Re: [qubes-users] Qubes freezing (hangs) always in less than 1 hour
On Monday, 8 January 2018 00:59:29 UTC, Sameer Vao wrote: > >> If you haven't already, try running "sudo qubes-dom0-update" as soon as > >> you get in to Qubes. > > >Thank you awokd. I did but haven't solved it. > >I'm thinking something limiting memory or CPU may be the way to solve it, > >but may be something else. > >Any other ideas anybody? > > After much search and trials last 5 days, still found nothing online to solve > this problem. Another notebook not an option for me at this time > unfortunately. > > If I can't fix it I will have to install another linux distribution - but > that would be sad. Anybody else have other ideas so I can keep qubes? Thank > you > How many VM are you running? I suspect with your limitation sys-net, sys-firewall and one or two other VM is all you can reasonably do. Is the system still unstable if you have only sys-net and sys-firewall up? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3daa2bd5-852b-4526-94f9-430cdf4d188b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland
Dear Qubes Community, I am reaching out this way on the advise of Andrew David Wong (Axon), as I am in need of finding a part time "jack of all trades" IT person, who has knowledge of Qubes to an extent where he/she is able to implement this in a small office environment with a handful of users. There will also be other tasks, such as alarm system / video monitoring, networking, server etc. etc. We envision this can be 50 - 100% workload (up to you) for a few weeks, after which we expect maybe 25% workload after that. All very flexible, BUT it is necessary that you are able to come and work from our office in Sihlbrug/Baar in Switzerland (just off the highway ... busstop 200 meters away). Due to the nature of work, and given that we cannot offer a full time position, we would expect a young person who is studying or is an apprentice, who would like to have some additional challenges and earn some extra money. However, it could also be someone older who's in between jobs. Important is knowledge/experience with Qubes, general IT/network and the ability to handle and solve challenges as well as being flexible, self-starter and work independently. If you are interested, please send me your CV, which also must contain a recent photo, email and telephone number. If you know of someone who could be interested, please let them know (or let me know). I will be looking forward to hearing from you on the following e-mail address: m...@corpconsult.info Best regards Mogens Berg Andersen MBA Consulting GmbH > On 2018-01-05 01:25, mba wrote: > >> Hi, >> >> In connection with my clients plan to secure our entire IT infrastructure, >> we are looking for a part-time and/or short term Qubes enthusiast who also >> have good knowledge of networking, as well as the ability to work with >> various hardware. It will be necessary to do all of the work from our office >> in Baar, Zug, Switzerland. We see this as an ideal opportunity for a >> knowledgeble and motivated individual, who maybe now is an apprentice / >> student / unemployed, who have spare time and the wish to earn some extra >> money. Working times will be very flexible and with a high degree of >> independence in terms of carrying out the tasks. >> >> I do realize that this here is not a job-centre, but was wondering if you >> have some inputs as to how to get in contact with such an individual? I am >> not myself at all skilled to the level needed, and Google searching as well >> as various fora's did also not provide any useful pointers, so I'm hoping >> you will be able to help me. >> >> I thank you in advance for any input you'll be able to provide, and please >> feel free to share the entire content of this mail, including the contact >> details below, as you see fit for the purpose. >> >> Best regards >> Mogens Berg Andersen >> MBA Consulting GmbH >> >> > > Hello, > > I suggest that you ask on our qubes-users mailing list: > > https://www.qubes-os.org/mailing-lists/#qubes-users > > -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/L2JzaO0--3-0%40corpconsult.info. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] bluetooth support in dom0
On Wednesday, March 12, 2014 at 4:40:16 PM UTC-6, danf...@gmail.com wrote: > Any update regarding this? I have chosen to do this, it is a terrible downgrade of security from a normal Qubes system, but I think it is better than the alternative of using Ubuntu. In my case I am also not using the usb cube. Also, this is on a Qubes 4.0rc3 system. In a dom0 terminal: ``` qubes-dom0-update blueman systemctl enable bluetooth ``` Then reboot the computer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1d64dc0-6127-45f9-b6e7-00cac5db7261%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes app menu keeps old templatevm entries.
On Sunday, 7 January 2018 12:32:43 UTC, Tom Zander wrote: > On Saturday, 6 January 2018 23:19:54 GMT pixel fairy wrote: > > The app menu, top left, keeps entries for old template VMs. is there a way > > to get rid of them? > > You find the data backing this in > $HOME/.local/share/qubes-appmenus/ > > -- > Tom Zander > Blog: https://zander.github.io > Vlog: https://vimeo.com/channels/tomscryptochannel On Qubes xfce 3.2 I had the entries in ~/.local/share/applications and the directories in ~/.local/share/desktop-directories not sure if it is the right place to clean up however... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9bd8989a-41c6-4c65-8dcd-351980c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: how to get the update proxy working again
On Monday, 8 January 2018 06:53:46 GMT khmartin...@gmail.com wrote: > Is your new net vm different than "sys-net"? This caused me problems too. > One solution is to rename the new net vm to "sys-net" or you can edit > this file in dom0: > > /etc/qubes-rpc/policy/qubes.UpdatesProxy > > In that file there is a line that says target=sys-net. > I changed it to the same name as my net vm. That did the trick! Thanks, I would never have found that... -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5511262.ciHnklDXiN%40mail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: 4.0 rc3: fedora 26 minimal firewall issues
Resolved: For what ever reason my template did not have the feature qubes-firewall set to 1. Running the following command fixed it: qvm-features "NETVM" qubes-firewall 1 Is this a bug? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c9ee323a-4885-4e62-b8a4-acce27cfec7e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)
Hi. https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option It's still yet not known whether this disabling is effective and whether it disables the PSP in its entirety. But if it does, then that would make the most recent AMD processors one of the best choices for Qubes 4.x usage. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/L2KEwEN--3-0%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
> > > perhaps the only thing we could do is to stockpile those > > few computer models that are both coreboot (or libreboot) > > supported and without Intel ME / AMD PSP > > Any hints on which models come into consideration? > === Already existing computers === Supported by coreboot or libreboot and preferably based on AMD cpu: AMD added PSP backdoor later than the Intel added ME backdoor, so the latest AMD without PSP is more powerful than the latest Intel without ME LAPTOP - Lenovo G505S with A10-5750M quad core CPU Also, maybe HP Pavilion M6 1035DX if you have a chance - but it is a rare model, a bit worse than G505S both in hardware and freedom aspects ( for G505S there is a leaked schematics for its' LA-A091P motherboard, which improves the repairability as well as slightly raises its' "freedom" ; haven't heard about M6 1035DX schematics ) And nobody tried it for ages, so for the latest coreboot additional work may be needed WORKSTATION - something AMD based from libreboot list: https://libreboot.org/docs/hardware/ ASUS KCMA-D8 , ASUS KFSN4-DRE , ASUS KGPE-D16 some of these boards could have issues with certain CPUs or memory modules, you need to read the libreboot website and look through the mailing list archives to ensure the best hardware compatibility while building a PC on such a mobo === New modern computers === If we need a powerful modern computer that at least tries to be free-as-in-freedom in software/hardware , and doesn't have Intel ME / AMD PSP , it must be POWER cpu based WORKSTATION - TALOS II - https://raptorcs.com/TALOSII/ very powerful hardware from a great company, available for pre orders LAPTOP - probably this one https://www.powerpc-notebook.org/en/ Currently they are doing a crowdfunding for schematics: https://www.powerpc-notebook.org/campaigns/electrical-schematics-notebook-powerpc-motherboard-donation-campaign/ TALOS II progress is more significant that laptop guys, but at least they are trying Best regards, Ivan Ivanov 2018-01-08 5:54 GMT+03:00 : > > > On 01/08/2018 03:27 AM, Ivan Ivanov wrote: >> >> perhaps the only thing we could do is to stockpile those >> few computer models that are both coreboot (or libreboot) >> supported and without Intel ME / AMD PSP >> > Any hints on which models come into consideration? > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/bqRSuU3T6MA/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/a17865f5-f98a-6638-5787-66b897424e8b%40rbox.co. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAaskFBFXRHw18Q0zRvL-j5UR7249UaZw%2BoSj2Y_Zoz37dK97w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 6 Jan 2018 18:15:21 -0600 Andrew David Wong wrote: > > Dear Qubes Community, > > Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely > apologize for our failure to provide timely notice of this event. Dear Qubes team and developers, please don't apologize for your incognizable hard and important work. ;) Cheers, rob -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJaU0npXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RDk5RjYwMjVBMjMwQTc0NjExNkJCOERD NEZDQzQwQjUwMTY1NDg1AAoJEMT8xAtQFlSF9pIQAJcFYJlhDRulHcz+YGyFL5Kg 7gnOnsGcdSTjVJZ2pk1of+WhQHcx0xrdqxU5cnqxTyikXkeL4HPVL1wYtsCRpsZV jX9IETx75AXulMMCgEvRKGnB78AacVpuagzq7co/O/BthstW1vnxunNgRMBYLVmM XAYgf/JH+lfN7cARp6uW9OinXlHQg0MiU9MO+UboxZ5cpS8V5D6IWyLIxFG7sHO+ o+AHWg6Kk94ul/HawkvqPquEaC6FKdIjcoKIncqdpAzCEuMMwsowcEGx+ppvOeWJ oywccLydz/Zsl3seZODws8wchl06BYgSusAuPGWQt7jn4w66GX+XRmm9y5VpSicy vDa6JD+U0ski2Q1T5i7c7IuVCwQoiNwiRkDGqb1sSQTi5gPM3rj0U27h/G9nrD3S SryOuTDbwZRXyLeJMqydldBbjSygAMj+durBbGLg99JoqIfYUqxAmwfPdy4csnjR qVT2E9SA/11pDIUzWAIBe7wi75XFVxlKMa56eblMOPS1g1MQ/b+Q+OGeJKrI3N5s rRdqvDBQMVDyX3Ko/vp3CDH92hCSCL1L8x9DNYiuK8OleC43HYCfmL92Svy6EDL4 wj1AFz9y35KJpQdyP+Cnd03b9EsF+ThnCRAS4z6j0sd2h1YNGET2faltm6DBes+l 317JxVdFj64VGKAyvsdH =ZumN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/p2vhhl%24kae%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)
On Monday, 8 January 2018 10:10:17 GMT qubestheb...@tutanota.com wrote: > Hi. > > https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option > It's still yet not known whether this disabling is effective and whether > it disables the PSP in its entirety. > > But if it does, then that would make the most recent AMD processors one of > the best choices for Qubes 4.x usage. In context; https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI So its an up / down :) * AMD is faster (no PTI) * AMD has a remote code execution issue, at least until you can turn off PSA using a bios update. * Bios updates are not much seen in the wild. Time will tell. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3608826.gtipCf02p4%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
Dnia Saturday, January 6, 2018 9:32:20 PM CET Sven Semmler pisze: > On 12/15/2017 03:20 AM, kotot...@gmail.com wrote: > > It does boot but the X server cannot start. Text installation did > > not work. > > Based on swami's post from 9/15/17 I suspect you need kernel 4.9 in > dom0 ... > > https://groups.google.com/d/msg/qubes-users/ZFZT7mQNeWY/xZ1AiCYOAwAJ I can confirm that T470 won't work with stock R3.2 kernel. Just go for R4.0, works pretty well. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1585569.CqqnvMDoyJ%40lapuntu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: This is a digitally signed message part.
