Re: [qubes-users] Re: How much inital and max memory for sys and template VMs?
On Wed, Jun 28, 2017 at 05:22:33AM -0700, jakis2...@gmail.com wrote: > Additionally my personal Debian VM is using its Max 3gb also also and only > running Firefox Does this mean that your VMs are working now? You mentioned just earlier how you couldn't get any VM to start, just wanted to check back on your progress. :-) -- noor |_|O|_| |_|_|O| Noor Christensen |O|O|O| n...@fripost.org ~ 0x401DA1E0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629062435.xsjdub74po7ie5sm%40mail. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Error Starting VM- Insuffecient Memory- Already tried the info in docs
On Wed, Jun 28, 2017 at 03:28:58AM -0700, jakis2...@gmail.com wrote: > Ive followed the info at qubes-os.org/doc/out-of-memory/ and nothing > helps there. Everything showed fine with plenty of room. > > I took it a step further today to see if the ram was an issue at all > and upgraded my ram to have 12gb now. Same error. > > Any ideas on this and what the best VM settings should be for what I > have? What's your current settings for CPU and memory limits on this VM? -- noor |_|O|_| |_|_|O| Noor Christensen |O|O|O| n...@fripost.org ~ 0x401DA1E0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629062303.ez6glb7enxlyrz7v%40mail. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] switch to integrated Intel graphic
Hmm, HD graphics 2000 looks like old Sandy Bridge, so preliminary HW support should not have any effect in theory. Also, installing a new kernel is not much likely to help (it would be if you had a recent GPU that is too new for the kernel), but you might try it. Eva, what does «sudo rmmod i915» do? If it proceeds, then the driver doesn't recognize the GPU. If it doesn't, then the driver recognizes GPU, but there is something wrong with config or with the driver. You might also try checking if the same issue happens in Fedora 23. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8639be52-599f-4c26-9d18-7e5897a651ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Re: Re: Request for feedback: 4.9 Kernel
On Thursday, June 29, 2017 at 10:10:43 PM UTC+2, Reg Tiangha wrote: > On 06/29/2017 04:59 AM, > 0spinbo...@gmail.com wrote: > > fyi: this kernel built as-is will cause kernel panics on (some, common) > > Ryzen motherboards. Issue is described here among other places: > > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1671360 > > This happens as soon as config_pinctrl_amd is set to 'm' in the build > > config. Un-setting it should evade the issue (as I've not yet seen a proper > > fix for it). > > > > I've now disabled it in my branch. But reading through the thread, they > say it's been fixed but I can't figure out what part in their changelog > addresses it. Did they merely disable the kernel option as well, or was > there an actual patch? Latest 4.9 version is now 4.9.35 and there > doesn't seem to be anything obvious in the .34 and .35 changlogs that I > can see that addresses it either. But then again, maybe I don't know > what I'm looking for. I couldn't tell either, other than that they seem to have moved to a newer branch. Very messy bug thread, to be sure. The option seems to be disabled in some distro-shipped kernels (such as f26, iirc), so not everyone runs into it either, which made it seem distro-specific. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b2fede2-e649-4cd0-a2ee-100bed519219%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is it possible to change sys-net's network class in case of collisions with VPN networks?
