[qubes-users] How do you automount /dev/xvdi in AppVMs?

[qbertqube]

How do you automount /dev/xvdi in AppVMs?

In a typical OS, this is done by modifying /etc/fstab. With Qubes OS AppVMs, 
/etc/fstab is not preserved between reboots.

Should I modify the TemplateVM's /etc/fstab?

Should I add "mount /dev/xvdi /mnt/removable" to the AppVM's 
/rw/config/rc.local?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0ae0ebf-ba41-44ea-af0c-e793dc7aa048%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Installing in UEFI without reefind (razer blade stealth 16gb ram 2016)

[Guerlan]

On Saturday, December 9, 2017 at 4:32:08 AM UTC-2, Guerlan wrote:
> On Saturday, December 9, 2017 at 4:17:21 AM UTC-2, Guerlan wrote:
> > I'm trying to install Qubes on my Razer Blade Stealth (4k 2016 16gb ram). 
> > It has no legacy mode, so I need to install in UEFI mode. Also, I don't 
> > want to trust reefind. 
> > 
> > Here's the problem I'm having. First, in the installaiton menu, anything I 
> > click leads me to this fast message that appears in the screen:
> > 
> > https://photos.google.com/share/AF1QipOUP-zk0Km0KnofmVDFVeKU01CElFTLqe94eH05H41B9PTkcQorHsvOYAbF87uIWA/photo/AF1QipNGHHM_QYgu_r_umhMC3hjfZZZqmsK5ZT3xiVJK?key=emxGYk1GM3A5Y0RrUmZOTzlFMzZsanBiaDN2MVVR
> > 
> > I followed https://www.qubes-os.org/doc/uefi-troubleshooting/
> > 
> > First step says
> > 
> > In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press e.
> > 
> > There's no "Troubleshoot" option alone, instead, there is 
> > 
> > "Troubleshoot - verbose boot and install Qubes 3.2", so there is no “Boot 
> > from device” option to choose, because when I click this, I get the fast 
> > message and then return to the same screen. Anyways, I pressed 'e' and 
> > edited the line by adding /mapbs /noexitboot at the end of it, then gave 
> > control-x. It displays a fast message again and returns to the edited text
> > 
> > https://photos.google.com/share/AF1QipOUP-zk0Km0KnofmVDFVeKU01CElFTLqe94eH05H41B9PTkcQorHsvOYAbF87uIWA/photo/AF1QipPWg5qiTSs8dpiKIu-QLdJzFuu5p-AFqMDbOnSf?key=emxGYk1GM3A5Y0RrUmZOTzlFMzZsanBiaDN2MVVR
> > 
> > 
> > 
> > Anybody knows what am I doing wrong?
> 
> update: I doscovered that Legacy Mode is called CSM on some 
> BIOS(https://github.com/QubesOS/qubes-issues/issues/2838#issuecomment-349234545
>  ), so I found that my system actually supports it. However, when I boot into 
> legacy mode, I only see an empty black screen, forever. Here's my CSM menu:
> 
> https://photos.app.goo.gl/Qbv7OBnXquEcHkTF3

I'd however prefer to install it in uefi mode, if possible. Could somebody 
discover what is going on?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc284afd-fb79-4011-88c4-de2fcf047043%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Installing in UEFI without reefind (razer blade stealth 16gb ram 2016)

[Guerlan]

On Saturday, December 9, 2017 at 4:17:21 AM UTC-2, Guerlan wrote:
> I'm trying to install Qubes on my Razer Blade Stealth (4k 2016 16gb ram). It 
> has no legacy mode, so I need to install in UEFI mode. Also, I don't want to 
> trust reefind. 
> 
> Here's the problem I'm having. First, in the installaiton menu, anything I 
> click leads me to this fast message that appears in the screen:
> 
> https://photos.google.com/share/AF1QipOUP-zk0Km0KnofmVDFVeKU01CElFTLqe94eH05H41B9PTkcQorHsvOYAbF87uIWA/photo/AF1QipNGHHM_QYgu_r_umhMC3hjfZZZqmsK5ZT3xiVJK?key=emxGYk1GM3A5Y0RrUmZOTzlFMzZsanBiaDN2MVVR
> 
> I followed https://www.qubes-os.org/doc/uefi-troubleshooting/
> 
> First step says
> 
> In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press e.
> 
> There's no "Troubleshoot" option alone, instead, there is 
> 
> "Troubleshoot - verbose boot and install Qubes 3.2", so there is no “Boot 
> from device” option to choose, because when I click this, I get the fast 
> message and then return to the same screen. Anyways, I pressed 'e' and edited 
> the line by adding /mapbs /noexitboot at the end of it, then gave control-x. 
> It displays a fast message again and returns to the edited text
> 
> https://photos.google.com/share/AF1QipOUP-zk0Km0KnofmVDFVeKU01CElFTLqe94eH05H41B9PTkcQorHsvOYAbF87uIWA/photo/AF1QipPWg5qiTSs8dpiKIu-QLdJzFuu5p-AFqMDbOnSf?key=emxGYk1GM3A5Y0RrUmZOTzlFMzZsanBiaDN2MVVR
> 
> 
> 
> Anybody knows what am I doing wrong?

