Re: [qubes-users] Re: amd gpu's

['awokd' via qubes-users]

On Thu, December 28, 2017 2:42 am, cooloutac wrote:
> On Wednesday, December 27, 2017 at 8:40:03 PM UTC-5, Styles Grant wrote:
>
>> Obviously theres some issues with amd discreet gpu and qubes, to put it
>> slightly. Uh, theres one example on the hardware compatibility list
>> that stood out though as a bit of encouragement
>>
>> "ASRock AB350 Pro4
>> Ryzen 5 1600 AMD AMD Radeon HD"
>>
>>
>> Uh, I'd like to try. I've had others have lots of issues with
>> passthrough. And some folks even trying to put mining on a qubes
>> system. I'd be willing to just set up an integrated intel gpu to run
>> qubes if it came to it, but I'm genuinely curious and willing to hack
>> at the issue.
>>
>> I do hope I can get the amd cpu to cooperate with qubes.
>>
>
> defeats the purpose I would just use integrated.

Not sure what you mean, Styles. Discrete GPU passthrough can be difficult
to set up, but your chances will be better with AMD than nvidia. Go for an
RX 580 or older, I've seen reports of Vega not working. Qubes uses Xen, so
you can broaden your search. Mining on Qubes does seem a bit "wrong", it's
going to hurt the hash rate.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddfec614c37c4ebf8b5094bb8b641614.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/27/2017 11:05 PM, cooloutac wrote:


sorry for the spam I don't mean to make fun.

You only do that to yourself.

You are immature and you are going to get someone killed if you keep 
this up.

Basically I can't see it being easier to exploit the ps/2 then usb.   For one 
how can you spoof a device?  And there is no other free ports, so can't have 
multiple devices.
This is why I don't want you giving advice because you have absolutely 
zero idea of what you are doing and you simply refuse to learn.


Someone in a third world country is going to get his disk password read 
by the government hitmen in the basement of his apartment complex (read 
the article I provided) and he is going to die because of all the 
bullshit spun forth on this listserv, or (venezuela) his crypto-currency 
will be stolen and he will be un-able to feed his family.

https://www.washingtonpost.com/news/worldviews/wp/2017/03/10/bitcoin-mining-is-big-business-in-venezuela-but-the-government-wants-to-shut-it-down/
Why are you so naive? How can you not believe that this happens? People 
are dying because they have poor security.

It seems to me you should be more worried about the actual keyboard you are 
using then what board you are connecting it to.
Mine is made in the united states by a trustworthy company, and it 
doesn't have re-writable memory as nearly every keyboard on the market does.


Money well spent as I will never have to purchase another one, already a 
decade and a half old but it still looks good as new.

   And then if we really want to get down to PARANOID.  They might as well put 
listening devices in there as well as recording all your keystrokes lol.  Maybe 
put a microscopic camera in your keyboard too.

Who do you think is tapping the "ground wire" of your keyboard?   Is it the 
CIA?  hehe...
This isn't about me - who lives in a safe and free western country - 
this is about the people who you are giving dangerous advice to who for 
all I know could be dissidents in one of the worlds less friendly places 
to live.


On 12/27/2017 10:52 PM, cooloutac wrote:


Just realized that you prefer to have mouse and kb on the same usb controller 
rather then using ps/2 port.
There isn't anything wrong with that, both are critical input devices 
and can do near equally as much damage.

If you can't trust your keyboard and mouse you have already lost.

You seem to not have noticed that the developers mentioned a PS/2 
internal *laptop* keyboard not a desktop keyboard (to avoid laptop USB 
based attacks) - there is a large difference between the one in your 
laptop and the one connected to a traditional port on a desktop the 
protocol is the same but the physical characteristics of the cable are 
different, most laptops lack a ground wire and one can simply unplug 
from the wall if they do or obtain a ground removal plug.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c106c488-5976-9c10-d026-3cd3e43bee6e%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[cooloutac]

On Wednesday, December 27, 2017 at 11:05:22 PM UTC-5, cooloutac wrote:
> sorry for the spam I don't mean to make fun.   Basically I can't see it being 
> easier to exploit the ps/2 then usb.   For one how can you spoof a device?  
> And there is no other free ports, so can't have multiple devices.
> 
> It seems to me you should be more worried about the actual keyboard you are 
> using then what board you are connecting it to.  And then if we really want 
> to get down to PARANOID.  They might as well put listening devices in there 
> as well as recording all your keystrokes lol.  Maybe put a microscopic camera 
> in your keyboard too.  
> 
> Gaming keyboards are probably the most unsafe.   lol I got one that has two 
> usb wires,  one to program the keyboard.  I just never plug that one in, I'm 
> actually still not sure whats its for lmao,but it still has macros and I 
> wouldn't plug that keyboard into a machine with sensitive data.

All my workstation boards also have two controllers.   one for the two usb 
ports next to the ps/2.   I've always assumed for mouse and keyboard.   

But I consider my sys-usb unsafe.  And even if you use a separate vm for mouse 
and kb its still proxying and still used for the most sensitive tasks.   I use 
a mouse proxy from sys-usb,  only after following Mareks advice of having 
screenlock come on in a min or two so attacker doesn't have time to do 
anything.   But I would never risk using a kb like that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bbb0d9c-087a-4626-b4e6-5460319b4e2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[cooloutac]

sorry for the spam I don't mean to make fun.   Basically I can't see it being 
easier to exploit the ps/2 then usb.   For one how can you spoof a device?  And 
there is no other free ports, so can't have multiple devices.

It seems to me you should be more worried about the actual keyboard you are 
using then what board you are connecting it to.  And then if we really want to 
get down to PARANOID.  They might as well put listening devices in there as 
well as recording all your keystrokes lol.  Maybe put a microscopic camera in 
your keyboard too.  

Gaming keyboards are probably the most unsafe.   lol I got one that has two usb 
wires,  one to program the keyboard.  I just never plug that one in, I'm 
actually still not sure whats its for lmao,but it still has macros and I 
wouldn't plug that keyboard into a machine with sensitive data.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58b5d14e-ae6e-4024-b249-8a549a941619%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[cooloutac]

Just realized that you prefer to have mouse and kb on the same usb controller 
rather then using ps/2 port.  