On Thursday, June 29, 2017 at 11:49:39 AM UTC-4, Chris Laprise wrote: > On 06/28/2017 02:05 PM, Dominique St-Pierre Boucher wrote: > > On Wednesday, June 28, 2017 at 12:10:44 PM UTC-4, peterw...@gmail.com wrote: > >> Hi I have a VPN which uses 10.0.0.0/8 this makes collisions with all the > >> subnets that sys-net uses, I was wondering if I could switch out the > >> networks and use a class B network instead. > >> > >> Let me know if this info is not sufficient, I am going home from work so > >> I'm in a hurry :P > >> > >> Thanks for your time. > >> > >> Best regards, > >> Petur. > > > > I am also interested by this request. I have no idea how to change this! > > > > Dominique > > > > Seems the definition of a /8 block could be the cause; this looks sloppy > on the part of the VPN service provider. > > You could monitor the logs of your VPN client to see what ip/route > commands are being pushed down (assuming a protocol similar to openvpn) > and then add an override to the local config that uses a more specific > block like /16. But you have to consider if there are many (addressable > to you) hosts on that VPN net and if their effective host addresses > range beyond 16 bits; there probably aren't but if so then this solution > may not work. > > -- > > Chris Laprise, tas...@openmailbox.org > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 Hi Chris, I work for a big company and the use 10.0.0.0/8 for the internal network. Multiple Site with all 10.x.0.0/16 network. Impossible to have that changed. All I want, is to change the base IP adressing scheme for the Qubes VM! Thanks Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13b977bf-4f98-43f8-9ef0-18148b04f083%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/28/2017 05:17 PM, yreb-qusw wrote: On 06/28/2017 04:03 PM, cooloutac wrote: so you would put hd0,X X= 1 2 or 3 etc... you said it was 200mb right so just look for something around that in kb's. probably the smallest partition it should say file type too no? ntfs. well since I haven't a clue which one it may be, I suspect I will ruin both systems qubes and win10 msdos3 seems to be the smallest, would the boot partition be on msdos3 ? doesn't seem right, I thought boot partitions were usually the 1st partition, it also says it is NOT NTFS it is ext3 should fdisk not work at the grub> prompt ? Whoops I forgot to "cc the list" in the off chance, I could get some more support. Is there any other place for support maybe on one of the IRC channels, do folks really ask and answer timely questions there ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c90bedb4-e8ee-870d-c751-b6ae16b84a21%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How can I test that my AEM configuration is correct?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 29, 2017 at 03:30:38PM +, Rusty Bird wrote: > loke...@gmail.com: > > Yesterday, I installed a new dom0 update which included an updated > > kernel package. I was expecting to see an AEM error when I rebooted, > > but that never happened. > > I'm guessing you've installed anti-evil-maid v3.0.4? You could retry > with v3.0.5 from the dom0 current-testing repository, which runs a > sanity check on your PCR values. See the README in case this check > fails. > > CCing Marek - should v3.0.5 be migrated to current? Oh, it isn't listed in updates-status[1], so I completely forgot. Probably it was uploaded to testing before introducing that system. Of course it should be migrated to current, will do. [1] https://github.com/QubesOS/updates-status/issues - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZVWA9AAoJENuP0xzK19csm2kH/1K1MaoE9o+X44HrOZdJuiIQ dLqv2dK2Bjm1TtaIEaJP+gQ6BUK14xlshFoyVodf3U40BpPXwcRo93MO4+MacJMP 9VOWnOYHRY1nk96Odk0qtGAUe+2N5P/mg3FwSUHXVoCtIHGFMOEx0pvOSMz7SYXn rRGv6p2dE8MSiym1A1gGXg18oewij1j0xuo41WvA1gjhPgKd3B/AR34XNjIRKzLj 640PLuO7QYBzsejdJxHbZrmadvtpAEvWlz1JEI9biXosW2ToOA/6QRfjYco2T493 wqmm0e7NygMsGtio/mJGgdT1x1a1aHtwi+JR8PSOSxC67/C66MSpBxibhUodJeQ= =cgrc -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629201701.GB1095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying between VMs from dom0
On 06/29/2017 02:11 PM, Vít Šesták wrote: I feel this to be controversial. It is right as long as you implement it carefully (How would you handle the separator being present in the content of the file? How would you sanitize the filenames? And so on…) AND you don't exceed the complexity of tar format. Regards, Vít Šesták 'v6ak' A lot is implied once you're parsing on the receiving end. Can't be avoided. Have to decide whether that "a lot" is better than tar's level of complexity. But I think its manageable; qvm-copy isn't too complex after all. I think it passes the file size along with filename. That will nail-down the separator issue, for example. Being aware of file syntax (special purpose application) can help. At the end of the day, maybe its better to trust tar, or not consider dest VM security important, or re-use qvm-copy code for a utility that works in a dom0-initiated mode. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba72fb7c-8a10-7fb8-21b4-fc5d3815ae74%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying between VMs from dom0
I feel this to be controversial. It is right as long as you implement it carefully (How would you handle the separator being present in the content of the file? How would you sanitize the filenames? And so on…) AND you don't exceed the complexity of tar format. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e936f907-412f-4a88-87d9-f92fae091303%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Re: Re: Request for feedback: 4.9 Kernel
On 06/29/2017 04:59 AM, 0spinbo...@gmail.com wrote: > fyi: this kernel built as-is will cause kernel panics on (some, common) Ryzen > motherboards. Issue is described here among other places: > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1671360 > This happens as soon as config_pinctrl_amd is set to 'm' in the build config. > Un-setting it should evade the issue (as I've not yet seen a proper fix for > it). > I've now disabled it in my branch. But reading through the thread, they say it's been fixed but I can't figure out what part in their changelog addresses it. Did they merely disable the kernel option as well, or was there an actual patch? Latest 4.9 version is now 4.9.35 and there doesn't seem to be anything obvious in the .34 and .35 changlogs that I can see that addresses it either. But then again, maybe I don't know what I'm looking for. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oj3mrb%24gv%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How do I use a USB joystick?
