[qubes-users] DNS over TLS

2017-11-27 Thread CF 
Dear Users,

A few (simple) questions as I was reading about DNS servers:

1 - Any feedback on using your own DNS server directly on your Qubes
machine (using unbound for instance)? Is it straightforward to have your
DNS cache persistent across reboots?

2 - Any feedback on the DNS over TLS provided by quad 9?
https://www.quad9.net/
https://labs.ripe.net/Members/stephane_bortzmeyer/quad9-a-public-dns-resolver-with-security/

3 - Are you aware of any other similar public server available? (IPV4 /
IPV6 + DNS over TLS)

4 - Last but not least, it is not very clear how to set up Qubes to use
a given DNS server. Should we modify each VM? Or only the net VM? Or the
firewall VM?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ovhsev%24uh3%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread Wael Nasreddine 
On Monday, November 27, 2017 at 6:25:58 PM UTC-8, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-11-27 13:37, Wael Nasreddine wrote:
> > On Monday, November 27, 2017 at 11:09:12 AM UTC-8, David Hobach 
> > wrote:
> >> On 11/27/2017 07:57 PM, David Hobach wrote:
> >>> On 11/27/2017 07:47 AM, Wael Nasreddine wrote:
>  I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got 
>  two hard reboots in the last few hours, often around the time
>  I start a VM. I do not see anything in the log.
>  
>  P.S: I've been running Citrix XenServer for two years on this
>  machine with no issues.
>  
>  [...]
> >>> 
> >>> Yes, I can confirm that issue (except for the "around the time
> >>>  I start a VM"). Didn't find anything yet neither, my log looks
> >>>  similar. Some memory balancing tends to be the last entry.
> >> 
> >> P.S.: I run a T530 with coreboot, some i5, ME cleaned.
> >> 
> >> I'm not sure whether it's a heat issue, but I'd guess not as I 
> >> had tested it until ~95 Celsius and it tends to run at max 80 
> >> with Qubes. I think it reboots at ~100 Celsius.
> >> 
> >> But yes, it tends to happen at relatively high load.
> > 
> > It happened to me regardless of load, I had only essential VMs with
> > one Firefox opened the last time it happened, also I was not trying
> > to start up a VM.
> > 
> 
> It looks like you may be encountering this known bug:
> 
> https://github.com/QubesOS/qubes-issues/issues/3079
> 

Not sure that it is, #3079 is about kernel killing X due to OOM, but my issue 
is that the entire server reboots, so the screen goes black and a few seconds 
later I'm greeted by the bios boot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b7ad5ef-e92a-475f-ac91-1e7671d7fb7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes for "dummies"

2017-11-27 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-11-27 11:44, genevieve.c.gauth...@gmail.com wrote:
> Hi, I did not know about your OS.  I think this project is awesome.  I do not 
> have the computer knowledge some of you specialist of your field have.  I am 
> writing this message to try to contribute in my own way.
> 

Thanks!

> First, I have also watched "Youtube :Golem and Friends: Data, Security, 
> Scaling and More..." (very interesting too and I am learning more...)
> 
> The first part the presenter (I understand she is a major contributor to 
> Qubes)

Not just any contributor, but the founder and architect! :)

> says "I would not recommended using a windows OS - internet browsing" this 
> person as superior knowledge... 
> 
> My point of view is this : This lady (and probably all of you even reading my 
> post) are (would be) one of the most secure windows user(s) on this planet ! 
> 
> Regarding to your future project, I am writing this to also tell you about my 
> concerns that people who would NEED you the most, logically, would be the 
> user with LESSER/ALMOST NO computer skills ...!  
> > I have a MintLinux server at home (force to use this because of my limited 
> > knowledge and the "obnoxious" graphic card chipset of the old laptop that I 
> > transformed for my project.  (Home network : I have windows clients (for 
> > gamers), macOS client & now a new fedora-based client that I wanted to be a 
> > Qubes client but ...(2nd topic)) So, if I were to install Qubes on many 
> > system, my first choice would be to install it on my friends and family 
> > members who do not have a clue what goes on at anything lower "than 
> > runlevel 5" (to be more accurate they know what they are seeing and that's 
> > almost it and nothing about what goes on "beyond the scene" as far as 
> > computers go)
> 
> 2nd topic : My experience 48h experience with Qubes 3 + another 48h on Qubes 
> 4.0 rc2 on my personal laptop. First, I notice the Qubes manager went away. 
> Not a problem because I was able to master the command-line qvm-backup easily 
> (without knowing everything)) (but using a terminal is now consider "above 
> average" skills by definition)  In fact, I had chosen Qubes for this laptop 
> (the hardware had the capacity to handle the OS as far as virtualisation is 
> concerned) and it seems perfect to read online and work on it. I felt my data 
> (my own little projects) would be more secured.
> 
> Logic for dummies .. 
> => Logic : new laptop have touchscreen ...
> => Logic : Qubes designer chose not to support gnome => I understand it 
> perfectly*.   However, considering, in the future most user will have 
> touchscreen, they will want the OS/software to be able use the hardware 
> capacity they paid for (I think this is logical).  The user who would need 
> your work the most will not be able to add touchscreen support to xfce-based 
> Qubes (if it's not included) I know that I was not able to do this myself at 
> first. (is it possible?)  I loved your fedora-based system (dnf as opposed to 
> apt-get is not too difficult to adapt too) Therefore I decided to switch my 
> client to the new fedora workstation gnome-shell.  I do not think supporting 
> gnome (with all the implication that this have about reviewing internal 
> security/reviewing codes => major hrs and, perhaps, many coffees for everyone 
> is "The Must Way to go" (I do not even think myself there should be any Must 
> Way/One Way. Users should be as free as they can)
> 
> However, from a user (human) perspective, I needed to read about Qubes.  I 
> wanted to read about your project.  I used to be a able to use my touchscreen 
> to read faster... and gosh I have needed to read a lot the past for days! 
> Now, I am reading your documentation on fedora (with touchscreen support) and 
> this is much easier for me.  I which I could reinstall Qubes (xfce /w 
> touchscreen support like my fedora 27 workstation) in 2018 :-)  At this 
> point, I have switched to federa also because Qubes 4 had a nasty bug(s) 
> involving not only the nm-applet but the whole sys-firewall vm /sys-net vm... 
> Dummy perspective : One time, the nm-applet went away I could not start the 
> sys-firewall either ( , Error starting VM: Cannot exeCute 
> qrexec-daemon! in terminal :S ) Then after rebooting two times, my sys-net & 
> sys-firewall were "fine" ..  Those problems are completely beyond my current 
> skills .. I switched to fedora 27 but I will continue to closely follow your 
> project/Qubes OS on facebook and read more about this project.
> 
> If this help someone ... I think you are doing great work (users and 
> developers) and please keep in mind those who would need you (your skills) 
> the most are not even people like myself but users far more vulnerable (even 
> less knowledge)... I understand this from my own field that sometime people 
> with superior skills take for granted (as do I) some of "our" knowledge and 
> tend to

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-11-27 13:37, Wael Nasreddine wrote:
> On Monday, November 27, 2017 at 11:09:12 AM UTC-8, David Hobach 
> wrote:
>> On 11/27/2017 07:57 PM, David Hobach wrote:
>>> On 11/27/2017 07:47 AM, Wael Nasreddine wrote:
 I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got 
 two hard reboots in the last few hours, often around the time
 I start a VM. I do not see anything in the log.
 
 P.S: I've been running Citrix XenServer for two years on this
 machine with no issues.
 
