[qubes-users] Re: HDD disk full

[Reg Tiangha]

On 03/23/2017 11:41 PM, William Fisher wrote:
> Thank you. I'll try it. What's the command to start gparted?
>
You can type gparted on the command line, or it'll show up in your
application menu and you can start it that way.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ob2bk9%24pcm%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: HDD disk full

[William Fisher]

Thank you. I'll try it. What's the command to start gparted?
On Fri, Mar 24, 2017 at 12:37 AM Reg Tiangha 
wrote:

> On 03/23/2017 11:31 PM, William Fisher wrote:
> > Could you tell me how to reformat the 1TB HD to ext4?
> > Is it in the manual somewhere?
> >
> What you could do (assuming you already have Qubes running on your
> machine) is install gparted in a VM (it's available in both Debian and
> Fedora), attach your blank drive to that VM, and then use gparted to
> reformat it into whatever file system and whatever partition layout you
> want. If you've ever used something like Partition Magic in Windows,
> it's similar to that. You could also theoretically install it in dom0,
> but if you're trying to maintain the security model of Qubes, you should
> try to avoid installing as much extra stuff in dom0 as you can, and
> running gparted in a VM to work on hard drives works just as well (I've
> done it myself).
>
> http://gparted.org/
>
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/jVFIsydHntk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/ob2ba1%24b7e%241%40blaine.gmane.org
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJyh_i9DkuA18%2BtJfF3BXJ%3DJLewn6R9E_C_81LEd7xRhD0tGEA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HDD disk full

[Reg Tiangha]

On 03/23/2017 11:31 PM, William Fisher wrote:
> Could you tell me how to reformat the 1TB HD to ext4?
> Is it in the manual somewhere?
>
What you could do (assuming you already have Qubes running on your
machine) is install gparted in a VM (it's available in both Debian and
Fedora), attach your blank drive to that VM, and then use gparted to
reformat it into whatever file system and whatever partition layout you
want. If you've ever used something like Partition Magic in Windows,
it's similar to that. You could also theoretically install it in dom0,
but if you're trying to maintain the security model of Qubes, you should
try to avoid installing as much extra stuff in dom0 as you can, and
running gparted in a VM to work on hard drives works just as well (I've
done it myself).

http://gparted.org/



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ob2ba1%24b7e%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HDD disk full

[William Fisher]

Could you tell me how to reformat the 1TB HD to ext4?
Is it in the manual somewhere?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19b30650-ddd8-43f7-8187-143f82d0e038%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HDD disk full

[Reg Tiangha]

On 03/23/2017 11:22 PM, William Fisher wrote:
> I run qubes off a SSD and have a blank 1TB drive installed. Qubes sees it as 
> 1TB "storage" but when I try to back up my VMs to it Qubes manager stops 
> after 4GB and reports "disk is full". A USB HD backup by Qubes work fine with 
> 65GB.
> How can I fix my 1TB internal HD. It was formatted with FAT32
>
The file size limit of FAT32 is 4GB; you can't have files larger than
that size on that file system. You'd have to reformat that drive to a
file system that supports files bigger than 4GB. NTFS does it, but if
this is just to be used for Qubes or as a temporary stopgap measure,
you're probably better off making it ext4; I'm not sure how Qubes/Linux
would handle writing to NTFS. It could probably do it, but with large
files, who knows how it'll perform or how reliable it'll be since NTFS
support in Linux is all reverse-engineered as the specification was
never released by Microsoft, to my knowledge.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ob2ank%24ahc%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HDD disk full

[William Fisher]

I run qubes off a SSD and have a blank 1TB drive installed. Qubes sees it as 
1TB "storage" but when I try to back up my VMs to it Qubes manager stops after 
4GB and reports "disk is full". A USB HD backup by Qubes work fine with 65GB.
How can I fix my 1TB internal HD. It was formatted with FAT32

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e334051d-dbb0-4757-b068-c1e246082ee1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Templates...

[Reg Tiangha]

On 03/23/2017 10:01 PM, Drew White wrote:
> Heya Folks,
>
> Are there any versions of the templates out there that are EXT2 instead of 
> EXT3/4?
>
> If there are, that would be very handy.
>
> Otherwise, do I just change the drives to EXT2?
>
> Or will that harm the Qubes system that is in the guests in the standard 
> templates?
>
> Main reason I"m asking is because having it as EXT4 makes the system 
> so slow... SystemD is bad enough with how slot it makes things... but 
> adding EXT4 ontop.. as well as the fact of the usage of the HDD for EXT4.. 
> it's got to be fixed, so I'm just querying to know if making it EXT2 instead 
> of 4 will cause much harm?
>
> Sincerely,
> Drew.
>
I'm not convinced it'll help the way you think it will, but if you're
really set on this, rather than installing a template with ext2, why not
just disable ext4 journaling? It would amount to essentially the same thing.

https://superuser.com/questions/516784/disable-journaling-on-ext4-filesystem-partition

Although it'd make more sense to do it in dom0 (or maybe both dom0 and
all of your domUs; I don't know, and I don't really want to try it
myself just to find out), although just like with any kind of file
system change, you do so at your own risk so make sure you have backups.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ob28or%246tm%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Templates...

[Drew White]

Heya Folks,

Are there any versions of the templates out there that are EXT2 instead of 
EXT3/4?

If there are, that would be very handy.

Otherwise, do I just change the drives to EXT2?

Or will that harm the Qubes system that is in the guests in the standard 
templates?

Main reason I"m asking is because having it as EXT4 makes the system so 
slow... SystemD is bad enough with how slot it makes things... but adding EXT4 
ontop.. as well as the fact of the usage of the HDD for EXT4.. it's got to be 
fixed, so I'm just querying to know if making it EXT2 instead of 4 will cause 
much harm?

Sincerely,
Drew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cfcd0d1d-ba13-4708-9022-76672b946209%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] NTP Global alteration.

[Drew White]

On Saturday, 18 March 2017 05:09:59 UTC+11, cooloutac  wrote:
> On Thursday, March 16, 2017 at 11:26:48 PM UTC-4, Drew White wrote:
> > On Friday, 17 March 2017 11:36:25 UTC+11, Jean-Philippe Ouellet  wrote:
> > > As for changing the NTP server used, feel free to submit patches.
> > 
> > If I was to submit patches, they wouldn't be in Python Code. So I can't 
> > submit any changes because my applications aren't written in Python.
> 
> the amount of times qubes contacts the dns servers is same on baremetal 
> systems.  I always eyeball etherape from sys-net.

Actually, it's a lot more often.
I run many things like that, but I just mainly watch the DNS server.. I got too 
many requests for the machines to be even doing it once every 10 mins. how to 
fix?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/efc2d18f-c9d8-4898-b769-c0cee6720566%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Damaged qubes by running a "safe" script on dom0 - how can I determine the problem?

