[qubes-users] Impact of the Intel hyper-threading bug [Skylake & Kaby Lake]?
I am concerned about the recent bug affecting Skylake and Kaby Lake gen Intel processors - https://lists.debian.org/debian-devel/2017/06/msg00308.html As BIOS updates aren't yet available from many mobo manufacturers, how can we Qubes users best defend ourselves against an exploit? In this post I am hoping to reach out to someone who may be able to comment on how we can best configure our platforms until a fix is available. Following the advice in the linked Debian advisory, I have disabled hyper-threading in the BIOS settings. My questions are as follows: 1) When I check /proc/cpuinfo in dom0, 'ht' remains listed as a flag (capability). Running $ lscpu in dom0 indicates that 'Threads per core: 1' so I assume the BIOS has in fact disabled hyper-threading. Is this correct, or should the flag also disappear when functionality is disabled in BIOS settings? 2) Is it safe to run multiple VCPUs (up to the number of physical cores) for each Guest VM. Or, in light of this bug, should we only be using a single VCPU for each guest? Many thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/129571500992085%40web5j.yandex.ru. For more options, visit https://groups.google.com/d/optout.
[qubes-users] dvm starting extremly slow -> guid
Hi, some days ago I installed the fedora-25 template, but didn't use it because first I wanted to test it. I also updated my templates (around 20) and dom0. Then I noticed that starting a dvm takes really long (around 45 Seconds). Before it was about 3 seconds, which is somehow acceptable. But 40 seconds? I now changed the dvm to fedora-25 to perhaps improve the behaviour but the dvm startet even slower (around 50 seconds). To test it, I startet the dvm from the dom0-console: [user@dom0 ~]$ sh - c 'echo firefox | usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red' time=1500551220.14, qfile-daemon-dvm init time=1500551220.14, creating DispVM time=1500551220.19, collection loaded time=1500551220.19, VM created time=1500551220.2, VM starting time=1500551220.2, creating config file time=1500551220.31, calling restore time=1500551221.25, done time=1500551221.27, done qubesdb time=1500551221.27, resumed time=1500551221.46, qrexec done time=1500551271.78, guid done time=1500551271.78, VM started time=1500551271.79, reloading firewall time=1500551271.8, starting VM process It seems that guid startup takes 50 seconds. What is going on there or how can I debug it further? Qru -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/93e37a22cfb07b8441af296f4ccc8bb7%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL report for acer aspire v5-572pg
On Mon, Jul 24, 2017 at 6:57 PM, Oleg Artemievwrote: > Hello. > > No sound by dedefault, no vt-d actually sound works, sorry for mistake. > Though, this is temporary laptop till I'll have fully compatible purism one. > I'ven't removed any numbers. This laptop is obviously not for Qubes. > > It's okay to put this onto the Qubes Web HCL. -- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6OJOvwQO2XSzQ1O1i7Tg9pV37F4FFHguSBG0j32rsDhxw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unable to install KDE desktop
On Monday, 24 July 2017 08:25:43 UTC+12, dava...@gmail.com wrote: > Hi, > > Running the command "sudo qubes-dom0-update @kde-desktop-qubes" in dom0 > returns the following error: > "Warning: Group 'kde-desktop-qubes' does not exists." > > Am I doing something wrong? I have the same issue; I've been digging through documentation and attempting to list available groups to find out where it's gone, but to no avail. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4ebf595-dd40-4857-ab89-053f3cfdebe7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Need Help! Can´t get Access to Systemfiles like guid.conf grub
On Tue, Jul 25, 2017 at 10:14:26AM -0700, darkstrange...@gmail.com wrote: > Need Help! Can´t get Access to Systemfiles and folders. > Can´t access to the Grub.d Folder and can´t open the guid.conf files. I´m a > new Qubes OS User so sorry for this question. But i didn´t find any help yet. > Can anyone tell me how i can open the folder and edit the System Files? > > Many thanks > Open a terminal in dom0 - from menu or by right-clicking on desktop. Then 'sudo su' will give you root. Remember, with great power comes great responsibility. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170725225728.zz26pqlic7abafvi%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Blog ? and/or Fedora 25 notices ?