update: I doscovered that Legacy Mode is called CSM on some 
BIOS(https://github.com/QubesOS/qubes-issues/issues/2838#issuecomment-349234545 
), so I found that my system actually supports it. However, when I boot into 
legacy mode, I only see an empty black screen, forever. Here's my CSM menu:

https://photos.app.goo.gl/Qbv7OBnXquEcHkTF3

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa16cb02-4c90-4556-a5e4-01816840ea8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installing in UEFI without reefind (razer blade stealth 16gb ram 2016)

[Guerlan]

I'm trying to install Qubes on my Razer Blade Stealth (4k 2016 16gb ram). It 
has no legacy mode, so I need to install in UEFI mode. Also, I don't want to 
trust reefind. 

Here's the problem I'm having. First, in the installaiton menu, anything I 
click leads me to this fast message that appears in the screen:

https://photos.google.com/share/AF1QipOUP-zk0Km0KnofmVDFVeKU01CElFTLqe94eH05H41B9PTkcQorHsvOYAbF87uIWA/photo/AF1QipNGHHM_QYgu_r_umhMC3hjfZZZqmsK5ZT3xiVJK?key=emxGYk1GM3A5Y0RrUmZOTzlFMzZsanBiaDN2MVVR

I followed https://www.qubes-os.org/doc/uefi-troubleshooting/

First step says

In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press e.

There's no "Troubleshoot" option alone, instead, there is 

"Troubleshoot - verbose boot and install Qubes 3.2", so there is no “Boot from 
device” option to choose, because when I click this, I get the fast message and 
then return to the same screen. Anyways, I pressed 'e' and edited the line by 
adding /mapbs /noexitboot at the end of it, then gave control-x. It displays a 
fast message again and returns to the edited text

https://photos.google.com/share/AF1QipOUP-zk0Km0KnofmVDFVeKU01CElFTLqe94eH05H41B9PTkcQorHsvOYAbF87uIWA/photo/AF1QipPWg5qiTSs8dpiKIu-QLdJzFuu5p-AFqMDbOnSf?key=emxGYk1GM3A5Y0RrUmZOTzlFMzZsanBiaDN2MVVR



Anybody knows what am I doing wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/feba843e-7686-4a17-8d53-0de4e69b5171%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installed but cannot boot, Dell XPS 9550

[JDoe]

Hi,

I've disabled secure boot and installed Qubes 4.0-rc3 onto an external M.2 SSD 
in an enclosure connected via USB C.
When trying to boot from the SSD, I get a Dell error screen showing "No 
bootable devices found".

I haven't seen this issue reported here yet; has anyone encountered this and 
know how to resolve?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0e0974e-1a47-439c-aee6-3e38c3a03b9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

[Unman]

On Fri, Dec 08, 2017 at 12:58:28PM +0100, 'Tom Zander' via qubes-users wrote:
> On Friday, 8 December 2017 11:50:07 CET Unman wrote:
> > Anyway, I don't want to labour the point.
> > Enough people seem to like the Manager style approach to make it worth
> > putting something like it into 4.0.
> 
> You wrote a very interesting mail, with lots of great ideas on how to make 
> the workflow better.
> I really like the idea to have application icons match your VMs.
> The 4.0 start menu forces users to first pick a qube and then pick an app. 
> With a Firefox available in each and every qube...
> 
> I think this thread is more about having any sort of user friendly tools 
> than it is specific about the QM.
> Its just that most users have only ever had the QM, and then even that was 
> taken away from them in 4.0 :(
> 
> I'd say you (Unman) are in a great position to brainstorm ideas we can try 
> to find a good user interface that helps people stay secure and helps them 
> survive, to even thrive.
> 
> I'd like to write a simple app that people whom were used to the QM can 
> relate to. With some people here stating they are willing to pay for the 
> service, I can make some time for that.
> As that crystallizes, maybe more people can jump in and work on other stuff.
> 

Some time back there was discussion about using Salt to produce
different Qubes flavours. I think this is still on the roadmap
somewhere.

The fact is that some users like selecting a qube, and then the
application, and it seems a natural way to work. I dont. But it's good
to have a variety of approaches.
Simple Qubes with custom menus seems to me to be the best way to have a
wider uptake - anything to work against the idea that Qubes is only for
nerds using the command line - "linux greybeards" was the somewhat
sexist phrase I think.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171209022420.hip4fg2vb4kqrrzb%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R3.2: Debian 9 template fails to update 50% of the time

[Unman]

On Fri, Dec 08, 2017 at 04:33:45PM -0800, vel...@tutamail.com wrote:
> I am struggling with this same issue...I find that after a restart I can do 
> the update but wanted to do this right. I checked the link posted above: 
> 
> "User-initiated updates/upgrades may not run when a templateVM first starts. 
> This is due to a new Debian config setting that attempts to update 
> automatically; it can be disabled with systemctl disable apt-daily.timer"
> 
> But as a rookie I am unsure of the specific terminal steps in my template. 
> Any chance I can ask the Qubes community for help on the specific terminal 
> commands to get this accomplished?
> 
> I would truly appreciate the help...thank you and thank you Qubes!
> 

