All skiers reported safe after resort struck by avalanche
Thaad: US begins deploying missile defence system in South Korea

$ feedstail -1 -n5 -f '{title}' -u http://feeds.reuters.com/reuters/worldnews
North Korea bars Malaysians from leaving as murder row boils
Trump signs revised travel ban in bid to overcome legal challenges
U.S. starts deploying anti-missile system in South Korea after defiant North's 
latest test
Iraqi forces recapture Mosul government buildings, museum
U.S.-backed Syrian militias will close in on Raqqa: spokesman


Footnotes
- --

[1] This file should be signed in two ways: (1) via detached PGP
signatures by each of the signers, distributed together with this
canary in the qubes-secpack.git repo, and (2) via digital signatures
on the corresponding qubes-secpack.git repo tags. [2]

[2] Don't just trust the contents of this file blindly! Verify the
digital signatures!
```

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYwHM+AAoJENtN07w5UDAwrxoP/2snZ2KizRM3SMQSSax5l+KC
8xMKt0Vp3pwd6zKnSYX7MUg2EVcejEzEYnwqejhLzLFmILec+cgYV3XiADdoEmrw

Re: [qubes-users] Re: Attaching a single USB device to a qube (USB passthrough)

[Franz]

On Mon, Mar 6, 2017 at 1:18 PM, Franz <169...@gmail.com> wrote:

>
>
> On Sun, Mar 5, 2017 at 11:39 PM, Andrew David Wong 
> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 2017-03-05 17:56, Franz wrote:
>> > On Sun, Mar 5, 2017 at 10:39 PM, Andrew David Wong
>> >  wrote:
>> >
>> >> On 2017-03-05 14:18, Franz wrote:
>> >>> On Sun, Mar 5, 2017 at 5:11 PM,  wrote:
>>  [...] did it work with it plugged in at boot?
>> 
>> >>> did not try that wondering if it may be a security risk
>> >>
>> >> Yes, leaving USB devices plugged in during boot can be a risk,
>> >> since Qubes can't isolate USB controllers during early stages of
>> >> the boot process. IIRC, Joanna's recommendation is to unplug all
>> >> USB devices before (re)booting.
>> >>
>> >>
>> > So, leaving that aside, the only remaining option would be to look
>> > into some log or similar information source to try to find out why
>> > the scanner appears in sys-usb, but not in dom0 qvm-usb. Any idea
>> > where to look?
>> >
>>
>> Sorry, no idea.
>>
>> P.S. - Franz, would you mind excluding extraneous quoted material from
>> your replies? In particular, please exclude PGP signatures and generic
>> Google Groups information included as a signature.
>>
>> https://www.qubes-os.org/mailing-lists/#discussion-list-guidelines
>>
>>
> To go along I tried to use the USB controller that was assigned to
> assignedVM, that worked in the past. But now I am unable to start the
> assignedVM. The log tells:
> Icon size: 128x128
> invalid PMaxSize for 0x3600015 (32767/32767)
> invalid PMaxSize for 0x3600015 (32767/32767)
> invalid PMaxSize for 0x360002b (533/32767)
> invalid PMaxSize for 0x360002b (533/32767)
> invalid PMaxSize for 0x360002b (533/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600035 (32767/32767)
> invalid PMaxSize for 0x3600040 (32767/32767)
> invalid PMaxSize for 0x360002b (533/32767)
> invalid PMaxSize for 0x360002b (533/32767)
> libvchan_is_eof
> Icon size: 128x128
> domain dead
> Failed to connect to gui-agent
>
>
I do not know if ti was the last dom0 update or another reboot, but the
assignment now works, while the  "attaching a single USB device" yet not.
Best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAr6_bzCmL6pL%3D2GjYi_8hfjVJkj3JFoBSP2vWRgBUuXQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can I change from firefox to opera in the disposible vm?

[Unman]

On Wed, Mar 08, 2017 at 08:39:46AM -0800, elsiebuck...@gmail.com wrote:
> Can I change from Firefox to opera in the disposable vm? How can I add more 
> shortcuts to the disposable menu?
> 
Of course you can - there are instructions here on custonmizing the
diposableVMTemplate:
www.qubes-os.org/doc/dispvm-customization/

and if you look in the mailing list archive just a few weeks ago, you'll
find a thread on managing shortcuts in DispVM - that seems to cover
exactly what you need.

If you have any problems let us know

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308192952.GB4352%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-net internet stops after a few minutes

[Connor Page]

you can create a debian-based sys-net and assign network cards to that. hope 
you can get Qubes working for you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f939573-976d-48c8-9c48-927c1c4fd764%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New User...Install won't setup and Run from SSD

[sm8ax1]

William Fisher:
> Hi,
> 
> My name is William Fisher, and I built a desktop specifically for Qubes Os.
> I have one Samsung M.2 NVMe SSD and one 1TB disk drive. After I install
> Qubes to the SSD and reboot, it does not recognize the SSD as a bootable
> device. Using the same install procedures on the HDD, everything works
> fine. When using Qubes from the HDD to access the SSD, the BOOT file is
> empty, so there are no files to rename as you've directed in the UEFI
> troubleshooting. Also, I cannot access the /BOOT/EFI/ file on my HDD, it
> says I don't have the required permissions. On install, I set up a password
> for the root user, but cannot act as the root user, even through terminal.
> There is no prompt for a password.
> 
> Also, I've tried to use a 4K monitor with Qubes, but the max resolution
> option is 1080p. I understand that there is a way to create custom
> resolution options through terminal using xrandr, but have tried and it
> failed when using addmode eDPI 2560x1600 (I was trying this resolution
> first as someone in an email string did this successfully).
> 
> Any help would be greatly appreciated, especially the the boot issues. I
> would prefer not booting Qubes off my HDD when I got an M.2 SSD
> specifically for Qubes.