 [...]
>>> 
>>> Yes, I can confirm that issue (except for the "around the time
>>>  I start a VM"). Didn't find anything yet neither, my log looks
>>>  similar. Some memory balancing tends to be the last entry.
>> 
>> P.S.: I run a T530 with coreboot, some i5, ME cleaned.
>> 
>> I'm not sure whether it's a heat issue, but I'd guess not as I 
>> had tested it until ~95 Celsius and it tends to run at max 80 
>> with Qubes. I think it reboots at ~100 Celsius.
>> 
>> But yes, it tends to happen at relatively high load.
> 
> It happened to me regardless of load, I had only essential VMs with
> one Firefox opened the last time it happened, also I was not trying
> to start up a VM.
> 

It looks like you may be encountering this known bug:

https://github.com/QubesOS/qubes-issues/issues/3079

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaHMkhAAoJENtN07w5UDAwpiIP/AmiSKhNwhmQaCF2RCOiTvvy
eZ/JgtgKGn04fRELNHp5ban71hHOt5ra5Z0r91UUX1ClR1gGpRm3Nmnq6Bb2wmTe
u8GpgP2n6AWzw9GR/sl2iCgTisC7tBErsdI61lmkN+YvOhdrAeWyiWDssEna/0qV
KN9QEIxcIytblAXf+daaYF6dLbia1InShkZ5EaCf8JAlADSPkGC2+dfcCquO3Klv
Gp4JZFsEKWKkqdjGtMAjPzdqApABUQjUHgd8/vWpCvbygtw3aBbNfAXeiYdOwDj9
ixMrUTglDkidn3NBhHpjZcPA99plnKSB3YFIclKBd8TC7vKW6mF1r/aDK/T85waz
HN6tgIWRmLmdbDpFkHEVwOgxQkq6KPMqK4dEF77fLDU+uEHaCRrRxPxtw4PQXqeu
uU5ctJn3hp4DlchJptq8m5qViMYspUj/9G3zByk50EKTMluqn/vJsbAvwkeFsE1x
wvmaMMtwSQM55hxV2giggAjCeoMsux6xuMzlNyIISDAWfRS0Pbj5QxAYnKmCasd1
JNywt8n3KDsJ70KQNgVOGmKoybOxbM6uxtLZp1M9r1g1gvnFn+CXfC7yH0OTlIRO
vEkmx7068WqUl0TBECvx8gT+fbpg24yUiSdgDWvHeegLdwJ+EZAZL34Pjey1vpec
EHi/3jR4SRlv4ERPGrdB
=J39y
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54c50a9e-8d57-fc34-f515-f02f7353b330%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Upgrade from R4-RC2 to R4 final

2017-11-27 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-11-27 15:21, 'Marek Jenkins' via qubes-users wrote:
> On Monday, 27 November 2017 12:04:27 UTC+1, Jean-Luc Duriez
> wrote:
>> New to Qubes OS but veteran Linux user, I am currently building a
>> R4-RC2 config for my day-to-day personal desktop. I gave a try to
>> R3.2 but my Intel HD 630 integrated GPU was not supported, so I
>> went for the beta.
>> 
>> I have begun to create a few AppVMs and imported my data in the
>> Qubes. I feel confident enough to start using it right now as it
>> is quite stable.
>> 
>> Before I make the big step to ditch my previous OS, I would like
>> to know what will be the procedure to switch from R4-RC2 to R4
>> stable. Shall I be forced into a reinstall of Qubes OS from
>> scratch, or will it be something easier like a dom0 update, which
>> will preserve the Templates/AppVMs ? What should I expect for the
>> upgrade ?
>> 
>> Thanks for your lights
>> 
>> Jean-Luc
> 
> I'd also be interested to know !
> 

We'll announce this as soon as we can. However, we usually can't say
for certain whether an in-place upgrade will be possible until very
close to the stable release.

If we say that it'll be possible based on our current plans, and those
plans change, users may be inconvenienced (or worse). If we refrain
from changing our plans because we've already said that an in-place
upgrade will be possible, that limits our ability to improve the final
release while it's still in testing. We don't want to make promises
that we can't keep, but we also don't want to lock ourselves into a
path that turns out to be sub-optimal. That's why we wait to announce
things like this until we can be reasonably certain.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaHMd3AAoJENtN07w5UDAw5OEP/1fUdxHyRLDNsFX1Kfpw5ZzN
SCsw64beRC5k8CCpjTDyUFD0LHfWdLwP9dbuqyoXuxZUqH9OY3TM8+q2XbZxdsWh
MUfqlFrk9z8frLi0g4HswarppYqvpMVzeG2kBeYmfHAYulOyhjmQShI0PHtorXAo
6TiK8o/FKQ/C7BoQXXbN1wqVgpSV/U6gxeKpRADMepD3uAMhCGyH8b1nLJcElSRC
lz6/xgdbDNYz1W384Suyoq21wknebQ6bwrdXsb3l/8+Wt8dUm/ZqSta65kWpmAIb
qp3AT5DLdhnteUVhw4X78vXzSe3zMxJK0M/22vmHsKXPTy+qsvKsqo7K4oiYoV1t
04UwBIGGe+AqqtRnSR0f0+0hcC47nWGgxcdbmrEgRp4H9A5ayGzuR0Vq9aMCGyEv
I65rOldxpBnBqmD+dzmr3TaDUccPRG4oAdfUcdKXCtiRVwM885t85es3kgT3XMv/
rTM+YD4PPDi8B1vXgiQCs1BC2je12xVZvz8qoNLbDMeXJuPLY+ZiT74zKTHQvW50
sVyi/aJ1YQt7n6UEGFTG2DksZSOWbMMyYXmqrzBgu2oj/dXOFQGv6nocXkVGdEXp
DZfXgJxH37mqAeivJ6Xig2QG2SnQADKevs/KYmzzdlvq3IQxM98yn2Jna3oXEWeY
Ie9fHWR7ufcO4Bn9fC4R
=xq0i
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d4cd900-00e5-5301-1cbe-f0e8b21ab0a4%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Move homedir to second drive

2017-11-27 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-11-27 16:03, 'Tom Zander' via qubes-users wrote:
> I have a ‘work’ VM which holds a significant amount of user-data
> and as such I want my homedir to be hosted on my spinning-disk
> drive.
> 
> I’m more than fine just using a standard btrfs partition there, I
> really like the snapshotting option there, but this does imply I
> would need to automatically assign this partition to the VM at
> vm-start. Probably from dom0.
> 
> I can write a script and only start the VM that way, but it feels
> there musts be a better way. Does anyone know of a way to do this
> auto-bind?
> 
> Thanks!
> 

This option works well for me on 3.2 (doesn't require auto-bind):

https://www.qubes-os.org/doc/secondary-storage/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaHMTAAAoJENtN07w5UDAwYMsQAMjfN4n9NraP9/1y7mP51aTc
Aoe8HX97MTdzsaZqRmv76onKYKOM1wIqcCKmk77OsVT5p7a6WYnQYg4b2LyVwDlp
CX2Wimd9lD9NMRMSfYqk1448prtqQFubxCyikzo81XAcLOIaPrLvqfbJghRyPO27
4bg4uKyeUNG0wXg07xOLQqwWriXBIl3IIO1aY/lx74GgoXFlQIWC7CGuT7j8xuHz
x0d7emEGz0vURzh28N/FBmVIENTwcWyMCc4zWdNiCpTvqCuHiwXO0P7ZWVNlLgoB
IMVhlFmPmoThe5QkRuIurPar/0dL0zUhf4vjG/EhLDyLflZFnJ/jL8NZf5w96FZG
P/kdis6ImW4vQCF1SOsCKSv1ATHTCliUdeNLagkwt+ZF4ToAmXUWMLMDoKTdx19N
SIdFsqyw/YBU8fBFj9uuRyxYH7iaNwGjimQ0v8wQBw/Ko7ndSJ7kgEjRv1xXCZ7T
VwoTXTb65leAorkhNvtDQwbX44OOhDi9V3dKFglmU6/NjH6+Z1b51/5sjbK5mrVt
5hcRpTGKrhtknhEVUAKElAdvUhkI6NEZMb0+JaF3OYFqiX9G56324QKg/5hyms5v
ECC5+W+Jz0XjmFqqoP5B4zs0Kzlpr4uQvPt99fkM/LrgFAfEF6tDzRBZSsFetDtc
G6TUqzdiwmOdIy5+FKN5
=7Qn+
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/850a285f-e9fd-3d93-3fd5-3c0e52d98e5d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How To Replace Libvirt Drivers