[Nemo]

On Thursday, March 23, 2017 at 10:37:58 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-03-23 19:28, Nemo wrote:
> > I've been writing a bash script that manages firewall settings
> > from dom0, via qvm-firewall and qvm-run for ping.
> > 
> > Everything had been safe until an hour ago, when I added in the 
> > qvm-run/ping function. I let it run for about 20 mins, and when I 
> > came back three of my qubes were damaged in a way that made them 
> > unmountable.
> > 
> > I don't have the terminal readout (I was running bash -x), so I 
> > can't use that to determine where/when the issue occurred. How
> > else can I access logs to troubleshoot my script, and determine
> > whether I need to post a bug report?
> > 
> > I'm new to Linux, but a quick learner.
> > 
> 
> Can you post the script you were running?
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJY1IZ1AAoJENtN07w5UDAwO1sQANA1M5mVlKiOyFTszs8kJKk+
> rcI2CO/rpafsiJ1Xm6eHsV10kYYuGxSPI8OzFSBTA8SiaUCvEY+3/QCruZeOyvY2
> JVqEZZ/QuI89ihoDdjk2kv8efPYpEFzvmrbzJEhpb8GsqHkQW3BS2EkshH9BZhOK
> G4B7ya63WCW4PWqIQRFIMiymDRh+UlC6a9WZUUqb/tArTjnwtiuMY5XnsjvQx73X
> 1ZEnNQd4TXvaKjj3Bf52W1GMJQiT4FnEMrIFgBGdc9JU65JmiEILYINscyM5czMN
> +3fNYYXdDGE7b5s5ZNNH3AUWzORiwXfIgUwhgNeQ1Ud8QQ7n4PVc/WxTXsI2gEmY
> YfDyr5r5kEfVZRpjqSCpuHB+khm83tKJQSoIiiU4CSah2VZuKht+C5QHx6xB5XGX
> s7vH7//2tzK9Lvo077JrTaGfsD9K0m6A9xrGtmphL1DulzCVoPQOHZTaHkcAe/I0
> JmxMo+sNZlRSyBDvFdnpj5ow1jTTq46D8cGXs1IsEa7eBCwXO+EjYuWbIiZpWQpi
> fmfGvmTWmBHqfp+ihBNLBnMsjMHSfPkXqf8/X3NNoDW3FYP43mFumBAW0QdEeKvv
> oZv3CaPmlXHd68a93GDBqPe5Dr8eHiGRd5sDEdwbjrQAKjDcfeFp3mkWfXbcgnC9
> R8jBKyxUZQXRSMryltA0
> =LhCQ
> -END PGP SIGNATURE-

Script is attached. It's my first attempt at a bash script, and still in 
progress (and obviously potentially dangerous).

The script is designed to create exclusive access to certain services (eg 
Facebook) for VMs where they should be used (eg Personal). It does this by 
preventing inappropriate VMs from accessing those addresses.

So, all the addresses listed under Banking will be blocked for the other VMs 
laid out in the $vms array, unless that VM  is also allowed access.

Services that run round-robin DNS, eg google.com, need to be blocked multiple 
times to ensure there is no access to the service. I tested

`qvm-firewall banking -a google.com any`

and determined that running it multiple times in succession will eventually 
block all the (current) round-robin IP addresses.

So, I added a verification feature to the script, which launches a while loop. 
It waits for

`qvm-run -ap banking 'ping -c1 google.com'`

to return "Destination Host Prohibited", indicating that the entire round-robin 
has been blocked. Until then (or until 10 iterations) it will continue to 
qvm-firewall block google.com.

I believe that the verification function is what caused the problem, but I 
don't know how investigate it. Your thoughts are appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90117672-474e-4196-ace3-93773c21f865%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


firewall-setup
Description: Binary data

Re: [qubes-users] Damaged qubes by running a "safe" script on dom0 - how can I determine the problem?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-23 19:28, Nemo wrote:
> I've been writing a bash script that manages firewall settings
> from dom0, via qvm-firewall and qvm-run for ping.
> 
> Everything had been safe until an hour ago, when I added in the 
> qvm-run/ping function. I let it run for about 20 mins, and when I 
> came back three of my qubes were damaged in a way that made them 
> unmountable.
> 
> I don't have the terminal readout (I was running bash -x), so I 
> can't use that to determine where/when the issue occurred. How
> else can I access logs to troubleshoot my script, and determine
> whether I need to post a bug report?
> 
> I'm new to Linux, but a quick learner.
> 

Can you post the script you were running?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJY1IZ1AAoJENtN07w5UDAwO1sQANA1M5mVlKiOyFTszs8kJKk+
rcI2CO/rpafsiJ1Xm6eHsV10kYYuGxSPI8OzFSBTA8SiaUCvEY+3/QCruZeOyvY2
JVqEZZ/QuI89ihoDdjk2kv8efPYpEFzvmrbzJEhpb8GsqHkQW3BS2EkshH9BZhOK
G4B7ya63WCW4PWqIQRFIMiymDRh+UlC6a9WZUUqb/tArTjnwtiuMY5XnsjvQx73X
1ZEnNQd4TXvaKjj3Bf52W1GMJQiT4FnEMrIFgBGdc9JU65JmiEILYINscyM5czMN
+3fNYYXdDGE7b5s5ZNNH3AUWzORiwXfIgUwhgNeQ1Ud8QQ7n4PVc/WxTXsI2gEmY
YfDyr5r5kEfVZRpjqSCpuHB+khm83tKJQSoIiiU4CSah2VZuKht+C5QHx6xB5XGX
s7vH7//2tzK9Lvo077JrTaGfsD9K0m6A9xrGtmphL1DulzCVoPQOHZTaHkcAe/I0
JmxMo+sNZlRSyBDvFdnpj5ow1jTTq46D8cGXs1IsEa7eBCwXO+EjYuWbIiZpWQpi
fmfGvmTWmBHqfp+ihBNLBnMsjMHSfPkXqf8/X3NNoDW3FYP43mFumBAW0QdEeKvv
oZv3CaPmlXHd68a93GDBqPe5Dr8eHiGRd5sDEdwbjrQAKjDcfeFp3mkWfXbcgnC9
R8jBKyxUZQXRSMryltA0
=LhCQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c540802-9e67-fa69-1460-e62f9283c9de%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Damaged qubes by running a "safe" script on dom0 - how can I determine the problem?

[Nemo]

I've been writing a bash script that manages firewall settings from dom0, via 
qvm-firewall and qvm-run for ping.

Everything had been safe until an hour ago, when I added in the qvm-run/ping 
function. I let it run for about 20 mins, and when I came back three of my 
qubes were damaged in a way that made them unmountable.

I don't have the terminal readout (I was running bash -x), so I can't use that 
to determine where/when the issue occurred. How else can I access logs to 
troubleshoot my script, and determine whether I need to post a bug report?