Hi everyone, I'm running Qubes 3.2 and I'd like to use a USB joystick (Playstation 3 controller) for games, but I'm not sure how. When I connect the controller to my USB port, Qubes doesn't seem to recognize it at all. I don't see a way to "attach" it to an AppVM (not a block device or PCI device), and apps like joystick config and emulators don't recognize that it's there. Is there something special I'm supposed to do for a USB joystick? My USB keyboard and mouse work fine. (I'm using a desktop computer with no PS/2 ports and only one USB controller, so my understanding is that I can't make a USB qube.) Any help would be greatly appreciated! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/96a9f9de-ed99-c70d-7dcf-e9359141a39d%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to perform dom0 updates with AEM and USBVM
... bump ... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/be98b3f7-e631-49f1-9040-ec5545f3e454%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes dom0 display issues: The default resolution is stuck at 800 x 600
Hi, Yep, I tried changing the resolution in the desktop environment, but it only showed the 800x480 resolution, I couldn't add a new resolution. And secondly, because I am running this on a laptop, I cannot disable the dedicated GPU. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/baac7794-a637-4b6e-b27f-f4e4fcb16d1c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora 24 will EOL on 2017-08-08. Are F25/26 Templates ready?
The latest Fedora template, 24, in the repo will EOL soon on 2017-08-08. Are templates with newer Fedora Versions ready? If not, what is missing? Maybe I can help porting whatever. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/803a62c7-ecb8-6540-3168-1e6f0a4fc815%40gheddo.biz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Ubuntu Template
On Wed, Jun 28, 2017 at 10:20:49PM -0700, Michael MENG wrote: > Thank you so much for help, Unman, can you please give me step, i dont know > how to export PATH, because i am very new in linux and qubes. > The PR has been merged, so you just need to 'git pull' and 'make get-sources' before you try another build. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629225923.osp77ywczvxumw3h%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying between VMs from dom0
On Thursday, June 29, 2017 at 2:11:15 PM UTC-4, Vít Šesták wrote: > I feel this to be controversial. It is right as long as you implement it > carefully (How would you handle the separator being present in the content of > the file? How would you sanitize the filenames? And so on…) AND you don't > exceed the complexity of tar format. > > Regards, > Vít Šesták 'v6ak' For my uses, I would trust tar over my own ability to handle the sanitization. As for potential compromise to the destination VM - all qvm-copy-to-vm should be done moving down the ladder of trustworthiness anyway, right? If this file were going to compromise the destination VM, then presumably it's come from a VM that is not trustworthy to begin with. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/822e10f6-8250-4280-9bbb-7bc829bf63e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is it possible to change sys-net's network class in case of collisions with VPN networks?