Who do you think is tapping the "ground wire" of your keyboard?   Is it the 
CIA?  hehe...
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94beeb6b-cd4e-46bf-afb2-56a279fcec42%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[cooloutac]

On Wednesday, December 27, 2017 at 10:27:28 PM UTC-5, tai...@gmx.com wrote:
> On 12/27/2017 09:40 PM, cooloutac wrote:
> 
> > I would suggest, as advice I followed from qubes docs,  is to just try to 
> > find a board that has a manual describing iommu/vt-d options as available. 
> > Preferably manual stating its on by default. The best of all scenarios 
> > being a manual that shows a picture of the option with it enabled.
> That doesn't mean anything, I have bought two boards that had what you 
> describe and what do you know they didn't actually support it (and these 
> were server/embedded boards)
> This is why one should purchase a board with libre firmware so any 
> issues can be fixed as I always suggest.
> 
> I also suggest not calling IOMMU "VT-d" as that makes people think it is 
> an intel only technology (AMD's is AMD-Vi - both should be referred to 
> by the generic name)
> > I would also suggest something with a ps/2 port for your keyboard, and 
> > using a usb to ps/2 adapter for better security.
> Stop giving out bad advice.
>   what you are doing can get people killed 
> Qubes is used by people in oppressive regimes where a single mistake 
> will end your life and the lives of your family.
> 
> As I have stated before PS/2 is the furthest thing from secure due to 
> leaks on the ground wire.
> https://www.pcworld.com/article/161166/article.html
> Ideally you would have more than one USB controller - and the 
> KCMA-D8/KGPE-D16 have two. One for keyboard and mouse one for USB flash 
> drives or what not and both without shared assets or board integrated 
> non removable devices such as the common setup on a laptop where there 
> is some silly no longer security updated "security" co-processor or what 
> not always hooked up to one of the USB controllers.
> 
> 
> Look man I know what it was like to be your age and wanting approval, 
> wanting to be helpful even just when it comes to random people on the 
> internet but you gotta stop and let the experts handle tech support for 
> software like this.
> Learn more and then please go help on a forum where the stakes are not 
> so high.

lmao.  "CIA invented the word paranoid..."quote of the day...   you are 
definitely libre thats for sure hahah.

So you mean it was enabled by default and shown with a picture in the manual,  
and it was a server board and it still didn't work.   I'll have to take your 
word for it, because I would assume most server boards would work fine.  I was 
referring to workstation boards and have had the opposite experience...

You troll me on the ps/2 thing alot.  I'm giving out the same advice I have 
learned from Qubes docs and their forum posts.  I think most users would 
disagree with you but maybe I'm wrong.  Next you are going to tell me this is 
not a forum but a mailing list lol...

at least your posts are entertaining.  most libre people are...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8f0acff-c33c-41bd-86b0-c4cdcdc79098%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/27/2017 09:40 PM, cooloutac wrote:


I would suggest, as advice I followed from qubes docs,  is to just try to find 
a board that has a manual describing iommu/vt-d options as available. 
Preferably manual stating its on by default. The best of all scenarios being a 
manual that shows a picture of the option with it enabled.
That doesn't mean anything, I have bought two boards that had what you 
describe and what do you know they didn't actually support it (and these 
were server/embedded boards)
This is why one should purchase a board with libre firmware so any 
issues can be fixed as I always suggest.


I also suggest not calling IOMMU "VT-d" as that makes people think it is 
an intel only technology (AMD's is AMD-Vi - both should be referred to 
by the generic name)

I would also suggest something with a ps/2 port for your keyboard, and using a 
usb to ps/2 adapter for better security.

Stop giving out bad advice.
 what you are doing can get people killed 
Qubes is used by people in oppressive regimes where a single mistake 
will end your life and the lives of your family.


As I have stated before PS/2 is the furthest thing from secure due to 
leaks on the ground wire.

https://www.pcworld.com/article/161166/article.html
Ideally you would have more than one USB controller - and the 
KCMA-D8/KGPE-D16 have two. One for keyboard and mouse one for USB flash 
drives or what not and both without shared assets or board integrated 
non removable devices such as the common setup on a laptop where there 
is some silly no longer security updated "security" co-processor or what 
not always hooked up to one of the USB controllers.



Look man I know what it was like to be your age and wanting approval, 
wanting to be helpful even just when it comes to random people on the 
internet but you gotta stop and let the experts handle tech support for 
software like this.
Learn more and then please go help on a forum where the stakes are not 
so high.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9834743-6222-be90-7f78-d26f9dd0c8b7%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install software on templates (Qubes 4.0)

[cooloutac]

On Wednesday, December 27, 2017 at 7:49:55 PM UTC-5, Eric Scoles wrote:
> I don't know what you're asking me to try.

you can connect to the fedora repos but nothing else.  unless that program 
comes from 3rd party repo it should just work.

have you tried the 2016 version?  That one is beta prolly why its not in the 
repos.  2018 is only on windows according to their website.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b9687b7-7e46-4908-b2a0-7342cbdffb9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/27/2017 04:50 PM, Marco Silva wrote:


Pretty much any server hardware will work fine, personally I'm running a Tyan 
S7050 motherboard with a couple of E5-2667 V2 CPU's and 64gb of samsung ddr 3 
ecc ram a couple of ssd's in (fake) raid 0 and 2 AMD gpu's. Unless you're 
pretty paranoid I wouldn't go with really old and slow hardware. If you have a 
decent amount of ddr4 I would look for an AMD Ryzen.

https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option

ME/PSP can't be disabled peroid - that article is inaccurate and the 
"disable" option simply shuts off part of the OS visibility of PSP (the 
PCI device)
ME cleaner only nerfs ME, the companies like dell, system76 and the 
purism scammers are lying to make more money - ask anyone with serious 
firmware engineering skills it CANT be disabled bottom line.


The Opteron 6386 is faster than your E5-2667 and it lacks the ME/PSP 
virus - it can also play new games at high settings in a VM via IOMMU-GFX.


https://www.cpubenchmark.net/cpu.php?cpu=Intel+Xeon+E5-2667+%40+2.90GHz
https://www.cpubenchmark.net/cpu.php?cpu=AMD+Opteron+6386+SE

If you weren't "pretty paranoid" aka security conscious you wouldn't be 
using qubes would you?


The CIA created the term "paranoid" so that people could say "oh don't 
be a paranoid weirdo" - which was silly as there were so very many 
soviet spies back then so people should have been more paranoid.


