[qubes-users] offloading vagrant so qubes doesnt have to support it.

[pixel fairy]

I should start a support group for vagrant users who like qubes-os :(

Nested virtualization may become possible in qubes-4.x, but would come with an 
increased attack surface and some other complications. for one thing, 
virtualbox doesnt run in xen, and thats the mostly solid platform for vagrant. 
kvm is faster when it runs, but has other issues. by putting vagrant on a 
server dedicated to it, you get faster vagrant runs, free up all that memory, 
and you can screen/tmux the session and come back to later. all for the cost of 
needing that damn internet connection. 

the cost of hardware is not much. most of it is ram, and an an ssd. no need for 
fancy graphics cards or anything else.

finally made one and started using it. its just linux virtualbox for now. it 
has user accounts for all of us, and one shared account with all our keys. 
tmux, vim, etc also installed so we can have a pleasant and comfortable 
collaboration environment, but we havent used that yet.

to get around the issue of running the same vagrant file at the same time, we 
set an environment variable in ~/.bashrc. heres a "template" multi machine 
vagrant file.

# -*- mode: ruby -*-
# vi: set ft=ruby :

if ENV.has_key?('v6prefix')
  v6prefix = ENV['v6prefix']
else
  v6prefix = "fd96:8025:fb27::"
end

VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "bento/ubuntu-16.04"
  config.vm.define "server" do |server|
server.vm.hostname = "server"
server.vm.network "private_network", ip: v6prefix + "51"
  end
  config.vm.define "client" do |client|
client.vm.hostname = "client"
client.vm.network "private_network", ip: v6prefix + "52"
  end
end

tried kvm, with one big kvm for virtualbox so we could have both. but, 
virtualbox doesnt run in kvm (thought i remember doing it in the past)

ive run virtualbox and kvm in vmware, so maybe esxi would a better host for 
this. to those cringing right now, vagrant is just a test environment. your not 
supposed to put anything important, let alone sensitive in there. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32c1a559-ec81-4078-b2e2-97edeedc23b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Drew White]

On Thursday, 22 September 2016 12:23:31 UTC+10, Andrew David Wong  wrote:
> Then your TemplateBasedHVM is an AppVM. But it doesn't follow from that
> fact that TemplateBasedHVMs should be called "AppVMs" rather than
> "TemplateBasedHVMs." The reason is simple: Some TemplateBasedHVMs are
> AppVMs, but not all AppVMs are TemplateBasedHVMs.
> 

So they should then be AppHVM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7f75b21-8c11-4923-9490-0903bba41235%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-21 18:43, Drew White wrote:
> On Thursday, 22 September 2016 11:26:12 UTC+10, Andrew David Wong  wrote:
>> No, the term "AppVM" (Application Virtual Machine) is a functional term.
>> It simply refers to any VM that is intended for running software
>> applications. AppVMs can be either TemplateBasedVMs or StandaloneVMs
>> (but never TemplateVMs), and the designation is independent of the
>> underlying virtualization method (PV, HVM, etc.).
> 
> But my non-standalone HVM is used and intended for running software, as you 
> say.
> 
> My HVM is a template based VM, it even has Qubes extensions in it and more.
> It runs the same as any other AppVM.

Then your TemplateBasedHVM is an AppVM. But it doesn't follow from that
fact that TemplateBasedHVMs should be called "AppVMs" rather than
"TemplateBasedHVMs." The reason is simple: Some TemplateBasedHVMs are
AppVMs, but not all AppVMs are TemplateBasedHVMs.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX40CRAAoJENtN07w5UDAwdWgP/R7absnrk8OvF/uEQMAEpREF
X//TLoSdToVNjlQdIzI/iQQswInZQotNwKE0I/ix1zmdhPpjOPtMmOJX7JJiPxHD
hJlQYAG/ROEFsQVkGfLZck1bdKerHsciXvsaDaULZ7wK9+3FSeN2a9LT/fkyRWdJ
K9x6ydnTjd74nHVavKJ9BzxgpC5sOAHWhu2iMdN9rxzWSF12d35X5J5C4WAdGgDY
Xq6ZnaEUMrWcjTJ6lWaa37k9AY/vtQKYjnzXyORv1mbB7DxNEd1VLSp0oo75lx46
HkoqeKwvq0G/rmCr/pU02Snv8c855/VVPLRPYgNwgq7/slH/mSf5RlOOKdNKfn/P
GbVj1tk+C2NXpqVLnU+RqC2cGuCgVznxUYsGuvWuaAvvweo5S74cHd5oad1HrPdO
B6nlv7tbrX7EqB6SzhE3K/+EcV1+lVhhodU54ou3/evYG9NTa4RQOzp5WSQazSvx
g8/xi4YghWPgo71lPELEehW117F8yBp5ldNCdJ61k+OV5ulwiviNW0JkFhtaKoS2
+dc33YxpBJn3w1EXODFZ0N+dSv/okd/FX1FgCAMP246o3iIOSwrct1cTMmauKuud
owC6yZSwMD2UugaLMr2usMDjSatDnGoDVu+NknN+U+taDmElh5RMwjB5UKPscRxy
RnRn4FOdoMfHpnk4n4z/
=FFdO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6619316e-2bfa-4a38-ca94-02d598c4525e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] hosts file.

[Drew White]

Hi Qubes devs,

Can you please point out how I can make the system STOP overwriting the HOSTS 
FILE?

I have different domains targeted to 127.0.0.1
then when I boot, you automatically overwrite anything that is...
127.0.0.1 mynewdomain.name

to

127.0.0.1 thismachinehostname

This is really frustrating.
I'm having to now alter the entire system config to target a hosts file on my 
RW directory.

This is a STANDALONE guest, and thus shouldn't have anything like that 
happening.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0638adb3-73ab-4f21-9cf6-7832562d9b90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Drew White]

On Thursday, 22 September 2016 11:26:12 UTC+10, Andrew David Wong  wrote:
> No, the term "AppVM" (Application Virtual Machine) is a functional term.
> It simply refers to any VM that is intended for running software
> applications. AppVMs can be either TemplateBasedVMs or StandaloneVMs
> (but never TemplateVMs), and the designation is independent of the
> underlying virtualization method (PV, HVM, etc.).