2017-11-27 Thread Person 
On Sunday, November 26, 2017 at 11:51:23 PM UTC-5, Wael Nasreddine wrote:
> On Sun, Nov 26, 2017 at 8:22 PM Person  wrote:
> 
> 
> On Saturday, November 25, 2017 at 11:11:30 PM UTC-5, Wael Nasreddine wrote:
> 
> > On Saturday, November 25, 2017 at 8:06:27 PM UTC-8, Person wrote:
> 
> > > “In an earlier install, after I got this error, I switched all VMs to 
> > > using pv virt_mode and managed to get `qubes-dom0-update` to run, after 
> > > doing that, I still got the same weird /proc/cpuinfo and lscpu output but 
> > > VMs were booting OK with hvm.”
> 
> > >
> 
> > > How exactly do you switch VMs to using pv virt_mode? The only thing I 
> > > actually want is for the VMs to book correctly, and that would save me a 
> > > lot of trouble.
> 
> >
> 
> > sudo qvm-prefs  virt_mode pv
> 
> 
> 
> I tried the command on my only HVM, and I received the message:
> 
> ***Running the tool as root is strongly discouraged, this will lead you in 
> permissions problems. Retry as unprivileged user or use "--force-root" to 
> continue anyway.
> 
> I wasn't using root user at the time, so I found that strange. And after I 
> changed the HVM to pv virt_mode, I got the same virtualization error.
> 
> 
> 
> I then tried the command on every single VM. I still received the 
> "--force-root" message, but there were no other errors in the command. When I 
> submitted the commands, I received lists of information about the VMs. And 
> when I changed them to pv virt_mode, I still got the same virtualization 
> error.
> 
> 
> 
> (If dom0 doesn't say that the command was unsuccessful, it was successful, 
> right? Otherwise, I may not have successfully set the VMs to pv virt_mode.)
> 
> 
> 
> It seems that we have different versions of Qubes (you have Qubes 4.0 and I 
> have Qubes 3.2), so I can see why your method might not work for me.
> 
> 
> My apologies, yes I'm running 4.0. My issue is not similar to yours afterall, 
> as I understand it (never tried R3) it defaults to PV anyway.
> 
>  
> 
> 
> --
> 
> You received this message because you are subscribed to a topic in the Google 
> Groups "qubes-users" group.
> 
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/qubes-users/Go04b5VsYfw/unsubscribe.
> 
> To unsubscribe from this group and all its topics, send an email to 
> qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/c5a3a98e-70ab-4c31-b87a-5ad31c87d3eb%40googlegroups.com.
> 
> For more options, visit https://groups.google.com/d/optout.

Interesting. I wonder if there's any way to get rid of this problem other than 
changing it to pv virt_mode, changing the drivers, or reinstalling the 
hypervisor. 

I wonder if I should just give up HVM and try seeing if there are any templates 
of the OS I want for Qubes (probably not).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27d86bb0-3f5d-4283-960d-bff38f1a5578%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 only booting with onboard GPU ?? (ASUS KGPE-D16 + AMD Radeon 6450)

2017-11-27 Thread taii...@gmx.com 

On 11/27/2017 04:17 PM, 'Marek Jenkins' via qubes-users wrote:


I take it you are using coreboot? if you aren't you should, otherwise
you need to change the "primary video" option in the BIOS - which will
solve your issue.

Hi Tai,

no I tried to use Coreboot with default settings (Seabios), compiling and 
flashing the .rom on the chip was easy. But with Coreboot BIOS the screen 
stayed black. What made me change back to the default BIOS was, is the fact 
that the CPU fans got really loud (full-speed) shortly after booting.
You need to either run fancontrol/pwmconfig or use the Raptor OpenBMC 
beta with the ASMB4-iKVM chip that came with your board, as coreboot 
doesn't handle fan control. (and thus sets them at full speed)


I have the same board - and I can use either the onboard vide or my 
pci-e GPU without issues. Did you reset the CMOS after you flashed 
coreboot like the wiki instructed?


How long did you wait for coreboot to boot? if you keep the log level at 
max it will take around 60 seconds, otherwise lower it to 2 (what I use) 
for 10 second boot. I thought the same thing when I started using it 
(that it was broken) until I got a null model cable and noticed that it 
was in fact booting.

Lower the log level in menuconfig. (this really should not be a default)

  I removed some of the RAM which at least solved the issue with the loud fans, 
so I assumed my RAM (Kingston ValueRam) might be incompatible with Coreboot ?
Naah, you can use any RAM - the memory compatibility issues were fixed a 
long time ago.

Do you have an idea why coreboot boot failed for me ?

Thanks a lot for the hint with VGA boot priority!
I have now found the VGA settings in the BIOS and did the following:
- Enable IOMMU

Don't forget to enable HVM etc as well.

- Set GPU Boot Priority to "PCIe VGA" instead of "Onboard VGA"

This only partly solves my issue. Now, I can at least boot without issues when 
the PCIe graphics card is connected to the PCI slot. But I can still only 
finish the boot process, when I use the VGA Onboard graphics because I still 
get the same error message as before with the PCIe card:

ERST:   Failed to get Error Log Address Range.
BERT:   Can't request iomem region 


Strange - this would probably be an OS problem as it works fine for me.
What BIOS revision are you using as the default BIOS?

Nevertheless, I still have a working signal on my VGA onboard graphics card and 
can simply continue with the boot process there by switching the connection 
from HDMI to VGA (hope you get what I mean).

After booting completely, there is still no signal on the PCIe VGA card.

Could I have dmesg, xl dmesg and (as root) # lspci -vv please?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de94a8d2-0f6d-c5f2-4be6-44d1be2c5c27%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: some dom0 launcher options disappeared after upgrading to fedora 25

2017-11-27 Thread Eyüp Hakan Duran 
Thank you for the useful link. It truly works and solved my problem.



2017-11-27 7:15 GMT-06:00 Lorenzo Guerra :

> Il giorno lunedì 27 novembre 2017 14:07:10 UTC+1, Lorenzo Guerra ha
> scritto:
> > It happened to me once in the past, I think after I removed some
> template VM. Apparently this is a bug of some sort. I found the following
> thread helpful.
> > https://groups.google.com/forum/m/#!searchin/qubes-users/
> dom0$20entries$20menu/qubes-users/lsED7b1qVjw
> > Regards,
> > L. G.
>
> Oops, wrong link, sorry :(
> This should be the correct one.
> https://groups.google.com/forum/#!topic/qubes-users/lsED7b1qVjw
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/to
> pic/qubes-users/jUoU-04QH6Q/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/qubes-users/84a8b614-7223-46e9-b8ec-fb0d43a52d39%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHe5-UHTikQxQ5fsRzPO9pVGaLJ3%2BX2AxkJ0O7ZH4DYLRvyZLw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Move homedir to second drive

2017-11-27 Thread 'Tom Zander' via qubes-users 
I have a ‘work’ VM which holds a significant amount of user-data and as such 
I want my homedir to be hosted on my spinning-disk drive.

I’m more than fine just using a standard btrfs partition there, I really like 
the snapshotting option there, but this does imply I would need to 
automatically assign this partition to the VM at vm-start. Probably from 
dom0.

I can write a script and only start the VM that way, but it feels there 
musts be a better way.
Does anyone know of a way to do this auto-bind?