Re: [qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)
No it does not, this is simply disabling the option ROM and the PCI device. PSP can't be disabled without massive AMD intervention as it is integral to the boot process and it inits the main CPU. If you want a modern performance CPU without black box supervisor processors your choice is POWER/TALOS 2. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12d8c1fa-8f37-d5d0-b846-01a0c84452e0%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Buy laptop
Get the lenovo g505s, it supports coreboot with open source silicon init. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e8b1472-cf5a-a855-f760-2033fbd5d13f%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On 01/07/2018 03:27 PM, Ivan Ivanov wrote: Yes, hopefully one day we would see more leaks, that could help us to truly get rid of ME ;) Meanwhile, perhaps the only thing we could do is to stockpile those few computer models that are both coreboot (or libreboot) supported and without Intel ME / AMD PSP Or you could just buy POWER 9/TALOS 2, have a libre high performance system right now and stop waiting for what will never happen (and would be immediately fixed if it did) If you buy new Intel/AMD CPU's you are supporting future anti-feature development. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5136d332-4c56-cb68-9dd7-8ec5760fb192%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Buy laptop
Sorry man, would you be so nice to tell me with which of these components is that laptop compatible HVMIOMMUSLATTPMXenKernel And could you let me know if it’s compatible with Qubes R 4.0 Thanks very much 👍 Leonardo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/76252cd0-444b-4fa6-805b-5d39af77723b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow
No, my PC is a Dell XPS13, not a Latitude. But I have some news: The booting problem is 100% dependent on being plugged or not. Precisely, I observed the following behaviors: Booting plugged: Everything is normal, PC is fast. If I unplug it afterwards nothing really happens and performance stays the same. Booting unplugged: FUBAR. Slow, unresponsive, battery draining over 9000. Plugging AC adapter in afterwards doesn't help at all. Dunno if my intuition is the right one, but it may be that the booting process, when unplugged, triggers some sort of fucked up setting regarding power management that causes havoc. Note that, in my case, the only important factor to consider is if the AC adapter is plugged/unplugged AT BOOT. Connecting/disconnecting it afterwards has no effect whatsoever on performance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a089f789-47ea-493e-be0a-dc8630ed8897%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What is my Core m7-6Y75 CPU Missing that prevents qubes 4 from installing?
On Mon, January 8, 2018 4:01 am, cryptoph...@gmail.com wrote: > I'm running an ORWL m7-480 ( https://orwl.org/ ) and the install reported > that my CPU is not compatible (I forget the exact wording/reason). My > CPU info is below, and it does appear to have all the VTX-* etc tech > needed? Right after you boot 3.2, try running in dom0 "qubes-hcl-report". It will give a bit more readable output. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ff49c64accd0772c35d95ef3d0c4e50.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Multiple usability issues Qubes 4RC3
Hello all! I apologise for the vague subject, but I have been trying all kinds of things, and I simply can't understand half of the issues, and the other half I can't seem to find a solution to. First of all I have all the respect in the world for the entire Qubes team, and I sincerely believe that you are making the world a better place. The machine: ThinkPad X270 (full specs: https://www.uk.insight.com/en-gb/productinfo/portatili-e-notebook/0007017591). It has 8 GB RAM. So.. to the issues.. 1) A more general gripe with not having enough documentation to actually get through a setup process. I used Qubes 3.2 before, and I simply went about Qubes 4 the same way. I know that there have been multiple changes, and I honestly believe the changes are for the better. But issues like moving a templates home directory to /etc/skel (meaning that appvm's inherit /etc/skel as home dir from the template) left me baffled with my first install.. I setup my template exactly as I wanted, created an appvm, and nothing was initialised. I had no idea what was going on, and the only way I could get some information was through a GitHub issue. Even after moving everything over to /etc/skel, I still have issues.. not everything is being carried over, not everything is being read correctly, and /etc/skel is not being synchronised either. If I add something new to /etc/skel AFTER creating a appvm, the appvm's homedir won't be updated. I like the idea with moving all the GUI functionality to the shell. I prefer using the shell anyway. But for instance, in 3.2, you could allow access to through the firewall for a templatevm. Now it has to be done through qvm-prefs. This is not documented anywhere, and this was also an infuriating issue for me. 2) I have reinstalled qubes multiple times over the weekend (friday through sunday) to get my install at a state that I am actually satisfied with. Most griping issues: sys-net and sys-firewall do not start on boot. Journalctl claims that there isn't enough memory to start sys-net on boot (I don't have anything more descriptive for sys-firewall). I can easily start them after boot and login. If I need more memory, then I will happily upgrade. I intended to do so anyway, but I cannot understand why it worked fine in 3.2 with 8 GB RAM. 3) The issue mentioned under documentation with setting up a template exactly the way I want it. To understand the issue in depth, I think it's in place to describe my setup: Having 2 base templates (based on the debian 9 template): * One I call 'trusted' which is based on debian sid (unstable) that I install everything I use for daily usage (firefox, libreoffice, mpv, emacs, other open source tools). Primarily AppVM's will be based out of this template. * One I call 'untrusted' that is going to be a clone of 'trusted', and that I install proprietary software in, that I also use on a daily basis (e.g. spotify). Also AppVM's out of this, but probably only 1 to start with. * I will probably create a standalone VM based off of 'trusted' that I use for development. So I will install stuff like docker, golang, and all other stuff I would otherwise use for developing. I have not been able to create my 'trusted' template in a proper manner, since I can't get /etc/skel to work properly. NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos that are cloned to the homedir of the user (meaning they are git repos cloned to /etc/skel) If this is improper usage, then please guide me to how I should go about doing this instead, as I have no idea what the smartest solution would otherwise be. Sorry for the long email, and thanks in advance for clarifying answers. Best regards and all the best. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CA%2B3%2BOvhLbx4ufgnJDgJPto6LztqACHbOQaFB7wYLh%3Df7RXEgeg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users wrote: > But issues like moving a templates home directory to /etc/skel (meaning > that appvm's inherit /etc/skel as home dir from the template) left me > baffled with my first install.. Homedirs are completely separated from your template homedir. I personally ended up setting up things like chrome and konsole, bashrc etc. Making a tar off my setup and uncompressing it on other qubes. Usage of /etc/skel is not something I suggest, that is *only* for first initialisation of an AppVM and never gets updated again. Bottom line; your homedir is unique and different in each and every VM. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1587531.ENQz9nrnvL%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users wrote: > * One I call 'trusted' which is based on debian sid (unstable) that I > install everything I use for daily usage (firefox, libreoffice, mpv, > emacs, other open source tools). Primarily AppVM's will be based out of > this template. > > * One I call 'untrusted' that is going to be a clone of 'trusted', and > that I install proprietary software in, that I also use on a daily basis > (e.g. spotify). Also AppVM's out of this, but probably only 1 to start > with. An alternative solution is to make your "untrusted" VM an AppVM and you install the software in there using bind-dirs. Then you *only* use that VM for running that software and you likely store no personal data there (other than maybe your spotify cridentials). Additional bonus would be to open any webpages in disposable VMs, should you click on a link in any of those apps. > * I will probably create a standalone VM based off of 'trusted' that I use > for development. So I will install stuff like docker, golang, and all > other > stuff I would otherwise use for developing. I may be wrong, but all those development tools are open source and likely shipped by your distro. In which case I wonder what the benefit is to putting them into its own VM? In short, maybe the simplest way is to create; * TemplateVM: debian9 * Work AppVM based on debian9 * Untrusted AppVM based on debian9, adds untrusted apps using binds * any other AppVMs you need... All based on the same debian9 template. > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos > that are cloned to the homedir of the user (meaning they are git repos > cloned to /etc/skel) Using /etc/skel just causes the data to be copied to the appvm homedir on first start. You end up duplicating the data anyway, maybe you can use a different way to copy everthing between VM homedirs. Notice that you can just do a qvm-copy [dir] which copies recursively. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2937565.vjQbnCdrbL%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
> > * One I call 'trusted' which is based on debian sid (unstable) that I > > install everything I use for daily usage (firefox, libreoffice, mpv, > > emacs, other open source tools). Primarily AppVM's will be based out of > > this template. > > > > * One I call 'untrusted' that is going to be a clone of 'trusted', and > > that I install proprietary software in, that I also use on a daily basis > > (e.g. spotify). Also AppVM's out of this, but probably only 1 to start > > with. > > An alternative solution is to make your "untrusted" VM an AppVM and you > install the software in there using bind-dirs. > Then you *only* use that VM for running that software and you likely store > no personal data there (other than maybe your spotify cridentials). > > Additional bonus would be to open any webpages in disposable VMs, should you > click on a link in any of those apps. This approach is actually quite nice. I have never used bind-dirs though. How would I go about this? Symlink from /usr/bin to the homedir of the VM, or how? I actually already open all links in disposable VMs, unless of course it is something that I use/trust. So that part of the equation is solved :) > > * I will probably create a standalone VM based off of 'trusted' that I use > > for development. So I will install stuff like docker, golang, and all > > other > > stuff I would otherwise use for developing. > > I may be wrong, but all those development tools are open source and likely > shipped by your distro. In which case I wonder what the benefit is to putting > them into its own VM? I may use libs that I haven't neccessarily looked through, or have no idea where originate from. Also, this VM will need to communicate more extensively with the Internet, as I make web utils or other stuff. I would prefer having this VM isolated at any rate :) > In short, maybe the simplest way is to create; > > * TemplateVM: debian9 > * Work AppVM based on debian9 > * Untrusted AppVM based on debian9, adds untrusted apps using binds > * any other AppVMs you need... All based on the same debian9 template. > > > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos > > that are cloned to the homedir of the user (meaning they are git repos > > cloned to /etc/skel) > > Using /etc/skel just causes the data to be copied to the appvm homedir on > first start. > You end up duplicating the data anyway, maybe you can use a different way to > copy everthing between VM homedirs. > Notice that you can just do a qvm-copy [dir] which copies recursively. But it's fine by me if it only happens once. That means I just need to setup the template exactly the way I want, before I create AppVMs. I'd rather clone the repos and copy my settings files, .ssh, and other config/setup stuff in my template once, than doing it for all AppVMs. Thanks again for your help Tom :) I still need assistance with the initial start up of sys-net and sys-firewall though :( -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ecf4340-34ea-4a2c-847b-2cfb2aa59893%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Multiple usability issues Qubes 4RC3