> 
> Thank you,
> William fisher
> 

First, make sure your motherboard (UEFI) even supports booting from a
PCIe device. I don't have any PCIe SSDs so I don't know if it's common
for UEFI implementations to support booting from PCIe or not, and you
didn't mention what motherboard you have. Just covering all bases.

I'm just sort of guessing here, but try copying the /boot/efi directory
from the HDD to the SSD, then see if it'll boot from the SSD. You'll
have to mount the SSD's EFI boot partition somewhere first of course. If
it still won't boot from the SSD, try renaming the files as described in
the UEFI troubleshooting page.

You say it won't prompt for the root password. What output do you get
from the sudo command? If you can't get that to work, boot into the
Qubes installation media and use Ctrl+Alt+2 to switch to tty2 which
should have a root(able) shell on it.

If all else fails, try unplugging the HDD and reinstall Qubes, and if it
successfully boots, plug the HDD back in. It's unlikely but possible
that either the installer or the UEFI got confused about which device to
boot from. This is a shot in the dark, probably won't work, will take
some time, and will wear the SSD a little so use it as a last resort.

As for the xrandr issue, you might want to start a new thread with an
appropriate title if no one replies to it here.

-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f89e9fa0-2975-b77c-8250-cee2cac01bf3%40vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 - Walk The Talk

[Wojtek Porczyk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Mar 08, 2017 at 11:18:51AM -0500, 'Sudoyum' via qubes-users wrote:
> First of all I would like to congratulate the Qubes team and their very
> pro-active User community on creating their highly regarded Qubes OS.
> 
> As an IT professional working for a large multi-national, I have been
> following, closely, the development of Qubes for some time, with the
> ultimate intent of perhaps rolling out Qubes on an experimental basis within
> our IT Department.
> 
> As you'd expect, when we consider entering into a partnering relationships,
> our primary considerations after costs are reliability and integrity - it is
> imperative that all our partners "walk the talk". In other words, if new
> software is planned to be released on a forthcoming date, that date must be
> met. If problems exist they need to be discussed in an open and honest way
> and if necessary revised dates agreed.
> 
> I hope this short note explains what most professional Clients demand of
> their Suppliers. Keep up the good work and do your best to give us
> a reliable release date for Qubes 4.

As an IT professional working for a large multi-national, you are very much
welcome to send inquiries about any offered partnership (which would include
agreement about deliverables and their deadlines) to bussin...@qubes-os.org.
This way your enterprise needs will get proper attention. Until then, we work
on "when it will be ready" schedule, in cooperation with our open and
sometimes very honest community.


- -- 
pozdrawiam / best regards   _.-._
Wojtek Porczyk   .-^'   '^-.
Invisible Things Lab |'-.-^-.-'|
 |  |   |  |
 I do not fear computers,|  '-.-'  |
 I fear lack of them.'-._ :  ,-'
-- Isaac Asimov `^-^-_>
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYwDU0AAoJEL9r2TIQOiNRWw0P/13R4igDcmGLefXcQMeyhKZA
3YcfnXsNBeis2qI2RTbHgf4Sefmlm4uPysw8/zWD/4UGjYrgRsdk+RRDIG0rMGG0
YRMldMVh+BOVF5oRd526/+psbZLwxBWF8qghrX/m+COAuaPHb+NEZfSuNG3HWJSE
GtnW7jupNEoyDS1XxIh0L6zbNNpwI4k7JPySi4TpNrNg/KDwpjz4oopQYkQtumLA
LVehvvt57E0GbRZjFHyUTL+v/K/KjYrwy/9bbJJiltu+kvnnFoKohyAL6yDA5DlI
dzA2+1f4hT2zzJZahc+ZUZ3DRxXuXIqrnEkavPd4gc3+j3MB0BKq+zBCURAuVqIT
iNWET4Z8eq1cTbOarEYZozEKrBwuFg0LdHNC/GSqesTSp8qjBjjE+opNClPZwmZE
4iANkoIpYz7Wby3lio7pZs17GKc42QyivTpWboHf9MByw6aECnYsMFGqJ/ye6E8L
jiiBj3Ca8RH6xa3SdkX6dliiUWZrUfj+KIyDDSTuAnGcQVbVpGKlaz+LLnHtVT8Y
e+w6oXqE7ut3tcegjhpnTeoPH74O+8Y+kA7MCmxonXtFayHYRSV21NPQ29viBcZW
CAatoEFDyaN8hDvusySLcmS8dHzICEGVBEoLzzMAtGaRu9trer9phc6r+wwPtqSp
WVMpB4NFWzwV3ML5nqS+
=RJtW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308164541.GL29493%40invisiblethingslab.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Sony SVF15A1C5E

[r . florio]

I didn't know that `qubes-hcl-report` is a bash shell script. I've just 
saw how VT-d support is recognized. Probably there is a problem with `xl 
info`. It prints actually that this laptop supports VT-d.

It's strange..

However I attached support files. I hope that we can resolve this 
'mistery'.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74e07ff53c15257cbbad0d2789388c79%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Sony_Corporation-SVF15A1C5E-20170308-172210.cpio.gz
Description: GNU Zip compressed data

[qubes-users] Can I change from firefox to opera in the disposible vm?

[elsiebuck105]

Can I change from Firefox to opera in the disposable vm? How can I add more 
shortcuts to the disposable menu?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd3605c6-2d8d-42fc-b4d3-781fef0f40e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4 - Walk The Talk

['Sudoyum' via qubes-users]

First of all I would like to congratulate the Qubes team and their very 
pro-active User community on creating their highly regarded Qubes OS.

As an IT professional working for a large multi-national, I have been 
following, closely, the development of Qubes for some time, with the ultimate 
intent of perhaps rolling out Qubes on an experimental basis within our IT 
Department.

