Re: [qubes-users] when in the world did rd.qubes.hide_all_usb boot optiong get added to Qubes 4.0 as a boot option?

2018-11-13 Thread resonzu 
Not sure why I can't mark your response as the right answer to this topic to 
mark it as completed but I guess that's because I haven't really bound this 
email to this google group and I made the mistake of posting with this email 
instead of my actual account.

In any case, thank you for your response. I figured it out myself that it was 
added immediately after configuring sys-usb vm on the initial selection 
presented to the user on first-time boot of Qubes OS.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c72a961c-68a2-42b2-a23c-7fe42708429d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: About X.Org vulnerability and Qubes

2018-11-13 Thread Sphere 
I apologize for the late reply everyone. Thank you for your all your thoughts 
about this matter. I had read the responses days ago but I ended up forgetting 
to respond and marking this as complete.

Your responses have added to my knowledge and ease with the Qubes OS. I am 
grateful for all this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6120ac41-db62-4fb0-a61c-fb7145a35857%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] downloading to vault when there is not netvm is n/a?

2018-11-13 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/13/18 5:20 AM, unman wrote:
> On Tue, Nov 13, 2018 at 06:45:03AM +0100, 799 wrote:
>> Hello Stumpy,
>>
>> Am Di., 13. Nov. 2018, 03:55 hat Stumpy  geschrieben:
>>
>>> I was copying some things from my vaultvm to some othr appvms and got
>>> this message:
>>>
>>> [user@vault Documents]$ qvm-copy file.txt
>>> rm: cannot remove '/etc/hosts': No such file or directory
>>> sudo: unable to resolve host personal: No such file or directory
>>> [...]
>>> I have no idea what it is talking about, how it downloaded anything when
>>> the vault vm shows up in my qubes manager as having no network access
>>> (which it shouldnt), or why qvm-copy file.txt would evoke some response
>>> about the /etc/host file and/or start downloadings things.
>>>
>>
>> Can you please add the info which Qubes Version you are running and which
>> template the vault-vm is using.
>> Is the image a default Qubes image or has it been changed?
>> I suggest to set a default template and make sure that no netvm is set,
>> then run the steps again and look if you get the same results.
>>
>> Or maybe create a new AppVM based on the same template like your vault-vm
>> and run the same steps to check if this a reproducible effect.
>>
>> I'll try to run the same steps on my Qubes 4 and my fedora-28-minimal based
>> Vault VM
>>
>> - O
> 
> paranoia mode kicks in. Obviously this should not be happening.
> I dont suggest running this again, although the information that's been
> asked for is crucial.
> I would immediately isolate your machine from the network and be
> prepared for some unpleasantness.I'm assuming that you have recent
> backups - if not take them but bear in mind that your machine may
> already be compromised.
> I dont know what you have done in the meantime but I would *not* restart
> vault.
> 
> Confirm that your vault has no netvm. (I mean *check* this.)
> What is the content of the files you were copying?
> Check the contents of the qvm-copy you were running. I mean run 
> find -name qvm-copy as root from /
> Then examine in a text editor the contents of those files, and the
> qubesadmin file they refer to.
> 

Could it be this?

https://github.com/QubesOS/qubes-issues/issues/4501

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvrgacACgkQ203TvDlQ
MDAnvRAAg2kxeqEn1NbVHk/wwloPdJ/+RAEsYEo4ROklDztPG7C467o5algsFAYp
0vuvgrZiI4UsY/JlVs2H+pfFLz5X8JvcAcmujad6OEaTZUs2MfezKl5AbtC9WMEv
JOX0OL7ofvI/AMHORPQXfz5Ex9gRGVukMzT+gWw17X02LE2M4HVNVQuHVcYCoKTz
cnQ+nVsslPtEVl5AuVLqVIxCgyETtKrBn8LJsimcHOPsOa45dBE6fUxv0iI2KLVD
paoWrkR1PxcutvobiEV+AVf1kvmYcxACebkdGLS1wIaCXHNPi0a1ewHwTF4Tfopv
W1/mHALfZ/OtcwqNnGYksYA/N/bIIsJUownT9h8LwA588HONoTyVPs9BzxkndEn5
MsZgPyaVG8e7QusfuCPws4YPHEAvQgv9CtScA5t/bFsS6d0zIlvTRy8bXMJIqezX
LG8FtuRmZ2Vo4Qfv06AxFQuILFsYLuSidItoMrQvLqiLWKlsv+ag8wh4WqD9Um8Z
HkMZMGz37afUjspdY2LdexjwmZoQ0E0H+gXXxoy5/lrTyfjEaEZIUw2UyeG4WRYa
ycaP/+S28x2P5ceN4UmZkLKB8AXpLSFUtUs7vHyuchp2fb2RRhb4mk+50qcfj/uW
3YpgdrB3l/Y44PjYpzntuqR1AEMLHz2CinA81Wrzm/iyOqpx9C0=
=yYRp
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a711d87-2107-996d-74cb-b41017682d40%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] downloading to vault when there is not netvm is n/a?

2018-11-13 Thread Stumpy 

On 11/13/18 4:57 PM, Stumpy wrote:

On 11/13/18 12:45 AM, 799 wrote:

Hello Stumpy,

Am Di., 13. Nov. 2018, 03:55 hat Stumpy > geschrieben:


    I was copying some things from my vaultvm to some othr appvms and got
    this message:

    [user@vault Documents]$ qvm-copy file.txt
    rm: cannot remove '/etc/hosts': No such file or directory
    sudo: unable to resolve host personal: No such file or directory
    [...]
    I have no idea what it is talking about, how it downloaded anything
    when
    the vault vm shows up in my qubes manager as having no network access
    (which it shouldnt), or why qvm-copy file.txt would evoke some 
response

    about the /etc/host file and/or start downloadings things.


Can you please add the info which Qubes Version you are running and 
which template the vault-vm is using.

Is the image a default Qubes image or has it been changed?
I suggest to set a default template and make sure that no netvm is 
set, then run the steps again and look if you get the same results.


Or maybe create a new AppVM based on the same template like your 
vault-vm and run the same steps to check if this a reproducible effect.


I'll try to run the same steps on my Qubes 4 and my fedora-28-minimal 
based Vault VM


- O

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To post to this group, send email to qubes-users@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2s39fxmkbEHnOv_NcESPv%2BXHmo9n-ebc1kLqAQgnpgNaA%40mail.gmail.com 
. 


For more options, visit https://groups.google.com/d/optout.


Ah sorry.
qubes v4 (stable, not rc)
vualt is using the regular fedora 28 template
When you say image, do you mean the appvm? The appvm was the one that 
was automatically created during instalation


I will try it again using a new template and then again using a new 
appvm and see if the results are reproduced.




Ok. I have tried a bunch of things.

tried qvm-copy of the same file to a variety of appvms using the same 
appvm but a different (clean) template... and got this error a few 
times... but not every time?


qfile-agent: Fatal error: stat bashrc (error type: No such file or 
directory)


Then I tried from other appvms to various appvms and nada, copied 
without a hitch.


I also tried to ping a variety of IPs and domain names from within this 
vault appvm, which the qubes manager says has no netvm, well nada (in a 
good way i think), said things like:


ping: google.com: Name or service not known
[user@vault ~]$ ping 192.168.1.12
connect: Network is unreachable

s... I dont know. It seems I can no longe reproduce this error 
but its still a bit worrying.


I am definitely going to make a new "networkless" appvm and copy all 
non-binary stuff from my current "quirky" appvm into it, but apart from 
that, and apart from starting over from scratch, are there any other 
things I could do to make myself feel better?:)



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b11b8a57-c53e-2f1f-c1cb-d7a6544c2f97%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] downloading to vault when there is not netvm is n/a?

2018-11-13 Thread Stumpy 

On 11/13/18 12:45 AM, 799 wrote:

Hello Stumpy,

Am Di., 13. Nov. 2018, 03:55 hat Stumpy > geschrieben:


I was copying some things from my vaultvm to some othr appvms and got
this message:

[user@vault Documents]$ qvm-copy file.txt
rm: cannot remove '/etc/hosts': No such file or directory
sudo: unable to resolve host personal: No such file or directory
[...]
I have no idea what it is talking about, how it downloaded anything
when
the vault vm shows up in my qubes manager as having no network access
(which it shouldnt), or why qvm-copy file.txt would evoke some response
about the /etc/host file and/or start downloadings things.


Can you please add the info which Qubes Version you are running and 
which template the vault-vm is using.

Is the image a default Qubes image or has it been changed?
I suggest to set a default template and make sure that no netvm is set, 
then run the steps again and look if you get the same results.


Or maybe create a new AppVM based on the same template like your 
vault-vm and run the same steps to check if this a reproducible effect.


I'll try to run the same steps on my Qubes 4 and my fedora-28-minimal 
based Vault VM


- O

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To post to this group, send email to qubes-users@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2s39fxmkbEHnOv_NcESPv%2BXHmo9n-ebc1kLqAQgnpgNaA%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


Ah sorry.
qubes v4 (stable, not rc)
vualt is using the regular fedora 28 template
When you say image, do you mean the appvm? The appvm was the one that 
was automatically created during instalation


I will try it again using a new template and then again using a new 
appvm and see if the results are reproduced.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe7088c1-5aa8-54a0-ce1a-db20b1ea852a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 2nd external monitor using usb c-type

2018-11-13 Thread Achim Patzner 
On 20181113 at 12:05 -0800 Patrick wrote:
> Has anyone done that - i.e. use a 2nd external monitor using a usb c-type 
> connector?

What difference between using a USB-C and a DP connector did you
expect? It is just another port on your GPU... So yes, it is working if
there is a running GPU connected to it. It got a bit interesting on a
Lenovo P70 because I had to have two GPUs running but that's not a
problem with X11 either.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/086d24283330a37d17c1b77cbda4134e4b13bfa8.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 2nd external monitor using usb c-type

2018-11-13 Thread Patrick 
Hello,

Has anyone done that - i.e. use a 2nd external monitor using a usb c-type 
connector?

In other words, can it be available to dom0 and all domains at the same time?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c09ea3b3-62c0-4adb-a54a-f94988b69fd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Ivan Mitev 




On 11/13/18 9:15 PM, Otto Kratik wrote:

On Monday, November 12, 2018 at 11:44:08 PM UTC-5, Ivan Mitev wrote:

Oh, I see. I've updated the issue to add a mention about the gateway.
Actually the issue was originally meant to document the problems with
QWT on R4 but it slowly evolved into a step-by-step guide.
The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have
a fancy vpn/firewall setup, it's likely 10.137.0.6.


Thanks - I added the sys-firewall gateway value and that seemed to do the trick 
in restoring connectivity (which is of course, entirely obvious in hindsight). 
A couple of oddities I noticed though:

With everything manually configured and working, I can successfully ping the 
VM's own ip address and the gateway from within the VM, however I can *NOT* 
ping the DNS servers at all.