Thanks!
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2513427.0csQtBiJSz%40strawberry.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Upgrade from R4-RC2 to R4 final

2017-11-27 Thread 'Marek Jenkins' via qubes-users 
On Monday, 27 November 2017 12:04:27 UTC+1, Jean-Luc Duriez  wrote:
> New to Qubes OS but veteran Linux user, I am currently building a R4-RC2 
> config for my day-to-day personal desktop. I gave a try to R3.2 but my Intel 
> HD 630 integrated GPU was not supported, so I went for the beta.
> 
> I have begun to create a few AppVMs and imported my data in the Qubes. I feel 
> confident enough to start using it right now as it is quite stable. 
> 
> Before I make the big step to ditch my previous OS, I would like to know what 
> will be the procedure to switch from R4-RC2 to R4 stable. Shall I be forced 
> into a reinstall of Qubes OS from scratch, or will it be something easier 
> like a dom0 update, which will preserve the Templates/AppVMs ? What should I 
> expect for the upgrade ?
> 
> Thanks for your lights
> 
> Jean-Luc

I'd also be interested to know !

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/139ad4c7-f61e-4ef7-9500-b933f8af54dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 only booting with onboard GPU ?? (ASUS KGPE-D16 + AMD Radeon 6450)

2017-11-27 Thread 'Marek Jenkins' via qubes-users 
Could using Qubes 4.0rc2 also solve my problem ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28dcd6a7-fc68-48f4-9876-1128835c328e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 only booting with onboard GPU ?? (ASUS KGPE-D16 + AMD Radeon 6450)

2017-11-27 Thread 'Marek Jenkins' via qubes-users 
> I take it you are using coreboot? if you aren't you should, otherwise 
> you need to change the "primary video" option in the BIOS - which will 
> solve your issue.

Hi Tai,

no I tried to use Coreboot with default settings (Seabios), compiling and 
flashing the .rom on the chip was easy. But with Coreboot BIOS the screen 
stayed black. What made me change back to the default BIOS was, is the fact 
that the CPU fans got really loud (full-speed) shortly after booting. I removed 
some of the RAM which at least solved the issue with the loud fans, so I 
assumed my RAM (Kingston ValueRam) might be incompatible with Coreboot ?

Do you have an idea why coreboot boot failed for me ?

Thanks a lot for the hint with VGA boot priority!
I have now found the VGA settings in the BIOS and did the following:
- Enable IOMMU
- Set GPU Boot Priority to "PCIe VGA" instead of "Onboard VGA"

This only partly solves my issue. Now, I can at least boot without issues when 
the PCIe graphics card is connected to the PCI slot. But I can still only 
finish the boot process, when I use the VGA Onboard graphics because I still 
get the same error message as before with the PCIe card:

ERST:   Failed to get Error Log Address Range.
BERT:   Can't request iomem region 


Nevertheless, I still have a working signal on my VGA onboard graphics card and 
can simply continue with the boot process there by switching the connection 
from HDMI to VGA (hope you get what I mean).

After booting completely, there is still no signal on the PCIe VGA card.

Kind regards!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05482cb8-3b07-42ec-a937-1caf514d8cec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0-rc3 has been released!

2017-11-27 Thread Chris Laprise 

There were also dom0 update errors:


error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-primary: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3.1-primary: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3.1-templates-community: key 1 import 
failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3.1-unstable: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3.2-primary: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3.2-templates-community: key 1 import 
failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3.2-unstable: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-primary: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-templates-community: key 1 import 
failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-3-unstable: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.0-primary: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.0-templates-community: key 1 import 
failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.0-unstable: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary: key 1 import failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-templates-community: key 1 import 
failed.
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource 
temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-unstable: key 1 import failed.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e04feb0f-2a43-672f-21f5-980146af527c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0-rc3 has been released!

2017-11-27 Thread Chris Laprise 

On 11/27/2017 03:41 PM, Chris Laprise wrote:

On 11/27/2017 10:29 AM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

We're pleased to announce the third release candidate for Qubes 4.0! Our
goal for this release candidate is to improve the stability and
reliability of Qubes 4.0, so we've prioritized fixing known bugs over
introducing new features.  Many of the bugs discovered in our [previous
release candidate][rc2-announcement] are now resolved. A full list of
the Qubes 4.0 issues closed so far is available [here][closed-issues].

As always, we're immensely grateful to our community of testers for
taking the time to [discover and report bugs]. Thanks to your efforts,
we're able to fix these bugs *before* the final release of Qubes 4.0. We
encourage you to continue diligently testing this third release
candidate so that we can work together to improve Qubes 4.0 before the
stable release.



Still need to watch out for this bug, BTW:

Memory balancing stops for some VMs:
https://github.com/QubesOS/qubes-issues/issues/3265

It can starve some of your VMs of RAM, making them run very slowly.



When updating debian-8 template, this error:


Setting up qubes-kernel-vm-support (4.0.11+deb8u1) ...
Loading new u2mfn-4.0.11 DKMS files...
dpkg: warning: version '4.9.56-21.pvops.qubes.x86_64' has bad syntax: 
invalid character in revision number

It is likely that 4.9.56-21.pvops.qubes.x86_64 belongs to a chroot's host
Building initial module for 4.9.56-21.pvops.qubes.x86_64
Error! Bad return status for module build on kernel: 
4.9.56-21.pvops.qubes.x86_64 (x86_64)

Consult /var/lib/dkms/u2mfn/4.0.11/build/make.log for more information.



Here is the log:
DKMS make.log for u2mfn-4.0.11 for kernel 4.9.56-21.pvops.qubes.x86_64 
(x86_64)

Mon Nov 27 15:55:45 EST 2017
make: Entering directory '/lib/modules/4.9.56-21.pvops.qubes.x86_64/build'
  LD  /var/lib/dkms/u2mfn/4.0.11/build/built-in.o
  CC [M]  /var/lib/dkms/u2mfn/4.0.11/build/u2mfn.o
cc1: error: cannot load plugin 
./scripts/gcc-plugins/latent_entropy_plugin.so
./scripts/gcc-plugins/latent_entropy_plugin.so: undefined symbol: 
_ZN8opt_pass14set_pass_paramEjb
scripts/Makefile.build:299: recipe for target 
'/var/lib/dkms/u2mfn/4.0.11/build/u2mfn.o' failed

make[1]: *** [/var/lib/dkms/u2mfn/4.0.11/build/u2mfn.o] Error 1
Makefile:1493: recipe for target 
'_module_/var/lib/dkms/u2mfn/4.0.11/build' failed

make: *** [_module_/var/lib/dkms/u2mfn/4.0.11/build] Error 2
make: Leaving directory '/lib/modules/4.9.56-21.pvops.qubes.x86_64/build'



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/39bdd52e-176b-41d1-08a7-f16ec8cd91c8%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0-rc3 has been released!

2017-11-27 Thread Chris Laprise 

On 11/27/2017 10:29 AM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

We're pleased to announce the third release candidate for Qubes 4.0! Our
goal for this release candidate is to improve the stability and
reliability of Qubes 4.0, so we've prioritized fixing known bugs over
introducing new features.  Many of the bugs discovered in our [previous
release candidate][rc2-announcement] are now resolved. A full list of
the Qubes 4.0 issues closed so far is available [here][closed-issues].

As always, we're immensely grateful to our community of testers for
taking the time to [discover and report bugs]. Thanks to your efforts,
we're able to fix these bugs *before* the final release of Qubes 4.0. We
encourage you to continue diligently testing this third release
candidate so that we can work together to improve Qubes 4.0 before the
stable release.

Current users of Qubes 4.0-rc2 can upgrade in-place by downloading the
latest updates from the testing repositories in both
[dom0][dom0-testing] and [TemplateVMs][domU-testing].  Further details,
including full installation instructions, are available in the [Qubes
4.0 release notes][release-notes]. The new installation image is
available on the [Downloads] page.