Open a terminal in the Debian template, and type these commands:
sudo systemctl stop apt-daily.timer
sudo systemctl disable apt-daily.timer
sudo systemctl stop apt-daily.service
sudo systemctl disable apt-daily.service

'Systemctl disable' will stop the service from starting on boot.
To make sure a service will never start, use 'systemctl mask ..', so you
could equally try that command.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171209020659.4t2br6odca5dpi34%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/08/2017 04:54 PM, Wael Nasreddine wrote:


On Friday, December 8, 2017 at 12:07:56 AM UTC-8, tai...@gmx.com wrote:

On 12/08/2017 02:43 AM, Yethal wrote:


W dniu czwartek, 7 grudnia 2017 21:23:18 UTC+1 użytkownik Wael Nasreddine 
napisał:

Hello,

I'm looking to build a new Desktop specifically for Qubes OS, so my most 
important requirement is compatibility. I currently have 64GB (4 x 16GB) 
288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
looking for a recommendation for the motherboard and CPU. Preferably a 6+ cores 
CPU. What do you guys use?

I'm aware of the HCL page, but I'm mostly interested in knowing your personal 
experience with your current hardware.

[0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264

Zero issues with i7-6800K on an AsRock X99 board. Has PS/2 port, disabling 
Management Engine is possible via built in flashing tool, all hardware sensors 
were detected and it supports PCI-E bifurcation alongside SR-IOV. I'm running 
Mini-itx version which may be unsuitable for your needs as it only takes 32GB 
of ram but it would be pretty safe to assume that full-size AsRock X99 
motherboards would also be fully compatible with Qubes.

That isn't disabling ME, nor ME cleaner - you can NOT disable ME - it is
impossible even the HAP tool doesn't do so.

What's the ME and why disable it?


Your only hope is to buy hardware without it such as the new enough to
be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and
KCMA-D8 have libre firmware available and can play video games in a VM
via IOMMU-GFX, they also have dual onboard separate USB controllers (you
can use the second via a breakout bracket)

So I looked at both of these boards[0], they take a DDR3 board, but I found 
this one[1] that takes DDR4, does it still have opensource firmware?

[0]: 
https://www.newegg.com/Product/Productcompare.aspx?CompareItemList=%2D1%7C13%2D131%2D670%5E13%2D131%2D670%2C13%2D131%2D643%5E13%2D131%2D643
[1]: https://www.newegg.com/Product/Product.aspx?Item=N82E16813132257

That is an entirely unrelated motherboard, the only thing in common is 
that they re-used the model suffix "D16" other than that is is 
completely different and as it is intel no it can't and it doesn't.


Just get a KGPE-D16 or KCMA-D8 - they're great boards - not only do they 
have libre firmware but they also have a secure libre OpenBMC firmware 
for remote management.

https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php

The D16 comes with the required BMC module (ASMB4-iKVM or ASMB5-iKVM) 
but the D8 doesn't.


Sell your DDR4 RAM, the only thing with open source firmware that 
accepts DDR4 is the TALOS 2 for $4K - while that is an average price for 
server hardware in its performance class (actually a good deal compared 
with intel where a single xeon CPU alone costs thousands and only has 
one thread per core vs POWER9 8 SMT threads per core) it is still a lot 
of money unless you have a need for incredible speed and or incredible 
security (POWER9 is open source hardware and entirely owner owner 
controlled with no hardware code signing enforcement one can even modify 
the microcode)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ec6937a-4ff2-6904-d644-ccbeff3bfad0%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R3.2: Debian 9 template fails to update 50% of the time

[velcro]

I am struggling with this same issue...I find that after a restart I can do the 
update but wanted to do this right. I checked the link posted above: 

"User-initiated updates/upgrades may not run when a templateVM first starts. 
This is due to a new Debian config setting that attempts to update 
automatically; it can be disabled with systemctl disable apt-daily.timer"

But as a rookie I am unsure of the specific terminal steps in my template. Any 
chance I can ask the Qubes community for help on the specific terminal commands 
to get this accomplished?

I would truly appreciate the help...thank you and thank you Qubes!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e8c86c2-d98a-4eb1-be79-08bcac41d40a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[Wael Nasreddine]

On Friday, December 8, 2017 at 12:07:56 AM UTC-8, tai...@gmx.com wrote:
> On 12/08/2017 02:43 AM, Yethal wrote:
> 
> > W dniu czwartek, 7 grudnia 2017 21:23:18 UTC+1 użytkownik Wael Nasreddine 
> > napisał:
> >> Hello,
> >>
> >> I'm looking to build a new Desktop specifically for Qubes OS, so my most 
> >> important requirement is compatibility. I currently have 64GB (4 x 16GB) 
> >> 288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
> >> looking for a recommendation for the motherboard and CPU. Preferably a 6+ 
> >> cores CPU. What do you guys use?
> >>
> >> I'm aware of the HCL page, but I'm mostly interested in knowing your 
> >> personal experience with your current hardware.
> >>
> >> [0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264
> > Zero issues with i7-6800K on an AsRock X99 board. Has PS/2 port, disabling 
> > Management Engine is possible via built in flashing tool, all hardware 
> > sensors were detected and it supports PCI-E bifurcation alongside SR-IOV. 
> > I'm running Mini-itx version which may be unsuitable for your needs as it 
> > only takes 32GB of ram but it would be pretty safe to assume that full-size 
> > AsRock X99 motherboards would also be fully compatible with Qubes.
> That isn't disabling ME, nor ME cleaner - you can NOT disable ME - it is 
> impossible even the HAP tool doesn't do so.