Attempting to ping 10.139.1.1 or 10.139.1.2 results in:

Response from 10.128.100.62: Destination net unreachable


The DNS server ips are destination nat'ed so you can't ping them. I 
forgot about that when I advised to ping them - sorry.



I have no idea what that IP address above is. Obviously DNS resolution is 
working since I can lookup websites correctly as expected, but the ping attempt 
either fails with that reply or times out completely, every single time.

Also, if I delete the DNS entries from adapter IPv4 config completely and then do 
"ipconfig /all" from command line, they seem to get magically filled in by 
themselves, with one slight change:

10.138.1.1  <-- (note the 138 instead of 139)
10.139.1.2

..And everything continues to work fine in terms of connectivity. The Qubes 
Network Setup service is definitely disabled and stopped, so I am not quite 
sure how that auto-fill is occurring.


No idea.

With the qubes network service disabled the only way I'd think of would 
be to get the ips from the dhcp server running in the xen stub domain 
but this shouldn't work with the PV driver (which is the reason 
automatic settings work without QWT - see my other email in reply to 
Achim Patzner) - and if it did the vm's ip/mask/gw should have been set 
too automatically.


Also AFAIK there's no 10.138.1.1 ip used in R4, so it must be coming 
from QWT.




I can also use other externally operated DNS like:

8.8.8.8
4.4.4.4
1.1.1.1


And it gets saved correctly in ipconfig and also produces full connectivity. I 
am going to try garbage values and see what happens, but it almost seems like 
the HVM is somehow routing its DNS queries automatically regardless of entered 
values, but maybe not.


The DNS queries should be sent to the servers you specified. The NAT 
rules in sys-firewall and sys-net are only valid for 10.139.1.{1,2} (at 
least on my setup).




I've also added a note about QWT 4 breaking *new* HVMs (I thought the
breakage was only when updating from QWT3 to QWT4). It seems it's a
hit-or-miss process, IIRC some users managed to have QWT4 running.


Hit or miss, yes... possibly partially related to the state of updates in 
Windows 7 at the time QWT4 is installed. Those reporting success (in this 
thread and issue 3585) seem to have installed updates into Win7 first before 
installing the guest tools. In my case I tried installing QWT4 into a fresh 
Win7 SP1 with no updates applied yet, and it broke completely. So that might be 
the crux, though it's just a hypothesis.


Indeed. Actually the issue mentions that relatively recent updates 
*must* be  installed in order to be able to use the PV storage driver, 
so it might a requirement for other stuff. Windows being windows, it's 
really a hit-or-miss process.



At some point if I have the 2-3 days needed to fully update Windows 7, I may try removing QWT3 and 
installing QWT4 to see what happens. Of course I will try this in a clone, since I have no idea how 
easy or difficult it actually is to uninstall QWT3223 cleanly, and it's far more likely I'll break 
something in the attempt. Is it just a question of selecting "Remove" from the internal 
Win7 "Add/Remove Programs", and then installing QWT4 anew? Or is there a more elaborate 
procedure required?


The time needed to update Windows can be reduced to a few hours (!) by 
using larger update packs, like described in the following guide:


https://plugable.com/2016/06/08/windows-7-wont-update-what-to-do/

advice: clone the VM before each important step and always keep at least 
the past 2 clones; I remember discarding a clone after the VM 
successfuly booted, only to find out that it wouldn't boot next time.


FWIW I never managed to update from QWT3 to QWT4, whatever I tried - 
updating "over" QWT3,  removing QWT3 first (through add/remove 
programes), ...


advice 2: fully update the VM first and then mess with QWT. Again, clone 
first before testing anything.


Good luck - you'll need some :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Otto Kratik 
On Monday, November 12, 2018 at 11:44:08 PM UTC-5, Ivan Mitev wrote:
> Oh, I see. I've updated the issue to add a mention about the gateway. 
> Actually the issue was originally meant to document the problems with 
> QWT on R4 but it slowly evolved into a step-by-step guide.
> The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have 
> a fancy vpn/firewall setup, it's likely 10.137.0.6.

Thanks - I added the sys-firewall gateway value and that seemed to do the trick 
in restoring connectivity (which is of course, entirely obvious in hindsight). 
A couple of oddities I noticed though:

With everything manually configured and working, I can successfully ping the 
VM's own ip address and the gateway from within the VM, however I can *NOT* 
ping the DNS servers at all.

Attempting to ping 10.139.1.1 or 10.139.1.2 results in:

Response from 10.128.100.62: Destination net unreachable

I have no idea what that IP address above is. Obviously DNS resolution is 
working since I can lookup websites correctly as expected, but the ping attempt 
either fails with that reply or times out completely, every single time.

Also, if I delete the DNS entries from adapter IPv4 config completely and then 
do "ipconfig /all" from command line, they seem to get magically filled in by 
themselves, with one slight change:

10.138.1.1  <-- (note the 138 instead of 139)
10.139.1.2

..And everything continues to work fine in terms of connectivity. The Qubes 
Network Setup service is definitely disabled and stopped, so I am not quite 
sure how that auto-fill is occurring.

I can also use other externally operated DNS like:

8.8.8.8
4.4.4.4
1.1.1.1


And it gets saved correctly in ipconfig and also produces full connectivity. I 
am going to try garbage values and see what happens, but it almost seems like 
the HVM is somehow routing its DNS queries automatically regardless of entered 
values, but maybe not.


> I've also added a note about QWT 4 breaking *new* HVMs (I thought the 
> breakage was only when updating from QWT3 to QWT4). It seems it's a 
> hit-or-miss process, IIRC some users managed to have QWT4 running.

Hit or miss, yes... possibly partially related to the state of updates in 
Windows 7 at the time QWT4 is installed. Those reporting success (in this 
thread and issue 3585) seem to have installed updates into Win7 first before 
installing the guest tools. In my case I tried installing QWT4 into a fresh 
Win7 SP1 with no updates applied yet, and it broke completely. So that might be 
the crux, though it's just a hypothesis. 

At some point if I have the 2-3 days needed to fully update Windows 7, I may 
try removing QWT3 and installing QWT4 to see what happens. Of course I will try 
this in a clone, since I have no idea how easy or difficult it actually is to 
uninstall QWT3223 cleanly, and it's far more likely I'll break something in the 
attempt. Is it just a question of selecting "Remove" from the internal Win7 
"Add/Remove Programs", and then installing QWT4 anew? Or is there a more 
elaborate procedure required?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d67dd7f-89fe-472d-9f3f-9735cf51fb20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using an OnlyKey

2018-11-13 Thread John Maher 
On Friday, November 9, 2018 at 10:01:29 AM UTC-5, pkra...@gmail.com wrote:
> > So the way mine works is actually consistent with using it on non-Qubes 
> > systems. I insert the onlykey, and it blinks a little, and then no lights 
> > display. I can then enter my PIN and the green light will go on. At that 
> > point the onlykey will output info from any of the buttons, but TOTP won't 
> > work. Then I open the onlykey app and then TOTP will work as well.
> 
> >I used info from this page 
> >https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard to get the 
> >OnlyKey to operate as a USB keyboard.
> 
> What kernel version do you have? Did LED start working after you modified 
> /etc/qubes-rpc/policy/qubes.InputKeyboard or it was working even before?
> 
> Mine OnlyKey still works with other OSes but doesn't work in Qubes for some 
> reason.

I'm sorry but I don't remember exactly when the OnlyKey started working 
(immediately or after those modifications you mentioned).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3043e5b-e06d-4fd8-832a-83f896697a50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread Thierry Laurion 
Hi all,
Sorry to have misadvertised Purism work. Didn't went across that post:
https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/
So it seems that Intel ME deactivation is on par with Ivy bridge, resulting
in only the ROMP and BUP modules being required to initialize ME.

For firmware binary blob requirements, FSP is still required, see here:
https://github.com/osresearch/heads/tree/master/blobs/librem_skl and here
https://github.com/osresearch/heads/blob/master/config/coreboot-librem13v2.config

Thierry


On Tue, Nov 13, 2018 at 10:44 AM Thierry Laurion 
wrote:

>  Hi qubes-fan. Answers inline.
> On Tue, Nov 13, 2018 at 6:27 AM  wrote:
>
>> Hi Thiery, I wasn't aware the X230 can be freed same way as the X200 can.
>
> Unfortunately, the x230 cannot have Intel ME deleted the same way the x200
> can, even though binary free firmware is par with it.
>
> The x200 is RYF certified where the x230 isn't for approximately the same
> reasons Libreboot supports only the former. RYF and Libreboot have a really
> strong guideline against binary blobs. Even Libreboot opened up it's ethic
> to support the x220 (Sandy bridge), but backed off, since part of the ME
> engine is still present even if deactivated. The RYF certification could
> not be obtainable for those. See archive:
> https://web.archive.org/web/20170404144825/https://minifree.org/product/libreboot-x220/
>
> Intel ME can be completely removed on the x200 (GM45 based), leaving no
> trace of it at all. (https://libreboot.org/faq.html#intel). It can be
> neutralized on the x220 and x230 (Ivy bridge), leaving only the ROMP and
> BUP modules (<90k of it), but "deactivating" ME before it's kernel is even
> booted, where the Librem Laptops have parts of it deactivated only, and
> unfortunately contains binary blobs in the firmware. Once again, depending
> of your threat model, that may or not be a deal breaker for you.
>
> Neutralizing/Deactivating/Deleting/Freeing Intel ME is a word game where a
> lot of ink spilled over the last years. I suggest you to read this doc: (
> https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) .
> Basically, Intel ME version <11 can be deactivated, since no kernel needs
> to be present in the firmware for validation prior to initialization,
> resulting in the BUP module only being launched, permitting the machine to
> boot, where version >11 requires the kernel and syslib modules to be
> present and validated at initialization. So even if Intel ME is neutralized
> by me_cleaner, the modules are still there in >11. Could they be executed?
> That depends on your beliefs and threat modeling.
>
> Technically, GM45 based laptops are currently the last Intel based
> hardware where Intel ME can be completely removed. Unfortunately, such old
> hardware comes with important limitations, some of which makes it
> incompatible with QubesOS 4 requirements for isolation and virtualization.
> The x200 has vt-d1 only, no vt-d2 (No IOMMU!): there is no interrupt
> remapping, meaning that there is no hardware isolation enforced in QubesOS.
> (
> https://github.com/QubesOS/qubes-issues/issues/1594#issuecomment-209213917
> ).
>
> At best, the x200 is an awesome laptop for using Tails, but not with
> QubesOS. Using it with QubesOS gives the user an illusion of hardware
> isolation, putting him at risk.
>
> As you saw, I am thinking about buying the RYF
>> https://tehnoetic.com/tet-t400s  to be
>> able to run with the Qubes 4. The  T400s has but unfortunately 8GB RAM max
>> and so the X230 with 16GB seems very interesting.
>>
> The T400s is an hardware equivalent of the x200.
>
>>
>> So my question is if the X230 is really deprived of all ME-AMT, or any
>> non-free dirt?
>
> See here for the output of me_cleaner:
> https://github.com/osresearch/heads-wiki/blob/master/Clean-the-ME-firmware.md
> with this understanding
> https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
>
> If this is the case, your offer seems really interesting with all
>> mentioned options available. I also use the RYF X200 for non-Qubes
>> activities, but it would be just excellent if I could have just one machine
>> for Qubes+non-Qubes too.
>>
> A lower end, AMD laptop, the G505s seems a good candidate for libre
> oriented QubesOS users. It's porting to Heads is on the way, even though I
> do not have that hardware myself.
> https://github.com/osresearch/heads/issues/453
>
> As some pointed out earlier, the EC is still a binary blob present in
> laptops (not currently freed), microcode updates are unfortunately still
> required for security.
>
> Laptop world needs to be shaken. Binary free laptops exists, but do not
> support QubesOS.
> Talos II is the best libre free desktop/server available but isn't
> supported by QubesOS, where the KGPE-D16/KCMA-D8 are still the best x86
> desktop/servers available. The x230 laptop is the most supported and libre
> available, where BUP Intel ME initialization is

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread Thierry Laurion 
 Hi qubes-fan. Answers inline.
On Tue, Nov 13, 2018 at 6:27 AM  wrote:

> Hi Thiery, I wasn't aware the X230 can be freed same way as the X200 can.