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2017/11/27/qubes-40-rc3/

[rc2-announcement]: https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/
[closed-issues]: 
https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+milestone%3A%22Release+4.0%22+is%3Aclosed
[discover and report bugs]: https://www.qubes-os.org/doc/reporting-bugs/
[dom0-testing]: 
https://www.qubes-os.org/doc/software-update-dom0/#testing-repositories
[domU-testing]: 
https://www.qubes-os.org/doc/software-update-vm/#testing-repositories
[release-notes]: https://www.qubes-os.org/doc/releases/4.0/release-notes/
[Downloads]: https://www.qubes-os.org/downloads/


Still need to watch out for this bug, BTW:

Memory balancing stops for some VMs:
https://github.com/QubesOS/qubes-issues/issues/3265

It can starve some of your VMs of RAM, making them run very slowly.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61419291-4566-6155-b7ba-0c81ab808333%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-usb won't start under Qubes 4.0rc2 / pci strict reset for RC2

2017-11-27 Thread David Hobach 

On 11/27/2017 09:01 PM, '[799]' via qubes-users wrote:

Hello,

After having lots of problems to install Qubes 4rc2 on my X230 replaced my 
Coreboot BIOS with the stock/factory ROM and reinstalled from scratch.

Luckily I can now start AppVMs and also create new VMs.
The only thing which is not working is my sys-usb. Under Qubes 3.2 I got it 
working enabling strict PCI reset, but I don't know how to get it working under 
Qubes 4.

Any idea where to troubleshoot this problem?


Search for the related doc bug @qubes-issues.
It gives you the command, but I don't have it at hand right now.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/062ad981-1d07-8fc8-103d-8e49fcc01167%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] sys-usb won't start under Qubes 4.0rc2 / pci strict reset for RC2

2017-11-27 Thread '[799]' via qubes-users 
Hello,

After having lots of problems to install Qubes 4rc2 on my X230 replaced my 
Coreboot BIOS with the stock/factory ROM and reinstalled from scratch.

Luckily I can now start AppVMs and also create new VMs.
The only thing which is not working is my sys-usb. Under Qubes 3.2 I got it 
working enabling strict PCI reset, but I don't know how to get it working under 
Qubes 4.

Any idea where to troubleshoot this problem?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KnLJInT7j7wSYq9swzCmAciDE_ho-VjdtQKSHVaytQwr7DsgrB0J3Tf_VVMqTKiutbwvxGFESdA0LPbQcCXmDgoMHi6xcRBePzC08dWQmO4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread Wael Nasreddine 
On Monday, November 27, 2017 at 11:09:12 AM UTC-8, David Hobach wrote:
> On 11/27/2017 07:57 PM, David Hobach wrote:
> > On 11/27/2017 07:47 AM, Wael Nasreddine wrote:
> >> I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got two hard 
> >> reboots in the last few hours, often around the time I start a VM. I 
> >> do not see anything in the log.
> >>
> >> P.S: I've been running Citrix XenServer for two years on this machine 
> >> with no issues.
> >>
> >> Nov 26 22:36:38 dom0 sudo[911]: pam_unix(sudo:session): session closed 
> >> for user root
> >> Nov 26 22:36:38 dom0 audit[911]: USER_END pid=911 uid=0 auid=1000 
> >> ses=2 msg='op=PAM:session_close 
> >> grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_
> >> Nov 26 22:36:38 dom0 audit[911]: CRED_DISP pid=911 uid=0 auid=1000 
> >> ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" 
> >> exe="/usr/bin/sudo" hostname=? addr=?
> >> Nov 26 22:36:38 dom0 kernel: audit: type=1106 
> >> audit(1511764598.490:447): pid=911 uid=0 auid=1000 ses=2 
> >> msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyi
> >> Nov 26 22:36:38 dom0 kernel: audit: type=1104 
> >> audit(1511764598.490:448): pid=911 uid=0 auid=1000 ses=2 
> >> msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/us
> >> Nov 26 22:36:38 dom0 qmemman.daemon.algo[2304]: 
> >> balance_when_enough_memory(xen_free_memory=97794733, 
> >> total_mem_pref=5101760998.4, total_available_memory=60546306417.6)
> >> Nov 26 22:36:38 dom0 qmemman.daemon.algo[2304]: 
> >> left_memory=24233992215 acceptors_count=1
> >> -- Reboot --
> >> Nov 26 22:38:00 dom0 systemd-journald[240]: Runtime journal 
> >> (/run/log/journal/) is 8.0M, max 196.7M, 188.7M free.
> >> Nov 26 22:38:00 dom0 kernel: Linux version 
> >> 4.9.56-21.pvops.qubes.x86_64 (user@build-fedora4) (gcc version 6.4.1 
> >> 20170727 (Red Hat 6.4.1-1) (GCC) ) #1 SMP Wed Oct 18 00:2
> >> Nov 26 22:38:00 dom0 kernel: Command line: placeholder 
> >> root=UUID=9b846465-f59a-4f83-adfa-5468c915defd ro 
> >> rootflags=subvol=root rd.luks.uuid=luks-1b3c3eda-7836-443a-bc07-
> >> Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x001: 
> >> 'x87 floating point registers'
> >> Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x002: 
> >> 'SSE registers'
> >> Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x004: 
> >> 'AVX registers'
> >> Nov 26 22:38:00 dom0 kernel: x86/fpu: xstate_offset[2]:  576, 
> >> xstate_sizes[2]:  256
> >> Nov 26 22:38:00 dom0 kernel: x86/fpu: Enabled xstate features 0x7, 
> >> context size is 832 bytes, using 'standard' format.
> >> Nov 26 22:38:00 dom0 kernel: x86/fpu: Using 'eager' FPU context switches.
> >> Nov 26 22:38:00 dom0 kernel: Released 0 page(s)
> >> Nov 26 22:38:00 dom0 kernel: e820: BIOS-provided physical RAM map:
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x-0x0009bfff] usable
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x0009c800-0x000f] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x0010-0x67e1] usable
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x67e2-0x67e20fff] ACPI NVS
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x67e21000-0x67e6afff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x67e6b000-0x67ebcfff] usable
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x67ebd000-0x68bedfff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x68bee000-0x6ee48fff] usable
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x6ee49000-0x6f7adfff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x6f7ae000-0x6ff99fff] ACPI NVS
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x6ff9a000-0x6fffefff] ACPI data
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x6000-0x6fff] usable
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x7000-0x77ff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0xe000-0xefff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0xfe00-0xfe010fff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0xfec0-0xfec00fff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0xfed9-0xfed91fff] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0xfee0-0xfeef] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0xff00-0x] reserved
> >> Nov 26 22:38:00 dom0 kernel: Xen: [mem 
> >> 0x0001-0x000191f95fff] usable
> > 
> > 
> > Yes, I can confirm that issue (except for the "around the time I start a 
> > VM"). Didn't find anything yet neither, my log looks similar. Some 
> > memory balancing tends to be the last

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread David Hobach 

On 11/27/2017 07:57 PM, David Hobach wrote:

On 11/27/2017 07:47 AM, Wael Nasreddine wrote:
I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got two hard 
reboots in the last few hours, often around the time I start a VM. I 
do not see anything in the log.


P.S: I've been running Citrix XenServer for two years on this machine 
with no issues.


