Re: [qubes-users] how to better verify backups to catch restore errors?

2017-06-21 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-06-21 15:47, cubit wrote:
> Is there a better way to verify that the qubes based backup
> succeeds?
> 
> I discovered today that, while I backup all AppVM and TemplateVM in
> one time (via GUI),  the backups created going back to February all
> consistently fail to restore one particular appVM
> 
> Yesterday I needed a clean laptop for a travel so I did a full
> backup and then removed my "storage" AppVM that contain all my
> documents as well I delete 2 other AppVM, "gpg" and "chat".   Can
> you see where this go..?
> 
> Today I go to restore the deleted AppVM via GUI.   "gpg" and "chat"
> restore perfect but "storage" gives error even though when I
> veryify the archive it is ok :((
> 
> ERROR: [Errno 2] No such file or directory:
> u'/var/tmp/restore_LtT4Jk/vm1' *** Skipping VM: storage -> Done.
> Please install updates for all the restored templates. -> Completed
> with errors!
> 
> 
> I try using "qvm-backup-restore -d sys-usb
> /path/to/backup/qubes_backup_time storage --debug" to see if there
> are more details.  It fails too and no much details are extra  See
> attached restore_errors.txt where it try vm17
> 
> 
> What is interesting is that for some reason it is trying to restore
> vm17 which is not my "storage" vm based on the qubes.xml in the
> same directory.  My "storage" vm should be 1.
> 
> I was able to do "emergency backup recovery" on files in vm1
> directory and as hoped, all my "storage" appVM files were in
> there.
> 
> I had to go to backups from February before I could find one that
> would restore "storage" appVM from GUI or qvm-backup-restore
> 
> Some questions
> 
> - how can I better veryify backups working?

You can use the "verify-only" restore option (available both in Qubes
Manager and on the command-line) immediately after creating a backup.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZS0BjAAoJENtN07w5UDAwKnQQALo2uYmdbW6zcBTmYEYC2QuV
W+zgp+pT0S/SXK7qqG5Qw5o3N2y104eK95DvKK0ZyBC/UIbnsYO4u77oECC1CTsx
r+kpkr7cslNMsnkleUPk6ahwutZZg/eJ6E57w2kPGcDJdBh8ys2i8ubHGM2hft85
9jOAcbjUP5X9COVO4TtCK3JF67R9VpmemXSgNE8BlVFsmaqdncgSO/RfjTx/+Oov
QuborHaz4GRFrw6ObAoRlObsrF+QHqMj+zQVmUUXD+6IT+SRSUi/J6NX0WHJbxgf
Vzp1cfZEDgdHGEY718yyiwDxhYk6BofQQ5on0E8ogJfucdWQgCBrW3uxnvfovxcM
Z41Khz4vtHtEpOiWApNAYT2XxFQRGZ/1XArIE7UbU7T0f9d9mPf31SxyYr9aHUER
l0izY7UZ0bIjRjr1vAVDgSNep9drO25wWQ/ia/5M0NHIy+xknRyA00OF9q2Cf2r0
uZdlJHuFi9htyI6Wd925ajP07LOfPxR8RMlS5+SLHkYF90pQkg4XdSo0wf3XBopc
gO0+ijEqYOzZtyoaUARwbpxV7tLOPsa/AvJgJthphB6UgtMDUoio42FYMUbRmqXt
VLK0L/7Xj8fvQzFHRig6xMOYFvLjEml+zR6dYzNQK2S2uklZdqFJkT6I4fWoEDZB
4A594AjYXaLPsaBgDmSw
=gDtA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/245f04eb-e855-d5b0-ec3b-925e302241d2%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Vault-appvm empty after Debian-8 template dist-upgrade

2017-06-21 Thread cooloutac 
On Wednesday, June 21, 2017 at 8:46:22 PM UTC-4, Essax wrote:
> I upgrade my Debian-8 template with sudo apt-get dist-upgrade.  The only 
> problem I had after the upgrade was my vault-appvm was emply when I launched 
> it. I searched through every directory trying to find my data base with no 
> luck.
> 
> 
> 
> Fortunately I was able to follow the instructions in the  Qubes Documentation 
> and roll back the changes to my TemplateVM. Once I did that my vault data 
> base was back to normal. If this happens to you and you want to revert the 
> changes to your Debian-8 TemplateVM you would type this command in your Dom0 
> terminal.
> 
> 
> 
> qvm-revert-template-changes debian-8
> 
> 
> 
> Please note It requires that all AppVMs based on this template be halted 
> during this operation.
> 
> 
> 
> 
> 
> For the technical details about how this command works and the steps it 
> performs, see here
> 
> 
> 
> Obviosly another solution would be to restore from backups or download a new 
> TemplateVM.  Just be aware if your vault-appvm is based off debian to 
> cautious if your dist-upgrade
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Essax
> 
> 
> 
> Sent with ProtonMail Secure Email.

sweet command!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a101d8f-67c4-43e6-b6b3-dcb3e762009d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes and USB Ethernet adapter

2017-06-21 Thread cooloutac 
On Wednesday, June 21, 2017 at 10:13:12 PM UTC-4, cooloutac wrote:
> On Wednesday, June 21, 2017 at 10:11:54 PM UTC-4, cooloutac wrote:
> > add it to sys-net, no?
> > 
> > If not delete your sys-usb.
> > don't even recreate it.  and just to test find the right controller for the 
> > port you use,and add it to your sys-net.
> 
> oh but you prolly only have one controller.  ya if i'm understanding 
> correctly its already in sys-usb.  so you should be adding it to sys-net to 
> get network connection.

lol i just read "which would be extremely annoying to me" , sorry.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a3fd365-5779-4598-a050-0aa19998e811%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?