What's the ME and why disable it?

> 
> Your only hope is to buy hardware without it such as the new enough to 
> be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and 
> KCMA-D8 have libre firmware available and can play video games in a VM 
> via IOMMU-GFX, they also have dual onboard separate USB controllers (you 
> can use the second via a breakout bracket)

So I looked at both of these boards[0], they take a DDR3 board, but I found 
this one[1] that takes DDR4, does it still have opensource firmware?

[0]: 
https://www.newegg.com/Product/Productcompare.aspx?CompareItemList=%2D1%7C13%2D131%2D670%5E13%2D131%2D670%2C13%2D131%2D643%5E13%2D131%2D643
[1]: https://www.newegg.com/Product/Product.aspx?Item=N82E16813132257

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/faf6e263-8440-4c85-b5a8-6694d33ad830%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VM's fail to start after fixing chock-full LVM thinpool

[Patrick]

Hi Tom,

> This looks like a show-stopper bug to me.
> The system should never be able to corrupt a critical file like that due to 
> disk-full.

This problem could be averted by pulling dom0 out of tpool. Also, using "df" to 
check how full your partition is, will not necessarily say how much data you 
can still write on the partition if the disk itself is already quite full. So 
you should always use "lvs" (for example) on dom0 to check how much space is 
actually left available on tpool00 itself. The documentation about low disk 
space (deceptively called "Home directory is out of disk space error" and with 
an even more deceptive file name and page title "out-of-memory") on the Qubes 
website should be changed for 4.0 to reflect this.

> I reported it to the qubes devs

Thsnks a lot! :-)

Regards,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d60743d7-b7e0-4621-8353-7934ea9bb6fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes4.0 rc3 install error

[awokd]

On Tue, December 5, 2017 1:16 am, Shashank wrote:

> Is there any way I could correct what has gone wrong?

Try going back to UEFI mode, booting from your Windows CD, and choose the
Repair Boot option. That will kill Qubes, but get Windows back. Consider
getting a separate PC or notebook instead of dual booting.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/890fa4c0163de3402df2a4920a1a14a4%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

['Tom Zander' via qubes-users]

On Friday, 8 December 2017 14:56:00 CET Chris Laprise wrote:
> > I also know that the “state of the art” in creating user interfaces has
> > moved on and the technology used in the old app is end-of-lifed for some
> > years now.
> 
> Which end-of-life technology would that be?

In Qt5 (released 19 December 2012) the qwidget module was split off onto its 
own and the APIs  in that module have been frozen ever since.
This details the module; https://doc.qt.io/qt-5/qtwidgets-index.html

Newer applications using Qt are suggested to use the declarative APIs which 
have the added benefit of using the massive speedups Qt GUIs get from using 
modern hardware and new architecture.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8505819.xTjMXsjhq2%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

[William Bormann]

On Friday, December 8, 2017 at 12:09:41 AM UTC-5, Chris Laprise wrote:
> On 12/07/2017 12:17 PM, 'Tom Zander' via qubes-users wrote:
> > On Thursday, 7 December 2017 14:17:52 CET Franz wrote:
> >>> On another note what would it take ($$$) for someone to create this back
> >>> on 4 as an option for the community (obviously theres quite a few of us)
> >>> that want this to install?
> >>>
> >>> Im not rich by any means living in one bedroom apt and work from home
> >>> but
> >>> this does help me with work and would donate towards getting this done.
> >> that is an interesting approach, developers can make programs, but
> >> non-developers can pay for others to do it. I offer $5000.
> > Hi guys,
> >
> > I've investigated the possibilities today about how this can be done from a
> > purely technical point of view.
> >
> > It seems possible, and to test this I am writing a very simple app that
> > retrieves the current Qubes and their status from the central qubes system.
> > Just as a proof-of-concept.
> >
> > Looks promising so far!
> 
> There is the question of whether someone should try porting the original 
> Qt-based Qubes Manager to R4.0. I mention this since the biggest 
> complaint so far is not having a _comprehensive_ UI; Updating QM for the 
> new Qubes API could be the most direct path to addressing that need.
> 
> I'd like to know what people think...
> 
> -- 
> 
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Glad you asked.

I'd prefer the development team focus on the security and stability of the 4.0 
release candidate system and not divert any resources to the old 3.2 manager.  
The CLI is fine as far as I'm concerned.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5605c2ca-ca7c-4857-b930-2aa16592927b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

[Chris Laprise]

On 12/08/2017 04:29 AM, 'Tom Zander' via qubes-users wrote:

On Friday, 8 December 2017 06:09:32 CET Chris Laprise wrote:

There is the question of whether someone should try porting the original
Qt-based Qubes Manager to R4.0. I mention this since the biggest
complaint so far is not having a _comprehensive_ UI; Updating QM for the
new Qubes API could be the most direct path to addressing that need.