Nov 26 22:36:38 dom0 sudo[911]: pam_unix(sudo:session): session closed 
for user root
Nov 26 22:36:38 dom0 audit[911]: USER_END pid=911 uid=0 auid=1000 
ses=2 msg='op=PAM:session_close 
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_
Nov 26 22:36:38 dom0 audit[911]: CRED_DISP pid=911 uid=0 auid=1000 
ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" 
exe="/usr/bin/sudo" hostname=? addr=?
Nov 26 22:36:38 dom0 kernel: audit: type=1106 
audit(1511764598.490:447): pid=911 uid=0 auid=1000 ses=2 
msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyi
Nov 26 22:36:38 dom0 kernel: audit: type=1104 
audit(1511764598.490:448): pid=911 uid=0 auid=1000 ses=2 
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/us
Nov 26 22:36:38 dom0 qmemman.daemon.algo[2304]: 
balance_when_enough_memory(xen_free_memory=97794733, 
total_mem_pref=5101760998.4, total_available_memory=60546306417.6)
Nov 26 22:36:38 dom0 qmemman.daemon.algo[2304]: 
left_memory=24233992215 acceptors_count=1

-- Reboot --
Nov 26 22:38:00 dom0 systemd-journald[240]: Runtime journal 
(/run/log/journal/) is 8.0M, max 196.7M, 188.7M free.
Nov 26 22:38:00 dom0 kernel: Linux version 
4.9.56-21.pvops.qubes.x86_64 (user@build-fedora4) (gcc version 6.4.1 
20170727 (Red Hat 6.4.1-1) (GCC) ) #1 SMP Wed Oct 18 00:2
Nov 26 22:38:00 dom0 kernel: Command line: placeholder 
root=UUID=9b846465-f59a-4f83-adfa-5468c915defd ro 
rootflags=subvol=root rd.luks.uuid=luks-1b3c3eda-7836-443a-bc07-
Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x001: 
'x87 floating point registers'
Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x002: 
'SSE registers'
Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x004: 
'AVX registers'
Nov 26 22:38:00 dom0 kernel: x86/fpu: xstate_offset[2]:  576, 
xstate_sizes[2]:  256
Nov 26 22:38:00 dom0 kernel: x86/fpu: Enabled xstate features 0x7, 
context size is 832 bytes, using 'standard' format.

Nov 26 22:38:00 dom0 kernel: x86/fpu: Using 'eager' FPU context switches.
Nov 26 22:38:00 dom0 kernel: Released 0 page(s)
Nov 26 22:38:00 dom0 kernel: e820: BIOS-provided physical RAM map:
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x-0x0009bfff] usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x0009c800-0x000f] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x0010-0x67e1] usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x67e2-0x67e20fff] ACPI NVS
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x67e21000-0x67e6afff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x67e6b000-0x67ebcfff] usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x67ebd000-0x68bedfff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x68bee000-0x6ee48fff] usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x6ee49000-0x6f7adfff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x6f7ae000-0x6ff99fff] ACPI NVS
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x6ff9a000-0x6fffefff] ACPI data
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x6000-0x6fff] usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x7000-0x77ff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0xe000-0xefff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0xfe00-0xfe010fff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0xfec0-0xfec00fff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0xfed9-0xfed91fff] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0xfee0-0xfeef] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0xff00-0x] reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 
0x0001-0x000191f95fff] usable



Yes, I can confirm that issue (except for the "around the time I start a 
VM"). Didn't find anything yet neither, my log looks similar. Some 
memory balancing tends to be the last entry.


P.S.: I run a T530 with coreboot, some i5, ME cleaned.

I'm not sure whether it's a heat issue, but I'd guess not as I had 
tested it until ~95 Celsius and it tends to run at max 80 with Qubes. I 
think it reboots at ~100 Celsius.


But yes, it tends to happen at relatively high load.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread David Hobach 

On 11/27/2017 07:47 AM, Wael Nasreddine wrote:

I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got two hard reboots in 
the last few hours, often around the time I start a VM. I do not see anything 
in the log.

P.S: I've been running Citrix XenServer for two years on this machine with no 
issues.

Nov 26 22:36:38 dom0 sudo[911]: pam_unix(sudo:session): session closed for user 
root
Nov 26 22:36:38 dom0 audit[911]: USER_END pid=911 uid=0 auid=1000 ses=2 
msg='op=PAM:session_close 
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_
Nov 26 22:36:38 dom0 audit[911]: CRED_DISP pid=911 uid=0 auid=1000 ses=2 msg='op=PAM:setcred 
grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=?
Nov 26 22:36:38 dom0 kernel: audit: type=1106 audit(1511764598.490:447): 
pid=911 uid=0 auid=1000 ses=2 msg='op=PAM:session_close 
grantors=pam_keyinit,pam_limits,pam_keyi
Nov 26 22:36:38 dom0 kernel: audit: type=1104 audit(1511764598.490:448): pid=911 uid=0 
auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" 
exe="/us
Nov 26 22:36:38 dom0 qmemman.daemon.algo[2304]: 
balance_when_enough_memory(xen_free_memory=97794733, 
total_mem_pref=5101760998.4, total_available_memory=60546306417.6)
Nov 26 22:36:38 dom0 qmemman.daemon.algo[2304]: left_memory=24233992215 
acceptors_count=1
-- Reboot --
Nov 26 22:38:00 dom0 systemd-journald[240]: Runtime journal (/run/log/journal/) 
is 8.0M, max 196.7M, 188.7M free.
Nov 26 22:38:00 dom0 kernel: Linux version 4.9.56-21.pvops.qubes.x86_64 
(user@build-fedora4) (gcc version 6.4.1 20170727 (Red Hat 6.4.1-1) (GCC) ) #1 
SMP Wed Oct 18 00:2
Nov 26 22:38:00 dom0 kernel: Command line: placeholder 
root=UUID=9b846465-f59a-4f83-adfa-5468c915defd ro rootflags=subvol=root 
rd.luks.uuid=luks-1b3c3eda-7836-443a-bc07-
Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 
floating point registers'
Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE 
registers'
Nov 26 22:38:00 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX 
registers'
Nov 26 22:38:00 dom0 kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  
256
Nov 26 22:38:00 dom0 kernel: x86/fpu: Enabled xstate features 0x7, context size 
is 832 bytes, using 'standard' format.
Nov 26 22:38:00 dom0 kernel: x86/fpu: Using 'eager' FPU context switches.
Nov 26 22:38:00 dom0 kernel: Released 0 page(s)
Nov 26 22:38:00 dom0 kernel: e820: BIOS-provided physical RAM map:
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x-0x0009bfff] 
usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x0009c800-0x000f] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x0010-0x67e1] 
usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x67e2-0x67e20fff] 
ACPI NVS
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x67e21000-0x67e6afff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x67e6b000-0x67ebcfff] 
usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x67ebd000-0x68bedfff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x68bee000-0x6ee48fff] 
usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x6ee49000-0x6f7adfff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x6f7ae000-0x6ff99fff] 
ACPI NVS
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x6ff9a000-0x6fffefff] 
ACPI data
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x6000-0x6fff] 
usable
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x7000-0x77ff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0xe000-0xefff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0xfe00-0xfe010fff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0xfec0-0xfec00fff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0xfed9-0xfed91fff] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0xfee0-0xfeef] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0xff00-0x] 
reserved
Nov 26 22:38:00 dom0 kernel: Xen: [mem 0x0001-0x000191f95fff] 
usable



Yes, I can confirm that issue (except for the "around the time I start a 
VM"). Didn't find anything yet neither, my log looks similar. Some 
memory balancing tends to be the last entry.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6230b5d-52ee-89de-bf71-3d182194564b%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Qubes for "dummies"

2017-11-27 Thread genevieve . c . gauthier 
Hi, I did not know about your OS.  I think this project is awesome.  I do not 
have the computer knowledge some of you specialist of your field have.  I am 
writing this message to try to contribute in my own way.

First, I have also watched "Youtube :Golem and Friends: Data, Security, Scaling 
and More..." (very interesting too and I am learning more...)

The first part the presenter (I understand she is a major contributor to Qubes) 
says "I would not recommended using a windows OS - internet browsing" this 
person as superior knowledge... 