Unfortunately, the x230 cannot have Intel ME deleted the same way the x200
can, even though binary free firmware is par with it.

The x200 is RYF certified where the x230 isn't for approximately the same
reasons Libreboot supports only the former. RYF and Libreboot have a really
strong guideline against binary blobs. Even Libreboot opened up it's ethic
to support the x220 (Sandy bridge), but backed off, since part of the ME
engine is still present even if deactivated. The RYF certification could
not be obtainable for those. See archive:
https://web.archive.org/web/20170404144825/https://minifree.org/product/libreboot-x220/

Intel ME can be completely removed on the x200 (GM45 based), leaving no
trace of it at all. (https://libreboot.org/faq.html#intel). It can be
neutralized on the x220 and x230 (Ivy bridge), leaving only the ROMP and
BUP modules (<90k of it), but "deactivating" ME before it's kernel is even
booted, where the Librem Laptops have parts of it deactivated only, and
unfortunately contains binary blobs in the firmware. Once again, depending
of your threat model, that may or not be a deal breaker for you.

Neutralizing/Deactivating/Deleting/Freeing Intel ME is a word game where a
lot of ink spilled over the last years. I suggest you to read this doc: (
https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) . Basically,
Intel ME version <11 can be deactivated, since no kernel needs to be
present in the firmware for validation prior to initialization, resulting
in the BUP module only being launched, permitting the machine to boot,
where version >11 requires the kernel and syslib modules to be present and
validated at initialization. So even if Intel ME is neutralized by
me_cleaner, the modules are still there in >11. Could they be executed?
That depends on your beliefs and threat modeling.

Technically, GM45 based laptops are currently the last Intel based hardware
where Intel ME can be completely removed. Unfortunately, such old hardware
comes with important limitations, some of which makes it incompatible with
QubesOS 4 requirements for isolation and virtualization. The x200 has vt-d1
only, no vt-d2 (No IOMMU!): there is no interrupt remapping, meaning that
there is no hardware isolation enforced in QubesOS. (
https://github.com/QubesOS/qubes-issues/issues/1594#issuecomment-209213917).

At best, the x200 is an awesome laptop for using Tails, but not with
QubesOS. Using it with QubesOS gives the user an illusion of hardware
isolation, putting him at risk.

As you saw, I am thinking about buying the RYF
> https://tehnoetic.com/tet-t400s  to be
> able to run with the Qubes 4. The  T400s has but unfortunately 8GB RAM max
> and so the X230 with 16GB seems very interesting.
>
The T400s is an hardware equivalent of the x200.

>
> So my question is if the X230 is really deprived of all ME-AMT, or any
> non-free dirt?

See here for the output of me_cleaner:
https://github.com/osresearch/heads-wiki/blob/master/Clean-the-ME-firmware.md
with this understanding
https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F

If this is the case, your offer seems really interesting with all mentioned
> options available. I also use the RYF X200 for non-Qubes activities, but it
> would be just excellent if I could have just one machine for
> Qubes+non-Qubes too.
>
A lower end, AMD laptop, the G505s seems a good candidate for libre
oriented QubesOS users. It's porting to Heads is on the way, even though I
do not have that hardware myself.
https://github.com/osresearch/heads/issues/453

As some pointed out earlier, the EC is still a binary blob present in
laptops (not currently freed), microcode updates are unfortunately still
required for security.

Laptop world needs to be shaken. Binary free laptops exists, but do not
support QubesOS.
Talos II is the best libre free desktop/server available but isn't
supported by QubesOS, where the KGPE-D16/KCMA-D8 are still the best x86
desktop/servers available. The x230 laptop is the most supported and libre
available, where BUP Intel ME initialization is tolerable.

Heads project should be considered as a trusted base of any security
conscious user.
http://osresearch.net/

Linuxboot, Systemboot and other projects based on u-boot/u-root should also
be considered for collocating private cloud services on more recent x86
servers:
https://github.com/systemboot/systemboot
https://www.linuxboot.org/

Hope that it answers your questions.

>
> Nov 12, 2018, 7:30 AM by thierry.laur...@gmail.com:
>
> > Hi!
> >
> >> I checked out the x230 and you are right they are available and cheap.
> I would still be interested in finding some company/individual who I can
> trust to take care of the BIOS flashing for me as a service(I would think
> others would also want this service as well...). The problem is

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 03:11:33PM +0100, 'Ahmed Al Aqtash' via qubes-users 
wrote:
> Den tir. 13. nov. 2018 kl. 15.06 skrev unman :
> 
> > On Tue, Nov 13, 2018 at 02:58:37PM +0100, 'Ahmed Al Aqtash' via
> > qubes-users wrote:
> > > Den tir. 13. nov. 2018 kl. 14.50 skrev unman  > >:
> > >
> > > > On Tue, Nov 13, 2018 at 02:22:49PM +0100, 'Ahmed Al Aqtash' via
> > > > qubes-users wrote:
> > > > > Den tir. 13. nov. 2018 kl. 14.12 skrev unman <
> > un...@thirdeyesecurity.org
> > > > >:
> > > > >
> > > > > > On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> > > > > > qubes-users wrote:
> > > > > > > Den tir. 13. nov. 2018 kl. 13.38 skrev unman <
> > > > un...@thirdeyesecurity.org
> > > > > > > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> > > > > > >
> > > > > > > Nothing happens when I run qvm-start --verbose sys-net. It just
> > > > starts as
> > > > > > > if nothing is wrong. No feedback in the terminal.
> > > > > > > If I run it again, while sys-net is running, is simply outputs
> > that
> > > > > > sys-net
> > > > > > > is already running.
> > > > > > >
> > > > > >
> > > > > > That's good.
> > > > > > Can you confirm you're using sys-firewall as updateVM?
> > > > > > qubes-prefs in dom0 - look at value for updatevm
> > > > > >
> > > > > >
> > > > > sys-firewall is set as updateVM yes
> > > > >
> > > > >
> > > > > > If so, when you start sys-firewall, and try again, do you get the
> > same
> > > > > > response?
> > > > > >
> > > > > >
> > > > > Yes, the exact same response.
> > > > > It starts up as normal, then gives the message stating that it is
> > already
> > > > > running.
> > > > >
> > > > > What is the output when you attempt the install?
> > > > >
> > > > >
> > > > > Well, I know that I am not connected to anything right now, since
> > there
> > > > is
> > > > > no wifi near me that I have connected to before.
> > > > > I tried beaming from my phone, and it didn't say that anything was
> > > > > connected.
> > > > > The output when I run:
> > > > > sudo qubes-dom0-update qubes-gui-dom0
> > > > >
> > > > > Is:
> > > > > Using sys-firewall as UpdateVM to download updates for Dom0; this may
> > > > take
> > > > > some time...
> > > > > Failed to synchronize cache for repo 'updates', disabling.
> > > > > Failed to synchronize cache for repo 'fedora', disabling.
> > > > > Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
> > > > > Failed to synchronize cache for repo 'qubes-templates-itl',
> > disabling.
> > > > > No match for argument: qubes-gui-dom0
> > > > > Error: Unable to find a match
> > > > >
> > > > > It takes a while for it to bail out.
> > > >
> > > > Well obviously we need to pick this up again when you're able to
> > > > connect. Let me know when that is.
> > > > You can get a terminal in sys-net by running in dom0:
> > > > sudo xl console sys-net
> > > > Log in as root
> > > > You can then check network status using ip tools.
> > > >
> > >
> > > I wanted to check if I could get the console up at least, but that
> > doesn't
> > > seem to work.
> > > When running
> > > sudo xl console sys-net
> > >
> > > I get
> > > xenconsole: Could not read tty from store: No such file or directory
> > >
> > > Hmm..
> >
> > Try that with xl console -t pv sys-net
> >
> > (Use Ctrl+] to step out from console session onmce you're connected)
> >
> 
> Yes, I googled around, and that seems to work. I do have a console in
> sys-net now.
> I switched my  template for sys-net and sys-firewall out to fedora-28
> (sorry for not mentioning).
> It is vanilla fedora-28 template though. No modifications or anything.
> 
> I'll try and see if I can get a connection to my network when I get home.
> >From there it should be smooth sailing.
> 
> Need to brush up my ip toolchain usage :)
> 
> Thank you so far for everything!