I'm new to Linux, but a quick learner.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5629a80-6f95-4d7c-9c66-e9cb3a172e48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] How do I know - is that a MAJOR usability issue? (subject replaced)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-23 03:45, Oleg Artemiev wrote:
> Hello.
> 
> Currently I'm not that busy but steel overloaded by technical debt.
> I've cleaned the tech debt for some organisation units outside of
> my usual daily interest. всё хорошо. :) Баг не касается ничего
> существенного. Пошёл в обязательный ребут. Сходимость очередей на
> запуск на уровне дребезжания фиксируется рассчётом сходимости
> дискретных значений к максимально допустимой скорости исполнения.
> Это не решить костылём. Надо таймауты считать. Это вывод из моего
> нагрузочного теста. Этот тест нужен мне потому что я использую
> Qubes в продакшене не испытывая существенных проблем. :)
> 

Please don't post to both lists:

https://www.qubes-os.org/mailing-lists/#specific-rules-and-notes

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJY1HcoAAoJENtN07w5UDAw740P/jkfgpCRyEp4cs/lcoqpcREm
taXGXqMUqK0Elv/r+g2jcfDjwLWzoNUXld5/sauPJZaNbnVAOEi0xNah2ltdtDGw
YSF0hSUV9MKjksnjpgCE5jJUlIBBFTVgV1EYzcSVkFFoVGDhEs0xlOwr/Q10DlCB
eScabhEIPGjh1D3hR5Fn6NkzTCNFiZXn4HL00Zf7QFlpDlbm61/+CAJ+/RQbToTw
xBhiblnPt64SMXhn57s3zuuw0EGKuhBniddOKu7FjvXtt8vDSV4c/smB/olBxjyD
aBXxWxHXUd6f+UyQLhRNdhjlFT6ofTGDHVADLnHo/0LmMgEsh4OT34h2HSJaqXBW
65bOKfmiwsCsESs+USE0zJb3XEnTAuyMeA8wBmOU4EHH9T9nElOzjKphAMGv4fxw
NkKyK5GDISeUfILMr+tT9AmzwF1+A0ncplD8KpwTceD+MtDbOai/BLXPs6kGmrhy
+oZAefsF9neLPA24lE9Q5GD6qGKoakPOc9X/VxGtVWfBwn6yLpVfQkUCcP4mRela
4MACKuEzrBPfht/0uEQSCrlFvYcwqMsGSQtHwtrUq9P1GIanwdMyfGhqJYVbD1F2
8R5MqczIvfComwYvGybjcR/pP+jtIdyyou6n4Chn+a3ngxqtU96H8te8LQcbVrQz
djQ8r+ViCwdeXGM8Gbxx
=VUes
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6457588-11a1-c7c1-42c3-81a8e143e4b7%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Building Qubes from source, strange error.

[Opal Raava]

On Thursday, March 23, 2017 at 8:23:15 PM UTC+1, Opal Raava wrote:
> On Thursday, March 23, 2017 at 12:11:51 PM UTC+1, Unman wrote:
> > On Thu, Mar 23, 2017 at 03:40:34AM -0700, lokedhs wrote:
> > > On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava  wrote:
> > > > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote:
> > > > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava  wrote:
> > > > > 
> > > > > > Which tells us that we probably really do need version 3.9.0 of 
> > > > > > qubes-tools.
> > > > > 
> > > > > Where can that version be found? Looking at the latest master of 
> > > > > qubes-linux-utils, it only contains version 3.2.3:
> > > > > 
> > > > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version
> > > 
> > > > Yes, and that is what surprises me as well. The relevant source has not 
> > > > been touched in a while. I've looked, but I don't know why the build 
> > > > breaks. 
> > > > 
> > > > All I know for a fact is what you said, it asks for 3.9.0 and delivers 
> > > > 3.2.3 at the master branch. And that the relevant source files all have 
> > > > not been changed recently.
> > > 
> > > The spec file was updated from 2.0.10 to 3.9.0 as of commit 
> > > 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that 
> > > the commit was on the 17'th December 2015. This is more than half a year 
> > > before the most recent ISO images were built.
> > > 
> > > I really have no idea what the cause for this could be.
> > > 
> > > Regards,
> > > Elias
> > > 
> > 
> > Finally I understand - you're trying to build a full build of master -
> > I just dont think this works at the moment - you could *try* following
> > my suggestion of NOT building artwork at all - just comment it out.
> > 
> > Lots of the devel work on v4 (that's now in master) is in the devs repos
> > - you can see the mysterious 3.9 here:
> > https://github.com/woju/qubes-linux-utils/tree/core3-devel
> > 
> > So I think you have to cherry pick from a number of different repos to
> > get something like a working v4 if that's what you want.
> > At least from marmarek and woju.
> > I dont have scope to try this.
> > 
> > (You can just build some components as you like - e.g just the manager.)
> > 
> > It IS possible to build templates from master, and they seem to work
> > fine with 3.2 :although marek has said that things might break, I haven't
> > seen this as yet.)
> > 
> > unman
> 
> Ah okay, so all we have to do is specify 'releng3.2' into github or something 
> to build the R3.2 branch?

Ah, problem solved. In the web build documentation it says to:

cp example-configs/qubes-os-master.conf builder.conf

if you instead do:

cp example-configs/qubes-os-r3.2.conf

you get a better branch. I'm currently trying to build that

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5152be38-7dfd-492b-ba2b-e6eae6557c57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?

[cooloutac]

On Thursday, March 23, 2017 at 8:21:40 AM UTC-4, Andres MRM wrote:
> [2017-03-22 18:52] cooloutac:
> > not sure but if its like my pc when using xhci (usb 3.0) everything goes
> > through thaT one controller. it look like you have ehci controller too but
> > not sure.  What I do with one controller is use a usb to pci adapter for the
> > kb.  For mouse you can use the qubes proxy, not as bad as also having kb in
> > usbvm.
> 
> Thanks, cooloutac!
> 
> What do you mean by "it look like you have ehci controller too"? What is it?
> Can it help me?
> 
> Unfortunately my notebook has no PCI port...

ehci is for older usb protocol.  xhci is for 3.0,  maybe there is option in 
bios to disable usb 3.0.  then maybe it will have separate routed controllers? 
Thats how it works on my desktop pc.  otherwise all controllers get routed 
through the xhci one.  but then you will be giving up usb 3.0, but maybe worth 
it not to have kb in sys-usb. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04e617fc-72f6-426b-a96f-ec5022b95bd8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Building Qubes from source, strange error.