My point of view is this : This lady (and probably all of you even reading my 
post) are (would be) one of the most secure windows user(s) on this planet ! 

Regarding to your future project, I am writing this to also tell you about my 
concerns that people who would NEED you the most, logically, would be the user 
with LESSER/ALMOST NO computer skills ...!  

I have a MintLinux server at home (force to use this because of my limited 
knowledge and the "obnoxious" graphic card chipset of the old laptop that I 
transformed for my project.  (Home network : I have windows clients (for 
gamers), macOS client & now a new fedora-based client that I wanted to be a 
Qubes client but ...(2nd topic)) So, if I were to install Qubes on many system, 
my first choice would be to install it on my friends and family members who do 
not have a clue what goes on at anything lower "than runlevel 5" (to be more 
accurate they know what they are seeing and that's almost it and nothing about 
what goes on "beyond the scene" as far as computers go)

2nd topic : My experience 48h experience with Qubes 3 + another 48h on Qubes 
4.0 rc2 on my personal laptop. First, I notice the Qubes manager went away. Not 
a problem because I was able to master the command-line qvm-backup easily 
(without knowing everything)) (but using a terminal is now consider "above 
average" skills by definition)  In fact, I had chosen Qubes for this laptop 
(the hardware had the capacity to handle the OS as far as virtualisation is 
concerned) and it seems perfect to read online and work on it. I felt my data 
(my own little projects) would be more secured.

Logic for dummies .. 
=> Logic : new laptop have touchscreen ...
=> Logic : Qubes designer chose not to support gnome => I understand it 
perfectly*.   However, considering, in the future most user will have 
touchscreen, they will want the OS/software to be able use the hardware 
capacity they paid for (I think this is logical).  The user who would need your 
work the most will not be able to add touchscreen support to xfce-based Qubes 
(if it's not included) I know that I was not able to do this myself at first. 
(is it possible?)  I loved your fedora-based system (dnf as opposed to apt-get 
is not too difficult to adapt too) Therefore I decided to switch my client to 
the new fedora workstation gnome-shell.  I do not think supporting gnome (with 
all the implication that this have about reviewing internal security/reviewing 
codes => major hrs and, perhaps, many coffees for everyone is "The Must Way to 
go" (I do not even think myself there should be any Must Way/One Way. Users 
should be as free as they can)

However, from a user (human) perspective, I needed to read about Qubes.  I 
wanted to read about your project.  I used to be a able to use my touchscreen 
to read faster... and gosh I have needed to read a lot the past for days! Now, 
I am reading your documentation on fedora (with touchscreen support) and this 
is much easier for me.  I which I could reinstall Qubes (xfce /w touchscreen 
support like my fedora 27 workstation) in 2018 :-)  At this point, I have 
switched to federa also because Qubes 4 had a nasty bug(s) involving not only 
the nm-applet but the whole sys-firewall vm /sys-net vm... Dummy perspective : 
One time, the nm-applet went away I could not start the sys-firewall either 
( , Error starting VM: Cannot exeCute qrexec-daemon! in terminal :S ) 
Then after rebooting two times, my sys-net & sys-firewall were "fine" ..  Those 
problems are completely beyond my current skills .. I switched to fedora 27 but 
I will continue to closely follow your project/Qubes OS on facebook and read 
more about this project.

If this help someone ... I think you are doing great work (users and 
developers) and please keep in mind those who would need you (your skills) the 
most are not even people like myself but users far more vulnerable (even less 
knowledge)... I understand this from my own field that sometime people with 
superior skills take for granted (as do I) some of "our" knowledge and tend to 
forget "obvious" is not the same "obvious" for all users.  

P-S I have seen Qubes 4.0 rc3 today (I stop with Qubes 4.0 rc2) it will be 
tempting for me in the future to see if you have solved those strange 
networking problems (rc2) occurring on my laptop ... Furthermore, I am thinking 
to create usb keys with Qubes for my family members for xmas

Re: [qubes-users] Re: unable to start a freshly created VM (the first VM on a fresh install). Qubes 4.0-RC2

2017-11-27 Thread Wael Nasreddine 
On Monday, November 27, 2017 at 1:19:04 AM UTC-8, Tom Zander wrote:
> On Monday, 27 November 2017 07:03:51 CET Wael Nasreddine wrote:
> > I'm trying to create a Standalone VM to run ArchLinux dedicated for work,
> > but the VM fails to start,
> 
> Where did you get the archlinux VM from?

I created a new VM, not based on any template (a menu option in the create new 
VM prompt). The VM never got passed Bios boot, similar to [0] without the 
window re-appearing; So I was never able to actually install it.

> 
> I successfully managed to get this working over the weekend by;
> a) following the basics (dns install etc) here (point3 & 4).
> Don’t do point 5 - 10.
> https://www.qubes-os.org/doc/building-archlinux-template/
> 
> b) follow the simplest guide from this report;
> https://github.com/QubesOS/qubes-issues/issues/3185
> 
> Then continue with points 10 -  from the official docs.
> 

Thanks for the tip, I might try that as well.

> 
> Generally, after a weekend of intense working with qubes4r2 (testing) I 
> would say that creating new VMs based on a template and starting them is a 
> bit of a hit-and-miss.
> I’m guessing that the daemon in dom0 has some race conditions that sometimes 
> leaves newly created vms broken. Stress the system less and it seems to work 
> more stable.
> 
> -- 
> Tom Zander
> Blog: https://zander.github.io
> Vlog: https://vimeo.com/channels/tomscryptochannel

[0]: https://github.com/QubesOS/qubes-issues/issues/3185#issuecomment-338470156

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5513f01-80ba-468f-8f1f-b1e2aabbda8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: some dom0 launcher options disappeared after upgrading to fedora 25

2017-11-27 Thread Lorenzo Guerra 
Il giorno lunedì 27 novembre 2017 14:07:10 UTC+1, Lorenzo Guerra ha scritto:
> It happened to me once in the past, I think after I removed some template VM. 
> Apparently this is a bug of some sort. I found the following thread helpful.
> https://groups.google.com/forum/m/#!searchin/qubes-users/dom0$20entries$20menu/qubes-users/lsED7b1qVjw
> Regards,
> L. G.

Oops, wrong link, sorry :(
This should be the correct one.
https://groups.google.com/forum/#!topic/qubes-users/lsED7b1qVjw

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84a8b614-7223-46e9-b8ec-fb0d43a52d39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] some dom0 launcher options disappeared after upgrading to fedora 25

2017-11-27 Thread Lorenzo Guerra 
It happened to me once in the past, I think after I removed some template VM. 
Apparently this is a bug of some sort. I found the following thread helpful.
https://groups.google.com/forum/m/#!searchin/qubes-users/dom0$20entries$20menu/qubes-users/lsED7b1qVjw
Regards,
L. G.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ce34208-42a0-4fa8-b88b-058d1828c7bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Eve V - nice QubesOS platform?

2017-11-27 Thread Franz 
On Sat, Nov 25, 2017 at 1:39 PM, 209485'029458'0294385'0932845'0943285098 <
kersten.vo...@gmail.com> wrote:

> Hello,
> might be the new Eve V starup-laptop from finland be a nice QubesOS
> platform?
>
> https://eve.community/t/eve-v-vs-competition/2290
>
> Perhaps some partnership can help, to spread both tech-tools?
>
>
It seems this is a tablet, but is a tablet supported in Qubes?

Also next machine I would want a 32 GB RAM and it seems it is not available
Best
Fran

> Kind Regards
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/2f97631c-80e7-49c3-af6a-5c83ac22ac87%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCPp9bxWCvPEkTJvPBYMUb0UQd5FHBXxeVsQN%3DcVucp3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Upgrade from R4-RC2 to R4 final

2017-11-27 Thread Jean-Luc Duriez 
New to Qubes OS but veteran Linux user, I am currently building a R4-RC2 config 
for my day-to-day personal desktop. I gave a try to R3.2 but my Intel HD 630 
integrated GPU was not supported, so I went for the beta.