Keep us posted on progress.
I'll check back in the morning.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113150454.wyxg6lepass5swxs%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread 'Ahmed Al Aqtash' via qubes-users 
Den tir. 13. nov. 2018 kl. 15.06 skrev unman :

> On Tue, Nov 13, 2018 at 02:58:37PM +0100, 'Ahmed Al Aqtash' via
> qubes-users wrote:
> > Den tir. 13. nov. 2018 kl. 14.50 skrev unman  >:
> >
> > > On Tue, Nov 13, 2018 at 02:22:49PM +0100, 'Ahmed Al Aqtash' via
> > > qubes-users wrote:
> > > > Den tir. 13. nov. 2018 kl. 14.12 skrev unman <
> un...@thirdeyesecurity.org
> > > >:
> > > >
> > > > > On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> > > > > qubes-users wrote:
> > > > > > Den tir. 13. nov. 2018 kl. 13.38 skrev unman <
> > > un...@thirdeyesecurity.org
> > > > > > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> > > > > >
> > > > > > Nothing happens when I run qvm-start --verbose sys-net. It just
> > > starts as
> > > > > > if nothing is wrong. No feedback in the terminal.
> > > > > > If I run it again, while sys-net is running, is simply outputs
> that
> > > > > sys-net
> > > > > > is already running.
> > > > > >
> > > > >
> > > > > That's good.
> > > > > Can you confirm you're using sys-firewall as updateVM?
> > > > > qubes-prefs in dom0 - look at value for updatevm
> > > > >
> > > > >
> > > > sys-firewall is set as updateVM yes
> > > >
> > > >
> > > > > If so, when you start sys-firewall, and try again, do you get the
> same
> > > > > response?
> > > > >
> > > > >
> > > > Yes, the exact same response.
> > > > It starts up as normal, then gives the message stating that it is
> already
> > > > running.
> > > >
> > > > What is the output when you attempt the install?
> > > >
> > > >
> > > > Well, I know that I am not connected to anything right now, since
> there
> > > is
> > > > no wifi near me that I have connected to before.
> > > > I tried beaming from my phone, and it didn't say that anything was
> > > > connected.
> > > > The output when I run:
> > > > sudo qubes-dom0-update qubes-gui-dom0
> > > >
> > > > Is:
> > > > Using sys-firewall as UpdateVM to download updates for Dom0; this may
> > > take
> > > > some time...
> > > > Failed to synchronize cache for repo 'updates', disabling.
> > > > Failed to synchronize cache for repo 'fedora', disabling.
> > > > Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
> > > > Failed to synchronize cache for repo 'qubes-templates-itl',
> disabling.
> > > > No match for argument: qubes-gui-dom0
> > > > Error: Unable to find a match
> > > >
> > > > It takes a while for it to bail out.
> > >
> > > Well obviously we need to pick this up again when you're able to
> > > connect. Let me know when that is.
> > > You can get a terminal in sys-net by running in dom0:
> > > sudo xl console sys-net
> > > Log in as root
> > > You can then check network status using ip tools.
> > >
> >
> > I wanted to check if I could get the console up at least, but that
> doesn't
> > seem to work.
> > When running
> > sudo xl console sys-net
> >
> > I get
> > xenconsole: Could not read tty from store: No such file or directory
> >
> > Hmm..
>
> Try that with xl console -t pv sys-net
>
> (Use Ctrl+] to step out from console session onmce you're connected)
>

Yes, I googled around, and that seems to work. I do have a console in
sys-net now.
I switched my  template for sys-net and sys-firewall out to fedora-28
(sorry for not mentioning).
It is vanilla fedora-28 template though. No modifications or anything.

I'll try and see if I can get a connection to my network when I get home.
>From there it should be smooth sailing.

Need to brush up my ip toolchain usage :)

Thank you so far for everything!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2B3%2BOvgDoMjupVbDB2EdkfQcn5igMvTaewJdotm%3DQ4QkempitQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 02:58:37PM +0100, 'Ahmed Al Aqtash' via qubes-users 
wrote:
> Den tir. 13. nov. 2018 kl. 14.50 skrev unman :
> 
> > On Tue, Nov 13, 2018 at 02:22:49PM +0100, 'Ahmed Al Aqtash' via
> > qubes-users wrote:
> > > Den tir. 13. nov. 2018 kl. 14.12 skrev unman  > >:
> > >
> > > > On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> > > > qubes-users wrote:
> > > > > Den tir. 13. nov. 2018 kl. 13.38 skrev unman <
> > un...@thirdeyesecurity.org
> > > > > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> > > > >
> > > > > Nothing happens when I run qvm-start --verbose sys-net. It just
> > starts as
> > > > > if nothing is wrong. No feedback in the terminal.
> > > > > If I run it again, while sys-net is running, is simply outputs that
> > > > sys-net
> > > > > is already running.
> > > > >
> > > >
> > > > That's good.
> > > > Can you confirm you're using sys-firewall as updateVM?
> > > > qubes-prefs in dom0 - look at value for updatevm
> > > >
> > > >
> > > sys-firewall is set as updateVM yes
> > >
> > >
> > > > If so, when you start sys-firewall, and try again, do you get the same
> > > > response?
> > > >
> > > >
> > > Yes, the exact same response.
> > > It starts up as normal, then gives the message stating that it is already
> > > running.
> > >
> > > What is the output when you attempt the install?
> > >
> > >
> > > Well, I know that I am not connected to anything right now, since there
> > is
> > > no wifi near me that I have connected to before.
> > > I tried beaming from my phone, and it didn't say that anything was
> > > connected.
> > > The output when I run:
> > > sudo qubes-dom0-update qubes-gui-dom0
> > >
> > > Is:
> > > Using sys-firewall as UpdateVM to download updates for Dom0; this may
> > take
> > > some time...
> > > Failed to synchronize cache for repo 'updates', disabling.
> > > Failed to synchronize cache for repo 'fedora', disabling.
> > > Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
> > > Failed to synchronize cache for repo 'qubes-templates-itl', disabling.
> > > No match for argument: qubes-gui-dom0
> > > Error: Unable to find a match
> > >
> > > It takes a while for it to bail out.
> >
> > Well obviously we need to pick this up again when you're able to
> > connect. Let me know when that is.
> > You can get a terminal in sys-net by running in dom0:
> > sudo xl console sys-net
> > Log in as root
> > You can then check network status using ip tools.
> >
> 
> I wanted to check if I could get the console up at least, but that doesn't
> seem to work.
> When running
> sudo xl console sys-net
> 
> I get
> xenconsole: Could not read tty from store: No such file or directory
> 
> Hmm..

Try that with xl console -t pv sys-net

(Use Ctrl+] to step out from console session onmce you're connected)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113140616.65pwsxdnuhhjdaan%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 02:58:37PM +0100, 'Ahmed Al Aqtash' via qubes-users 
wrote:
> Den tir. 13. nov. 2018 kl. 14.50 skrev unman :
> 
> > On Tue, Nov 13, 2018 at 02:22:49PM +0100, 'Ahmed Al Aqtash' via
> > qubes-users wrote:
> > > Den tir. 13. nov. 2018 kl. 14.12 skrev unman  > >:
> > >
> > > > On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> > > > qubes-users wrote:
> > > > > Den tir. 13. nov. 2018 kl. 13.38 skrev unman <
> > un...@thirdeyesecurity.org
> > > > > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> > > > >
> > > > > Nothing happens when I run qvm-start --verbose sys-net. It just
> > starts as
> > > > > if nothing is wrong. No feedback in the terminal.
> > > > > If I run it again, while sys-net is running, is simply outputs that
> > > > sys-net
> > > > > is already running.
> > > > >
> > > >
> > > > That's good.
> > > > Can you confirm you're using sys-firewall as updateVM?
> > > > qubes-prefs in dom0 - look at value for updatevm
> > > >
> > > >
> > > sys-firewall is set as updateVM yes
> > >
> > >
> > > > If so, when you start sys-firewall, and try again, do you get the same
> > > > response?
> > > >
> > > >
> > > Yes, the exact same response.
> > > It starts up as normal, then gives the message stating that it is already
> > > running.
> > >
> > > What is the output when you attempt the install?
> > >
> > >
> > > Well, I know that I am not connected to anything right now, since there
> > is
> > > no wifi near me that I have connected to before.
> > > I tried beaming from my phone, and it didn't say that anything was
> > > connected.
> > > The output when I run:
> > > sudo qubes-dom0-update qubes-gui-dom0
> > >
> > > Is:
> > > Using sys-firewall as UpdateVM to download updates for Dom0; this may
> > take
> > > some time...
> > > Failed to synchronize cache for repo 'updates', disabling.
> > > Failed to synchronize cache for repo 'fedora', disabling.
> > > Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
> > > Failed to synchronize cache for repo 'qubes-templates-itl', disabling.
> > > No match for argument: qubes-gui-dom0
> > > Error: Unable to find a match
> > >
> > > It takes a while for it to bail out.
> >
> > Well obviously we need to pick this up again when you're able to
> > connect. Let me know when that is.
> > You can get a terminal in sys-net by running in dom0:
> > sudo xl console sys-net
> > Log in as root
> > You can then check network status using ip tools.
> >
> 
> I wanted to check if I could get the console up at least, but that doesn't
> seem to work.
> When running
> sudo xl console sys-net
> 
> I get
> xenconsole: Could not read tty from store: No such file or directory
> 
> Hmm..
> 

What template are you using for sys-net?
Can you open console for sys-firewall?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113140011.ztfmuei4qpbramju%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread 'Ahmed Al Aqtash' via qubes-users 
Den tir. 13. nov. 2018 kl. 14.50 skrev unman :

> On Tue, Nov 13, 2018 at 02:22:49PM +0100, 'Ahmed Al Aqtash' via
> qubes-users wrote:
> > Den tir. 13. nov. 2018 kl. 14.12 skrev unman  >:
> >
> > > On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> > > qubes-users wrote:
> > > > Den tir. 13. nov. 2018 kl. 13.38 skrev unman <
> un...@thirdeyesecurity.org
> > > > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> > > >
> > > > Nothing happens when I run qvm-start --verbose sys-net. It just
> starts as
> > > > if nothing is wrong. No feedback in the terminal.
> > > > If I run it again, while sys-net is running, is simply outputs that
> > > sys-net
> > > > is already running.
> > > >
> > >
> > > That's good.
> > > Can you confirm you're using sys-firewall as updateVM?
> > > qubes-prefs in dom0 - look at value for updatevm
> > >
> > >
> > sys-firewall is set as updateVM yes
> >
> >
> > > If so, when you start sys-firewall, and try again, do you get the same
> > > response?
> > >
> > >
> > Yes, the exact same response.
> > It starts up as normal, then gives the message stating that it is already
> > running.
> >
> > What is the output when you attempt the install?
> >
> >
> > Well, I know that I am not connected to anything right now, since there
> is
> > no wifi near me that I have connected to before.
> > I tried beaming from my phone, and it didn't say that anything was
> > connected.
> > The output when I run:
> > sudo qubes-dom0-update qubes-gui-dom0
> >
> > Is:
> > Using sys-firewall as UpdateVM to download updates for Dom0; this may
> take
> > some time...
> > Failed to synchronize cache for repo 'updates', disabling.
> > Failed to synchronize cache for repo 'fedora', disabling.
> > Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
> > Failed to synchronize cache for repo 'qubes-templates-itl', disabling.
> > No match for argument: qubes-gui-dom0
> > Error: Unable to find a match
> >
> > It takes a while for it to bail out.
>
> Well obviously we need to pick this up again when you're able to
> connect. Let me know when that is.
> You can get a terminal in sys-net by running in dom0:
> sudo xl console sys-net
> Log in as root
> You can then check network status using ip tools.
>

I wanted to check if I could get the console up at least, but that doesn't
seem to work.
When running
sudo xl console sys-net

I get
xenconsole: Could not read tty from store: No such file or directory

Hmm..