On Wed, Jun 28, 2017 at 11:05:58AM -0700, Dominique St-Pierre Boucher wrote: > On Wednesday, June 28, 2017 at 12:10:44 PM UTC-4, peterw...@gmail.com wrote: > > Hi I have a VPN which uses 10.0.0.0/8 this makes collisions with all the > > subnets that sys-net uses, I was wondering if I could switch out the > > networks and use a class B network instead. > > > > Let me know if this info is not sufficient, I am going home from work so > > I'm in a hurry :P > > > > Thanks for your time. > > > > Best regards, > > Petur. > > I am also interested by this request. I have no idea how to change this! > > Dominique > I had started on the basis that Qubes provides a classic internet-inna-box, and hacked about with SNAT. But there's a far simpler solution. First, take a backup of /usr/lib64/python2.7/site-packages/qubes/ - just copy that directory somewhere safe. Second, take a backup of /usr/lib64/python2.7/site-packages/qubes/ - Shutdown all running network connected qubes. Look in /usr/lib64/python2.7/site-packages/qubes/modules - delete 005QubesNetVm.pyc and 005QubesNetVm.pyc edit 005QubesNetVm.py and change every occurrence of 10.137 to 172.16 save the file. Restart sys-net, and any network connected qubes, as usual. Job done. NB, this isn't perfect because it doesn't correctly set the proxy service IP. If you use the default Qubes proxy you'll have to adjust iptables to get it working properly. Also, you'll see that disposableVMs have a different range - I don't use that at all, and have custom scripts to spawn disposableVMs attached to different routes. Should be trivial to work round that if you do something different. Both are, as they say, left as an exercise for the reader. This is, of course a hack, not supported, and undoubtedly breaks your warranty. If it all goes horribly wrong, shutdown all qubes, restore the original files from your backup and restart the network. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629225147.ziy4fupwzaqlqae6%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How can I test that my AEM configuration is correct?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 loke...@gmail.com: > Yesterday, I installed a new dom0 update which included an updated > kernel package. I was expecting to see an AEM error when I rebooted, > but that never happened. I'm guessing you've installed anti-evil-maid v3.0.4? You could retry with v3.0.5 from the dom0 current-testing repository, which runs a sanity check on your PCR values. See the README in case this check fails. CCing Marek - should v3.0.5 be migrated to current? Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJZVR0eXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfyf4P/RTVJv4W7ygfjdimQVEvk5T6 BKO115f/WbdPCOE46odIT6W199gPg6Op66HKm5lZb+yfx9qGFZH72yntQHfLp+OF tk9GSU6SoicyPTZ26cImvF1k9cku++QNrNqABUjXelzMypa6RT8jfqIby973YMm7 xKRYgLqVNSWqN9t881F/1ZeHPJy57EtijAqBpA9ZEou4LS7P1+vcuvDelP0XnlsU Fp4X/I/tkupU0KXZF2F0XUUL+PFLc/IidVjgfkpiafkXDCeTdU7trg+jFGnnvlw7 I9iKxVXEaei7hTi7pwLPnr4Q86thTNsq6X1CHxl/ty1J/0TPcFv4K92uBCQQA7rq DbUQq1EdFjiD+JLNDP6eLVEVaQPYXaZWRBMS7laUUzG0FXIssFAf/TqnQzA4B3hn 3KoB8Q+373A0OZYL4ki6LdY17prk5P4+5cw09x7qfH/qrldA1iCpVWDsQUV4HpAs yA/+wVFDZ3eilAqACYrbM9BUa3IfdOBBvdR83ovdFBwSWqNvTTz45aghXxInTAz9 I+6ljQczoW83vl7WWh6Jp+InNpC3g2rAxx02cKMBQhYWJ70WFW0ayLE3jHV3wTCh rBXiXszC6cjsuAMm2pEAIC6hsYPK9w16EXLtW9Vzz+80K7hZEKflmSugWNg2blzr mf3jQXmaMD8LI/DtHPds =4fb8 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629153038.GA12491%40mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Rules for when "Update VM" is an active menu item
I updated the fedora 23 template with changes to the hosts /etc/file, and I noticed that all other VMs that used that template had the update flag set. That makes perfect sense. So when I was done I shutdown the template VM and now the Update VM item is grayed out in the dom0 menu. Restarting the fedora 23 template or any of the VMs that use it in any order or combination does not allow me to update the VMs that use that template. I made sure all VMs that use that template were shutdown. In fact the only VM running is dom0. What is the correct procedure for updating the hosts file for all VMs dependent on fedora 23 (what is the rule for when the 'Update VM' menu is active)? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9f34b84-9444-4a7a-bc4c-a9483e78a556%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is it possible to change sys-net's network class in case of collisions with VPN networks?