Den mandag den 8. januar 2018 kl. 14.29.06 UTC+1 skrev Ahmed Al Aqtash: > Hello all! > > > I apologise for the vague subject, but I have been trying all kinds of > things, and I simply can't understand half of the issues, and the other half > I can't seem to find a solution to. > > > First of all I have all the respect in the world for the entire Qubes team, > and I sincerely believe that you are making the world a better place. > > > The machine: ThinkPad X270 (full specs: > https://www.uk.insight.com/en-gb/productinfo/portatili-e-notebook/0007017591). > It has 8 GB RAM. > > > So.. to the issues.. > 1) A more general gripe with not having enough documentation to actually get > through a setup process. I used Qubes 3.2 before, and I simply went about > Qubes 4 the same way. I know that there have been multiple changes, and I > honestly believe the changes are for the better. > > > But issues like moving a templates home directory to /etc/skel (meaning that > appvm's inherit /etc/skel as home dir from the template) left me baffled with > my first install.. I setup my template exactly as I wanted, created an appvm, > and nothing was initialised. I had no idea what was going on, and the only > way I could get some information was through a GitHub issue. Even after > moving everything over to /etc/skel, I still have issues.. not everything is > being carried over, not everything is being read correctly, and /etc/skel is > not being synchronised either. If I add something new to /etc/skel AFTER > creating a appvm, the appvm's homedir won't be updated. > > > I like the idea with moving all the GUI functionality to the shell. I prefer > using the shell anyway. But for instance, in 3.2, you could allow access to > through the firewall for a templatevm. Now it has to be done through > qvm-prefs. This is not documented anywhere, and this was also an infuriating > issue for me. > > > 2) I have reinstalled qubes multiple times over the weekend (friday through > sunday) to get my install at a state that I am actually satisfied with. > > > Most griping issues: sys-net and sys-firewall do not start on boot. > Journalctl claims that there isn't enough memory to start sys-net on boot (I > don't have anything more descriptive for sys-firewall). > I can easily start them after boot and login. If I need more memory, then I > will happily upgrade. I intended to do so anyway, but I cannot understand why > it worked fine in 3.2 with 8 GB RAM. > > > 3) The issue mentioned under documentation with setting up a template exactly > the way I want it. > To understand the issue in depth, I think it's in place to describe my setup: > Having 2 base templates (based on the debian 9 template): > > > * One I call 'trusted' which is based on debian sid (unstable) that I > install everything I use for daily usage (firefox, libreoffice, mpv, emacs, > other open source tools). Primarily AppVM's will be based out of this > template. > > > * One I call 'untrusted' that is going to be a clone of 'trusted', and that I > install proprietary software in, that I also use on a daily basis (e.g. > spotify). Also AppVM's out of this, but probably only 1 to start with. > > > * I will probably create a standalone VM based off of 'trusted' that I use > for development. So I will install stuff like docker, golang, and all other > stuff I would otherwise use for developing. > > > I have not been able to create my 'trusted' template in a proper manner, > since I can't get /etc/skel to work properly. > > > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos > that are cloned to the homedir of the user (meaning they are git repos cloned > to /etc/skel) > If this is improper usage, then please guide me to how I should go about > doing this instead, as I have no idea what the smartest solution would > otherwise be. > > > Sorry for the long email, and thanks in advance for clarifying answers. > > > Best regards and all the best. Another issue actually: What is the best/recommended way of updating software in TemplateVMs? Firing up a shell in the TemplateVM and running a standard 'sudo dnf update'/'sudo apt-get upgrade', or should we throw flags at it? In 3.2 the GUI would happily say 'you have updates', but now (with my very limited knowledge) we have to check this manually? Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/706226d9-5e3b-4145-a042-3866f7aa192a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade
> please don't apologize for your incognizable hard and important work. ;) I second the motion. I am so thankful for the Qubes team's work to protect us users. On Mon, Jan 8, 2018 at 5:37 AM, rob_66 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Sat, 6 Jan 2018 18:15:21 -0600 > Andrew David Wong wrote: > > > > > Dear Qubes Community, > > > > Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely > > apologize for our failure to provide timely notice of this event. > > > Dear Qubes team and developers, > > please don't apologize for your incognizable hard and > important work. ;) > > Cheers, > > rob > -BEGIN PGP SIGNATURE- > > iQJ8BAEBCgBmBQJaU0npXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RDk5RjYwMjVBMjMwQTc0NjExNkJCOERD > NEZDQzQwQjUwMTY1NDg1AAoJEMT8xAtQFlSF9pIQAJcFYJlhDRulHcz+YGyFL5Kg > 7gnOnsGcdSTjVJZ2pk1of+WhQHcx0xrdqxU5cnqxTyikXkeL4HPVL1wYtsCRpsZV > jX9IETx75AXulMMCgEvRKGnB78AacVpuagzq7co/O/BthstW1vnxunNgRMBYLVmM > XAYgf/JH+lfN7cARp6uW9OinXlHQg0MiU9MO+UboxZ5cpS8V5D6IWyLIxFG7sHO+ > o+AHWg6Kk94ul/HawkvqPquEaC6FKdIjcoKIncqdpAzCEuMMwsowcEGx+ppvOeWJ > oywccLydz/Zsl3seZODws8wchl06BYgSusAuPGWQt7jn4w66GX+XRmm9y5VpSicy > vDa6JD+U0ski2Q1T5i7c7IuVCwQoiNwiRkDGqb1sSQTi5gPM3rj0U27h/G9nrD3S > SryOuTDbwZRXyLeJMqydldBbjSygAMj+durBbGLg99JoqIfYUqxAmwfPdy4csnjR > qVT2E9SA/11pDIUzWAIBe7wi75XFVxlKMa56eblMOPS1g1MQ/b+Q+OGeJKrI3N5s > rRdqvDBQMVDyX3Ko/vp3CDH92hCSCL1L8x9DNYiuK8OleC43HYCfmL92Svy6EDL4 > wj1AFz9y35KJpQdyP+Cnd03b9EsF+ThnCRAS4z6j0sd2h1YNGET2faltm6DBes+l > 317JxVdFj64VGKAyvsdH > =ZumN > -END PGP SIGNATURE- > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/p2vhhl%24kae%241%40blaine.gmane.org. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CALvEeyied-wq3U16Y8dddGbJuQNefH%2BkytTMOcUt%2B90zdoHVqA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes 4 qvm-trim not exist
On Sunday, January 7, 2018 at 11:36:41 PM UTC+1, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Sun, Jan 07, 2018 at 12:45:58PM -0800, Roy Bernat wrote: > > On Sunday, 7 January 2018 22:30:39 UTC+2, Andrew David Wong wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA512 > > > > > > On 2018-01-07 12:48, Roy Bernat wrote: > > > > Hi All , > > > > > > > > What is the best practice to trim disk inside qubes 4 . > > > > > > > > the qvm-trim-template dont exist anymore . > > > > > > > > R > > > > > > > > > > You can use the `fstrim` command in the TemplateVM: > > > > > > $ sudo fstrim -v / > > > > Hi > > > > fstrim: /: the discard operation is not supported > > Strange, it should work. And on my system it works... > > Anything special in your configuration? Have you chosen non standard > partitioning or such? > Maybe you don't have LVM thin based storage? You can check that for the > template using (adjust template name): > > qvm-volume ls fedora-26 > > The storage pool used will be in the first column, for example: > > POOL:VOLUME VMNAME VOLUME_NAME > REVERT_POSSIBLE > linux-kernel:4.9.56-21fedora-26 kernel No > lvm:qubes_dom0/vm-fedora-26-private fedora-26 private No > lvm:qubes_dom0/vm-fedora-26-root fedora-26 root No > lvm:qubes_dom0/vm-fedora-26-volatile fedora-26 volatile No > > Here you see "lvm" pool. > > If you want, you can dig further: qvm-pool -i lvm > > name lvm > driverlvm_thin > size 486585401344 > thin_pool pool00 > usage 347665269260 > volume_group qubes_dom0 > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > > iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlpSoNgACgkQ24/THMrX > 1yzwzgf/Wl7+PDptZ0i9HN5viuSmQk0W5EeBawQ9CIJHseCGAqPLLvRToSRPBF9f > vRPZv7HHAf0xoY7TPnBygjUAgb+u30rbGdpFafBwDugyzy8ojDLZvOZXgxaOiegn > M27tjwX6i6Wpc83gh+HwIB4ARJua2gBOS0ULDXJBZZ4y1WoVN0fvr3RiDRGWhpYH > 1QutmKGR4Cwz0D1KoEP1qhCiew9BQ2NS1SSCk4dgncZcAnnSCrLR+9WDmirZRl2U > 2AbxMdFXMvFfsmXCiTyq/dw3H0N9c6Litq0KPcowkXxhXx24vQo7fjLJGKpFrOEv > KuN+RRcMchphkF87AoVASm+G0rTzLA== > =DGsq > -END PGP SIGNATURE- Out of curiosity I checked my own system too (I'm running LVM, not LVM Thin). " [user@fedora-26 ~]$ sudo fstrim -v / fstrim: /: the discard operation is not supported [user@fedora-26 ~]$ " " user@debian-8:~$ sudo fstrim -v / fstrim: /: the discard operation is not supported user@debian-8:~$ " Dom0 was pretty much identical as the two examples above too. Is LVM Thin the preferred FS-format on Qubes 4 over regular LVM? Also, possibly this might be because I'm using LVM and not LVM Thin, but I get python errors when I execute "qvm-pool -i lvm" in dom0. The command does not exist in fedora-26 or debian-8 template. But I guess it must be a dom0 specific command. Below is the python error from dom0. [user@dom0 ~]$ qvm-pool -i lvm Traceback (most recent call last): File "/usr/bin/qvm-pool", line 5, in sys.exit(main()) File "/usr/lib/python3.5/site-packages/qubesadmin/tools/qvm_pool.py", line 146, in main args = parser.parse_args(args, app=app) File "/usr/lib/python3.5/site-packages/qubesadmin/tools/__init__.py", line 387, in parse_args action.parse_qubes_app(self, namespace) File "/usr/lib/python3.5/site-packages/qubesadmin/tools/__init__.py", line 312, in parse_qubes_app pools = [app.pools[name] for name in pool_names] File "/usr/lib/python3.5/site-packages/qubesadmin/tools/__init__.py", line 312, in pools = [app.pools[name] for name in pool_names] File "/usr/lib/python3.5/site-packages/qubesadmin/base.py", line 309, in __getitem__ raise KeyError(item) KeyError: 'lvm' [aki@dom0 ~]$ So I'm guessing the solution would possibly be to re-install it all, but instead pick LVM-Thin as the FS-format? I'll gladly sign up to be up for being a guinea-pig and re-install Qubes 4 on LVM-Thin instead of LVM, (additional difference would be Qubes RC-2 fully updated to Qubes RC-4), to test it out if it makes a difference. Or maybe use Qubes RC-2 again for accuracy if it matters? Albeit I'm unsure if there is any value in such a test, and or whether systemdata is needed from before/after re-install. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d093e9a-c5b4-4107-a695-e9a6d2eada09%40googlegroups.com. For more options, visit https://groups.g
Re: [qubes-users] do i need to configure usb printer in disposalVM? to print from there
also make sure to install the drivers in the dispvm's template. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3546c251-b321-48c5-a5b3-0988fa4aaddb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dom0 terminal color is blue?