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2B3%2BOviOhPxA1kFYoZqAWXfmVx-uJN91NcRFuEPe5YQch9p5ig%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 02:22:49PM +0100, 'Ahmed Al Aqtash' via qubes-users 
wrote:
> Den tir. 13. nov. 2018 kl. 14.12 skrev unman :
> 
> > On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> > qubes-users wrote:
> > > Den tir. 13. nov. 2018 kl. 13.38 skrev unman  > > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> > >
> > > Nothing happens when I run qvm-start --verbose sys-net. It just starts as
> > > if nothing is wrong. No feedback in the terminal.
> > > If I run it again, while sys-net is running, is simply outputs that
> > sys-net
> > > is already running.
> > >
> >
> > That's good.
> > Can you confirm you're using sys-firewall as updateVM?
> > qubes-prefs in dom0 - look at value for updatevm
> >
> >
> sys-firewall is set as updateVM yes
> 
> 
> > If so, when you start sys-firewall, and try again, do you get the same
> > response?
> >
> >
> Yes, the exact same response.
> It starts up as normal, then gives the message stating that it is already
> running.
> 
> What is the output when you attempt the install?
> 
> 
> Well, I know that I am not connected to anything right now, since there is
> no wifi near me that I have connected to before.
> I tried beaming from my phone, and it didn't say that anything was
> connected.
> The output when I run:
> sudo qubes-dom0-update qubes-gui-dom0
> 
> Is:
> Using sys-firewall as UpdateVM to download updates for Dom0; this may take
> some time...
> Failed to synchronize cache for repo 'updates', disabling.
> Failed to synchronize cache for repo 'fedora', disabling.
> Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
> Failed to synchronize cache for repo 'qubes-templates-itl', disabling.
> No match for argument: qubes-gui-dom0
> Error: Unable to find a match
> 
> It takes a while for it to bail out.

Well obviously we need to pick this up again when you're able to
connect. Let me know when that is.
You can get a terminal in sys-net by running in dom0:
sudo xl console sys-net
Log in as root
You can then check network status using ip tools.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113135035.hgwc7wterdde6swk%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread 'Ahmed Al Aqtash' via qubes-users 
Den tir. 13. nov. 2018 kl. 14.12 skrev unman :

> On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via
> qubes-users wrote:
> > Den tir. 13. nov. 2018 kl. 13.38 skrev unman  >:
> >
> > > On Tue, Nov 13, 2018 at 04:31:49AM -0800, aaq via qubes-users wrote:
> > > > tirsdag den 13. november 2018 kl. 12.26.58 UTC+1 skrev unman:
> > > > > On Tue, Nov 13, 2018 at 12:00:40AM -0800, aaq via qubes-users
> wrote:
> > > > > > Hello!
> > > > > >
> > > > > > I have broken the GUI in dom0 in some weird way.
> > > > > > I tried to install KDE, then I tried to remove it again, before
> > > realising that I was fine with having it. Unfortunately, when I wanted
> to
> > > reinstall it, dnf kept saying that I already had the group installed,
> so I
> > > couldn't just run the `sudo qubes-dom0-update @kde-desktop-qubes`.
> > > > > >
> > > > > > I ended up doing a `sudo dnf remove @kde` in dom0, which
> resulted in
> > > the package `qubes-gui-dom0` being deleted. I assume this is the
> package
> > > that is needed to show GUI from different VMs.
> > > > > >
> > > > > > Basically, dom0 works fine. All of dom0 GUI works as intended, I
> am
> > > happily using KDE and SDDM. With that being said, none of my VMs work,
> so I
> > > can't really use my machine for anything.
> > > > > >
> > > > > > I found this thread
> > > https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg
> > > > > >
> > > > > > But I cannot start VMs with `--no-guid` flag. I cannot for the
> love
> > > of my life get the package back.. I haven't cleared my cache or
> anything,
> > > but for some reason I am not able to install `qubes-gui-dom0` again
> without
> > > a network connection. Since my VMs don't start properly, I don't have
> > > network.
> > > > > >
> > > > > > Is there any solution to this :S
> > > > > >
> > > > > > PS: I backed up all my VMs the other day (happy coincidence) so I
> > > guess I could just reinstall, but I am quite happy with my current
> install
> > > :(
> > > > > >
> > > > > > Thanks for any input!
> > > > > >
> > > > >
> > > > > The obvious solution would be to download the files in another
> machine
> > > > > and then transfer them to dom0 using a transfer disk.
> > > > > If you're on a laptop and have a sys-usb set up then you will need
> to
> > > > > interrupt boot and edit the kernel parameters to remove the section
> > > that
> > > > > says rd.qubes.hide_all_usb  - that will allow you to connect USB to
> > > > > dom0 at some cost to your security.
> > > > >
> > > > > If you dont want to do that we can try troubleshooting your
> inability
> > > > > to start headless qubes.
> > > > > If you wnat to do that then try starting just sys-net from the
> command
> > > > > line and check the logs, and report back any error from the logs or
> > > > > command line.
> > > >
> > > > Thank you so much for you time!
> > > > When having all Qubes shutdown, I run
> > > > qvm-start --verbose sys-net
> > > >
> > > > No feedback in the terminal. I cannot seem to find anything in the
> logs
> > > that might seem interesting either. I don't know if I am looking the
> wrong
> > > places.
> > > >
> > > > I looked into /var/logs/qubes/ and then anything with sys-net in it.
> I
> > > also looked at the xen logs for the VM, but again, I can't seem to find
> > > anything special that stands out.
> > >
> > > You havent said what version of Qubes you are running.
> > > What happens when you run qvm-start --verbose sys-net again?
> > >
> >
> > I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> >
> > Nothing happens when I run qvm-start --verbose sys-net. It just starts as
> > if nothing is wrong. No feedback in the terminal.
> > If I run it again, while sys-net is running, is simply outputs that
> sys-net
> > is already running.
> >
>
> That's good.
> Can you confirm you're using sys-firewall as updateVM?
> qubes-prefs in dom0 - look at value for updatevm
>
>
sys-firewall is set as updateVM yes


> If so, when you start sys-firewall, and try again, do you get the same
> response?
>
>
Yes, the exact same response.
It starts up as normal, then gives the message stating that it is already
running.

What is the output when you attempt the install?


Well, I know that I am not connected to anything right now, since there is
no wifi near me that I have connected to before.
I tried beaming from my phone, and it didn't say that anything was
connected.
The output when I run:
sudo qubes-dom0-update qubes-gui-dom0

Is:
Using sys-firewall as UpdateVM to download updates for Dom0; this may take
some time...
Failed to synchronize cache for repo 'updates', disabling.
Failed to synchronize cache for repo 'fedora', disabling.
Failed to synchronize cache for repo 'qubes-dom0-current', disabling.
Failed to synchronize cache for repo 'qubes-templates-itl', disabling.
No match for argument: qubes-gui-dom0
Error: Unable to find a match

It takes a while for it to bail out.

-- 
You received this message because you are subscribed to the Google

Re: [qubes-users] qvm-trim-template hung now stuck with remnants of the process

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 02:14:45PM +0100, cubit wrote:
> 13. Nov 2018 11:09 by un...@thirdeyesecurity.org 
> :
> 
> >>
> >> Thank you for the suggestion unman, when I do the `--just-db` step 
> >> outlined it tells me
> >>
> >> A VM with the name 'trim-whonix-gw-14' does not exist in the system.
> >>
> >> I've also tried this before deleting the AppVM that trim creates but the 
> >> error is the same
> >>
> >> CuBit
> >
> > Try virsh -c xen:/// undefine trim-whonix-gw-14
> >
> 
> Success!  Thank you.
> 
> is it just a case of running that and rm'ing the appvm directory to remove a 
> trim appvm?  I did not see any of the menu items being created during the 
> process
> 
> CuBit

yes, that should do it.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113132059.ya2ynd3tbipqhlp7%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-trim-template hung now stuck with remnants of the process

2018-11-13 Thread cubit 
13. Nov 2018 11:09 by un...@thirdeyesecurity.org 
:

>>
>> Thank you for the suggestion unman, when I do the `--just-db` step outlined 
>> it tells me
>>
>> A VM with the name 'trim-whonix-gw-14' does not exist in the system.
>>
>> I've also tried this before deleting the AppVM that trim creates but the 
>> error is the same
>>
>> CuBit
>
> Try virsh -c xen:/// undefine trim-whonix-gw-14
>




Success!  Thank you.




is it just a case of running that and rm'ing the appvm directory to remove a 
trim appvm?  I did not see any of the menu items being created during the 
process






CuBit






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRCCQuK--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 01:46:39PM +0100, 'Ahmed Al Aqtash' via qubes-users 
wrote:
> Den tir. 13. nov. 2018 kl. 13.38 skrev unman :
> 
> > On Tue, Nov 13, 2018 at 04:31:49AM -0800, aaq via qubes-users wrote:
> > > tirsdag den 13. november 2018 kl. 12.26.58 UTC+1 skrev unman:
> > > > On Tue, Nov 13, 2018 at 12:00:40AM -0800, aaq via qubes-users wrote:
> > > > > Hello!
> > > > >
> > > > > I have broken the GUI in dom0 in some weird way.
> > > > > I tried to install KDE, then I tried to remove it again, before
> > realising that I was fine with having it. Unfortunately, when I wanted to
> > reinstall it, dnf kept saying that I already had the group installed, so I
> > couldn't just run the `sudo qubes-dom0-update @kde-desktop-qubes`.
> > > > >
> > > > > I ended up doing a `sudo dnf remove @kde` in dom0, which resulted in
> > the package `qubes-gui-dom0` being deleted. I assume this is the package
> > that is needed to show GUI from different VMs.
> > > > >
> > > > > Basically, dom0 works fine. All of dom0 GUI works as intended, I am
> > happily using KDE and SDDM. With that being said, none of my VMs work, so I
> > can't really use my machine for anything.
> > > > >
> > > > > I found this thread
> > https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg
> > > > >
> > > > > But I cannot start VMs with `--no-guid` flag. I cannot for the love
> > of my life get the package back.. I haven't cleared my cache or anything,
> > but for some reason I am not able to install `qubes-gui-dom0` again without
> > a network connection. Since my VMs don't start properly, I don't have
> > network.
> > > > >
> > > > > Is there any solution to this :S
> > > > >
> > > > > PS: I backed up all my VMs the other day (happy coincidence) so I
> > guess I could just reinstall, but I am quite happy with my current install
> > :(
> > > > >
> > > > > Thanks for any input!
> > > > >
> > > >
> > > > The obvious solution would be to download the files in another machine
> > > > and then transfer them to dom0 using a transfer disk.
> > > > If you're on a laptop and have a sys-usb set up then you will need to
> > > > interrupt boot and edit the kernel parameters to remove the section
> > that
> > > > says rd.qubes.hide_all_usb  - that will allow you to connect USB to
> > > > dom0 at some cost to your security.
> > > >
> > > > If you dont want to do that we can try troubleshooting your inability
> > > > to start headless qubes.
> > > > If you wnat to do that then try starting just sys-net from the command
> > > > line and check the logs, and report back any error from the logs or
> > > > command line.
> > >
> > > Thank you so much for you time!
> > > When having all Qubes shutdown, I run
> > > qvm-start --verbose sys-net
> > >
> > > No feedback in the terminal. I cannot seem to find anything in the logs
> > that might seem interesting either. I don't know if I am looking the wrong
> > places.
> > >
> > > I looked into /var/logs/qubes/ and then anything with sys-net in it. I
> > also looked at the xen logs for the VM, but again, I can't seem to find
> > anything special that stands out.
> >
> > You havent said what version of Qubes you are running.
> > What happens when you run qvm-start --verbose sys-net again?
> >
> 
> I am running Qubes OS 4.0.0, only vanilla repos, only stable.
> 
> Nothing happens when I run qvm-start --verbose sys-net. It just starts as
> if nothing is wrong. No feedback in the terminal.
> If I run it again, while sys-net is running, is simply outputs that sys-net
> is already running.
> 

That's good.
Can you confirm you're using sys-firewall as updateVM?
qubes-prefs in dom0 - look at value for updatevm

If so, when you start sys-firewall, and try again, do you get the same
response?