On 12/27/2017 04:29 PM, Wael M. Nasreddine wrote:


On Fri, Dec 22, 2017 at 8:48 AM taii...@gmx.com  wrote:


I would buy the RAM and CPU off of ebay, there is no reason to pay
$80/ea for that ram or $172 for a 6380 ($100 on ebay) you could get a
6386SE for that price. (needs 140W cooler FYI) No reason to get the
"protection plan" for anything either its a waste of money.

The cheapest I found the 6380 on ebay is 129.95

https://www.ebay.com/itm/372177489204 I found cheaper but with higher
shipping fee. I wasn't ablet to find a good/cheap 1600 DDR3 sticks. I did
find a cheaper board https://www.ebay.com/itm/13244721 I'll buy the
board for now and continue looking for the rest. Your help would be
appreciated, are you anywhere on irc?

Don't buy a used board dude get a new one.
All RAM is the pretty much the same FYI there are only so many OEM's the 
only difference is branding no more "good ram" or "bad cheap ram" these 
days, and when it comes to server RAM ECC will let you know of any 
issues before they cause trouble.


I am not on IRC but as always you can email me personally for libre 
hardware buying advice.

Hey I am curious are you from the middle east?

On 12/27/2017 02:49 PM, Wael M. Nasreddine wrote:


I have a 1U server and it's pretty loud, unusable as a Desktop machine, are
the 4U also loud? Any suggetions on a specific case?

4U always is recommended as you can use larger fans, with decent fans 
and running fancontrol or the OpenBMC firmware on the KCMA-D8 and 
KGPE-D16 they are almost silent and one can watch a film without complaint.


Coreboot doesn't do fan control so the fans are set at 100% thus one 
needs to either one of those.


On 12/27/2017 09:05 PM, Wael M. Nasreddine wrote:


I currently have an ASRock Z170 Pro4
and an
i7-6700k 
and I found it crashing from time to time for no particular reason, I might
give the AMD Ryzen

a chance but I'm not sure if it'll work better. I also have my eye out for
the 2018 XPS 15 laptop which will come with 6 cores CPU; I'm honestly bit
lost on what to choose for the best compatibility with Qubes. I prefer a
laptop (if it's strong enough but also has to be light) and I can go with a
Desktop if it would be the most compatible.
A KGPE-D16/KCMA-D8 for a server/workstation, or a Lenovo G505S for a 
laptop would be the most compatible as they have a version of coreboot 
with open source hardware init any problems can easily be fixed. You can 
play games in a VM on all three via an attached graphics card (or an 
EGPU for the laptop).


Honestly man I feel hurt that you want to get a ryzen or some new intel 
laptop instead of a libre firmware supporting board :< why even ask for 
advice if you don't wanna listen to the expert?


With a KGPE-D16 one can have 32 cores and 192GB RAM total for not much 
money at all plus the OpenBMC libre secure remote management firmware - 
it would be a lot better.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.

[cooloutac]

On Wednesday, December 27, 2017 at 9:44:05 PM UTC-5, cooloutac wrote:
> On Wednesday, December 27, 2017 at 8:29:55 PM UTC-5, dangm...@gmail.com wrote:
> > On Wednesday, December 27, 2017 at 4:55:39 PM UTC-8, dangm...@gmail.com 
> > wrote:
> > > Seems to be working, as I am now halfway done with the download with only 
> > > 2 more hours to go.
> > 
> > After several hours of downloading, the connection was dropped (24hr 
> > captive portal), and now I have to start all over again.
> > 
> > keepcache doesn't seem to have any effect in dnf.conf or yum.conf.
> > 
> > 
> > Perhaps it's a server issue, but it will not resume the transfer.
> 
> try changing dns servers.   google yum command to change servers you download 
> from.

lol i forgot there is no more yum.  have you tried this already?  sudo gedit 
/etc/dnf/dnf.conf   fastmirror=true

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11031f84-46a8-44ca-ac5e-da3e806825a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS and latest hardware (8700K)

[cooloutac]

On Wednesday, December 27, 2017 at 3:37:17 AM UTC-5, vuojo...@googlemail.com 
wrote:
> On Thursday, December 14, 2017 at 3:19:02 PM UTC+2, Chris wrote:
> > Hi,
> > 
> > 
> > 
> > will Qubes OS 3.2 work with the 8700K desktop CPU that was just released? 
> > I've heard conflicting reports. If not, will 4.0 support it? I read that 
> > you need Kernel 4.12 (I believe) but even Qubes 4.0 seems to be stuck with 
> > 4.8...
> > 
> > 
> > 
> > Is this just a matter of "perfect" support or are they talking about not 
> > even running on 8700K with a lower kernel version?
> > 
> > 
> > 
> > The same question popped up for the new DELL XPS, which runs then 8th gen 
> > mobile CPUs. I guess the support question is similar here?!
> > 
> > 
> > 
> > Thanks!
> 
> I tried to install 4.0 RC3 on my desktop with 8700K. After the installation 
> the boot failed before even asking LUKS password.

what was error message?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e26e14fd-bc53-41f8-a878-9d27f4c87a70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)

[cooloutac]

On Wednesday, December 27, 2017 at 1:33:55 PM UTC-5, Tom Zander wrote:
> On Wednesday, 27 December 2017 00:34:38 CET Leo Gaspard wrote:
> > > I'm more concerned that they tried then how they failed.
> > > It leaves a bad taste in my mouth.
> 
> > tl;dr: please do google for “looking glass” and “mozilla”
> 
> Its good we agree on all the technical details, and I agree intent is tricky 
> to guess about.
> 
> I definitely will not advice people either way, my opinion is irrelevant and 
> browsers are not my specialty.
> 
> The situation left a bad taste in my mouth, I had to conclude that their 
> priorities are not aligned with mine. Your millage may vary.
> -- 
> Tom Zander
> Blog: https://zander.github.io
> Vlog: https://vimeo.com/channels/tomscryptochannel

chrome doesn't have a good track record either.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27b6e79a-a91c-44bf-98c9-8ce561447c23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.