On Sunday, January 7, 2018 at 3:18:54 PM UTC-5, bow...@gmail.com wrote: > Stupid question, I rarely fire dom0 terminal... is the color blue? I remember > it being grey long ago... ya, it changed... not sure why. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1feda4f7-cb6e-400c-8edc-f7f051fcacef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes 4 qvm-trim not exist
On Mon, January 8, 2018 4:14 pm, Yuraeitha wrote: > [user@fedora-26 ~]$ sudo fstrim -v / > fstrim: /: the discard operation is not supported Not entirely sure it will propagate upwards but try setting dom0 /etc/lvm/lvm.conf issue_discards = 1 and reboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25f29689781e3f864d8f68681b580f2b.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Multiple usability issues Qubes 4RC3
On Monday, January 8, 2018 at 3:28:26 PM UTC+1, a...@it-minds.dk wrote: > Den mandag den 8. januar 2018 kl. 14.29.06 UTC+1 skrev Ahmed Al Aqtash: > > Hello all! > > > > > > I apologise for the vague subject, but I have been trying all kinds of > > things, and I simply can't understand half of the issues, and the other > > half I can't seem to find a solution to. > > > > > > First of all I have all the respect in the world for the entire Qubes team, > > and I sincerely believe that you are making the world a better place. > > > > > > The machine: ThinkPad X270 (full specs: > > https://www.uk.insight.com/en-gb/productinfo/portatili-e-notebook/0007017591). > > It has 8 GB RAM. > > > > > > So.. to the issues.. > > 1) A more general gripe with not having enough documentation to actually > > get through a setup process. I used Qubes 3.2 before, and I simply went > > about Qubes 4 the same way. I know that there have been multiple changes, > > and I honestly believe the changes are for the better. > > > > > > But issues like moving a templates home directory to /etc/skel (meaning > > that appvm's inherit /etc/skel as home dir from the template) left me > > baffled with my first install.. I setup my template exactly as I wanted, > > created an appvm, and nothing was initialised. I had no idea what was going > > on, and the only way I could get some information was through a GitHub > > issue. Even after moving everything over to /etc/skel, I still have > > issues.. not everything is being carried over, not everything is being read > > correctly, and /etc/skel is not being synchronised either. If I add > > something new to /etc/skel AFTER creating a appvm, the appvm's homedir > > won't be updated. > > > > > > I like the idea with moving all the GUI functionality to the shell. I > > prefer using the shell anyway. But for instance, in 3.2, you could allow > > access to through the firewall for a templatevm. Now it has to be done > > through qvm-prefs. This is not documented anywhere, and this was also an > > infuriating issue for me. > > > > > > 2) I have reinstalled qubes multiple times over the weekend (friday through > > sunday) to get my install at a state that I am actually satisfied with. > > > > > > Most griping issues: sys-net and sys-firewall do not start on boot. > > Journalctl claims that there isn't enough memory to start sys-net on boot > > (I don't have anything more descriptive for sys-firewall). > > I can easily start them after boot and login. If I need more memory, then I > > will happily upgrade. I intended to do so anyway, but I cannot understand > > why it worked fine in 3.2 with 8 GB RAM. > > > > > > 3) The issue mentioned under documentation with setting up a template > > exactly the way I want it. > > To understand the issue in depth, I think it's in place to describe my > > setup: > > Having 2 base templates (based on the debian 9 template): > > > > > > * One I call 'trusted' which is based on debian sid (unstable) that I > > install everything I use for daily usage (firefox, libreoffice, mpv, emacs, > > other open source tools). Primarily AppVM's will be based out of this > > template. > > > > > > * One I call 'untrusted' that is going to be a clone of 'trusted', and that > > I install proprietary software in, that I also use on a daily basis (e.g. > > spotify). Also AppVM's out of this, but probably only 1 to start with. > > > > > > * I will probably create a standalone VM based off of 'trusted' that I use > > for development. So I will install stuff like docker, golang, and all other > > stuff I would otherwise use for developing. > > > > > > I have not been able to create my 'trusted' template in a proper manner, > > since I can't get /etc/skel to work properly. > > > > > > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos > > that are cloned to the homedir of the user (meaning they are git repos > > cloned to /etc/skel) > > If this is improper usage, then please guide me to how I should go about > > doing this instead, as I have no idea what the smartest solution would > > otherwise be. > > > > > > Sorry for the long email, and thanks in advance for clarifying answers. > > > > > > Best regards and all the best. > > Another issue actually: > What is the best/recommended way of updating software in TemplateVMs? > Firing up a shell in the TemplateVM and running a standard 'sudo dnf > update'/'sudo apt-get upgrade', or should we throw flags at it? > > In 3.2 the GUI would happily say 'you have updates', but now (with my very > limited knowledge) we have to check this manually? > > Cheers I believe the current solution is to check manually yes, but I also think it's a temporary issue. Maybe it'll be resolved in Qubes 4.1. or Qubes 5 even? There was so much to do in Qubes 4, that many things like these likely had to be put into lower priorities. But now that Qubes 4 is getting more stable
Re: [qubes-users] Re: new Desktop build recommendation
Just remembered the snowden documentary, when he would type the password into his laptop covering it and his head with a blanket. Maybe we should all do that? Then they really would need to catch the electrical or radiation frequencies lol. @Wael, Thats a sweet PSU you picked. EVGA doesn't make lower end ones. I think Tai was thinking of corsair, which I would never recommend to anybody. A Corsair PSU once died on me after a year. One of the C models. And the hdd and gpu got killed. Whats crazy is for a year I thought i was getting hacked, turns out it the gpu must of been failing after 3 months and I never suspected it. I filed a claim with them. They said nothing was wrong with the PSU or GPU. I told them thats impossible, because I had to replace the psu to get my board to post lol. and I flipped out. Long story short, They paid for my hdd. But Stole my GPU, literally, stole the fkn thing and refused to give it back. They claimed they didn't know where it was. They probably reflashed it and gave it to their kid. Now that I think about it I should of called the police!On top of that they sent me two bad PSU's before they sent me a good one. I swear it. The first replacement immediately started smoking on me as if they sent me a bad psu on purpose just to fk with me!!! Because when they told me nothing was wrong with the psu, I told the guy his engineers are frauds. And The only reason they paid for the HDD is after I complained they stole my GPU and I was out a hdd. The last GPU they sent me only lasted 2 years and stopped working out of nowhere with no warning signs. Corsair has crap quality control, and evil engineers. EVGA on the other hand, is the best quality in PSU's I've ever seen, no matter the model. I've also had cheap psu's not work properly with a ups, but never the case with an evga psu. I hate to sound like a shrill, but noone comes close to them in the psu market. There is no comparison. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/27b84105-f3d8-4771-b6ea-ab716c4ebbea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
Just remembered the snowden documentary, when he would type the password into his laptop covering it and his head with a blanket. Maybe we should all do that? Then they really would need to catch the electrical or radiation frequencies lol. @Wael, Thats a sweet PSU you picked. EVGA doesn't make lower end ones. I think Tai was thinking of corsair, which I would never recommend to anybody. A Corsair PSU once died on me after a year. One of the C models. And the hdd and gpu got killed. Whats crazy is for a year I thought i was getting hacked, turns out it the psu must of been failing after 3 months and I never suspected it. I filed a claim with them. They said nothing was wrong with the PSU or GPU. I told them thats impossible, because I had to replace the psu to get my board to post lol. and I flipped out. Long story short, They paid for my hdd. But Stole my GPU, literally, stole the fkn thing and refused to give it back. They claimed they didn't know where it was. They probably reflashed it and gave it to their kid. Now that I think about it I should of called the police!On top of that they sent me two bad PSU's before they sent me a good one. I swear it. The first replacement immediately started smoking on me as if they sent me a bad psu on purpose just to fk with me!!! Because when they told me nothing was wrong with the psu, I told the guy his engineers are frauds. And The only reason they paid for the HDD is after I complained they stole my GPU and I was out a hdd. The last GPU they sent me only lasted 2 years and stopped working out of nowhere with no warning signs. Corsair has crap quality control, and evil engineers. EVGA on the other hand, is the best quality in PSU's I've ever seen, no matter the model. I've also had cheap psu's not work properly with a ups, but never the case with an evga psu. I hate to sound like a shrill, but noone comes close to them in the psu market. There is no comparison. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68ac2359-efc2-4376-9859-04f9e3bf0350%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
Just remembered the snowden documentary, when he would type the password into his laptop covering it and his head with a blanket. Maybe we should all do that? Then they really would need to catch the electrical or radiation frequencies lol. @Wael, Thats a sweet PSU you picked. EVGA doesn't make lower end ones. I think Tai was thinking of corsair, which I would never recommend to anybody. A Corsair PSU once died on me after a year. One of the C models. And the hdd and gpu got killed. Whats crazy is for a year I thought i was getting hacked and was going nuts, turns out it the psu must of been failing after 3 months and I never suspected it. I filed a claim with them. They said nothing was wrong with the PSU or GPU. I told them thats impossible, because I had to replace the psu to get my board to post lol. and I flipped out. Long story short, They paid for my hdd. But Stole my GPU, literally, stole the fkn thing and refused to give it back. They claimed they didn't know where it was. They probably reflashed it and gave it to their kid. Now that I think about it I should of called the police!On top of that they sent me two bad PSU's before they sent me a good one. I swear it. The first replacement immediately started smoking on me as if they sent me a bad psu on purpose just to fk with me!!! Because when they told me nothing was wrong with the psu, I told the guy his engineers are frauds. And The only reason they paid for the HDD is after I complained they stole my GPU and I was out a hdd. The last GPU they sent me only lasted 2 years and stopped working out of nowhere with no warning signs. Corsair has crap quality control, and evil engineers. EVGA on the other hand, is the best quality in PSU's I've ever seen, no matter the model. I've also had cheap psu's not work properly with a ups, but never the case with an evga psu. I hate to sound like a shrill, but noone comes close to them in the psu market. There is no comparison. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d07a4ac8-e972-4619-a40a-9f819a901d51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
I also would never buy corsair ram. fk that company. My fav brand is G.Skill. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5b01fbdd-b42b-42a0-887b-e579e7be0756%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
I also would never buy corsair ram. fk that company. My fav brand is G.Skill. And ram is also backwards compatible when comes to frequencies. And when using a lower frequency you can always lower timings, and still have it in case you upgrade to higher frequency board in future. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b3a9af7-6050-494c-9706-f007c6fd2312%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dom0 terminal color is blue?
On Sunday, January 7, 2018 at 9:18:54 PM UTC+1, bow...@gmail.com wrote: > Stupid question, I rarely fire dom0 terminal... is the color blue? I remember > it being grey long ago... Which Qubes system version are you on, and also the version of the one you refer to into the past, if you remember? Qubes 3.2. dom0 terminal is blue (or was until Qubes 4 RC-2 was released at least, as that was when I moved away from 3.2 and never looked back). Qubes 4.0 has a gray dom0 terminal. I never used Qubes previous to version 3.2, maybe it was gray before 3.2, and became gray once more in Qubes 4.0? I'm guessing you're using Qubes 3.2. currently, or earlier, if you rarely use the dom0 terminal to the extent you refer to. Because currently Qubes 4 requires you to update dom0 through the dom0 terminal, including handling the backup-create and backup-restore in the dom0 terminal. I suspect a GUI might come in the future though, when more developer time can be focused on it, as they're quite busy with Qubes 4. But this is just speculation on my part. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c76d-322a-4455-9d28-4182a488a8a3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dom0 terminal color is blue?
On Monday, January 8, 2018 at 12:02:15 PM UTC-5, Yuraeitha wrote: > On Sunday, January 7, 2018 at 9:18:54 PM UTC+1, bow...@gmail.com wrote: > > Stupid question, I rarely fire dom0 terminal... is the color blue? I > > remember it being grey long ago... > > Which Qubes system version are you on, and also the version of the one you > refer to into the past, if you remember? > > Qubes 3.2. dom0 terminal is blue (or was until Qubes 4 RC-2 was released at > least, as that was when I moved away from 3.2 and never looked back). > > Qubes 4.0 has a gray dom0 terminal. > > I never used Qubes previous to version 3.2, maybe it was gray before 3.2, and > became gray once more in Qubes 4.0? > > I'm guessing you're using Qubes 3.2. currently, or earlier, if you rarely use > the dom0 terminal to the extent you refer to. Because currently Qubes 4 > requires you to update dom0 through the dom0 terminal, including handling the > backup-create and backup-restore in the dom0 terminal. I suspect a GUI might > come in the future though, when more developer time can be focused on it, as > they're quite busy with Qubes 4. But this is just speculation on my part. oh thats good to know. I preferred the grey. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b1127ca-7058-4303-b1eb-dd0f2cc857d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dom0 terminal color is blue?