As you'd expect, when we consider entering into a partnering relationships, our 
primary considerations after costs are reliability and integrity - it is 
imperative that all our partners "walk the talk". In other words, if new 
software is planned to be released on a forthcoming date, that date must be 
met. If problems exist they need to be discussed in an open and honest way and 
if necessary revised dates agreed.

I hope this short note explains what most professional Clients demand of their 
Suppliers.
Keep up the good work and do your best to give us a reliable release date for 
Qubes 4.
Kind Regards


Sent from [ProtonMail](https://protonmail.ch), encrypted email based in 
Switzerland.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7brYZZFbBenBnbeahl2HWVSnL6C6h11TcoW6jOr2E-2YSNmrT2Rmi9PPAQS99FRidCtWYfq6gjkjUgWvmV7KmzzsOS3JyjbM5ZwaAx-HMW8%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] GSoc Student Applying

[taii...@gmx.com]

Hello and welcome.
You would probably be better off emailing the community liaison.
Andrew David Wong 

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a54f9b8-0094-074e-7b31-8cf613dd5f3a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: HCL - Sony SVF15A1C5E

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/08/2017 04:14 PM, r.flo...@openmailbox.org wrote:
> I opened the laptop. I can confirm that it's a SLJ8E BD82HM76 PCH. 
> So the motherboard does not support VT-d. So how both hcl and xen 
> confirm that this laptop supports IOMMU?

the HCL script is pretty easy to read. You can check how it is decide
vt-d support.

it is actually relaying on xen, and parsing the output of these commands
:
xl info
xl dmesd

If you believe it is a false report, send us the support files as well
for further investigation.


- -- 
Zrubi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYwCcTAAoJEH7adOMCkunm+QYP+waxhkIp753P6Kf3ksqXcCwu
eBCeIz2qUH35Xfqxo5R1+vgh9KAs0zQxdGmX8E3w1gH21Bd96reLt+8zxxmk1CRn
/gqxhzeOrMr7wmGt1Tqot+FLf3r22720RGe4kauBv9r3aCwgekEBdn9Ea/CTCUu+
xCdmeYrzgu1pNYej6SGywWSgR/ZTPxMQZ8rHsteZaKU3eTgxmKal6fgIx8qhNJ8j
rgaK7bX/b86FwhT+OzzC6Gu5Qp4aSP8qqJ2i456HhYTQfGaM/9ITgZ7k+95qAwWV
0pxihvdJ5L6hXOazak4nvHEjOeb4I1UPiic1My6rZuv5BYJie5Fnvh/OkskUJlMt
eS8Glf7KUayMjFKfMzwf5y7iuQTrj7KI6MAvFnni10COBb7kqSVgnfp5sA0aSZ3u
AFepCU3Ah6o1dCEsMNQaQG0pkckYMZ94PCj1dztQXIpwkrUY7zDmIEzlQCcvT9Xm
gTkJ210QKGFfSptR/XoNsoImk+b6fiXwIY4i7FBfx3OyMoV2EZi1LbtpQKx2iSX4
aY7cLEW27GKJOIMsxG/YPGMVsLtcvhOeyNSI85RSDZ6dJxp9kac7o8UwBW2xmZp4
51UKUQhEudBcYWHbtHoCZvPk8PvsrbFkk42tQ/EoaQ3IZjLO2vdiHTFlPpoAKsM1
JTLoDUw3xJNt8EMppO/H
=63CG
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/36fbe1d7-e7c9-fdef-a8fe-35c8e4edf648%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] GSoc Student Applying

[Neil Yale]

597/5000
Nǐmen hǎo, wǒ shì Yale. Hěn bàoqiàn xiànzài cái gěi nǐmen fāchū zhè fēng
yóujiàn. Zhīqián cānjiāguò de péngyǒu gàosu wǒ, cānjiā GSOC zuìdà de
shōuhuò jiùshì míngbáile kāiyuán de yìyì. Yīzhí yǐlái wǒ yīzhí yòngzhe
kāiyuán de xiàngmù, zhǐ zhī suǒqǔ, bù zhīdào gòngxiàn. Xiànzài, yǒule GSOC
de huódòng de tuīdòng xià, wǒ xīwàng zìjǐ nénggòu tōngguò GSOC zhèngshì
cānyù kāiyuán, jíshǐ zài GSOC jiéshù zhīhòu yě néng jìxù wéi kāiyuán shèqū
zuò chū zìjǐ de gòngxiàn.

Yóuyú jùlí jiézhǐ rìqí yǐjīng hěn jìnle, suǒyǐ wǒ jiù zhíjiē qiērù zhèngtí
hǎole. Yīxià shì wǒ de yīxiē yíhuò:

1. Nǐmen liè chūlái de xiàngmù shì bùshì shuō yóu dǎoshī tígōng dàtǐ de
fāngfǎ ránhòu wǒmen qù shíxiàn, háishì shuō ràng wǒmen zìjǐ qù shíxiàn.
Rúguǒ shì zìjǐ de proposal nà jiù xūyào zìjǐ qù liánxì qiánzài de dǎoshī
tǎolùn kěxíng xìng zhī lèi de shìqíng?
2. Néng fǒu rùxuǎn cǐ cì huódòng shì yóu nǐmen juédìng háishì gǔgē juédìng?
3. Rúguǒ shì xuǎnzé nǐmen tígōng de tímù, nàme dǎoshī xuǎnzé xuéshēng de
biāozhǔn shì shénme?
4. Jiē xiàlái de shíjiān lǐ wǒmen shì bùshì yīnggāi zhíjiē qù liánxì
xiāngyìng de dǎoshī?