I have begun to create a few AppVMs and imported my data in the Qubes. I feel 
confident enough to start using it right now as it is quite stable. 

Before I make the big step to ditch my previous OS, I would like to know what 
will be the procedure to switch from R4-RC2 to R4 stable. Shall I be forced 
into a reinstall of Qubes OS from scratch, or will it be something easier like 
a dom0 update, which will preserve the Templates/AppVMs ? What should I expect 
for the upgrade ?

Thanks for your lights

Jean-Luc

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b90fdb59-38ea-4d38-a9fb-51c67d67c94c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Formatting and Permissions for internal HDDs

2017-11-27 Thread awokd 
On Mon, November 27, 2017 05:22, Gaijin wrote:
> In R3.2 I have some additional internal hard drives in my PC. I wanted
> to format them to be encrypted so that they will match the disk
> encryption of my main Qubes disk install, and so that I won't have to
> enter the disk password every time I access the drives or attach them to
> a VM. I have not been able to figure this out. Is this possible?

Yes, give them the exact same password as your primary and mount them by
UUID in both /etc/crypttab and /etc/fstab.

> My other issue is that whether I encrypt the drive partitions with LUKS
> or just make a ext4 partition, I can't access the drives after creating
> them because they're assigned ownership to the root account. Normal
> Qubes use is thru the dom0 account or the user account on the VMs, not
> root. What would be a good permissions setting to allow dom0 or a VM
> access the hard drives?

I think if you mount them as part of boot you will have less trouble.
Don't remember having to do anything special with permissions, but review
the ones set on /var/lib/qubes if needed. Also see
https://www.qubes-os.org/doc/secondary-storage/ .


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ed1c9920210ccb8fa8197d4a54c172e%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Yubikey in Challenge Response mode in Qubes 3.2

2017-11-27 Thread 'Tom Zander' via qubes-users 
On Monday, 27 November 2017 06:30:48 CET Yuraeitha wrote:
> I wonder how such misunderstandings, or false interpretations, can be
> avoided among the people, like me, who are learning about Qubes (and
> Linux in general). But that's something for another time and topic, but
> an interesting one nonetheless.

Personally I’d say that the majority of this problem comes from the mis-
design that VMs like debian and even fedora are maintained by DNF/yum.
To do a system upgrade by downloading a new RPM makes no sense as that 
completely destroys all changes made in the template. For instance new 
software that was installed.

If qubes were to disconnect the idea that an RPM of several hundred MBs is 
the way to download/install/upgrade a VM, it would become much easier to 
understand.

Maybe in Qubes 5 :)
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1727044.u3lbsDOL5E%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] some dom0 launcher options disappeared after upgrading to fedora 25

2017-11-27 Thread awokd 
On Mon, November 27, 2017 01:52, ehakandu...@gmail.com wrote:

> happen to know how to repopulate those items in the launcher?

In Qubes VM Manager, right-click the AppVM then Add/Remove App Shortcuts.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea6369ae02d2773ba2d1f78ffefd21e6%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

2017-11-27 Thread awokd 
On Mon, November 27, 2017 05:40, pr0xy wrote:
> On 2017-11-20 18:08, awokd wrote:
>> On Mon, November 20, 2017 10:01, pr0xy wrote:
>>> Please help a somewhat noob who wants to use Qubes in the office.
>>>
>>> I got the OK to try using Qubes R3.2 in my company network as a
>>> workstation. They have a very restrictive proxy that forces all traffic
>>> through an HTTP/HTTPS proxy like:
>>>
>>> proxy.example.com:8080
>>>
>>> How could I force all Qubes traffic to go through that proxy and that
>>> port?
>>>
>>> Would that be in sys-net, or a Firewall VM?
>>
>> Check https://www.qubes-os.org/doc/vpn/ . Ignore the parts about VPN
>> setup
>> but you should be able to set up your proxy redirect in the Proxy VM.
>> I'm
>> assuming local traffic like DNS lookups would not go through the proxy.
>
> Thanks. I have been reading up on the ProxyVM, which seems to be the way
> I would do this, but I'm a bit confused as to where I would add these
> proxy settings. I'm not familiar with manipulating IP tables, or writing
> the sort of scripts on that page, but is that what I would need to set?
>
> I wanted to stay away from setting the environment variables for
> http_proxy, https_proxy, ftp_proxy and no_proxy in each VM.  Ideally I
> think I'd like to use a ProxyVM to proxify an entire AppVM, but the
> documentation doesn't make it clear how I would attempt this.

You're right, you'd need to manipulate IP tables. There is no built in way
to do it with just the Qubes UI.

See
https://stackoverflow.com/questions/10595575/iptables-configuration-for-transparent-proxy
for an example if you wanted to use the transparent proxy approach.
Sys-whonix is essentially a transparent proxy that forwards all traffic
through Tor.

Another option could be
https://www.qubes-os.org/doc/config/http-filtering-proxy/ . See also
https://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html
.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a119e4812ece7ea879234495b8f7a9d%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-27 Thread beso 
I'll try that. Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f7e901e-65f6-4964-9960-78c20918cbd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: R4-rc2 consuming all my disk space (250MB)

2017-11-27 Thread Yuraeitha 
On Monday, November 27, 2017 at 5:51:03 AM UTC, Chris Laprise wrote:
> On 11/26/2017 11:55 PM, Yuraeitha wrote:
> > On Sunday, November 26, 2017 at 10:05:46 PM UTC, Chris Laprise wrote:
> >> I currently have 4GB remaining on my drive according to the 'lvs' based
> >> script from issue #3240.
> >>
> >> However, I know I don't have nearly that much in templates and data;
> >> there was a lot more free space on Qubes 3.2. Also, adding up the DISK
> >> column from qvm-ls shows I should have over 100GB free.
> >>
> >> So I'm wondering if this is a real problem with R4 and what can be done
> >> about it.
> >>
> >> -- 
> >>
> >> Chris Laprise, tas...@posteo.net
> >> https://github.com/tasket
> >> https://twitter.com/ttaskett
> >> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
> > nvm, I found it.
> >
> > Running 'rpm -aq | grep core-admin' in dom0, prints out the current 
> > qubes-core-admin-client version. Mine is 4.0.11-01. I'm fully updated to 
> > the testing repository. So since this was implemented in 4.0.12, we 
> > probably have to wait for that.
> 
> Thanks, but I found the underlying problem...
> 
> The dom0 root filesystem keeps allocating space because discard/TRIM 
> isn't enabled by default. The output from lvs showed that root was 50% 
> allocated, and since root is sized by the installer to be the same size 
> as the disk, that means 100+GB was allocated (root fs contents were only 
> 4.5GB however).
> 
> An 'fstrim /' took care of the immediate problem and then I added 
> 'discard' option to /etc/fstab. I think this should be the default for 
> new installs.
> 
> -- 
> 
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

ah, good that it was resolved though. 

I do remember a talk somewhere, think it was on github, about trimming being 
enabled automatically on Qubes 4, however, I think it was for LVM Thin 
Provisioning only, and not the regular LVM. At least for the current Qubes 4 
RC2. I didn't pay much attention to this at the time, but I briefly remember.

I imagine it makes sense too, if picking one file system format over the other, 
that it might make a difference in how it writes the information in the fstab 
file. At least they are related to some extent. So one of either LVM or LVM 
Thin Provisioning, is not doing this correctly atm it seems. 

Also.. loosing almost the entire drive space due to lack of trimming 
yikes...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6262777-f33c-4114-917a-b19dedc8de80%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.