I'd like to know what people think...

I’m a big fan of Qt, but the original was written in python (using the Qt
python bindings) which is my least favourite choice in language, and on top
of that the original QM had many problems for the user experience.

I also know that the “state of the art” in creating user interfaces has
moved on and the technology used in the old app is end-of-lifed for some
years now.


Which end-of-life technology would that be?



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2744e212-cecc-4859-6cb2-5596c9e9abf7%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: USB Keyboard & Mouse Intermittent v4.0rc3

[Ray Joseph]

Yethal,

Thank you for your efforts.

I did not discover anything down this path.  Further, when I booted today, the 
keyboard and mouse came up immediately.  I also had my access point running and 
it was logged into during the boot.  Although previously, with the AP available 
at boot, sometimes it came up without the keyboard and mouse.  I am stating 
this as I had problems with a Debian correctly booting with out a wireless 
connection.

More directly to your suggestions, here are the transaction I performed:
OK, I don't know how to paste from dom0 to this fedora disposable vm.

I did a 
sudo xl dmesg | grep VT
for VT-d
It displays supported pages sizes for iommu 0
It displays supported pages sizes for iommu 1
Snoop control not enabled.
dom0 dma passthrough not enabled
queued invalidation enabled
interrupt remapping enabled
shared ept tables enabled
"Its risky to assign' address 'with shared rmrr at" address for Dom1.

xl dmesg for strict displayed
(XEN)  - Unrestricted Guest

xl dmesg for pci did not produce anything
xl dmesg for usb did not produce anything

I checked all the above just after booting into the system.  

I then started up USBvm from the application menu while having 
xl top
running.

As before, it showed paused for about a minute and then disappeared.  I ran the 
above queries again and obtained the same results.

Any suggestions?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9239dac6-27e1-4543-9681-feebeefd1d04%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

[Unman]

On Fri, Dec 08, 2017 at 01:17:10AM -0300, Franz wrote:
> On Thu, Dec 7, 2017 at 12:19 PM, Unman  wrote:
> 
> > On Thu, Dec 07, 2017 at 01:29:32AM -0300, Franz wrote:
> > > On Wed, Dec 6, 2017 at 3:28 PM, Unman 
> > wrote:
> > >
> > > > On Wed, Dec 06, 2017 at 05:13:56PM +0100, 'Tom Zander' via qubes-users
> > > > wrote:
> > > > > On Wednesday, 6 December 2017 16:08:28 CET Unman wrote:
> > > > > > "useful, but wasnt any good" - do you mean buggy or poorly
> > designed?
> > > > > > What 2 features should be implemented/fixed?
> > > > > >
> > > > > > I confess I rarely use the Manager, so don't have a feel for what's
> > > > wrong
> > > > > > with it.
> > > > >
> > > > > To be clear, the main reason the old one is removed seems to be that
> > it
> > > > > would have had to be reimplemented due to the architecture changes
> > in 4.0
> > > > >
> > > >
> > > > Tom, this is simply not true.
> > > > If you look at issue #2132 you will see that it was a deliberate design
> > > > principle. It has nothing to do with the architecture changes and
> > > > everything to do with simplifying the UX.
> > > >
> > > > I have to say that most of the users I have helped to work with Qubes
> > > > (most unfamiliar to Linux and certainly unused to the command line),
> > > > simply DO NOT USE the manager.
> > > >
> > >
> > > Well that proves nothing. If you do not much use the manager and are
> > > teaching people to use Qubes, then you tend to teach to follow the way
> > you
> > > do things and your followers will just do that.
> > >
> > > On the contrary I am using the manager for everything also for starting
> > > applications and when I teach Qubes teach it this way and it is learned
> > > this way, so that loosing the manager means loosing all references to be
> > > able to use Qubes.
> >
> > Franz,
> >
> > I choose not to use the manager. But, as I've said before, my
> > requirements are probably very different from most users. For various
> > reasons, I don't listen to music/play games/ use YouTube/ etc etc - most
> > of the stuff I do is in a terminal. Even people who like me think this is
> > weird.
> >
> > But the people I help use their computers in very different ways from
> > that.
> > I don't teach them not to use the manager, I show them how to use Qubes
> > without the manager - some of them find it for themselves, and like it
> > - some don't.
> >
> > Here are some things these users DONT want to do:
> > Start a qube
> > Stop a qube
> > Start a disposableVM
> > Look in the manager to see if there are updates.
> >
> > Here are some of the things they want to do:
> > Read their emails.
> > Go online in a secure way.
> > Browse without risking their emails/bank accounts
> > Open a web browser that wont keep history/cant compromise their private
> > stuff.
> > Look at pictures from phones/ downloads as safely as possible.
> > Keep their system updated.
> >
> > Do you see what I mean? For many users the HOW of Qubes is completely
> > irrelevant, and because the Manager focusses on that it's a distraction.
> > The default Menu system has the same problem - it draws attention to the
> > qubes, not the activities.
> > So by providing a simple menu system, a few templates and some minor
> > configuration you can have a workable system that almost anyone can use
> > without knowing anything about the Qubes infrastructure, and without
> > need for the Manager.
> >
> > Will this suit everyone? Of course not - it doesn't suit me. It certainly
> > wont suit many of the people in this thread. If this is any guide then
> > many current users seem to want something in 4.0
> > For that reason I think it's worthwhile spending some time on
> > reinstating something like the old Manager in 4.0. I've started on this
> > focussing on the "display" side of the current Manager, rather than the
> > function side that some people seem to want to enhance. Let's see how we
> > get on.
> >
> > @Unman
> I understand what you mean, but again it all depends how you teach it. My
> wife wasn't even able to send an email, but when I told her to look at the
> manager for updates of templates she did it. Did she likes that? Of course
> not. But when I explained that an updated system is important for security
> she keeps updating it. When she asked: how can I start firefox? I replied:
> Manager, right button, run in VM, firefox. She keeps doing that. On the
> contrary if I had told her: start menu on the left look for you VM and
> firefox under that, she would do just that.
> 