But my non-standalone HVM is used and intended for running software, as you say.

My HVM is a template based VM, it even has Qubes extensions in it and more.
It runs the same as any other AppVM.
It is PV and HVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/daec0ea7-897b-4f08-a505-08bf0b1c3511%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: NVIDIA GeForce

[Drew White]

On Wednesday, 21 September 2016 17:21:40 UTC+10, johny...@sigaint.org  wrote:
> The screen corruption problem I was seeing was in 3.2 (rc1 I think), and
> the fix was in the VM's (Debian-8/Redhat-23) not dom0.  (It was something
> to do with accessing freed/reallocated memory once swapping started, if I
> remember correctly.)
> 
> JJ

I had the issue in Fedora 23, 22, 21.
Thing is, mine didn't have any swapping.
I had RAM, no swap space/partition on the drive (that's how I re partitioned it)

I have enough RAM that I just allocate full RAM, no swapping needed and no 
balancing. It just uses the RAM it's been assigned.

My guests either run 256MB, 1024MB, 2048MB, 4096MB RAM. Depending on what they 
are used for and the actual O/S they have.

So if it was the swap, then I should not have been affected. If it wasn't, then 
that's why it affected me too. :}

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5142090c-7952-4236-b558-5c4657317904%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-21 18:22, Drew White wrote:
> On Thursday, 22 September 2016 11:07:39 UTC+10, Andrew David Wong  wrote:
>> Correction: "HVM" usually refers to a StandaloneHVM, not a
>> TemplateBasedHVM. We don't actually have a term for a TemplateBasedHVM
>> (so I'm adding that to the glossary now).
>>
> 
> It's called an AppVM.
> 

No, the term "AppVM" (Application Virtual Machine) is a functional term.
It simply refers to any VM that is intended for running software
applications. AppVMs can be either TemplateBasedVMs or StandaloneVMs
(but never TemplateVMs), and the designation is independent of the
underlying virtualization method (PV, HVM, etc.).

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4zMeAAoJENtN07w5UDAwKLMQAJSmyhEU8JhY/HChWRDdPW1d
CE5wnu99/N+oeEkF+Ltd9Tov6rx3jnU9lvamsCI5Ugd+5lPxg/TQfM5pfxaJwipU
ImKIPbI03hZf48df66o/BisNi3y0ZMGgWgitHSLo83HZ0CFnEXCxzDdoi3ycJpHf
3JNbr/IrROl7X0JOgsl3uztnhFhRJpY+HBI1nrQOEyYt8tdioScXP4BXP8WTY6G4
3vCCVtHO93ikOXjseKj0IJ/lyiCqGMmviFFcdQhrKk90nvmDdv8O2eGhGzn0CBU/
RBvHFKAOxOpL6gl7oNma2p/chfjIhIkhRp527bMKUTiIcKpTwsw2Dh0GgBgHe5Aw
BTZWswlmbB6gxQ5KeCahdcWkOQqEcoJ9qCYK00TcIqP6hBYgMxFk0gkAN9PuMteI
6JxbllDHKl9b0gKF2v7nzKu7rIlvloYrol9rVwtMRkwDmHTvMgjo26SETuGR5HrE
LGiL3Kb1hz+wzLPOsrr+kOD02cuk15kFnnbdqC0PHp25ZFEbSW++fdCE8FLO6+Dl
U9zsRZi9yJcBWKGNW1bgK2tUbB6IM9qVLTWHFmPW6IZS9S+1m5LSbS6BN1gUoIpd
vlPabda+6eziGREKS/UdtAY9g4Ry9MVY7G/BDjz3HPGCbccLYE/DI2ePldNnUKVj
wfWqAVFO3bddwcipgWvb
=9YoD
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a12eee92-8d71-a349-577f-b42a817b7944%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Drew White]

On Thursday, 22 September 2016 11:07:39 UTC+10, Andrew David Wong  wrote:
> Correction: "HVM" usually refers to a StandaloneHVM, not a
> TemplateBasedHVM. We don't actually have a term for a TemplateBasedHVM
> (so I'm adding that to the glossary now).
> 

It's called an AppVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/083816a7-2f50-4b7d-86f5-de813f57154d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Services not starting from services tab.

[Drew White]

Hi folks,

I have an issue with the starting of the services that are meant to be started 
when the guest is booted up.

I have mariadb and httpd in the list, but they aren't starting, nor are they in 
the list of chkconfig.

This is a standalone AppVM.

Please help.

Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b2e92d0-d1c8-4757-aee8-8f7f135078de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: rc.local iptables persistence on reboot

[Drew White]

On Sunday, 18 September 2016 10:14:15 UTC+10, nishi...@gmail.com  wrote:
> Hello,
> 
> Following Qubes documentation on firewall 
> https://www.qubes-os.org/doc/qubes-firewall/, I tried to put some basics 
> iptables rules into /rw/config/rc.local in an AppVM but they don't persist 
> after reboots :
> 
> iptables -F

Don't use -F, flushing removes the Qubes inherant IPTables.
Don't -P either.

#/bin/sh
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -I INPUT 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 3  -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 4  -p tcp --dport 443 -j ACCEPT 


> When I type "sudo iptables -L", they don't appear after rebooting the VM, I 
> have the same rules as before, it looks like the script isn't launched :( 
> This is weird because the file is executable ! ("sudo chmod +x rc.local"). 
> Also I tried to add sudo before every line but it didn't change the outcome.
> 

have you made sure it's executable? (ls -al)