Zài wǒ fā zhè fēng yóujiàn zhīqián, wǒ cháguò hěnduō xiāngguān de zīliào,
shènzhì gěi wǒ tígōngle xiě xìn gěi nǐmen de móbǎn. Dànshì wǒ shì yīgè
bǐjiào zhíjiē, zhíshuài de rén, suǒyǐ wǒ cái zhírù zhǔtí. Wǒ xiāngxìn wǒ de
wèntí shì suǒyǒu cānyù de xuéshēng zuì gēnběn yěshì zuì xiǎng yào zhīdào
dá'àn de.

Dāng wǒ shōu dào nǐmen de huíxìn hòu wǒ huì lìkè ànzhào xiàng yīng de dá'àn
lái yāoqiú zìjǐ, zuò hǎo zhǔnbèi.
Wǒ láizì zhōngguó, suǒyǐ hé měiguó (dà bùfèn zǔzhī yīnggāi dōu shì měiguó
de) yǒu shíchā, kěnéng huì wúfǎ jíshǐ huífù, zhè yěshì wǒ xǐhuan yòng
yóuxiāng ér bù xǐhuan yòng IRC de yuányīn (shìshí shàng zuì zhòngyào de shì
wǒmen xuéxiào 23.00 Zhīhòu tíng wǎng)

rú yǒu dǎrǎo, hái wàng jiànliàng.
Xīwàng nǐmen nénggòu jǐnkuài huífù wǒ, xièxiè.
Hello yeah, I'm Yale. I'm sorry to send you this email now. Before the
friends have told me to participate in the GSOC biggest gain is to
understand the meaning of open source. I have been using the open source
project, only to ask, do not know the contribution. Now, with the help of
GSOC, I hope I will be able to participate in open source through GSOC, and
I will continue to contribute to the open source community even after the
end of the GSOC.

Because the deadline has been very close, so I directly cut into the title
is good. What is some of my doubts:

1. Are you listing the project is not said by the mentor to provide a
general approach and then we go to achieve, or let us to achieve their own. If
it is their own proposal that they need to contact the potential mentor to
discuss the feasibility of such things?
2. Can you choose this event by your decision or Google?
3. If you choose to provide the subject, then the mentor to choose what is
the standard?
4. The next time we should not go directly to the corresponding mentor?

Before I made this e-mail, I checked a lot of relevant information, and
even gave me a letter to write to your template. But I am a relatively
straightforward, straightforward person, so I went straight into the
subject. I believe that my question is that all the students who
participate in the most fundamental and most want to know the answer.

When I receive your reply I will immediately follow the appropriate answer
to ask yourself, ready.
I am from China, so and the United States (most organizations should all be
in the United States) have the time difference, may not even reply, which
is why I like to use the mailbox and do not like to use IRC (in fact the
most important thing is our school after 23.00 Stop network)

If disturbed, but also forgive me
I hope you can reply to me as soon as possible. Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANyQ8gS2ZBPv-Gpu3wD1BsQzv_6vJvrYVi4VkkX_h8tuckFxGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] postfix

[Ted Brenner]

On Wed, Mar 8, 2017 at 9:15 AM, Unman  wrote:

> On Tue, Mar 07, 2017 at 09:56:02PM -0600, Ted Brenner wrote:
> > Hi all,
> >
> > I'm trying to setup postfix following this guide
> > . But I'm not able to get a few
> > things to work.
> >
> > First, the commands I added to /rw/config/rc.local don't seem to run.
> > Namely, it doesn't appear to be mounting the /usr/local/etc/postfix
> > directory in /etc/postfix. Also postfix doesn't appear to be running on
> > startup. How do we tell if that gets run correctly?
> >
> > Thanks!
> > Ted
> >
>
> Other have pointed out that you need to set the executable bit on
> rc.local.
> You might want to cnsider instead the use of bind-dirs :
> www.qubes-os.org/doc/bind-dirs which provides similar functionality.
>

Thanks all. Yes, this was the issue. Still can't get postfix to work but
that now appears to be due to missing the aliases.db.

Is there a reason rc.local isn't executable by default?

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutz_OATtBjvPpbgOrcF0M8FxfR-_P5MH740tO7UTYkY24Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-net internet stops after a few minutes

[Chris Willard]

Hello Qubes-users,

I  have  installed  Qubes  and had no problems but the internet access
only works for a few minutes.

If  I  open  a  terminal  in  sys-net and start a ping (to 4.2.2.1 for
example)  it  stops working after a while and then the only way to get
it back it to reboot.

I  know  the hardware is fine as I have installed Debian on it and had
no problems apart from I had to put the firmware for the network cards
(firmware-bnx2_0.43_all.deb) on the installation media.

I am installing on a Dell PowerEdge T710 with 32GB RAM.

Any   help with this would be appreciated as I would love to use Qubes
but it looks like I will have to use Debian instead.

-- 
Best regards,
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/MTAwMDAzNS5hbmF0b21pYw.1488987158%40quikprotect.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] postfix

[Unman]

On Tue, Mar 07, 2017 at 09:56:02PM -0600, Ted Brenner wrote:
> Hi all,
> 
> I'm trying to setup postfix following this guide
> . But I'm not able to get a few
> things to work.
> 
> First, the commands I added to /rw/config/rc.local don't seem to run.
> Namely, it doesn't appear to be mounting the /usr/local/etc/postfix
> directory in /etc/postfix. Also postfix doesn't appear to be running on
> startup. How do we tell if that gets run correctly?
> 
> Thanks!
> Ted
> 

Other have pointed out that you need to set the executable bit on
rc.local.
You might want to cnsider instead the use of bind-dirs :
www.qubes-os.org/doc/bind-dirs which provides similar functionality.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308151532.GC2649%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Sony SVF15A1C5E

[r . florio]

I opened the laptop. I can confirm that it's a SLJ8E BD82HM76 PCH. So 
the motherboard does not support VT-d.

So how both hcl and xen confirm that this laptop supports IOMMU?