2017-06-21 Thread cooloutac 
On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote:
> Permit me to ask two questions?
> 
> 
> 
> 1) I was reading this
> 
> -
> https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c
> 
> (Credits: Micah Lee)
> What's that “Convert to Trusted PDF” you were talking about?
> 
> Let's say you found an interesting document, and let's say that you had 
> an offline virtual machine specifically dedicated for storing and 
> opening documents. Of course, you can directly send that document to 
> that VM, but there could still be a chance that this document is 
> malicious and may try for instance to delete all of your files (a 
> behavior that you wouldn't notice in the short-lived DisposableVM). But 
> you can also convert it into what's called a ‘Trusted PDF’. You send the 
> file to a different VM, then you open the file manager, navigate to the 
> directory of the file, right-click and choose “Convert to Trusted PDF”, 
> and then send the file back to the VM where you collect your documents. 
> But what does it exactly do? The “Convert to Trusted PDF” tool creates a 
> new DisposableVM, puts the file there, and then transform it via a 
> parser (that runs in the DisposableVM) that basically takes the RGB 
> value of each pixel and leaves anything else. It's a bit like opening 
> the PDF in an isolated environment and then ‘screenshoting it’ if you 
> will. The file obviously gets much bigger, if I recall it transformed 
> when I tested a 10Mb PDF into a 400Mb one. You can get much more details 
> on that in this blogpost by security researcher and Qubes OS creator 
> Joanna Rutkowska.
> 
> [https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]
> 
> --
> Upon reading it on the suggested sequence of opening  random/all PDFs, 
> maybe , people vary  their sequence.
> 
> It sounds like in say my Whonix Anon-appvm  , I d/l  a PDF, is it then 
> suggested I copy this PDF  to a , what,  PDF dedicated AppVM 1st, 
> Before doing  a  “Convert to Trusted PDF”  on the PDF file ?
> 
> This would add a step to the much faster,  just  “Convert to Trusted 
> PDF”  from the actual  Anon-Whonix  AppVM
> 
> 
> 2)
> Do folks typically backup  their Template VMs  ?  as I noticed they 
> aren't set up by default to backup ?
> 
> and/or what is the thinking behind backing up various VMs ?  I guess the 
> ones that have been the most modified eg  the AppVMs ?   I have 1 very 
> large 20 gigabyte  VM with old videos/pictures on it,  do I  back that 
> one up ? for example?

you just right click on the file and hit convert to trusted pdf.  i'm nto sure 
what you're asking.


when it comes to backing up template vms.  I only backup my cloned vms.  I 
clone vms from the defaults if I'm gonna install custom configs in them.  also 
so it has a diff name then default vms for less chance of issues when restoring.

and of course you back up your videos and pictures, are you being serious? lol. 
 thats what most people backup.  and deeper thought is what if they all have 
viruses and everytime you open one up you infect your system.  

So that leads to another thought that well if you are willing to reinstall all 
your programs and configs from scratch on a default template, mabe you'd be 
better off.  But backing them up and restoring them is for convenience.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/feedcc3c-0039-4db2-a003-1fa5a3a4c010%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes and USB Ethernet adapter

2017-06-21 Thread cooloutac 
On Wednesday, June 21, 2017 at 10:11:54 PM UTC-4, cooloutac wrote:
> add it to sys-net, no?
> 
> If not delete your sys-usb.
> don't even recreate it.  and just to test find the right controller for the 
> port you use,and add it to your sys-net.

oh but you prolly only have one controller.  ya if i'm understanding correctly 
its already in sys-usb.  so you should be adding it to sys-net to get network 
connection.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/996462f0-54a8-493a-b59d-043531faeb01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes and USB Ethernet adapter

2017-06-21 Thread cooloutac 


add it to sys-net, no?

If not delete your sys-usb.
don't even recreate it.  and just to test find the right controller for the 
port you use,and add it to your sys-net.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a32382d-b540-4bb1-b6ec-6edacafd1e0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

2017-06-21 Thread cooloutac 
On Wednesday, June 21, 2017 at 10:06:54 PM UTC-4, cooloutac wrote:
> what is the method you attaching it to sys-net and what is the error messages?
> 
> Tried adding single block device?  worse comes to worse you can just not use 
> sys-usb and just add the usb controller you plug it in to sys-net.  but then 
> you missing out on sys-usb which i'm sure you don't have to do.

https://www.qubes-os.org/doc/assigning-devices/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5866a640-4cfb-4074-bdf6-8c70dba74fb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

2017-06-21 Thread cooloutac 
what is the method you attaching it to sys-net and what is the error messages?