On Mon, Jul 24, 2017 at 08:21:24PM -1000, yreb-qusw wrote: > Hello, > I don't really see where , if anywhere, there is official Qubes type > updates for the OS , other than the canary and QSB thing > https://www.qubes-os.org/news/ > > ie., the Docs to see seem a bit static, Maybe that is what this mailing list > is for in part. > > > For Example, is there a show of hands for people using Q3.2 whom have > updated to F25?and/or when if ever, would I know that , that may be > recommended ? > > Maybe when some doc appears in the Docs section ? > > --- There's a qubes-announce list, which has significant notifications, but otherwise news comes through on this list, sometimes by announcement and sometimes just filters through. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170725225151.mn6bsuwa5muxy6y3%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Soft U2F in Qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Micah Lee: > How hard would it be to build a Qubes version of Soft U2F that stores > the secret in a separate VM, similar to split gpg? This could make using > U2F much more usable and secure inside of Qubes, I think. I suppose the most secure way (which avoids the USB protocol's attack surface) would be to have the separate VM implement only the "high level" U2F device, connect it to the browsing VM via qrexec, and then hook that up the browser (either by emulating a USB device, or via a specialized browser extension). Someone could probably do this by cannibalizing e.g. virtual-u2f [1]. If the website supports TOTP as well, and you're okay with Tor Browser or Firefox, you may be interested in Split Browser [2]. Its TOTP login is almost as slick - Ctrl-Shift-Enter to request logging in, Enter to confirm. Rusty 1. https://github.com/mplatt/virtual-u2f 2. https://github.com/rustybird/qubes-split-browser -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJZd6pCXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfjm0QAI8yXlDCeycu0a6bwyGiTuHL BT+9Ej8xWeKdLgAf61/kagSBn12M+w8aCpX/ZNjOSHMCl5j8mn+OLz0KpMivP1CL rXakk9thv9DMh2MemvtTzaVpI4Zf50yvZG9kHFj0oT9Y+aEIuClj+lOmwmVKQ3Xi iSZeu6uWwUNbUlRZ0hQgLJULd/H4uFkQyqzpAa9kC75KsgEZ/zwORUloO4JJZO7/ 5YOw18/WH7k+X4XMLyNlTHmLI8NcG35R91t7yDSBrSxr6VQroj1QPEDW2rtESgkb YuxlspIB3g+MzS+oXk3OSA/9ew5rMC4gp/Lk0vDtTTdA9HoY+YDnD93Xi54FBqJR TjcVL8ODM3pTI2RYkQxOCqCxj4t8nXr18GzvNshNSfbUvZRFgOc7lnhkS8xnf1eW nVbVcZV8yvv0uCslYrnWb451EAU8xsOcM5NOvX4paGjAWS2DjKsQXvEzez7bz4os ziRQ0KO98Pd4RUOY+PMhCKBoZKQdzF3IcvcGeDcmhuxeYnFfpMXACkQ61reaijbV dxUWrvzMZ6MxhW/StSQy9OMcNiP98UlHU1VfP1PfiEY+cFa/citfyK4cTdB0WEB/ 4YjpxWyLd55UwMrGblJ+op3NyqbkpqAUcXjyhq6zdttkFgdNdST6deNDUr0MQjCU LAJBzr/0WaOv8ZS/P/xu =FSN9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170725202954.GB6414%40mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS Systemfiles are read only to root, need help
Ok Manny thanks and cam u Tell a noob how it goes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37842fa7-6024-4e92-a1f6-cc6e9d5edd27%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS Systemfiles are read only to root, need help
On 07/25/2017 03:15 PM, darkstrange...@gmail.com wrote: how i can change it to change and edit system files? If your shell is running in dom0 and root can't alter system files, then has your / filesystem been mounted as read-only? This can happen if a problem was encountered during boot. Running 'mount' command by itself will tell you if / was mounted as read-only. If so, you can try re-mounting it with the '-o remount,rw' options. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4bdb6911-55cb-8fa1-6812-821a800101fb%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run problem with strings containing & ?
On 07/25/2017 12:49 PM, mittend...@digitrace.de wrote: Hello Qubes users. I use qvm-run to start a firefox in a disp-vm. The command is /usr/bin/qvm-run --dispvm firefox "$url" or /usr/bin/qvm-run --dispvm "firefox "$url"" This works fine, as long as there is no & in the url. If there is an &, this letter and all following symbols are removed. If I use firefox "$url" the correct url is opened up in the current VM as expected Is this a bug in qvm-run or is there an error in the command? Thanks. Than again, maybe not quite a bug. The quotes you supply are used-up by the dom0 shell. This is expected. Running the command with --pass-io, you can see that everything to the right of & is run as a separate command on the target VM, except when its escaped as \&. qvm-run --pass-io untrusted "notify-send HI" ...results in "WHAT not found" in red lettering (from untrusted VM). But using \& works as a single command. You can also supply an additional set of quotes like this: qvm-run --pass-io untrusted "notify-send \"HI\"" This quoting method seems mose usable because you don't have to be vigilant about escaping different characters... just escaping the extra quotes should do it. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8f6955a-5bdf-877a-85b6-791e91757c52%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS Systemfiles are read only to root, need help
how i can change it to change and edit system files? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e8ca3a4-a2a0-4167-b274-f6507a302da6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run problem with strings containing & ?
