Re: [qubes-users] How to copy-paste into Terminal from global clipboard?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/07/2017 07:33 AM, Nik H wrote: > This may be a silly question but I've been unable to figure it out: > I quite often want to paste something from a browser into a > Terminal in a different vm. > > Global, secure copy / paste is Ctrl-Shift-c / Ctrl-Shift-v > > In a Terminal window, these shortcuts are mapped to normal copy > paste, rather than inter-vm copy pasting so it doesn't work out of > the box. Shift-Insert is the "magic key" you searching for ;) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaKPvbAAoJEBozWgtUjzdkJn8QAM+kAw49JMRHnYTJylRM0Dox KwKADlyBw2WbCO72Jr6mI8p9zhoYuL/iByZhOZZpQVuJfLkNkU0Nuc5HaLBcfYGn pSfVHALVdTi8ak8UiCnKcnm95ZTBRcVoMqiTMSqw1iqOJxo9YV+acJaMkSuTn9cF yD/WVzSzUabQOPSUhGmnA+ktQMZU+283kTa1wAel6w2n8FIXx4hMoycJoOORE8Tg GyC57YkOUxmHGEcbeXLF02gWH/DXWBP2HRuiPRteBfKEfJzeptci2sh1701GZJ/s j4mFh+3E7ag5RHWU12XfgaumFfnrIMiT7OadqQX+O5He2z+/XBN/Kx2XPdNAdVrQ hM8GP03ofmAhGNtNnKOflfCodvWtg/mvdhhSfbLZJkLe3DQQuWyMjxEsdJCeVXIC 2PzslXjfiETlBpUT2suB9kOCx8WyM+8Bw8isIRBF3av5OIoGB2+9xz1gip2PA4nD 6FAFeWVSlpTqBLRYzfgz7fa0SuuuY5QPKp8Cu3UZEsEUtieEZAR7LxVf1btbbpNF qnabIx40vIJ9IdMfgVO0FExXw0JKYKCvsw+99WnKVsWov8NJVfyaW1a2hmzQSxC9 cs4D+2Af+NlexpDx3TkctpV88wXtJeFAUrViGq6l3LfdTkcebV+/n12u4grniTKf XeWtQzwfl39VWda7nggi =eY4w -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6b62101-4907-ff81-24b4-c07e590eb0a5%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/07/2017 04:56 AM, mikihonz...@gmail.com wrote: > I stopped using qubes because my use case depends on it. > Loved 3.2 A truly great software. 3.2 is the STABLE version of Qubes. And it will be supported for a full year AFTER the 4.0 release. So there is no point to bury it because of a missing feature in the latest release candidate... Saying it while I'm also think that removing the Qubes Manager was a big mistake. Thant new thing in the info bar is buggy and useless in my use case too. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaKP30AAoJEBozWgtUjzdkr+cP/RY1dsagzFpv3proaAaQ8VWu tS6kfiVP5zxOBKY5sAKbY6H960OGfAvMWUm0HrRafeIawYQ/9MW8LnQ+boMdOdD+ t8A1yGqyheb+rqgbFWX01QnCqjtENubibYQkYhGYUdjZzvpk/SM9YX188yqCQnsh 7tZJmozfHgGaM43o1x4I7NOxAEC4rwamv7fsKV616RjyAX4iXMdY945RTBa2x3ir gawdcsZQ7JMMFavTd5bwD3Edq1YJ2BS1S/5ATtDLubNXo2EunlyT3kJ8t16EIfS3 RVmTzu7d+WdtvNDNh2bLxMwQ77vO9F2HtvQ5NCS8LQlDLKsPhzdk3uPneJBi/N2/ hGn5oAdKdskjzNgu/i+edK2SEOjCFj8jcSoRHH46N2XQ1jL4x6XE0t1o2M53ypEJ 5Yo4nZom4O/f5wLyr+uKFau8cb2Md7UEAhv+9cGNeZzF4Q96Wka3eIjiDhERKi+H T/u4CfX0U/2fGCNVs6kLbBL4nliRCmP6J5UDwUewISpfRJ7kC5fVnptxZhY4uVmx sZ07QvyWki2pG8oGP1WyIx5JT91KNbE2RiNjzUo0y0CnxQtZCPoOIxwUHEBipQE2 IqJwZGLpd85PPoE9pNwUhFcViLcnd+VJAaLjWxkpk9R1l/U/ztkx704Dm4Dk7PM9 KcDKAkruk247e98XsU9c =NelY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fcc4e32-0381-bf9c-48eb-7c1e7f97%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to copy-paste into Terminal from global clipboard?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/07/2017 10:15 AM, Bernhard wrote: > To insert into a terminal Ctrl-Shift-v and "middle mouse" to drop > works as well. The question is rather how to copy "out of" a > terminal (say a link that is to be put in a dispvm browser). Here > the marking by mouse and Ctrl-Shift-c does *not* work. One has to > mark it first, then go to the terminal menu, ask "copy" there and > then do Ctrl-Shift-c. This is annoying. Someone has a shortcut for > that? Ctrl+Instert will do the copy task in most terminals. (Of course you can also reassign these defaults according to your needs) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaKRC5AAoJEBozWgtUjzdkq8YP/1W4gOsnMrRHwmqaePDFdU2C +jlMI0fnkm3I+YusGfV3Z2Xj9jgaVatoSz8rNUzvAIt5kpF269frUmNAp9xA6dJr JbVX7hksOmmnGj/v44xQ0Zw2iK2FsW0XtOlMipTmDx8cTVeAiK0LhAK9f0Ms22iY i67KxlcLCYF/t5+p4IObeKzU3veBBsTCrHC+GELKacyxDmtG85GZKI608iQQF4Qy V21PBaD4JBAWHSZ/1G9Bif7mo1dpTqpVPF8zhhLjWpLudjamiDQGLxAjao57mgBV wrknumEMLcJE2y+PMHiOD6sg/WiJIkjZ9/q3aYX+Yj62ZuhkJQ86xiGoS/bubMtg viuaB7bfzfiR0Al2csO41nMKcz87w34iVTTuv1o/ul1C4fGn7VyVt7tbOP4/XDFc nGNvMCab0Kf0meGkqAku3GMHrBhIeADAlqQ65fYdeil5GSfAt9zBUJAjCoN/K0G9 KTCiXkxeEaP1ARSFEyVe3cQ3j9Fko4ysxqEwr07+Vxtu6/bDKWjM/AqS8JilIMLI Vr7Lu7yswrN0A28owcjFIBacXszhvyu/o64Teryh5Wr8wrjyhIpTVBOTTmIZCmjC iMDIEFGnlj/QUPlRbZQXrRuJOcbC4NMqINkL6n7NjX/38Dk5D8Z+p/2AfUSjM1EO glTOe0Byn9CGkS8IQrA0 =7jA7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5671d7e0-d908-1813-b506-9ca3fad43993%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Where is ability to backup and restore backups on 4?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/07/2017 03:04 PM, r...@tuta.io wrote: > Dont tell me the geniuses behind this thought it was more > streamlined to remove the feature and make it only command > line > It was part of the Qubes Manager, so... it is gone with the wind ;) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaKVIqAAoJEBozWgtUjzdkHWcP/3odn2p6szPGeBji5IMpMwzb yHtZKFE3PyRgHpauUp7xJqnosxK34S7mwmGXRgJ5XrAJG9YPu3WaD4vQYBzFSTHK AVeih8sHjJFYhPxiDwuFqKMFihqSq3xe015pg/gGMC2XlPuaVy4HaIRW0LzhRrwf 4yWIOuG3zMmexhpiTE45dE+qxYtYboJsYro3xqIfkk3P0kVWJJNlhAUk6OGV1pgQ euflXLV8rdtdvtOUghQlynBHA7bqtsw3Qsaj59ZMssKCPQJjnTbORc7pX8ygtw5U ZGBg7tmF254GpXkTUQaSEwRkz6P/4PAk1IIHaOq8LXZQ8adod4nSPO0hj8Wi+jbF 8Tv0KiabUSdXNUcHWOizghD9gPjSAjRCGxlq+syC+lCgVms5Y+OQDogVm8UbhvQJ YwDdRMuJ2VAoZ42s6nTGktvkmZlpGb5FAzgOXFFOLaegQQCqA+k7noL5n38SB7Ye oYbpEvKJjbC4S6YlODEC/dPH9fSzGtHLibvvsYfGZrO3xXYgooYjzjeHgADb73L7 3aheHe1cGP9PIJsNpfASChomsR3jmqk+tj+C/ptJcPwDkbth1QXfhUEpP5fi64n6 6awHINvL22mrvyVJFzHUtflDChrirnuslgwTmGXemCTa8xvCDdkFei77Z2pL1SGR 5S1j5TuSZj0kIM1mgFGR =7HbX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4101440-e7dd-008e-f425-bd7717dceb50%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Qubes Controller as the new Qubes-Manager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/03/2018 10:09 PM, 'Tom Zander' via qubes-devel wrote: > Hi guys, > > during my Christmas holiday I spent more time to get myself a > decent GUI tool in order to replace the Qubes Manager from the 3.x > release. As I promised some weeks ago, today I released the tool as > free/open source software and I have received some positive signs > that the Qubes devs may ship packages in a future release. > I'll attach two sceenshots of the tool, to give you a bit of an > idea of what it already does and maybe if its worth your time to > compile :) Probably this is very subjective, but: For me, the most important parts/feature of the current Qubes Manager are (in order of importance): - - Full overview of the state of the VMs in ONE screen, without clicking. The new widget is failing on this badly, just as your proposal. - - Changing the NetVM of a given VM. Mainly because I always starting DispVMs without net access. And even the current solution is far from comfortable: (VM settings -> NetVM selection -> OK instead of a simple "oneclick" NetVM selection) - - Starting programs from a given VM. Yes the "start menu" is nice, but sometime it is just more powerful to type directly what I want. Especially on an already started dispVM - - start/stop VMs - - attaching/detaching devices. - - reading VM logs. Probably these are only my personal preferences. Hence I have no time to write a new manager for the Qubes 4.x I just shared my use case. Feel free to ignore them if you don't like 'em ;) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaUA23AAoJEBozWgtUjzdkZ9IP/32ydmOQ28Y2DkIMHXU131Gs Vjk5dnhZ77kAwKA6vDKrfXaCyKA5ut07dSnzPkcunjz0GArIeGG35UJNL4A0/EX4 FYd2cDYRa1tDF/PUcny2BukFBeUI37HjK+nwuQtjGkcQ2mYNLSTV1k2Y40NJ6NJi LWntV3u+VcrxF7i1pzsI1aq6cyAK06ZfsZepxxh6zwDqoSZsmKaFKDMjbyqEBUSg cs2luM75j+4MbcCTxYnAPve2D0Kk2vSQ8s7Egh/S+GVDBmJu0wyaVmdVOds8W7SJ R8FPs8/I5/M+13eqkcALwAz7Q1BfT5rD7/3+/H8sOIWvNqU0RDhq87ZjVINpb43t leimmZMLDSYZMsui1/ihhp6llmHRzx9aWskmJHp90csUHN3F142bArjqMXjVEdKn 00mi/cgqcCB8e8Di6hZbCFWibAUyaZnsJ2Ss2kIVLjUoINSBjd52fN6U9DdIlgsk 69GrQaCcOyfOjiv4VYZKZpUDSEgHZWScWECEe7PlPR73DGRBY5L49KPSqpzUJgIG a2bP0sMTqYqykhZ+/7IH5BqEq4m5CgGVZCTXC0pYwJ6jd7L6VcanXayeHaLf3lis 35oxKOiEk2Lit2bEj8f3sfdBp0kl46rikKpzWORp9pvrg8xU4N/YveA0lzDR5Q4J wE/hkPkuAe3s9Srwj3SU =E+5l -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32e96efa-8650-2f48-04da-2b78e83074ad%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Troubleshooting IOMMU compatibility
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/17/2018 01:58 AM, jspiegelm...@airmail.cc wrote: > so I'm wondering how to troubleshoot it and see if it's just an > improper configuration by the motherboard manufacturers that can > be fixed in some way. > The only way is to ask your device manufacturer. As the proper IOMMU support is depends on : - - CPU - - motherboard chipset - - BIOS all of those are just a "black box" for us. (I have seen some cheap devices where the BIOS was hiding the virtualization features intentionally) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaXxANAAoJEBozWgtUjzdkdnsQAMeMT81QNZipus1LZv6xuYn6 yfWd23l0XUNtXMZa/ULot9UbBjrnn7UlRcgt2kqBgWAFUUHv1ouQKucQoeI99nF8 1FKO2477IbRJj8rAWk8iDgQnLbBsyh/1KIe8eiGS9rDSEblnpHDmNzo/GHRW887n BK1sufp4YlfTmXV+5KZjGMt4FIeyTIR1Q9Q1ZcjiKhQjq+DHi9v3f4Aw8RZ2vKgZ 17VsjRRP+akXMVSi/uBP7uzmRlKpbNMN2ZzKC/BamW1fqhjwDzHyWbAUS4h+kfG9 ZFLtyNSh71+7qfLBZoQOOHI41qBXPIqvSNMUPlRZSX/efD0t5nOaHBo8xrWzvxTf jMxcD7xQ7lHyMugTSAMla7yt0gXXgmv+g3m5mP/mFFJARmWWug08LV+8VtDnZgfR C3v91uKISdMCOT02Lsk4jg322/KdFXkxH+orOjige+2GceGlwgxGdYKY5bkc9Jk3 kKrVcJJw0lKBa8D9zOGWcqJ2ZWIKZyDnFX2YTJsfhzE8yY+LvWJ8bMo7ZOPZ1KBZ S+dhMdMQQYrPv8hCf75KkbLhwdJGqwaqwsXrif7h+rnPm1bjsqvBdU6M+vAU+azR o7DbJVZAtgdmAJrxt0WVahjqK/iFXw+Id18jR8EoYhIXHDZpUK1e1EJEjtGgJBoz 54E0c+7AFvOb/86fiMRH =o5/W -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8d4a276-e41a-714f-4e7b-da6f2a960be9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Strange error: mouse can no longer select anything
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/11/2018 05:38 PM, Devin T. Theriot-Orr wrote: > I've been using Qubes3.2 for about 6 months as my primary machine. > Some time recently, perhaps in the last month, I've started to > experience a rather deadly usability problem where the mouse will > no longer select anything. Everything else works, I can move the > mouse, I can change windows using the keyboard, type, etc. But > clicking with the mouse does not work. Only solution I've figured > out is to reboot the whole machine. > > I don't know if there's any solution other than reinstalling, but > if anyone has ideas, I'd love to hear it. Is this issue can be related to multiple monitor setup changes (for example attaching/detaching external monitors) by any chance? - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqBTmcACgkQGjNaC1SP N2TJ3BAAm2ERFkyq+EuqLeDnZrh85gctYu70B0+rK+MnAKsOMzvL2Y7H2y/QBwQC FW87SqQsYs0lgc9nKzxFpoKsEUtfDxPXbAQJw27GNZyNpxgfQ/bixjUzjCmydkD/ nNAcUjeTdJnx+uLjGUI6zkPAtdZh1mYgyciCh6avlFg6PevxkVp2kFxT7CW2gDN1 vrFNFH+QtplMFQB/uwSUR2EwILZCDSkcWvPesRMRrKkcdouJs8mwFqroIavjK+KQ G2Xhut2/+hA/F4xDKyYep4WzPRrwMa8WzgqAht2mIXchECp5cnqd1dt745FNSRB+ jVGLW9uM3ZMhGXTPCdwxEzHdmWCwErfQ2V8mqBsBjZ92vXaydLbeve05ntK6aK1U 2hPDIoHriu63jvVLO8PowDApmNALpuZXb9/LcIaFy2TFwxxMqnhhSAIVygWPZ9o4 J1wBLQFdE8Xh0xrncELRD4o5D5CZFTGKVKmc9Cc9ZcVxfYGSw4CecCzGRVz8NkO1 PzJo9wrccGxRjErWe1x9xGmLvjplgnIYulQ7N1SH44zU4S59TCOa+9ZuJ5dOUqcX u1va8IfAETaDIb41hswfq2bLVjtPV7TvVZts3lcmCbLVJF9urCszx7B8uTuyp3K1 o1cjcBqqhx+gEMoaERtzy9IrNf2O5mvf9/X81o+deZb3MO/Ud58= =Tpo0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35d4cbdf-9579-f907-77ee-b8e5eb4ce46c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Strange error: mouse can no longer select anything