Tried adding single block device?  worse comes to worse you can just not use 
sys-usb and just add the usb controller you plug it in to sys-net.  but then 
you missing out on sys-usb which i'm sure you don't have to do.   

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67577acc-f207-4cae-9ba3-aac82bbdacf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Switching from UEFI to BIOS after installation...

2017-06-21 Thread cooloutac 
On Wednesday, June 21, 2017 at 4:53:04 PM UTC-4, motech man wrote:
> On Tuesday, June 20, 2017 at 10:09:33 PM UTC-5, cooloutac wrote:
> > > Indeed. I don't understand why AEM can't be used with UEFI. The docs 
> > > should also mention the reliance on TPM for AEM and the use of AEM 
> > > prevents ability to swap drives in mobo easily, such as hot swapable 
> > > SATA. That is probably not an important consideration in the majority of 
> > > cases I suspect.
> > > 
> > > Also, the conversion process should probably discuss GPT vs MBR 
> > > partitioning. I was under the impression UEFI required GPT, but even if 
> > > not, I do know booting an OS that resides on a GPT drive via BIOS (i.e. 
> > > legacy) mode has problems. Most BIOS / legacy code doesn't even recognize 
> > > a GPT drive. Often BIOS booting on a GPT drive relies on the protected 
> > > partition region which isn't recognized across the board and is far from 
> > > being well recognized my all Op Systems.
> > 
> > 
> > I don't understand why people want to use uefi if not using secure boot. 
> >...
> > You say GPT is that cause you running windows?  Well when you do decide to 
> > go to Qubes-os only machine  reformat the drive and hope for the best.  If 
> > you ever update your pc hardware though don't put anything else on it.  And 
> > your Hardware should be safe for at least a year lol. I'm starting to think 
> > real security is only for rich people.   but 1-2 years reasonable secure pc 
> > is pretty good compared to windows.  which I would give 1-2 months.  and 
> > linux which is shot in one day.  Ignore my fud.
> 
> We've had this discussion in another thread. I reiterated the main points 
> above. GPT is the superior partitioning format, far more flexible. Mixing 
> legacy BIOS with GPT is a very difficult combination to get working, 
> certainly for windoze. I have no intention of installing that OS on my Qubes 
> box, no way.
> 
> But please do your research on GPT and you will see BIOS boot is obsolete and 
> will be a thing of the past before you know it. The sooner you realize that 
> the better off you'll be.

well I have it installed on mind windows 10 on a machine I also boot with 
qubes.  main machine is qubes only though.  I use legacy mode for both.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7fc66534-0c13-44be-b1a0-b439f5ac52eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

2017-06-21 Thread cooloutac 

hmm maybe its a problem of not being able to have the same controller on both 
at same time?  I'm sure there is a workaround for this on mailing list i'll 
have a look.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef0d37f4-836a-466f-94ea-4b5619e36cb7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Vault-appvm empty after Debian-8 template dist-upgrade

2017-06-21 Thread 'Essax' via qubes-users 
I upgrade my Debian-8 template with sudo apt-get dist-upgrade. The only problem 
I had after the upgrade was my vault-appvm was emply when I launched it. I 
searched through every directory trying to find my data base with no luck.

Fortunately I was able to follow the instructions in the [Qubes 
Documentation](https://www.qubes-os.org/doc/software-update-vm/) and roll back 
the changes to my TemplateVM. Once I did that my vault data base was back to 
normal. If this happens to you and you want to revert the changes to your 
Debian-8 TemplateVM you would type this command in your Dom0 terminal.

qvm-revert-template-changes debian-8

Please note It requires that all AppVMs based on this template be halted during 
this operation.

For the technical details about how this command works and the steps it 
performs, see [here](http://For the technical details about how this command 
works and the steps it performs, see)

Obviosly another solution would be to restore from backups or download a new 
TemplateVM. Just be aware if your vault-appvm is based off debian to cautious 
if your dist-upgrade

Essax

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/w0Xl31OJ2d7z5QisSEUXGFE7Sz_cp2thbQdQrnHRyN7JbgsX3Cfp2AgoV5z8db7c5psQfcKEMDlHqlshemRLwNdDJHY5tM2b6q99WCxjx08%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

2017-06-21 Thread Foppe de Haan 
On Tuesday, June 20, 2017 at 9:36:12 PM UTC+2, Swâmi Petaramesh wrote:
> Le 20/06/2017 à 19:49, Reg Tiangha a écrit :
> > Curious: Did you install the qubes-usb-proxy package in both sys-usb and
> > sys-net templates before attempting to transfer the device?
> 
> THanks for the hint, but yes, it is currently installed in the template
> used for both sys-usb and sys-net VMs.
> 
> ॐ
> 
> -- 
> Swâmi Petaramesh  PGP 9076E32E

Have you considered baking your own 4.11-based kernel? (See 
https://groups.google.com/forum/#!topic/qubes-users/yBeUJPwKwHM for a howto)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b967224a-39f5-475a-9679-685c663e1a53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Switching from UEFI to BIOS after installation...