What is the output when you attempt the install? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113131236.j44h32mneybsbnwk%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread 'keshajournalism' via qubes-users 
I tought about buying the x230, but for me, the screen is a little to small, 
and i feel like the x230 looks a bit ugly *.* To me apple-products look the 
best, but apparently there are none with coreboot.
I therefor bought myself an X1 Carbon with a nitrokey from cryptogs.de , 
altough id like to have more ram for windows.
The X230 was recommend to me by them to be more secure, apparently an t400 
would have been even better with libreboot, but they are just way to old an 
slow for me.

cheerio

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/DFvULr6Ewgja53ThvuTOr_M_iNYFNzuZX7hk6uiSeqMB2nO4DCLPoPxH8VwuANXpU-HcBvdH5oKacAa4AhCtar60Eivl5d8JFxVz0WTSHKg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread 'Ahmed Al Aqtash' via qubes-users 
Den tir. 13. nov. 2018 kl. 13.38 skrev unman :

> On Tue, Nov 13, 2018 at 04:31:49AM -0800, aaq via qubes-users wrote:
> > tirsdag den 13. november 2018 kl. 12.26.58 UTC+1 skrev unman:
> > > On Tue, Nov 13, 2018 at 12:00:40AM -0800, aaq via qubes-users wrote:
> > > > Hello!
> > > >
> > > > I have broken the GUI in dom0 in some weird way.
> > > > I tried to install KDE, then I tried to remove it again, before
> realising that I was fine with having it. Unfortunately, when I wanted to
> reinstall it, dnf kept saying that I already had the group installed, so I
> couldn't just run the `sudo qubes-dom0-update @kde-desktop-qubes`.
> > > >
> > > > I ended up doing a `sudo dnf remove @kde` in dom0, which resulted in
> the package `qubes-gui-dom0` being deleted. I assume this is the package
> that is needed to show GUI from different VMs.
> > > >
> > > > Basically, dom0 works fine. All of dom0 GUI works as intended, I am
> happily using KDE and SDDM. With that being said, none of my VMs work, so I
> can't really use my machine for anything.
> > > >
> > > > I found this thread
> https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg
> > > >
> > > > But I cannot start VMs with `--no-guid` flag. I cannot for the love
> of my life get the package back.. I haven't cleared my cache or anything,
> but for some reason I am not able to install `qubes-gui-dom0` again without
> a network connection. Since my VMs don't start properly, I don't have
> network.
> > > >
> > > > Is there any solution to this :S
> > > >
> > > > PS: I backed up all my VMs the other day (happy coincidence) so I
> guess I could just reinstall, but I am quite happy with my current install
> :(
> > > >
> > > > Thanks for any input!
> > > >
> > >
> > > The obvious solution would be to download the files in another machine
> > > and then transfer them to dom0 using a transfer disk.
> > > If you're on a laptop and have a sys-usb set up then you will need to
> > > interrupt boot and edit the kernel parameters to remove the section
> that
> > > says rd.qubes.hide_all_usb  - that will allow you to connect USB to
> > > dom0 at some cost to your security.
> > >
> > > If you dont want to do that we can try troubleshooting your inability
> > > to start headless qubes.
> > > If you wnat to do that then try starting just sys-net from the command
> > > line and check the logs, and report back any error from the logs or
> > > command line.
> >
> > Thank you so much for you time!
> > When having all Qubes shutdown, I run
> > qvm-start --verbose sys-net
> >
> > No feedback in the terminal. I cannot seem to find anything in the logs
> that might seem interesting either. I don't know if I am looking the wrong
> places.
> >
> > I looked into /var/logs/qubes/ and then anything with sys-net in it. I
> also looked at the xen logs for the VM, but again, I can't seem to find
> anything special that stands out.
>
> You havent said what version of Qubes you are running.
> What happens when you run qvm-start --verbose sys-net again?
>

I am running Qubes OS 4.0.0, only vanilla repos, only stable.

Nothing happens when I run qvm-start --verbose sys-net. It just starts as
if nothing is wrong. No feedback in the terminal.
If I run it again, while sys-net is running, is simply outputs that sys-net
is already running.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2B3%2BOvirhq__WsLXHKjnppPbxfAPq1%2B3qHjcKa2UP%2BFgbwFh6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Ivan Mitev 




On 11/13/18 1:44 PM, Achim Patzner wrote:

On 20181113 at 06:44 +0200 Ivan Mitev wrote:

I've also added a note about QWT 4 breaking *new* HVMs (I thought the
breakage was only when updating from QWT3 to QWT4). It seems it's a
hit-or-miss process, IIRC some users managed to have QWT4 running.


The real problem with these tools is not being able to install and
deinstall them in steps. Somewhere along the way I lost libvirt and
there is no easy way to just put it where it belongs. Using the
installer to "repair" the system breaks it because it is messing with
the drivers. If you uninstall completely you break the system with the
reinstallation. All in all it worked better NOT to use the Qubes tools
but the XEN installers and add the Qubes video driver later.


The installer allows custom installations where you can select 
components but I agree that it'd be more flexible to have the tools 
split in several packages.



What value, if anything, should go under Gateway in the VM? The ip address 
shown by Qubes as belonging to the network-providing VM itself, ie Sys-Net or 
Sys-Firewall, namely 10.137.0.6 ? Or something else?


The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have
a fancy vpn/firewall setup, it's likely 10.137.0.6.


This is another joke I'm not understanding. Ok, no DHCP for the
unwashed masses. But if I have qubes-rpc working, why not inject the
necessary settings using this mechanism?


[ What do you mean by "another joke" ? ]

There is a dhcp server in XEN's stub domain, that's why networking works 
out of the box on plain windows VMs. The problem is that the PV network 
driver (installed by QWT or manually from XEN windows PV drivers) 
bypasses the stub-domain networking [1].


Workarounds:
- use QWT 4 (if it works for you).
- or, use QWT 3 and configure the network manually
- or, don't use the network PV driver, which should be perfectly fine 
for VMs used for casual browsing.


Re- rpc settings: IIRC the qubes network service provided by QWT reads 
the ip/dns/gw/... values from the exposed keys [2] and sets the network 
accordingly.


[1] https://groups.google.com/forum/#!topic/qubes-users/EXAcxrD7ZQU
[2] https://www.qubes-os.org/doc/vm-interface/






Achim



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6bb55a58-b067-ac6d-4978-944d5b0128e7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 04:31:49AM -0800, aaq via qubes-users wrote:
> tirsdag den 13. november 2018 kl. 12.26.58 UTC+1 skrev unman:
> > On Tue, Nov 13, 2018 at 12:00:40AM -0800, aaq via qubes-users wrote:
> > > Hello!
> > > 
> > > I have broken the GUI in dom0 in some weird way.
> > > I tried to install KDE, then I tried to remove it again, before realising 
> > > that I was fine with having it. Unfortunately, when I wanted to reinstall 
> > > it, dnf kept saying that I already had the group installed, so I couldn't 
> > > just run the `sudo qubes-dom0-update @kde-desktop-qubes`.
> > > 
> > > I ended up doing a `sudo dnf remove @kde` in dom0, which resulted in the 
> > > package `qubes-gui-dom0` being deleted. I assume this is the package that 
> > > is needed to show GUI from different VMs.
> > > 
> > > Basically, dom0 works fine. All of dom0 GUI works as intended, I am 
> > > happily using KDE and SDDM. With that being said, none of my VMs work, so 
> > > I can't really use my machine for anything.
> > > 
> > > I found this thread 
> > > https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg
> > > 
> > > But I cannot start VMs with `--no-guid` flag. I cannot for the love of my 
> > > life get the package back.. I haven't cleared my cache or anything, but 
> > > for some reason I am not able to install `qubes-gui-dom0` again without a 
> > > network connection. Since my VMs don't start properly, I don't have 
> > > network.
> > > 
> > > Is there any solution to this :S
> > > 
> > > PS: I backed up all my VMs the other day (happy coincidence) so I guess I 
> > > could just reinstall, but I am quite happy with my current install :(
> > > 
> > > Thanks for any input!
> > > 
> > 
> > The obvious solution would be to download the files in another machine
> > and then transfer them to dom0 using a transfer disk.
> > If you're on a laptop and have a sys-usb set up then you will need to
> > interrupt boot and edit the kernel parameters to remove the section that
> > says rd.qubes.hide_all_usb  - that will allow you to connect USB to
> > dom0 at some cost to your security.
> > 
> > If you dont want to do that we can try troubleshooting your inability
> > to start headless qubes.
> > If you wnat to do that then try starting just sys-net from the command
> > line and check the logs, and report back any error from the logs or
> > command line.
> 
> Thank you so much for you time!
> When having all Qubes shutdown, I run
> qvm-start --verbose sys-net
> 
> No feedback in the terminal. I cannot seem to find anything in the logs that 
> might seem interesting either. I don't know if I am looking the wrong places.
> 
> I looked into /var/logs/qubes/ and then anything with sys-net in it. I also 
> looked at the xen logs for the VM, but again, I can't seem to find anything 
> special that stands out.