On 06/28/2017 02:05 PM, Dominique St-Pierre Boucher wrote: On Wednesday, June 28, 2017 at 12:10:44 PM UTC-4, peterw...@gmail.com wrote: Hi I have a VPN which uses 10.0.0.0/8 this makes collisions with all the subnets that sys-net uses, I was wondering if I could switch out the networks and use a class B network instead. Let me know if this info is not sufficient, I am going home from work so I'm in a hurry :P Thanks for your time. Best regards, Petur. I am also interested by this request. I have no idea how to change this! Dominique Seems the definition of a /8 block could be the cause; this looks sloppy on the part of the VPN service provider. You could monitor the logs of your VPN client to see what ip/route commands are being pushed down (assuming a protocol similar to openvpn) and then add an override to the local config that uses a more specific block like /16. But you have to consider if there are many (addressable to you) hosts on that VPN net and if their effective host addresses range beyond 16 bits; there probably aren't but if so then this solution may not work. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/018189b1-84a1-e8cb-9c88-cbafea3643a8%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/29/2017 04:57 AM, Chris Laprise wrote: > I noticed this, too. So reverting a dispVM's template back to 4.4 > should fix it? Yes - but this is a general kernel changing issue, not related to any specific kernel version. Workaround: After changing the kernel, you need to regenerate DispVM savefile. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZVKz/AAoJEH7adOMCkunmqjgP/0mTXBtVPu+5aKUBp8PeK+Uu qDopO/xn1r9gacDaddXQjoB8GYZwtM6W7Idr11AlvKaNVytbDJquZNY+EKmcPBdC HYjRCpPHRA2UPODznOKl9TDn3i7AUJ9hxCwql7UvQ3aMntHERzI5/gRTOVjfr7+r cavMAB/ujl1Iy3pYwH4PCoI2hZgWZC4MVUcGltVldWTNfAh5Mgv/SjiS/LOcztmY ycfUssHM2J1NJEqE7FbAtXJutEGmyB00mam1oIEcXbhC6ASGitdK1Ahaxc/KXt4P c5fzuh3ekxrEVNxM9NwXHd0GQGByg/RvySgnflSGfvx993UC486LrCTY4m0OEOiI IpVniXbLn20l7A0ZQf+tF3fvB8ou+G2D7A2Tdv5wx1miV9hGZT0Uz3nUHnVg21U1 CEFICLRf37hEg1UTz5b2QUngJ5KMSSysWSA93ck+FiMYFbSe3V2cnyVQmrykidwV dSedWu81amVHulX+nYv0lUIU9+RvvT7u+xm2Itm19kJixkqUaJQ6e8n54L+F69EE fh0Y5Y3E/BynqGFUhIU/Ph/bgRdWLg3n8pxlBv7Oq4RgDS4a2Lh/Pu/L6MoU6lXJ PfZDoXdOBo36rT+kymtHXrDtILCEEMz4JvAt0h1zqjXU+TZBHReT8Z9smdqtWkrO 2eg82sIDSmsPrczFl1iy =ZBm4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21fc2088-acb5-e2b8-a35c-7d290397cdf6%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] switch to integrated Intel graphic
On Wed, Jun 28, 2017 at 11:18:01PM -0700, Vít Šesták wrote: > Hmm, HD graphics 2000 looks like old Sandy Bridge, so preliminary HW > support should not have any effect in theory. Also, installing a new > kernel is not much likely to help (it would be if you had a recent GPU > that is too new for the kernel), but you might try it. Thanks for the info! > Eva, what does «sudo rmmod i915» do? If it proceeds, then the driver > doesn't recognize the GPU. If it doesn't, then the driver recognizes > GPU, but there is something wrong with config or with the driver. > > You might also try checking if the same issue happens in Fedora 23. Additionally, you might want to check the X.org logs on dom0 for any messages from the intel driver (which you should be using by default unless you have changed the X.org config): $ grep -i intel /var/log/Xorg.0.log I have attached the output from my X.org log file if you need a baseline to compare against. -- noor |_|O|_| |_|_|O| Noor Christensen |O|O|O| n...