On Monday, 8 January 2018 17:02:15 UTC, Yuraeitha wrote: > On Sunday, January 7, 2018 at 9:18:54 PM UTC+1, bow...@gmail.com wrote: > > Stupid question, I rarely fire dom0 terminal... is the color blue? I > > remember it being grey long ago... > > Which Qubes system version are you on, and also the version of the one you > refer to into the past, if you remember? > > Qubes 3.2. dom0 terminal is blue (or was until Qubes 4 RC-2 was released at > least, as that was when I moved away from 3.2 and never looked back). > > Qubes 4.0 has a gray dom0 terminal. > > I never used Qubes previous to version 3.2, maybe it was gray before 3.2, and > became gray once more in Qubes 4.0? > > I'm guessing you're using Qubes 3.2. currently, or earlier, if you rarely use > the dom0 terminal to the extent you refer to. Because currently Qubes 4 > requires you to update dom0 through the dom0 terminal, including handling the > backup-create and backup-restore in the dom0 terminal. I suspect a GUI might > come in the future though, when more developer time can be focused on it, as > they're quite busy with Qubes 4. But this is just speculation on my part. Yes correct I am on 3.2. I thought someone had me swallow the blue pill ;) I don't mind terminal at all, it is just that after setting all my 18 VMs, I did not have a use. I use it mainly as a personal cloud (Atlassian stack hosting) + firewall, so this may explain. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f25f709f-67eb-4176-bd93-2192ec22a7b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On 01/08/2018 11:34 AM, cooloutac wrote: Corsair has crap quality control, and evil engineers. EVGA on the other hand, is the best quality in PSU's I've ever seen, no matter the model. I've also had cheap psu's not work properly with a ups, but never the case with an evga psu. I hate to sound like a shrill, but noone comes close to them in the psu market. There is no comparison. So I take it you purchase a large amount of hardware for an institution and thus have more than anecdotal evidence? Or you have removed the PSU cover (DANGEROUS - DO NOT DO THIS) and examined the quality of components and quality of the assembly process? On 01/08/2018 11:44 AM, cooloutac wrote: I also would never buy corsair ram. fk that company. My fav brand is G.Skill. Neither company makes or assembles RAM or power supplies - they are simply re-branders of OEM white label products. Even companies like PNY with real factories (see their website, it is in new jersey america) are not really making "RAM" they are simply a pick and place operation that assembles PCB's - there are only a few manufacturers of memory chips in the world, those chips are then bought by companies who assemble PCB's. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50e5e505-c4a8-2782-5be0-7cf7546866b7%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow
On Monday, January 8, 2018 at 1:27:45 PM UTC+1, Fabrizio Romano Genovese wrote: > No, my PC is a Dell XPS13, not a Latitude. But I have some news: > > The booting problem is 100% dependent on being plugged or not. Precisely, I > observed the following behaviors: > > Booting plugged: Everything is normal, PC is fast. If I unplug it afterwards > nothing really happens and performance stays the same. > > Booting unplugged: FUBAR. Slow, unresponsive, battery draining over 9000. > Plugging AC adapter in afterwards doesn't help at all. > > Dunno if my intuition is the right one, but it may be that the booting > process, when unplugged, triggers some sort of fucked up setting regarding > power management that causes havoc. Note that, in my case, the only important > factor to consider is if the AC adapter is plugged/unplugged AT BOOT. > Connecting/disconnecting it afterwards has no effect whatsoever on > performance. That extra information you discovered is really insightful I think, where your power management stays as desired after unplugging (after boot), based on the two scenarios you listed. This should make it possible to narrow it down to 3 further detailed scenarios. I'm no expert btw, so listen to Marek who is far, far more knowledge than I. But for now, heres a suggestion to narrow down the issue further based on your new post. It probably means either of the three scenarios: A) Xen is not changing to its own preferred power-settings over the BIOS/UEFI/EFI/Grub boot power settings (Can be changed bottom up from BIOS/UEFI/EFI/Grub?). B) Xen is maybe tricked into believing the preferred power-settings due to incorrect BIOS/UEFI/EFI/Grub settings (can be changed top-down from Xen?). C) No settings available in BIOS/UEFI or executable commands in EFI/Grub (Nothing that can be done). So there is possible a top-down apporach, a bottom-up approach, and a scenario where you cannot do anything. I believe the command Marek listed is a top-down approach, while changing power-settings in your BIOS/UEFI/EFI/Grub is a bottom-up approach. Given your relied information in your last post above, you can probably deduce that a bottom-up approach can work as well, since as you describe it, the power-state you're in during initial boot, decides the overall power-settings irregardless if you unplug later on. Question then, would be, what to change in BIOS/UEFI/EFI/Grub? And the Xen top-down command Marek mentioned above might also work too. Just be careful with power-settings, it can damage your hardware severely if a setting is poorly set, and it's way out of my league to say with any certainty which settings are fine to change, and which are not. For now though, maybe try take a stroll in your BIOS/UEFI and see if you can identify and suspicious power settings? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4047d3f-2c02-455f-a76b-90118d358cd7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland
I am bumping the thread as I greatly appreciate when companies search for applicants like this (instead of with the usual DICE posting with absurd HR specified qualifications that filter out all the honest applicants.) Also please let me know if you need advice on libre hardware purchasing - the various pre-PSP AMD libre firmware available boards are becoming harder to obtain so I advise obtaining some sooner rather than later - moreso as the G34/C32 Opteron CPU's are not vulnerable to the meltdown/spectre trouble (they are only exploitable with spectre part 1 if an obscure sysctl is enabled, however most distros have it disabled by default as no one uses it) On 01/08/2018 03:58 AM, mba wrote: Dear Qubes Community, I am reaching out this way on the advise of Andrew David Wong (Axon), as I am in need of finding a part time "jack of all trades" IT person, who has knowledge of Qubes to an extent where he/she is able to implement this in a small office environment with a handful of users. There will also be other tasks, such as alarm system / video monitoring, networking, server etc. etc. We envision this can be 50 - 100% workload (up to you) for a few weeks, after which we expect maybe 25% workload after that. All very flexible, BUT it is necessary that you are able to come and work from our office in Sihlbrug/Baar in Switzerland (just off the highway ... busstop 200 meters away). Due to the nature of work, and given that we cannot offer a full time position, we would expect a young person who is studying or is an apprentice, who would like to have some additional challenges and earn some extra money. However, it could also be someone older who's in between jobs. Important is knowledge/experience with Qubes, general IT/network and the ability to handle and solve challenges as well as being flexible, self-starter and work independently. If you are interested, please send me your CV, which also must contain a recent photo, email and telephone number. If you know of someone who could be interested, please let them know (or let me know). I will be looking forward to hearing from you on the following e-mail address: m...@corpconsult.info Best regards Mogens Berg Andersen MBA Consulting GmbH On 2018-01-05 01:25, mba wrote: Hi, In connection with my clients plan to secure our entire IT infrastructure, we are looking for a part-time and/or short term Qubes enthusiast who also have good knowledge of networking, as well as the ability to work with various hardware. It will be necessary to do all of the work from our office in Baar, Zug, Switzerland. We see this as an ideal opportunity for a knowledgeble and motivated individual, who maybe now is an apprentice / student / unemployed, who have spare time and the wish to earn some extra money. Working times will be very flexible and with a high degree of independence in terms of carrying out the tasks. I do realize that this here is not a job-centre, but was wondering if you have some inputs as to how to get in contact with such an individual? I am not myself at all skilled to the level needed, and Google searching as well as various fora's did also not provide any useful pointers, so I'm hoping you will be able to help me. I thank you in advance for any input you'll be able to provide, and please feel free to share the entire content of this mail, including the contact details below, as you see fit for the purpose. Best regards Mogens Berg Andersen MBA Consulting GmbH Hello, I suggest that you ask on our qubes-users mailing list: https://www.qubes-os.org/mailing-lists/#qubes-users -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd24c312-e7be-9a60-1dd0-b5d6b0643b5a%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks
Is there any news on a fix or work-around coming for 3.2? Converting all the templates to HVM is doable and would greatly improve security, in light of the severity of these exploits I see no reason not to do it despite it not being in the original requirements. I would appreciate advice on how to perform this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b56e709-1101-6a58-dd71-45d629b9773c%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
> Or you could just buy POWER 9/TALOS 2, have a libre high performance > system right now and stop waiting for what will never happen (and would > be immediately fixed if it did) Talos 2 looks nice in theory, but: * Qubes OS does not support this architecture. So you are going to have something more resistant to backdoors, but it is also less resistant to classical exploits. If your typical threat is not like NSA, you probably lose security. And even if it is, it is at least not clear win, as NSA could use those classical exploits anyway. * Not an option for those who want a laptop. * It is quite expensive for needs of most people. That's not to say Talos 2 has no merit. It might have some niche, but it is far far from a solution for masses. > If you buy new Intel/AMD CPU's you are supporting future anti-feature > development. Maybe this is not that bad for AMD: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option But it is still matter of trust. Not having PSP/IME does not mean there cannot be any backdoor. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/751ae8ce-c183-4d2e-a17d-6637d029221c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Sun, Jan 7, 2018 at 11:23 AM taii...@gmx.com wrote: > On 01/07/2018 12:14 PM, Wael M. Nasreddine wrote: > > > On Sat, Jan 6, 2018 at 1:57 PM taii...