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/12/2018 09:44 AM, Yuraeitha wrote: > I switch/add/remove extra monitors daily, sometimes even multiple > of times daily, at least for my part, I've never encountered this > issue, not even once. For the record, I use Qubes 4 as well, since > RC-2. Asked because I have similar issue (using R3.2), caused by wrong monitor layout definitions. Means the actual window placed out of the screen known by the affected VM. The resolution is to run this script manually from dom0: qubes-monitor-layout-notify - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqBe5wACgkQGjNaC1SP N2Rj3A/+JPtUCv34nE68rdDuI7Zua9IWgYz0rbDl8F+RBqduvbfJq4cPX/KEZ93P 06YislJjFRy4t0f5UYLExrWvhHlkYYGuA8jCLC5oHOFGkubafC4Ip47paWDdqtJW g01nD6xXi4yqzS4fKXpr3JYLvn3Q7VUfubiIDdRXssd2UGwKDN1V8gUDYUkRFIaz 7rTzPnkpAyCddPkJNzkMisLrMP2VS94djQq5Xof8dbX7IlszTVwejpJES+DzFYiH kBcZ584p+gOeoD64iZ9eAon6y8qZaBCTsEm1f1PEbIaUViBxeKT8mieQgVO04N12 RSdPj7BNMBXpJSHieHFzI/EApfKmCFyv19/GhIqNeYgz1gcXhKs/cZJ1J/8iYX/H 8TZqPAD75I/XNPZOscIxY6m4Nfuq/RwxB5vufvlX11jWhyKvey4lKDMupkBKUaA5 4u7HMbWWITGSjB0VH4i2Sl9r140ihjTtBGpkr/kEQAenz0BoF26S77fsiV7AH1Ep dBOxEX0QtdZU3VwKGTTQi4f1/OVK3TZC91KvBOqbTYJbB1pB+HQi08LGzqLGbhap q+WoP8JRk2qKFw3/FvDxjzsYqu0RmC/oGSYYFIORp5ZnTJ5zbiE48Pwl5uLfCOEU E03xPt+T9BBGoQs1bVeE7wD0y3TJLoxdxPHet4TnUCtq7bqHXl8= =u6WG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efbc8091-8f69-49b2-17e3-64ae14916cf0%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/28/2018 09:39 PM, Yuraeitha wrote: > > It seems from time to time that various people have shared a good > unofficial script, guides and 'how to's', and even code, for Qubes > related content, on their github page or similar. The problem > however is that while shared, it isn't very visible, and even if > they are from time to time mentioned in a mail thread, it quickly > gets buried under many new mails. It often isn't feasible to use > the search engine to find these either. > > Of course everything could be put into the Qubes doc page. But > first, it's getting pretty large and cluttered and will probably > only grow bigger. Second, the Qubes doc page does not show on-going > and un-finished work. The strength of seeing unfinished projects, > is that we can help each others finish and test them. Scrutinize > them for security issues and reliability issues, before they are > considered for the Qubes doc page. > > To solve an issue like this, it'd be helpful to have a place where > we can keep track of everyone's projects which are shared for > others to use. It may also be worth discussing on quality and > security, and how we "censor"? bad scripts/guides/code. It could be > done in many various of different ways, which is also why I think > it'd make sense to open a discussion on the matter, so we can find > the most preferred method. First though, a location might be ideal > starting place, where to keep everything updated? > > Initial thoughts - A https://www.qubes-os.org/doc/ page listing all > the unofficial projects. The most simple and easy way. Have you seen this page: https://www.qubes-os.org/qubes-issues/ - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqX244ACgkQGjNaC1SP N2SdmA//R9MMEoRIww3VVxSMhgLX8E/pAVnMLFjbJj11KyfVqIyGnB32x8ZXn4Fj Ep2HDuTV5Gz+UiJHl3dTcO/1k7CII2SCwo01JWcOyuR02HFxFyEnMSO8ZezfZbuS Uy6LozQ6gFQO5YNKH3D21UfOEw9Hg2XFVu2EreN8KmTJCbS3J3tX2OElZzGFb27k Lvz2BdSYl9emx2+GdmxJSzQsYFQcC5a7q3zxPqfApXUn6W1UHTWGNY8Roijz25EA luLfolwiae7iE7a17dLslqBcdB5bW/Jb4Sf7dx0cTKx5hvT5YO3EcikNeyAkiQ3m tMi9dPK1NgvgkCd7liHYLSfdRm3LkN+DrGkcN5yOIGldLgwDFUtJnhhjfpYvcINQ fqdXZYuTtuswP02VR5HnTJ9HX7+eCoUBT+Uk4N9GABYwVRODHLx6KqSOJ2YT0I3R ZvM2m0qcfdGSQEkp9cK2gKgvrVL3Odbw+Lhm25KvGcviR/sJr+LOxxE76lu6TOvg qgBsbPlt5L0ferDt67IHfkrspz3juxEiF7+O0ZTmcvIKmbvMCPe8K2NA00Uo+y0j kUErAdUomPWXoPPFdRo4i+GWLNPyo2EiBi6AXIwYFWZIbjcMmPNab/DGJrWFWFX+ ZxFZBmf+8+rkAV2PYWi299LUQjjWLEizrEX6l+Dja3eD6wCBlZc= =+Zw+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e93fc79c-5aad-d190-c32e-82e85d664d6a%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/24/2018 01:26 PM, 'awokd' via qubes-users wrote: > I'm attempting to convert the above into a Qubes doc > (https://github.com/awokd/qubes-doc/blob/transproxy/configuration/tran sparent-proxy.md) > > but don't have a Squid proxy to test against. > > For anyone who does (or is familiar with how they work): A) Does it > look right? B) In step 3, adding apt/dnf proxy settings to all > AppVMs based on the same template as the UpdateVM's seems a bit > broad. Is there a way to fine-tune it? C) Any special R4.0 > considerations? Well the biggest issue that if you have a transparent proxy that means you do not need any configuration about the proxy. That why it is TRANSPARENT. So it seems your corporate have normal proxies, not transparent ones. So the title (and the usage of the term: "transparent proxy") is misleading. Beside from that it is a good collection of all the possible proxy settings locations. - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZGWQACgkQGjNaC1SP N2QDHA/+KDsuGTavjimlA3nd6W0Wh7zmV7G8E7SFrF/NaY4ntftREKew8wPART6b Jq+nIkTBLGadVsjs0vyZA/6e442wT8fQ++yr+1oBcwlPK7fwUJ06n0qpS7ZPsrKG SXorr/oORb3O04Ru1fMAruxx3NvB+lOkJVnCFyG6KVaPx6sAfhvjVI6D43dm9xIl zBL9N537cU0o6EMw6JSMxVXu9+MvjD+vS4P/NOQC8rJj9I/t7j9GkbNI29RF+rAf UAtOFzvFD/4kYiym4pf68O/SSi2BNOw/Y7X7MYC2MPo6W+jsgMmcaZOUzVdvxvcW EaBj+floNKOxce/dwwMNLxEfRV+D8sQKzw4L0l/m9YcK8FdD0+gd5bby4xMY9f5e 0dTcDZ9dvbQ/64zv5KWyGLQ+/n48S19T/X2oOGMIKR8jTmnBhrd3Ft48Olhwe3Pn 8wDjxtbIK6B8Wdxl5rDYhjBGpsRlINzZr/e+hH+8H0bjWOJev6dgIwRzCKBaXLwM 8PVLxEQgweQWULX/be5LI3LILC10gqm6jXXpscvc6ZykjXiOHAsU5FfZ/bs120HP N2sHPE7K/mbgElbqZ8WhT+UrmIcaTacKmD35P6fRrLSggrgOrZKG7XsrbUQdRwH4 tauugFJmi99/QiuodJSfrn0Nrqb7uZHWEvng6iHlGEjP7FgEyBc= =4Qhq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89477a12-a979-a273-a369-83ba2c8336d4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Netvm reassignment blocks network traffic - 4.0rc4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/02/2018 06:19 AM, 'awokd' via qubes-users wrote: > On Fri, March 2, 2018 5:04 am, Chris Laprise wrote: >> Whenever I try to assign a running appVM to a different (running) >> netVM, networking always becomes blocked. I have to restart the >> appVM in order for networking to work with the new netVM and >> to do that I have to kill the appVM first because it won't >> shutdown after reassignment. >> >> I think this may be a bug. Specifics don't seem to matter, the >> VMs can be plain firewall or vpn, debian or fedora on either >> side. > > Sure it's not a feature? I could see opportunities for leaks to > happen if the firewall ruleset gets swapped out live, depending on > ifdown/up etc. sequence. No it is a Xen related bug in the kernel version newer than 4.14.12 As I reported here: https://groups.google.com/d/msgid/qubes-devel/05031ade-b019-986e-e378-32 cc8fff916e%40zrubi.hu - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZG1UACgkQGjNaC1SP N2RvbRAAsq5QPJe6U35nmxKvMkQGxEYVN9r3Kl9kncO5y8Btsa9kTFeiYNd7IxcQ Nocas9RKMSkyqRQHlvz1UC5NbqJkDe1GZFwND8MW+oh85iCSm70jNvED6slgoRSR H8f0vFf/OvGaS19/xPFfnKWVVZll1Iq3W5fFXz6/DR8FHQfOKKMLXd481YGdB4UO LT5f67cttc+2biJxUZQMlJy2DLcZtVXhHi7+FjMPSuTkDH2ID5kMwe7E85fGyw2j E5yeAc3UnLlPqu8UV2nHkkBLmXA6NDkHs1qz6IpS1MBztYPk4hacGKm45+mSmgN7 g86bLKVK4ntMMiofCV3EVHFNwYZzM91rAdqQqL4orA+CfxoEGqK+1XTKeVo+gjkD EQFnpa5HbCQPzX6lzn5l98uxolRa3L6H1MriEmbXuoL2qrOoO3YbssIJPSCnZe/o lpQ8gupEqr7XH24t7k81Mkgx4tUi8+M07iVljXVDWYy60a92W8l8wxp9ypH+Yogf RlBAYIPOzVSndhMkfkINWNfAGj0Iujwb2ocF1KDUN6pwIm0DgwxVtoNNUYSxOZTS j6fw2TNYMTW40AxoVn5+uS9+ZiLYrEY19XyZOZvnd+gR0iO6SCFR7Eo6qPQpRsic V+vdwE0eUwrRPoas26J+je9xL1lLIeL2niPsuWXrN1YLgkoORs4= =NDyY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f787690a-67fc-2d6f-ac14-9a0f19866767%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Q4-rc5] Custom VPN/ProxyVM problem. Please, help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/21/2018 04:56 PM, evastar via qubes-users wrote: > I do another research. After clean reboot I tried to change > "networking"-vm to another one for my AppVM-client from Qube > Manager. Without success. After I do this I loss my network at > App-client and I do not know how to fix it, because if I manually > change "networking"-vm again to the first one I still not have > network. Only reboot of AppVM-client helps. Seems you are hit by this bug: https://github.com/QubesOS/qubes-issues/issues/3657 please check your kernels, and report back. Thanks. - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqyrtoACgkQGjNaC1SP N2SwQA/+ML/cbUQM8LxwbPaNvUgo2wotTBmK90aKe7oBnCH3HXpYk5odi8Sr9VZ4 h/96rHwg1SAfki0tuau2kwl3Qsmy1CZtLcaeAqwXOI55ASGPZSi3nTBK8yx7a76q SUBasuUf65t/VthTzOyWTjlQsmtOog4/27n9L0z5reN6LULqDt635pM+IDzCWe2W Mcc6p+4tfx3tCjDfso4KWJ/g6HMKb/QgxkSElX1/wgrs1myAJOiBibbKfnUzI6/7 4L1LjXyFNJYNZ+cumhxjSG9/EWHS0Zkta/oS0H1zktiuQpIRIwbPsONjbHNSlDc7 pGP2fFuzaFOyjmYjck0F+prfgDQzWKVAh+sUVGWqJcWSh8sZK5vmemm5T4Sm6fk+ a+IysIItEfTGyaGxdZVXN6bEj69kvQi50PU4vtYS7jwcFmOZxoWVmF9n9BrPF78y SYN5+ZfqNsc6EKIOakZLq36fqGW3tk7bD6PuVeLgiV58C9YGFoZc6QdwBZm+XvnH VAN6+s1JY1nQRWEEzc7Q7F0NDB96HpbzNMd4FAtJlBuzyZQLE0UFvgpvB57DY5kr 3piSBo75I+2nemF8By3KkSdfUp/QFOUb7ZhfD3aXPg0vL9PYm6itXz4l+UZGA7sM JIeu5n/dcw8uf4jjSSVtH+i2JMU2TujpvoiLp9IsT5haqeFlaiQ= =GI08 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba956ed6-4429-b3dc-f36a-0f7fce76800c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is Template concept unique to Qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/26/2018 05:08 AM, franco.g...@tutamail.com wrote: > Security considerations aside, it's so convenient having shared > root filesystems that can be updated once for multiple child-VMs. > Is this feature unique to Qubes or is something like this often > replicated when using other hypervisor systems? VMware using similar solution for handling snapshots, and non-persistent disk images. VMware VDI also using this for provisioning new (disposable) desktops. Don't know about the others. - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlq4eXwACgkQGjNaC1SP N2SxFA//Wr33HvkNh6J5hUbs42K54lpMJI+7eNKwwwcSxoH+Fh6oPSZ67tlrUHWB HWeFGFZeq6ZwPiQ4dIkL5fx9gl+8SjaZaz1Ypb2HNwlzOP3PutRnYQMraeCdbKbF UkR+JMFfb0xkxPNYIT9GyK4h4C0IGxAShP6V4rmzASKSgY7QCcSAPWyZNs1bSQ7R 7ZIU66G50Szc/YUbcpAUeaWfWNXS5YMvwnC4Oc7/trOp+AXuBPnwenNE17dtNw2r wfkb8UMrEEjQiYmc+N3WiyXMMwX0kRdTQz+SLm/CgzvxoOBjnnHWKfnoXSsmc/tA /SGMqj++/eLzSJPDJUTtGLp48vrPZee7NRz9Vkmn6144ziK3t75GCHPLr/rTnJf0 KPindCCo+6QWLmV9lycrbOJ9o+uYKHZtDUi1QZJt+KopQbWhFqMRj0KDa888vViY pTl4Dgm8LZYyjP9HUs/Z1ZLWkbcNqiCm/JA65335BtxisSh5lQwLSQMePIil2cO2 mRLwxcNBUqylYHfEXUa760ygsJ9DIOr7Ceb3+5RnqTa+RW38D/qegxgP495OPstO J9JaU4QMgwab37YaXb3J1eHf9/aQtnENVA00to/74x0PEu2y+ctdyA0ouKiAlb7A OZP4ztMSaXM1vfPE9twir9xzlpObQ2Sn76M7m96wkpUEnZge3M0= =PVM2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15a37a8c-35c0-3a03-dd2d-9b15c2f36b7c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Where to install wireshark?