[Opal Raava]

On Thursday, March 23, 2017 at 12:11:51 PM UTC+1, Unman wrote:
> On Thu, Mar 23, 2017 at 03:40:34AM -0700, lokedhs wrote:
> > On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava  wrote:
> > > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote:
> > > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava  wrote:
> > > > 
> > > > > Which tells us that we probably really do need version 3.9.0 of 
> > > > > qubes-tools.
> > > > 
> > > > Where can that version be found? Looking at the latest master of 
> > > > qubes-linux-utils, it only contains version 3.2.3:
> > > > 
> > > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version
> > 
> > > Yes, and that is what surprises me as well. The relevant source has not 
> > > been touched in a while. I've looked, but I don't know why the build 
> > > breaks. 
> > > 
> > > All I know for a fact is what you said, it asks for 3.9.0 and delivers 
> > > 3.2.3 at the master branch. And that the relevant source files all have 
> > > not been changed recently.
> > 
> > The spec file was updated from 2.0.10 to 3.9.0 as of commit 
> > 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that the 
> > commit was on the 17'th December 2015. This is more than half a year before 
> > the most recent ISO images were built.
> > 
> > I really have no idea what the cause for this could be.
> > 
> > Regards,
> > Elias
> > 
> 
> Finally I understand - you're trying to build a full build of master -
> I just dont think this works at the moment - you could *try* following
> my suggestion of NOT building artwork at all - just comment it out.
> 
> Lots of the devel work on v4 (that's now in master) is in the devs repos
> - you can see the mysterious 3.9 here:
> https://github.com/woju/qubes-linux-utils/tree/core3-devel
> 
> So I think you have to cherry pick from a number of different repos to
> get something like a working v4 if that's what you want.
> At least from marmarek and woju.
> I dont have scope to try this.
> 
> (You can just build some components as you like - e.g just the manager.)
> 
> It IS possible to build templates from master, and they seem to work
> fine with 3.2 :although marek has said that things might break, I haven't
> seen this as yet.)
> 
> unman

Ah okay, so all we have to do is specify 'releng3.2' into github or something 
to build the R3.2 branch?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42a95c9e-55a9-4ac7-b5e3-5727f83c7225%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Has anyone tried to get labrea working with qubes?

[elsiebuck105]

Has anyone tried to get labrea working with qubes? If you did, please explain 
how you did it...

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e426f7d-3064-4147-8e08-9803d931521d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] updateVM not setup error when trying to get whonix templates

[Chris Laprise]

On 03/23/2017 09:01 AM, nazzaroth.yout...@web.de wrote:

Hello everyone

Originally while i installed Qubes for the first time i had a problem configuring it. I 
had the standard choices and also whonix templates set but while the setup configured 
qubes at some point it always stoped working. I think it was something like "Qubes 
Configuration Setup" and the little bar that goes left to right stopped moving.

i tried different choices but this problem persisted. so in the end i tried the 
no configuration (advanced user) option. it indeed helped me to get to the 
desktop of qubes, but ofc now i have the problem of no preconfiguration and i 
certainly aint an advanced user.

i tried to install whonix the way its written in the docs, but when i try to update the 
template vms i get the error "updateVM not setup, exiting". i would guess cause 
i have no vms configured not even sysnet or sysfirewall.

is it complicated to config qubes yourself? i'd be glad about any instructions 
on that front.
or if its possible to go back to the initial configuration setup and then fix 
the bug of the setup stopping in the middle i would ofc do that too.

thanks everyone for reading and helping me :)



Adding the vms you need is relatively simple...

First, click 'Create New VM' in Qubes Manager and enter 'sys-net' for 
the name, select 'red' and NetVM (the template should already be set). 
After its created, go into the settings and select the Advanced tab to 
disable 'include in memory balancing'. Then select the Devices tab; 
there you can add your network interfaces. When you start the VM, a 
Network Manager icon should appear in the systray/taskbar area.


Also create a 'sys-firewall' as type ProxyVM (color green). Just set its 
'netvm' to the sys-net you just created.


Finally, go into the Global Settings and set the Update VM 
(sys-firewall), Clock VM (sys-net) and default netVM (sys-firewall).


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07bfe31f-18f7-b95e-9563-c49c8a26d459%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: can we have debian-minimal?

[Dominique St-Pierre Boucher]

I was able to build a jessie minimal template but not a stretch one. So I 
decided to clone it and upgrade the template. I ran into a lot of issues with 
that. The way I was able to finally do it was to enable the qubes-testing repo 
for stretch before the updgrade and doing the upgrade from the console (sudo xl 
console [vm_name]).

Now I have a working jessie and stretch template.

I have to do it again on my other qubes computer. I will try to post a 
step-by-step how to!!!

Dominique

The build for stretch di
On Thursday, March 23, 2017 at 3:13:27 AM UTC-4, Vít Šesták wrote:
> Well, you have simplified it too much. It seems to be basically equivalent to 
> curl http://… | sudo bash. (AFAIK, there is no authentication when using 
> git:// URL.) The signature verification mentioned on the page is there for a 
> reason – you should not run the code without knowing it has not been altered.
> 
> It would be even better to use either https;// URL or SSH URL, as they 
> authenticate the transport. This can somehow mitigate attacker providing you 
> an old version with known vulnerabilities.
> 
> Regards,
> Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0dec225-960e-44dd-b98b-142229b06cc4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] updateVM not setup error when trying to get whonix templates

[nazzaroth . youtube]

Hello everyone

Originally while i installed Qubes for the first time i had a problem 
configuring it. I had the standard choices and also whonix templates set but 
while the setup configured qubes at some point it always stoped working. I 
think it was something like "Qubes Configuration Setup" and the little bar that 
goes left to right stopped moving.

i tried different choices but this problem persisted. so in the end i tried the 
no configuration (advanced user) option. it indeed helped me to get to the 
desktop of qubes, but ofc now i have the problem of no preconfiguration and i 
certainly aint an advanced user.

i tried to install whonix the way its written in the docs, but when i try to 
update the template vms i get the error "updateVM not setup, exiting". i would 
guess cause i have no vms configured not even sysnet or sysfirewall.

is it complicated to config qubes yourself? i'd be glad about any instructions 
on that front.
or if its possible to go back to the initial configuration setup and then fix 
the bug of the setup stopping in the middle i would ofc do that too.

thanks everyone for reading and helping me :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9399e846-48c7-4b3c-8dbb-ac1c82d688ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?

[Andres MRM]

[2017-03-22 18:52] cooloutac:
> not sure but if its like my pc when using xhci (usb 3.0) everything goes
> through thaT one controller. it look like you have ehci controller too but
> not sure.  What I do with one controller is use a usb to pci adapter for the
> kb.  For mouse you can use the qubes proxy, not as bad as also having kb in
> usbvm.

Thanks, cooloutac!

What do you mean by "it look like you have ehci controller too"? What is it?
Can it help me?