[cooloutac]

On Wednesday, December 27, 2017 at 8:29:55 PM UTC-5, dangm...@gmail.com wrote:
> On Wednesday, December 27, 2017 at 4:55:39 PM UTC-8, dangm...@gmail.com wrote:
> > Seems to be working, as I am now halfway done with the download with only 2 
> > more hours to go.
> 
> After several hours of downloading, the connection was dropped (24hr captive 
> portal), and now I have to start all over again.
> 
> keepcache doesn't seem to have any effect in dnf.conf or yum.conf.
> 
> 
> Perhaps it's a server issue, but it will not resume the transfer.

try changing dns servers.   google yum command to change servers you download 
from.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84a8758a-3eac-42c9-b3b7-62cbf4cfbcec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: amd gpu's

[cooloutac]

On Wednesday, December 27, 2017 at 8:40:03 PM UTC-5, Styles Grant wrote:
> Obviously theres some issues with amd discreet gpu and qubes, to put it 
> slightly. Uh, theres one example on the hardware compatibility list that 
> stood out though as a bit of encouragement
> 
> "ASRock AB350 Pro4 
> Ryzen 5 1600 AMD AMD Radeon HD"
> 
> Uh, I'd like to try. I've had others have lots of issues with passthrough. 
> And some folks even trying to put mining on a qubes system. I'd be willing to 
> just set up an integrated intel gpu to run qubes if it came to it, but I'm 
> genuinely curious and willing to hack at the issue. 
> 
> I do hope I can get the amd cpu to cooperate with qubes.

defeats the purpose I would just use integrated.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/019bb8a0-0820-4f2b-ba68-28c0cab0a9fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: new Desktop build recommendation

[cooloutac]

On Thursday, December 7, 2017 at 3:23:18 PM UTC-5, Wael Nasreddine wrote:
> Hello,
> 
> I'm looking to build a new Desktop specifically for Qubes OS, so my most 
> important requirement is compatibility. I currently have 64GB (4 x 16GB) 
> 288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
> looking for a recommendation for the motherboard and CPU. Preferably a 6+ 
> cores CPU. What do you guys use?
> 
> I'm aware of the HCL page, but I'm mostly interested in knowing your personal 
> experience with your current hardware.
> 
> [0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264


I would suggest, as advice I followed from qubes docs,  is to just try to find 
a board that has a manual describing iommu/vt-d options as available. 
Preferably manual stating its on by default.   The best of all scenarios being 
a manual that shows a picture of the option with it enabled.

I would also suggest something with a ps/2 port for your keyboard, and using a 
usb to ps/2 adapter for better security.

integrated gpu is all you need.  I would suggest 16-32gb of ram.

best of luck.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5142cbf-f4bf-4381-9714-8f0958f26d9c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[Wael M. Nasreddine]

I currently have an ASRock Z170 Pro4
and an
i7-6700k 
and I found it crashing from time to time for no particular reason, I might
give the AMD Ryzen

a chance but I'm not sure if it'll work better. I also have my eye out for
the 2018 XPS 15 laptop which will come with 6 cores CPU; I'm honestly bit
lost on what to choose for the best compatibility with Qubes. I prefer a
laptop (if it's strong enough but also has to be light) and I can go with a
Desktop if it would be the most compatible.


On Wed, Dec 27, 2017 at 1:50 PM Marco Silva 
wrote:

> Pretty much any server hardware will work fine, personally I'm running a
> Tyan S7050 motherboard with a couple of E5-2667 V2 CPU's and 64gb of
> samsung ddr 3 ecc ram a couple of ssd's in (fake) raid 0 and 2 AMD gpu's.
> Unless you're pretty paranoid I wouldn't go with really old and slow
> hardware. If you have a decent amount of ddr4 I would look for an AMD Ryzen.
>
> https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/50e8345e-94c2-4655-aa9c-996cadc513fb%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2BkKtKDW6rKk6%3DRq_nGr%2BxuXfW%2BNa2w7Zh1a%2BtjcTsMocD788Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] amd gpu's

[Styles Grant]

Obviously theres some issues with amd discreet gpu and qubes, to put it 
slightly. Uh, theres one example on the hardware compatibility list that stood 
out though as a bit of encouragement

"ASRock AB350 Pro4 
Ryzen 5 1600 AMD AMD Radeon HD"

Uh, I'd like to try. I've had others have lots of issues with passthrough. And 
some folks even trying to put mining on a qubes system. I'd be willing to just 
set up an integrated intel gpu to run qubes if it came to it, but I'm genuinely 
curious and willing to hack at the issue. 

I do hope I can get the amd cpu to cooperate with qubes. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ccfa556-b28b-4add-ad6d-2b8b09682c85%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.

[dangmadzyu]

On Wednesday, December 27, 2017 at 4:55:39 PM UTC-8, dangm...@gmail.com wrote:
> Seems to be working, as I am now halfway done with the download with only 2 
> more hours to go.

After several hours of downloading, the connection was dropped (24hr captive 
portal), and now I have to start all over again.

keepcache doesn't seem to have any effect in dnf.conf or yum.conf.


Perhaps it's a server issue, but it will not resume the transfer.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6690f4e-7256-420d-a922-cd0a638c6fec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to install software on templates (Qubes 4.0)

[Eric Scoles]

I've tried manually placing the Softmaker Office 2018 RPM into the fedora-25 
template and installing is using 'rpm' from the command line. This did cause 
the applications to become available in templates, but they won't run because 
apparently the RPM creates files in user space. Next up I'll probably just run 
it in the VM & see if it creates the files I need.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/065675ed-1991-4ce6-b590-2a0c9f4c1ed9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] WiFi usb adapter does not work (inconstantly "iwlist wlan0 scan" works, NetworkManager does not)

[qubesuser02]

Hello,

My WiFi usb adapter does not work in my NetVM "sys-wifi" while driver is 
installed.

Settings:
- fresh Qubes 3.2 installation (+ recent updates)
- TemplateVM Fedora 25 (+ recent updates, + dkms installed, + newest wifi 
driver for my device (https://github.com/lwfinger/rtl8188eu) installed
- NetVM: "sys-wifi" (template Fedora 25) created and passed WiFi usb adapter 
through usb qube (sys-usb) to

Terminal results of NetVM "sys-wifi":
"lsusb" shows my adapter.
"lsusb -t" shows: "Driver=r8188eu"
"NetworkManager -V" shows 1.4.6-1.fc25
NetworkManager (in the system tray) shows "Wi-Fi Networks disconnected"
WiFi USB device LED blinks every 5-10s

"iwlist wlan0 scan" shows correct results (cells and their Details) only, if I 
hit the command while the device is blinking. This seems to me very strange 
(maybe this has to do with something like usb power management?)

