[qubes-users] Re: HDD disk full
On 03/23/2017 11:41 PM, William Fisher wrote: > Thank you. I'll try it. What's the command to start gparted? > You can type gparted on the command line, or it'll show up in your application menu and you can start it that way. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ob2bk9%24pcm%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HDD disk full
Thank you. I'll try it. What's the command to start gparted? On Fri, Mar 24, 2017 at 12:37 AM Reg Tianghawrote: > On 03/23/2017 11:31 PM, William Fisher wrote: > > Could you tell me how to reformat the 1TB HD to ext4? > > Is it in the manual somewhere? > > > What you could do (assuming you already have Qubes running on your > machine) is install gparted in a VM (it's available in both Debian and > Fedora), attach your blank drive to that VM, and then use gparted to > reformat it into whatever file system and whatever partition layout you > want. If you've ever used something like Partition Magic in Windows, > it's similar to that. You could also theoretically install it in dom0, > but if you're trying to maintain the security model of Qubes, you should > try to avoid installing as much extra stuff in dom0 as you can, and > running gparted in a VM to work on hard drives works just as well (I've > done it myself). > > http://gparted.org/ > > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/jVFIsydHntk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/ob2ba1%24b7e%241%40blaine.gmane.org > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJyh_i9DkuA18%2BtJfF3BXJ%3DJLewn6R9E_C_81LEd7xRhD0tGEA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HDD disk full
On 03/23/2017 11:31 PM, William Fisher wrote: > Could you tell me how to reformat the 1TB HD to ext4? > Is it in the manual somewhere? > What you could do (assuming you already have Qubes running on your machine) is install gparted in a VM (it's available in both Debian and Fedora), attach your blank drive to that VM, and then use gparted to reformat it into whatever file system and whatever partition layout you want. If you've ever used something like Partition Magic in Windows, it's similar to that. You could also theoretically install it in dom0, but if you're trying to maintain the security model of Qubes, you should try to avoid installing as much extra stuff in dom0 as you can, and running gparted in a VM to work on hard drives works just as well (I've done it myself). http://gparted.org/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ob2ba1%24b7e%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HDD disk full
Could you tell me how to reformat the 1TB HD to ext4? Is it in the manual somewhere? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19b30650-ddd8-43f7-8187-143f82d0e038%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HDD disk full
On 03/23/2017 11:22 PM, William Fisher wrote: > I run qubes off a SSD and have a blank 1TB drive installed. Qubes sees it as > 1TB "storage" but when I try to back up my VMs to it Qubes manager stops > after 4GB and reports "disk is full". A USB HD backup by Qubes work fine with > 65GB. > How can I fix my 1TB internal HD. It was formatted with FAT32 > The file size limit of FAT32 is 4GB; you can't have files larger than that size on that file system. You'd have to reformat that drive to a file system that supports files bigger than 4GB. NTFS does it, but if this is just to be used for Qubes or as a temporary stopgap measure, you're probably better off making it ext4; I'm not sure how Qubes/Linux would handle writing to NTFS. It could probably do it, but with large files, who knows how it'll perform or how reliable it'll be since NTFS support in Linux is all reverse-engineered as the specification was never released by Microsoft, to my knowledge. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ob2ank%24ahc%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HDD disk full
I run qubes off a SSD and have a blank 1TB drive installed. Qubes sees it as 1TB "storage" but when I try to back up my VMs to it Qubes manager stops after 4GB and reports "disk is full". A USB HD backup by Qubes work fine with 65GB. How can I fix my 1TB internal HD. It was formatted with FAT32 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e334051d-dbb0-4757-b068-c1e246082ee1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Templates...
On 03/23/2017 10:01 PM, Drew White wrote: > Heya Folks, > > Are there any versions of the templates out there that are EXT2 instead of > EXT3/4? > > If there are, that would be very handy. > > Otherwise, do I just change the drives to EXT2? > > Or will that harm the Qubes system that is in the guests in the standard > templates? > > Main reason I"m asking is because having it as EXT4 makes the system > so slow... SystemD is bad enough with how slot it makes things... but > adding EXT4 ontop.. as well as the fact of the usage of the HDD for EXT4.. > it's got to be fixed, so I'm just querying to know if making it EXT2 instead > of 4 will cause much harm? > > Sincerely, > Drew. > I'm not convinced it'll help the way you think it will, but if you're really set on this, rather than installing a template with ext2, why not just disable ext4 journaling? It would amount to essentially the same thing. https://superuser.com/questions/516784/disable-journaling-on-ext4-filesystem-partition Although it'd make more sense to do it in dom0 (or maybe both dom0 and all of your domUs; I don't know, and I don't really want to try it myself just to find out), although just like with any kind of file system change, you do so at your own risk so make sure you have backups. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ob28or%246tm%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Templates...
Heya Folks, Are there any versions of the templates out there that are EXT2 instead of EXT3/4? If there are, that would be very handy. Otherwise, do I just change the drives to EXT2? Or will that harm the Qubes system that is in the guests in the standard templates? Main reason I"m asking is because having it as EXT4 makes the system so slow... SystemD is bad enough with how slot it makes things... but adding EXT4 ontop.. as well as the fact of the usage of the HDD for EXT4.. it's got to be fixed, so I'm just querying to know if making it EXT2 instead of 4 will cause much harm? Sincerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfcd0d1d-ba13-4708-9022-76672b946209%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] NTP Global alteration.
On Saturday, 18 March 2017 05:09:59 UTC+11, cooloutac wrote: > On Thursday, March 16, 2017 at 11:26:48 PM UTC-4, Drew White wrote: > > On Friday, 17 March 2017 11:36:25 UTC+11, Jean-Philippe Ouellet wrote: > > > As for changing the NTP server used, feel free to submit patches. > > > > If I was to submit patches, they wouldn't be in Python Code. So I can't > > submit any changes because my applications aren't written in Python. > > the amount of times qubes contacts the dns servers is same on baremetal > systems. I always eyeball etherape from sys-net. Actually, it's a lot more often. I run many things like that, but I just mainly watch the DNS server.. I got too many requests for the machines to be even doing it once every 10 mins. how to fix? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efc2d18f-c9d8-4898-b769-c0cee6720566%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Damaged qubes by running a "safe" script on dom0 - how can I determine the problem?