@fripost.org ~ 0x401DA1E0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170629063953.q745wxc677xevf5f%40mail. For more options, visit https://groups.google.com/d/optout. [73.732] (**) | |-->Device "Intel HD 3000" [73.746] (II) LoadModule: "intel" [73.747] (II) Loading /usr/lib64/xorg/modules/drivers/intel_drv.so [73.752] (II) Module intel: vendor="X.Org Foundation" [73.752] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets: [73.752] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000 [73.752] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100 [73.752] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: 5200, 6200, P6300 [73.754] (II) intel(0): Using Kernel Mode Setting driver: i915, version 1.6.0 20151010 [73.755] (--) intel(0): Integrated Graphics Chipset: Intel(R) HD Graphics 3000 [73.755] (--) intel(0): CPU: x86-64, sse2, sse3, ssse3, sse4.1, sse4.2, avx; using a maximum of 2 threads [73.755] (II) intel(0): Creating default Display subsection in Screen section [73.755] (==) intel(0): Depth 24, (--) framebuffer bpp 32 [73.755] (==) intel(0): RGB weight 888 [73.755] (==) intel(0): Default visual is TrueColor [73.756] (II) intel(0): Output LVDS1 using monitor section LCD [73.756] (**) intel(0): Option "PreferredMode" "1366x768" [73.756] (**) intel(0): Option "Enable" "true" [73.768] (--) intel(0): Found backlight control interface acpi_video0 (type 'firmware') for output LVDS1 [73.768] (II) intel(0): Enabled output LVDS1 [73.768] (II) intel(0): Output VGA1 using monitor section VGA [73.768] (**) intel(0): Option "PreferredMode" "1680x1050" [73.768] (**) intel(0): Option "RightOf" "LCD" [73.768] (II) intel(0): Enabled output VGA1 [73.768] (II) intel(0): Output HDMI1 has no monitor section [73.768] (II) intel(0): Enabled output HDMI1 [73.768] (II) intel(0): Output DP1 has no monitor section [73.768] (II) intel(0): Enabled output DP1 [73.768] (II) intel(0): Output HDMI2 has no monitor section [73.768] (II) intel(0): Enabled output HDMI2 [73.768] (II) intel(0): Output HDMI3 has no monitor section [73.768] (II) intel(0): Enabled output HDMI3 [73.768] (II) intel(0): Output DP2 has no monitor section [73.768] (II) intel(0): Enabled output DP2 [73.768] (II) intel(0): Output DP3 has no monitor section [73.768] (II) intel(0): Enabled output DP3 [73.768] (--) intel(0): Using a maximum size of 256x256 for hardware cursors [73.768] (II) intel(0): Output VIRTUAL1 has no monitor section [73.768] (II) intel(0): Enabled output VIRTUAL1 [73.768] (II) intel(0): EDID for output LVDS1 [73.768] (II) intel(0): Manufacturer: LGD Model: 2d3 Serial#: 0 [73.768] (II) intel(0): Year: 2011 Week: 0 [73.768] (II) intel(0): EDID Version: 1.3 [73.768] (II) intel(0): Digital Display Input [73.768] (II) intel(0): Max Image Size [cm]: horiz.: 28 vert.: 16 [73.768] (II) intel(0): Gamma: 2.20 [73.768] (II) intel(0): DPMS capabilities: StandBy Suspend Off [73.768] (II) intel(0): Supported color encodings: RGB 4:4:4 YCrCb 4:4:4 [73.769] (II) intel(0): First detailed timing is preferred mode [73.769] (II) intel(0): redX: 0.586 redY: 0.345 greenX: 0.340 greenY: 0.559 [73.769] (II) intel(0): blueX: 0.158 blueY: 0.127 whiteX: 0.313 whiteY: 0.329 [73.769] (II) intel(0): Manufacturer's mask: 0 [73.769] (II) intel(0): Supported detailed timing: [73.769] (II) intel(0): clock: 74.8 MHz Image Size: 277 x 156 mm [73.769] (II)
[qubes-users] Get vps free - mine bitcoin free: 100 USD/day
100 usd/day - Bruteforce VPS and mine bitcoin with VICUMI 1.0 - Too easy to earn 100 usd/day! https://www.youtube.com/watch?v=iaR6rhrrgHQ https://drive.google.com/open?id=0B9cNZ8crZh57aFIzMG13R0xHT3M -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2869478d-2f43-42d0-9f50-5d22956b2f39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How can I test that my AEM configuration is correct?