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/29/2016 05:46 PM, qazx...@sigaint.org wrote: > Hi. > > I just installed Qubes, and I'm doing a tor -> proxy setup with > whonix (Because of CloudFlare...), and I want to make sure it's > working properly by looking at the traffic after it leaves whonix > gateway. On my old system I'd just install wireshark on my host, > but this is obviously not possible in Qubes. My current > understanding of Qubes leads me to believe it'd make the most sense > to install wireshark @ sys-net. > > I'd just like to hear if there's any reason to NOT do this before I > proceed. I would install tcpdump in every VM, then you can dump traffic at several point in your internal network. Then you can analyze the results with wireshark in any appVM you prefer. for example an offline disposable VM. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXTUWYAAoJEC3TtYFBiXSvnygP/0RtcR1/Izi/m3iPIuVq1YjS FqsbMyYRl4fFye0DHikKUve+tlEpbVjuOT9SKx3ojCMOuMWIZmwiZYTXFMZthQTj 09J6ZSIbJ4wQ86alOPM6fXTQdyuUijK7wCVbTb01d23CB0TePpy8yyah+DJvSHav LCYr+G4u+IGqpc60waJOSyRykR5SMAW9vR2PaTYa3nIk5Xrv8npHIeXCkaq73fF7 lY6yuWmDVtx8sgVU2qkEfd0pkn+Rf+sEbMxjIUZu1lWuaaDhYGeYlS1A8Jv0EFBS qkfueceu0rVrEIb1vnZ0bA6rGpkKzXldJvRv3SI08n2EAEHvLnKVVoNadJ8WvJCt xMu9flBFy98EJlnMmO2zbyYzWenm55I05DuHHZHh/7nfxL4Avpx3N1Z1uTKBaA1R yByzeKbkidkLUtO6wCvYU8IDIbhFa2/2U58zduoJj5u1jCvioXJLPKDDEjdUQdiR CwANsF0OsuVzNu4YtTiAu6dC03czdHgzbpyiSvA2e1k0XX3fl7CU6eilyfvAta5m kL5H3CTs3AKtNkQ3gPA/7Ctkjb+LDXmP/7hW2PUHF/kmr0yV1ajjl1Z+qy3SKKkY DZOUegGJ+33mCPAkhxDK+IXF9zukahrQtOoigwn/4EsIAWnkejK/uwY5S7TOWrLk UVrvPATP+I944Dh8uJ1W =dfUa -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0aafd9cb-4d37-ba76-b645-0f5b366f032e%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] BIOS updates in qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/03/2016 01:54 AM, Buck Smith wrote: > With a Dell laptop running qubes, presumably no BIOS updates > happen, right? One could still get attacked via BIOS is some had > physical access to machine to swap out a part. But not over > internet. Agree? Disagree? Modern BIOS/EFI systems may have a remote management interface. (Dell and Lenovo business models surely has) This feature is nice to have in a corporate environment, where your machine is managed by your company. If it is not disabled and/or not protected then your BIOS may be reached from the internet (but at least from your LAN) in that case no matter what OS are you running, the "boss" is the one who controlling your BIOS. I'm the one who not even believe that a disable feature in BIOS is even real ;) So you can be never know until you prove it. The same apply for ~all the Intel v-pro features. A standard manual BIOS update really depends on you. Some are following the "do not repair it if it's not broken" process. Some will update immediately after release. You must trust the provider of your BIOS fully. Lenovo at least providing hashes for their firmware. Others may not even care about such thing... - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXVX6tAAoJEC3TtYFBiXSv9CkQALCwk/aBqpuu9zHatqJzUFn+ 3byLbx5Gu1wNEE8cna8huJdatU5Uo7V8pRmBzIFHmjqER7HavDjS3tHXwnkeikwX iiOW29pu2nPuYwQlWYf/yZlWKgtmjt4Zhc3VL0evdQCDyqqEpVKuKSs5GDQjtYRe 6bNe3gRrLnQ/PGE2aR5mW1WxRkTkBi6h7l2ubyhRrbcW3qxYnDG0xL5sDkL1MD7g gNSkAPUiFmFV6LjsxGqYeGNBB8xmXqbI27+vGkQAP9M+DdRUw++dXf9Fp94sGYSL M74CM6MZaXEJfMd2+NHuebYkkXSoKEp+dVk363najm3nVXWpCl21v1sj4xgeK+zp 7x7pnqaZOYibXCOC1PIFRFuMYvHyxFezXUGmCYcRmGHZzpsmvhqcIX7c8TBh/jqD 0qIbfg+iAgWN4yPMH6uOWT6Tt8MDjHWuEKk+8+U66zTgs38Sn5KZ706865EuP63U TIVi9xDqdlNY7BMF75JUs2YjkVP3/f3gjFevjwbPsuXmTs2VKFmWa6UYHAIouAHR 0HrQEvv9Uk5DHsCu8G8UvqKlxnx/1Rq4WNaXXjDnzAgW5BbKLiTq+AeA2wcIGmPU lUkm6qAzWKDvxmxe837bwjIxNyeL57avVLnqcB9ilZy1cyeqZOdEBjjmNoCtKjxM 7l3C350tdoZRNwqg6ojw =PCUc -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4724202c-86f0-a217-f1a5-f714350cedd4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Where to install wireshark?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/07/2016 07:48 AM, Achim Patzner wrote: > Am 31.05.2016 um 10:04 schrieb Zrubi: > >> I would install tcpdump in every VM, then you can dump traffic >> at several point in your internal network. > > If you don't want to use tcpdump for analysis anyway (I actually > prefer it over Wireshark in cases I just want to see what's > happening) you could use dumpcap instead. You'll install Wireshark > in your template VM anyway... I do use tcpdump directly - but sometimes I need wireshark for a deeper analyze. And actually I'm using minimal (based) templates for net, and proxy VM's where I do not have wireshark (or any other GUI) So I'm using wireshark only on saved dumps and always running it in a non networked disposable VM. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXVnPwAAoJEC3TtYFBiXSvgs8QAJpfvAioQ74/kv/sJzFojbrG uve0t19Mr65w7Y7bxWcU7FN2CQ9POiLA5iq+euQ4OTvxM2TA+iE9GT0JpL3q0vtf fSEYCs7L2nETJcXOMzZa2o+6DUe3ulvgtS8lJBZQJ9BSLBZ5jLwOD13IZ3nPAuTr H1UIXhiBcUXQgNKoDaleONDkFdlxSfEZcZiP7ufTx8Uj3IjK/Ec559BDx35xzAz9 kwZOyD3h0bnHYGwvWeLZ1q3+lLc71f4EBzbnK+85YF/4XRRFh5aByQ0zJiaZAiZO xnh4osUaJsMsfp8/YULYROUww44vBE+IP4hFAMeZo0FngL0VZKAiiVDnoK6oWbB0 VhBjX3G4JR7M/ZT2ww8JVyiDGIHPsClMVSt+NpilMPJFu7/LW73oXdp5KduING1M J3EPjUcPRk/NbgiKw9110//oLiLU4CBVl/T+a7EGju2+0Um8/qpifo/vw9yzBArq jvjt2qVghAJhyErMGj4oM2ksklU+HISmwMVRR8QfBVgBEK5TbFtSHpim5xSlfj0u kIlAQdIskbc4ZCBDsmasHg2SJjgaFSHfA7bajzSjS6ufkQ5AmqudU37shzgMWlDV fHvztKMxgCI6CmCLBx6N0tcyKDVbmK/6H7E5QXq/DXHd+4aRO3cBy30o8ToYY6vU qT+k3/aU4uhBRsGsODaB =FZKX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ce4b5b34-14ac-bca1-6381-8826a23fafe5%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Solving the IME Problem with Virtualization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/17/2017 11:14 AM, john.mayo...@gmail.com wrote: > I'm not a Xen expert, so don't flog me too harshly, and I did > search the posts for this subject, but couldn't find it. > > There is a painfully well known problem of having to "trust" Intel > to properly implement their "Intel Management Engine". Only very > recently has there been a hardware solution to fixing that problem > on more recent chipsets, however, I have not heard much from the > Qubes community on this point. Reference: > http://hackaday.com/2016/11/28/neutralizing-intels-management-engine/ > > Xen is capable of booting a VM with its own BIOS. Why would it not > be possible, for extreme privacy cases, to Xen virtualize Qubes > (nested VMs) such that IME does not matter, as IME would only > affect Xen on the hardware, not the VM with the open source BIOS > which is running Qubes. Reference: > https://wiki.xenproject.org/wiki/Hvmloader Well it doesn't matter what you try to achieve in a top level VM if the lower layers (AppVM -> dom0 -> Xen -> EFI/BIOS -> Hardware) are powned. Lower 'layers' always owning the higher ones in any case. This is something that most of the people out there not takes into account (and/or do not care about) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYfgVFAAoJEH7adOMCkunmyQsP+QGLXmncVjEcHOZJjX1VgLpS HUhOQoK9hCXzOpI1YiHpNGuA17YSBEgXB0TXxCwKk5If2voJiwde5ixysnnukqZL 4LFVu/D2vd+VyoJFwTQ7dO5dosIm66axin7TbXE4ejagKWYmDURhyEzkvKmiqz8q ReJT4yy4xLwO8dtFh4E1hidvLVQ6jg6HGFww6ZenHDt15AHY7iMbd6pfoybDMyXH Uifaqi/S8EMJjX9d3InR4rndYPRU8F0bl2W30aoq0raEisxuYAhauIBCb8jBFh6L /XfE8oaWcsEt3M3TpNvU0TuWDQuHZqiorVuYfFsfliJDA96mPwbikiVNpc5HwcCJ 32r9Sim45It5A0clts6ub4nPtCy04Y6QaucA/nMAWclrud/bLxjaMujBwNDQX0XQ Vwtr02wFkCKMyMjdse4uLZDeKAaHJRkrkBrhXehPMiTXYjvcx15Wp934o2VV7yPD 1v+tukvHMkbbPu03XjExRGoJs6a+3yrkHDQuNTOkEmOHZ2224GoyX0sSLX021enf 8FxXX6XkxWT/pSOpl5Gfa7kSaK9Nm8S1Q/bPFvS1gVX4rqB4MltXulXicAfBH1eU b2iuj2Yn6Za6kSxcf9SM328cF9DIavSvns+7omOb/K8sE0e3hAvFw2xsPYPsnJES tq8h2CGcFFgEFMB4JiUF =ygdh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a32281a-a3af-b725-0748-03e5151a4ba4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL Suggestions?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/07/2017 10:29 AM, Oleg Artemiev wrote: > Could you, please, point me into what is already automated (repo + > path) and related brief dox on how execution is done currently (if > any)? > > My idea how it should look like: > > a special qubes image: > > *. preinstalled on some usb stick *. has only a preconfigured VMs: > netVM, firefwallVM, user interface is not required. Qubes Live USB should do the job - but AFAIK that project is stalled. > Dom0 has a script in startup scripts that: *. runs HCL *. updates > HCL file: old data copied somewhere inside dom0 for user reference > *. copies file to net VM, These are handled/done by the hcl script itself. > VM has a script: *. checks for HCL file to be present eache > minute *. checks that internet is available *. makes a gui request > to a user to fill required manual fields (model as the store names > it, user name(optional), and so on) *. once confirned - sends HCL > file to specially assigned emaili at qubes.org What we are need from the user is his/her actual experience. All the info collected by the hcl script are just pure hardware data. Without user experience it is useless. > Qubes web: *. A sctipt on qubes.org updates some HCL html in > predefined format Here is the current workflow as i did it before: https://groups.google.com/d/msg/qubes-users/RagFsGlhPTY/HXyRCQOUBQAJ See that old thread for more ideas about a better HCL reporting. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYmZicAAoJEH7adOMCkunm19UP/3fNRVfJGnL30LZvY8FD4wou nflRzK69UClxKagCA9E8tIJnjy/qOn2GjCd71pOwuHjEUXjha8ceSYPq8SVtO6zi R7bvnRxs0nqDV0/QuIgUJiB5jFlL5g8xJzrM97KKUGzUnjBp4ch9INIo0/6xVOlm n+ElMa4LsOrf+AljMNq7XiEax5rxEvH/dAqxjcLyKMuZ2ei75hMyfL/unn8BhwHF WxrElylZa0ZiLhAOLY735JD3MW+1UHjcEeEsgyhMlSfHLtFK+GdkTnc02bWenpQ3 m8m4lcG9uioutrEsNYIgKkqWqsGNrqNkFr2P4q4VSW7+sqca6vr8fFE8E3qLO0eF 0O9jw6xv3vuEg5t8AGwTeFOmbxuMlj8RbYtvugjHOpqN6nf4k8OjNF/tUk5RNDDk PLyDqC4H9mHev1PFrZTNYf9IYGk+ldCXynxZ8jZjF9cSEQM2FXqfGJRipTgoo2Nj cVLHq8pghzte6+dwmYz+oNQcyjRPNGW+97+SiXJEoOXnpAq02JJf4Mavndcs81xr /VmwgcToVMAI0xz0FseeTaQ0mLkC4OfL/e7c265CI3XKeCGFy5ORqsq7yOTZ6Hzx kmJG1Oo8yT9+hcd8QGdGjhp9IUVkeDZbUyUt33w0iMXaREXn9Fc4TCt2NJAAhydT Xv6VsNsFoipnYbOANrVp =4WAz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df000489-df2e-6191-f8c9-e77b9f84c203%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] asus n56vz HCL update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/21/2017 02:59 AM, Oleg Artemiev wrote: > Attached file has more details. As usually I've replaced some > potentially unique numbers w/ XX. > FYI: The things you are hiding are NOT unique to your device. Instead they are the exact device TYPE identifiers. Without those you can't even tell what device you are using. Means without those ids the HCL is pretty useless. Details: BIOS: what you are masked is the BIOS version. Different BIOS versions may affect some very important things like vt-d, vt-x, TMP VGA: you masked the PCI ID. It is the only real identification of the device: http://pci-ids.ucw.cz/ NET: same as above. Without the proper masked ID you are not even able to cheese the right driver. SCSI: same again the masked id is the type number of your disk. However this is actually not relevant in Qubes. Of course you can still decide to not share those - it is up to you. I just wanted to make it clear to avoid confusion. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYq/udAAoJEH7adOMCkunmJscP/3dk1W+v+hwen9YWGVrbK/kC Xuy8OZqE+bbYVG3p8LMFvBW1BdaMbW5WJAU96t7/BtvOetmYmocfc0stvefrxTHz sMAHWV+/Xl2g7KGqO8k8QffU4mZHfOT/kb9k79yP2iPPztWmDHD0kmHW1i5h2J4U 4acNs0I+a0NRjoNaQAnHVwr4gva0g083Djhndw7rNGuIvrVmOu6qyscXJ/QaXhNV I1kwqSMRzcOO0CBAP9buhK2XLcoXC/CLjgZyzZpznibr1rtI/E+xc8rgtCBXnmvr Zdy+L78F5DYYdxBfREQuvVR96AuheXprLXW26cwNUv10/JEqYvm24MPEZSzhdhM3 qqv9pWril+M8FvxAWH3h9PssK26rHKveUGEiF5mfXHam3SX4J153E69TTY20N2mx 73Lig13e6I8269cs9Xby8pX222fAT8vE5wdw9+iVnloLiXjaLwikcp7x4eyBRjho y8wCQTdsxR6X6ds2UeKDD/+qCaIr/lIkFcJhzZ7SfkOXniGj/BjaoqHNu79eknS/ FPFq89jp7GOlIE6XldT6k7gWHEzRYKTTRVebUkvhh2OzbgfbsCzlHm7MYyAmEytA 0m4ehah2byAvsRIV8JQJ5xgD1AKDyOt7Hfb6R8xpjvO2DXnhEjnOplOz6SRmXiQq DaiaIo1o7sdJDftriIcO =RnoV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b57c46d-9aab-b0e2-4c40-dab332ff4c57%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] asus n56vz HCL update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/22/2017 06:32 AM, Oleg Artemiev wrote: > On Tue, Feb 21, 2017 at 3:34 AM, Zrubi wrote: >> Of course you can still decide to not share those - it is up to >> you. > Yes, I still do - see 'my reasons' below. There is no argue against this decision for sure. > My idea is that if Qubes team wants to get additional information > from users about spare parts - the HCL should get divided by at > least two parts: > > 1) laptop model compatibility list (w/ less information about > details (I guess within one model the hardware set is similar)). Unfortunately this is not the case in reality. All the manufacturers are releasing completely different hardware with the same model name. I was working closely with several vendors before, so I have some bad real life experience with this. So I'm still stating that without exact spare part list, the HCL has not even worth the effort to collect and publish. About anonymity: It is your choice again. But that choice should be done before even posting anything on these lists :) The reason behind the current manual and voluntary HCL info gathering is to give you the choice. If you send any data or not, if you using your real name or not. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYrUvtAAoJEH7adOMCkunmjl0P/3Xo3PiB0JxhbjdWpS0G5QIo aAxX2TCc0/zRW7U3WsUL18CPPXUQGsQtaxcaz90QRnAwI5UVNFRUw9LvVUBkaBmK g0JpzHVTRub6pOb8Bu79HSVVtI7YRokoIjQ50xykvQyh3QhQNDWUzd3v3nl33QD7 n7DTzFsCwH83KJ1rWUPHME2e2TFozbaaxwFId30fCL3RwwPgkxCmcwcBOf3dpX8c AZZkYkPEUKvPtwb5DL5XX7JPwWwxW8vbNoKMkeexWT7qmW3XjfXxvDVTVx14r5Lw VdKcu9W9Wfn9lEuWIHgipyG4VmaU3jSHkf9s5g1RFX3ht8DF+nQqF60V/Dnk3QCl QKhrqnnKAAZ8cXwgHdUc0vomdAR5OW3igEUWqPAlMLd3Rg7cUrQotAI5nd+GDDh6 t5fkBO/LZ0gEGSedH6O22/S87PzO6Fbj1N9ex2ojKgSLvhnv3TMwS1mYbb/5bsJP dJVxNPkiC6QiSSWd2JF0FwIrlTUX0hwInVeq6s8PmnZmrdtmMj/X7DOzIWL7E1E1 GcBrbKVDk9iccAIkkB8/YWdn2tIY7TEUz3IeWU0iYppDX+ZjVaUkmjNKttMJcL2P SK5tt1MuXRrbvENqNBFhdo0Bj6S+cS2RX63+We0Qq0xeYYPHPfg2oR/GvShMgh26 LtbNRIP/hEDjgVZ+jEVk =/cH0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b628244-93a1-a4ce-4178-111208011f4d%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes and ram
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/22/2017 11:36 AM, sgshsjjsnb3...@gmail.com wrote: > How does Qubes uses memory? I use about 20VMs (AppVMs, NetVMs, > ProxyVMs, etc) and i don't see any difference between 8 and 16 gigs > on laptop, does it make sense to add more memory? there is no such thing as too much RAM. :) I'm using ~12 online VMs and usually hitting memory limits of my 8Gb. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYrW4gAAoJEH7adOMCkunmDooP/RVipZoCy6sIaYxMH83Cuz4V HLVZjYPRxss/GiXf59XA/0XmnXTEBt9KoZQEr4JQ3MwaJUzL3r4wsdb4IL0DdEgO NzcCGnLaOI4y2KXVOBRiKOyTYi0FujNorMGCpNdmW4BWmtPjq4jWiwcXLPnsWd35 ZrPKTCdmtBHQLRtZv4TLIfso1d2RKMtpBHKmlLDwGOlt4WC2mKnNdRFLGoSe4waM dCfiKjyiWHhPSwhR1o/PzvnMe0N5NgC8AvwVEd52NqZHfjDks3IS1qgLPhRQ5KPO QlWN+2cmQpYfpSPmJAM1g4eWheuh+6OcJLieFjDqdqYj3zFnclEQnGKlD0XRRfg6 T+tMI/akoIh5NcxTGdRLz5WdKI2VzF699GW0dJ5H5TWw4W7BQkhQrNUQRgeZNhp8 6IpTrgBNaYiyg7pXXMv/0lq0QslV/0Onmg/dYc/g7wQHGVk6N8g40/J2r6uckZNu Py5nNDBEiLLkAk5KLuq9isXIo5BlcJvxNvOvvrcaMU32wgjDClr5in4Qo9ea3R/o 48zFzz2kbHtlS40STPE3FFI+pNxk9NiH7s2Oao2Jy9p/to6+8a7kCU2jl7KZC6Bs x36GToI6OUNZur5IiWvc8cHrC4H2yXl/ONlezR26VGxNjgBmeSxe+xDJZnlvw7uU cDb9JeORSf7zWpQGShVl =jySu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bae9891a-e216-dab9-4c30-3606ab69842a%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes and ram
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/22/2017 04:09 PM, Ted Brenner wrote: > I have 8 GB of RAM and I feel like I can't have more than 3 AppVMs > open (with Chrome) before I hit a limit and can't open up anymore > appVMs. Could be my configuration in terms of what minimal amount > of memory I assign though I'm using everything as it comes right > out of the box. If someone can get 12, I must be doing something > wrong. Well that 12 online VM are distrbuted something like: sys-firewall WiFi Ethernet sys-usb 2 different VPN proxy VM those are with only 300Mb initial 512Mb max memory. the remaining ~6 AppVMs are starting with 512Mb to 2048Mb max. Of course all depend on what you are suing in those VM's. But I usually have at least 1 browser +terminals +mail clients open. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYra+gAAoJEH7adOMCkunmCkQQAI10dZeSNyrth4HpPYZFzOG0 zgqVBdzfb0hQuG9ZVe0djVmEmn3kDueDFNDZx3xB28KrM3vuHLnW9jz8We1tkuAx MqhUXjcxzkJRu2ZuWwRiXPa/TWI3h3vIALZosgvuKhQJ/QVFzvqIQKf4gqPzszkn nglHgdrZK8rH90bxbFko798Ti7gU74tEIK3N6xq6/5KIRAC/9JJpCBr0zzmSqUaK srsq1Sn2Ve5vtQmSSL/QC7E6Qr8FUkwsJYOYEMwHubr7QkNGIfmyc6UfI1YkLo6z RjTZzxuyv7TXHa0sdK72NoLMI9xpoBTmWDiFTu5AYXiDo+Nc2mhXYa1iuYr2bPLy TM049KFGqUBd+RD2FT1vDx3JjkVGtYCgBQEBesypOFUnyZYRuc+nbuUTqVqm4g4g E72C9eKO2dH0IqaTYiBJQGyQVIK3k5cg/01brPhDFyWOV7ws2zzKwKHmRMJY0COc dKiI2P+1w52Xo7XJ7OS/rB6M8A7h9d09dDw92fUGZdBl/vAYObnFAL8/+7pERZz7 YydSnTjY9k+OG05f4kd+PrCjV2BJSNkmNT2VyzIHKI5EaRwLsOcMWPvmp8TvjG3Y Xzzo7uUE0BDZ67iiH5D4NFDmWaqnDXLl7z486e1MqPosWozm1Kta+bma9TqHRaQt zYzHA79W2uCaBimT7eKU =xQ1o -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2caebbc5-9ad5-af63-79c3-d32ce6ee09cd%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Nvidia Optimus mode not possible?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/06/2017 07:48 PM, evo wrote: > i read some posts about this and as i understood, it is not > possible to use optimus mode with nvidia and intel card on Qubes > OS, is it right? Sadly you are right. But this is a general limitation on linux, not a Qubes issue. Moreover nVidia binary drivers still not support Optimus on linux. > The thing with Bumblebee and bbswitch, which i don't fully > understand, seems not to work, or do somebody have some new > tricks? These are dead projects, mentioning outdated drivers. I would not bother trying to follow those instructions. nVidia also blocking GPU passthrough via VGA BIOS (expect Quadro cards) so we can't even hope about passing the nVidia VGA to a VM, and use it there natively. Currently the only use case where the binary drivers may be useful if you have a single nVidia VGA and want to use it under Qubes - accepting the risks for a better battery life. Or if that single card is a new (1000 series) one, because that is not even supported by the open source drivers. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYvoSpAAoJEH7adOMCkunm3UUP/0Ujg3jTDOffOJfUjpk2BTy+ pGwvI1zpd+GACf3Hm3E8KTfuF1j1OQGyiWJMwu3XIyK5XoZcKraH41au6AcKL0br YXlBQPXYMIs4dNgZH8oTP0uTcUzkeTBgCpK0c2liKTIyaGYMrwtKdH5FgNEQ2KUy cfGGQSCJ9be7vFSAOUSnBSHklMY6jgXS54MD4bUj9uk+2rZ6ggsE4ULZMg1r3IMg 9WfV3F95+vlFMUBEFWMIZBfbOraGMg+JDtQ45GYsQCA3cHd3dlIhvB29MkSQ48kB egE26CYinSscLgQs5cXjpuBYxbHGyEr7ISbrykIZRjxFh7lCu+aChrxMVqpCOr1f 3OY3UV/HgXalKHUtjfhdgKt7jjmNo39tTiWuWy28+F+k5993wQRSTzIQ2VEvOCZv P3NWjr7ARFVSmKeN4xX73AZUbyxVpYxUsxb+YdcETs4zNvKO1TSknH8jqoPfn18g uOU9dgBj7l4zyFdMyX0g+6Nc+UTnxsF1WPykpH6QibBT5czXpsKtu6qUNZe2QdHS iDLlbf/QXpm8oCGTd5UFR9y164PRQTflo31x4x2sLV3MqGGqN+ItPLGXxVT/5Vbq Bmp7dTVVOXJN2XsENOZzLkxbdmXMZKafACorpmL93fdS6QWXJr/MTFrxbt5lxasj lP0+C0h1PDbYdj/USdOC =1Een -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/998e7ec0-950b-4db8-d3cb-b4a81c0239ca%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Sony SVF15A1C5E
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/08/2017 04:14 PM, r.flo...@openmailbox.org wrote: > I opened the laptop. I can confirm that it's a SLJ8E BD82HM76 PCH. > So the motherboard does not support VT-d. So how both hcl and xen > confirm that this laptop supports IOMMU? the HCL script is pretty easy to read. You can check how it is decide vt-d support. it is actually relaying on xen, and parsing the output of these commands : xl info xl dmesd If you believe it is a false report, send us the support files as well for further investigation. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYwCcTAAoJEH7adOMCkunm+QYP+waxhkIp753P6Kf3ksqXcCwu eBCeIz2qUH35Xfqxo5R1+vgh9KAs0zQxdGmX8E3w1gH21Bd96reLt+8zxxmk1CRn /gqxhzeOrMr7wmGt1Tqot+FLf3r22720RGe4kauBv9r3aCwgekEBdn9Ea/CTCUu+ xCdmeYrzgu1pNYej6SGywWSgR/ZTPxMQZ8rHsteZaKU3eTgxmKal6fgIx8qhNJ8j rgaK7bX/b86FwhT+OzzC6Gu5Qp4aSP8qqJ2i456HhYTQfGaM/9ITgZ7k+95qAwWV 0pxihvdJ5L6hXOazak4nvHEjOeb4I1UPiic1My6rZuv5BYJie5Fnvh/OkskUJlMt eS8Glf7KUayMjFKfMzwf5y7iuQTrj7KI6MAvFnni10COBb7kqSVgnfp5sA0aSZ3u AFepCU3Ah6o1dCEsMNQaQG0pkckYMZ94PCj1dztQXIpwkrUY7zDmIEzlQCcvT9Xm gTkJ210QKGFfSptR/XoNsoImk+b6fiXwIY4i7FBfx3OyMoV2EZi1LbtpQKx2iSX4 aY7cLEW27GKJOIMsxG/YPGMVsLtcvhOeyNSI85RSDZ6dJxp9kac7o8UwBW2xmZp4 51UKUQhEudBcYWHbtHoCZvPk8PvsrbFkk42tQ/EoaQ3IZjLO2vdiHTFlPpoAKsM1 JTLoDUw3xJNt8EMppO/H =63CG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36fbe1d7-e7c9-fdef-a8fe-35c8e4edf648%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Sony SVF15A1C5E