You havent said what version of Qubes you are running.
What happens when you run qvm-start --verbose sys-net again?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113123817.rm6nfertcf26l2xr%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread aaq via qubes-users 
tirsdag den 13. november 2018 kl. 12.26.58 UTC+1 skrev unman:
> On Tue, Nov 13, 2018 at 12:00:40AM -0800, aaq via qubes-users wrote:
> > Hello!
> > 
> > I have broken the GUI in dom0 in some weird way.
> > I tried to install KDE, then I tried to remove it again, before realising 
> > that I was fine with having it. Unfortunately, when I wanted to reinstall 
> > it, dnf kept saying that I already had the group installed, so I couldn't 
> > just run the `sudo qubes-dom0-update @kde-desktop-qubes`.
> > 
> > I ended up doing a `sudo dnf remove @kde` in dom0, which resulted in the 
> > package `qubes-gui-dom0` being deleted. I assume this is the package that 
> > is needed to show GUI from different VMs.
> > 
> > Basically, dom0 works fine. All of dom0 GUI works as intended, I am happily 
> > using KDE and SDDM. With that being said, none of my VMs work, so I can't 
> > really use my machine for anything.
> > 
> > I found this thread 
> > https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg
> > 
> > But I cannot start VMs with `--no-guid` flag. I cannot for the love of my 
> > life get the package back.. I haven't cleared my cache or anything, but for 
> > some reason I am not able to install `qubes-gui-dom0` again without a 
> > network connection. Since my VMs don't start properly, I don't have network.
> > 
> > Is there any solution to this :S
> > 
> > PS: I backed up all my VMs the other day (happy coincidence) so I guess I 
> > could just reinstall, but I am quite happy with my current install :(
> > 
> > Thanks for any input!
> > 
> 
> The obvious solution would be to download the files in another machine
> and then transfer them to dom0 using a transfer disk.
> If you're on a laptop and have a sys-usb set up then you will need to
> interrupt boot and edit the kernel parameters to remove the section that
> says rd.qubes.hide_all_usb  - that will allow you to connect USB to
> dom0 at some cost to your security.
> 
> If you dont want to do that we can try troubleshooting your inability
> to start headless qubes.
> If you wnat to do that then try starting just sys-net from the command
> line and check the logs, and report back any error from the logs or
> command line.

Thank you so much for you time!
When having all Qubes shutdown, I run
qvm-start --verbose sys-net

No feedback in the terminal. I cannot seem to find anything in the logs that 
might seem interesting either. I don't know if I am looking the wrong places.

I looked into /var/logs/qubes/ and then anything with sys-net in it. I also 
looked at the xen logs for the VM, but again, I can't seem to find anything 
special that stands out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f1921d0-3bdd-422b-ab29-2e577e893d3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Achim Patzner 
On 20181113 at 06:44 +0200 Ivan Mitev wrote:
> I've also added a note about QWT 4 breaking *new* HVMs (I thought the 
> breakage was only when updating from QWT3 to QWT4). It seems it's a 
> hit-or-miss process, IIRC some users managed to have QWT4 running.

The real problem with these tools is not being able to install and
deinstall them in steps. Somewhere along the way I lost libvirt and
there is no easy way to just put it where it belongs. Using the
installer to "repair" the system breaks it because it is messing with
the drivers. If you uninstall completely you break the system with the
reinstallation. All in all it worked better NOT to use the Qubes tools
but the XEN installers and add the Qubes video driver later.

> > What value, if anything, should go under Gateway in the VM? The ip address 
> > shown by Qubes as belonging to the network-providing VM itself, ie Sys-Net 
> > or Sys-Firewall, namely 10.137.0.6 ? Or something else?
> 
> The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have 
> a fancy vpn/firewall setup, it's likely 10.137.0.6.

This is another joke I'm not understanding. Ok, no DHCP for the
unwashed masses. But if I have qubes-rpc working, why not inject the
necessary settings using this mechanism?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74949a1f504baa8c94af509a063e022bf6a17661.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Achim Patzner 
On 20181112 at 20:52 +0200 Ivan Mitev wrote:
You do not need to quote a full message as a block; just coppy what you
really refer to.

> Since you mention that the network is functional without QWT
> installed there's probably an issue with your ip settings in the
> windows HVM.

Not necessarily so; it depends on how much of what has been installed
and updated at what point.

I've just finished setting up a new Windows 7 HVM, too. The up to now
best route for me was installing an original Windows 7 SP 1 medium and
then spend about two days of updating it (including 28 reboots...)
before even trying to install the tools package.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b713b5b973be4184915513bac3fd39b0b145c02.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread qubes-fan 
Hi Thiery, I wasn't aware the X230 can be freed same way as the X200 can. As 
you saw, I am thinking about buying the RYF https://tehnoetic.com/tet-t400s 
 to be able to run with the Qubes 4. The  
T400s has but unfortunately 8GB RAM max and so the X230 with 16GB seems very 
interesting.

So my question is if the X230 is really deprived of all ME-AMT, or any non-free 
dirt? If this is the case, your offer seems really interesting with all 
mentioned options available. I also use the RYF X200 for non-Qubes activities, 
but it would be just excellent if I could have just one machine for 
Qubes+non-Qubes too. 


Nov 12, 2018, 7:30 AM by thierry.laur...@gmail.com:

> Hi!
>
>> I checked out the x230 and you are right they are available and cheap. I 
>> would still be interested in finding some company/individual who I can trust 
>> to take care of the BIOS flashing for me as a service(I would think others 
>> would also want this service as well...). The problem is who?
>>
> I started Insurgo Technologies Libres/Open Technologies exactly for that! (> 
> https://www.facebook.com/InsurgoTech/insights/?section=navPosts 
> > )
>
> We actually reprogram A-Grade refurbished x230 with Heads firmware (> 
> http://osresearch.net/ > ), while neutralizing Intel 
> ME (> 
> https://github.com/osresearch/heads-wiki/blob/master/Clean-the-ME-firmware.md 
> >
>  ) while being there.
>
> I collaborate with Heads and QubesOS developers for a while now.. 
> QubesOS can even be preinstalled with user's desired customizations (> 
> https://github.com/SkypLabs/my-qubes-os-formula/issues 
> > ) or shipped with 
> latest QubesOS ISO on external MicroSD support. Heads validates ISO integrity 
> with distribution's signing keys prior to boot them (Tails, Fedora, QubesOS).
>
> Heads, deployed with a Nitrokey Pro v2/LibremKey or by using internal TPM, 
> validates rom' integrity before booting from it. With the help of a 
> NitroKey/LibremKey (> https://puri.sm/posts/introducing-the-librem-key/ 
> > ), the boot 
> configurations are signed with user's keys and verified and the firmware 
> integrity is attested at each reboot through HOTP (led flashing or TPMTOTP on 
> user's cell phone through Google Authenticator or compatible app.
>
> The user receives the Nitrokey/LibremKey and his computer in distinct 
> shipping packages and reunites at first laptop boot to attest that the 
> firmware of the computer has not been tampered with in transit. (> 
> https://puri.sm/posts/introducing-the-librem-key/ 
> > ). 
>
> The user, upon bootup integrity attestation, proceeds to the ownership of his 
> new laptop (TPM) and his LibremKey. The user is then invited to reencrypt his 
> SSD encrypted content with it's own chosen passphrase(> 
> https://github.com/osresearch/heads/issues/463 
> > ) and to choose a secondary 
> disk unlock passphrase, which will unlock encrypted disk content only if the 
> firmware has boot attested integrity.
>
> Notes: 
> The user will be able to ask > Insurgo>  interactive support in the near 
> future. (> https://github.com/SkypLabs/my-qubes-os-formula/issues/6 
> > ). 
> Buying from>  Insurgo (ITL/IOT)>  funds directly my participation to those 
> projects.
> Bulk discount are available upon request. Insurgo plans to transit into a 
> working/buying cooperative in the near future. 
>
>
> Prices are in Canadian Dollars (CDN)
> x230>  i5 240GB SSD 16GB Webcam and IPS: $620 
> Hardware reprogramming fee: +250$ 
> Backlit Keyboard: 40$  (optional)
> Webcam 10$  (optional)
> Nitrokey/LibremKey: + 80$ 
> The refurbisher offers a warranty plan on the value of the purchase:
> 1 Month %5
> 3 Months %10
> 6 Months %15
> 1 Year %25
>
> Thierry Laurion:
> GitHub: > https://github.com/tlaurion/ 
> LinkedIn: > https://www.linkedin.com/in/thierry-laurion-40b4128/ 
> 
>
> Insurgo, Technologies Libres / Open Technologies:
> email: > insu...@riseup.net >  for more 
> information.
> GPG key: > http://keys.gnupg.net/pks/lookup?op=get=0x79C78E6659DB658F 
> 
> Follow this guide or it's platform equivalent: > 
> https://securityinabox.org/en/guide/thunderbird/mac/ 
> 
> Website: > https://Insurgo.ca 
> Facebook: > https://www.facebook.com/InsurgoTech/ 
> 
>
> On Sun, Nov 11, 2018 at 9:26 PM <>

Re: [qubes-users] Broken GUI Qubes 4

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 12:00:40AM -0800, aaq via qubes-users wrote:
> Hello!
> 
> I have broken the GUI in dom0 in some weird way.
> I tried to install KDE, then I tried to remove it again, before realising 
> that I was fine with having it. Unfortunately, when I wanted to reinstall it, 
> dnf kept saying that I already had the group installed, so I couldn't just 
> run the `sudo qubes-dom0-update @kde-desktop-qubes`.
> 
> I ended up doing a `sudo dnf remove @kde` in dom0, which resulted in the 
> package `qubes-gui-dom0` being deleted. I assume this is the package that is 
> needed to show GUI from different VMs.
> 
> Basically, dom0 works fine. All of dom0 GUI works as intended, I am happily 
> using KDE and SDDM. With that being said, none of my VMs work, so I can't 
> really use my machine for anything.
> 
> I found this thread 
> https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg
> 
> But I cannot start VMs with `--no-guid` flag. I cannot for the love of my 
> life get the package back.. I haven't cleared my cache or anything, but for 
> some reason I am not able to install `qubes-gui-dom0` again without a network 
> connection. Since my VMs don't start properly, I don't have network.
> 
> Is there any solution to this :S
> 
> PS: I backed up all my VMs the other day (happy coincidence) so I guess I 
> could just reinstall, but I am quite happy with my current install :(
> 
> Thanks for any input!
> 

The obvious solution would be to download the files in another machine
and then transfer them to dom0 using a transfer disk.
If you're on a laptop and have a sys-usb set up then you will need to
interrupt boot and edit the kernel parameters to remove the section that
says rd.qubes.hide_all_usb  - that will allow you to connect USB to
dom0 at some cost to your security.

If you dont want to do that we can try troubleshooting your inability
to start headless qubes.
If you wnat to do that then try starting just sys-net from the command
line and check the logs, and report back any error from the logs or
command line.

Best of luck 

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113112655.aae7uc6pbtjgjpg7%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] downloading to vault when there is not netvm is n/a?