On Thursday, March 23, 2017 at 10:37:58 PM UTC-4, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-03-23 19:28, Nemo wrote: > > I've been writing a bash script that manages firewall settings > > from dom0, via qvm-firewall and qvm-run for ping. > > > > Everything had been safe until an hour ago, when I added in the > > qvm-run/ping function. I let it run for about 20 mins, and when I > > came back three of my qubes were damaged in a way that made them > > unmountable. > > > > I don't have the terminal readout (I was running bash -x), so I > > can't use that to determine where/when the issue occurred. How > > else can I access logs to troubleshoot my script, and determine > > whether I need to post a bug report? > > > > I'm new to Linux, but a quick learner. > > > > Can you post the script you were running? > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJY1IZ1AAoJENtN07w5UDAwO1sQANA1M5mVlKiOyFTszs8kJKk+ > rcI2CO/rpafsiJ1Xm6eHsV10kYYuGxSPI8OzFSBTA8SiaUCvEY+3/QCruZeOyvY2 > JVqEZZ/QuI89ihoDdjk2kv8efPYpEFzvmrbzJEhpb8GsqHkQW3BS2EkshH9BZhOK > G4B7ya63WCW4PWqIQRFIMiymDRh+UlC6a9WZUUqb/tArTjnwtiuMY5XnsjvQx73X > 1ZEnNQd4TXvaKjj3Bf52W1GMJQiT4FnEMrIFgBGdc9JU65JmiEILYINscyM5czMN > +3fNYYXdDGE7b5s5ZNNH3AUWzORiwXfIgUwhgNeQ1Ud8QQ7n4PVc/WxTXsI2gEmY > YfDyr5r5kEfVZRpjqSCpuHB+khm83tKJQSoIiiU4CSah2VZuKht+C5QHx6xB5XGX > s7vH7//2tzK9Lvo077JrTaGfsD9K0m6A9xrGtmphL1DulzCVoPQOHZTaHkcAe/I0 > JmxMo+sNZlRSyBDvFdnpj5ow1jTTq46D8cGXs1IsEa7eBCwXO+EjYuWbIiZpWQpi > fmfGvmTWmBHqfp+ihBNLBnMsjMHSfPkXqf8/X3NNoDW3FYP43mFumBAW0QdEeKvv > oZv3CaPmlXHd68a93GDBqPe5Dr8eHiGRd5sDEdwbjrQAKjDcfeFp3mkWfXbcgnC9 > R8jBKyxUZQXRSMryltA0 > =LhCQ > -END PGP SIGNATURE- Script is attached. It's my first attempt at a bash script, and still in progress (and obviously potentially dangerous). The script is designed to create exclusive access to certain services (eg Facebook) for VMs where they should be used (eg Personal). It does this by preventing inappropriate VMs from accessing those addresses. So, all the addresses listed under Banking will be blocked for the other VMs laid out in the $vms array, unless that VM is also allowed access. Services that run round-robin DNS, eg google.com, need to be blocked multiple times to ensure there is no access to the service. I tested `qvm-firewall banking -a google.com any` and determined that running it multiple times in succession will eventually block all the (current) round-robin IP addresses. So, I added a verification feature to the script, which launches a while loop. It waits for `qvm-run -ap banking 'ping -c1 google.com'` to return "Destination Host Prohibited", indicating that the entire round-robin has been blocked. Until then (or until 10 iterations) it will continue to qvm-firewall block google.com. I believe that the verification function is what caused the problem, but I don't know how investigate it. Your thoughts are appreciated! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90117672-474e-4196-ace3-93773c21f865%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. firewall-setup Description: Binary data
Re: [qubes-users] Damaged qubes by running a "safe" script on dom0 - how can I determine the problem?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-23 19:28, Nemo wrote: > I've been writing a bash script that manages firewall settings > from dom0, via qvm-firewall and qvm-run for ping. > > Everything had been safe until an hour ago, when I added in the > qvm-run/ping function. I let it run for about 20 mins, and when I > came back three of my qubes were damaged in a way that made them > unmountable. > > I don't have the terminal readout (I was running bash -x), so I > can't use that to determine where/when the issue occurred. How > else can I access logs to troubleshoot my script, and determine > whether I need to post a bug report? > > I'm new to Linux, but a quick learner. > Can you post the script you were running? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJY1IZ1AAoJENtN07w5UDAwO1sQANA1M5mVlKiOyFTszs8kJKk+ rcI2CO/rpafsiJ1Xm6eHsV10kYYuGxSPI8OzFSBTA8SiaUCvEY+3/QCruZeOyvY2 JVqEZZ/QuI89ihoDdjk2kv8efPYpEFzvmrbzJEhpb8GsqHkQW3BS2EkshH9BZhOK G4B7ya63WCW4PWqIQRFIMiymDRh+UlC6a9WZUUqb/tArTjnwtiuMY5XnsjvQx73X 1ZEnNQd4TXvaKjj3Bf52W1GMJQiT4FnEMrIFgBGdc9JU65JmiEILYINscyM5czMN +3fNYYXdDGE7b5s5ZNNH3AUWzORiwXfIgUwhgNeQ1Ud8QQ7n4PVc/WxTXsI2gEmY YfDyr5r5kEfVZRpjqSCpuHB+khm83tKJQSoIiiU4CSah2VZuKht+C5QHx6xB5XGX s7vH7//2tzK9Lvo077JrTaGfsD9K0m6A9xrGtmphL1DulzCVoPQOHZTaHkcAe/I0 JmxMo+sNZlRSyBDvFdnpj5ow1jTTq46D8cGXs1IsEa7eBCwXO+EjYuWbIiZpWQpi fmfGvmTWmBHqfp+ihBNLBnMsjMHSfPkXqf8/X3NNoDW3FYP43mFumBAW0QdEeKvv oZv3CaPmlXHd68a93GDBqPe5Dr8eHiGRd5sDEdwbjrQAKjDcfeFp3mkWfXbcgnC9 R8jBKyxUZQXRSMryltA0 =LhCQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c540802-9e67-fa69-1460-e62f9283c9de%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Damaged qubes by running a "safe" script on dom0 - how can I determine the problem?