On 2017-03-08 12:20, r.flo...@openmailbox.org wrote:

I tested if this laptop supports VT-d both with `qubes-hcl-report` and
`xl dmesg`. Furthermore BIOS supports Intel VT.
However I cannot determine what is the PCH of this laptop. I think
that it's a HM76 chipset but, from its ark page, it does not support
VT-d. How can I determine it correctly?
I also attached lspci's output.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d47cbdaea41745671ebc59e742b54a7%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SystemD sucks - qubes shouldn't use it

[Unman]

On Wed, Mar 08, 2017 at 08:50:59AM -0500, taii...@gmx.com wrote:
> I realize that it is an integral part of fedora and debian (gross), but it
> is a serious security hole and qubes should consider migrating away from it
> by maybe choosing another orgin distro.
> http://without-systemd.org/wiki/index.php/Arguments_against_systemd
> 
> https://muchweb.me/systemd-nsa-attempt
> "The Linux kernel, I believe, is clean. As long as Linus lives, you're not
> going to subvert the kernel. Let's just assume that is true for the sake of
> argument. If you can't get into the kernel, what is your next option? You
> need something low level (PID 1?), ubiquitous, and vast in scope and
> complexity.
> 
> This describes systemd perfectly. It was almost like it was designed to
> touch as much of a Linux system as possible. It has hooks into some many
> different subsystems and APIs that it's almost impossible to build a modern
> distro with current software without pulling in systemd as a dependency.
> This happened almost overnight, and I think there are malicious forces at
> work here."
> 
> Assuming that it is the NSA is unimaginative, it could be literally be any
> combination of interests that are doing this - who wouldn't desire absolute
> control and absolute power over 99% of linux systems?
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
> I am tired of the "virtualization will protect you!" excuse, it only goes so
> far and some systemD issues such as using google DNS by default are simply
> inexcusable from a qubes perspective (designed to be a secure OS, but
> phoning home like that without asking isn't secure at all)
> 
> Linux is about choice, but now the incompetent lennart and red hat are
> choosing for you - they are more qualified to make that decision and are
> doing it for your own good.

Frankly, the use of systemd in dom0 doesn't strike me as a huge
problem. I'd like you to explain why you think it is.

There's been some discussion on this in the past. Qubes has some
dependency on systemd, but there is code for sysvinit alternatives,
which you should be able to work with.
Where there isn't an existing alternative you should be able to find one
fairly readily.

Linux IS about choice - if you want to exercise your choice to use Qubes
without systemd then you should start work and provide PRs. They would be
accepted and many people would thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308151010.GB2649%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Prevent user@dom0 to create or remove template

[Unman]

On Wed, Mar 08, 2017 at 05:48:57AM -0800, mdasilvape...@gmail.com wrote:
> Hello,
> 
> I would create few template of VM for forensic, personal, 
> Once I have create this template, I wouldn't the user@dom0 will can create or 
> remove other vm. The only vm of the user can create or remove is based on a 
> vm template created before.
> I want the root user is the only user to create different vm.
> 
> thanks you for your help, max
> 

Hello max,

The default Qubes setup doesn't differentiate between user and root -
for a rationale look here:
www.qubes-os.org/doc/vm-sudo

Also, Qubes isn't a multi-user OS.

So what you are asking for requires substantial changes to the default
Qubes set-up.
You will find instructions on that page on disabling password-less sudo.
This would be a first step.
Then you would need to change permissions on the qubes/templates and
make sure that your new user had at least read access to the templates
and no access to the Qubes dom0 tools.

None of the attendant problems are insurmountable, and there are some
users who have claimed to be able to  get a multi-user system working.
But it isn't imo a genuine multi-user system and has a pretty thin veneer
of added security.

Try it by all means - you'll hit permissions problems for sure, and you
should be able to work around them.

If all you want to do is create a simple Qubes where users aren't likely
to break things, it's much easier to do this.
First stop manager from starting.
Create a custom menu with only a few qubes and few shortcuts.
Remove all the template menus and system menus.
Change the "desktop menu" to restrict options available to those same
qubes and shortcuts.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308145624.GA2649%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SystemD sucks - qubes shouldn't use it

[Frank]

> On 8 Mar 2017, at 14:50, taii...@gmx.com Taiidan-at-gmx.com 
> |qubes-mailing-list/Example Allow|  wrote:
> 
> I realize that it is an integral part of fedora and debian (gross), but it is 
> a serious security hole and qubes should consider migrating away from it by 
> maybe choosing another orgin distro.
> http://without-systemd.org/wiki/index.php/Arguments_against_systemd
> 
> https://muchweb.me/systemd-nsa-attempt
> "The Linux kernel, I believe, is clean. As long as Linus lives, you're not 
> going to subvert the kernel. Let's just assume that is true for the sake of 
> argument. If you can't get into the kernel, what is your next option? You 
> need something low level (PID 1?), ubiquitous, and vast in scope and 
> complexity.
> 
> This describes systemd perfectly. It was almost like it was designed to touch 
> as much of a Linux system as possible. It has hooks into some many different 
> subsystems and APIs that it's almost impossible to build a modern distro with 
> current software without pulling in systemd as a dependency. This happened 
> almost overnight, and I think there are malicious forces at work here."
> 
> Assuming that it is the NSA is unimaginative, it could be literally be any 
> combination of interests that are doing this - who wouldn't desire absolute 
> control and absolute power over 99% of linux systems?
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
> I am tired of the "virtualization will protect you!" excuse, it only goes so 
> far and some systemD issues such as using google DNS by default

And how is it supposed to do this in dom0 without ANY network connection?

Nobody is forcing you to use Qubes and frankly, if it is good enough for the 
Qubes team, I am not the one to tell Joanna something about security... Are you?