If not, use the full command, not an abbreviated, because sometimes the 
abbreviated only affects user and group, not everyone.
"chmod 766 rc.local" ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3d6fd9e-4d66-4e1c-8b43-0ef8038ae612%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-21 18:03, Andrew David Wong wrote:
> On 2016-09-21 13:14, Otto Kratik wrote:
>> On Friday, September 16, 2016 at 4:44:10 PM UTC-4, Andrew David Wong wrote:
>>> I think you (or someone else) would have to put in the coding work in
>>> order to make this work in the desired way. However, a lot of work
>>> has already been done on the Archlinux Template (which, I assume,
>>> can be run as an HVM if desired, though I haven't tried it myself):
>>> https://www.qubes-os.org/doc/templates/archlinux/
>>> Some work has also been done on an Ubuntu template:
>>> https://www.qubes-os.org/doc/templates/ubuntu/
> 
>> Generally speaking, is it the case that running apps directly from a 
>> TemplateVM (whether it's Debian, Fedora, Arch, Ubuntu) is functionally 
>> equivalent and identical to operating that template/distro as a 
>> self-contained standalone HVM? Meaning if I wanted a Debian HVM, it's just 
>> as easy to clone my Debian TemplateVM and treat it as an HVM, instead of 
>> creating an actual new HVM the classic way and then installing a Debian ISO?
> 
>> Is there any fundamental intrinsic difference between how a Template behaves 
>> if used in this fashion, and how a normal HVM would behave?
> 
> 
> The term "TemplateVM" describes any VM that supplies its root
> filesystem to another VM. TemplateVMs are distinct from
> TemplateBasedVMs, which depend on other VMs for their rootfilesystems,
> and StandaloneVMs, which do neither. By contrast, the term "HVM"
> (Hardware Virtual Machine) refers to any "fully virtualized," or
> hardware-assisted, VM that utilizes the virtualization extensions of
> the host CPU (e.g., VT-x). HVMs are distinct from PV (paravirtualized)
> VMs, which do not require virtualization extensions from the host CPU,
> and other variants such as PVHVM (PV-on-HVM).
> 
> So, TemplateVMs and HVMs are categorically different. The former refers
> to the VM's degree of (in)dependence relative to other VMs in the
> system, whereas the latter refers to the manner in which a VM is
> virtualized. An HVM itself can be a TemplateVM (in which case it's
> called a "TemplateHVM"), a TemplateBasedVM (in which case it's
> typically just called an "HVM"), or a StandaloneVM (in which case it's
> called a "StandaloneHVM").
> 

Correction: "HVM" usually refers to a StandaloneHVM, not a
TemplateBasedHVM. We don't actually have a term for a TemplateBasedHVM
(so I'm adding that to the glossary now).

> For more on Qubes terminology, see the glossary:
> https://www.qubes-os.org/doc/glossary/
> 
> Since your question is about the functional or behavior differences
> between TemplateVMs and HVMs, I take it that what you're really
> interested in is the practical difference between using TemplateVMs and
> StandaloneVMs as VMs which do not depend on any other VM for their root
> filesystems.
> 
> The only significant difference I'm aware of is that using a TemplateVM
> allows you to retain the option of creating TemplateBasedVMs based on
> this TemplateVM in the future, whereas a StandaloneVM does not. If you
> one day decide that you'd like to have a TemplateBasedVMs based on your
> StandaloneVM, you'll have to re-create it as a TemplateVM. There's no
> (easy) way to turn a StandaloneVM into a TemplateVM.
> 
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4y7LAAoJENtN07w5UDAwu6sQAKW+Sw3Wj78yBUjjilB3pJgX
H2nFazvp7S9/UONmwPCDkNcYIKG1cqi6GxYepB4JPBhSZrzf9M0iJoYo+8xSHF7m
ZrieNE1Po2Bn2i8dtz6iFeyqQmyEvRe8n1q4LAysnOohJc8jdm6War5Zt97aSc+j
u9mb7haC1RDCJ5dByB9mhNxwELfbtzEYIgiVNP143eUNj+e3fhRGG/itAV+YQ02r
XY7gtPoYJ9Y24g58eklH4z0EYjMUAJHX83uEEDnEi82ocdtfrM1sS2V9OIv8951L
f1rsfebJpRZU8uTaOe/lFePqdi1JMOk80T54eJahOnIKZ7lH10olRQJKidDAdyLG
KsD3o5R6bn2gDvW/D9QVV0L7nx/Sn7nSa7CO4QnutOHEH9V52Pwa+eQsNa7OXBmu
v4R5D9spLRAl0RqAy3zdtzfuXAGu2PH5FQbn0U1Xwc40picpePigf6Ci6RfKtX2H
S5JqKqc4YeaCrmIZJMsQCgkJdSeABxfBVq34QFr3FvoFgIDqYRPMgzR/JVLUgIAl
Nz4j1euUZHhdYcP5uLIdAdHYoHhCFvdlh1nEyvMRbeCgDdb07Jo8GFDR4pxGP7TQ
ichAJoRGeq358JMIetQNgXqBtB370Lh4nUkPl63tKhvdYnzxzKl2bqRZqvPO5BUT
MrXkXwhiXlUA8jwkaOqt
=lv67
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/441b3750-91d1-fda8-ae00-c17d506568d6%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to install f.lux in qubes ? (screen dimmer orange)

[Max Zinkus]

Apparently so. I believe it's closed source though? Either way redshift is
effectively equivalent.

On Wed, Sep 21, 2016, 5:07 PM Sebastian Jug  wrote:

> On Wednesday, September 21, 2016 at 11:34:31 AM UTC-4, flux wrote:
> > The parameters for redshift are all very much so tunable to your
> preference, check out the documentation online.
> >
> >
> > Additionally, f.lux doesn't run on Linux iirc do it wouldn't work inside
> dom0, which is where it would have to be to dim the whole screen.
> >
> >
> >
> > On Wed, Sep 21, 2016, 5:02 AM fluux  wrote:
> > On Wednesday, September 21, 2016 at 12:33:00 PM UTC+2, flux wrote:
> >
> > > Redshift https://en.m.wikipedia.org/wiki/Redshift_(software)
> >
> > >
> >
> > > Is available to install via qubes-dom0-update
> >
> >
> >
> >
> >
> >
> >
> > redshift is too red , I would like to get the orange f.flux with the
> little window in the upper right corner where you can adjust the intensity.
> >
> >
> >
> > --
> >
> > You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> >
> > To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/y0rrL1NA9m8/unsubscribe.
> >
> > To unsubscribe from this group and all its topics, send an email to
> qubes-users...@googlegroups.com.
> >
> > To post to this group, send email to qubes...@googlegroups.com.
> >
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/4bde7928-e5ef-4a25-a64a-b445bf299af2%40googlegroups.com
> .
> >
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> > --
> >
> >
> > Max Zinkus
>
> Flux works very well on linux... https://justgetflux.com/linux.html
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/y0rrL1NA9m8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/32f79ff3-e5fc-40d6-b646-52787aecf816%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Max Zinkus