I have no clue what to do further and hope you can help me.

Thank you very much.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/037b80e3-f003-4441-b3fe-d05badc3e7e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

[Unman]

On Thu, Dec 21, 2017 at 10:57:26PM -0800, pr0xy wrote:
> On 2017-12-19 15:33, Unman wrote:
> > On Tue, Dec 19, 2017 at 03:09:05PM +0100, 'Tom Zander' via qubes-users 
> > wrote:
> >> On Monday, 18 December 2017 10:13:48 CET pr0xy wrote:
> >> > I am still a bit stuck concerning the Qubes Update Proxy. Where would I
> >> > set the environment variables for my corporate proxy so that I could
> >> > update dom0, templates and VMs?
> >>
> >> You should add sys-net to your template VM if you want that since the proxy
> >> that is in place today is to avoid your template VM from accessing the
> >> intranet or internet outside of your own machine.
> >>
> >> Then google on where the template operating system (Fedora or Debian etc)
> >> sets proxies for doing the command-line update, the configuration is the 
> >> same
> >> as Fedora or Debian etc.
> >> I don’t know fedora at all,
> >> in archlinux you’ll have a file in /etc/pacman/ which sets the current 
> >> proxy,
> >> in debian you’ll likely have one in /etc/apt/
> >>
> >> grep -R -i  PROXY /etc/*
> >>
> >> may be useful too.
> > 
> > Tom
> > 
> > Ive suggested before that if you give this advice you should
> > clearly state the consequences.
> > 
> > op - please dont do this. sys-net will not enforce a firewall and it is
> > bad practice to expose your templates in this way.
> > 
> > i understand you chose  not to use the iptables route.
> > If you want to combine the Qubes proxy with an external proxy on
> > your network you should be able to do this by editing the tinyproxy.conf
> > file. You will find this in /etc/tinyproxy.
> > 
> > Qubes uses tinyproxy for all the template updates. you can make
> > tinyproxy use an external proxy.
> > The change you need to make is:
> > upstream  host:port
> > 
> > check the documentation at
> > https://tinyproxy.github.io
> > 
> > unman
> 
> I did try the iptables method you suggested, but like Marek said, the
> applications weren't aware of the proxy and didn't use it. I would just
> get failed connections without setting the proxy in each piece of
> software in each AppVM. The environment variable setting seemed to work
> better in the AppVMs.
> 
> I tested setting the upstream  host:port in the tinyproxy.conf of
> sys-firewall. That didn't seem to work as I couldn't get Template
> updates to connect to look for updates. I also tested setting this same
> method on sys-net, but with the same results. 
> 
> I also asked around on IRC about this, and was told that the Qubes
> Update Proxy could be adjusted from here:
> 
> /etc/systemd/system/multi-user.target.wants/qubes-updates-proxy.service
> 
> Wasn't sure how I could manipulate the proxy from there, but it does
> point to tinyproxy at /etc/tinyproxy/tinyproxy-updates.conf
> I tried adding the upstream  host:port to that file on sys-firewall, but
> the template updates still give me an "Error: Failed to synchronize
> cache for repo 'updates'" The result was the same attempting the same
> setting on sys-net.
> 
> 

Its very difficult to troubleshoot this without knowing more about what
is happening at the proxy , and in the Qubes networking.

Those iptables rules work with squid as a transparent proxy without any
client configuration. But they dont work for you. Please make sure that
you therefore remove any trace of them from your system.

As setting the proxy in tinyproxy didn't work for you either make sure
you  remove those entries too.

I  suspect the best thing to try is to to edit the qubes proxy config
file in the template. In a Debian template its in /etc/apt/apt.conf.d and
in Fedora /etc/yum.conf.d or /etc/dnf/dnf.conf
(Sorry to be vague but i dont have a Qubes box to hand.)


Edit the file so that it points to your corporate proxy instead of the
10.137.255.254 host.
Then make sure that you add the corporate proxy IP and port to allowed
in the template firewall.
You should be able to use just the HTTPS proxy port for both HTTP and
https traffic from the template.

good luck

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171228010748.igkrp6w32emwpxen%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.

[dangmadzyu]

On Tuesday, December 26, 2017 at 6:02:57 PM UTC-8, dangm...@gmail.com wrote:
> Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my 
> debian template by removing qubes-gui-agent and pulseaudio. 
> 
> Was unable to find way to undo damage. 
> 
> Opted to reinstall template, but I cannot download it without my connection 
> dropping, and thus timing me out. dnf does not resume the download, despite 
> it claiming to be saving the download to cache.
> 
> I have put keepcache=true in dnf.conf, with no results.
> 
> 
> cannot wget from dom0. Should I wget from some other VM?



Hm. I wasn't notified of these responses. I appreciate everyone's input.


I ended up editing yum.conf, under [main], and adding minrate=1, and 
timeout=2000.

(I also edited keepcache to 1)

Now yum/dnf doesn't timeout after periods of slow transfer speeds.


Seems to be working, as I am now halfway done with the download with only 2 
more hours to go.


A apologize, this seems to be a yum issue and not a qubes issue. I just wasn't 
sure what was going on behind the scenes and was under the impression that yum 
had no problems with resuming downloads. I thought maybe qubes-dom0-update was 
breaking that. 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92ca946b-4fe8-4707-936e-ac83c90bb366%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install software on templates (Qubes 4.0)

[Eric Scoles]

I don't know what you're asking me to try.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15ce6b3c-22b6-4558-848f-45eb7460f727%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.

[Unman]

On Tue, Dec 26, 2017 at 06:05:22PM -0800, dangmad...@gmail.com wrote:
> On Tuesday, December 26, 2017 at 6:02:57 PM UTC-8, dangm...@gmail.com wrote:
> > Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my 
> > debian template by removing qubes-gui-agent and pulseaudio. 
> > 
> > Was unable to find way to undo damage. 
> > 
> > Opted to reinstall template, but I cannot download it without my connection 
> > dropping, and thus timing me out. dnf does not resume the download, despite 
> > it claiming to be saving the download to cache.
> > 
> > I have put keepcache=true in dnf.conf, with no results.
> > 
> > 
> > cannot wget from dom0. Should I wget from some other VM?
> 
> 
> Qubes 3.2
> qubes-dom0-update --action=reinstall qubes-template-debian-8
> 

There is no reason why you should not download using wget or a standard
browser.
Dont forget to validate the package - rpm -K

Once you are satisfied you can copy the file in to dom0 -
www.qubes-os.org/doc/copy-from-dom0

Then install the package using dnf install.