I've been writing a bash script that manages firewall settings from dom0, via qvm-firewall and qvm-run for ping. Everything had been safe until an hour ago, when I added in the qvm-run/ping function. I let it run for about 20 mins, and when I came back three of my qubes were damaged in a way that made them unmountable. I don't have the terminal readout (I was running bash -x), so I can't use that to determine where/when the issue occurred. How else can I access logs to troubleshoot my script, and determine whether I need to post a bug report? I'm new to Linux, but a quick learner. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5629a80-6f95-4d7c-9c66-e9cb3a172e48%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] How do I know - is that a MAJOR usability issue? (subject replaced)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-23 03:45, Oleg Artemiev wrote: > Hello. > > Currently I'm not that busy but steel overloaded by technical debt. > I've cleaned the tech debt for some organisation units outside of > my usual daily interest. всё хорошо. :) Баг не касается ничего > существенного. Пошёл в обязательный ребут. Сходимость очередей на > запуск на уровне дребезжания фиксируется рассчётом сходимости > дискретных значений к максимально допустимой скорости исполнения. > Это не решить костылём. Надо таймауты считать. Это вывод из моего > нагрузочного теста. Этот тест нужен мне потому что я использую > Qubes в продакшене не испытывая существенных проблем. :) > Please don't post to both lists: https://www.qubes-os.org/mailing-lists/#specific-rules-and-notes - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJY1HcoAAoJENtN07w5UDAw740P/jkfgpCRyEp4cs/lcoqpcREm taXGXqMUqK0Elv/r+g2jcfDjwLWzoNUXld5/sauPJZaNbnVAOEi0xNah2ltdtDGw YSF0hSUV9MKjksnjpgCE5jJUlIBBFTVgV1EYzcSVkFFoVGDhEs0xlOwr/Q10DlCB eScabhEIPGjh1D3hR5Fn6NkzTCNFiZXn4HL00Zf7QFlpDlbm61/+CAJ+/RQbToTw xBhiblnPt64SMXhn57s3zuuw0EGKuhBniddOKu7FjvXtt8vDSV4c/smB/olBxjyD aBXxWxHXUd6f+UyQLhRNdhjlFT6ofTGDHVADLnHo/0LmMgEsh4OT34h2HSJaqXBW 65bOKfmiwsCsESs+USE0zJb3XEnTAuyMeA8wBmOU4EHH9T9nElOzjKphAMGv4fxw NkKyK5GDISeUfILMr+tT9AmzwF1+A0ncplD8KpwTceD+MtDbOai/BLXPs6kGmrhy +oZAefsF9neLPA24lE9Q5GD6qGKoakPOc9X/VxGtVWfBwn6yLpVfQkUCcP4mRela 4MACKuEzrBPfht/0uEQSCrlFvYcwqMsGSQtHwtrUq9P1GIanwdMyfGhqJYVbD1F2 8R5MqczIvfComwYvGybjcR/pP+jtIdyyou6n4Chn+a3ngxqtU96H8te8LQcbVrQz djQ8r+ViCwdeXGM8Gbxx =VUes -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6457588-11a1-c7c1-42c3-81a8e143e4b7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Building Qubes from source, strange error.
On Thursday, March 23, 2017 at 8:23:15 PM UTC+1, Opal Raava wrote: > On Thursday, March 23, 2017 at 12:11:51 PM UTC+1, Unman wrote: > > On Thu, Mar 23, 2017 at 03:40:34AM -0700, lokedhs wrote: > > > On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava wrote: > > > > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote: > > > > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava wrote: > > > > > > > > > > > Which tells us that we probably really do need version 3.9.0 of > > > > > > qubes-tools. > > > > > > > > > > Where can that version be found? Looking at the latest master of > > > > > qubes-linux-utils, it only contains version 3.2.3: > > > > > > > > > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version > > > > > > > Yes, and that is what surprises me as well. The relevant source has not > > > > been touched in a while. I've looked, but I don't know why the build > > > > breaks. > > > > > > > > All I know for a fact is what you said, it asks for 3.9.0 and delivers > > > > 3.2.3 at the master branch. And that the relevant source files all have > > > > not been changed recently. > > > > > > The spec file was updated from 2.0.10 to 3.9.0 as of commit > > > 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that > > > the commit was on the 17'th December 2015. This is more than half a year > > > before the most recent ISO images were built. > > > > > > I really have no idea what the cause for this could be. > > > > > > Regards, > > > Elias > > > > > > > Finally I understand - you're trying to build a full build of master - > > I just dont think this works at the moment - you could *try* following > > my suggestion of NOT building artwork at all - just comment it out. > > > > Lots of the devel work on v4 (that's now in master) is in the devs repos > > - you can see the mysterious 3.9 here: > > https://github.com/woju/qubes-linux-utils/tree/core3-devel > > > > So I think you have to cherry pick from a number of different repos to > > get something like a working v4 if that's what you want. > > At least from marmarek and woju. > > I dont have scope to try this. > > > > (You can just build some components as you like - e.g just the manager.) > > > > It IS possible to build templates from master, and they seem to work > > fine with 3.2 :although marek has said that things might break, I haven't > > seen this as yet.) > > > > unman > > Ah okay, so all we have to do is specify 'releng3.2' into github or something > to build the R3.2 branch? Ah, problem solved. In the web build documentation it says to: cp example-configs/qubes-os-master.conf builder.conf if you instead do: cp example-configs/qubes-os-r3.2.conf you get a better branch. I'm currently trying to build that -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5152be38-7dfd-492b-ba2b-e6eae6557c57%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
On Thursday, March 23, 2017 at 8:21:40 AM UTC-4, Andres MRM wrote: > [2017-03-22 18:52] cooloutac: > > not sure but if its like my pc when using xhci (usb 3.0) everything goes > > through thaT one controller. it look like you have ehci controller too but > > not sure. What I do with one controller is use a usb to pci adapter for the > > kb. For mouse you can use the qubes proxy, not as bad as also having kb in > > usbvm. > > Thanks, cooloutac! > > What do you mean by "it look like you have ehci controller too"? What is it? > Can it help me? > > Unfortunately my notebook has no PCI port... ehci is for older usb protocol. xhci is for 3.0, maybe there is option in bios to disable usb 3.0. then maybe it will have separate routed controllers? Thats how it works on my desktop pc. otherwise all controllers get routed through the xhci one. but then you will be giving up usb 3.0, but maybe worth it not to have kb in sys-usb. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04e617fc-72f6-426b-a96f-ec5022b95bd8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Building Qubes from source, strange error.