You could make it even easier by providing a custom menu that matches
expectations and "does the right thing". 
Menu - Firefox - opens online qube and opens Firefox.
Menu - Banking - opens restricted qube and opens Firefox.
Menu - Email - opens email qube and opens Thunderbird.
Menu - Libreoffice Writer - opens offline qube and opens Libreoffice.

By customising mime handling in the qubes you can enforce opening files
in 

Re: [qubes-users] Re: new Desktop build recommendation

[Yethal]

W dniu piątek, 8 grudnia 2017 09:07:56 UTC+1 użytkownik tai...@gmx.com napisał:
> On 12/08/2017 02:43 AM, Yethal wrote:
> 
> > W dniu czwartek, 7 grudnia 2017 21:23:18 UTC+1 użytkownik Wael Nasreddine 
> > napisał:
> >> Hello,
> >>
> >> I'm looking to build a new Desktop specifically for Qubes OS, so my most 
> >> important requirement is compatibility. I currently have 64GB (4 x 16GB) 
> >> 288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
> >> looking for a recommendation for the motherboard and CPU. Preferably a 6+ 
> >> cores CPU. What do you guys use?
> >>
> >> I'm aware of the HCL page, but I'm mostly interested in knowing your 
> >> personal experience with your current hardware.
> >>
> >> [0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264
> > Zero issues with i7-6800K on an AsRock X99 board. Has PS/2 port, disabling 
> > Management Engine is possible via built in flashing tool, all hardware 
> > sensors were detected and it supports PCI-E bifurcation alongside SR-IOV. 
> > I'm running Mini-itx version which may be unsuitable for your needs as it 
> > only takes 32GB of ram but it would be pretty safe to assume that full-size 
> > AsRock X99 motherboards would also be fully compatible with Qubes.
> That isn't disabling ME, nor ME cleaner - you can NOT disable ME - it is 
> impossible even the HAP tool doesn't do so.
> 
> Your only hope is to buy hardware without it such as the new enough to 
> be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and 
> KCMA-D8 have libre firmware available and can play video games in a VM 
> via IOMMU-GFX, they also have dual onboard separate USB controllers (you 
> can use the second via a breakout bracket)

I ran me_cleaner with -s flag on it (setting HAP bit to 1) which supposedly 
halts ME execution after hardware init is finished.

Main issue with Talos2 isn't the fact that it's not a well known product, the 
main issue is that the most basic version, with no RAM, no SSD and no GPU costs 
$4,750 which makes it look as if privacy was the privilege of the rich.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8ef2a7f-41c7-4574-beb3-7f44b8e46ab7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

[Matteo]

> 
> Here are some things these users DONT want to do:
> Start a qube
> Stop a qube
> Start a disposableVM
> Look in the manager to see if there are updates.

at least a bit of the inner working must be known: disp vm is useful and
you have to stop a qube that you don't use to free some resources.
updates could be made automatic (or manual if a usere prefear this).

> Here are some of the things they want to do:
> Read their emails.
> Go online in a secure way.
> Browse without risking their emails/bank accounts
> Open a web browser that wont keep history/cant compromise their private
> stuff.
> Look at pictures from phones/ downloads as safely as possible.
> Keep their system updated.