Cheers, Frank

> are simply inexcusable from a qubes perspective (designed to be a secure OS, 
> but phoning home like that without asking isn't secure at all)
> 
> Linux is about choice, but now the incompetent lennart and red hat are 
> choosing for you - they are more qualified to make that decision and are 
> doing it for your own good.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/7acfa3f6-d9ae-a5f8-87c4-998b28f574fc%40gmx.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7734-1488982678-787612%40sneakemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [R2B2] Unable to choose sound source (mic)

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

peter.palen...@gmail.com:
> On Saturday, October 12, 2013 at 3:51:51 AM UTC+2, Marek Marczykowski-Górecki 
> wrote:
> > On 12.10.2013 03:22, Franz wrote:
> > > I would like to launch skype with a .sh file from dom0 but I am not able 
> > > to
> > > find the command to attach the microphone to the AppVM. Is there such a
> > > command?
> > 
> > This is doable with dbus-send. Don't remember details, but sth like this:
> > dbus-send --session --dest=org.QubesOS.Audio. --type=method_call
> > /org/qubesos/audio/ org.freedesktop.DBus.Property.Set
> > string:org.QubesOS.Audio string:RecAllowed variant:boolean:true
> 
> I tried that, but it did not work. Can you check for a typo or so?

The object path is "/org/qubesos/audio", not "/org/qubesos/audio/".

https://github.com/rustybird/qubes-stuff/blob/master/dom0/bin/qvm-microphone

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYwA64XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf5iMP/3379CaVlv/kgdiHYulTP1eV
tNZaXPHdPCfTn/6XAx43KvDRAJ/QWzAHnhnV6ZfHYWRjWZo9/olwGdUrq9615E0f
sQkde1JJCCgY+pgS3CpUGsBFz0tahpxXdAOZdA/zXtoDXGe7yCKK17qLepHMwgMS
CDN/MpboRd2PfGdv12p3+7f8vVCm+52VGbLc7VyVpyLkYFnKNzK4ubehwgfRRThn
e0SHHTNO7rZFJmrmhGLgPZiA9vJWFl/ztj06/hGhEz0CawGtKKcz9vhghg50tuV3
pIcRHyBon8WKW6r3+wZLc9dP+TvWLGJlGxfQZ6IgZdyC2jw4LfaBtXyp6xS5q5XA
g4gQ4FT4DWtQrSVdLTjbNUj1gdCRAddiZvzNsImssq4RH16oSVgSVwm3SGSIrtR0
/oXpMObhamX3i+jlE8KRyv3KYAMK6OPH6NSgSIKMFZ42mvIaG7ex0j+t3ApcE+x1
fTqNB/ndR3M/8lSVxgXKujRtFk+qztr+VkID2S+ci2ripKgP6ms3OqcL8mZqIfHs
ru4po2Aeahe1xMBRN5g8pfTD0MLcRqsEtnCzZ80FmvOu5E7Sc29woxYb/yWETNSC
+iOqOcWrH94rpp1LKZHTcrt2BJUpIDODdDIHxgxYsPbiu6+jj/GMWxHP2J1Zna6l
LRD2f4i2JmK338Eh7vmx
=O/3Y
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170308140129.GA3068%40mutt.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] SystemD sucks - qubes shouldn't use it

[taii...@gmx.com]

I realize that it is an integral part of fedora and debian (gross), but 
it is a serious security hole and qubes should consider migrating away 
from it by maybe choosing another orgin distro.

http://without-systemd.org/wiki/index.php/Arguments_against_systemd

https://muchweb.me/systemd-nsa-attempt
"The Linux kernel, I believe, is clean. As long as Linus lives, you're 
not going to subvert the kernel. Let's just assume that is true for the 
sake of argument. If you can't get into the kernel, what is your next 
option? You need something low level (PID 1?), ubiquitous, and vast in 
scope and complexity.


This describes systemd perfectly. It was almost like it was designed to 
touch as much of a Linux system as possible. It has hooks into some many 
different subsystems and APIs that it's almost impossible to build a 
modern distro with current software without pulling in systemd as a 
dependency. This happened almost overnight, and I think there are 
malicious forces at work here."


Assuming that it is the NSA is unimaginative, it could be literally be 
any combination of interests that are doing this - who wouldn't desire 
absolute control and absolute power over 99% of linux systems?


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
I am tired of the "virtualization will protect you!" excuse, it only 
goes so far and some systemD issues such as using google DNS by default 
are simply inexcusable from a qubes perspective (designed to be a secure 
OS, but phoning home like that without asking isn't secure at all)


Linux is about choice, but now the incompetent lennart and red hat are 
choosing for you - they are more qualified to make that decision and are 
doing it for your own good.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7acfa3f6-d9ae-a5f8-87c4-998b28f574fc%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes i3 Tips & Tricks

[Alex]

On 03/08/2017 12:17 PM, pixel fairy wrote:
> On Tuesday, March 7, 2017 at 4:21:07 PM UTC-8, Eva Star wrote:
>> Can somebody share screenshots of i3 ? Thanks
> 
> https://sietse.no/i3-wm-in-qubes-os
> 
> only image i could find. hope someone here posts one. im curious
> too.
> 

My desktop, as of now, with a little pixelation effect here and there:
http://tinypic.com/r/296lkkn/9

A little explanation: I have 6 monitors as you can see here
http://tinypic.com/r/etd2kn/9 (here Qubes was being installed), and i3
is in tabbed mode in all of them except the rightmost bottom one.
Pre-emptive comment: yes qubes does support the Matrox C680 graphics
card I use in this setup, and without any problems. Since it's a
developer/sysadmin workstation no special gaming acceleration is needed,
but screen real estate is very much appreciated by my eyes.