Unfortunately my notebook has no PCI port...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/149027169476.4535.10778284502551220775%40localhost.localdomain.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Tip: Restoring functionality of Windows AppVMs after a crash or forced termination

[Max]

On Thursday, 23 March 2017 02:30:11 UTC+8, Grzesiek Chodzicki  wrote:
> W dniu środa, 22 marca 2017 13:29:47 UTC+1 użytkownik Max napisał:
> > On Wednesday, 22 March 2017 02:58:32 UTC+8, Grzesiek Chodzicki  wrote:
> > > W dniu poniedziałek, 20 marca 2017 13:29:50 UTC+1 użytkownik Max napisał:
> > > > On Wednesday, 8 March 2017 06:53:09 UTC+8, Grzesiek Chodzicki  wrote:
> > > > > After a Windows AppVM running in Seamless Gui mode crashes it often 
> > > > > fails to connect to qrexec agent at subsequent boot causing the user 
> > > > > to be forced to kill the AppVM which causes the machine to fail to 
> > > > > connect co qrexec agent which causes a spiral of misery. Here's how 
> > > > > to fix that:
> > > > > 
> > > > > 1. Disable Seamless GUI and enable debug mode of Windows VM
> > > > > 2. Start Windows VM
> > > > > 3. In the VM window You'll see the Safe Mode prompt. This prompt is 
> > > > > the real cause of the issue as the 30 second timer prolongs the boot 
> > > > > process which in turns causes qrexec to timeout. Select "Start 
> > > > > Windows normally.
> > > > > 4. In Windows AppVM launch Command Prompt as Administrator
> > > > > 5. Use following commands in the Commands Prompt: "bcdedit /set 
> > > > > {bootmgr} displaybootmenu no" (no quotes) and "bcdedit /set {default} 
> > > > > bootstatuspolicy ignoreallfailures" (no quotes)
> > > > > 6. Shutdown Windows machine
> > > > > 7. (optionally) change how long the qrexec waits for connection from 
> > > > > the default 60 seconds to 120 seconds
> > > > > 8. Enable Seamless GUI back and disable debug mode
> > > > > 
> > > > > Your Windows VM should start normally after a crash now.
> > > > 
> > > > Hi,
> > > > 
> > > > Thanks for putting these steps together. I believe I am suffering from 
> > > > the same issue but I can't follow the steps fully. If this is not the 
> > > > same issue, I will delete this and start another thread.
> > > > 
> > > > When I try to start my Win 7 VM, it fails to start. If I start it using 
> > > > the Debug mode I get the following error when using safe mode: 
> > > > 
> > > > "Cannot connect to 'windows-7' qrexec agent for 300 seconds, giving up 
> > > > ERROR: Cannot execute qrexec-daemon!"
> > > > 
> > > > Looking at previous similar issues, I have attempted to re download the 
> > > > Windows Tools again but this has not worked.
> > > > 
> > > > If I start Windows normally however using the debug option, Windows 
> > > > just hangs at a "Starting Windows" screen and the Dom0 Terminal just 
> > > > shows "Waiting for user 'Max' login..." without progressing.
> > > > 
> > > > Any suggestions as to how to troubleshoot this?
> > > > 
> > > > Thanks
> > > 
> > > Enable Debug, Disable Seamless GUI and then mash F8 as soon as the OS 
> > > window appears, enter either Safe Mode with Networking or Last Known Good 
> > > Configuration and then do a clean shutdown from within a VM. Helped me 
> > > several times.
> > 
> > Even doing this I can't get in at all and get the same error as described 
> > above. Is it going to be required to re install Windows again?
> > 
> > Thanks for taking the time to detail your experiences.
> 
> Did you attach any PCI devices to the Windows VM? I've noticed that if a PCI 
> device was attached at any point to a Windows VM and detached afterwards the 
> VM will not boot unless said device is attached again.

No, I didn't. I have opted to go for the reinstall from backup route to getting 
Windows working again (which it is). Thanks anyway for the help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fefde7f-31ab-4247-b577-49f11954f5ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Building Qubes from source, strange error.

[Unman]

On Thu, Mar 23, 2017 at 03:40:34AM -0700, loke...@gmail.com wrote:
> On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava  wrote:
> > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote:
> > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava  wrote:
> > > 
> > > > Which tells us that we probably really do need version 3.9.0 of 
> > > > qubes-tools.
> > > 
> > > Where can that version be found? Looking at the latest master of 
> > > qubes-linux-utils, it only contains version 3.2.3:
> > > 
> > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version
> 
> > Yes, and that is what surprises me as well. The relevant source has not 
> > been touched in a while. I've looked, but I don't know why the build 
> > breaks. 
> > 
> > All I know for a fact is what you said, it asks for 3.9.0 and delivers 
> > 3.2.3 at the master branch. And that the relevant source files all have not 
> > been changed recently.
> 
> The spec file was updated from 2.0.10 to 3.9.0 as of commit 
> 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that the 
> commit was on the 17'th December 2015. This is more than half a year before 
> the most recent ISO images were built.
> 
> I really have no idea what the cause for this could be.
> 
> Regards,
> Elias
> 

Finally I understand - you're trying to build a full build of master -
I just dont think this works at the moment - you could *try* following
my suggestion of NOT building artwork at all - just comment it out.

Lots of the devel work on v4 (that's now in master) is in the devs repos
- you can see the mysterious 3.9 here:
https://github.com/woju/qubes-linux-utils/tree/core3-devel

So I think you have to cherry pick from a number of different repos to
get something like a working v4 if that's what you want.
At least from marmarek and woju.
I dont have scope to try this.

(You can just build some components as you like - e.g just the manager.)

It IS possible to build templates from master, and they seem to work
fine with 3.2 :although marek has said that things might break, I haven't
seen this as yet.)

unman


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2017032348.GA7814%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] usability request

[Oleg Artemiev]

2017-03-23 13:51 GMT+03:00 Oleg Artemiev :
>> ровно до того момента пока вы считаете корректным использовать
>> несколько способов энкапсуляции смысла. Хочешь узнать о чём - пиши в gpg 
>> формате. Да я считаю гпг способом кодирования смысла. У меня в локации 
>> нельзя использовать шифрование но можно использовать кодирование

Нельзя скрыть смысл оставляя на виду всего лишь один способ
кодирования факта переписки. Вы не хоитет делить личку на уровне не
умею прочитать - не для меня. Но я блин то ещё фидошник. По русски
писать нелья - что за нафиг - типа непонятно никому. Ну и хрен с ним.
Количество совпадений моего желания что-то объяснить и моего желания
чтобы все поняли - сильно не равные множества.

Я готов говоить о характеристиках качества до тех пор пока они разумны
по опыту и не ранее чем они считабельны хотя бы на уровне прикидок в
трёхмерном пространстве.

Понимать физический смысл математики и диффур меня обучили заставив
пересдать диффуры. Спасибо преподавателью за это.

Но блин. Меня утомляет когда я занят формулировать на нативном языке.

Или терпите шум в виде багрепортов в общественном месте

Или сделайте вменяемый вход в вашу пещеру. :))) Чтобы я со стороны
заднего прохода в это множество не пилил как танк. Это именно то,
откуда в России появляется мем веждивые люди.

