Re: [qubes-users] is dom0 based on Fedora 25?
Btw, my next hardware purchase was specifically to run Linux with minimal fuss (Linux will run on just about anything if you invest the time to learn and iterate on fussing with it). I didn’t want to do that (been there, done that, too damned old to waste time) I wanted something that was as powerful as I could find that also would run Ubuntu or some othe popular distro straight out of the box. I started with a System76 Orynx Pro with almost maxed out hardware, taking a slight perf hit by avoiding the top of the line CPU which had vPro, 1070, 15” 4K, 32GB, etc. I loved it at first. It was perfect except for one crucial thing. It would only run on the battery for an hour. I sent it back. Next I bought a Dell XPS 15 9575, their latest version, with maxed out hardware. Dell doesn’t offer that line with Ubuntu preinstalled, but the XPS 13 does and I figured the big brother would be just as easy. No. It’s very different. After futzing with it for a week I returned it as well. I researched far and wide and decided to drop down a level and not aim for the very latest hardware. I ended up with a Thinkpad T480 with i7 quad core, Intel graphics, 2k display, 32GB memory, etc. And it was in sale for 70% off. Done. I love that little guy. It runs everything with nary a compant. I tried Ubuntu, Fedora, Pop!, Debian, and Manjaro. They all installed and ran without me having to do anything special. I was about to settle on Ubuntu even though they made some choices I didn’t like, but for a no fuss system, it’s hard to beat Ubuntu. Then i discovered Qubes. The rest is history. Futzing became my new way of life but I felt I was spending that time fruitfully. So far am happy with the choice. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c56c816e-a2e3-4675-b776-6e35effcf3c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] is dom0 based on Fedora 25?
I can’t think of anything that one would want to run in dom0 that needs Nvidia. In general, the only software that should be run from dom0 is to manage the system. If you find yourself typing something on a dom0 window that isn’t straight out of the Qubes docs. Stop and think and be sure that what you are about to do could not open an attack vector. Not probably won’t not I doubt it. Could not. This assumes you are using Qubes to provide the most secure environment you reasonably can. If you don’t care about that and just want to play with stuff, go for it. One might question the choice of Qubes to play with if that were the case... You can learn about how Linux handles drivers in general and Nvidia proprietary drivers for you Nvidia GPU in particular, by installing your favorite Linux distro and start Googling. There is a lot of material out there. I know because I read a lot of it due to dumbass problems I encountered running Linux with an Nvidia driver on a dual monitor setup. I found that Pop! OS 18.10 comes with the best GeForce support out of the box if you install their Nvidia native version. Unless you need CUDA and have a Quadro, not a gaming GPU like the GeForce or RTX line, there are few good reasons to run Linux on Nvidia. Best support is Intel embedded GPU for typical Linux use cases. My Intel Core i7 7820X doesn’t have a built in GPU and that box was built for gaming before I thought to run Linux on it, so I payed the price of wasting time getting it to work reasonably well. If I were choosing hardware for Linux, Ndidia would be the first thing to be removed from consideration (unless I was mining cryptocurrency and then I would have Quadro on the list) On Fri, Dec 28, 2018 at 8:47 AM seshu wrote: > On Thursday, December 27, 2018 at 7:15:36 PM UTC-7, John Smiley wrote: > > I have a 1080 Ti in one of my Qubes boxes and haven't had any trouble > with the out-of-the-box install with 4.0.1-rc2. This box is dual boot to > Win10 when I want to play games (it was a gaming rig before it was a Qubes > box). May I ask what you need to do that requires the Nividia driver? > > It's not that I have a specific need. As you mention, the default nouveau > driver is working fine. I'm not a gamer etc. I have noticed that when i'm > watching a streaming movie and i'm scrolling in another window it does > affect the movie that is being streamed. > > So, I'm simply trying to learn more about how drivers work, how they are > installed or handled on linux systems, etc. In the future, I may want to > have a desktop or laptop system that uses the workstation graphics cards, > as some of the work I do could benefit from that. And those cards are more > effective with proper drivers, etc. So, I'm just using this time of testing > and getting to know the release candidate qubes. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/acc21710-c847-4154-aff3-583ccc5b774e%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAMCsksGm5UZCdxoCwaN%2Bkf5vAO_2TE_YiL6iDrvPgK0UP9Ku9w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
Sorry, you are woefully misinformed. I have been on the design teams for two well known clouds. You can disprove your assertion with a simple test. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d15ce8ed-e5ec-49e3-81d6-b6b4a2847e00%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Using fedora-29-minimal as template for sys-net / sys-firewall / sys-usb
I just moved to fedora-29(due to update issues with 28), full version and everything seems to be working fine. A while back I had issues with wifi connecting and used the following command in my fedora template: sudo apt install firmware-iwlwifi sudo apt update && sudo apt upgrade My wifi then worked... CAUTION: I am by no means an expert, more of a hack so do some research before trying! Good luck... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58bb7b6a-029c-4f6a-a3ed-e433f4f40e2c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: default-mgmt-dvm no longer hidden