In the top row you can see 3 tabs (personal-firefox, work-urxvt,
personal-keepassx): if you install i3 with qubes settings as per
official documentation you will get colored tabs; the color is the one
from the VM label. It's used also in window border, but it can't easily
be seen in tinypic (has anybody a picture sharing service to recommend
that does not scale the image? original il 3840x2048).

In the other screens you can see monodevelop running, remmina (with a
running remote desktop session to a windows 2016 server), and the Qubes
VM Manager. I hate to have it floating, so I docked it and I'm hoping
(but I know I'm not the only one) that one day we'll have it with a
"responsive" datatable layout, because that wasted area is really sad -
I'd love to be able to add columns to that table, say disk image usage
percent or network traffic, but with the current layout that would only
clutter the view.

You can see that I juxtaposed two Thunderbird instances from personal
and work in screen #6, to always have the email shitstorm situation
available at a glance. You may notice the upper rightmost screen has two
tabs; one is the VM Manager and the other is the Firefox instance with
Skype and the Slack sessions opened.

Because the Qubes VM Manager is rarley used and because the space wasted
on its window saddens me a little the active window is usually the
mentioned skype+slack firefox. I devoted the rightmost column of
monitors to "communications" (on the top one the chats, on the bottom
one the e-mails).

The leftmost column is typically used by the two main firefox instances
(personal + work) and the respective keepassx windows. The decision of
this separation has been configured in i3's config file: thunderbirds
are opened in screen #6, all windows from "chat" appVM are opened in
screen #3, all firefox windows from "work" are opened in screen #4 and
from "personal" in screen #1.

All windows are automatically configured to open in docked mode; I had
to force the floating mode for some windows:
 * [instance=":Msgcompose$" class=":Thunderbird$"]
 * [title="^Android Emulator"]
 * [class="^teamviewer:"]
 * [class=":Pidgin$"]

Yes, teamviewer has its own appVM (fedora 25 based, named "teamviewer")
and all windows from that appVM are floating because otherwise it's a
nightmare. Teamviewer for linux is a packaged teamviewer.exe+wine, so it
does not really like to have its windows stretched. I also happen to use
the Android Emulator in arm mode; it's quite slow but runs without
nested-virtualization paranoia, and given a huge amount of both RAM and
time it kinda works.

You can see the effects of floating mode in screen #1 (there's a message
composition window and no, I don't normally compose from a postmaster@,
it's for the sake of the screenshot...), in screen #2 (where I started
scrot in dom0 to take the screenshot) and in screen #3 (the pidgin
instance). Since floating windows are always on top of any docked window
I rarely use them. Note that terminals (both in dom0 and, you can't see
in the screenshot but believe me, all other appvms) have been set up
with large fonts and solarized theme to ease my eyes... xterm's default
microfont and color scheme borders on crime.

The center column of screen is general-purpose to me; I end up putting
there developer consoles, IDEs, text editors and such.

With i3 you can move the mouse at the center of any screen using the
keyboard, and focus follows the mouse; you can switch tab and move thems
with keyboard shortcuts. This takes a little to get used to, but gives
speed and predictability (no more alt-tab roulettes, nor fake focus
hints because of spurious mouse movements).

Completing the tour, I added a xrandr bash script in auto-execution in
i3's config file to make sure the screens are where I expect them to be,
and reassigned some hotkeys to move a window from one screen to another.

That's just an example of my i3 setup, since you asked for some
examples. I'd never use the tiled mode much, because I need to look at
long lines (for logs/terminals) and/or long scrolls of text (for source
code), so having to constrain either dimension 

Re: [qubes-users] Re: [R2B2] Unable to choose sound source (mic)

[peter . palensky]

On Saturday, October 12, 2013 at 3:51:51 AM UTC+2, Marek Marczykowski-Górecki 
wrote:
> On 12.10.2013 03:22, Franz wrote:
> > On Fri, Oct 11, 2013 at 11:40 AM, Axon  wrote:
> > 
> >> On 10/11/13 06:25, Индарил Шприц wrote:
>  kmix, and Phonon
> >>>
> >>> also i tried pavucontrol in Dom0 from command line, it doesn't help
> >> either.
> >>>
> >>> And I want video too, not just audio. But the command in Qubes Manager
> >> says
> >>> only about audio...
> >>>
> >>
> >> For video, you'll have to give the AppVM control of the USB controller
> >> to which the webcam is connected.
> >>
> >> For me this is not enough, before running skype, I have to use this
> > command in AppVM terminal
> > 
> > sudo chmod 666 /dev/video0*
> > Video works perfectly
> > 
> > Also regarding pavucontrol in dom0 (which is the same as System
> > Tools/Volume Control in the GUI), input devices allows to setup the
> > microphone. Default is "internal microphone" which does not work with the
> > internal microphone of Lenovo x230. It should be set to "microphone". It
> > seems strange but it works.
> > Audio works great
> > 
> > I would like to launch skype with a .sh file from dom0 but I am not able to
> > find the command to attach the microphone to the AppVM. Is there such a
> > command?
> 
> This is doable with dbus-send. Don't remember details, but sth like this:
> dbus-send --session --dest=org.QubesOS.Audio. --type=method_call
> /org/qubesos/audio/ org.freedesktop.DBus.Property.Set
> string:org.QubesOS.Audio string:RecAllowed variant:boolean:true
> 
> -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?

Dear Marek,

I tried that, but it did not work. Can you check for a typo or so?

Thanks,
Peter.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89ac9646-bdce-47b2-97e2-d2ce180cbea2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Sony SVF15A1C5E

[r . florio]

I tested if this laptop supports VT-d both with `qubes-hcl-report` and 
`xl dmesg`. Furthermore BIOS supports Intel VT.
However I cannot determine what is the PCH of this laptop. I think that 
it's a HM76 chipset but, from its ark page, it does not support VT-d. 
How can I determine it correctly?