2017-06-21 Thread motech man 
On Tuesday, June 20, 2017 at 10:09:33 PM UTC-5, cooloutac wrote:
> > Indeed. I don't understand why AEM can't be used with UEFI. The docs should 
> > also mention the reliance on TPM for AEM and the use of AEM prevents 
> > ability to swap drives in mobo easily, such as hot swapable SATA. That is 
> > probably not an important consideration in the majority of cases I suspect.
> > 
> > Also, the conversion process should probably discuss GPT vs MBR 
> > partitioning. I was under the impression UEFI required GPT, but even if 
> > not, I do know booting an OS that resides on a GPT drive via BIOS (i.e. 
> > legacy) mode has problems. Most BIOS / legacy code doesn't even recognize a 
> > GPT drive. Often BIOS booting on a GPT drive relies on the protected 
> > partition region which isn't recognized across the board and is far from 
> > being well recognized my all Op Systems.
> 
> 
> I don't understand why people want to use uefi if not using secure boot. 
>...
> You say GPT is that cause you running windows?  Well when you do decide to go 
> to Qubes-os only machine  reformat the drive and hope for the best.  If you 
> ever update your pc hardware though don't put anything else on it.  And your 
> Hardware should be safe for at least a year lol. I'm starting to think real 
> security is only for rich people.   but 1-2 years reasonable secure pc is 
> pretty good compared to windows.  which I would give 1-2 months.  and linux 
> which is shot in one day.  Ignore my fud.

We've had this discussion in another thread. I reiterated the main points 
above. GPT is the superior partitioning format, far more flexible. Mixing 
legacy BIOS with GPT is a very difficult combination to get working, certainly 
for windoze. I have no intention of installing that OS on my Qubes box, no way.

But please do your research on GPT and you will see BIOS boot is obsolete and 
will be a thing of the past before you know it. The sooner you realize that the 
better off you'll be.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07b5082b-1fcb-4d59-9b4d-24bd9078682d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to better verify backups to catch restore errors?

2017-06-21 Thread cubit 
Is there a better way to verify that the qubes based backup succeeds?

I discovered today that, while I backup all AppVM and TemplateVM in one time 
(via GUI),  the backups created going back to February all consistently fail to 
restore one particular appVM

Yesterday I needed a clean laptop for a travel so I did a full backup and then 
removed my "storage" AppVM that contain all my documents as well I delete 2 
other AppVM, "gpg" and "chat".   Can you see where this go..?

Today I go to restore the deleted AppVM via GUI.   "gpg" and "chat" restore 
perfect but "storage" gives error even though when I veryify the archive it is 
ok :((

   ERROR: [Errno 2] No such file or directory: u'/var/tmp/restore_LtT4Jk/vm1'
   *** Skipping VM: storage
   -> Done. Please install updates for all the restored templates.
   -> Completed with errors!
   

 I try using "qvm-backup-restore -d sys-usb /path/to/backup/qubes_backup_time 
storage --debug" to see if there are more details.  It fails too and no much 
details are extra  See attached restore_errors.txt where it try vm17
 
 
What is interesting is that for some reason it is trying to restore vm17 which 
is not my "storage" vm based on the qubes.xml in the same directory.  My 
"storage" vm should be 1.

I was able to do "emergency backup recovery" on files in vm1 directory and as 
hoped, all my "storage" appVM files were in there.

I had to go to backups from February before I could find one that would restore 
"storage" appVM from GUI or qvm-backup-restore