On Thursday, March 23, 2017 at 12:11:51 PM UTC+1, Unman wrote: > On Thu, Mar 23, 2017 at 03:40:34AM -0700, lokedhs wrote: > > On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava wrote: > > > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote: > > > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava wrote: > > > > > > > > > Which tells us that we probably really do need version 3.9.0 of > > > > > qubes-tools. > > > > > > > > Where can that version be found? Looking at the latest master of > > > > qubes-linux-utils, it only contains version 3.2.3: > > > > > > > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version > > > > > Yes, and that is what surprises me as well. The relevant source has not > > > been touched in a while. I've looked, but I don't know why the build > > > breaks. > > > > > > All I know for a fact is what you said, it asks for 3.9.0 and delivers > > > 3.2.3 at the master branch. And that the relevant source files all have > > > not been changed recently. > > > > The spec file was updated from 2.0.10 to 3.9.0 as of commit > > 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that the > > commit was on the 17'th December 2015. This is more than half a year before > > the most recent ISO images were built. > > > > I really have no idea what the cause for this could be. > > > > Regards, > > Elias > > > > Finally I understand - you're trying to build a full build of master - > I just dont think this works at the moment - you could *try* following > my suggestion of NOT building artwork at all - just comment it out. > > Lots of the devel work on v4 (that's now in master) is in the devs repos > - you can see the mysterious 3.9 here: > https://github.com/woju/qubes-linux-utils/tree/core3-devel > > So I think you have to cherry pick from a number of different repos to > get something like a working v4 if that's what you want. > At least from marmarek and woju. > I dont have scope to try this. > > (You can just build some components as you like - e.g just the manager.) > > It IS possible to build templates from master, and they seem to work > fine with 3.2 :although marek has said that things might break, I haven't > seen this as yet.) > > unman Ah okay, so all we have to do is specify 'releng3.2' into github or something to build the R3.2 branch? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42a95c9e-55a9-4ac7-b5e3-5727f83c7225%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Has anyone tried to get labrea working with qubes?
Has anyone tried to get labrea working with qubes? If you did, please explain how you did it... Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e426f7d-3064-4147-8e08-9803d931521d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] updateVM not setup error when trying to get whonix templates
On 03/23/2017 09:01 AM, nazzaroth.yout...@web.de wrote: Hello everyone Originally while i installed Qubes for the first time i had a problem configuring it. I had the standard choices and also whonix templates set but while the setup configured qubes at some point it always stoped working. I think it was something like "Qubes Configuration Setup" and the little bar that goes left to right stopped moving. i tried different choices but this problem persisted. so in the end i tried the no configuration (advanced user) option. it indeed helped me to get to the desktop of qubes, but ofc now i have the problem of no preconfiguration and i certainly aint an advanced user. i tried to install whonix the way its written in the docs, but when i try to update the template vms i get the error "updateVM not setup, exiting". i would guess cause i have no vms configured not even sysnet or sysfirewall. is it complicated to config qubes yourself? i'd be glad about any instructions on that front. or if its possible to go back to the initial configuration setup and then fix the bug of the setup stopping in the middle i would ofc do that too. thanks everyone for reading and helping me :) Adding the vms you need is relatively simple... First, click 'Create New VM' in Qubes Manager and enter 'sys-net' for the name, select 'red' and NetVM (the template should already be set). After its created, go into the settings and select the Advanced tab to disable 'include in memory balancing'. Then select the Devices tab; there you can add your network interfaces. When you start the VM, a Network Manager icon should appear in the systray/taskbar area. Also create a 'sys-firewall' as type ProxyVM (color green). Just set its 'netvm' to the sys-net you just created. Finally, go into the Global Settings and set the Update VM (sys-firewall), Clock VM (sys-net) and default netVM (sys-firewall). -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07bfe31f-18f7-b95e-9563-c49c8a26d459%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: can we have debian-minimal?
I was able to build a jessie minimal template but not a stretch one. So I decided to clone it and upgrade the template. I ran into a lot of issues with that. The way I was able to finally do it was to enable the qubes-testing repo for stretch before the updgrade and doing the upgrade from the console (sudo xl console [vm_name]). Now I have a working jessie and stretch template. I have to do it again on my other qubes computer. I will try to post a step-by-step how to!!! Dominique The build for stretch di On Thursday, March 23, 2017 at 3:13:27 AM UTC-4, Vít Šesták wrote: > Well, you have simplified it too much. It seems to be basically equivalent to > curl http://… | sudo bash. (AFAIK, there is no authentication when using > git:// URL.) The signature verification mentioned on the page is there for a > reason – you should not run the code without knowing it has not been altered. > > It would be even better to use either https;// URL or SSH URL, as they > authenticate the transport. This can somehow mitigate attacker providing you > an old version with known vulnerabilities. > > Regards, > Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0dec225-960e-44dd-b98b-142229b06cc4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] updateVM not setup error when trying to get whonix templates
Hello everyone Originally while i installed Qubes for the first time i had a problem configuring it. I had the standard choices and also whonix templates set but while the setup configured qubes at some point it always stoped working. I think it was something like "Qubes Configuration Setup" and the little bar that goes left to right stopped moving. i tried different choices but this problem persisted. so in the end i tried the no configuration (advanced user) option. it indeed helped me to get to the desktop of qubes, but ofc now i have the problem of no preconfiguration and i certainly aint an advanced user. i tried to install whonix the way its written in the docs, but when i try to update the template vms i get the error "updateVM not setup, exiting". i would guess cause i have no vms configured not even sysnet or sysfirewall. is it complicated to config qubes yourself? i'd be glad about any instructions on that front. or if its possible to go back to the initial configuration setup and then fix the bug of the setup stopping in the middle i would ofc do that too. thanks everyone for reading and helping me :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9399e846-48c7-4b3c-8dbb-ac1c82d688ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
[2017-03-22 18:52] cooloutac: > not sure but if its like my pc when using xhci (usb 3.0) everything goes > through thaT one controller. it look like you have ehci controller too but > not sure. What I do with one controller is use a usb to pci adapter for the > kb. For mouse you can use the qubes proxy, not as bad as also having kb in > usbvm. Thanks, cooloutac! What do you mean by "it look like you have ehci controller too"? What is it? Can it help me? Unfortunately my notebook has no PCI port... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/149027169476.4535.10778284502551220775%40localhost.localdomain. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Tip: Restoring functionality of Windows AppVMs after a crash or forced termination