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEPNj4fhhdL3-ZKibrQMhfmO28d5pSe8dNP35yagNv8dkFHZ8A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to install f.lux in qubes ? (screen dimmer orange)

[Sebastian Jug]

On Wednesday, September 21, 2016 at 11:34:31 AM UTC-4, flux wrote:
> The parameters for redshift are all very much so tunable to your preference, 
> check out the documentation online.
> 
> 
> Additionally, f.lux doesn't run on Linux iirc do it wouldn't work inside 
> dom0, which is where it would have to be to dim the whole screen.
> 
> 
> 
> On Wed, Sep 21, 2016, 5:02 AM fluux  wrote:
> On Wednesday, September 21, 2016 at 12:33:00 PM UTC+2, flux wrote:
> 
> > Redshift https://en.m.wikipedia.org/wiki/Redshift_(software)
> 
> >
> 
> > Is available to install via qubes-dom0-update
> 
> 
> 
> 
> 
> 
> 
> redshift is too red , I would like to get the orange f.flux with the little 
> window in the upper right corner where you can adjust the intensity.
> 
> 
> 
> --
> 
> You received this message because you are subscribed to a topic in the Google 
> Groups "qubes-users" group.
> 
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/qubes-users/y0rrL1NA9m8/unsubscribe.
> 
> To unsubscribe from this group and all its topics, send an email to 
> qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/4bde7928-e5ef-4a25-a64a-b445bf299af2%40googlegroups.com.
> 
> For more options, visit https://groups.google.com/d/optout.
> 
> 
> -- 
> 
> 
> Max Zinkus

Flux works very well on linux... https://justgetflux.com/linux.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32f79ff3-e5fc-40d6-b646-52787aecf816%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.0 rc1 Error reset PCI network card in notebook

[Clark Venable]

Problem solved!

After a night's sleep and some more reading I found a thread which suggested 
removing the offending PCI device from the "Selected" panel in sys-net-->VM 
Settings-->Devices, leaving only my Intel Wireless controller available.

After a restart, when I selected the Networking icon from the system tray I was 
able to see wireless networks and successfully joined one.  I next launchd 
disposable VM and was able to load the fedoraproject.org page and now have 
network access in all vm's.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7f1c701-0fa3-49d2-9241-6ab6371b1a38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Otto Kratik]

On Friday, September 16, 2016 at 4:44:10 PM UTC-4, Andrew David Wong wrote:

> There's also a more general workaround for the screen resolution issue
> https://www.qubes-os.org/doc/linux-hvm-tips/

Thanks Andrew. I was able to use the instructions on that linked page to fix 
the screen resolution as desired. Much appreciated.


> (as well as a pointer regarding Qubes agents)

I'm not currently familiar enough with the inner workings or code underlying 
Qubes Agents to take a casual shot at customising them, but it's good to know 
for future reference what would need to be tweaked in order to modify mouse 
pointer behavior. For now I'll just live with the dual pointers in standard 
Linux HVM's.


> I think you (or someone else) would have to put in the coding work in
> order to make this work in the desired way. However, a lot of work
> has already been done on the Archlinux Template (which, I assume,
> can be run as an HVM if desired, though I haven't tried it myself):
> https://www.qubes-os.org/doc/templates/archlinux/
> Some work has also been done on an Ubuntu template:
> https://www.qubes-os.org/doc/templates/ubuntu/

Generally speaking, is it the case that running apps directly from a TemplateVM 
(whether it's Debian, Fedora, Arch, Ubuntu) is functionally equivalent and 
identical to operating that template/distro as a self-contained standalone HVM? 
Meaning if I wanted a Debian HVM, it's just as easy to clone my Debian 
TemplateVM and treat it as an HVM, instead of creating an actual new HVM the 
classic way and then installing a Debian ISO?

Is there any fundamental intrinsic difference between how a Template behaves if 
used in this fashion, and how a normal HVM would behave?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d4e2a49-5856-4e1e-be7a-95b49df2825e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to install f.lux in qubes ? (screen dimmer orange)

[Max Zinkus]

The parameters for redshift are all very much so tunable to your
preference, check out the documentation online.

Additionally, f.lux doesn't run on Linux iirc do it wouldn't work inside
dom0, which is where it would have to be to dim the whole screen.

On Wed, Sep 21, 2016, 5:02 AM fluux  wrote:

> On Wednesday, September 21, 2016 at 12:33:00 PM UTC+2, flux wrote:
> > Redshift https://en.m.wikipedia.org/wiki/Redshift_(software)
> >
> > Is available to install via qubes-dom0-update
>
>
>
> redshift is too red , I would like to get the orange f.flux with the
> little window in the upper right corner where you can adjust the intensity.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/y0rrL1NA9m8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/4bde7928-e5ef-4a25-a64a-b445bf299af2%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Max Zinkus

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEPNj4c91pkKOLuvEgMxzd1cymFcmYuBm4L8%3DD7d%2Bmxp1WfTSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to install f.lux in qubes ? (screen dimmer orange)

[fluux]

On Wednesday, September 21, 2016 at 12:33:00 PM UTC+2, flux wrote:
> Redshift https://en.m.wikipedia.org/wiki/Redshift_(software)
> 
> Is available to install via qubes-dom0-update



redshift is too red , I would like to get the orange f.flux with the little 
window in the upper right corner where you can adjust the intensity.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4bde7928-e5ef-4a25-a64a-b445bf299af2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.0 rc1 Error reset PCI network card in notebook

[Clark Venable]