Strange but I just noticed default-mgmt-dvm for the first time? After noticing this I noticed that one of my less trusted templates was being used as the template for default-mgmt-dvm. In this less trusted template I had browser add-ons, libre office, print drivers in addition to other less trusted software. I changed the template to one I trust more... I found another article after a search: https://www.qubes-os.org/doc/salt/ I haven't used salt for any configurations (I believe when I installed whonix-14 it was prior to "default-mgmt-dvm" being visible), however I have done numerous updates on my templates and Dom0. What are the implications? What mistakes did I make? Thank you to any one with insight they are willing to share... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3048b179-e6b2-4e2b-a563-1eaf5c7e21ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Using fedora-29-minimal as template for sys-net / sys-firewall / sys-usb
Additional note which might be important: The sys-net VM which is based on the fedora-29 template I have built can connect to the internet (I tried ping and also using the CLI-browser w3m). The sys-firewall VM is unable to connect to the internet, when using sys-net as Net-VM. If I choose my fedora-28 sys-vḿ-template for sys-net and sys-firewall everything is fine. This means that I am missing something in the new fedora-29 sys-template which is likely not covered by the qubes docs. - O On Friday, 28 December 2018 21:54:49 UTC+1, 799 wrote: > Hello, > > > I'm still trying to migrate my sys-* VMs to a fedora-29 template which is > based on fedora-29-minimal. > I had run through all steps I have done, when building my sys-template whoch > was based on a fedora-28-minimal template. > > > Unfortunately my app-vms which are using the sys-firewall as net-vm are > unable to connect to the web, even when the sys-vm themself can connect to > the internet. > > > Any idea what I am missing? > > > This are the steps I#m using to build a sys-vm-template: > > > fedora29 > qvm-clone fedora-29-minimal > t-fedora-29-sys > qvm-run --auto --user root t-fedora-29-sys "xterm -hold -e 'dnf -y install > qubes-core-agent-qrexec qubes-core-agent-systemd qubes-core-agent-networking > polkit > qubes-core-agent-network-manager notification-daemon > qubes-core-agent-dom0-updates qubes-usb-proxy network-manager-applet > NetworkManager-wwan NetworkManager-wifi iwl6000g2a-firmware > qubes-input-proxy-sender '" > > > qvm-shutdown --all --wait --timeout 120 > > > qvm-prefs --set sys-usb template t-fedora-29-sys > qvm-prefs --set sys-net template t-fedora-29-sys > qvm-prefs --set sys-firewall template t-fedora-29-sys > > > qvm-start sys-firewall > > > > kind regards > > > - O. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/177eddc0-5ee2-42bc-8a3c-08661fd83513%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Using fedora-29-minimal as template for sys-net / sys-firewall / sys-usb
Hello, I'm still tryinh to migrate my sys-* VMs to a fedora-29 template which is based on fedora-29-minimal. I had run through all steps I have done, when building my sys-template whoch was based on a fedora-28-minimal template. Unfortunately my app-vms which are using the sys-firewall as net-vm are unable to connect to the web, even when the sys-vm themself can connect to the internet. Any idea what I am missing? This are the steps I#m using to build a sys-vm-template: fedora29 qvm-clone fedora-29-minimal t-fedora-29-sys qvm-run --auto --user root t-fedora-29-sys "xterm -hold -e 'dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd qubes-core-agent-networking polkit qubes-core-agent-network-manager notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy network-manager-applet NetworkManager-wwan NetworkManager-wifi iwl6000g2a-firmware qubes-input-proxy-sender '" qvm-shutdown --all --wait --timeout 120 qvm-prefs --set sys-usb template t-fedora-29-sys qvm-prefs --set sys-net template t-fedora-29-sys qvm-prefs --set sys-firewall template t-fedora-29-sys qvm-start sys-firewall kind regards - O. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2svrRHQnBhw4dMhWeiLcBwvPFyZZ34aABYYKMCt-sCV%2Bw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Installing Chrome
Hello, On Thursday, September 29, 2016 at 6:09:43 PM UTC-7, Ted Brenner wrote: > [...] > > There are two programs I'd like to install to make Qubes more usable. > > First, I'd like to install Chrome. Second, I'd like to install Flash > > (though maybe I won't need that if I'm using Chrome?). > [...] > The installation of chrome is covered in a qubes doc which I wrote to build a multimedia appvm template: https://www.qubes-os.org/doc/multimedia/ - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2u1WUt_DZ1DLNQq9FdRFFo3Af9bML1GGN%2BSNxBWd4gROA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] xsel via qrexec fails to set clipboard, "conversion refused"
I've written a qrexec script which, among other things, attempts to place something into the clipboard, using `xsel`. xsel fails, with error: "xsel: Conversion refused" Attempting to troubleshoot, I've learned that `xsel -o` can show the contents of the clipboard, but `xsel` fails to set the clipboard. Both `xsel -v` and `xsel -b -v` fail with the "conversion refused" messages. `xsel` works fine when I run it from a terminal. The error occurs only when running via qrexec. For some context, if you're interested... I recently became aware of a password manager with some interesting features: https://github.com/renatoathaydes/go-hash. I'd like to modify it, so that it both opens a URL in a VM, and places a password in that VM's clipboard. I've got most of that working, except that I can't get the password into the clipboard, because xsel fails with "conversion refused". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d916f1f7-b108-4976-b6b8-0e381c34904b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] is dom0 based on Fedora 25?