I also attached lspci's output.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d02642d6acf3298e8eabf684acf7c43%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
brand: |
  Sony Corporation
model: |
  SVF15A1C5E
bios: |
  R0210DA
cpu: |
  Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation 3rd Gen Core processor DRAM Controller [8086:0154] (rev 09)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 
09) (prog-if 00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Intel Corporation Centrino Advanced-N 6235 (rev 24)
  Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit 
Ethernet Controller (rev 0c)
memory: |
  8073
scsi: |
  TOSHIBA MQ01ABD1 Rev: 2H  
  DVD-RAM UJ8D3Rev: 1.00

versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R3.2
  xen: |
4.6.3
  kernel: |
4.4.38-11
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

00:00.0 Host bridge [0600]: Intel Corporation 3rd Gen Core processor DRAM 
Controller [8086:0154] (rev 09)
00:02.0 VGA compatible controller [0300]: Intel Corporation 3rd Gen Core 
processor Graphics Controller [8086:0166] (rev 09)
00:14.0 USB controller [0c03]: Intel Corporation 7 Series/C210 Series Chipset 
Family USB xHCI Host Controller [8086:1e31] (rev 04)
00:16.0 Communication controller [0780]: Intel Corporation 7 Series/C216 
Chipset Family MEI Controller #1 [8086:1e3a] (rev 04)
00:1a.0 USB controller [0c03]: Intel Corporation 7 Series/C216 Chipset Family 
USB Enhanced Host Controller #2 [8086:1e2d] (rev 04)
00:1b.0 Audio device [0403]: Intel Corporation 7 Series/C216 Chipset Family 
High Definition Audio Controller [8086:1e20] (rev 04)
00:1c.0 PCI bridge [0604]: Intel Corporation 7 Series/C216 Chipset Family PCI 
Express Root Port 1 [8086:1e10] (rev c4)
00:1c.1 PCI bridge [0604]: Intel Corporation 7 Series/C210 Series Chipset 
Family PCI Express Root Port 2 [8086:1e12] (rev c4)
00:1c.2 PCI bridge [0604]: Intel Corporation 7 Series/C210 Series Chipset 
Family PCI Express Root Port 3 [8086:1e14] (rev c4)
00:1d.0 USB controller [0c03]: Intel Corporation 7 Series/C216 Chipset Family 
USB Enhanced Host Controller #1 [8086:1e26] (rev 04)
00:1f.0 ISA bridge [0601]: Intel Corporation HM76 Express Chipset LPC 
Controller [8086:1e59] (rev 04)
00:1f.2 SATA controller [0106]: Intel Corporation 7 Series Chipset Family 
6-port SATA Controller [AHCI mode] [8086:1e03] (rev 04)
00:1f.3 SMBus [0c05]: Intel Corporation 7 Series/C216 Chipset Family SMBus 
Controller [8086:1e22] (rev 04)
07:00.0 Network controller [0280]: Intel Corporation Centrino Advanced-N 6235 
[8086:088e] (rev 24)
08:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5209 PCI 
Express Card Reader [10ec:5209] (rev 01)
0e:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. 
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 0c)
(XEN) Initing memory sharing.
(XEN) Intel VT-d iommu 0 supported page sizes: 4kB.
(XEN) Intel VT-d iommu 1 supported page sizes: 4kB.
(XEN) Intel VT-d Snoop Control not enabled.
(XEN) Intel VT-d Dom0 DMA Passthrough not enabled.
(XEN) Intel VT-d Queued Invalidation enabled.
(XEN) Intel VT-d Interrupt Remapping enabled.
(XEN) Intel VT-d Shared EPT tables not enabled.
(XEN) I/O virtualisation enabled
(XEN)  - Dom0 mode: Relaxed

Re: [qubes-users] Qubes i3 Tips & Tricks

[pixel fairy]

On Tuesday, March 7, 2017 at 4:21:07 PM UTC-8, Eva Star wrote:
> Can somebody share screenshots of i3 ? Thanks

https://sietse.no/i3-wm-in-qubes-os

only image i could find. hope someone here posts one. im curious too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1c23e0d-043f-4ab1-9d4d-a7fca8b8e78d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-usb-proxy problem

[Franz]

On Mon, Mar 6, 2017 at 6:46 PM, haaber  wrote:

> Hello,
>
> My sys-usb is based on a modified fedora-24-minimal template. I did of
> course install qubes-usb-proxy in it, but --contradicting the qubes
> doc-- the qvm-usb command is not available. What might go on there?
> Thanks you, Bernhard
>
>
qvm- commands are available in dom0, which has access to all other VMs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCGOYzociokgTuYpNstyiXq4OLkHhGY6Qarcobpyfmmzw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] postfix

[lokedhs]

On Wednesday, 8 March 2017 14:08:29 UTC+8, Nick Darren  wrote:

> First, the commands I added to /rw/config/rc.local don't seem to run.
> Namely, it doesn't appear to be mounting the /usr/local/etc/postfix
> directory in /etc/postfix. Also postfix doesn't appear to be running on
> startup. How do we tell if that gets run correctly?

You have to set the executable bit on the script. If you don't do that, the 
script won't run.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54c7c1e6-68c6-4cc6-9c38-f8412f794f58%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes-usb-proxy problem

[haaber]

Hello,

My sys-usb is based on a modified fedora-24-minimal template. I did of
course install qubes-usb-proxy in it, but --contradicting the qubes
doc-- the qvm-usb command is not available. What might go on there?
Thanks you, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3290e17-e089-0872-0c88-092fa9dc999b%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: app-vm distorted sound

[legawrique]

вторник, 7 марта 2017 г., 11:21:48 UTC+3 пользователь legaw...@gmail.com 
написал:

I'll try with alsamixer and answer later (I have no alsamixer in that app-vm 
atm :\ )

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5203e2ed-81fb-414f-88b5-cdd75a8a3aa6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.