Стоимость пояснить для себя вне контекста и понять что я уже не совсем
неуловимый джо ну вот по любому - это ж проработать что я

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6PR-uN-Z0kWKkH%3DN-1_TRG1pbJ6x-fk9NM3FBAqFR8WaQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] usability request

[Oleg Artemiev]

> ровно до того момента пока вы считаете корректным использовать
> несколько способов энкапсуляции смысла. Хочешь узнать о чём - пиши в gpg 
> формате. Да я считаю гпг способом кодирования смысла. У меня в локации нельзя 
> использовать шифрование но можно использовать кодирование

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6OyS%3D%3DVW8FG78yaq2YFaV9RRNWeH1RxbVw6izNgs0Ry3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] usability request

[Oleg Artemiev]

И я буду анноить Вас отсутствием русского списка рассылки про Qubes
ровно до того момента пока вы считаете корректным использовать
несколько способов энкапсуляции

2017-03-23 13:47 GMT+03:00 Oleg Artemiev :
> В русском каннари намеренно использована машинно непереводимая игра
> смысла с превращением глаголов в существительные не гляда на правила
> грамматики.
> Так надо чтобы вы задумались о том что я мог иметь ввиду в контексте
> Ваших личных надобностей в рамках Qubes проекта.
>
> 2017-03-23 13:40 GMT+03:00 Oleg Artemiev :
>> Please do not try to get a clue why this is sent here. This is
>> thinking flow. I had never ever been doing a meaning full cannary and
>> commitment into a project.
>> I willl test qubes. Since I alreaday do and I enjoy Qubes OS and all
>> the stuff Qubes allow to born in the reality.
>> When you are in fear Qubes is some plcae that can support you. In
>> terns of tunable calm transparency.
>>
>> It is really safe to use Qubes when you do it as designed. It is
>> enough innovative. It is already good enough to be on google summer of
>> code.
>>
>> It's fun. Like linux was when I first met it. Enjoy!
>>
>> Thank you qubes team. I've found that current sort of misfunctioning
>> is enough good to be not a security related problem. I've commited
>> into funs community just becouse  Rutkowska made a cool PoC with her
>> blue pill and red pill. She made me think more in context of my own
>> reasonse.  The real thing is that I've just committed into public that
>> currently I'm enough skilled to solve a pazzle "why this is a bug" and
>> "why this is a usability bug".
>> All okay. We have democracy. We have same models of goverment as a
>> security treat as you do in your geolocation. The laws of math is
>> faster to get an answer and slower to understand is stilll working for
>> me.
>> In this context I think that I made a lot to tell what is already told
>> ))) To finalize the thread from my side I insist:
>>
>> this is the load testing problem. I guess the reason is that Clock VM
>> is allowed to die and no default hook to restart clock VM (thinking it
>> has same clean state) provided
>> As I understand security vs usability - this is all about mistrusts
>> from operating system - to cleanup a block you have to unlock. But
>> where the lock() is subject to search.
>>
>>
>>
>> 2017-03-23 13:25 GMT+03:00 Oleg Artemiev :
>>> On Wed, Mar 22, 2017 at 5:24 PM, Jean-Philippe Ouellet  wrote:
 On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev  wrote:
> Is this OK to provide a pullrequest for adding VM (qube) functionality
> for kill / shutdown some VM using window color border as a start
> point?
>
>  I'm spending some time to get into qubes manager just to kill or
> shutdown some qube. This is a regular task in my workflow.

 If you are interested in quickly and easily killing a VM with visible
 windows, then update qubes-core-dom0-linux and add a shortcut in your
 desktop environment for /usr/bin/qvm-xkill. This utility lets you just
 click on a window to kill the corresponding VM.
>>> Yes. I'm interested in exactly that. Some times I've even no time to
>>> wait enough to allow Qubes shutdown normally.
>>>
>>> I'd appreciate if qubes-killall will be implemented as an official
>>> command with these abilities:
>>>
>>> qubes-killall [no option]
>>>
>>> used to report help. No damage by default.
>>>
>>> qubes-killall [--also-system-qubes]
>>>
>>> used to kill all VMs, including even sys-net , sys-whonix, sys-clock .
>>>
>>> Some times I just need to correctly shutdown (not by holding power
>>> button - just via init 0).
>>> This will save alot of my timewaste wating when I'll be sure that only
>>> power eating code are some dumb intel blobs running due to intel
>>> design fencing.
>>> It is not intentionally against me, but even intel has usability bugs.
>>> Well - I've no need in otselot to empty the energy provider.
>>> I've no that super secrets to keep moving only with battery separated
>>> from the computing
>>>
>>> qubes-killall [--only-system-qubes]
>>>
>>> Yes I can script it. But lim(cost of thinking) on hacks(I do) goes
>>> into infinity as till I'm alive.
>>>
>>> That's why I memorize only officially supported tool names (and only
>>> those that are helpfull to work.
>>>
>>> BTW: I've just unintentionally reproduced the bug I'm trying to
>>> takeover without interrupting my workflow.
>>>
>>> This is not a single issue. This is a set of business usability issues
>>> with different priorities. Below is proof of concept that:
>>>
>>> 1) I'm enough tired by async workflow model I usually commit my work.
>>> 2) I'm enough helpfull to get payd enough even when there's a
>>> permanent crisys around.
>>> 3) That is proven that I committed to wait my current employment for a
>>> half of a year period
>>> 4) I do what I really do in a long term period.

[qubes-users] Re: [qubes-devel] usability request

[Oleg Artemiev]

В русском каннари намеренно использована машинно непереводимая игра
смысла с превращением глаголов в существительные не гляда на правила
грамматики.
Так надо чтобы вы задумались о том что я мог иметь ввиду в контексте
Ваших личных надобностей в рамках Qubes проекта.

2017-03-23 13:40 GMT+03:00 Oleg Artemiev :
> Please do not try to get a clue why this is sent here. This is
> thinking flow. I had never ever been doing a meaning full cannary and
> commitment into a project.
> I willl test qubes. Since I alreaday do and I enjoy Qubes OS and all
> the stuff Qubes allow to born in the reality.
> When you are in fear Qubes is some plcae that can support you. In
> terns of tunable calm transparency.
>
> It is really safe to use Qubes when you do it as designed. It is
> enough innovative. It is already good enough to be on google summer of
> code.
>
> It's fun. Like linux was when I first met it. Enjoy!
>
> Thank you qubes team. I've found that current sort of misfunctioning
> is enough good to be not a security related problem. I've commited
> into funs community just becouse  Rutkowska made a cool PoC with her
> blue pill and red pill. She made me think more in context of my own
> reasonse.  The real thing is that I've just committed into public that
> currently I'm enough skilled to solve a pazzle "why this is a bug" and
> "why this is a usability bug".
> All okay. We have democracy. We have same models of goverment as a
> security treat as you do in your geolocation. The laws of math is
> faster to get an answer and slower to understand is stilll working for
> me.
> In this context I think that I made a lot to tell what is already told
> ))) To finalize the thread from my side I insist:
>
> this is the load testing problem. I guess the reason is that Clock VM
> is allowed to die and no default hook to restart clock VM (thinking it
> has same clean state) provided
> As I understand security vs usability - this is all about mistrusts
> from operating system - to cleanup a block you have to unlock. But
> where the lock() is subject to search.
>
>
>
> 2017-03-23 13:25 GMT+03:00 Oleg Artemiev :
>> On Wed, Mar 22, 2017 at 5:24 PM, Jean-Philippe Ouellet  wrote:
>>> On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev  wrote:
 Is this OK to provide a pullrequest for adding VM (qube) functionality
 for kill / shutdown some VM using window color border as a start
 point?