On Thursday, 23 March 2017 02:30:11 UTC+8, Grzesiek Chodzicki wrote: > W dniu środa, 22 marca 2017 13:29:47 UTC+1 użytkownik Max napisał: > > On Wednesday, 22 March 2017 02:58:32 UTC+8, Grzesiek Chodzicki wrote: > > > W dniu poniedziałek, 20 marca 2017 13:29:50 UTC+1 użytkownik Max napisał: > > > > On Wednesday, 8 March 2017 06:53:09 UTC+8, Grzesiek Chodzicki wrote: > > > > > After a Windows AppVM running in Seamless Gui mode crashes it often > > > > > fails to connect to qrexec agent at subsequent boot causing the user > > > > > to be forced to kill the AppVM which causes the machine to fail to > > > > > connect co qrexec agent which causes a spiral of misery. Here's how > > > > > to fix that: > > > > > > > > > > 1. Disable Seamless GUI and enable debug mode of Windows VM > > > > > 2. Start Windows VM > > > > > 3. In the VM window You'll see the Safe Mode prompt. This prompt is > > > > > the real cause of the issue as the 30 second timer prolongs the boot > > > > > process which in turns causes qrexec to timeout. Select "Start > > > > > Windows normally. > > > > > 4. In Windows AppVM launch Command Prompt as Administrator > > > > > 5. Use following commands in the Commands Prompt: "bcdedit /set > > > > > {bootmgr} displaybootmenu no" (no quotes) and "bcdedit /set {default} > > > > > bootstatuspolicy ignoreallfailures" (no quotes) > > > > > 6. Shutdown Windows machine > > > > > 7. (optionally) change how long the qrexec waits for connection from > > > > > the default 60 seconds to 120 seconds > > > > > 8. Enable Seamless GUI back and disable debug mode > > > > > > > > > > Your Windows VM should start normally after a crash now. > > > > > > > > Hi, > > > > > > > > Thanks for putting these steps together. I believe I am suffering from > > > > the same issue but I can't follow the steps fully. If this is not the > > > > same issue, I will delete this and start another thread. > > > > > > > > When I try to start my Win 7 VM, it fails to start. If I start it using > > > > the Debug mode I get the following error when using safe mode: > > > > > > > > "Cannot connect to 'windows-7' qrexec agent for 300 seconds, giving up > > > > ERROR: Cannot execute qrexec-daemon!" > > > > > > > > Looking at previous similar issues, I have attempted to re download the > > > > Windows Tools again but this has not worked. > > > > > > > > If I start Windows normally however using the debug option, Windows > > > > just hangs at a "Starting Windows" screen and the Dom0 Terminal just > > > > shows "Waiting for user 'Max' login..." without progressing. > > > > > > > > Any suggestions as to how to troubleshoot this? > > > > > > > > Thanks > > > > > > Enable Debug, Disable Seamless GUI and then mash F8 as soon as the OS > > > window appears, enter either Safe Mode with Networking or Last Known Good > > > Configuration and then do a clean shutdown from within a VM. Helped me > > > several times. > > > > Even doing this I can't get in at all and get the same error as described > > above. Is it going to be required to re install Windows again? > > > > Thanks for taking the time to detail your experiences. > > Did you attach any PCI devices to the Windows VM? I've noticed that if a PCI > device was attached at any point to a Windows VM and detached afterwards the > VM will not boot unless said device is attached again. No, I didn't. I have opted to go for the reinstall from backup route to getting Windows working again (which it is). Thanks anyway for the help. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2fefde7f-31ab-4247-b577-49f11954f5ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Building Qubes from source, strange error.
On Thu, Mar 23, 2017 at 03:40:34AM -0700, loke...@gmail.com wrote: > On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava wrote: > > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote: > > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava wrote: > > > > > > > Which tells us that we probably really do need version 3.9.0 of > > > > qubes-tools. > > > > > > Where can that version be found? Looking at the latest master of > > > qubes-linux-utils, it only contains version 3.2.3: > > > > > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version > > > Yes, and that is what surprises me as well. The relevant source has not > > been touched in a while. I've looked, but I don't know why the build > > breaks. > > > > All I know for a fact is what you said, it asks for 3.9.0 and delivers > > 3.2.3 at the master branch. And that the relevant source files all have not > > been changed recently. > > The spec file was updated from 2.0.10 to 3.9.0 as of commit > 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that the > commit was on the 17'th December 2015. This is more than half a year before > the most recent ISO images were built. > > I really have no idea what the cause for this could be. > > Regards, > Elias > Finally I understand - you're trying to build a full build of master - I just dont think this works at the moment - you could *try* following my suggestion of NOT building artwork at all - just comment it out. Lots of the devel work on v4 (that's now in master) is in the devs repos - you can see the mysterious 3.9 here: https://github.com/woju/qubes-linux-utils/tree/core3-devel So I think you have to cherry pick from a number of different repos to get something like a working v4 if that's what you want. At least from marmarek and woju. I dont have scope to try this. (You can just build some components as you like - e.g just the manager.) It IS possible to build templates from master, and they seem to work fine with 3.2 :although marek has said that things might break, I haven't seen this as yet.) unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2017032348.GA7814%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] usability request
2017-03-23 13:51 GMT+03:00 Oleg Artemiev: >> ровно до того момента пока вы считаете корректным использовать >> несколько способов энкапсуляции смысла. Хочешь узнать о чём - пиши в gpg >> формате. Да я считаю гпг способом кодирования смысла. У меня в локации >> нельзя использовать шифрование но можно использовать кодирование Нельзя скрыть смысл оставляя на виду всего лишь один способ кодирования факта переписки. Вы не хоитет делить личку на уровне не умею прочитать - не для меня. Но я блин то ещё фидошник. По русски писать нелья - что за нафиг - типа непонятно никому. Ну и хрен с ним. Количество совпадений моего желания что-то объяснить и моего желания чтобы все поняли - сильно не равные множества. Я готов говоить о характеристиках качества до тех пор пока они разумны по опыту и не ранее чем они считабельны хотя бы на уровне прикидок в трёхмерном пространстве. Понимать физический смысл математики и диффур меня обучили заставив пересдать диффуры. Спасибо преподавателью за это. Но блин. Меня утомляет когда я занят формулировать на нативном языке. Или терпите шум в виде багрепортов в общественном месте Или сделайте вменяемый вход в вашу пещеру. :))) Чтобы я со стороны заднего прохода в это множество не пилил как танк. Это именно то, откуда в России появляется мем веждивые люди. Стоимость пояснить для себя вне контекста и понять что я уже не совсем неуловимый джо ну вот по любому - это ж проработать что я -- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6PR-uN-Z0kWKkH%3DN-1_TRG1pbJ6x-fk9NM3FBAqFR8WaQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] usability request
> ровно до того момента пока вы считаете корректным использовать > несколько способов энкапсуляции смысла. Хочешь узнать о чём - пиши в gpg > формате. Да я считаю гпг способом кодирования смысла. У меня в локации нельзя > использовать шифрование но можно использовать кодирование -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6OyS%3D%3DVW8FG78yaq2YFaV9RRNWeH1RxbVw6izNgs0Ry3Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] usability request