Some questions

- how can I better veryify backups working?
- why does it seem qubes is getting confused about appVM qid on restore?
- at top of restore_error.txt file it says only 1MB to restore, even when AppVM 
is 1.8GB is size,  why size difference?
- is there anything I can do to compare the good backup that restores via gui 
and any of the many broken backups to see what went wrong?
- how can I be sure this qid mixup won't happen again?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KnBPDPp--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.
Working in temporary dir:/var/tmp/restore_LtT4Jk
Extracting data: 1.0 MiB to restore
Run command[u'/usr/libexec/qubes/qfile-dom0-unpacker', '1000', 
u'/var/tmp/restore_LtT4Jk', u'-v']
Got backup header and hmac: backup-header, backup-header.hmac
Verifying file /var/tmp/restore_LtT4Jk/backup-header
Loading hmac for file /var/tmp/restore_LtT4Jk/backup-header
File verification OK -> Sending file /var/tmp/restore_LtT4Jk/backup-header
Creating pipe in: /var/tmp/restore_LtT4Jk/restore_pipe
Getting new file:qubes.xml.000
Getting hmac:qubes.xml.000.hmac
Verifying file /var/tmp/restore_LtT4Jk/qubes.xml.000
Started sending thread
Moving to dir /var/tmp/restore_LtT4Jk
Loading hmac for file /var/tmp/restore_LtT4Jk/qubes.xml.000
File verification OK -> Sending file /var/tmp/restore_LtT4Jk/qubes.xml.000
Getting new file:
Waiting for the extraction process to finish...
Extracting file /var/tmp/restore_LtT4Jk/qubes.xml.000
Running command [u'tar', u'-xkv', u'qubes.xml']
Removing file /var/tmp/restore_LtT4Jk/qubes.xml.000
qubes.xml
Finished extracting thread
Extraction process finished with code:0
Loading file /var/tmp/restore_LtT4Jk/qubes.xml
storage is included in backup
whonix-gw is included in backup
whonix-ws is included in backup
sys-net is included in backup
sys-firewall is included in backup
debian-8-live is included in backup
sys-whonix is included in backup
anon-whonix is included in backup
5 is included in backup
debian-8-sec is included in backup
debian-8-stable-java is included in backup
4 is included in backup
net- is included in backup
1 is included in backup
2 is included in backup
3 is included in backup
chat is included in backup
gpg is included in backup
personal is included in backup
6 is included in backup
7 is included in backup
8 is included in backup
9 is included in backup
fedora-24-live is included in backup
10 is included in backup

The following VMs are included in the backup:

--+--+--+---+---+---+
 name | type | template | updbl | netvm | label |
--+--+--+---+---+---+
 storage |  App | debian-8-live |   | - | green | <-- Will be renamed 
to 'storage'

The above VMs will be copied and added to your system.
Exisiting VMs will NOT be removed.
Do you want to proceed? [y/N] Working in temporary dir:/var/tmp/restore_LtT4Jk
Extracting data: 1.7 GiB to restore
Run command[u'/usr/libexec/qubes/qfile-dom0-unpacker', '1000',

Re: [qubes-users] emergency backup recovery proedue - how do you tell which "vm" folder is what AppVM

2017-06-21 Thread cubit 
21. Jun 2017 19:38 by cu...@tutanota.com:


> I am having to do an emergency backup recovery on my most recent backup 
> as a restore from GUI fails.  
>
>
> I have a lot of AppVM and TemplateVM, 30 in total.   After I extract the 
> backup archive I am presented with a list of folder (vmNN)  one for each VM.  
>  
>
> -rw-rw-r-- 1 user user  93 Jun 14 12:23 backup-header
> -rw-rw-r-- 1 user user 138 Jun 14 12:23 backup-header.hmac
> drwxrwxr-x 2 user user    4096 Jun 21 19:23 dom0-home
> -rw-rw-r-- 1 user user   30752 Jun 14 12:23 qubes.xml.000
> -rw-rw-r-- 1 user user 138 Jun 14 12:23 qubes.xml.000.hmac
> drwxrwxr-x 3 user user    4096 Jun 21 19:10 vm1
> drwxrwxr-x 2 user user    4096 Jun 21 18:45 vm10
> drwxrwxr-x 2 user user    4096 Jun 21 19:02 vm11
> drwxrwxr-x 2 user user    4096 Jun 21 19:10 vm13
> drwxrwxr-x 2 user user    4096 Jun 21 18:40 vm14
> .
>
> Is there a way how do I know what vm number corresponds to an appVM name so I 
> do not have to try restore each vmNN folder to get my files back for just one 
> problem VM.
>







To answer my own question.  from the same directory as the vmNN folders:




   cat qubes.xml.??? | openssl enc -d -pass pass:"my_pass" -aes-256-cbc -out 
qubes.xml 





Then look for the appVM name and the corresponding "qid="













   

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KnBEpHx--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] emergency backup recovery proedue - how do you tell which "vm" folder is what AppVM

2017-06-21 Thread cubit 
I am having to do an emergency backup recovery on my most recent backup as a 
restore from GUI fails.  


I have a lot of AppVM and TemplateVM, 30 in total.   After I extract the backup 
archive I am presented with a list of folder (vmNN)  one for each VM.   

-rw-rw-r-- 1 user user  93 Jun 14 12:23 backup-header
-rw-rw-r-- 1 user user 138 Jun 14 12:23 backup-header.hmac
drwxrwxr-x 2 user user    4096 Jun 21 19:23 dom0-home
-rw-rw-r-- 1 user user   30752 Jun 14 12:23 qubes.xml.000
-rw-rw-r-- 1 user user 138 Jun 14 12:23 qubes.xml.000.hmac
drwxrwxr-x 3 user user    4096 Jun 21 19:10 vm1
drwxrwxr-x 2 user user    4096 Jun 21 18:45 vm10
drwxrwxr-x 2 user user    4096 Jun 21 19:02 vm11
drwxrwxr-x 2 user user    4096 Jun 21 19:10 vm13
drwxrwxr-x 2 user user    4096 Jun 21 18:40 vm14
.