On 07/25/2017 12:49 PM, mittend...@digitrace.de wrote: Hello Qubes users. I use qvm-run to start a firefox in a disp-vm. The command is /usr/bin/qvm-run --dispvm firefox "$url" or /usr/bin/qvm-run --dispvm "firefox "$url"" This works fine, as long as there is no & in the url. If there is an &, this letter and all following symbols are removed. If I use firefox "$url" the correct url is opened up in the current VM as expected Is this a bug in qvm-run or is there an error in the command? Thanks. Might be a bug. As a workaround, have you tried escaping the character with a backslash like this: \& -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ec8474f-451a-9611-527d-a075be4b3dfb%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Soft U2F in Qubes?
GitHub has released an interesting piece of Mac software called Soft U2F: https://githubengineering.com/soft-u2f/ It's basically a virtual security key, and it stores its secret in the macOS keyring. When you login to a website with 2FA, instead of using a physical USB security key, you just click an "approve" button that pops up. Their blog about it says: "Authenticators are normally USB devices that communicate over the HID protocol. By emulating a HID device, Soft U2F is able to communicate with your U2F-enabled browser, and by extension, any websites implementing U2F." As it stands, U2F is a pain in Qubes because you have to deal with USB passthrough, and exposing your VMs to sys-usb. How hard would it be to build a Qubes version of Soft U2F that stores the secret in a separate VM, similar to split gpg? This could make using U2F much more usable and secure inside of Qubes, I think. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/518a8fa7-05f3-f1ea-247a-bff614acbdc6%40micahflee.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Need Help! Can´t get Access to Systemfiles like guid.conf grub
Need Help! Can´t get Access to Systemfiles and folders. Can´t access to the Grub.d Folder and can´t open the guid.conf files. I´m a new Qubes OS User so sorry for this question. But i didn´t find any help yet. Can anyone tell me how i can open the folder and edit the System Files? Many thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/766336f9-518f-462a-9fbe-3687dbc88ab0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-run problem with strings containing & ?
Hello Qubes users. I use qvm-run to start a firefox in a disp-vm. The command is /usr/bin/qvm-run --dispvm firefox "$url" or /usr/bin/qvm-run --dispvm "firefox "$url"" This works fine, as long as there is no & in the url. If there is an &, this letter and all following symbols are removed. If I use firefox "$url" the correct url is opened up in the current VM as expected Is this a bug in qvm-run or is there an error in the command? Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9bbe3cd-9fff-d1f9-28ce-e7f47ad43453%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Lenovo Miix 700
Generally exceptionally usable (low ram can be an issue sometimes) Gotchas: - had to disable secure boot - I had to upgrade the fedora-23 templatevm to fedora 24 on a different machine and transfer it via usb to get wifi working. Working: WIFI, USB, suspend, touchscreen, hardware buttons and multimedia keys except for airplane mode. Video appears to be unaccelerated. Have not yet tested cameras, external display via mini-hdmi or sd card slot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CACMYrpHBN1TH%2B9zYyi-Kds%3DDmfTUsDB2ZXUMQ3aZE2-YYMa12A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-80QL-20170725-115139.yml Description: application/yaml
Re: [qubes-users] Re: Anyone got a intel z270 motherboard to work with Qube os
> Yeah, using a different network adapter worked fine. Even though the onboard > NIC is listed for passthrough to net-sys, the net-sys always indicated a > modulo error when booted. > > > I bought some cheap gb adapters off amazon for like 4$ a while back, and it > worked without any configuration on a fresh install > > I Ivan, Can you explain in detail how did you did to work out with the Asus Z-270 Prime? I got the same problem a few weeks ago and couldn't make it work yet. https://groups.google.com/forum/#!msg/qubes-users/ikMEsdOjeoU/jHy5Q00nBAAJ Thanks !!! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2814baca-f112-40dd-b47e-eb6001cafa89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes Blog ? and/or Fedora 25 notices ?
yreb-qusw: > updated to F25? that may be > recommended ? I did it four weeks ago (upgraded the existing F24 templates) an haven't been run in no issues at all. So: recommended from my point of view. https://www.qubes-os.org/doc/template/fedora/upgrade-24-to-25/ Cheers, Rob -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/416c605a-46c0-cbae-424d-4ea3dac5800b%40posteo.es. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Blog ? and/or Fedora 25 notices ?
Hello, I don't really see where , if anywhere, there is official Qubes type updates for the OS , other than the canary and QSB thing https://www.qubes-os.org/news/ ie., the Docs to see seem a bit static, Maybe that is what this mailing list is for in part. For Example, is there a show of hands for people using Q3.2 whom have updated to F25?and/or when if ever, would I know that , that may be recommended ? Maybe when some doc appears in the Docs section ? --- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e5071ee-d52a-f7ab-43bb-14832a2c7b9b%40riseup.net. For more options, visit https://groups.google.com/d/optout.