@gmx.com wrote: > > I did build PCs before, but that was literarly a life time ago (early > > 2000's), and since then, I've been with laptops. I was aware of PCI-e > > compatibility, but I did not know to what degree the difference in speed > > might affect the GPU. Would a GTX 1080 work for instance? > There is no real difference between 3.0 and 2.0 even with 4K, Crossfire > and the latest cards so having v2.0 is fine. > As I have stated before nvidia is a bad company and you shouldn't buy > from them, they do not support owner-control, actively hinder linux > driver development and VM gaming. > Good to know, thanks Taiidan. In that case, it's good that I got myself an AMD Radeon HD 6950 ( https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766), I'll use this one as primary, and I'll wait till the price of the Vega comes down, I have my eye on RX Vega 64. > Don't forget your board standoffs, and don't confuse the PCI-e power > cables with EPS12V. > Since it has been a long time you should brush up and watch some vids > from reputable places, you gotta be careful considering how much $$$ you > have spent :] > Will do. > >> Hey when you get this let me know if you need any help setting up VM > >> gaming it is very difficult but very rewarding. > >> One gotcha I have noticed is NUMA alignment, each 16 core CPU contains > >> two NUMA nodes and performance will suffer greatly if things are not > >> properly aligned (gets tricker in VM's too) > Are you talking about alignment of RAM? The KGPE-D16 specifies the RAM order in the manual ( http://dlcdnet.asus.com/pub/ASUS/mb/SocketG34(1944)/KGPE-D16/Menual_QVL/E8847_KGPE-D16.pdf page 2-17). > >> > >> > >> I will definitely do that. > I eagerly await your gaming benchmarks, there are several triple A games > out there that support 16 cores and you must try them. > >> TPM: > >> I am not sure about TPM's I would call ASUS and ask for a board > >> compatible part number. > >> > >> I might have to return the one I got then, it's a Gigabyte TPM module. > Like I said call and ask asus what model number you need for the board. > > Ideally you could simply use whatever same-generation of TPM (board is > v1.2 not v2.0) as it uses a simple LPC bus for communication but you > might as well buy whatever asus tells you to so to avoid trouble. > Coreboot devs tested with asus's infineon brand TPM. > I assume you have bought a TPM 2.0, if so that definitely won't work. > I'm aware that Linux does not support TPM 2.0 so I did order a TPM v1.2. I'll give ASUS a call to confirm it works. >> Newegg Links: > >> I can't view newegg links, you would have to find a OEM link to show me. > >> I would get a 1KW PSU from a reputable company, like I said dual EPS12V, > >> modular and japanese capacitors is what you want. > >> > >> > > I got this one, > https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1 > I usually don't recommend evga as I don't like companies who sell both > good and bad products (their lower end stuff is crappy) but that seems > fine, good reviews japanese caps and a nice 10 year warranty. >> Case Price - no more than $200 unless it includes nice front HDD hot > >> swap bays - Don't use the PSU that comes with the case. > >> > >> Unfortunately, it ended up closer to 400. I got this one > > http://www.norcotek.com/product/rpc-4220/ it was difficult finding EEB > > cases. Depending on the noise it makes, there's a braket that I can > switch > > in it to change the 4 80mm fans with 3 120mm fans. In anycase, I wanted a > > case that has wide support for boards (CEB, EEB, ATX and mini ATX) so > later > > on I can update the components and not have to reinvenst in the case. > Nice case, pricey but with an HBA or RAID card you can install all the > drives you'll ever want. > It has good reviews that mention the high quality, good choice! > Thanks. > >> I would also get front drive bay HDD enclosures that have a fan > >> otherwise your drives will get hot inside the case and be a pain to > >> service. > >> > > this one does not have a fan, I'll add a braket if I see a need, but I > > think it'll be alright with the 6 fans it has. > Yeah you sure will, since the bays came with the case you won't need > additional cooling as they have already taken care of that (with the > assorted case fans) > > Send me links, titles, prices and used/new status for the rest of the > stuff you got and I can look it over. > Sure, here's the same list with direct OEM links, BTW you can just use curl to get the 302 location of the links without having to use the browser for them :) - Case: http://www.norcotek.com/product/rpc-4220/ new - PSU: https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1 new - Motherboard: KGPE-D16 new (opened box though) $270 - CPU: 2x https://ww
Re: [qubes-users] Re: new Desktop build recommendation
On 01/08/2018 01:37 PM, Wael M. Nasreddine wrote: On Sun, Jan 7, 2018 at 11:23 AM taii...@gmx.com wrote: On 01/07/2018 12:14 PM, Wael M. Nasreddine wrote: On Sat, Jan 6, 2018 at 1:57 PM taii...@gmx.com wrote: I did build PCs before, but that was literarly a life time ago (early 2000's), and since then, I've been with laptops. I was aware of PCI-e compatibility, but I did not know to what degree the difference in speed might affect the GPU. Would a GTX 1080 work for instance? There is no real difference between 3.0 and 2.0 even with 4K, Crossfire and the latest cards so having v2.0 is fine. As I have stated before nvidia is a bad company and you shouldn't buy from them, they do not support owner-control, actively hinder linux driver development and VM gaming. Good to know, thanks Taiidan. In that case, it's good that I got myself an AMD Radeon HD 6950 ( https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766), I'll use this one as primary, and I'll wait till the price of the Vega comes down, I have my eye on RX Vega 64. I would have advised purchasing a lower power single slot fanless model for your primary video - as that is dual slot you will be wasting one of your PCI-e slots. You can still use that 760 and it would work fine, I just wouldn't buy any more nvidia cards. Are you talking about alignment of RAM? No. NUMA is software - look up NUMA alignment. This is generally automatic if you run numad in your OS - you only have to configure it if you are running for instance a gaming VM with libvirt. Sure, here's the same list with direct OEM links, BTW you can just use curl to get the 302 location of the links without having to use the browser for them :) - Case: http://www.norcotek.com/product/rpc-4220/ new - PSU: https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1 new - Motherboard: KGPE-D16 new (opened box though) $270 Open box is definitely worth it for that great price. - CPU: 2x https://www.ebay.com/itm/2x-AMD-Opteron-6386-OS6386YETGGHK-16-Core-2-8GHz-Socket-G34-CPU-TQ1488/122885384670 $200 used - CPU Cooling: 2x https://www.ebay.com/itm/Noctua-NH-U12DO-A3/332385518775 new - RAM: https://www.ebay.com/itm/32GB-4X8GB-DDR3-1600MHz-ECC-REG-MEMORY-FOR-ASRock-EP2C602-4L-D16-SSI-EEB-Server/162349088753 $200 for 64Gb - TPM: Gigabyte GC-TPM (can't find OEM link, but I have a feeling that I'll be replacing it anyway). - GPU: https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766 refurbished $70 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed274b7c-07d5-8bfc-fee2-87b4346d2de5%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote: > I would have advised purchasing a lower power single slot fanless model > for your primary video - as that is dual slot you will be wasting one of > your PCI-e slots. You can still use that 760 and it would work fine, I > just wouldn't buy any more nvidia cards. I tried a single slot fanless and under 3.2 at least it made everything very slow, even booting up VMs for some reason. Might have just been my bad luck, but I think it's good to have some speed for primary video. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc7f1ac387c59c74c44e2a1c5db44328.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Add iSCSI disk in installation destination
Hello, Is it possible to add an iSCSI Target disk during Qubes OS 4.0-RC3 instalation in installation destination? When I click on 'Add iSCSI Target...' the anaconda crashes with the same errors as here: https://bugzilla.redhat.com/show_bug.cgi?id=1347415 https://bugzilla.redhat.com/show_bug.cgi?id=1378159 Is it specific to the Fedora 25 release before the fix on which the Qubes OS 4.0-RC3 is based? Or is it Qubes OS related issue? I've tried the latest Fedora 25 release and it works fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/84e1a109-1dfc-4b7f-993e-e6d92684482b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Monday, January 8, 2018 at 1:55:05 PM UTC-5, awokd wrote: > On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote: > > > I would have advised purchasing a lower power single slot fanless model > > for your primary video - as that is dual slot you will be wasting one of > > your PCI-e slots. You can still use that 760 and it would work fine, I > > just wouldn't buy any more nvidia cards. > > I tried a single slot fanless and under 3.2 at least it made everything > very slow, even booting up VMs for some reason. Might have just been my > bad luck, but I think it's good to have some speed for primary video. qubes doesn't really use much of the video card. It could make the desktop smoother though if using alot of effects. I mean if we really cared about security, I guess we wouldn't use a gui. I guess it depends on your "security model" lmao... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5464aba-fecf-40af-aeee-c45c86416259%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks
On Monday, January 8, 2018 at 7:36:05 PM UTC+1, tai...@gmx.com wrote: > Is there any news on a fix or work-around coming for 3.2? > > Converting all the templates to HVM is doable and would greatly improve > security, in light of the severity of these exploits I see no reason not > to do it despite it not being in the original requirements. > > I would appreciate advice on how to perform this. In terms of economics of development time and cost, I wonder where the trade off will lay between bringing 3.2. up to speed in security against these threats, versus migrating all users to Qubes 4 (hopefully RC-4 will be stable enough to be final version). Questions boggle my mind though, when would Qubes 4 overall be considered just as safe (and thereon safer) than Qubes 3.2? I'm sure at some points Qubes 4 is already more secure, but as we all know it's not fully finished and polished yet. Does it have a low development cost to implement HVM in Qubes 3.2? or would it be more feasible to recommend everyone to migrate to qubes 4 as fast as possible? Thinking about it, at the very least for the spectre attack from the little understanding I have, it seems like it's difficult and resourceful to pull off. Maybe most people would be fine on Qubes 3.2. for a while yet, while high profile targets may want to move to Qubes 4 sooner rather than later? I definitely don't have any full pictures here, I'm merely poking to questions or different perspectives and see what comes out of it. To me a solution seems like high profile targets could move to Qubes 4 soon, while the low profile targets (at least when it comes to spectre) can feel somewhat safe for a while yet? Or is that a failed logic? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd1baabb-ee8e-4fbd-bca7-0a1942d77af4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Monday, January 8, 2018 at 1:55:05 PM UTC-5, awokd wrote: > On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote: > > > I would have advised purchasing a lower power single slot fanless model > > for your primary video - as that is dual slot you will be wasting one of > > your PCI-e slots. You can still use that 760 and it would work fine, I > > just wouldn't buy any more nvidia cards. > > I tried a single slot fanless and under 3.2 at least it made everything > very slow, even booting up VMs for some reason. Might have just been my > bad luck, but I think it's good to have some speed for primary video. qubes doesn't really use much of the video card. It could make the desktop smoother though if using alot of effects. I mean if we really cared about security, I guess we wouldn't use a gui. Especially if we want to type in commands in a terminal anyways. I guess it depends on your "security model" lmao... @Tai, being an fsf guy I use to love the gnome-flashback desktop they used with the deblobbed fsf kernel. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3f7fda2a-79d6-4d14-86f1-a4391961fbb4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Monday, January 8, 2018 at 1:55:05 PM UTC-5, awokd wrote: > On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote: > > > I would have advised purchasing a lower power single slot fanless model > > for your primary video - as that is dual slot you will be wasting one of > > your PCI-e slots. You can still use that 760 and it would work fine, I > > just wouldn't buy any more nvidia cards. > > I tried a single slot fanless and under 3.2 at least it made everything > very slow, even booting up VMs for some reason. Might have just been my > bad luck, but I think it's good to have some speed for primary video. qubes doesn't really use much of the video card. It could make the desktop smoother though if using alot of effects. I mean if we really cared about security, I guess we wouldn't use a gui. Especially if we want to type in commands in a terminal anyways. I guess it depends on your "security model" lmao... @Tai, have you ever used trisquel? learning about fsf software I really fell in love with their gnome-flashback desktop and deblobbed fsf kernel. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5dc88a3b-bd35-46f0-86c1-0cfa5599071b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Monday, January 8, 2018 at 1:38:07 PM UTC-5, Wael Nasreddine wrote: > On Sun, Jan 7, 2018 at 11:23 AM tai...@gmx.com wrote: > > On 01/07/2018 12:14 PM, Wael M. Nasreddine wrote: > > > > > On Sat, Jan 6, 2018 at 1:57 PM tai...@gmx.com wrote: > > > I did build PCs before, but that was literarly a life time ago (early > > > 2000's), and since then, I've been with laptops. I was aware of PCI-e > > > compatibility, but I did not know to what degree the difference in speed > > > might affect the GPU. Would a GTX 1080 work for instance? > > There is no real difference between 3.0 and 2.0 even with 4K, Crossfire > > and the latest cards so having v2.0 is fine. > > As I have stated before nvidia is a bad company and you shouldn't buy > > from them, they do not support owner-control, actively hinder linux > > driver development and VM gaming. > > > > Good to know, thanks Taiidan. In that case, it's good that I got myself an > AMD Radeon HD 6950 > (https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766), > I'll use this one as primary, and I'll wait till the price of the Vega comes > down, I have my eye on RX Vega 64. > > > > > Don't forget your board standoffs, and don't confuse the PCI-e power > > cables with EPS12V. > > Since it has been a long time you should brush up and watch some vids > > from reputable places, you gotta be careful considering how much $$$ you > > have spent :] > > > > Will do. > > >> Hey when you get this let me know if you need any help setting up VM > > >> gaming it is very difficult but very rewarding. > > >> One gotcha I have noticed is NUMA alignment, each 16 core CPU contains > > >> two NUMA nodes and performance will suffer greatly if things are not > > >> properly aligned (gets tricker in VM's too) > > > Are you talking about alignment of RAM? The KGPE-D16 specifies the RAM order > in the manual > (http://dlcdnet.asus.com/pub/ASUS/mb/SocketG34(1944)/KGPE-D16/Menual_QVL/E8847_KGPE-D16.pdf > page 2-17). > > > >> > > >> > > >> I will definitely do that. > > I eagerly await your gaming benchmarks, there are several triple A games > > out there that support 16 cores and you must try them. > > >> TPM: > > >> I am not sure about TPM's I would call ASUS and ask for a board > > >> compatible part number. > > >> > > >> I might have to return the one I got then, it's a Gigabyte TPM module. > > Like I said call and ask asus what model number you need for the board. > > > > Ideally you could simply use whatever same-generation of TPM (board is > > v1.2 not v2.0) as it uses a simple LPC bus for communication but you > > might as well buy whatever asus tells you to so to avoid trouble. > > Coreboot devs tested with asus's infineon brand TPM. > > I assume you have bought a TPM 2.0, if so that definitely won't work. > > > > I'm aware that Linux does not support TPM 2.0 so I did order a TPM v1.2. I'll > give ASUS a call to confirm it works. > > > >> Newegg Links: > > >> I can't view newegg links, you would have to find a OEM link to show me. > > >> I would get a 1KW PSU from a reputable company, like I said dual EPS12V, > > >> modular and japanese capacitors is what you want. > > >> > > >> > > > I got this one, https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1 > > I usually don't recommend evga as I don't like companies who sell both > > good and bad products (their lower end stuff is crappy) but that seems > > fine, good reviews japanese caps and a nice 10 year warranty. > >> Case Price - no more than $200 unless it includes nice front HDD hot > > >> swap bays - Don't use the PSU that comes with the case. > > >> > > >> Unfortunately, it ended up closer to 400. I got this one > > > http://www.norcotek.com/product/rpc-4220/ it was difficult finding EEB > > > cases. Depending on the noise it makes, there's a braket that I can switch > > > in it to change the 4 80mm fans with 3 120mm fans. In anycase, I wanted a > > > case that has wide support for boards (CEB, EEB, ATX and mini ATX) so later > > > on I can update the components and not have to reinvenst in the case. > > Nice case, pricey but with an HBA or RAID card you can install all the > > drives you'll ever want. > > It has good reviews that mention the high quality, good choice! > > > > Thanks. > > >> I would also get front drive bay HDD enclosures that have a fan > > >> otherwise your drives will get hot inside the case and be a pain to > > >> service. > > >> > > > this one does not have a fan, I'll add a braket if I see a need, but I > > > think it'll be alright with the 6 fans it has. > > Yeah you sure will, since the bays came with the case you won't need > > additional cooling as they have already taken care of that (with the > > assorted case fans) > > > > Send me links, titles, prices and used/new status for the rest of the > > stuff you got and I can look it over. > >
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On 01/08/2018 01:36 PM, Vít Šesták wrote: Or you could just buy POWER 9/TALOS 2, have a libre high performance system right now and stop waiting for what will never happen (and would be immediately fixed if it did) Talos 2 looks nice in theory, but: * Qubes OS does not support this architecture. So you are going to have something more resistant to backdoors, but it is also less resistant to classical exploits. If your typical threat is not like NSA, you probably lose security. And even if it is, it is at least not clear win, as NSA could use those classical exploits anyway. You could use POWER-KVM and have an assortment of VM's with shared folders, you can replicate all the other stuff via various methods and have a better security level it simply wouldn't look as slick. Qubes isn't virtualization, it is simply a collection of tools that can theoretically be compiled for POWER although currently the qubes VMM is xen which isn't yet available for POWER (the xen devs are ignoring requests to assist with porting efforts). * Not an option for those who want a laptop. If T2 is successful (ie: enough people buy it) there are plans for a POWER laptop. * It is quite expensive for needs of most people. It fills the very high performance sector that previously had no libre hardware, it isn't meant for those like you and me who would be satisfied with the performance of one of the various libre firmware available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc... The target market segment is someone who already spends just as much on an equivilant performance x86-64 system every few years but who needs and desires better security (ie: they previously have bought one or more of intel's high end CPU's that cost thousands on their own). That's not to say Talos 2 has no merit. It might have some niche, but it is far far from a solution for masses. It isn't intended for the masses, although if it is successful there will eventually be lower cost versions intended and priced for the average linux power-user - already costs have came down drastically since T1. No one ever found money or success trying to sell to the average yokel. If you buy new Intel/AMD CPU's you are supporting future anti-feature development. Maybe this is not that bad for AMD: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option That option simply removes the PCI device and the Option ROM menu, it doesn't disable PSP - like ME it is integral to the x86-64 boot process so it simply can't be disabled. Yet another journalist that doesn't check the facts before publishing. But it is still matter of trust. Not having PSP/IME does not mean there cannot be any backdoor. On an owner controlled system that has libre hardware, firmware and software it is incredibly difficult to add a backdoor function, one truly could trust their computer in that case. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/239b4913-a4d6-ae6a-cb6c-6b38fd420bad%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade
On Sunday, January 7, 2018 at 1:15:29 AM UTC+1, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear Qubes Community, > > Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely > apologize for our failure to provide timely notice of this event. It > is strongly recommend that all Qubes users upgrade their Fedora 25 > TemplateVMs and StandaloneVMs to Fedora 26 immediately. We provide > step-by-step [upgrade instructions] for upgrading your existing > TemplateVMs and StandaloneVMs in-place on both Qubes 3.2 and Qubes > 4.0. For a complete list of TemplateVM versions supported for your > specific version of Qubes, see [Supported TemplateVM Versions]. > > We also provide fresh Fedora 26 TemplateVM packages through the > official Qubes repositories, which you can get with the following > commands (in dom0). > > Standard Fedora 26 TemplateVM: > > $ sudo qubes-dom0-update qubes-template-fedora-26 > > [Minimal] Fedora 26 TemplateVM: > > $ sudo qubes-dom0-update qubes-template-fedora-26-minimal > > After upgrading to a Fedora 26 TemplateVM, please remember to set all > qubes that were using the old template to use the new one. The > instructions to do this can be found in the [upgrade instructions] > for your specific version. > > Please note that no user action is required regarding the OS version > in dom0. If you're using Qubes 3.2 or 4.0, there is no dom0 OS > upgrade available, since none is currently required. For details, > please see our [Note on dom0 and EOL]. > > If you're using an older version of Qubes than 3.2, we strongly > recommend that you upgrade to 3.2, as older versions are no longer > supported. > > > [end-of-life]: > https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule > [upgrade instructions]: /doc/template/fedora/upgrade-25-to-26/ > [Supported TemplateVM Versions]: /doc/supported-versions/#templatevms > [Minimal]: /doc/templates/fedora-minimal/ > [Note on dom0 and EOL]: /doc/supported-versions/#note-on-dom0-and-eol > > This announcement is also available on the Qubes website: > https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/ > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpRZpEACgkQ203TvDlQ > MDA30xAAhvx58l16DPzWdjTkCDAu8X/oIJVsidabezigI3x8BFcMWuNvGpfO9wD0 > 4oJVhXvLIrqPvWK6HBz5o8zld8rZd8r+OVB7Aivh34WIdVdxZZY9vwCvbWZifdbU > jGpAMX+ivfXTB1DM4y3hZ/gq+7kScYzIPw9TRC8CykkCySqwwWJEEMCXvqGJvYxC > HspnoiCo+LP63ta438yTHPFgk6chnlKlU2rK5KsdUE69tZl3s6t1NoZaxMHUCuMz > sxmT081xqCh4+DCPZ6WzPKiKNEc8AMVD/5Axdt5mBn2rZqGYntEX0UWh7pak3Dk5 > MZBBdevbOFj0mlQ8/wStkBjNaRSOLT//PyPCeKKNf/wvOYDPI3PfUjxYM0LaKzl9 > X6go9tlbc7e43e9lbtArmvYGY7hXsAi721dvKnpng1vuDUZjKPWOFtSVS+MX/zIl > yGmYDEK/UhFYRfaaKXP2vf5YRpRPGyl/MkTN/4akEttgnXxJ/ztR8WB3+PY73R4G > AeT4zhbLSTptIneDH9wsRujBt1l1As/9ApVxt8e0nOtyou4LdVhDlkaO6Qt2FCAs > Iprz5CYWBFD7qR9qmtDHSR99rldK0uau9Ihzabe5WK+9wtMNp3+6qaIemBUS9293 > m/Wf9H63xfjrdFMsjIiduZHFBw0Q4IQeKOlT7072QFJBvr2WmD4= > =/ZvF > -END PGP SIGNATURE- I'll third that notion from above, definitely highly valuing the amazing work put into Qubes by everyone working on it, especially the core staff. I also appreciate good communication to the mass-users, therefore this post to me is also highly valued and appreciated. Although I feel a little double regarding the apology, because I'm both inclined to say it's not needed at all, but also at the same time happy about receiving it. Since being open, honest and transparent, with good communication, goes a long way, and it makes Qubes more likable. Qubes is definitely high up on my list of projects that are shaping a better tomorrow for all of humanity. Open, transparent, secure and decentralized technology is incredible important in order to maintain democracy and avoid new dictators grasping for power through highly decentralized nontransparent and closed insecure software. Some people apparently believe we will never see another Hitler or Stalin, and that democracy is something that cannot crack or falter in modern times. However power enabled by centralized and abusive technology certainly challenges that naive belief by returning more and more power back to the individual leaders as centralized innovation goes on year by year. For that, I believe Qubes is really important piece of puzzle to a better tomorrow, on the grand scheme of things into the future. I'm looking forward to see how Qubes will help shape our world tomorrow! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/744
Re: [qubes-users] Q4.0 rc3 (current testing) - power off/ suspend issues.