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/08/2017 05:39 PM, r.flo...@openmailbox.org wrote: > I didn't know that `qubes-hcl-report` is a bash shell script. I've > just saw how VT-d support is recognized. Probably there is a > problem with `xl info`. It prints actually that this laptop > supports VT-d. It's strange.. > > However I attached support files. I hope that we can resolve this > 'mistery'. According the data you sent me, your device is an Ivy Bridge + i7-3537U https://pci-ids.ucw.cz/read/PC/8086/0154 According the intel official docs, this system is supprts vt-x and vt-d as well: http://www.intel.com/content/www/us/en/intelligent-systems/chief-river/e mbedded-3rd-generation-intel-core-i7-processor-with-mobile-intel-hm76-ch ipset.html http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/7 - -series-chipset-pch-datasheet.pdf So Xen (and qubes HCL script) reports about vt-d is seems to be true :) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYwQ2HAAoJEH7adOMCkunmJfMP/3y5Em90X88vXVA3LvQ7GnQy SQ9ORhyB9Q5g8G5Q5zos8lZg8qjUb3o2fNCWJwtBKn/Bx9XXHCSxwWSmfDMDNs3/ Bm2pG+dcq31ytXygZ5HOUxtovW2LC3wyLHxLxy15TX9UJZTAqGW5qHzNBbot02f3 0azWGFbxuExd2nxw1TvN6gkGtqybG0Oltr6I2NRsxfOA5VaH6rNYrnYnCFPWL4Iv y0i/DxDm2qGfEsUdDaT1esP1IhPcIbhsbddjM9agiPenm2ywoFmeiTJw+jmEcn+E UGEArO+EduzriMJzkbHYUe6TthnVqSi9qy2tCf1SRXaof26NZufTboTvBUKD/Ivr uLMAwWUYsZQClNNkKn24J7ya/VE+BFeq6qDhnHx2fWtnh0yyohtGAjIp/bCluCs4 WSxw1ZgUrp2QckwPyyuO4jMfZZASgnq9bo/U1RXO3qJBsv2B15CEB+teyAmy85ME 8HXvMN6mo+fhhcNTVGkCt13ENTpIJYC19ioylFQh7LeQ63frjOr2LgHTfYzgb1gO PkAAY/j1xTHcJlXdIgu8a0iuXZ/15IETuBydDaGkaUWhDLQCEcFb55kvV/xibE/N LZAsuEaaiv9a5LoUaLEOCyYf2H7Kk5KnZNLF8Fk6GjSZpuXfsIY4gwtYZI96akZm mtWMlD0y8Xf6RLhE8mGM =dvHe -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff0bcaa7-6616-4755-74a0-cd7dcb5c800e%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: dnf over VPN with qubes-updates-proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/28/2017 02:14 PM, Nemo wrote: > Doing updates through the VPN would be perfect if possible. For this you can simply skip the updates proxy, and let your template access the same networks as you appVMs. You just have to edit the /etc/dnf/dnf.conf in your template, and comment out the qubes proxy line. Of course this will disable the original "template protection" where you can only reach the updates proxy. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJY23AqAAoJEH7adOMCkunmBJMP/RL0i7xF/tY3+xdtvMuXiCUt W6jsuUcvsC2VlTsW2WSskBnixGEZuZlFaTxo6yA1HXpRCTgOiJm6mHrmLLcyV4im jbuEpkI/wcoKodSzyhvQ6NBIj1PUBZehuOIbK3NoBkasnzqSDQ/cSB30z72QljOn S/T/njAQ3PFju3+yA6l7jrE7gJiICXecR2zwN78Y2b9KdxSs/JwnQBVdh+ahvxI4 A4fEF45gvtJ+5QkK3A2zmrnkhl39k/b54NjglN993LL0uUB4j8cbgUUjG6mjnPYj YEW4MlvSKbAHp8wzwDpWT1yb1zCzDt2F45K3ILDwO0G119TBC1Ur8qwz5YELRwcm 9ZDrDK9gLaVfWxj4aBv4N1ecZZu9pVN8RKtFsFHuvFGkCjLoDPVKjkgpSLMhDNpi aUAo61cpsVxgE6AocepbHykrbrhyQnncUO0LcZT1Ozl9g9hCyFT5LgMvRN3k9vRb QwNZVptA2ktps7X9BtjPSjcYUgdhEFxqxxt85Sy0BS61bfH2UlgPzEIr+I7XRxaa SIj6yUG9SpRTz/HBaP2Rt3IzKkwLzkOaQDRKebNofsl8X+z9fF3Oq7cVOSFqj2X5 LM+t/NXnkwCciwbD0V5m4v9qNorj5GYTdzlauAROLA4tRmAqPddOl7rfhMqnnlXs S7P4liRGjwwbyYeK02y6 =h4kr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04d1b2db-bb80-056f-8fdd-c37cf07b2702%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Breaking the Security Model of Subgraph OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/12/2017 10:34 AM, Bernhard wrote: > I perfectly agree that this 'phone home' business is inaccaptable. > If you consider that this type of firewall is easy to set up within > qubes I invite you to write a small tutorial on the subject for > 'normal users' thank you! Bernhard Such advanced firewall is on my todo list for ages. My first candidate is running suricata in a proxyVM https://suricata-ids.org/ However I had no RAM to play with such things in my machines. No I have enough computing resource - but not enough free time :( - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJY7e5NAAoJEH7adOMCkunmtEIP/1KGn93gd3WdfC1on3+//f4e /ht1q6yVosHXypBT0WpRLrdWWEy+oBRfiMTbxq9xi/1CIwvMIcvOZHj0+rb+XHnZ 3j8qmmUFQQtVqyazlJuyJZYiDU1DFQl+CEA1NP/31TWNsv5bClH3jTgks68D8dr5 eUQml9KZBIgMTUfuwAJh3cx6r8/0BBET6+50wUTtua9ZXodIv1sP4xFhiZ5t/n0S Vkc8g3MQ7YjHcBEqtbAlHTW6a9WfMEzXvHhikmUH2hE2/tp7ZFjyBv/2nHNHQUTY 2J4z7wBiLNx2Ix8ww3NsDUMVS+GV3ZvvRVveBQyx3/baQRWZik+fL3sTmpj+gGZX uGZVblFEyE3/Q1pDk6L+0QLAZdLrre8fsYI/6uXumJYmB6LizVm7sNDLDfXyi3v2 MbleTOF0emif2B6/nfPkdXIbdolnyFTGvIf3a8emZKGwdyuuOpOVfnVdydAOLHjX IqGZ8480UW0DSOixoTXqKB7+Gtv0o2xILuAsaPKA0DcXfbGWIysvzEc7pvXsOemf ibKn4ZV0XJmXwqrP3Qk+dfmWh3gGxkB1OWmB/RFTKBQGk1TUlPV9ZlZ1B0FrsfkW cZ534dmp8GkC8B/tCMAWma9lMKDaxYIo8VwEv2LkuT772bFxZZw3lKBxYqLtEALO ZU3XD7jyaYjEt4vjNpzh =DZ1F -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6eb2987e-949c-4e2b-4018-8d4fdbc02841%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big problem?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/13/2017 09:15 AM, rubboe...@gmail.com wrote: > Hi, > > I'm new to Qubes and yesterday i've installed qubes, everything > went fine. When qubes was almost done it asked me for my disk > password. So I thought that that would be the passphrase, i entered > the passphrase but it was wrong. I litteraly tried evey possible > answer. Is there a possibbilitie to delete qubes or something > because i'm completely stuck. I can't do something else with my > pc I hope someone could help, because this is just a new pc and > this is already a big problem... > It can be a keyboard layout problem, if you not using the default US - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJY7yp7AAoJEH7adOMCkunmo7MP/jIsvK3g9Ltl82ix/md9bJ2p yG79shhf5hbAfhueEKvBPssPrGOhlHYeebT1usjJ7Qw6sQcCnGoe24cuX+PFM4wr K3uejNw70eN7vwSA4KHXzMNjKclCBnd8vUCfZuirGJ8Dj2R/q4b3rSCDZZjdreJl elfmHW0567cVCIR59IFLm5GVLXVHNQZjFDd3EVgmwPAMQIo1NVZVn1t6Dumickvp dUk3nUYqJZOlh/+Z34qYiaLpX4YCUebpyaqtzBTpAdUFwTm0TJ9yAbe1NGhJVboU V3C1aoMIr/zrzEfiYUeV0vfKQXIKEqwe5B0mZ7L+nYbPYGGJeJvS/G27hUj4WIe8 HUx5RCS5JRtYdAaKWzPKVmZB7zPvp3KEv+pwiHLuLDRZ6hqD3v2lk0YCj8RGmdmk t0hZHPY4HNIlrgC9lIM5/m/tiIjy3QYrQheMLDKXkE1HrM3RpSh4aQ86gkhiBiV+ 6lKAZwMXONoahiscdMUoXv7bQV0P6b4OwMsNVRDjKQ8xUTF1fVWMupBtCnqEA8cL kL3XeaugTgX3Fdz588TEAra7yfmzBQr/KQN7TRp7WyUY71iOMXkJyw7vktHZIoWl Wu2F1ZiQPg6c7YeixW+FLEhsO2ZSHEmZ1jc6xsKFSjnnY/3Ee2gVDDeZ1451aNcd Gnn99RhsIpVPnBG6oNoH =JEqX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92f2c467-abf5-f18b-d026-7af8ad2fbfcf%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to handle untrusted applications?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/18/2017 11:30 AM, nonse...@graumannschaft.org wrote: > What is a sane way to manage applications one doesn't trust (e.g. > Skype )? As far as I understand the qubes concept so far, I would > either have to install the app in my general template (which I do > not want ) or create a dedicated template just for the app vm that > is supposed to run that app ... is that correct? Yes, this is the two way I know. Moreover the best is to not use it at all, if you not trust that app ;) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJY9hLEAAoJEH7adOMCkunmRtkQAJYEOCC2diXqwIMmPeb9zKQ0 3rZ2pZICwow+l1Zh2p27EQbFFmPSnw82j9V7qoGQ8f9rDMnRn92CX/BDALdCUU9P +LOzSp69WBrx8yI2v8XXcYeCPrcZrGIU4SuaeTq9GTe6Zubbtkzi+KeM2pnK4WuJ UQ5ITUef1W5asOYcopItbEq7f95zHOTbAT0adyBC++dLMK29B6njAOot3slBXeWB MuYZQAUhPXKyFpHfbRbG/lTy8tIJv5ctTz1bnLlPk3YPX4Xc+u0NLRqL62Bwf9Sl 400tGj2PRzzQdOI+ayisaCPHR+OCpZNXChlzPpgwnaEapQ2FlpXGVOYGCYwdVJuO gW2y6C6FJsbKn4/fWYkeJ6482arcX705iroBzoicda+oHs5Wctkjz28dENbgFBVO jHMSk7UcqxO78ZU6S9JC1zFrp0A5m2VH2aoO3LTYfZWMUuL59gakTF4P0fvHxMvE a92GLLe6sebHqZy0NzNgjOZVggEbkEFU+DdjNmgSFK9IiVjRJFKyzywv8iNMuGue PbQsBtIc1TYJ6GEWBLD+Mn8Tcj1SxDq06UjhV6U3Hekbi9wJ/ePS5rVcnSZbBGIq y5/07kUiLEA6d149Kj/74uh3Rr4/n4L8pvubDNfTETVf4Fro1FtCS22PQMhWggQ+ 4EnbYP51lTHv0T2qM7Kd =vAF/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f59173d-94a9-0a00-5eac-123fc0216db3%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intrusion detection daemons in VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/04/2016 10:35 AM, Zrubi wrote: > Another - currently implementable - way to use a proxy VM (as it > is currently used as a dnf/yum proxy) and install your desired > intrusion detection software there. Suricata is a good candidate > for such thing: https://suricata-ids.org/ > > (I would just need more time and more RAM to play with such things > ;) And finally now I have enough RAM, and got some time too :) Here is the result: http://zrubi.hu/en/2017/traffic-analysis-qubes/ Any comments and/or suggestions are welcome. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJY/c20AAoJEH7adOMCkunmSu8P/A4jZDdD7DXhux8rQTI9n9ky r2ub1588ha3zy8I9Zb3fzQzPzes5YkhRFP8gAy972c94qRZsYesqeqh402ZBW/eL eIRGn6n+sFChGEjWSK18JzGbN82L4O5PXU/WPGSgEiKoYwij4gtRavqZ9KjSsS18 eSs/cRcy7qRIbpQzbHKamFiEBeH10nBT3LWZJ7KbGR4vitmSonKhzXTdcImmkisq 3T671O4pMbu3+njd6wg5HmI8aje4xzyj7nJ9Gyzvhz+Ymh+60KjIo54/I1SljLv6 jiju+I4164xHH3jSQOrcRCEibIl8GFcybl2ey3bYtuN93VF27xyxzku08GvhUWo1 rl6PjGIi8q7uhIttqBB549/HIj4ZOIJkE1NwlOBkIf4H+bVumbW3c7HJKWKFj+uR /+Dk++K1Lk4QDveZ3NGY7z3Eg2R42maAydLjj/lkRVHSCcJZ+aKNZGVhjOXGdPYu 3TcoODDVAV4Oj0jeUGqe7vN77N0KBO8isvdgyoLTubXZMxWbyNcIZLzqqWqZ9Vhf SXz2jX+GiyzxrY5AkNQ6JHhVrEhiNQGV4EXniaH3ehrX1RSmPko0dbyRJvGXEPoI qhBkrwKEkGDrCVPzVU0khGLy3QSz4LlHa9KsSO9/RMIN7W10C555s5g+kpSgxz7t SOjw2PMcOm+tvGdcwuDk =XRSk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f1b709b-7694-6611-e011-1d2608fb691b%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: can we have debian-minimal?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/19/2017 07:49 PM, tnt_bom_...@keemail.me wrote: > its difficult to remove the packages inside debian-qubes , because > most of the time u will end up on crashing/destroying it. I just played a little and removed a lot of packages from the current debian-8 template: amd64-microcode aspell aspell-en bsd-mailx colord colord-data cryptsetup cryptsetup-bin cups cups-browsed cups-client cups-common cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers cups-pk-helper cups-ppdc cups-server-common dmidecode dnsmasq-base dns-root-data docutils-doc doc-debian dosfstools eject emacs emacs24 emacs24-bin-common emacs24-common enchant evince evince-common exfat-fuse exfat-utils exim4 exim4-base exim4-config exim4-daemon-light firefox-esr firmware-linux firmware-linux-free firmware-linux-nonfree ftp gdisk gedit gedit-common gnome-sushi gnome-user-guide gstreamer1.0-libav:amd64 gstreamer1.0-plugins-base:amd64 gstreamer1.0-plugins-good:amd64 gstreamer1.0-x:amd64 hwdata i965-va-driver:amd64 icedove iceowl-extension iceweasel info intel-microcode iucode-tool keepassx man-db mutt nano nautilus nfs-common printer-driver-gutenprint procmail qubes-img-converter qubes-pdf-converter qubes-thunderbird reportbug rpcbind rsyslog sane-utils system-config-printer system-config-printer-udev tasksel tasksel-data upower usbmuxd usbutils usb-modeswitch usb-modeswitch-data va-driver-all:amd64 vdpau-va-driver:amd64 w3m wamerican yelp yelp-xsl After removed (sudo dpkg --purge ) those let's run: sudo apt-get autoremove The result still contains more than the must have packages, but I not purged the ones I actually need: NetVM and FirewallVM related packages, vim, gnome-terminal and standard networking tools Of course it will not save disk space unless you free it using: qvm-trim-template (from dom0) Now my debian template is much closer to fedora-minimal - while still booting and working :) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJY/058AAoJEH7adOMCkunmlTkP/jpnhbBHDzAIqG1bCv+wMSqP /GmuiDv5sMqe4tUOu1ONv+ccJ+Z2y5OB1WkyGcqNkw703hws9KRE8zcdAeM4kCsX JpUeFKi/5pfkeMuWbRLPbnwyr0Vnycq3IkeXWuMse87LfkEc9poGuXBegMXloZlL ikzvZM7dOKzvPtllBY7EVkRBWPy+p3WIdhPhEuGpKMZfI4oZFAqHlGpP6uTXNAJT 16oJYU4gfxlKmx2Rziv3MuGK1HAToETgu1sIVuVmjJVRH7Hk47PrWnefAem6A1T+ ApEKY/0NIp6kAvnVHvIf8FUTdZbatixBZIA/CSYXKdiTT3IGcEspQ/t+q5y8EQI/ bFEcA9I6ECfxyBe8v5oFsqQDt35FQg4rmQ7azpmi7pb+ploBtbS7s+zGxbmvEBTz TR9MhPOC8thD+qjXi0NjONu6/VgSiTZDAXAvxXSRhO6sGsychuuXwoe8Ev79lmVc I1/d+TOyHEBdaJIFlfJwn8PmQvcN+C83JvA/P9xAXQJIQIqChjAAmL8tjvBLxobf G7y70nnfTQtxePIUQY0rN+CR7jmKilF1GM2co4k6/Wv4mVT+EumajMKt3DDiSeMQ KVdMf66ZI8I17mk9nZzwzQkjnb4DT+Tc9aZu/gD0SPRtrgewWIs9Xprz+3qOjDEW xV0r1/LxYl7o+t0XkSKA =0Z77 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53ace73b-85ef-3b8b-ba2a-343fb017acff%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Help adding documentation to Qubes Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/11/2017 11:51 PM, 'PR' via qubes-users wrote: > Hello, > > I need some help understanding how the collaborative documentation > with GitHub works. https://www.qubes-os.org/doc/doc-guidelines/ TL;DR: you only missed the create a pull request part. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZFWaVAAoJEH7adOMCkunmwXIP/0UQyl6MHuZ3SS3g8RwD9Keb B94S5E7dXbadpkr91wJhmvLPg7Zki+hQM3NaLMbYywpoTtS0XNqWm3nqLHOhMPv3 LEUYJ8BmV6nzk0JdDfW0NQ9+XKJ1qS5Vf8W+vzmpwKUHHo2HfZk/2+DtFSHYFboG Z3QYqqqlxRVED9DfCnG86LfNlIWMy6HO0GIGkikU/XQZRljP0mr5S8bq9yxFuOGO P7l++S33dh6NWG1j9gMIcZMDB8JFJerwk9yz+8JtfdTDWyx72mE7T0ctpJWR3yjU TfyiNeY7m+Y3AcceM2XQAjntrhsoaNebk3QaJ1vco5FVGZq2r2SbenA8sY4QodKy VsDfNYS+zMD3STO/tQisMik3A2Vx6vweOJZJnGkHHvs+YJceTn0HXFq1C/oo/2G5 gUHxlMvrB8KzkLhgif8jB6W47qKBfGkb59l0obW1AvRXCKOHew7i9spCeoic0Pj6 JSAIZPEx7CwRKof/pWrIMP2oZ2sRPBbEsepB9XLxF4FuFvVD55Oy92/+xeF5H/FT fzhkjyyXdpBBQDxrWXGIb7VvY088vTNN1EWBVt3L5TRC4dzK0Bdp/LcYFK4RINgC MsA8MRTQtWVQz53nPo3wV2lL6EjEe4LpTzFbUQ/kFAWML1XSQ8q+MJOTU8j26DOg akrCKaEDP/iikTJFAFn/ =MsWk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/574f7cfc-8b27-9171-92dc-5578e9d3c4a4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Help adding documentation to Qubes Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/12/2017 09:39 AM, Zrubi wrote: > On 05/11/2017 11:51 PM, 'PR' via qubes-users wrote: >> Hello, > >> I need some help understanding how the collaborative >> documentation with GitHub works. > > https://www.qubes-os.org/doc/doc-guidelines/ > > TL;DR: you only missed the create a pull request part. > > Or if it is your pull request: https://github.com/QubesOS/qubes-doc/pull/418 Then you made it right. Now you just have to wait for someone to review and accept it into the official doc's - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZFWkXAAoJEH7adOMCkunmdnsP/RDMnkUZLHsYt1FfEOK9tFDM 7yhrqJzszYd99zWjJesdvne1ojUUekCA8hcyAfYYz2MbUhVvhGLX95P7Qv/TEgzI gREkt3+dAJDgOM/FdW2Jw8PFb60ufQOdnTGyGmP4U0NS6Su1ir2HFKYRkub8lfiw SOBgzZ2HDE2whcP9f4HS/JHaoBPjuDpR6VMAjLf2/Rrmx8oupGpGOr4BR9VFDZVG ITzdcUBmEZYsAKRnpKW4xAXwxTMZlYmViS4OrDIafYxJJJ1xCUTpEfyKr64JIpMM Fdn4MqEcC3bu9FoDxQBQxxlzCpeC+uqXwMKkws/J64Oe9e6o2eol2cPYvBgW0uvs 4uBaKz9EvVgkKpVBgiodHTduUVB1c+rsHZ6HiRmOxPxVT0gwOqMk5ymS6h1iPa8Z fBW8VZpmWvO7wE8k9VUKF4RUyde8/q5tOkL+cpwblNJ9uxYKmyG+UZd1p8DX97K6 zLuyvOH4T3GxVZ/CCIT536LE6ArErJ/d2k22lJogIwNec/2iv+P0Z+nhWbrNq1u7 s6c7Gh9X3/WzltsGC2Ws91BU+FYKxKYBpXq57q6oVQh6WnXa2pq9lLyiIrn9/wxr ndPLFHLKO/tI17Dpql4IFV9xdVY8G4SSZFrIe4zjvSgYyabDC1frJieA8u2i83pT wN9jb3AwifHWw72J/8f6 =+nLj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4eca89c0-b10c-3787-f6ca-6dabfd9d6b32%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] which things are, and which things are not encrypted on the disk.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/18/2017 09:48 AM, pandakaas...@gmail.com wrote: > I recently came across this PDF file stating that dom0 and the > hypervisor (Xen) are stored unencrypted on the disk, because the > disk wouldnt be able to boot(According to the PDF). but as far as I > know, only /boot and GRUB are stored unencrypted. so is this PDF > file wrong, or was I wrong (or both?). > > Here you have a link to the file, you can find it on page 7: > http://www.cs.uu.nl/docs/vakken/b3sec/Proj15/QubesOS.pdf > The Xen itself and the dom0 kernel (located in /boot) are both unencrypted. This can be the reason using TPM and AEM: https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html https://www.qubes-os.org/doc/anti-evil-maid/ - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZHVNBAAoJEH7adOMCkunmeHYP/R9HZ8OKmJQqVsFguS7ozIfj 1CiwrWuTK/RskzRv0X3RSzk/+9BvF66MuL7KldfmuQQ2l8UKO8FX7BPjKj9ITYz4 QbGPZkt+ysAADU26v4vzxLh0jUE360RGEDLQYc+pB1h/sOWMrLhufRZROXLiNXfU xmXXBowEDfcZ/LbT59SdKX2PSMKjYkIWTenelxeyH6/zxwzruRVl0YXblyXYT5CR G0Fp3RMrWFGYWoMhkg60VXAyHrA56QfzodmPy9zNRULc8Vj3sh+2pTDH58350AQv fznfYLpoVRKJzvO/H/um5ISePFNbQdl27/uLGBKnj7WuEybAoAFoPXL+1Y4VC9Za Gy2e1BO5GKYYgriLi/LVFzvix4Qn0OIinwNr+/7JhFJ99TgK1Xt4aWBH1zm92G8K MyIbXqvkDRPDGSdjVDPAYnnnOWYJh46BRUE+0JzhhonIWO71IfjDNbh6Eg45cEU/ hPC+NbMvqVLcdlD+us8746Sv8cNJZG3tMKzLo0FDERqA/ZDvIdXjwcKMG9l8WHM8 rX+Xrs0k9PD15q7G08gMkgqgsqzTrBdc6Vr1Aa33oAMkrwGqiWfrqUboRJwmHu9h Nlyu2ZW7tm/ipjCGlV/Rw1x6T2D/tpqbZa9V+GjibPOSF0KXSTjcyDSVU+SpEyJH do+i3HNd00VK+um5cX0i =69AL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc9cd077-2a20-7491-d859-396d43c3b6de%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Use your multi-button mouse - for easy inter-vm copy paste
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I just wrote an article about how to map the qubes copy-paste key combination to a single mouse button: http://zrubi.hu/en/2017/use-more-buttons/ The solution is not Qubes specific in general, but inspired and motivated by the qubes copy-paste operation :) Feel free to use this article - as a whole, or parts of it, or any derived work - for the Qubes Documentation Project. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZHr9aAAoJEH7adOMCkunmHLMQAIZ/eOZRetYdwCLN50cU50XE aJdrcvD9UjjusSEVg0gOZ1er6biKvcyYDciA26UOe4KN2g/VtUr8FAMq80tbmymq Os4hbDl8iryVnG4MswCOtAZhgNedI2DKgCwYmOkWhE0CY8kj15h42yJPqN/3DFng AFwr3fsVNeG3i4QvK5LG46JfkCPEe1KJkk0c3oCQi3MpcyRdlPPFApu51jxPviiP ForHM7gJXweswFIzctKgr3r2zkmstnFZScev6EKR7HzSV5WfYVJQh7iaxIyrYO2F Vbkiosb42z+0dmtm6jU8+1Eq512q6vk5GQ5EG8SPQkJZA/AadE3j6lN3GkYu9icB 50is0qjiEZd8/Mit52wre8GUuRQtuWmm5rK6hcHZx0DBs5Yy6uuc5aMoEiZiqPYA QhoOYLTVqnpXiSU8hs7DmB3Vey/GFHAkArGcQyrMsKSgXo0z8QPr9YvNDcAo46Hu eUyHY+6E6jaTpu2uljW5kAJeeV5m7CZ62wTISPuEWUWVdfSZwPwFKKKN/J1/2luU vVVLAaDzQoIfFiaxykKyL+FEGaKCGXHLsd5JvQ0ZQIXizmjOG/6HgRpJhyoYWTff jSgaJfCrY58nDCra9CJth4ScA/vrY5OIVkAwBCzdI9CGJ2QqP60ybM0jmoUSIK3P 12cbyml1zpLjOHyUYP7g =H9QH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bca6f301-9456-6e43-7e3d-aa3c224d070d%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Request for feedback: 4.9 Kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/20/2017 09:42 PM, Reg Tiangha wrote: > People may not have noticed, but there is now a 4.9 kernel in > current-testing (4.9.28 to be specific). > > If the release schedule holds, then that should be migrated to > stable soon, however, before that happens, some feedback on that > kernel would be useful before it gets pushed to the majority of > users. > > Specifically, it'd be nice to know if: > > 1) Hardware that used to work with 4.4 or 4.8 no longer works with > 4.9. My Lenovo T450 working fine with kernel 4.4 Jut tried the latest 4.9.31 and has some interesting graphic related issues: Under KDE, the application icons in the taskbar are messed up. Means broken application images are displayed. Broken means some kind of transition between the last visited desktop icons and the current one. The problem disappear (probably refreshing to a valid icon) by the time. But messing up again if I switch virtual desktops. Which I do very often. A refresh is surely occures if I switch out to a CLI terminal and back. But the result is just temporary, as if I switching virtual desktops the icons are getting messed up again and again. Switched back to kernel 4.4 solved these problems, so it is less likely a hardware bug. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZQnItAAoJEH7adOMCkunmQd4QAKMmqPxeCEw7MYJSUvwPQKl1 vbnIb/Mw4emE8wtsYOe9kHBZBrw6qMMxXYFZRPH3BBTQiZo+EgMLNBw2E+VsC490 mMovL9JmSHB1KcHqkmXjqhz7q5Qrpbh10CApGpRKl5seNFKH9MT5L4GAJ+r6CUx9 YMdQu++P85xZJ4sSa/3vmp2hU4rljgr9KbCSojTjnLw0B+o+WlMxA84OSh/gHkLu qM+gIJHUkCCRVA7XPUQMldgYDSOpLErtfoQqvK9WExqjuLqzGc6c9swt96fsj8Ah BuLR9ekcoYFq3mD+TbcPx6BxJL2awcibYC17yYWw5PUwoQKsWTboLGDorha7faAe nNfoOf35OSI3qaJlcbAo6dJ6nKZgeGtVGt6Gckqn+IGw8+cmjEq1AwRW0Agwhgq3 YRBc9kRApLTSDhu1ze+Io6/CejZ/xK655WQ/mvZthVSkfxsvyCrDYHrlPiD7KT+v NJaDZks5H/s+ukim7kEqnqInt0E6+c0tmsspj2l7+nH6tXQNzR8cauT+y+C+Skkj OAse+ZyRA2EBBHDRzCuTAe1teLjnSEUhnsEfmfB9WRgCQj2D1+wKiMC4PWOKs/sn 5j6FGpGq/w3vNVgYhS1iDffw90obYZVH1HZIcxbIV8H157ftpN1ZXHgYJa6raLhf 5V9+wHj/2pbdSXLHsSAU =xp8D -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e5873515-4666-a7e0-058c-602a8ec7986c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] tools for "burning" bootable USB to install qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/14/2017 05:56 PM, Raymond Rizzuto wrote: > Are their any other Windows tools aside from Rufus that can be used > to successfully create a bootable USB drive for installing Qubes? > I.e. Etcher, Unetbootin, YUMI, etc. The most simple and reliable one: https://www.netbsd.org/~martin/rawrite32/download.html - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZQoUGAAoJEH7adOMCkunmD8sP/2g7w5799vrMfTOwBzOIJF9+ QqYS8A/DjC2hz9q43RvPnJDPbfI7EjgCuk0I7wzxGh4NU+eMfLhOw+qgckCaF/6Q UVAk5yNCvpeJO5GSlGrh8LI8jpNe5T1t9cBXs392g9rYK9oJaKM6Hbv5VEJhYJ/j YEXZP56hQaYDO4RJDlP7m+B7zj3PmBPUJEeN8QLtG0+F7289ZfO4091LkVO2GMzD lrPNmEagZVRM5l3kL4GLNzWaAI5MMhipsN3qk+QwA5Fvh96d04XuMJjGsZdtzjK5 dNH2jYO80jLbQKnK8Ppkh9ICi1gqQnJ8UsCMakGVTkh76GcER4VnMCDmBV0V9dFj QNSO2VGJ4mwGVDn9u+ouA/tGOKtq1qTatA/6nTaZyIUkiERpYKrIwlS7O3/2ry32 SiTo8qJlx6KP5tWFHWbzGrKOCq6qtvoRxThpYhsesVjNdIztR5jqukfS/6vjvgHX 380JJEQyfhOdIqUKZHv3diJDdaS0IfQV273hTooL2A5LQQcF13BKbTwGZ6vLe0lj qeMZPkEQFbJ+T+MtH3GVfy5deTTiIaQmi/hqAQ6cMKj+Bp60QQAuTkUFFX1Dv62w zCfuMuuAkkhN7A26RQP+oVph6qu3N3bV236hjA7SJ08v6lFLzPp6ZaOfpIZ5G8g4 VklbIQRBbWH9hdrn0vHr =y6rU -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/046b29ad-0ca6-4176-7b9a-ed41e199ad6a%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/15/2017 06:34 PM, Reg Tiangha wrote: > Curious: For those apps that exhibit that behavior, are they > running on Debian 9 or Fedora 25 templates? Nope. Fedora 24 mainly, and Debian 8 The later is only for sys-net, so all my taskbar icons coming from a F24 based template. > Since it works fine in Debian 8 (I haven't tested much with any > Fedoras), I'm wondering if it's less a kernel issue and more of an > issue with newer X or how Qubes integrates with newer X (but I > guess if it works properly on 4.4, it may be a combination of the > three; don't know how to fix it though). Maybe it is a know issue, but: online netvm change on a disposable VM is also broken on the latest 4.9 VM kernel. (Qubes Manager shows it is changed, but not working in practice) > I can't play around with this until later today, but in the > meantime, what graphics