It's a System76 Lemur.  I had wanted to add to the hardware compatibility 
listing at qubes-os.org but never go to the point where I could run the script 
and get the result off the machine (so I took a pic):

BIOS 5.11
Xen: 4.6.0
Kernel 4.1.13-9

Intel Core i3-6100U @ 2.30GHz
Chipset: Sky Lake.
VGA:  Sky Lake integrated Graphics

Net:
Realtek Semiconductor Co RTL8111/8168/8411 PCI Express Gigabit Ethernet
Intel Corporation Wireless 3165 (rev 81)

SCSI: Samsung SSD 850  Rev: 1B6Q

HVM: Active
I/O MMU: Active
TPM: Device not found

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c43c1f7-30a6-47b4-9767-9e2d0cefc69f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to install f.lux in qubes ? (screen dimmer orange)

[flux]

Redshift https://en.m.wikipedia.org/wiki/Redshift_(software)

Is available to install via qubes-dom0-update

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc5920bf-76d8-44c5-a889-68ce16fb6f68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2 rc3 Install app crashing

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-20 19:32, Philo Phineas Frederiksen wrote:
> I'm trying to install into a preexisting encrypted btrfs partition. 
> 
> One:  The installer won't create /boot on encrypted btrfs.  What's up with 
> that?  My Manjaro /boot lives there, and works just fine.
> 

I wonder if this is somehow related:

https://github.com/QubesOS/qubes-issues/issues/2294

Are any of the comments on that issue helpful to you?

> Two:  I put /boot on a USB key.  Create /, /var, and /home subvolumes on the 
> btrfs partition, plus the use the preexisting /boot/efi partition.  Plus I 
> unlock the swap partition... there doesn't seem to be a way to tell the 
> install app to use it... will it do so automatically?
> 

No, you'd have to specify those partitions in the
installer. Normally, there should be a point in the
installation process at which you can do that, but it
sounds like the previous issue is preventing you from
reaching that point.

> Then the installer crashes.
> 
> I saw something about 4.0 coming soon.  Should I just wait for that?
> 

No, it's 3.2 that's coming out soon. 4.0 is on the
horizon, but probably not soon enough that you'd
want to wait.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4mANAAoJENtN07w5UDAwGdoQAJaC4CoVXcpAEnQ5JIAyxDeA
ql7/V6Gbyirt8Mk3ABkkUqjdXjGP4lTvuFYreZ1sZUzZ0xLcwAiNISfBqxL6oD9h
z/iUgY8c4qaSNFvXcRsliYhD0jGRgrAHWDPPfAGL4jYpaJxSuSdOgxTLu8bW4wJA
iqeHmX5naFji1o7czmU4whiueTnQxjCGnwtRWPIbuiMu01ABfzGHy8FPKg04A6uE
yxAb+He9FXVVpHaVC8xAuDd/+Pquls9SZztcEdtA24lb0sblDM2pSle3KfhGjOtb
BbhJMFABjJ5C2mzOE2MBIay/I0hLKMoBi+o0f8eNamFh5lFAiCUnpjLrpgHdwxd9
Z+ehmEp4rZt618PvmgHjIRvG7jFUT1kmhlyFCBDAIdLBU6r+TtkoAyEXi1IU0y1d
55RBw5f8rKEpA/dMiTFt1gZ/mwG1nOPsEQw4g+kvHawwDhjLTfqFzsPOHsJvr3/w
k8jp4R4vD9YBmTKepXe5pMFpyDdsaO7cw0nZ87uGvrtKhfG6+UldBtGvVuiXXKOe
zJQQ8Lp9gMS5fi19dZhn2VfgkS2o7Gp/VZ32k6qSozUsfc92ztgU3t/GVWnTGvGL
wiHhNQHtlJB92GF6VH2ko3kT7IRVKX9uUpq8wDHXVVue0gctV63jAtcn4M+vWWUY
GOAY0Y+vlfQy4CoetaV2
=TcVG
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c5d7a6c-ecb4-042e-a94f-c04b6393b800%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often

[Robert Mittendorf]

Am 09/20/2016 um 10:29 PM schrieb Chris Laprise:


This is a good candidate for filing an issue, but mainly for this 
situation -- "A warning if an upstream VM does not implement the 
firewall rules", which should include connecting to netvms.


IIRC, Qubes Manager used to grey-out the firewall tab for any vm that 
was connected to a netvm. That doesn't appear to be the case now in R3.2.


As for idea 'b', I'd disagree with that. Chained proxyvms are probably 
more common than you think.


Chris


Hey Chris,

sorry for my first answer directly to you - I expected a mailing list to 
set/replace the "answer to" field


I still use 3.1! firewall rules are disabled for NetVMs, but not 
dynamically for VMs that are not connected to a proxy VM.


I'm curious - do you have an example for a usefull local proxy(VM) chain?


Am 09/21/2016 um 12:07 PM schrieb Andrew David Wong

Normally, it wouldn't make sense to try to enforce
firewall rules for a FirewallVM. That's why the default
sys-firewall and sys-net work the way they do. However,
if you have a need for this, you're free to create your own
FirewallVMs and chain them together.

I agree - that is why my idea was to disable firewall rules for proxy VMs.

2) I can configure firewall rules for a AppVM, which will not be active if that 
VM is connected

Assuming you meant "unconnected," that's right.

Actually I meant connected to a NetVM and thereby the internet. Sorry.