И я буду анноить Вас отсутствием русского списка рассылки про Qubes ровно до того момента пока вы считаете корректным использовать несколько способов энкапсуляции 2017-03-23 13:47 GMT+03:00 Oleg Artemiev: > В русском каннари намеренно использована машинно непереводимая игра > смысла с превращением глаголов в существительные не гляда на правила > грамматики. > Так надо чтобы вы задумались о том что я мог иметь ввиду в контексте > Ваших личных надобностей в рамках Qubes проекта. > > 2017-03-23 13:40 GMT+03:00 Oleg Artemiev : >> Please do not try to get a clue why this is sent here. This is >> thinking flow. I had never ever been doing a meaning full cannary and >> commitment into a project. >> I willl test qubes. Since I alreaday do and I enjoy Qubes OS and all >> the stuff Qubes allow to born in the reality. >> When you are in fear Qubes is some plcae that can support you. In >> terns of tunable calm transparency. >> >> It is really safe to use Qubes when you do it as designed. It is >> enough innovative. It is already good enough to be on google summer of >> code. >> >> It's fun. Like linux was when I first met it. Enjoy! >> >> Thank you qubes team. I've found that current sort of misfunctioning >> is enough good to be not a security related problem. I've commited >> into funs community just becouse Rutkowska made a cool PoC with her >> blue pill and red pill. She made me think more in context of my own >> reasonse. The real thing is that I've just committed into public that >> currently I'm enough skilled to solve a pazzle "why this is a bug" and >> "why this is a usability bug". >> All okay. We have democracy. We have same models of goverment as a >> security treat as you do in your geolocation. The laws of math is >> faster to get an answer and slower to understand is stilll working for >> me. >> In this context I think that I made a lot to tell what is already told >> ))) To finalize the thread from my side I insist: >> >> this is the load testing problem. I guess the reason is that Clock VM >> is allowed to die and no default hook to restart clock VM (thinking it >> has same clean state) provided >> As I understand security vs usability - this is all about mistrusts >> from operating system - to cleanup a block you have to unlock. But >> where the lock() is subject to search. >> >> >> >> 2017-03-23 13:25 GMT+03:00 Oleg Artemiev : >>> On Wed, Mar 22, 2017 at 5:24 PM, Jean-Philippe Ouellet wrote: On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev wrote: > Is this OK to provide a pullrequest for adding VM (qube) functionality > for kill / shutdown some VM using window color border as a start > point? > > I'm spending some time to get into qubes manager just to kill or > shutdown some qube. This is a regular task in my workflow. If you are interested in quickly and easily killing a VM with visible windows, then update qubes-core-dom0-linux and add a shortcut in your desktop environment for /usr/bin/qvm-xkill. This utility lets you just click on a window to kill the corresponding VM. >>> Yes. I'm interested in exactly that. Some times I've even no time to >>> wait enough to allow Qubes shutdown normally. >>> >>> I'd appreciate if qubes-killall will be implemented as an official >>> command with these abilities: >>> >>> qubes-killall [no option] >>> >>> used to report help. No damage by default. >>> >>> qubes-killall [--also-system-qubes] >>> >>> used to kill all VMs, including even sys-net , sys-whonix, sys-clock . >>> >>> Some times I just need to correctly shutdown (not by holding power >>> button - just via init 0). >>> This will save alot of my timewaste wating when I'll be sure that only >>> power eating code are some dumb intel blobs running due to intel >>> design fencing. >>> It is not intentionally against me, but even intel has usability bugs. >>> Well - I've no need in otselot to empty the energy provider. >>> I've no that super secrets to keep moving only with battery separated >>> from the computing >>> >>> qubes-killall [--only-system-qubes] >>> >>> Yes I can script it. But lim(cost of thinking) on hacks(I do) goes >>> into infinity as till I'm alive. >>> >>> That's why I memorize only officially supported tool names (and only >>> those that are helpfull to work. >>> >>> BTW: I've just unintentionally reproduced the bug I'm trying to >>> takeover without interrupting my workflow. >>> >>> This is not a single issue. This is a set of business usability issues >>> with different priorities. Below is proof of concept that: >>> >>> 1) I'm enough tired by async workflow model I usually commit my work. >>> 2) I'm enough helpfull to get payd enough even when there's a >>> permanent crisys around. >>> 3) That is proven that I committed to wait my current employment for a >>> half of a year period >>> 4) I do what I really do in a long term period.
[qubes-users] Re: [qubes-devel] usability request
В русском каннари намеренно использована машинно непереводимая игра смысла с превращением глаголов в существительные не гляда на правила грамматики. Так надо чтобы вы задумались о том что я мог иметь ввиду в контексте Ваших личных надобностей в рамках Qubes проекта. 2017-03-23 13:40 GMT+03:00 Oleg Artemiev: > Please do not try to get a clue why this is sent here. This is > thinking flow. I had never ever been doing a meaning full cannary and > commitment into a project. > I willl test qubes. Since I alreaday do and I enjoy Qubes OS and all > the stuff Qubes allow to born in the reality. > When you are in fear Qubes is some plcae that can support you. In > terns of tunable calm transparency. > > It is really safe to use Qubes when you do it as designed. It is > enough innovative. It is already good enough to be on google summer of > code. > > It's fun. Like linux was when I first met it. Enjoy! > > Thank you qubes team. I've found that current sort of misfunctioning > is enough good to be not a security related problem. I've commited > into funs community just becouse Rutkowska made a cool PoC with her > blue pill and red pill. She made me think more in context of my own > reasonse. The real thing is that I've just committed into public that > currently I'm enough skilled to solve a pazzle "why this is a bug" and > "why this is a usability bug". > All okay. We have democracy. We have same models of goverment as a > security treat as you do in your geolocation. The laws of math is > faster to get an answer and slower to understand is stilll working for > me. > In this context I think that I made a lot to tell what is already told > ))) To finalize the thread from my side I insist: > > this is the load testing problem. I guess the reason is that Clock VM > is allowed to die and no default hook to restart clock VM (thinking it > has same clean state) provided > As I understand security vs usability - this is all about mistrusts > from operating system - to cleanup a block you have to unlock. But > where the lock() is subject to search. > > > > 2017-03-23 13:25 GMT+03:00 Oleg Artemiev : >> On Wed, Mar 22, 2017 at 5:24 PM, Jean-Philippe Ouellet wrote: >>> On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev wrote: Is this OK to provide a pullrequest for adding VM (qube) functionality for kill / shutdown some VM using window color border as a start point? I'm spending some time to get into qubes manager just to kill or shutdown some qube. This is a regular task in my workflow. >>> >>> If you are interested in quickly and easily killing a VM with visible >>> windows, then update qubes-core-dom0-linux and add a shortcut in your >>> desktop environment for /usr/bin/qvm-xkill. This utility lets you just >>> click on a window to kill the corresponding VM. >> Yes. I'm interested in exactly that. Some times I've even no time to >> wait enough to allow Qubes shutdown normally. >> >> I'd appreciate if qubes-killall will be implemented as an official >> command with these abilities: >> >> qubes-killall [no option] >> >> used to report help. No damage by default. >> >> qubes-killall [--also-system-qubes] >> >> used to kill all VMs, including even sys-net , sys-whonix, sys-clock . >> >> Some times I just need to correctly shutdown (not by holding power >> button - just via init 0). >> This will save alot of my timewaste wating when I'll be sure that only >> power eating code are some dumb intel blobs running due to intel >> design fencing. >> It is not intentionally against me, but even intel has usability bugs. >> Well - I've no need in otselot to empty the energy provider. >> I've no that super secrets to keep moving only with battery separated >> from the computing >> >> qubes-killall [--only-system-qubes] >> >> Yes I can script it. But lim(cost of thinking) on hacks(I do) goes >> into infinity as till I'm alive. >> >> That's why I memorize only officially supported tool names (and only >> those that are helpfull to work. >> >> BTW: I've just unintentionally reproduced the bug I'm trying to >> takeover without interrupting my workflow. >> >> This is not a single issue. This is a set of business usability issues >> with different priorities. Below is proof of concept that: >> >> 1) I'm enough tired by async workflow model I usually commit my work. >> 2) I'm enough helpfull to get payd enough even when there's a >> permanent crisys around. >> 3) That is proven that I committed to wait my current employment for a >> half of a year period >> 4) I do what I really do in a long term period. >> >> Due to that the text below officially supported by using google in >> terms of transparten electronical signing till I've made a >> >> Labelling highly depend to the product type and busness model needs. >> >> From security perspective it is not an issue at all . >> >> I've made a lot of efforts to defend an attack my opinion to