Is there a way how do I know what vm number corresponds to an appVM name so I 
do not have to try restore each vmNN folder to get my files back for just one 
problem VM.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KnB9KD---3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] Re: Request for feedback: 4.9 Kernel

2017-06-21 Thread Ryan Tate 
On Thursday, June 1, 2017 at 10:00:09 AM UTC-4, Pablo Di Noto wrote:
> > >> 4) General feedback on the 4.9 kernel.
> > >
> > > Oh, yeah... I have started experiencing quite annoying internet 
> > > connectivity issues, very, very difficulty to troubleshot. Symptoms are:
> > >
> > > - Web browsing fails with ERR_EMPTY_RESPONSE, pages load partially never 
> > > reaching some of the content.
> > > ...((removed for brevity))
> > > It seems pretty repeatable, and would love to provide debugging info, 
> > > although I do not know where to look for.
> > 
> > I, too, encountered this issue and was unable to find
> > the cause. Had to revert to 4.4.67-12 kernel. :(
> 
> Oh, well. I am not crazy then. :)
> Maybe being a generic bug will make it worth debugging.

I had these issues as well. Oddly, some domains would load perfectly in an 
AppVM, but then others that should be available (e.g. Google.com) would 
suddenly break, then come back 5 minutes later. Those same domains would load 
fine in curl on the netvm. This also hit non HTTP apps like email, messaging.

I was not able to revert my kernel as my wireless adapter fails under the old 
kernel. However, I was able to fix by installing the fedora 25 template and 
upgrading the stack of VMs involved (sys-net > sys-firewall > appvm) all to the 
fedora-25 template. This seems to have eliminated the constant network stalls.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a05e18da-751b-4c74-930d-a1831574ce2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: FYI: AMD Epyc (server CPUs) comes with low-level per-VM DRAM Encryption / isolation support

2017-06-21 Thread Foppe de Haan 
seems it's also available for Ryzen CPUs: 
https://www.phoronix.com/scan.php?page=news_item=AMD-Secure-Memory-Encryption
(I haven't time at the moment to look whether it requires you to use the 
PSP/TPM or not.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e0dd4f0-97e5-421f-8397-0ba630d74340%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Ubuntu Xenial Update Dependency Breakages

2017-06-21 Thread Reg Tiangha 
On 06/21/2017 06:23 AM, Unman wrote:
> I'm assuming that you have added Qubes repositories to apt sources, and
> specified Debian, although you are running Xenial. Qubes doesn't provide
> repositories for Ubuntu packages, (as yet).

I've been thinking about this. I assume part of the reason for this is
that there's limited capacity on the Qubes development end to either
maintain or manage an Ubuntu update repository on Qubes infrastructure,
and while I think there was talk about having some sort of hosted
Community repository in the past, I'm sure that's been deferred so that
efforts can be focused on getting R4.0 out the door.

But there are so many third-party Ubuntu PPAs hosted on Launchpad. Would
it be possible for either the Qubes project or a group from the
community to build and host Qubes update packages on that platform,
independently from the Qubes project if need be, so that everyone in the
Qubes community who runs Ubuntu templates can benefit? Granted, I don't
know what the criteria is to get projects hosted over there, and Qubes
packages would only really benefit those running Ubuntu on Qubes and not
a normal Ubuntu user (so maybe that would disqualify it?), but it would
be nice if some kind of repository could be set up to host the
Qubes-specific packages that get updated whenever there are updates for
mainline Qubes for community-supported templates like Ubuntu and
Archlinux (and maybe others like CentOS and Trisquel in the future).

What I've been doing is keeping an eye on the qubesbot on Github and
whenever something gets pushed out, to take note of it and compile my
own versions, but it's a pain to push out to all my VMs. I think I'm
leaning towards setting up my own local repository to push updates to so
that I can use that in my VMs rather than manually installing those
packages myself, but it's something I don't have experience in (yet).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oidphb%24bg1%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ubuntu size

2017-06-21 Thread sanderhoog . sh 
On Wednesday, 21 June 2017 14:00:19 UTC+2, Unman  wrote:
> On Wed, Jun 21, 2017 at 01:23:49AM -0700, sanderhoog...@gmail.com wrote:
> > Hi people,
> > 
> > I made myself a Ubuntu HVM. But the only screenresolution is 800x600.
> > Does anyone know how i can make the screen larger than this?
> > 
> > I'd like to hear of you,
> > 
> > Greetz, Sander
> > 
> 
> There's a section on this in the docs:
> https://www.qubes-os.org/doc/linux-hvm-tips/
> 
> See if that works for you.
> 
> unman

Thankyou, that did the trick for me! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3622c32c-653e-4527-98cd-786a266fc153%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ubuntu Xenial Update Dependency Breakages