And: What happens if a ProxyVM does not implement the firewall service, or if 
the firewall service crashes in the ProxyVM ?
I cannot find more information about the firewall mechanism than "centrally managed 
in Dom0 and exposed to each Proxy VM through Xen store" from 
http://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html

Take a look at these pages:

https://www.qubes-os.org/doc/qubes-firewall/

https://www.qubes-os.org/doc/networking/
I looked at the firewall page. The networking pages seems to miss 
exactly the information I'm looking for in the "Firewall and Proxy VMs" 
section - like how the information from xen store is loaded within the 
proxyVM and what happens, if something failes (e.g. Is there a risk that 
proxying works, but firewall rules are ignored ?)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c649166-b766-0f73-d452-b1fbec914f36%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do you install external USB WiFi adapters..?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-20 16:54, neilhard...@gmail.com wrote:
> I plug in a USB WiFi adapter.
> 
> I go to sys-usb, and run "lsusb".
> 
> It shows up there as, "Bus 002 Device 028: ID 148f:3070 Ralink Technology, 
> Corp. RT2870/RT3070 Wireless Adapter"
> 
> What happens next..?
> 
> How do I get this to the point where it can be used..?
> 
> Thanks
> 

It might be easier to attach that device to sys-net instead.
You can first assign the USB controller to sys-net (and
unassign it from sys-usb), reboot, then plug in the USB
Wi-Fi adapter. You may need to install drivers for the
adapter. If everything is working correctly, it should be
available in NetworkManager.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4l3vAAoJENtN07w5UDAw5GQQALFJ8mIDOM+7k4wHguBGRjRO
NKJCwR9bh50VHOXjxGEMdG8+EoN8oMhEFrpnSRTdAmB+o6CisxPKwoIRICrfLu0b
CXW+qW0HGqTb8QzQsSINUwXbdSg9DTysNdexNTKK8w8PoAFUAcfjz3SMR1BODy0Q
/gpstO2jRKQx/HzhejeVHti3EIhj63MxxgWjFBov42urq2+0NQv/3gcaJplf9xdv
KkNXPVWiy8cQmiNj76FLMuwbX/rybWJ6SuNh2edlF/Jd7VtlcpqC/eP6mIl9qP/y
Evjw1xt4DFBvBgwC7H6lswZsiSxmkpTaqeQwWFLHGi1KfGyp5ngi/tLCQJLjH/oD
yTRR5DxPhDuqFDjtjjhCn2/uiPGkPPb+WSm9HkmQSSbDXEXy3XgQbId7aidAiJ8l
OePOFlqG+kv+K7VcB8auSzNQYTfGKDejY2BkkFAT+sYoqn9LkR9P008q7odifLFZ
Y0xC1HymZS3Rx2aAb0rsNUv19cR3vM7rGeDXytxmBE+MAyH3I2qmcekS1+31ZASV
TJH2xOLzQz7arcfZvxfmaUO3nQIpQHja6fCvO1IEVnndOpEhl6ehl2ekStJ8euti
09MyapuNndVrjOdp4oBsEnAQn4d3S8a3k2kcqPonAJHnKxwOsX4LuQxSPXK2of/P
fFapOKXck/jclyXDLork
=eNyu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0c7fe11-5d86-41b1-0271-b40798b4e71e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-21 03:07, Andrew David Wong wrote:
> On 2016-09-20 10:16, mittend...@digitrace.de wrote:
>> [...]
> Thanks! This general suggestion has previously been made
> and is currently being tracked here:
> 
> https://github.com/QubesOS/qubes-issues/issues/2003
> 

I've added your message as a comment on this issue:

https://github.com/QubesOS/qubes-issues/issues/2003#issuecomment-248568150

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4lzCAAoJENtN07w5UDAwhEsQAJmC34SCoubo1HUS8EzTpMGU
H0ksRALLGxGa1A3MYG2RprLZt/WYI+CbF+XvnDuGsHENuH1Kuq5CICP1NvZoyRgC
jL8ocmDF9Y6tRwQ+TvZojF/eJG02nnjKPiIKUDDLDEm8fk9Un23NScgWDuQSKXBv
qWmomiwFe7T1bWd9oF/ljbqNXALyHxkQvu38CgcNzK0JWmoR1RXaBxGv6i86oK9Z
2M08CZGMqz5I3fZ8HQpEjrL+2xGDL8jWCvV7pTTsgTh+WhMR0Weyoe1ND+1ACoRd
q4yKT06pnxbf1mvbQCLWwH5Xok6IF1CVaNUNbRXAFHX5GDAUNJ3qG61VbR3OYw+q
BGIEonmhEZRuosQuSlGn+5Zdkn7qdLgd0kr3H5s1+3Y+XBSqIMehj5X4dMHpf/Wl
GTGrifCbdERo0J/DFiPuwL4IYroYah7VceockisrgATJuLgQaOb8cJhHsvG5sGkj
8FDIHk4HmU5UI6DEMni/gOmMpkN8WfDA/SfWO2jJZKk37loAGxZdvOy3C6bYfYSz
SAne+wrpNSW0RBnnZsTOs+DhS1951IDwXm76CB/mXGeaDQUDsh+Rdptq+ZtVlnyA
uAer2BnF62S1bxP5DTVQksyyDT5e5eeJ5cAnM7alCFWXL9M3/jpfIvA5LG8EjAEi
3Qb8PGviHiekRKGXmOG0
=w9Su
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba961229-0f0f-f2bb-7af2-e033d2665505%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-20 10:16, mittend...@digitrace.de wrote:
> Hey,
> 
> Firewall rules are set for a specific VM/Qube. From common understanding 
> people would probably think that those rules are active no matter what 
> happens outside of that very VM/Qube, but in fact it seems like those rules 
> are active if and only if there is an ProxyVM connected to that VM/Qube.
> 
> Examples:
> 
> 1) I can configure firewall rules for a ProxyVM, but they are not actived, if 
> that ProxyVM is connected to a NetVM (if I connect another ProxyVM in 
> between, this might probably work?!)
> 

Correct. Normally, it wouldn't make sense to try to enforce
firewall rules for a FirewallVM. That's why the default
sys-firewall and sys-net work the way they do. However,
if you have a need for this, you're free to create your own
FirewallVMs and chain them together.

> 2) I can configure firewall rules for a AppVM, which will not be active if 
> that VM is connected
> 

Assuming you meant "unconnected," that's right. The reasoning
here is that the purpose of firewall rules is to govern network
traffic. But if a VM has no NetVM (i.e., has no network access
at all), then there's no network traffic to govern.