  I'm spending some time to get into qubes manager just to kill or
 shutdown some qube. This is a regular task in my workflow.
>>>
>>> If you are interested in quickly and easily killing a VM with visible
>>> windows, then update qubes-core-dom0-linux and add a shortcut in your
>>> desktop environment for /usr/bin/qvm-xkill. This utility lets you just
>>> click on a window to kill the corresponding VM.
>> Yes. I'm interested in exactly that. Some times I've even no time to
>> wait enough to allow Qubes shutdown normally.
>>
>> I'd appreciate if qubes-killall will be implemented as an official
>> command with these abilities:
>>
>> qubes-killall [no option]
>>
>> used to report help. No damage by default.
>>
>> qubes-killall [--also-system-qubes]
>>
>> used to kill all VMs, including even sys-net , sys-whonix, sys-clock .
>>
>> Some times I just need to correctly shutdown (not by holding power
>> button - just via init 0).
>> This will save alot of my timewaste wating when I'll be sure that only
>> power eating code are some dumb intel blobs running due to intel
>> design fencing.
>> It is not intentionally against me, but even intel has usability bugs.
>> Well - I've no need in otselot to empty the energy provider.
>> I've no that super secrets to keep moving only with battery separated
>> from the computing
>>
>> qubes-killall [--only-system-qubes]
>>
>> Yes I can script it. But lim(cost of thinking) on hacks(I do) goes
>> into infinity as till I'm alive.
>>
>> That's why I memorize only officially supported tool names (and only
>> those that are helpfull to work.
>>
>> BTW: I've just unintentionally reproduced the bug I'm trying to
>> takeover without interrupting my workflow.
>>
>> This is not a single issue. This is a set of business usability issues
>> with different priorities. Below is proof of concept that:
>>
>> 1) I'm enough tired by async workflow model I usually commit my work.
>> 2) I'm enough helpfull to get payd enough even when there's a
>> permanent crisys around.
>> 3) That is proven that I committed to wait my current employment for a
>> half of a year period
>> 4) I do what I really do in a long term period.
>>
>> Due to that the text below officially supported by using google in
>> terms of transparten electronical signing till I've made a
>>
>> Labelling highly depend to the product type and busness model needs.
>>
>> From security perspective it is not an issue at all .
>>
>> I've made a lot of efforts to defend an attack my opinion to 

[qubes-users] How do I know - is that a MAJOR usability issue? (subject replaced)

[Oleg Artemiev]

Hello.

Currently I'm not that busy but steel overloaded by technical debt.
I've cleaned the tech debt for some organisation units outside of my
usual daily interest.
всё хорошо. :) Баг не касается ничего существенного. Пошёл в обязательный ребут.
Сходимость очередей на запуск на уровне дребезжания фиксируется
рассчётом сходимости дискретных значений к максимально допустимой
скорости исполнения.
Это не решить костылём. Надо таймауты считать. Это вывод из моего
нагрузочного теста. Этот тест нужен мне потому что я использую Qubes в
продакшене не испытывая существенных проблем. :)

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6OKC6KwmFQaHUs6AAjaWTROf%3DxU3Rfc_hY%2BLvXs15Sz7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Building Qubes from source, strange error.

[lokedhs]

On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava  wrote:
> On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote:
> > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava  wrote:
> > 
> > > Which tells us that we probably really do need version 3.9.0 of 
> > > qubes-tools.
> > 
> > Where can that version be found? Looking at the latest master of 
> > qubes-linux-utils, it only contains version 3.2.3:
> > 
> > https://github.com/QubesOS/qubes-linux-utils/blob/master/version

> Yes, and that is what surprises me as well. The relevant source has not been 
> touched in a while. I've looked, but I don't know why the build breaks. 
> 
> All I know for a fact is what you said, it asks for 3.9.0 and delivers 3.2.3 
> at the master branch. And that the relevant source files all have not been 
> changed recently.

The spec file was updated from 2.0.10 to 3.9.0 as of commit 
9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that the 
commit was on the 17'th December 2015. This is more than half a year before the 
most recent ISO images were built.

I really have no idea what the cause for this could be.

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08b31cd7-630b-4e7c-8310-66706fd3b302%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] usability request

[Oleg Artemiev]

Please do not try to get a clue why this is sent here. This is
thinking flow. I had never ever been doing a meaning full cannary and
commitment into a project.
I willl test qubes. Since I alreaday do and I enjoy Qubes OS and all
the stuff Qubes allow to born in the reality.
When you are in fear Qubes is some plcae that can support you. In
terns of tunable calm transparency.

It is really safe to use Qubes when you do it as designed. It is
enough innovative. It is already good enough to be on google summer of
code.

It's fun. Like linux was when I first met it. Enjoy!

Thank you qubes team. I've found that current sort of misfunctioning
is enough good to be not a security related problem. I've commited
into funs community just becouse  Rutkowska made a cool PoC with her
blue pill and red pill. She made me think more in context of my own
reasonse.  The real thing is that I've just committed into public that
currently I'm enough skilled to solve a pazzle "why this is a bug" and
"why this is a usability bug".
All okay. We have democracy. We have same models of goverment as a
security treat as you do in your geolocation. The laws of math is
faster to get an answer and slower to understand is stilll working for
me.
In this context I think that I made a lot to tell what is already told
))) To finalize the thread from my side I insist:

this is the load testing problem. I guess the reason is that Clock VM
is allowed to die and no default hook to restart clock VM (thinking it
has same clean state) provided
As I understand security vs usability - this is all about mistrusts
from operating system - to cleanup a block you have to unlock. But
where the lock() is subject to search.