2017-06-21 Thread Unman 
On Tue, Jun 20, 2017 at 07:23:21PM -0700, Andrew Morgan wrote:
> Hey all,
> 
> Trying to update my Ubuntu Xenial template, but hitting following
> dependency issue. You can see my attempts to resolve this to no avail:
> 
> ...
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>  qubes-gui-agent : Depends: xserver-xorg-video-dummyqbs (=
> 3.2.17-1+deb8u1) but 3.2.13-1+xenialu1 is to be installed
>Depends: xserver-xorg-input-qubes (= 3.2.17-1+deb8u1)
> but 3.2.13-1+xenialu1 is to be installed
> E: Unable to correct problems, you have held broken packages.
> user@xenial-desktop:~$ sudo apt install -f
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> 0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
> user@xenial-desktop:~$ sudo apt install xserver-xorg-video-dummyqbs
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>  xserver-xorg-video-dummyqbs : Depends: xorg-video-abi-18 but it is not
> installable
> E: Unable to correct problems, you have held broken packages.
> user@xenial-desktop:~$ sudo apt install xorg-video-abi
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> E: Unable to locate package xorg-video-abi
> user@xenial-desktop:~$ sudo apt install xorg-video-abi-18
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Package xorg-video-abi-18 is not available, but is referred to by
> another package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> 
> E: Package 'xorg-video-abi-18' has no installation candidate
> 
> Any idea how one would get out of this situation? Is anyone else facing
> this with their Xenial VM?
> 
> Also I sometimes get the error that /var/lib/apt/lists/lock is present
> when starting my xenial machine and thus it cannot update/upgrade. Is
> there any way to ensure this file isn't present after a reboot/stop the
> system from occasionally not cleaning this file up?
> 
> Thanks.
> 
> -- 

Hi Andrew,

You have what is generally know as a FrankenDebian. Actually it's a
FrankenBuntu, of course. 
I'm assuming that you have added Qubes repositories to apt sources, and
specified Debian, although you are running Xenial. Qubes doesn't provide
repositories for Ubuntu packages, (as yet).
You cant just install the Qubes Debian packages on your Ubuntu system.
What you *should* do is build the updated packages (as you did when
making the template), transfer them to the template and install them
locally.

If you don't want to do that you can try to force the install of the
Debian packages, by manipulating dependencies.
You can override the apt dependency checking for individual package, by
using an appended hyphen.(This is very useful and not many people know
about it.)
In your case you want something like:
sudo apt install xserver-xorg-video-dummyqbs xorg-video-abi-18-

Then you will need to try to force the install of
xserver-xorg-input-qubes (= 3.2.17-1+deb8u1)
and make sure that the old Xenial packages are properly purged.

None of this is impossible, but it isn't straightforward. Building your
own Xenial packages would be much better.

On the "lock" issue, I see this sometimes, mainly on Zesty, but then I
see it on vanilla Ubuntu too: if it bothers you you could delete the
file in /rw/config/rc.local.

cheers

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170621122340.GB15634%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Setting up regular bitcoin donation / buying support case?

2017-06-21 Thread 'Vincent Adultman' via qubes-users 
Hi all

Over on https://www.qubes-os.org/donate/ I see I can setup a donation one of 
two ways, Bitcoin and via Open Collective, however 14% for the latter seems a 
hell of a donation overhead. As such, I'd like to use Bitcoin but have no idea 
how. While I realise there are probably many idiots guides, I wonder if this is 
a common feeling of people that visit the donate page.

I'm happy to muddle through setting up a recurring bitcoin donation and then 
contribute a guide (I currently have nothing else for which I would use 
bitcoin) if this would be helpful, but also wonder if someone has some notes 
stuffed away in a gist or similar somewhere?

On a related point, I've not been keeping up on all the ways you guys are 
seeking funding, but I believe selling individual support licenses for those 
who wished to purchase them was decided to be not worth the revenue it would 
generate vs effort, is this still the case? I use Qubes as my daily driver and 
cannot get any of the 4.x series kernels to work on my laptop, so am behind on 
this element of security updates. I take it I can't purchase a support case 
from ITL at the current point in time?

Vin

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/IqQb7fAEm5pfJp6bH03u69tcB0h4H3WgPzc0rqa11yXLOzNrHe0-NMtF91XGpGPqlcEmPTVq0jP5ixSuOd4atb9wfWV9mo5_kq_u1JX0gZs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

2017-06-21 Thread Holger Levsen 
On Wed, Jun 21, 2017 at 10:00:00AM +, Michael Carbone wrote:
> FYI x220 also has heads support:
> https://github.com/osresearch/heads/pull/190

oh nice! (so they should update their docs… :)


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170621102917.GA25531%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

2017-06-21 Thread math blanc 
Thanks ! I didn't hear about heads before, it's very interesting :)

Does an X230 with Coreboot and ME cleaned can match a Libreboot laptop ?