> And: What happens if a ProxyVM does not implement the firewall service, or if 
> the firewall service crashes in the ProxyVM ?
> I cannot find more information about the firewall mechanism than "centrally 
> managed in Dom0 and exposed to each Proxy VM through Xen store" from 
> http://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html
> 

Take a look at these pages:

https://www.qubes-os.org/doc/qubes-firewall/

https://www.qubes-os.org/doc/networking/

> Ideas:
> a) A warning if an AppVM is (about to be) connected to a NetVM (instead of a 
> ProxyVM).
> 
> b) Do not allow "firewall rules" being set for ProxyVMs (I think Proxy-Chains 
> are rather unlikely being used?!)
> 
> c) A warning about DNS-Names in firewall rules
> 
> [c) A warning if a connected ProxyVM does not activate the firewall rules]

Thanks! This general suggestion has previously been made
and is currently being tracked here:

https://github.com/QubesOS/qubes-issues/issues/2003

Also related:

https://github.com/QubesOS/qubes-issues/issues/2248

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4lvEAAoJENtN07w5UDAwgzwQAMou4iQfl/BV90/VJp7FO5X0
nOiqR2Mqc1094tsCuX1Lysqbsal0jUhmbAVXuxqR3iFkZiXO3u8p3o8VD1TNrZQM
Ffd2XGOrIEjGosB2CZS1mj6D/vUv8kg33eqQbmREbVU3mCzoqYoIe4NXHi5NLcHC
IJYJOFO+WqFHXhk6AEHF0F+pL2p+Vaa1macJ5XiuXzhOuwlghNGYgObllLMo2jJe
uPea/S+vqVtf5VIYJ5rKm39i+qjZIsCIWRI7SxkrNQ0EgpY5tMRPPPyAb7RVNAQu
+OSgS3YDH40y0b+fVcWQofwGGYbZU5KXZE72F0VXpycdV0XgknEJ/AqNVLWJnPwH
G97gK90CkwHboW9F9GxS0FH+cOP6V4VkLh9SujO5adhaROio5c3hCjDJuFTeQTIg
8O088SAMGUIxmjnEpuxFCeQew4BSc23NDl2ru16Z81lMuIuqgj6TXim924E14syx
YhHjQL3iyQK34n2rLmqLcHr4GDa5sQzGRfclJx9rfkiAbtFACPywlka/zaq0Y85q
kgk5IDto7yL9Zsq7OD9clSlvtg6TNbI9fL19bC8l7iV+MJ5kiFGSNraWd+RMn9dd
tA7sVaqCKqNnteWVFjsITzwDIUwAeTCldPLtwzUk0Hkofi1ebWksMVrgg/SSLvtK
HpKs3MEub72u25IfgCVp
=CxIx
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9e56f9a-d8e1-9f85-f00b-6e83902fbc29%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Windows 7 / 10

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-20 08:30, Pawel Debski wrote:
> W dniu niedziela, 18 września 2016 17:21:47 UTC+2 użytkownik ludwig jaffe 
> napisał:
>> On Saturday, September 17, 2016 at 3:55:58 AM UTC-4, Pawel Debski wrote:
>>> Folks,
>>> 
>>> I have Qubes 3.2 up, updated &
>>> running like a charm. Now the Microsoft challenge. The doc @
>>> https://www.qubes-os.org/doc/windows-appvms/ instructs to use
>>> Windows 7. Do you suggest to stick with version 7 or go ahead to
>>> 10 / 8?
>>>
>>>   
>>> 
>>> -- 
>>>
>>>   
>>>
>>> Z powazaniem / Best Regards
>>>
>>> Mit freundlichen Gruessen / Meilleures salutations
>>>
>>> Pawel Debski
>>
>> Hi I run windows10 w/o windows tools and I replace cut and paste with an 
>> editor to generate a file and then I ssh to the other machines.
>> Also files I can tar.gz and ssh.
>>
>> Here it is good to install cygwin on the windows10, and 
>> also you want to install classic shell and remove cortana, the spy.
>> I did this and it works
> 
> Now I have Windows 7 up and running, but I have some minor stability problems 
> - I used testing version of Qubes Windows Tools as there was no stable 
> version avaiable.
> 
> Did I do something wrong or indeed there is no stable version of Qubes 
> Windows Tools?
> 

Correct. There is currently no stable version of Qubes Windows Tools.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4llCAAoJENtN07w5UDAwjv4P/0PIkWGhu+9V899kw2U9tXql
4l/wF7aspLSrout+FhFJTFUslpkYBhFQonsaijWPxLwX/EySM5oPNBR+L63fpTII
BtGVwSBf4jfOvUc9dm287pL6qSmvARMAyPA313azKJ37ISbz1lYzXfNy/0BM8yr2
u6USucFvvU1N+Uv9HVXwEvYRJYl7zZLVUidXvTKMuvgSUabcDYFTOHg5HhDStWR3
igkuP10lcOx3YBwLEeE3fynsUnFvi5TOgtsR12BRuWQb8zDaNTKclag2TYIW9mLK
H0XLb5Rcr6+7WMoDy7/OiWM89V/P6PQH/9EcMTQ/6u69ewY+sPglLIqfZIZ8umj4
xyfbiLGJj0oC7gjjIHQhwpTuoTNdCgCM4X1f5gUK819kzZyuMMayhhp9YIXvepUj
j2Q2fCar2uTPLwTZ07DCuULyaMqTJmQpadX6YigLx9nt3eN5FAtvaiT7pEoh0V/3
YhVIpb4NzC46R/NvOXVCiixz0JM3J/38DW2AXaD5ClJqJ7tvBesv4CiC+4k0Id9h
qWCZsPcq1TZrHAknaZEhBsXh7s+OFtV+2pC6maKnfSqwXGDBLmVTNuQBrqQ98CLj
yoepLaW0+Q2oTTrLmkp7SUQYYkOYUBtupLhEez66D1tIoafA/7CNDIAQxHd4dzbY
ntoqXwpm+xNNXHD1UDbO
=+0yU
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b15cc987-2c33-9360-9035-47c17dada2ac%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes desktop random freezes on Thinkpad T500

[Simon]

Hello,

Qubes 3.2 rc3 GUI randomly "freezes" (about once a week), making the 
system
effectively hardly usable for any real work (too unreliable), on a 
Thinkpad

T500 / Core2 Duo.