[qubes-users] How do I know - is that a MAJOR usability issue? (subject replaced)
Hello. Currently I'm not that busy but steel overloaded by technical debt. I've cleaned the tech debt for some organisation units outside of my usual daily interest. всё хорошо. :) Баг не касается ничего существенного. Пошёл в обязательный ребут. Сходимость очередей на запуск на уровне дребезжания фиксируется рассчётом сходимости дискретных значений к максимально допустимой скорости исполнения. Это не решить костылём. Надо таймауты считать. Это вывод из моего нагрузочного теста. Этот тест нужен мне потому что я использую Qubes в продакшене не испытывая существенных проблем. :) -- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6OKC6KwmFQaHUs6AAjaWTROf%3DxU3Rfc_hY%2BLvXs15Sz7A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Building Qubes from source, strange error.
On Thursday, 23 March 2017 18:23:30 UTC+8, Opal Raava wrote: > On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote: > > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava wrote: > > > > > Which tells us that we probably really do need version 3.9.0 of > > > qubes-tools. > > > > Where can that version be found? Looking at the latest master of > > qubes-linux-utils, it only contains version 3.2.3: > > > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version > Yes, and that is what surprises me as well. The relevant source has not been > touched in a while. I've looked, but I don't know why the build breaks. > > All I know for a fact is what you said, it asks for 3.9.0 and delivers 3.2.3 > at the master branch. And that the relevant source files all have not been > changed recently. The spec file was updated from 2.0.10 to 3.9.0 as of commit 9780a95a0ad20b63f2da401f108f2dcb3511554b. The interesting thing is that the commit was on the 17'th December 2015. This is more than half a year before the most recent ISO images were built. I really have no idea what the cause for this could be. Regards, Elias -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08b31cd7-630b-4e7c-8310-66706fd3b302%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] usability request
Please do not try to get a clue why this is sent here. This is thinking flow. I had never ever been doing a meaning full cannary and commitment into a project. I willl test qubes. Since I alreaday do and I enjoy Qubes OS and all the stuff Qubes allow to born in the reality. When you are in fear Qubes is some plcae that can support you. In terns of tunable calm transparency. It is really safe to use Qubes when you do it as designed. It is enough innovative. It is already good enough to be on google summer of code. It's fun. Like linux was when I first met it. Enjoy! Thank you qubes team. I've found that current sort of misfunctioning is enough good to be not a security related problem. I've commited into funs community just becouse Rutkowska made a cool PoC with her blue pill and red pill. She made me think more in context of my own reasonse. The real thing is that I've just committed into public that currently I'm enough skilled to solve a pazzle "why this is a bug" and "why this is a usability bug". All okay. We have democracy. We have same models of goverment as a security treat as you do in your geolocation. The laws of math is faster to get an answer and slower to understand is stilll working for me. In this context I think that I made a lot to tell what is already told ))) To finalize the thread from my side I insist: this is the load testing problem. I guess the reason is that Clock VM is allowed to die and no default hook to restart clock VM (thinking it has same clean state) provided As I understand security vs usability - this is all about mistrusts from operating system - to cleanup a block you have to unlock. But where the lock() is subject to search. 2017-03-23 13:25 GMT+03:00 Oleg Artemiev: > On Wed, Mar 22, 2017 at 5:24 PM, Jean-Philippe Ouellet wrote: >> On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev wrote: >>> Is this OK to provide a pullrequest for adding VM (qube) functionality >>> for kill / shutdown some VM using window color border as a start >>> point? >>> >>> I'm spending some time to get into qubes manager just to kill or >>> shutdown some qube. This is a regular task in my workflow. >> >> If you are interested in quickly and easily killing a VM with visible >> windows, then update qubes-core-dom0-linux and add a shortcut in your >> desktop environment for /usr/bin/qvm-xkill. This utility lets you just >> click on a window to kill the corresponding VM. > Yes. I'm interested in exactly that. Some times I've even no time to > wait enough to allow Qubes shutdown normally. > > I'd appreciate if qubes-killall will be implemented as an official > command with these abilities: > > qubes-killall [no option] > > used to report help. No damage by default. > > qubes-killall [--also-system-qubes] > > used to kill all VMs, including even sys-net , sys-whonix, sys-clock . > > Some times I just need to correctly shutdown (not by holding power > button - just via init 0). > This will save alot of my timewaste wating when I'll be sure that only > power eating code are some dumb intel blobs running due to intel > design fencing. > It is not intentionally against me, but even intel has usability bugs. > Well - I've no need in otselot to empty the energy provider. > I've no that super secrets to keep moving only with battery separated > from the computing > > qubes-killall [--only-system-qubes] > > Yes I can script it. But lim(cost of thinking) on hacks(I do) goes > into infinity as till I'm alive. > > That's why I memorize only officially supported tool names (and only > those that are helpfull to work. > > BTW: I've just unintentionally reproduced the bug I'm trying to > takeover without interrupting my workflow. > > This is not a single issue. This is a set of business usability issues > with different priorities. Below is proof of concept that: > > 1) I'm enough tired by async workflow model I usually commit my work. > 2) I'm enough helpfull to get payd enough even when there's a > permanent crisys around. > 3) That is proven that I committed to wait my current employment for a > half of a year period > 4) I do what I really do in a long term period. > > Due to that the text below officially supported by using google in > terms of transparten electronical signing till I've made a > > Labelling highly depend to the product type and busness model needs. > > From security perspective it is not an issue at all . > > I've made a lot of efforts to defend an attack my opinion to get a > clue at what level should I mark this bug. > > Due to stability of your criteria of marking some qube within a > worflow - this cannot be a security issue. > > Though in terms of MPLS this is not ready enough soultion. > I would like to discuss the mathematical proof for criteria of > reasonable load stability. Since I'm finally got to commit reboot in > two hours I've to drop all and just describe my intentions in native > language. > > If you think
[qubes-users] Re: Building Qubes from source, strange error.