I enabled AEM some time ago, and so far it's worked the way I'd expect it to. Based on what I have read here, I came to the understanding that after upgrading the dom0 kernel I'd get an AEM error when I reboot the machine, since the kernel is different from the last boot. Yesterday, I installed a new dom0 update which included an updated kernel package. I was expecting to see an AEM error when I rebooted, but that never happened. This suggests to me that my AEM configuration is incorrect. Is there a way I can test whether it works or not? Perhaps my manipulating something in the boot process that would trigger an AEM failure? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a6ad28c-081d-4294-a4f6-49204e7ccae2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
fyi: this kernel built as-is will cause kernel panics on (some, common) Ryzen motherboards. Issue is described here among other places: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1671360 This happens as soon as config_pinctrl_amd is set to 'm' in the build config. Un-setting it should evade the issue (as I've not yet seen a proper fix for it). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c97c7d2-5199-451a-99e9-ca9fea95ae71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying between VMs from dom0
On 06/29/2017 09:09 AM, wordswithn...@gmail.com wrote: On Wednesday, June 28, 2017 at 4:21:36 PM UTC-4, Chris Laprise wrote: On 06/28/2017 12:19 PM, wordswithn...@gmail.com wrote: Thanks, and point taken on not focusing on security implications. I found a thread from last year where some third-party devs are concerned about the implications of letting qvm-run -p run wild: https://github.com/SietsevanderMolen/i3-qubes/issues/15 It's a good idea, but I think I'm looking for a more secure solution - if it's out there. IIUC, having dom0 parse the file list is whats worrying you? Otherwise, passing data through dom0 (no parsing) should be considered secure. You can have dom0 pipe between machines like so: qvm-run -p sys-net "tar -cf - /etc/NetworkManager/system-connections" | qvm-run -p sys-net-profiles "tar -xf -" This entails a small amount of risk to the profiles VM (because tar file is parsed there), but not to dom0. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 So in this case, sys-net could return whatever malicious file it desired, it would be passed through dom0 one character at a time without absolutely no interpretation, ending up at the destination VM? Or would dom0 collect the entire text of the file, and then pipe it in one piece to the destination VM? Transfer through pipe is done by character or block, so no expansion or parsing in dom0 in this case. Another idea is to cat all the files together in a single file with a special separator like ' filename' between them. Then you can pipe them without tar and use a text sanitizer on the receiving VM before separating them. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d55f5cd1-9df5-1c8d-5c15-f771f159498d%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How can I test that my AEM configuration is correct?
On 06/29/2017 06:47 AM, loke...@gmail.com wrote: I enabled AEM some time ago, and so far it's worked the way I'd expect it to. Based on what I have read here, I came to the understanding that after upgrading the dom0 kernel I'd get an AEM error when I reboot the machine, since the kernel is different from the last boot. Yesterday, I installed a new dom0 update which included an updated kernel package. I was expecting to see an AEM error when I rebooted, but that never happened. This suggests to me that my AEM configuration is incorrect. Is there a way I can test whether it works or not? Perhaps my manipulating something in the boot process that would trigger an AEM failure? Its a little unsettling, but AEM doesn't display an error message when this happens. There is simply a lack of your verification phrase and (be careful) an opportunity to unlock your HD which leads to re-sealing with the new config. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc1d1032-7159-8a78-4955-056760b47e06%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying between VMs from dom0
On Thursday, June 29, 2017 at 1:26:57 AM UTC-4, Vít Šesták wrote: > It might be pointless to consider risks of passing result of qvm-run -p to > dom0 Bash expansion when you have path traversal in the first place. When > command «ls > /etc/NetworkManager/system-connections/» in sys-net returns paths like > “../.bashrc ../../.bashrc ../../../.bashrc” and the cat command returns some > arbitrary shell commands, you are close to be totally compromised by a > malicious sys-net. > > Regards, > Vít Šesták 'v6ak' Thanks, you identified the problem more precisely than I would know how to. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f4b6782-3320-4d14-831c-ee35425ea00d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying between VMs from dom0
On Wednesday, June 28, 2017 at 4:21:36 PM UTC-4, Chris Laprise wrote: > On 06/28/2017 12:19 PM, wordswithn...@gmail.com wrote: > > Thanks, and point taken on not focusing on security implications. > > > > I found a thread from last year where some third-party devs are concerned > > about the implications of letting qvm-run -p run wild: > > > > https://github.com/SietsevanderMolen/i3-qubes/issues/15 > > > > It's a good idea, but I think I'm looking for a more secure solution - if > > it's out there. > > > > IIUC, having dom0 parse the file list is whats worrying you? Otherwise, > passing data through dom0 (no parsing) should be considered secure. > > You can have dom0 pipe between machines like so: > qvm-run -p sys-net "tar -cf - /etc/NetworkManager/system-connections" | > qvm-run -p sys-net-profiles "tar -xf -" > > This entails a small amount of risk to the profiles VM (because tar file > is parsed there), but not to dom0. > > -- > > Chris Laprise, tas...@openmailbox.org > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 So in this case, sys-net could return whatever malicious file it desired, it would be passed through dom0 one character at a time without absolutely no interpretation, ending up at the destination VM? Or would dom0 collect the entire text of the file, and then pipe it in one piece to the destination VM? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61e35a4f-70be-4fd9-b53b-42a1cccfecf5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How can I test that my AEM configuration is correct?
Thanks for the reply. The funny thing is that I did see my secret message. That's why I thought it was so weird. That's why I asked for a way to force a failure so that I can double check this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4240cf2a-0ca7-4064-95ec-4d783ca0ceda%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