I would strongly recommend cloning a template and working in the cloned
version if you want to make major changes like this.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171228002950.t7kjdove2lfiuerz%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0 rc3 Windows ISO issues

[jsmith5634h]

So I managed to get past this bug by starting a fresh VM and using qvm-prefs 
kernel parameter set to ''. This results in the VM at least recognizing the iso 
and starting the windows installation process. Unfortunately it crashes at the 
Windows logo. Looking around it does look like others are in the same position.

Is there anyone out there who has got it to work? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c92800f-66f6-4d6e-904d-447d5d524492%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

['awokd' via qubes-users]

On Tue, December 26, 2017 8:48 pm, yreb...@riseup.net wrote:
> On 2017-12-26 10:14, awokd wrote:
>
>> On Tue, December 26, 2017 7:15 pm, yreb...@riseup.net wrote:
>>
>>> fwiw, I am unable to actually add backupVM diskspace for the same
>>> reason, duh.  I think my only option is to remove the huge dom0 file ,
>>> but I'm still wondering how do I get a system wide understanding of
>>> how 3.2  is using the 1GB  HD,  seems should be otherwise plenty of
>>> room to run 3.2 ... sigh
>>>
>>
>> In dom0, do
>> cd / du -hd1
>>
>> then cd into large directories and repeat du -hd1.
>
> Ok, thx
>
>
> only thing seems strange is in a Debian AppVM (my only Deb AppVM)  I have
> 2 files private.img and volatile.img  which  end up  *near 1.3Gb
> any idea  if this is normal ?

1.3GB is not a lot of space so yes, that's pretty normal.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b878405adff195a3029c5c13f9f5431.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505s with Coreboot and Qubes R4-rc3 fails to boot

['awokd' via qubes-users]

On Wed, December 27, 2017 6:05 pm, taii...@gmx.com wrote:
> What version of coreboot are you using, they are removing AGESA from the
> latest versions due to some dumb choices by the leadership.

I'm not sure that's accurate. From the thread on the Coreboot mailing list
a few months ago, it sounded to me like they had been considering it, but
someone did the work necessary to keep them alive.

And Blooorp, you might want to try that mailing list too if you are still
stuck! Would be more there who'd know about Coreboot specific issues.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d37590c09a41594201fa47c5521843f.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[Marco Silva]

Pretty much any server hardware will work fine, personally I'm running a Tyan 
S7050 motherboard with a couple of E5-2667 V2 CPU's and 64gb of samsung ddr 3 
ecc ram a couple of ssd's in (fake) raid 0 and 2 AMD gpu's. Unless you're 
pretty paranoid I wouldn't go with really old and slow hardware. If you have a 
decent amount of ddr4 I would look for an AMD Ryzen.

https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50e8345e-94c2-4655-aa9c-996cadc513fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[Wael M. Nasreddine]

On Fri, Dec 22, 2017 at 8:48 AM taii...@gmx.com  wrote:

> I would buy the RAM and CPU off of ebay, there is no reason to pay
> $80/ea for that ram or $172 for a 6380 ($100 on ebay) you could get a
> 6386SE for that price. (needs 140W cooler FYI) No reason to get the
> "protection plan" for anything either its a waste of money.
>
> The cheapest I found the 6380 on ebay is 129.95
https://www.ebay.com/itm/372177489204 I found cheaper but with higher
shipping fee. I wasn't ablet to find a good/cheap 1600 DDR3 sticks. I did
find a cheaper board https://www.ebay.com/itm/13244721 I'll buy the
board for now and continue looking for the rest. Your help would be
appreciated, are you anywhere on irc?

For the cooler I would get the 140W G34 cooler from noctua (needs 4U
> case as it is tall)
>
> PSU make sure you get a good brand with dual EPS12V (not adapters), I
> suggest one that has modular cables.
>
> If you want to have 192GB RAM there is a guide on the coreboot wiki you
> gotta follow to make it work in terms of placement, otherwise I would
> just get 8GB DIMM's and save money if you only want 128GB.
>
> That case will not work, it is ATX and the KGPE-D16 needs SSI-EEB (only
> available on a server case)
> Damn $230 for a crappy ATX case and it isn't even brand new, you could
> get a really nice 4U supermicro server case for that!
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2BkKtKA-hcZZ6_VEBLovRCJ-r_C7kb9PwLxdJVfU1Cp6Pax5vg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Mozilla

[Leo Gaspard]

On 12/27/2017 07:38 PM, taii...@gmx.com wrote:
> On 12/26/2017 06:34 PM, Leo Gaspard wrote:
> 
>> (disclaimer: I once was an intern for Mozilla, though I do not have any
>> bond with Mozilla right now)
>>
>> tl;dr: please do google for “looking glass” and “mozilla”
>>
>> Erhm. This is a *really* biased way of putting things. They did push an
>> (opt-out) study through the (opt-out, iirc) studies subsystem, that did
>> have the ability to alter page content.
>>
>> That said, the add-on was not programmed to not show up in the ‘add-on’
>> screen (that I know of), it was just a regular opt-out shield study.
> No one wanted that dumb addon and most users aren't going to opt-out -
> that is why "opt out" systems are a scam; what mozilla did was
> incredibly wrong and I can't believe you are sticking up for them
> without even receiving a full time wage from mozilla.
> 
> How many things does the average person need to keep track of when it
> comes to opting out? did you know that if you get in to an accident and
> need blood transfusions the local hospital may give you synthetic blood
> that increases the chance of dying? guess you had better opt-out of that...

Once again, I'm not saying anyone wanted that add-on. But not opting-out
of it caused no harm, nor was it meant to cause harm. I'd rather follow
Hanlon's razor and never attribute to malice that which is adequately
explained by stupidity, but that's only my opinion. That's basically all
I was saying.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd285322-4207-d5a3-005e-da4854a6ed6c%40gaspard.io.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[Wael M. Nasreddine]

On Fri, Dec 22, 2017 at 8:48 AM taii...@gmx.com  wrote:

>
> I would buy the RAM and CPU off of ebay, there is no reason to pay
> $80/ea for that ram or $172 for a 6380 ($100 on ebay) you could get a
> 6386SE for that price. (needs 140W cooler FYI) No reason to get the
> "protection plan" for anything either its a waste of money.
>
> Oh thanks for the tip, I'll definitely check ebay for the parts.