I always used windows, and i find it easy to use:
just two buttons (mouse) + is all gui.
from long time i started using virtual box to open untrusted exe (any
exe) to increase my security and when i learnt about qubes i have found
it as a natural extension of what i was already doing.

i have found the qubes manager quite similar to the virtual box window
used to start, stop and edit vm settings and both were VERY nice and
EASEY to use.

i have not yet tested qubes 4 because i'm waiting for the definitive
version and because if vt-d and slat become mandatory i don't have them
so qubes will not run (on my pc i have only vt-x).

as a user i don't care in which language is written the manager, if it
is a single big app or small with plugins, i also understand that for a
developer it makes a huge difference.

i hope that a new manager will be written; or something where you can
find the state of the whole system without using the terminal.

i CAN use linux but i DON'T want to use it, i find gui much easier and
faster to use and to learn.
please don't force users to use a terminal, it is not going to work
https://www.xkcd.com/1168/

from qubes manager you could rightclick, open settings and just by
looking and clicking tabs you could see all the possible settings, for
example you could see that a setting " ammount of ram" existed and what
was its value.
how am i supposed to discover that such setting exists using a terminal?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc18b7e5-b09c-eaec-fa3b-70fae0d5fb9a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VM's fail to start after fixing chock-full LVM thinpool

['Tom Zander' via qubes-users]

On Friday, 8 December 2017 01:05:32 CET Patrick wrote:
> I found the problem!  My /var/lib/qubes/qubes.xml file was corrupted, so
> it could not be parsed correctly by qubesd. I restored a previous version
> from /var/lib/qubes/backup and now I am back in business! Thanks anyway
> for checking out my problem.  :-)

Thanks for reporting this!

This looks like a show-stopper bug to me.
The system should never be able to corrupt a critical file like that due to 
disk-full.

I reported it to the qubes devs;
https://github.com/QubesOS/qubes-issues/issues/3376

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3429712.PcA1Q6VB4G%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

['Tom Zander' via qubes-users]

On Friday, 8 December 2017 06:09:32 CET Chris Laprise wrote:
>  What I want
> to say is that people that do not like to experiment with computer just
> memorize what they are told and always do the same steps just happy that
> it works.

I fully agree with that and it mirrors my observations.

Personally I blame Windows for this as that one breaks so easy, and anyone 
else that at any time tells a person they are doing something "wrong".
Being told (as a non-tech person) you are doing it wrong is literally the 
worst thing you can do to that person as they will lose their ability to 
have confidence and subsequently they will lose their will to experiment.

An OS like Qubes will lose its objective if it starts telling people they 
are doing it wrong.
Instead, make every effort to show them the right way, and allow 
experimentation.
In other words; enforce correct behaviour and warn against (but do not 
forbid) possibly bad behaviour.


Anyhow,

I leared from your post that it was possible to start apps from the old QM, 
I never knew that, I never tried! :)

Thanks for sharing that!
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2670504.fyzs8cDxUL%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What happened to domain manager in 4?

['Tom Zander' via qubes-users]

On Friday, 8 December 2017 06:09:32 CET Chris Laprise wrote:
> There is the question of whether someone should try porting the original
> Qt-based Qubes Manager to R4.0. I mention this since the biggest
> complaint so far is not having a _comprehensive_ UI; Updating QM for the
> new Qubes API could be the most direct path to addressing that need.
> 
> I'd like to know what people think...

I’m a big fan of Qt, but the original was written in python (using the Qt 
python bindings) which is my least favourite choice in language, and on top 
of that the original QM had many problems for the user experience.

I also know that the “state of the art” in creating user interfaces has 
moved on and the technology used in the old app is end-of-lifed for some 
years now.

All in all, you’ll get a nicer app if you ignore the code of the old one.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1618250.N4Z28JSqJV%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

[pr0xy]

On 2017-12-03 01:07, Marek Marczykowski-Górecki wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Fri, Dec 01, 2017 at 02:46:55AM -0800, pr0xy wrote:
>> On 2017-12-01 10:30, awokd wrote:
>> > On Thu, November 30, 2017 22:36, pr0xy wrote:
>> >
>> >> Specifically I need to pass HTTP, HTTPS and FTP through
>> >> the corporate proxies. I modified your example to this:
>> >>
>> >> iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 80:443 -j DNAT --to
>> >> proxy.example.com:8080
>> >> iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 21 -j DNAT --to
>> >> proxy.example.com:10021
>> >>
>> >> I placed that in the /rw/config/rc.local of sys-net and made it
>> >> executable. Rebooting the machine shows that it's persistent, and they
>> >> show up in the PREROUTING section when I check
>> >> iptables --table nat --list
>> >>
>> >> Problem is that AppVMs connected to the sys-firewall > sys-net don't
>> >> seem to take advantage of those settings. For example, I can't use
>> >> Firefox to connect to internet sites without manually setting the proxy
>> >> in the browser. Likewise, TemplateVMs with the same routing can't
>> >> update.
>> >
>> > Might depend on how that corporate proxy is configured. For example, if it
>> > requires authentication. How friendly/linux savvy are the people who admin
>> > it?
>>
>> I'm the first person to run anything non-Windows in this network, so
>> this is new territory. It's a Squid 3.3.8 proxy for HTTP and HTTPS. The
>> FTP proxy is something else. There are no usernames or passwords
>> required for the proxy.
>>
>> They gave me all the settings and told me to work it out if I want to
>> use Qubes, so that's what I'm trying to do...
>>
>> >> Should I instead be making these iptables settings in a ProxyVM, and
>> >> connect like: AppVM/StandaloneVM/TemplateVM > ProxyVM > sys-firewall >
>> >> sys-net?
>> >
>> > This would be my approach for flexibility but either should work.
>>
>> All the documentation I'm seeing makes me think it should work as well.
>>
>> I'm not looking into the option of setting environment variables on each
>> template to see if that might work. So far the only other option that
>> has worked is to manually set the proxy in each piece of software, in
>> each AppVM.
> 
> Above iptables example will not work in most cases - HTTP direct
> connection and HTTP proxy connection have some differences. Client
> application must be aware that http proxy is being used.
> 
> There are two options:
> 1. Setup ProxyVM with some application that will intercept all the
> connections and wrap them into HTTP proxy connection. Tor can do that,
> but as a side effect you'll get all your traffic through tor. You can
> also setup some HTTP proxy in transparent mode (at least squid supports
> that).
> 
> 2. Configure each application, in each VM to use HTTP proxy.
> This may sound laborious, but in fact it is not: you can
> set http_proxy and https_proxy variables in your template(s) and all VMs
> based on it automatically will pick it up. Just create
> /etc/profile.d/proxy.sh and export appropriate variables from there.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJaHt2yAAoJENuP0xzK19csogEH/3MLAWIm1C6vqpX/iugoxLl6
> 4tk0x4KXKWsNNfR50ir/8INgLWWXrCxk9QbZXy010nC3Dp0TNso3ei6ae+fc25as
> 2aj36TOyDA8ztV5F0libiZFxDCWcfzskvW7GiC57JlOustCq2CTTkaz3p5eHyjp8
> ITnnOKpA/Ji7MTloxPNedw8hzpyMxJQudqryd7DDribbTHozG/xtBTRR/ZhPaIjI
> Z849e8uRj47xrPWyVyOtuP6KGy5Q79CYCk1qM3bCd9EKipYNwqUZGZsPkI3SAfhv
> xiM5YfP7Frc/62H64Z0KiieP9M5XIys64OWzK+trfSCCOzYafJDtJvti4q02s0o=
> =vfFi
> -END PGP SIGNATURE-