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 06:45:03AM +0100, 799 wrote:
> Hello Stumpy,
> 
> Am Di., 13. Nov. 2018, 03:55 hat Stumpy  geschrieben:
> 
> > I was copying some things from my vaultvm to some othr appvms and got
> > this message:
> >
> > [user@vault Documents]$ qvm-copy file.txt
> > rm: cannot remove '/etc/hosts': No such file or directory
> > sudo: unable to resolve host personal: No such file or directory
> > [...]
> > I have no idea what it is talking about, how it downloaded anything when
> > the vault vm shows up in my qubes manager as having no network access
> > (which it shouldnt), or why qvm-copy file.txt would evoke some response
> > about the /etc/host file and/or start downloadings things.
> >
> 
> Can you please add the info which Qubes Version you are running and which
> template the vault-vm is using.
> Is the image a default Qubes image or has it been changed?
> I suggest to set a default template and make sure that no netvm is set,
> then run the steps again and look if you get the same results.
> 
> Or maybe create a new AppVM based on the same template like your vault-vm
> and run the same steps to check if this a reproducible effect.
> 
> I'll try to run the same steps on my Qubes 4 and my fedora-28-minimal based
> Vault VM
> 
> - O

paranoia mode kicks in. Obviously this should not be happening.
I dont suggest running this again, although the information that's been
asked for is crucial.
I would immediately isolate your machine from the network and be
prepared for some unpleasantness.I'm assuming that you have recent
backups - if not take them but bear in mind that your machine may
already be compromised.
I dont know what you have done in the meantime but I would *not* restart
vault.

Confirm that your vault has no netvm. (I mean *check* this.)
What is the content of the files you were copying?
Check the contents of the qvm-copy you were running. I mean run 
find -name qvm-copy as root from /
Then examine in a text editor the contents of those files, and the
qubesadmin file they refer to.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113112039.5u7cq3zqtrkqrwzm%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-trim-template hung now stuck with remnants of the process

2018-11-13 Thread unman 
On Tue, Nov 13, 2018 at 10:13:16AM +0100, cubit wrote:
> 13. Nov 2018 00:46 by un...@thirdeyesecurity.org 
> :
> 
> 
> > On Mon, Nov 12, 2018 at 08:47:43PM +0100, cubit wrote:
> >> I was running qvm-trim-template on my 6 templates - Qubes 3.2 -  but the 
> >> process looked to hang on 2 of them.   After 30 minutes of waiting 
> >> (usually 2-3 minutes max) I ctrl+c them
> >> This resulted in files being left behind blocking me from running 
> >> qvm-trim-template again on the problem ones.
> >>
> >>
> > Read > https://www.qubes-os.org/doc/remove-vm-manually 
> > 
> >
> > The libvirt error shows you need to manually remove that qube.
> >
> > qvm-remove just-db trim-whonix-gw-14
> >
> > unman
> >
> 
> 
> 
> 
> 
> 
> 
> Thank you for the suggestion unman, when I do the `--just-db` step outlined 
> it tells me
> 
> 
> 
> 
> A VM with the name 'trim-whonix-gw-14' does not exist in the system.
> 
> 
> 
> 
> I've also tried this before deleting the AppVM that trim creates but the 
> error is the same
> 
> 
> 
> 
> 
> 
> 
> CuBit

Try virsh -c xen:/// undefine trim-whonix-gw-14

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181113110935.2slgl4ag4ovevhls%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread qubes-fan 
Sorry to jump out of the Purism thing. Some weeks ago I put here the question 
too and it was bit stormy, so I keep it aside. 

Mate, you mention the "Lenova 400 series". That was my question short before in 
my post. I am planning to buy this guy: https://tehnoetic.com/tet-t400s 
 It is RYF and so the ME and AMT is completely 
removed. My question was, if I could run Qubes 4 on it. The answer was it is 
too old to have the required virtualization needed to run Qubes 4. 

Now, do you think the RYF T400s above, which si T400 series you mention, could 
run the Qubes 4? This would be great. One could run the reasonably secure OS on 
reasonably secure HW. Yay!


Nov 11, 2018, 6:07 AM by 22...@tutamail.com:

> Tough questions and discussion but in the spirit of finding the "best" we can 
> get laptop for Qubes 4.0  (Best being defined as: available to purchase, 
> priced right, most open, most "reasonably" secure and"reasonably simple" 
> to maintain), for me I see the following as my best options, ranked:
>
> Lenovo Carbon 5G X1
> Available
> Good RAM
> Little pricey
> Easy install/maintain? Not sure if I can flash these BIOS...
>
> Lenova 400 series
> Available
> Affordable
> Limited RAM?
> Little boxy
> Easier to install/maintain
>
> Librem 'what ever" model
> Available
> NOT Affordable
> Limited RAM?
> Reasonably easy to install/maintain!
>
> G505
> NOT as Available
> Affordable
> Limited RAM?
> Very boxy?
> Tough to install/maintain (Flash BIOS?? Out of my scope...)
>
>
> 200 series
> NOT as Available?
> Affordable
> Limited RAM?
> Very boxy?
> Tough to install/maintain! (Flash BIOS?? Out of my scope...)
>
>
> Dell/HP/Other?
> I don't know, but I suspect Qubes was developeded on Lenovo's yet select 
> models work
>
> Desk Tops
> I need a laptop...
>
> Keep in mind I might weigh some of the "Easy to install/maintain" perspective 
> more heavily but I see my best options as:
>
> 1)Carbon X1 being the ultimate winner (if I want to invest the $1k)
> 2)T400+ series for the budget concerned
> 3)Librem if you want to get the best you can with out the "fuss" and pay some 
> $$
> 4)G505/200 if you have the technical know-how/experience
>
>
> What I am struggling to weigh is the security/privacy/trust compromises and 
> implications I have made/would make? I know G505/200 type products are most 
> secure but how can I get one pre-installed and done (Easy) yet still balance 
> trust, security, afford-ability, etcI fear the open source BIOS are out 
> of my technical scope to install and maintain.
>
> I find Librem intriguing with the easiest "most" open source option for the 
> "reasonable" layman(person)...sure not Intel/AMD/government secure but at 
> least non chip maker collusion secure? Lets assume Librem screwed up 
> initially with their claimsare they clear now? Is their product a good 
> option?
>
> Decisions, Decisions...
>
>  
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/d53fd873-90fb-4426-b960-efd57aafb...@googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRBjPh9--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Removing KDE

2018-11-13 Thread Achim Patzner 
On 20181112 at 00:28 -0800 aaq via qubes-users wrote:
> Honestly I completely agree. If I was to use a DE I would definitely prefer 
> KDE or GNOME over XFCE (I sincerely hate XFCE, loose opinion held strongly)

Seconded. My ass is still in pain over getting it to run at 286 dpi,
especially if disp VMsneed to get everything, too. And I'm still trying
to get a handle on the nome-tools menu bar sizes. Getting KDE to agree
on a different resolution is definitely easier (although i fell in love
with Mint - you don't have to do anything, it's like MacOS on this
machine.)

> My machine only has 8 gb of RAM, and so far that is more enough for my usage, 
> but I fear if I bloat dom0 too much, that I might end up having some issues..

Right now it's CPU cores we're lacking, not RAM -- that can be added,
mobile CPUs are limited. But maybe that's because I once had a Sun
Tadpole, the only mobile computer thatever felt like having enough
horsepower.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22ad0b15ff48e5d2a89decd38a22fbc9ca510766.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Thinkpad T400s RYF

2018-11-13 Thread qubes-fan 
Outch, bad news :-( Basically I have only two options than: run reasonably 
secure QubesOS on a flawed-by-design-HW, or use RYF HW with not so secure OS. I 
am not maximalist, but you know, one doesn't go on boat that has holes in it, 
even he has nicely and safely packed cookies on board.

Or is there any other RYF laptop which could run QubesOS? Sad days, these days.


Nov 10, 2018, 4:43 PM by qubes-users@googlegroups.com:

> qubes-...@tutanota.com > :
>
>> Hi, I am thinking about getting the RYF T400s for Qubes 4. Is there anyone 
>> here who is running the T400s successfully with Qubes 4? If yes, how is the 
>> install/setup?
>>
>> https://tehnoetic.com/tet-t400s >>  <>> 
>> https://tehnoetic.com/tet-t400s >> >
>>
> It's a respectable piece of hardware, but I think it is too old to support 
> the hardware virtualization (VT-d) Qubes 4.0 requires.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/8d3d3601-b64e-77c5-3740-f89e41321...@danwin1210.me
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRBemDI--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-trim-template hung now stuck with remnants of the process

2018-11-13 Thread cubit 
13. Nov 2018 00:46 by un...@thirdeyesecurity.org 
:


> On Mon, Nov 12, 2018 at 08:47:43PM +0100, cubit wrote:
>> I was running qvm-trim-template on my 6 templates - Qubes 3.2 -  but the 
>> process looked to hang on 2 of them.   After 30 minutes of waiting (usually 
>> 2-3 minutes max) I ctrl+c them
>> This resulted in files being left behind blocking me from running 
>> qvm-trim-template again on the problem ones.
>>
>>
> Read > https://www.qubes-os.org/doc/remove-vm-manually 
> 
>
> The libvirt error shows you need to manually remove that qube.
>
> qvm-remove just-db trim-whonix-gw-14
>
> unman
>







Thank you for the suggestion unman, when I do the `--just-db` step outlined it 
tells me




A VM with the name 'trim-whonix-gw-14' does not exist in the system.




I've also tried this before deleting the AppVM that trim creates but the error 
is the same







CuBit






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRBL9PY--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Broken GUI Qubes 4

2018-11-13 Thread aaq via qubes-users 
Hello!

I have broken the GUI in dom0 in some weird way.
I tried to install KDE, then I tried to remove it again, before realising that 
I was fine with having it. Unfortunately, when I wanted to reinstall it, dnf 
kept saying that I already had the group installed, so I couldn't just run the 
`sudo qubes-dom0-update @kde-desktop-qubes`.

I ended up doing a `sudo dnf remove @kde` in dom0, which resulted in the 
package `qubes-gui-dom0` being deleted. I assume this is the package that is 
needed to show GUI from different VMs.

Basically, dom0 works fine. All of dom0 GUI works as intended, I am happily 
using KDE and SDDM. With that being said, none of my VMs work, so I can't 
really use my machine for anything.

I found this thread 
https://groups.google.com/forum/#!topic/qubes-users/7GeA1_xCeTg

But I cannot start VMs with `--no-guid` flag. I cannot for the love of my life 
get the package back.. I haven't cleared my cache or anything, but for some 
reason I am not able to install `qubes-gui-dom0` again without a network 
connection. Since my VMs don't start properly, I don't have network.

Is there any solution to this :S

PS: I backed up all my VMs the other day (happy coincidence) so I guess I could 
just reinstall, but I am quite happy with my current install :(

Thanks for any input!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a0f5ceb-2f24-42a4-beb0-2c4b335d5c46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.