For the cooler I would get the 140W G34 cooler from noctua (needs 4U
> case as it is tall)
>
> PSU make sure you get a good brand with dual EPS12V (not adapters), I
> suggest one that has modular cables.
>
> If you want to have 192GB RAM there is a guide on the coreboot wiki you
> gotta follow to make it work in terms of placement, otherwise I would
> just get 8GB DIMM's and save money if you only want 128GB.
>
> That case will not work, it is ATX and the KGPE-D16 needs SSI-EEB (only
> available on a server case)
> Damn $230 for a crappy ATX case and it isn't even brand new, you could
> get a really nice 4U supermicro server case for that!
>

I have a 1U server and it's pretty loud, unusable as a Desktop machine, are
the 4U also loud? Any suggetions on a specific case?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2BkKtKCKa1-uCW870EU04%2BAYX3Sy8R_ZpVzOWOTfVaT0KS607Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505s with Coreboot and Qubes R4-rc3 fails to boot

[Blooorp]

Le mercredi 27 décembre 2017 19:05:40 UTC+1, tai...@gmx.com a écrit :
> What version of coreboot are you using, they are removing AGESA from the 
> latest versions due to some dumb choices by the leadership.
> 
> I would use v4.6, it is what I use.

I use 4.6 too, it's the current version.
(to be precise : 4.6-2477-g6ab3edac3c-dirty)

I ran the 3.1 live USB and installed 3.2, what I could get out of them (they 
all failed to start) :

Live 3.1 :
mce: Unable to init device /dev/mcelog (rc: -16)
radeon 000:04:00:0: Invalid ROM contents
radeon 000:04:00:0: Invalid ROM contents
[drm:radeon_get_bios] *ERROR* Unable to locate a BIOS ROM
radeon 000:04:00:0: Fatal error during GPU init
[TTM] Memory type 3 has not been initialized
SQUASHFS error: squashfs_read_data failed to read block 0x5cb75d68
SQUASHFS error: Unable to read data cache entry [0x5cb75d68]
SQUASHFS error: Unable to read page, block 0x5cb75d68, size af0
SQUASHFS error: Unable to read data cache entry [0x5cb75d68]
SQUASHFS error: Unable to read page, block 0x5cb75d68, size af0
EXT4-fs error (device dm-0): ext4_find_entry:1289: inode #41642: comm 
plymouthd: reading directory lblock 0
(Hangs at the Qubes graphical loading screen, with loading bar full.)

3.2 (Install looked fine) :
Hangs at "Booting from Hard Disk..." in SeaBIOS on every try

Some more information about 4.0 rc3 :
[ FAILED ] Failed to start Load Kernel Modules.
...
[ OK ] Reached target Basic System.
(Hangs for about 10secs, followed by 5s of black screen)
BUG: Unable to handle NULL pointer dereference at (null)
(followed by a lot of output likely concerning the error and quickly back to 
boot)
Sadly too much output and disappearing too fast for me to get anything out of 
it if all I can do is read and type to export it. Tried Ctrl+S/Ctrl+Q to 
"pause" it but nope, also checked that the laptop should not reboot in case of 
kernel panic but it still does...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1c4a833-ef61-4db2-83be-0637e4c07d91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Weak connection. Cannot reinstall borked template, download will not resume.

['Tom Zander' via qubes-users]

On Wednesday, 27 December 2017 03:02:57 CET dangmad...@gmail.com wrote:
> Opted to reinstall template, but I cannot download it without my
> connection dropping, and thus timing me out. dnf does not resume the
> download, despite it claiming to be saving the download to cache.
> 
> I have put keepcache=true in dnf.conf, with no results.
> 
> 
> cannot wget from dom0. Should I wget from some other VM?

You should definitely be able to install a template you downloaded and copied 
via whatever means into dom0.

Please be aware that download-resumes are a feature on the server as much as 
on the client. 
Your wget should be able to tell you if a resume is possible serverside by 
just testing it (ctrl-c it after 100KB, and use the --continue flag on second 
try.

I ve seen the qubes builder create a script that installs an rpm directly 
from local file, hence I know it is possible. Just don' t know how.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1947346.PResNbeEAm%40strawberry.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Mozilla

[taii...@gmx.com]

On 12/26/2017 06:34 PM, Leo Gaspard wrote:


(disclaimer: I once was an intern for Mozilla, though I do not have any
bond with Mozilla right now)

tl;dr: please do google for “looking glass” and “mozilla”

Erhm. This is a *really* biased way of putting things. They did push an
(opt-out) study through the (opt-out, iirc) studies subsystem, that did
have the ability to alter page content.

That said, the add-on was not programmed to not show up in the ‘add-on’
screen (that I know of), it was just a regular opt-out shield study.
No one wanted that dumb addon and most users aren't going to opt-out - 
that is why "opt out" systems are a scam; what mozilla did was 
incredibly wrong and I can't believe you are sticking up for them 
without even receiving a full time wage from mozilla.


How many things does the average person need to keep track of when it 
comes to opting out? did you know that if you get in to an accident and 
need blood transfusions the local hospital may give you synthetic blood 
that increases the chance of dying? guess you had better opt-out of that...


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48dcd1f6-d206-3124-0050-5ca6e6fa4c07%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)

['Tom Zander' via qubes-users]

On Wednesday, 27 December 2017 00:34:38 CET Leo Gaspard wrote:
> > I'm more concerned that they tried then how they failed.
> > It leaves a bad taste in my mouth.

> tl;dr: please do google for “looking glass” and “mozilla”

Its good we agree on all the technical details, and I agree intent is tricky 
to guess about.

I definitely will not advice people either way, my opinion is irrelevant and 
browsers are not my specialty.

The situation left a bad taste in my mouth, I had to conclude that their 
priorities are not aligned with mine. Your millage may vary.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11327008.TsmdWpZAG9%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505s with Coreboot and Qubes R4-rc3 fails to boot

[taii...@gmx.com]

What version of coreboot are you using, they are removing AGESA from the 
latest versions due to some dumb choices by the leadership.