On Saturday, January 6, 2018 at 2:45:59 PM UTC-5, Ralph Douglass wrote: > I’ve seen the same thing. Perhaps nothing during shutdown is calling > qvm-shutdown on the qubes. > > > > On Sat, Jan 6, 2018 at 1:41 PM 'Tom Zander' via qubes-users > wrote: > On Saturday, 6 January 2018 10:56:13 GMT haaber wrote: > > > 2) Reboots hang systematically at "Reached target shutdown" and has to > > > be rebooted via a coldboot. > > > > I've been seeing this too, although sometimes it goes on after half a minute > > only to hang at some other point (after loads of messages). > > > > I noticed that if I manually shut down all qubes, INCLUDING, sys-net, before > > logging out then this problem is avoided. > > > > Next time you reboot, can you try that and let us know if this isn't just > > me? > > That may help with debugging. > > > > Cheers! > > -- > > Tom Zander > > Blog: https://zander.github.io > > Vlog: https://vimeo.com/channels/tomscryptochannel > > > > > > -- > > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users...@googlegroups.com. > > To post to this group, send email to qubes...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/1691880.VtDucUss21%40mail. > > For more options, visit https://groups.google.com/d/optout. yes Like tom I just shut down all the vms I manually created, before shutting down system. There is a script made by members of the community somewhere on the forums to shut them all down with one command. I never have that many vms open so I don't bother. Although I wonder if its any diff shutting down vms in 4.0? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0dd5bd8-38c7-4681-900d-ff39604f85ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
> You could use POWER-KVM and have an assortment of VM's with shared > folders, you can replicate all the other stuff via various methods and > have a better security level it simply wouldn't look as slick. Not sure about that. Qubes is not just set of tools. It is also a set of careful choices of configuration (e.g., strictly using HVMs with stubdoms). I might be wrong, but I don't think you can get a comparable level of security easily. You would have to take similar choices and maybe even to make a new decisions that affect security. > Qubes isn't virtualization, it is simply a collection of tools that can > theoretically be compiled for POWER although currently the qubes VMM is > xen which isn't yet available for POWER (the xen devs are ignoring > requests to assist with porting efforts). It is not just the collection of tools. You are right that QubesOS can be probably ported to KVM. Even if this is a solution (not 100% convinced), it is not there yet. At best, TALOS 2 might be some solution for future, not something you can buy and use just now (for those purposes). > If T2 is successful (ie: enough people buy it) there are plans for a > POWER laptop. Cool. But at the moment, it does not make me sense to buy a workstation I don't need and hope that some time later, they will release a laptop and someone else will port QubesOS for it. I could somewhat support efforts of porting QubesOS to POWER9, it makes me more sense. > > * It is quite expensive for needs of most people. > It fills the very high performance sector that previously had no libre > hardware, it isn't meant for those like you and me who would be > satisfied with the performance of one of the various libre firmware > available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc... You are right. It is rather a good special-purpose workstation. > No one ever found money or success trying to sell to the average yokel. I could argue that selling to average yokel for low price can bring both success and money, because there are plenty of yokels. I understand this is not for masses in the same scale as Windows. This is not necessary for success. But I am also afraid this is not suitable even for 1 % of Qubes user base. (Maybe it will be successful elsewhere, but it does not matter much in this discussion.) > That option simply removes the PCI device and the Option ROM menu, it > doesn't disable PSP - like ME it is integral to the x86-64 boot process > so it simply can't be disabled. OK, good to know. > > But it is still matter of trust. Not having PSP/IME does not mean there > > cannot be any backdoor. > On an owner controlled system that has libre hardware, firmware and > software it is incredibly difficult to add a backdoor function, one > truly could trust their computer in that case. Not 100%. First, you cannot be 100% sure your CPU matches the design. Second, some backdoors can look like a regular vulnerability. Those are even worse. Good backdoor can be abused by few people, maybe it requires digital signature. That's not good, but regular (pseudo-)vulnerabilities are even worse, because they can be abused by much broader set of people. But I agree that having open CPU design can be a good start. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89dc0d5d-6997-4aa5-a107-fe447c15ac02%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On Mon, Jan 8, 2018 at 7:41 PM, Vít Šesták < groups-no-private-mail--contact-me-at--contact.v6ak@v6ak.com> wrote: > > You could use POWER-KVM and have an assortment of VM's with shared > > folders, you can replicate all the other stuff via various methods and > > have a better security level it simply wouldn't look as slick. > > Not sure about that. Qubes is not just set of tools. It is also a set of > careful choices of configuration (e.g., strictly using HVMs with stubdoms). > I might be wrong, but I don't think you can get a comparable level of > security easily. You would have to take similar choices and maybe even to > make a new decisions that affect security. > > > Qubes isn't virtualization, it is simply a collection of tools that can > > theoretically be compiled for POWER although currently the qubes VMM is > > xen which isn't yet available for POWER (the xen devs are ignoring > > requests to assist with porting efforts). > > It is not just the collection of tools. > > You are right that QubesOS can be probably ported to KVM. Even if this is > a solution (not 100% convinced), it is not there yet. At best, TALOS 2 > might be some solution for future, not something you can buy and use just > now (for those purposes). > > > If T2 is successful (ie: enough people buy it) there are plans for a > > POWER laptop. > > Cool. > > But at the moment, it does not make me sense to buy a workstation I don't > need and hope that some time later, they will release a laptop and someone > else will port QubesOS for it. I could somewhat support efforts of porting > QubesOS to POWER9, it makes me more sense. > > > > * It is quite expensive for needs of most people. > > It fills the very high performance sector that previously had no libre > > hardware, it isn't meant for those like you and me who would be > > satisfied with the performance of one of the various libre firmware > > available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc... > > You are right. It is rather a good special-purpose workstation. > > > No one ever found money or success trying to sell to the average yokel. > > I could argue that selling to average yokel for low price can bring both > success and money, because there are plenty of yokels. > > I understand this is not for masses in the same scale as Windows. This is > not necessary for success. But I am also afraid this is not suitable even > for 1 % of Qubes user base. (Maybe it will be successful elsewhere, but it > does not matter much in this discussion.) > > > That option simply removes the PCI device and the Option ROM menu, it > > doesn't disable PSP - like ME it is integral to the x86-64 boot process > > so it simply can't be disabled. > > OK, good to know. > > > > But it is still matter of trust. Not having PSP/IME does not mean > there cannot be any backdoor. > > On an owner controlled system that has libre hardware, firmware and > > software it is incredibly difficult to add a backdoor function, one > > truly could trust their computer in that case. > > Not 100%. First, you cannot be 100% sure your CPU matches the design. > Second, some backdoors can look like a regular vulnerability. Those are > even worse. Good backdoor can be abused by few people, maybe it requires > digital signature. That's not good, but regular (pseudo-)vulnerabilities > are even worse, because they can be abused by much broader set of people. > > But I agree that having open CPU design can be a good start. > > Very interesting, it may happen that in a couple of years Qubes will be ported to it and I'll have to change my passwords. So it may be better to wait before buying a new laptop. best Fran -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qCDO%2BF-BVN12ABFLWiYy4BaDAGO9HqRSAQnnLJiEskjAA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Graphic Tablet Compatibility (basic features)
Hello all, I'd like to use a wacom bamboo graphic tablet as an alternative pointing device, mainly to draw on virtual whiteboards to do maths in conference calls. At the moment, this is not possible: Connecting the graphic tablet and passing it to the relevant VM produces no effect whatsoever. The tablet is listed among the usb devices but, if for instance one is using the standard fedora template, nothing is shown clicking on the "wacom tablet" application that can be found in /urs/share/applications, nor is it possible to use it to draw stuff. This looks like an old issue: https://github.com/QubesOS/qubes-issues/issues/2715 I'd be interested in using only the basic tablet features (essentially moving the mouse and clicking around using the tablet would be enough). In the issue linked above it is said that "this in theory should be easy (a matter adding proper metadata - min/max - to the protocol handshake, and filtering events based on this info)" I'd like to help with this, but I am no coder. I just know a bit of bash scripting and trying to check the code in https://github.com/QubesOS/qubes-app-linux-input-proxy/blob/master/src/protocol.h#L17-L28 didn't really help. I understand that developers are quite busy with much more hardcore problems to solve, but if someone could at least point me to the right research direction I could try to investigate this by myself. Cheers, Fab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c5aeb07c-25ad-4d71-913d-369f08980fef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow
Well, I disabled intel speedstep in the bios and things seem to be better. Startup time now is around 1.20 mins (still better than 3mins), both in plugged and unplugged state (booting in plugged state was around 45 secs before tho). I'll use my PC for a bit more, trying another couple of reboots and then I'll confirm if and how this helped. Cheers, Fab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17c482cf-9274-4b62-aa94-9a0868465425%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] GPG-Split + KDEWallet in Whonix
Is it possible to force KDEWallet (Whonix) to use GPG Split? KDEWallet stores system passwords in a GPG protected file. Needs pre-generated private keys. Attempting to save my password for my cloud storage WebDav in Dolphin, but would like my password stored as securely as possible. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c282c2a-3599-4ad1-8c36-680f53aaa165%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] i'm playing with settings manager, want to know is there a way to reset settings to default state?
In Dom0 in the setting under Preferred Application, I made few changes for Web Browser and Mail Reader and now I don't remember what was the default selection for them and if none, how to set it to none, because I've tried and cannot set to none... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08472bb9-2fac-4b4b-a1a8-70c07d899fee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] rc04
Hi What about release rc04? it should be release at 8/1 that was yesterday . Roy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89632274-71e2-4877-9a96-b225bfa4943e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/09/2018 12:07 AM, Roy Bernat wrote: > What about release rc04? it should be release at 8/1 that was > yesterday . Delayed until the devs have a good workaround for SP1/SP2/Spectre. /Sven -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= =59oT -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2499c72a-30da-d969-4fe1-d6c00e08404f%40SvenSemmler.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 01/09/2018 12:07 AM, Roy Bernat wrote: > > > What about release rc04? it should be release at 8/1 that was > > yesterday . > > Delayed until the devs have a good workaround for SP1/SP2/Spectre. > > /Sven > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U > H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 > hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 > lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau > aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA > VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv > X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs > u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F > h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv > 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU > 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS > k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= > =59oT > -END PGP SIGNATURE- Great time to be using a AMD chipset as they are not effected.Wonder if something like this would have been caught years ago if the microcode was open? This is a big one in terms of the effects it has when mitigated at the software level. I wonder what the performance hit will be from application of whatever patch route Qubes takes? Projections of 5-30% hit. As I said Great day for AMD stock LOL -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbbf5444-be4a-4f76-b313-8218b6bd765b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Dell Latitude E6500
I was unable to get the built-in WiFi Dell DW1397 (Broadcom BCM94312HMG) adapter working. The neither the official broadcom driver nor the open-source variant would install correctly. I swapped it for an Intel card that worked out of the box. I'm unable to create HVM domains despite having virtualization enabled in BIOS. I receive the following error: libvirt.libvirtError: invalid argument: could not find capabilities for arch=x86_64 Sleep works, but the keyboard does not work after waking. The touchpad is not affected. Session saving does not work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAGstojyxpmyj--D_4%3DQrfBp0qGcbBJo4aF_Ecjn1zG0ihYeydQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Dell_Inc_-Latitude_E6500__-20180109-020259.cpio.gz Description: GNU Zip compressed data Qubes-HCL-Dell_Inc_-Latitude_E6500__-20180109-020259.yml Description: application/yaml
Re: [qubes-users] rc04
On Tuesday, 9 January 2018 09:11:06 UTC+2, Tim W wrote: > On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On 01/09/2018 12:07 AM, Roy Bernat wrote: > > > > > What about release rc04? it should be release at 8/1 that was > > > yesterday . > > > > Delayed until the devs have a good workaround for SP1/SP2/Spectre. > > > > /Sven > > -BEGIN PGP SIGNATURE- > > > > iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U > > H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 > > hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 > > lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau > > aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA > > VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv > > X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs > > u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F > > h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv > > 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU > > 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS > > k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= > > =59oT > > -END PGP SIGNATURE- > > Great time to be using a AMD chipset as they are not effected.Wonder if > something like this would have been caught years ago if the microcode was > open? > > This is a big one in terms of the effects it has when mitigated at the > software level. I wonder what the performance hit will be from application > of whatever patch route Qubes takes? Projections of 5-30% hit. > > As I said Great day for AMD stock LOL Dont dance on dead bodies , :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01ff8061-3353-4f4a-b904-9bd4d167010c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.