On Thursday, March 23, 2017 at 3:27:58 AM UTC+1, lok...@gmail.com wrote: > On Thursday, 23 March 2017 02:45:53 UTC+8, Opal Raava wrote: > > > Ok that build did not work. I'm getting the following error: > > > > ../../bin/mkpadlock.py -s 36 -c 0xcc devices/appvm-red.png > > Traceback (most recent call last): > > File "../../bin/mkpadlock.py", line 25, in > > import qubesimgconverter > > ImportError: No module named qubesimgconverter > > ../Makefile.common:39: recipe for target 'devices/appvm-red.png' failed > > make[2]: *** [devices/appvm-red.png] Error 1 > > make[2]: Leaving directory '/home/user/qubes-src/artwork/icons/36x36' > > Makefile:4: recipe for target 'all' failed > > make[1]: *** [all] Error 1 > > > > Which tells us that we probably really do need version 3.9.0 of qubes-tools. > > Where can that version be found? Looking at the latest master of > qubes-linux-utils, it only contains version 3.2.3: > > https://github.com/QubesOS/qubes-linux-utils/blob/master/version > > Regards, > Elias Yes, and that is what surprises me as well. The relevant source has not been touched in a while. I've looked, but I don't know why the build breaks. All I know for a fact is what you said, it asks for 3.9.0 and delivers 3.2.3 at the master branch. And that the relevant source files all have not been changed recently. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2ca4d3c-e12c-47ee-b540-7324b734bcea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Sleep Verb Not Supported
Am Montag, 26. Dezember 2016 00:05:08 UTC+1 schrieb mojosam: > My computer doesn't go to sleep. > > I have XFCE Power Manager set to Hibernate the system after one hour. When I > come back to the system after that time, the screen is blank (but not off) > and the system seems to be fully powered up (the fan seems to be running at > the same speed as when I'm using the computer). So I move the mouse, log > back in, the Qubes desktop reappears, and there is a message from the Power > Manager: > > GDBus.Error:org.freedesktop.login1.SleepVerbNotSupported:Sleep verb not > supported > > If it matters, this is a desktop machine (HP Compaq 8200 Elite SFF). > > Anyone know how I can solve or troubleshoot this? Thanks! I use Qubes OS 3.2 with i3 as window manager and have the same problem. When closing the lid I get this error, and the system stays powered up. I use Qubes since a year, and I get this behavior since I updated dom0 yesterday. The packages that has been updated are qubes-core-dom0-linux (3.2.12.1.fc23), qubes-core-dom0-linux-kernel-install (3.2.12.1.fc23) and qubes-pdf-converter-dom0 (2.1.2.1.fc23). I have no idea at the moment how to fix this or what exactly causes the issue. The kernel has been changed, so most likely this somehow break it. Thanks for any hint. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97781287-2252-4285-8518-8f7a0043a2e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] External GPU for just one VM or OpenSWR
I am not looking for super gaming performance, I just want to make some apps requiring GPU acceleration working. Since there is no reliable and secure way to use internal (either integrated or dedicated) GPU and since GPU passthrough is problematic (e.g., persistently compromised GPU seems to be able pwn the whole machine on boot through GPU BIOS), I've looked at options for external GPU: * PCI-related solutions seem to suffer from the same issues as internal GPUs and they are not much suitable for laptops. * I've looked at USB GPUs. Reportedly, various USB-to-VGA/HDMI converters are GPUs. I don't know if it is possible to connect the converter to a VM (through USBVM), let it render the output and then send the result to GUID, while getting reasonable performance. (I am worried about the latency a bit…) * There are some Thunderbolt GPUs. With DMA, it seems to be more close to PCI-related solutions in terms of both security and performance. The main advantage would be not requiring it to be connected all the time (and it might be theoretically also ignored during the boot) and better suitability for the laptop. But I have rather low information about Thunderbolt at all, so there might be some catches. * Maybe external GPU would not be needed if a better SW solution (OpenSWR) is used: http://m.slashdot.org/story/301501 Not sure how hard it would be to integrate Note that I am not much knowledgeable on GPUs. So I am sorry if some of the suggestions is a complete nonsense. This is not crucial for me at the moment, but: * I'd like to know if there is something worth considering (e.g., Thunderbolt) when buying a new laptop * some others might find the ideas useful Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4138ad92-51ac-4551-a9ac-78ee69ee0039%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: can we have debian-minimal?
Well, you have simplified it too much. It seems to be basically equivalent to curl http://… | sudo bash. (AFAIK, there is no authentication when using git:// URL.) The signature verification mentioned on the page is there for a reason – you should not run the code without knowing it has not been altered. It would be even better to use either https;// URL or SSH URL, as they authenticate the transport. This can somehow mitigate attacker providing you an old version with known vulnerabilities. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aac7603f-3e59-41ce-a168-83aa354a42e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.