2017-06-21 11:23 GMT+02:00 Holger Levsen :

> On Wed, Jun 21, 2017 at 09:57:25AM +0200, math blanc wrote:
> > Installing Qubes OS 3.x on a X200 sounds like a bad idea to me, isn't ?
>
> I'd rather choose an x220 or x230, where you can also clean the ME.
>
> Plus, an x230 is supported by heads, which you might also like to use.
> (see https://osresearch.net) - but start with plain coreboot+qubes, that's
> a steep enough learning curve already :)
>
>
> --
> cheers,
> Holger
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANUaYM0dt16uzDBFak7f%3DOQA4Oahh1_0zaTkjuwHwJt6orDMPA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

2017-06-21 Thread Michael Carbone 
Holger Levsen:
> On Wed, Jun 21, 2017 at 09:57:25AM +0200, math blanc wrote:
>> Installing Qubes OS 3.x on a X200 sounds like a bad idea to me, isn't ?
> 
> I'd rather choose an x220 or x230, where you can also clean the ME. 
> 
> Plus, an x230 is supported by heads, which you might also like to use.
> (see https://osresearch.net) - but start with plain coreboot+qubes, that's
> a steep enough learning curve already :)

FYI x220 also has heads support:

https://github.com/osresearch/heads/pull/190

-- 
Michael Carbone

Qubes OS | https://www.qubes-os.org
@QubesOS 

PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9df3071d-5861-2d6d-dae1-da808197eb7b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

2017-06-21 Thread Holger Levsen 
On Wed, Jun 21, 2017 at 09:57:25AM +0200, math blanc wrote:
> Installing Qubes OS 3.x on a X200 sounds like a bad idea to me, isn't ?

I'd rather choose an x220 or x230, where you can also clean the ME. 

Plus, an x230 is supported by heads, which you might also like to use.
(see https://osresearch.net) - but start with plain coreboot+qubes, that's
a steep enough learning curve already :)


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170621092310.GB20965%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

[qubes-users] Ubuntu size

2017-06-21 Thread sanderhoog . sh 
Hi people,

I made myself a Ubuntu HVM. But the only screenresolution is 800x600.
Does anyone know how i can make the screen larger than this?

I'd like to hear of you,

Greetz, Sander

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c93d1e6e-1269-4cf6-867d-ad32378241b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

2017-06-21 Thread math blanc 
Hi aphidfarmers,

Thanks for the well documented answer.
Installing Qubes OS 3.x on a X200 sounds like a bad idea to me, isn't ?

2017-06-20 20:59 GMT+02:00 :

> Revised list of example systems, with corrections, price estimates,
> citations.
>
> Coreboot with all components open source; fully removed management engine:
> * Lenovo X200/T400/T500 w/ Coreboot, CPU: T9600 (dual core, each core
> about 50% of a modern i7-7920HQ [2]). Max 8 GB RAM. Cost: 75 USD used.[4]
> These systems run Intel Core 2 Duo CPUs, which lack EPT [5], so don't meet
> Qubes 4.x minimum requirements.
>
> Coreboot with open source RAM init but some minor blobs; partially removed
> management engine:
> * Lenovo T530 w/ Coreboot. CPU: i7-3840QM (quad-core, each core about 80%
> of a modern i7-7920HQ core [2]). Max 16GB RAM. Cost: 300 USD, used. [4]
> * Lenovo W530 w/ Coreboot. Not officially supported, but someone made it
> work. Max 32 GB RAM.
>
> Coreboot with proprietary RAM init; partially removed management engine
> * Purism Librem 15. CPU: i7-6500U (dual core, each-core about 80% of
> i7-7920HQ [2]). Max 16GB RAM. Cost: 2000 USD new.[3]
> * Purism Librem 13. CPU: i5-6200U (dual core, each core about 70% of
> i7-7920HQ [2]). Max 16GB RAM. Cost: 1700 USD new. [3]
>
> For a list of blobs included in Coreboot, see [1].
>
> All the Lenovo systems above require manual Coreboot compiling and an
> external flasher. The Purism systems can be flashed with coreboot from
> software (maybe only certain laptop revisions?) and can be preinstalled
> with Qubes.
>
>
> References:
> [1]List of coreboot blobs - https://www.coreboot.org/Binary_situation
> [2]CPU performance comparison - https://www.notebookcheck.net/
> Mobile-Processors-Benchmark-List.2436.0.html  Uncheck "Still available"
> find the older CPUs. Performance estimates based on Cinebench R10 32 scores.
> [3]Purism 15 - https://puri.sm/shop/librem-15/ and
> https://puri.sm/shop/librem-13/
> [4]e.g. eBay
> [5]List of CPUs without EPT - http://ark.intel.com/Search/
> FeatureFilter?productType=processors=false

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANUaYM3sYurjkaXDbM%2B0daEgL7zz%3DaahzzSgMxjeV2Mf5JzStw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] What is the expected output/response of AEM after xen update?

2017-06-21 Thread fakeidentity via qubes-users 
Hi,

I believe I updated xen, neglected to reseal, and have not rebooted since - 
until just now. I entered my srk password and my secret was not displayed. No 
blank line or error or was displayed. Is this expected?

I suppose this is normal in the situation, but I'd like to be sure.

I have no real reason to believe anything malicious should have happened and if 
this sounds normal I will ... reluctantly... continue to use the system.

For the record I am posting this from another computer for obvious reasons.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/274f3d13-d3c5-4f58-bb27-27fd29b27e12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.