Actually such freeze affects the desktop and windows display only:

- Applications still continue to run in the background,
- The mouse cursor can still be moved, it even changes appropriately 
when

  blindly reaching what correspond to a window border,
- I can switch back-and-forth to a text console (this one didn't work 
with

  KDE issue),

I had the very same issue with Qubes previous release, but I managed to 
avoid
it by setting KWin to use XRender instead of OpenGL as compositing 
engine.


Details on the workaround are available here:
https://unix.stackexchange.com/a/268935/53965

This laptop has two graphical chipsets, only the selected one (BIOS 
setting)
being detectable by the OS at any given time. The original issue 
affecting KDE
affected both the ATI Mobility Radeon HD 3650 and the Intel i915, so it 
was

clearly no driver dependent.

Currently I can only test it with the ATI Radeon card since, due to 
another
unrelated issue Qubes does not seem to support the i915 graphical 
chipset
anymore (both at install and boot time, no problem in running Fedora 
Live so

this is clearly a Qubes / Xen specific issue).

This old post let me think that other people may encounter a similar 
issue when

running Qubes on a T500:
https://groups.google.com/forum/#!msg/qubes-users/niQNPauEDkU/oDySb6vDGU8J

I am not up to the highest graphical performances (as for now Qubes 
would not
be the wisest choice for this IMHO), but I would like a reliable system 
which

is not prone to loose all unsaved work at any time.

For now, I tried to disable compositing and automatically hide the dock 
to
compensate the lack of transparency. This is not very practical but 
otherwise
all those bright red and yellow icons are too much distracting. While I 
feel
back on a pre-2000 era system, at least I hope it may make Qubes a 
minimum

reliable (crossing my fingers...).

I was happy for months with the XRender workaround in KDE, so if anybody 
knows
any equivalent in the XFCE world or any other way to fix this he will 
have all

my gratitude :) !

Best regards,
Simon.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c035e7ae230d9d8fdc3b4b4d0c637a27%40whitewinterwolf.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: NVIDIA GeForce

[johnyjukya]

> On Wednesday, 21 September 2016 02:25:15 UTC+10, johny...@sigaint.org
> wrote:
>> > On Sunday, September 11, 2016 at 11:11:28 PM UTC-4, Drew White wrote:
>> >> On Friday, 9 September 2016 18:58:51 UTC+10, Thomas Ernst  wrote:
>> >> > Hi all,
>> >> >
>> >> > Does Qubes support NVIDIA GeForce graphics cards? The reason for
>> >> asking is that I am planing to buy a Lenovo ThinkPad T460p Laptop,
>> >> which has a NVIDIA GeForce 940MX 2 GB graphics card.
>> >> >
>> >> > Best,
>> >> >
>> >> > Thomas
>> >>
>> >> I have a GeForce GTX630 and a Quadro 600 in my machine, and both work
>> >> well with no issues.
>> >>
>> >> The Thinkpads work well with Qubes.
>> >> the T530 is very nice and works well.
>> >> So the Pro T460 should also be quite acceptable.
>> >>
>> >> As long as you have 4 or more threads, you can use qubes easily.
>> >
>> > I have gtx 650 ti.  works great.   I would research how the card
>> perform
>> > with open source linux drivers in general before buying.
>>
>> I have a GeForce6100SM-M2.  It's on-board nVidia card crashes (diagonal
>> stripes) after a bit of usage (almost seems to happen when memory gets
>> low).
>>
>> I've tried all the BIOS settings, etc., with no luck.  (The same thing
>> occurs under Tails, FYI.)
>>
>> With a PCI GeForce7300 GT inserted (and the on-board video disabled),
>> things work just fine.
>>
>> (Note that in 3.1, and 3.2 up until rc2? I think, there was a bug where
>> the VM's would get screen corruption.  rc2 and beyond have fixed this
>> problem.)
>>
>> Cheers.
>>
>> JJ
>
> I only got screen corruption AFTER upgrading to 3.2, then I did a full
> update of Dom0 to get rid of that because there was a fix that came out
> for it.
> However it didn't happen often. I never found out the reason why it
> happened, because I saw there was a fix for it.
> 3.1 didn't EVER have the screen corruption for me.
> And I was using Dual Monitors and dual Quadro600's

The screen corruption problem I was seeing was in 3.2 (rc1 I think), and
the fix was in the VM's (Debian-8/Redhat-23) not dom0.  (It was something
to do with accessing freed/reallocated memory once swapping started, if I
remember correctly.)

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a30f6877dcb0bd489005ee6bdd19a8d.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Purchase Order No 5011.2311

[Drew White]

This post is spam, please delete the thread and isnore any mailouts for this 
attachment.


On Wednesday, 21 September 2016 12:13:17 UTC+10, Bees Digital  wrote:
> Good day,
> 
> 
> 
> 
> 
> Kindly find the attached purchase order contract draft for your reference.
> 
> Study carefully and inform me if you have any corrections or inclusions to 
> make.
> 
> Thanks
> 
> -- 
> 
> 
> Bees digital
> No.649/1/1,Galle Road, Panadura.
> E mail: beesdig...@gmail.com
> Tel. 038 22 350 50 / 077 10 99 284

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a127a68-cc85-413c-b741-67aec2999beb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Building Qubes on alternate version of Linux for Dom0 as well as guests...

[Drew White]

On Wednesday, 21 September 2016 15:51:04 UTC+10, J. Eppler  wrote:
> Hello, 
> 
> did you had any luck with this documentation: 
> https://www.qubes-os.org/doc/#building
> 
> The first question what other OS do you want to use?
> 
> Second if the instructions are not helpful have a look at the source code. 
> Qubes has a builder framework. The building process, for templates and Dom0, 
> is done in a chroot environment. At least as I understand it.

Thanks for the reply J. Eppler, but you have referred me to the same place I am 
talking about, and to files that I am talking about.

The answer to your question is.. BSD derivatives, Debian Derivatives.

Yes, I understand that it's done something in a chroot environment, but that 
doesn't help me understand it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/93f36a09-80f2-4cd4-a420-a0d80da7b396%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.