I would use v4.6, it is what I use.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c3c0c52-c730-4227-2756-2d875a6827ea%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dell XPS 850 Desktop

[taii...@gmx.com]

On 12/27/2017 10:35 AM, juh wrote:


Hi all,

Yo sup.

the Dell XPS 850 Desktop does not show up in the HCL. It is several
years old and has an Intel® Core™ i7-3770 CPU @ 3.40GHz × 8

There is a LITEONIT LMT-32L3M (LWDA) with 32 GB SSD and a 2TB hard disk.

Has anyone installed Qubes on this model?
It should work, worst case scenario if dell didn't implement 
virtualization tech properly as coreboot supports sandy/ivy bridge with 
open source init (and ME cleaner to nerf but not disable ME) you use 
coreboot autoport tool to make a coreboot port for it.

I can install an additionally 120 GB SSD to install Qubes.

Now my question on how to proceed.

Where shall I install Qubes? On the 32 GB LITEONIT or on a new 120 GB SSD?

The 120GB SSD obviously 32GB is risky business.

I don't need more than 120 GB for daily work.

I would like to use the 2TB for mass data (Videos, Pictures, Music).

Can I just mount the hard disk from one VM or how does this work?
Yeah you can although for maximum performance you should use an SR-IOV 
HBA, assign the disk to a VF and the VF to the VM.
The xen (and KVM) emulated disk stuff is slow and the I/O is even slower 
I have never been able to figure out how to make it not suck.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2934ce35-00c9-fea5-65e9-1133a5aa81ea%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Dell XPS 850 Desktop

[juh]

Hi all,

the Dell XPS 850 Desktop does not show up in the HCL. It is several
years old and has an Intel® Core™ i7-3770 CPU @ 3.40GHz × 8

There is a LITEONIT LMT-32L3M (LWDA) with 32 GB SSD and a 2TB hard disk.

Has anyone installed Qubes on this model?

I can install an additionally 120 GB SSD to install Qubes.

Now my question on how to proceed.

Where shall I install Qubes? On the 32 GB LITEONIT or on a new 120 GB SSD?

I don't need more than 120 GB for daily work.

I would like to use the 2TB for mass data (Videos, Pictures, Music).

Can I just mount the hard disk from one VM or how does this work?


juh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ddab926-0038-699f-45ad-5cfb054c108c%40mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

[qma ster]

Tuesday 26 December 2017 г., 15:18:14 UTC+0 user Blooorp wrote:
> Le mardi 26 décembre 2017 00:05:28 UTC+1, tai...@gmx.com a écrit :
> > On 12/25/2017 12:16 PM, Blooorp wrote:
> > 
> > > Le lundi 25 décembre 2017 16:27:11 UTC+1, awokd a écrit :
> > >> On Mon, December 25, 2017 3:07 pm, Blooorp wrote:
> > >>> "Devices/Add a VGA BIOS image (don't specify location or IDs, let it
> > >>> auto-populate) "
> > >>>
> > >>> make: *** No rule to make target 'vgabios.bin', needed by
> > >>> 'build/coreboot.pre'. Stop.
> > >>>
> > >>>
> > >>> Looks like it didn't work, should I put the location and ID of the one I
> > >>> extracted from the stock bios?
> > >> I think I copied mine to the top level coreboot folder as "vgabios.bin"
> > >> and let it find it there.
> > >>
> > >> Email me directly if it's still not working and I can help, we're off
> > >> topic from qubes-users now...
> > > Everything works now, my mistake was using the wrong vgabios.bin, the 
> > > stock bios contains the ones for each version of the laptop but I didn't 
> > > know that so I took the first that I found, with device ID 6663.
> > > The one I then searched for and that worked, thanks to awokd, was with 
> > > device ID 990b, appropriate for the G505s with integrated graphics and 
> > > not discrete card.
> > >
> > Don't forget about that microcode update - it is mandatory both for for 
> > security and IOMMU.
> > 
> > Use the patch that awoke made, a true service to the community - the 
> > lenovo g505s is now properly working and is the best laptop for qubes as 
> > it supports an open source init version of coreboot without ME/PSP 
> > unlike purisms laptops with the not really disabled ME and entirely 
> > blobbed silicon init via intel FSP.
> 
> Didn't forget about it, he did some awesome work :)
> 
> I took my time to choose the right laptop to get into Qubes, really feels 
> that I made the right choice !
> But now, I need to make Qubes work on it, I'm collecting the issues haha

The perfect VGA BIOSes for Lenovo G505S could be obtained here - 
https://mail.coreboot.org/pipermail/coreboot/2017-July/084680.html

Go to "g505s-atombios" repository and download one or two vgabios files 
(depending on if your G505S had just integrated GPU, or integrated+discrete), 
then compare their checksums - and, if the checksums are correct - feel free to 
add them to your completed coreboot BIOS build. At the ReadMe of this 
repository, you could see how to add (or remove) a vgabios file to coreboot 
BIOS after its building - one or two simple commands.

Actually, for G505S with "integrated+discrete GPU" even a single vgabios for 
integrated GPU - would be enough to show the image on display. I just hope 
that, if you add both vgabios you could somehow make your discrete GPU working 
(it still doesnt work for me)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3822342b-1205-4be1-8623-bb9cba8c71db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS and latest hardware (8700K)

[vuojolahti via qubes-users]

On Thursday, December 14, 2017 at 3:19:02 PM UTC+2, Chris wrote:
> Hi,
> 
> 
> 
> will Qubes OS 3.2 work with the 8700K desktop CPU that was just released? 
> I've heard conflicting reports. If not, will 4.0 support it? I read that you 
> need Kernel 4.12 (I believe) but even Qubes 4.0 seems to be stuck with 4.8...
> 
> 
> 
> Is this just a matter of "perfect" support or are they talking about not even 
> running on 8700K with a lower kernel version?
> 
> 
> 
> The same question popped up for the new DELL XPS, which runs then 8th gen 
> mobile CPUs. I guess the support question is similar here?!
> 
> 
> 
> Thanks!

I tried to install 4.0 RC3 on my desktop with 8700K. After the installation the 
boot failed before even asking LUKS password.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a4efa1f-7b1d-43ee-9bd4-ab51312b391e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.