2017-03-23 13:25 GMT+03:00 Oleg Artemiev :
> On Wed, Mar 22, 2017 at 5:24 PM, Jean-Philippe Ouellet  wrote:
>> On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev  wrote:
>>> Is this OK to provide a pullrequest for adding VM (qube) functionality
>>> for kill / shutdown some VM using window color border as a start
>>> point?
>>>
>>>  I'm spending some time to get into qubes manager just to kill or
>>> shutdown some qube. This is a regular task in my workflow.
>>
>> If you are interested in quickly and easily killing a VM with visible
>> windows, then update qubes-core-dom0-linux and add a shortcut in your
>> desktop environment for /usr/bin/qvm-xkill. This utility lets you just
>> click on a window to kill the corresponding VM.
> Yes. I'm interested in exactly that. Some times I've even no time to
> wait enough to allow Qubes shutdown normally.
>
> I'd appreciate if qubes-killall will be implemented as an official
> command with these abilities:
>
> qubes-killall [no option]
>
> used to report help. No damage by default.
>
> qubes-killall [--also-system-qubes]
>
> used to kill all VMs, including even sys-net , sys-whonix, sys-clock .
>
> Some times I just need to correctly shutdown (not by holding power
> button - just via init 0).
> This will save alot of my timewaste wating when I'll be sure that only
> power eating code are some dumb intel blobs running due to intel
> design fencing.
> It is not intentionally against me, but even intel has usability bugs.
> Well - I've no need in otselot to empty the energy provider.
> I've no that super secrets to keep moving only with battery separated
> from the computing
>
> qubes-killall [--only-system-qubes]
>
> Yes I can script it. But lim(cost of thinking) on hacks(I do) goes
> into infinity as till I'm alive.
>
> That's why I memorize only officially supported tool names (and only
> those that are helpfull to work.
>
> BTW: I've just unintentionally reproduced the bug I'm trying to
> takeover without interrupting my workflow.
>
> This is not a single issue. This is a set of business usability issues
> with different priorities. Below is proof of concept that:
>
> 1) I'm enough tired by async workflow model I usually commit my work.
> 2) I'm enough helpfull to get payd enough even when there's a
> permanent crisys around.
> 3) That is proven that I committed to wait my current employment for a
> half of a year period
> 4) I do what I really do in a long term period.
>
> Due to that the text below officially supported by using google in
> terms of transparten electronical signing till I've made a
>
> Labelling highly depend to the product type and busness model needs.
>
> From security perspective it is not an issue at all .
>
> I've made a lot of efforts to defend an attack my opinion to get a
> clue at what level should I mark this bug.
>
> Due to stability of your criteria of marking some qube within a
> worflow - this cannot be a security issue.
>
> Though in terms of MPLS this is not ready enough soultion.
> I would like to discuss the mathematical proof for criteria of
> reasonable load stability. Since I'm finally got to commit  reboot in
> two hours I've to drop all and just describe my intentions in native
> language.
>
> If you think 

[qubes-users] Re: Building Qubes from source, strange error.

[Opal Raava]

On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote:
> On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava  wrote:
> 
> > Ok that build did not work. I'm getting the following error:
> > 
> > ../../bin/mkpadlock.py -s 36 -c 0xcc devices/appvm-red.png
> > Traceback (most recent call last):
> >   File "../../bin/mkpadlock.py", line 25, in 
> > import qubesimgconverter
> > ImportError: No module named qubesimgconverter
> > ../Makefile.common:39: recipe for target 'devices/appvm-red.png' failed
> > make[2]: *** [devices/appvm-red.png] Error 1
> > make[2]: Leaving directory '/home/user/qubes-src/artwork/icons/36x36'
> > Makefile:4: recipe for target 'all' failed
> > make[1]: *** [all] Error 1
> > 
> > Which tells us that we probably really do need version 3.9.0 of qubes-tools.
> 
> Where can that version be found? Looking at the latest master of 
> qubes-linux-utils, it only contains version 3.2.3:
> 
> https://github.com/QubesOS/qubes-linux-utils/blob/master/version
> 
> Regards,
> Elias

Yes, and that is what surprises me as well. The relevant source has not been 
touched in a while. I've looked, but I don't know why the build breaks. 

All I know for a fact is what you said, it asks for 3.9.0 and delivers 3.2.3 at 
the master branch. And that the relevant source files all have not been changed 
recently.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2ca4d3c-e12c-47ee-b540-7324b734bcea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Sleep Verb Not Supported

[sebastian . lutter22]

Am Montag, 26. Dezember 2016 00:05:08 UTC+1 schrieb mojosam:
> My computer doesn't go to sleep.
> 
> I have XFCE Power Manager set to Hibernate the system after one hour.  When I 
> come back to the system after that time, the screen is blank (but not off) 
> and the system seems to be fully powered up (the fan seems to be running at 
> the same speed as when I'm using the computer).  So I move the mouse, log 
> back in, the Qubes desktop reappears, and there is a message from the Power 
> Manager:
> 
> GDBus.Error:org.freedesktop.login1.SleepVerbNotSupported:Sleep verb not 
> supported
> 
> If it matters, this is a desktop machine (HP Compaq 8200 Elite SFF).
> 
> Anyone know how I can solve or troubleshoot this?  Thanks!

I use Qubes OS 3.2 with i3 as window manager and have the same problem. When 
closing the lid I get this error, and the system stays powered up.

I use Qubes since a year, and I get this behavior since I updated dom0 
yesterday. The packages that has been updated are qubes-core-dom0-linux 
(3.2.12.1.fc23), qubes-core-dom0-linux-kernel-install (3.2.12.1.fc23) and 
qubes-pdf-converter-dom0 (2.1.2.1.fc23).

I have no idea at the moment how to fix this or what exactly causes the issue. 
The kernel has been changed, so most likely this somehow break it.

Thanks for any hint.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97781287-2252-4285-8518-8f7a0043a2e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] External GPU for just one VM or OpenSWR

[Vít Šesták]

I am not looking for super gaming performance, I just want to make some apps 
requiring GPU acceleration working. Since there is no reliable and secure way 
to use internal (either integrated or dedicated) GPU and since GPU passthrough 
is problematic (e.g., persistently compromised GPU seems to be able pwn the 
whole machine on boot through GPU BIOS), I've looked at options for external 
GPU:

* PCI-related solutions seem to suffer from the same issues as internal GPUs 
and they are not much suitable for laptops.
* I've looked at USB GPUs. Reportedly, various USB-to-VGA/HDMI converters are 
GPUs. I don't know if it is possible to connect the converter to a VM (through 
USBVM), let it render the output and then send the result to GUID, while 
getting reasonable performance. (I am worried about the latency a bit…)
* There are some Thunderbolt GPUs. With DMA, it seems to be more close to 
PCI-related solutions in terms of both security and performance. The main 
advantage would be not requiring it to be connected all the time (and it might 
be theoretically also ignored during the boot) and better suitability for the 
laptop. But I have rather low information about Thunderbolt at all, so there 
might be some catches.
* Maybe external GPU would not be needed if a better SW solution (OpenSWR) is 
used: http://m.slashdot.org/story/301501 Not sure how hard it would be to 
integrate

Note that I am not much knowledgeable on GPUs. So I am sorry if some of the 
suggestions is a complete nonsense.

This is not crucial for me at the moment, but:

* I'd like to know if there is something worth considering (e.g., Thunderbolt) 
when buying a new laptop
* some others might find the ideas useful

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4138ad92-51ac-4551-a9ac-78ee69ee0039%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: can we have debian-minimal?

[Vít Šesták]

Well, you have simplified it too much. It seems to be basically equivalent to 
curl http://… | sudo bash. (AFAIK, there is no authentication when using git:// 
URL.) The signature verification mentioned on the page is there for a reason – 
you should not run the code without knowing it has not been altered.

It would be even better to use either https;// URL or SSH URL, as they 
authenticate the transport. This can somehow mitigate attacker providing you an 
old version with known vulnerabilities.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aac7603f-3e59-41ce-a168-83aa354a42e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.