THANKs Marek!

I may try a transparent proxy in a VM at some point, but for now I went
with your second suggestion and added this to /etc/profile.d/proxy.sh in
Fedora and /etc/environment in Debian templates:

export http_proxy=http://proxy.example.com:8080
export https_proxy=http://proxy.example.com:8080
export ftp_proxy=http://proxy.example.com:10021

It seems to work for most browsers and other apps that need a web
connection. No need to set the HTTP proxy in all my apps. That's a time
saver.

===

How can I set this for the Qubes Updates Proxy?
System > Global settings > UpdateVM

I've tried adding these proxy rules to Fedora and basing my sys-firewall
and sys-net on that. Updating templates "Fail to synchronize cache for
repo 'updates'" when I try setting the UpdateVM and TemplateVM to
anything but sys-whonix.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/08/2017 03:07 AM, taii...@gmx.com wrote:

Your only hope is to buy hardware without it such as the new enough to 
be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and 
KCMA-D8 have libre firmware available and can play video games in a VM 
via IOMMU-GFX, they also have dual onboard separate USB controllers 
(you can use the second via a breakout bracket)


Forgot to add, there is also POWER9 (ex: TALOS 2) which is owner 
controlled and fully open source, one can even replace the microcode.


While POWER has an IOMMU and all the other technical features to run 
qubes the devs do not compile it for POWER arch yet.


Some ARM CPU's has a IOMMU like technology (GICv3) but I am not sure 
about the technical details, plus many ARM CPU's are not owner 
controlled or are made by fly-by-nite chinese companies.


It isn't as if there are no options - people simply keep buying the 
mainstream stuff.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc934e5f-f997-55b6-83c5-8537a33a662e%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/08/2017 02:43 AM, Yethal wrote:


W dniu czwartek, 7 grudnia 2017 21:23:18 UTC+1 użytkownik Wael Nasreddine 
napisał:

Hello,

I'm looking to build a new Desktop specifically for Qubes OS, so my most 
important requirement is compatibility. I currently have 64GB (4 x 16GB) 
288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
looking for a recommendation for the motherboard and CPU. Preferably a 6+ cores 
CPU. What do you guys use?

I'm aware of the HCL page, but I'm mostly interested in knowing your personal 
experience with your current hardware.

[0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264

Zero issues with i7-6800K on an AsRock X99 board. Has PS/2 port, disabling 
Management Engine is possible via built in flashing tool, all hardware sensors 
were detected and it supports PCI-E bifurcation alongside SR-IOV. I'm running 
Mini-itx version which may be unsuitable for your needs as it only takes 32GB 
of ram but it would be pretty safe to assume that full-size AsRock X99 
motherboards would also be fully compatible with Qubes.
That isn't disabling ME, nor ME cleaner - you can NOT disable ME - it is 
impossible even the HAP tool doesn't do so.


Your only hope is to buy hardware without it such as the new enough to 
be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and 
KCMA-D8 have libre firmware available and can play video games in a VM 
via IOMMU-GFX, they also have dual onboard separate USB controllers (you 
can use the second via a breakout bracket)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b65b766c-aabb-5317-d2fa-d138a0aacb91%40gmx.com.
For more options, visit https://groups.google.com/d/optout.