On Thursday, December 27, 2018 at 7:15:36 PM UTC-7, John Smiley wrote: > I have a 1080 Ti in one of my Qubes boxes and haven't had any trouble with > the out-of-the-box install with 4.0.1-rc2. This box is dual boot to Win10 > when I want to play games (it was a gaming rig before it was a Qubes box). > May I ask what you need to do that requires the Nividia driver? It's not that I have a specific need. As you mention, the default nouveau driver is working fine. I'm not a gamer etc. I have noticed that when i'm watching a streaming movie and i'm scrolling in another window it does affect the movie that is being streamed. So, I'm simply trying to learn more about how drivers work, how they are installed or handled on linux systems, etc. In the future, I may want to have a desktop or laptop system that uses the workstation graphics cards, as some of the work I do could benefit from that. And those cards are more effective with proper drivers, etc. So, I'm just using this time of testing and getting to know the release candidate qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/acc21710-c847-4154-aff3-583ccc5b774e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Still a little fuzzy on how a qube uses the default dispvm setting
On Thu, Dec 27, 2018 at 06:05:42PM -0800, John Smiley wrote: > I re-read all of the docs on this topic and I think this setting determines > which dvm is used when the qube asks to open a document or run a program in a > dvm unless it specifies a specific dvm. > > So the dvm given by this pref would by used by the Qube's File application > when you select a file and choose edit or view in DisposableVM from the menu. > > It would also be used when opening a file via the qube's command line with > qvm-open-in-dvm or running a program with qvm-run. > > Is this correct? Yes. > > Did I leave anything out? > Only that it's possible to override this from within the qube, by specifying an alternative for particular applications, using qvm-open-in-vm '$dispvm:. One can, for example set this in .mailcap or in defaults file if the change is to be permanent. > Are there any restrictions on which dvms can be used from a given domain? For > example, is it valid to have a fedora-28-dvm as the default dispvm for a > fedora-29 domain? Not that you would typically need to do that, but is there > any reason it would not work assuming the fedora-28-dvm had the necessary > software installed? > No - you can set as you like. > What led me to this question was cloning the provided fedora-29 templateVM to > fedora-29-test-1, installing google-chrome-stable in the clone, and creating > a new qube vm from the new template. The new qube still uses the original > fedora-29-dvm domain for its default dispvm. It seems to work fine for > viewing and editing documents in a dvm. both from the command line with > qvm-open-in dvm and from Nautilus, but abends with "Service call error: > Request refused" (ex: qvm-run --dispvm fedora-29-dvm terminal) or does > nothing when I attempt to use qvm-run. > > Do I need to create a new dvm from a domain based on the new fedora-29-test-1 > template and assign that to qubes as their default dispvm for qubes based on > the same template? > > What is SOP wrt dvms when you create a new template and qubes based on that > template? Qubes are created using the global default_dispvm, (set in qubes-prefs), not the dispvm set for the Template. You can override this on creation with qvm-create or update the setting using qvm-prefs. You dont *need* to create a new dvmTemplate, but you can do so if you wish. Remember that you can use any qube as a dvmTemplate, so you can configure a qube, clone it and set netvm none, and have one online and one offline. Then you can use these as dvmTemplates to have online and offline disposableVMs, called as you wish. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181228115105.vkxhyiyt5elpqrty%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
Poor gaming performance in a VM is a myth. This may have been true several years ago however it is no longer true with KVM. XEN needs to step up their game. Here are two videos that will show you what I am referring too. https://www.youtube.com/watch?v=FvcxPufSRNo https://www.youtube.com/watch?v=Ww2xpxkhitk=229s -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/212d93a6-f810-44b3-88b8-ac48a79a5ef1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