hardware are you running, Zrubi? And which > version of 4.4 are you running where things work fine? And finally > if you can, if it's an Intel card, can you try booting with this > kernel option to see if it makes a difference? > > i915.preliminary_hw_support=0 I believe this setting will not affect this chipset. But will try if I have a chance. (This is my only Qubes Laptop atm and using it for production) HW details: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz Intel Corporation Broadwell-U Host Bridge -OPI [8086:1604] (rev 09) Intel Corporation HD Graphics 5500 [8086:1616] (rev 09) (prog-if 00 SW versions: Qubes 3.2 xen: 4.6.5 kernel: 4.4.62-12 - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZQuWeAAoJEH7adOMCkunmxSoP+wRG6dt5ovD+LktfW+jIlPgH Ayg29hOBsoiflSU2yFzzx7borLNSscyL2JjqBuQguXigrjyni2w+EpUgm6K/cfhG J2pqpTdeS+pihWDMjnw8TQM5gWNz1tr0IJA2pgxjAouFu0JFV1ZY1YWKsCJSGmYe CLTB+gd4w6qY8ipP96QUBWtg/fVDq/+xC6v+MIg0hP/j7Nk/8OOBIE34k2E31vrl VPFEPWQX7HfKr6FyOO/nyK0eaiEUIhyr24L/Dq3ARdrotlRQqwLZ3C514HJOZr2N UnYD2AzwnWj2JiSrKX1G8K3dORy0AuRq8P5KbwS0PiG1Vn8iUxgFBczX2Z8pjrM7 pnd8R8NPzStqGyw6h+yDUQ+xDAFhA3Md+EgkxMoRlgu/F0P2A44EzBKr0geafOvG FIsBoi1DlqMOfU0YlMgboESL/xilDCZlW8YLflm6x+osupD8jcg6cCVJV0jOpx51 f/ICnp6435+DRlcRkO54SP5AolsBpWjVPAVU8skJIFsAkXVMxky+NY96GnNA0fvJ O51SlnjD4XjMDx9lJo0oI2xOmg2IcGqTzARsGeeBRbFOB/KJ1hGidHPXgKllrAyA vtePMFBCvpffn265vDg89qQH+/3iAaSjQ+XtHmRs1okH2ttiO8rDD+E3ZfFUKHLs FGtEToYHE1mwcNECubng =uAxB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/edc2e6c0-7c07-fc09-d9c7-263410060af3%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/15/2017 10:02 PM, Reg Tiangha wrote: > On 06/15/2017 01:53 PM, Zrubi wrote: >> Maybe it is a know issue, but: online netvm change on a >> disposable VM is also broken on the latest 4.9 VM kernel. (Qubes >> Manager shows it is changed, but not working in practice) >> > I've *never* ever had this work for me (although it might have > worked once in R3.0 or something old like that); I've always had to > shut down the Disp VM first, alter the dvm template, and then start > up a new one in order to change NetVMs. well this is such a basic feature I would go crazy if that would not work... I'm using this feature from the beginning. And it was always working in general. I remember for some broken kernel releases. But this feature should work in general. As it is working with my setup, in case of kernel VM 4.4 - but not in case of VM kernel 4.9 Do we already have any git issues about 4.9 and its currently known problems? - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZQvNTAAoJEH7adOMCkunm484P/inwOl/oiI4H/3wOyBc7bASj tGws7IwJCIiIzfzFYk1yBncSI0bKkgIMR9r1PnYZ/UcW0P2Ixs6a6hYS553t8GpZ Y9UJbNgfOUbicfozsO53YBaonyo6sapp/1juQ6NIHcTqlJzBkk5s/oKjYWfln0jB 9sn2pT+4fZSn2w0c10cTxSVYPGHmUh2aIeMhuqQPcckCiOmgl/Fqz07d3EA6JI3y WZR3DOG8B0D1WXGnhcqSH3J5yqpPjaQ7QwWlcDNj9mFqqBAeRiQyRvgDxcyL6JXX rjEmnnF+XE4ULa+eV2Cpz/p1Ws43ga0YOWCEi51Ie1JBQIABkN5ngdX2KjlOFjZn NxLQ3ga6AK0q2hk8e9IjJUEus8cLjqSVTvXSpiqaQBO/eEsNWp2LqC63xnxpeiqE 2bDbrvMpqiHUZ2Qrqsx8M21tjngNLNI4og2LipJTMQD6X01qgJBw8+J8EQePdn+E hsdRetkXjPY7afEtky+Qp5Z3lHQOEz1XEbvjVRRZpFEIFB1WcWXvY8QVqDkugPi2 zXQBgJcr5fqqXMkk6JjDdVCaRieS6UtbPT6An9Ih0jZN+5mCXbax0eLPvWrSa+mT Zc8bsCoj6l7+EDyo9kGDOToMATmr82mXQLDJgXx/RwTelvH3PafNs98700NLpMag thWMU8mtF7cS9MPIrTsV =z98C -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b0cf7cf-f9b9-bda8-2aa6-442b71199d5c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/18/2017 11:04 PM, Marek Marczykowski-Górecki wrote: > Make sure you have up to date qubes-gui-agent (qubes-gui-vm). There > were some issues recently affecting integrity of window content > affecting F24 (or F25 - depending on gui-agent version ;) ). Now I'm pretty sure I hit by bug describe in #1495 > After changing netvm for fedora-25-dvm you need to regenerate > DispVM savefile. FYI: that was the missing step. which is a general issue about changing VM kernels, which is not 4.9 specific issue. >>> i915.preliminary_hw_support=0 > I've seen some graphics issues (different than yours) on > Broadwell-based hardware, on 4.9 kernel. Adding iommu=no-igfx to > Xen cmdline helped. See here: > https://github.com/QubesOS/qubes-issues/issues/2836 Thanks, will try both xen and the mentioned kernel parameters. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZR9nzAAoJEH7adOMCkunmIV0P/1V2kV/ZHcrayjpg9majij97 +L3wSwx8+5f/LS7/zj0/83VhJBrHr0uRkT1dKKC7Cgy4u6UTeaW42gFno9kC02E4 rm7Aesa90rNdOJwMMpWZxSo1C75x+cYu/byfiD/hUfK1WjKRgnHC0dPDm4OvfHOk JU5pWr0YuoAzenM5AOSc8R2H4pnhKCsx53J1913s4+cSK5v7yhv7WIC1UsTmn21l 9hU9ebzcnpF5ZQDIlzsJ7awvw8Qj0nJbIYQ4owOFJeSDiesSL9ebmt70b6CgcOfL bkV5/4EssVZGiVTC8wIhA+uAmRc4cbF7uNTRUoneKQC2H4c15UvuVKp4vGti+zk7 jicn65PMhw+XIwYGbiaksF3KQJ/smoUO/hXwLAk1SLnhOcwR/+t8UeAewp6V/w29 lI5EC+5Jof5tp9fKm6Tg73gAStBBPpcFr/xYnFVefyEu4P3UpTm0OgiDzkjzslBw xlkhjWdkkXJxKzLynJ7g3zJvg+2/T4Y9NT4W6NipMYNRFU+V4skp2umy/5+MZwou Xc/uutvY/F2eJC0907ZjKK+boP7PsTPNnNH61RDDgRJS6BoVzlyFvmhS74NG3b9F Jd2R2QOMndthDd7kwIg8+4+Pn8SpOC8C3nOAhvJITXjm29XywzRosbmtvIJgCWR3 ioikpXvKnvzu9zMwAil8 =dNg2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7714d1a6-874d-16ab-bc23-55ef46672212%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How much inital and max memory for sys and template VMs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/28/2017 02:18 PM, jakis2...@gmail.com wrote: > looking at my memory on sys-firewall it has initial 500mb but max > 3gb and its using 3gb which is eating up alot of space for other > things. Whats the best setting for this? > I give only: - - 300Mb to net VMs - - 300-512 to firewall VM's and all are running fine. The AppVMs are fine with 2048Mb - but surely depends on the apps you want to start. (for example my USB VM are happy with only 512Mb of RAM) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZU6LMAAoJEH7adOMCkunmTpcP/Rv+DP+5gGqofm9nvn6ATD4r 491bUGe5jEjh03BTxazqHhUwImzFM6Lq/ZGQJyxq0X7Z92m9+DLWd/l934QGe90W bgAOOeSRO8F4rMtfSGyesQXtv4ROtPEDUapL6pMPvRh3xixaaoG/WEeEWppcGWgM pPyrhTYx/lKjf1JA5iR0C09Jvc16Ho1jZ+T6KteKqiMusuwd1jP1s1L2Bz1MPkBF s19kVcmngTf4r3Apu1iQf+0ecRfazxFm+JTX+2Vgx26ffcDrRkHSNE5sSQVebWSp SzTMRu0TYWBj92048ZD7efLWf93hL4Olo3Bt4XUmZ1gltRPUN6DqOgub+7qFJ9mO BivxyiRvlsPDzlbPtUl/nh9KPII2R3hNol/nuE5R1yms3PyC+IdbRFIxgJWa4112 Jglt6IomVyTssS3CDqEL1xlO897sMxsGC1wEBm59oaD2uo8VVleRXklnRgMHZiHI 9RDExS+3FC9cRZhDzi3JHuY8OFx3a3oFABYWVW+fyP70gX41K8LVQ6eb6nQD9BUk AFIIPVsZ/H1fplRjZMwQ74Rhejwy7pbn90HfJ/dcJJVfLIhuYSv8nBWT4oaRok4l i9EkENaPauhZuJCGVlW6yEEH+YYY1IzTiahFLe7QHxy+0l9JhGyHWA2WFWKNXaP2 RNArYr9756HDE+cWItV8 =hYOC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9c225c3-d280-756f-56e4-3d64b3905e34%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: [qubes-users] Re: Request for feedback: 4.9 Kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/29/2017 04:57 AM, Chris Laprise wrote: > I noticed this, too. So reverting a dispVM's template back to 4.4 > should fix it? Yes - but this is a general kernel changing issue, not related to any specific kernel version. Workaround: After changing the kernel, you need to regenerate DispVM savefile. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZVKz/AAoJEH7adOMCkunmqjgP/0mTXBtVPu+5aKUBp8PeK+Uu qDopO/xn1r9gacDaddXQjoB8GYZwtM6W7Idr11AlvKaNVytbDJquZNY+EKmcPBdC HYjRCpPHRA2UPODznOKl9TDn3i7AUJ9hxCwql7UvQ3aMntHERzI5/gRTOVjfr7+r cavMAB/ujl1Iy3pYwH4PCoI2hZgWZC4MVUcGltVldWTNfAh5Mgv/SjiS/LOcztmY ycfUssHM2J1NJEqE7FbAtXJutEGmyB00mam1oIEcXbhC6ASGitdK1Ahaxc/KXt4P c5fzuh3ekxrEVNxM9NwXHd0GQGByg/RvySgnflSGfvx993UC486LrCTY4m0OEOiI IpVniXbLn20l7A0ZQf+tF3fvB8ou+G2D7A2Tdv5wx1miV9hGZT0Uz3nUHnVg21U1 CEFICLRf37hEg1UTz5b2QUngJ5KMSSysWSA93ck+FiMYFbSe3V2cnyVQmrykidwV dSedWu81amVHulX+nYv0lUIU9+RvvT7u+xm2Itm19kJixkqUaJQ6e8n54L+F69EE fh0Y5Y3E/BynqGFUhIU/Ph/bgRdWLg3n8pxlBv7Oq4RgDS4a2Lh/Pu/L6MoU6lXJ PfZDoXdOBo36rT+kymtHXrDtILCEEMz4JvAt0h1zqjXU+TZBHReT8Z9smdqtWkrO 2eg82sIDSmsPrczFl1iy =ZBm4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21fc2088-acb5-e2b8-a35c-7d290397cdf6%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to install KDE desktop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/23/2017 10:25 PM, davaii...@gmail.com wrote: > Hi, > > Running the command "sudo qubes-dom0-update @kde-desktop-qubes" in > dom0 returns the following error: "Warning: Group > 'kde-desktop-qubes' does not exists." > > Am I doing something wrong? No, you are right. Seems we just lost that group somewhere... @Marek do you have any idea about what happened? - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZeD9JAAoJEH7adOMCkunmr9cP/0mraqhevxTisjaolny9Uqam uL5zwhbzCsUs2AJo3JPAt1RzJP+jzOZg/nWqOqdN+sYPoc18VUVtKjup34JiOxSV Kxngs1gA15A+WFrcl3hA7LENm2uEh9MrnaOXIMRNWtsToMi8U3U5al83lRuLRJ9i +B6dMRlOx7T2DXx1l9AWq+gl9Fkd/6TVVw0CK6TBqF8fiwQthbv/yHsrkixeje0D GXHlQkt2cayUt0ed74szsdORSGzxF+Hss88wdCVmR3aIs0zuXu5d5EtZYxu0Z7pf vCOxjvI2l8YEv1O8SjTtRp+vb8xKTSTNHfq2qu+3KuEwfWJMn1wW5iqdNM2H7Glj 8VLwWmbrVXHblVTZuDTsOYMlg46aBQLQ/jeoGB3b3e+WoUH0oKw9oZYdNuasBl88 a8eCr/OgUaZf4HuJ16P+tpQDfbm56KUEWThY+lT2URfGmzleTfbREJAJwXxvkC9b 29TqIWY/5s+e/5V7YGmVtawM5qZ8Mxi/hsXRh/8AAuNFirQ2LPl4z0j9xAsL8YrW Wnlxo+WvlgGJFVWPSoj3pOXWgGZVRy5BNHXhPJS/8ljuxQIIp7hp8kbXbOCDBua1 BeZXipRNp/uFhn6r5CjNnzU7ccy2ny+FCYXUTIJNlaBCvn6mNm9Qhc3PgCCpn4Z4 nLMnb0Kkam4dRNRdeF0b =36TJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71860c21-5b4e-4fe0-44af-9025b1dbb2f9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/31/2017 01:43 PM, Marek Marczykowski-Górecki wrote: > https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/ My Very First Impressions: - - the "test this media & install Qubes" is hanging forever on my T450. Before the graphical "qubes loader screen", I see some strange error messages. Need to be fast to capture however. Was not lucky to get it. - - The isntall process is really long. Not debugged jet but the creating initramfs seems to be running forever. But at least was successfull at the end :) - - the missing Qubes Manager is a pain. - - the 'replacement' in the task bar is small and buggy: the tooltip? like thing is randomly shirk to unusable. But too samll in general. I have 40 vm's right now. - - the vm setting windows is the old one, no new features are usable from that GUI :( - - memory balancing are enabled on PCI asigned VM's. - - network manager applet is (still?) not show on first start. need to restart the sys-net VM to shown. - - still only 8 available colors for the VM's. :((( Again: I have 40 of them. - - no VM status GUI. :( The old Qubes manager would be fine till a the new tools(?) not ready for use. - - the 'new' Qubes firewall solution causing more confusions. - mixed iptables and nftables? why? - the old GUI not allow to use the new features. - even if Allow is the default policy I see a DROP rule at the end. Why? :o - - qubes-hcl-report is not included. just tested it (the latest version from github) and it working with 4.0 out of the box. - - no KDE group available Maybe the same reason with the recent 3.2? Probably I'm the last KDE user under Qubes - and I just started to migrate to XFCE because of the unresolved issues with KDE since the 3.2 release. And see no progress in 4.0 So I would really appreciate some statement if Qubes will really drop KDE support. I can accept that, but then I not waste my time trying to make it work. Instead focusing to fix the XFCE issues I have ;) - - the default login screen is just ugly. I know that this is not the first priority, and not even a technical issue. But new users will see that ugly thing first. So it's should be a Qubes skinned one. at least. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZgEjuAAoJEH7adOMCkunmiz8QAIESj31RZibLg4BapsXKIk5a gUxZVMOkhDrc+N5serF28S1Ps5UnYemPOKSoYPUfZyk4C+5l8jk3GeyU5nO6Tvp0 Hrwsxj3gzgBUxYkSatqTCkICXtoR2K+X93IAPJWtjmOUi6VLQG00IpiPyHsdPPHF MSjtQ6iJB4qyHzeUe0hzul/AektyOz2APO/ebojcdwlEZLVZpJZjrKD5YIUQYDzA fafJE6una8ZxC1FULKFoqWCRbUMe396D1tuo1FIUhXG1Cnc/o8x4Xp2FW6SkzZRl IEoKJPX4vFoHysUCeefOgfhjHKF5if+E3g47eZb+63sFvaS9aCFNAoPH4CiXnEkO PaLLggR12etQP+4KQacnszKdl+mh4h+5ZAlus/LjPdlNUVh7t/M1dfv3J1qLAzcw cDM9+OKFGmP9ThIHD+SgiNxIKsWSCctt4IdYsXjEJMEN+X6LHVOQY6F038ekkDZe dhTaNv/RRrzR8sIEtafLQzBA0R2DLXM5sOPrZXKmcv4B3UTMFfo5sfS0xtqPn1z5 xjOjnk/uC9+pNOoAH1lusSHp/mUbFcikF1t9yMe6GFBeKIzQbJba+Hac6zPS4lIM EK2/RksLRxKXP6/3u6lVMc2f5DK5IOVGW3aBEVsSa6C8Ve+O84ElVXs7/ueY8U8F D2SOB+X0NIUUkEWk+936 =qI1g -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/484fb9ea-9639-00e7-bfed-04170f22ac80%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to install KDE desktop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/04/2017 01:18 AM, Marek Marczykowski-Górecki wrote: > >> https://github.com/QubesOS/qubes-issues/issues/2921 appears to >> track this issue. > > Fixed, for both 3.2 and 4.0. Thanks, the installation works as before: https://www.qubes-os.org/doc/kde/ However, because of the tray-icon bugs (#2283, #2264, and manymore) it is pretty unusable now. The last templates where the tray icons are working: F23, Debian8 Newer releases are showing transparent icons for most of the apps. Moreover the new (Qubes related) devices tray icon coming from dom0 is invisible too. I know that nobody cares about KDE related bugs. This is just a status report, to save hours for other users try to use KDE :) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZhErQAAoJEH7adOMCkunmFGcQAJ+ZkW9Powsq7jaP8A70D0Qo KazAIEeYS4ePEhNIc/dp9u2unuYRH6dxP4Cho7OO58NiZm4NNLLL0NdmzUIkdOAL o5pa6jVjyj4MOhftTdkz+k0TV5iU15ukxT71+colono5YucK4dI6poDRYm72UNMR QxhNxGQLZxHm7+Ed4SpGrSsDfqgFgaMOc1iiuEsQGsDYu8ixDptaD9j+i0HY32Kv 3F1aDCg/Pl/eJ8LEnQrSGbU1wrvgz/i4QTkH+/agaXPhSRrjL4qmugcX8uCJ2+/5 VuxDQqC6ozbKmqqw+zgUHTK82QQ0fMqLtrXv3gOEiQN1xQIJticsdOn8Jw+Sw6L+ 0nfmWi57lf3I5MsQkSvPA30xPLS/jDlXe9Kcn9jUbsJgZHO+dc+Y3xtXuBYOq7/u B0aBQfsBi3ECTgxXehpqgZ+sdAzk3/3SrVxVQ72WzZr4gkO6mVIH46X18HueuXn4 AKz+1rHcvqOLY/VdyMc2bb2Mb2GHurWxHdfGP1RDKteldCMl2T63DL8o6ghoQMmF SUA1f/vs6ppqlsguGuaC8lm/8nUWQs3QeOXpXGOWc6XRJvw7lQGWrt1wYrcoStlx cAne8T5B11NocUv+HzvsoAJT2Kyl6Gyyjv8zTciVQcGXXHwCtwT2w9Jx6kqzfg3z yMmSFHToURfTn39gaaqe =r8Jl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/954298e7-278a-ec59-c7cc-18ccb3f2bb10%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/01/2017 01:02 PM, Marek Marczykowski-Górecki wrote: > On Tue, Aug 01, 2017 at 11:25:11AM +0200, Zrubi wrote: >> - The isntall process is really long. Not debugged jet but >> the creating initramfs seems to be running forever. But at least >> was successfull at the end :) > > Is it just about initramfs and "post installation tasks" - compared > to the whole installation time? There may be some bug causing > initramfs being generated twice (or more...) - I think I've fixed > something like this before, but maybe not all the places. Yes, this is the case. But have no time to install it again and again to identify the root cause :( > >> - the missing Qubes Manager is a pain. - the 'replacement' in the >> task bar is small and buggy: the tooltip? like thing is randomly >> shirk to unusable. But too samll in general. I have 40 vm's right >> now. > > What do you mean by "randomly shirk to unusable"? Can you provide > a screenshot? #2970 > What do you mean? Domains widget is specifically there to show you > VM status. Can't see the networking stuff. The most important is (at least for me) the actual NetVM used by a Qube. >> - the 'new' Qubes firewall solution causing more confusions. - >> mixed iptables and nftables? why? > > What do you mean by mixed? Setting for VMs are applied using > nftables if supported (Fedora), or iptables when not (Debian). Not > both. the default "self defending rules" are Iptables based, the VM traffic forwarding rules are nftables based. Custom firewall scripts now have to handle both. My opinion that there is no real need for nftables until it can really replace iptables. We are using just a really few rules here and the VM based chains achievable by iptables too. BTW: I plan to continue the L7 filtering thing I started to play with. Can you point the related documentation - if any - or at least the VM side code processing the Qubes firewall rules please? >> - even if Allow is the default policy I see a DROP rule at the >> end. Why? :o > > To fail closed - if something goes wrong, there will be that DROP > rule at the end anyway. :) It should be decided by the user, by selecting default policy. IMHO Qubes should not try to override the user decisions. >> - the default login screen is just ugly. I know that this is not >> the first priority, and not even a technical issue. But new users >> will see that ugly thing first. So it's should be a Qubes skinned >> one. at least. > > Hmm, I do see Qubes logo in the background there. Do you have > something different? Nope, I see the qubes backround. :) But still feels like a bare naked login screen. IMHO this should be just as important as the Qubes boot (splash) screen. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZhFaWAAoJEH7adOMCkunmwEwQAIbwUTS/qKwczyhclNTPRknb lSNTH9xPuh44fx3Iql+cwU6EpcDRvTswTZ0uuMsrCE5vk1XsZlgyRbJSL5n0Nmof Ax+x6nMoEiOo3pbKOYRmqc5SmWCdi6rUbHRYmOa0eij7+rvdStAD6opca5x8lhkO rStnTKVMTQSSYk/BHT7V2P27tChDAiD2ahB3tvi00SrszhHGrxW/oZ/8RPwkHEWi XEdsqEqJWDS1BkR85IYV0bzoED/uDEtfNqMzPpvAaIORDGdClQi6Ky31BR7dxJRZ o3ngKj9F/lvOd/1HYeD2bErB/y5LJSzgX/18lMiaA+CJa3cXwjzGMEuho7Hra0dK ts1G5bfBDomHfriQElXhspggsleHV+V0aQJnMKd4gGfY0/5/h+xgeUMi/RevVScX nCDvjguDJoktoUQXK8dgt5hwauvPWsSTyJjk5h9I94ij9hMGkbfRzwA+2gEriZw/ g8Dl3WGzm3kX5aOzO9S3CqKY2bQoJwWTO11q9VcjfdE3Qtnu7Y44ECa3bi59B1AD UMc2RQEs9RZ37hUXd5Yfdj68fTD1qCuTX0NRBwxGddT/tOZYXvwEUjs8HqXsM2qf mRGspB/OnHZ2F48J1q6uE4JE+Hyap1lJeSgXaUKpMtzvLBwQTC8v/v5wF8j581ao vwPw7/gGelMGQ4qIAS6S =zTfv -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdecc032-8cf8-047d-6cd9-f02c42ee9c56%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/03/2017 08:30 PM, Micah Lee wrote: > The devices systray applet thing for me lists these devices: > > sys-firewall:1-1 QEMU_QEMU_USB_Tablet_42 > > What is this qemu thing in sys-firewall? Ihave the same issue, opened a ticket to track: https://github.com/QubesOS/qubes-issues/issues/2969 - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZhHB7AAoJEH7adOMCkunmi/YP/RqQnkvTFedQmEI3GC64oebG OvtHdsfxqOkecdPQyug7qTTImpN6IB3w7WwdoS09FcYq4FepOx08e672JQpMZeaT nA1jMmgkS/PM4jUiX0/oDU7GP+gphANeHnV86KOhHxRBQz9yH2SjJ9iBsC3QNvWD 8ISaZt7nh+lZuig6IKLtA3AzmYnk1ZazQAkJgDqNw6QctnJ67fuhXAYoSexafEDX A+esyTgBmWIELeloTkikksDlJpE4e3TKFEmk9n4/nouGTk7cArIeXOFgcRWo/5qI LN2PAemSMjUyBG7ez3hG2kAXqRxAxztNBKnxwumgcqbio+G2BJd4OaPCn05p3MgQ xY2+pZ6hwITDa0ouTbXL+xCn1f0m5hMlHvSvBLI2U927O+KIHLjoD7INuKejDdUj puJ7UCwNgnGGmm9xx43VIdFZt6f1z2wOpIq53djHiOoMT2JzrSyk9Qu35iq/ik27 EzL1Bbnd31gX6mahtV2trpReWyk0GGhEgvi5Rugnfi1HGfkrq36hum3qjgNzM7FP 9pj9LquW9htdOTFyitIvVFMEF1Np0p8CkGsp62aMwitv/dgHAh52+lGzbiYkCtDP fPRqCOkEd9g29S11Qt4y4IOjoK8rAdXb9ZL1OszzzA7284OB3lDxiEWJibrllA4+ fBhbT0oE8Nkl5MiyMSON =+Lv7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c678ef28-7573-d651-bd2a-3aa065c55785%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/04/2017 02:20 PM, Marek Marczykowski-Górecki wrote: > On Fri, Aug 04, 2017 at 01:12:29PM +0200, Zrubi wrote: >> Can't see the networking stuff. The most important is (at least >> for me) the actual NetVM used by a Qube. > > So, you switch netvm for VMs frequently? Doesn't it mean you should > have separate VMs, instead of switching one between two (or more) > networks? No. I'm using separate WiFi, and Ethernet VM's, I have several VPN proxy VM's as well, my dispVM start without net access. And need to use/test lot of things with different network exits. > Anyway, adding such information to domains widget shouldn't be a > big problem. Just don't show it by default (see reasoning why > dropping old manager, in announcement post). I do not really agree with the reasoning tho. But if it would be customizable? - just like the old Qubes manager ;) > The main reason for nftables is to simplify custom scripts. If you > have nftables, qubes-firewall no longer flush standard tables - it > register its own. This means you don't need to re-apply own rules > every time qubes-firewall change something. And you can register > own tables before or after qubes-firewall. And in theory you can > still use iptables for your custom rules. Let's talk about these in a separate thread or ticket Will collect my ideas and share it soon. Currently even the basic networking looks unreliable, so I can't even test my custom firewall rules... >> But still feels like a bare naked login screen. IMHO this should >> be just as important as the Qubes boot (splash) screen. > > Which also have similar aesthetic. Do you think about just some > better background there, or some bigger change? A would say it's needs a bigger change. But of course this is really subjective, and currently do not have time to design a qubes related skin for the login manager :( So this is just my (and my surroundings) opinion. Handle with sustenance ;) - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZhIJVAAoJEH7adOMCkunmTksP/3lDt5xZoRzMCdQWfdVGhvVk qQOxLQq05QXi5r1+lxbg8gBHGiG3h/J1mLmeeqUjKgi1ywyxi6JUMOfwEyC77gtH IG0Dz4yz0W/B1BsUngJFqPurvYJknmcQsughkwJGV17SiOoj71GBBPKkm7Dlow2w BMrw8az4We5hulSSokSLKQGunZ9iPvm6e0pvRjhKtK/hlhao1w3/9UKKJEGGoIqN kAAFiq9y4LYLTx8PHPZgNMnxw6XvxpXWRtAXeheG7VMuVO+1A8n4B0Th4hzB55Gs bC+xCTJL7pJUbT0BtlnlqlM3CdiVVMRZo2GKGuAupjJ6UOm/6q1k2g2ZCF2aS5w2 3vPH0oFB6/E6Znfc/cxDJ+daAAN2vdcgbt9ExyAoUSr79sp9mYvKqaJftA9OAj99 XH35FlbuSPLxOrQ+1uKCImvmkHtAL6SV9Cnb8gWxiFTxMQ0FTw63W7oAkfzTFNEI FT1sgBMv7RoxW/kpQf4LQOuyaLs4OUlgoK5V/pyw4M6IXNrQBL2leanbKeQkNlxQ UlpFO/LvP261vlGV0znWCmnifffPtcTcfBI/b+Fxw4XsNzmJb3/Bzh9NRJ317gS1 WWleM0JdIQo4bp3qF3D4BsmdK8a+eUBNePlVaF/TB57DAAlAhh+YvOooFaI0QL0Z QxiU4qQldkhOGdyG0nK/ =Qvvd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e794e91b-8091-c31b-edfd-965fe3743744%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem installing Qubes on Lenovo Thinkpad T450s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/07/2017 06:16 PM, Janik Besendorf wrote: > Hi, > > I have a T450s and followed the instructions here > https://www.qubes-os.org/doc/thinkpad-troubleshooting/ for the > UEFI options but when I select "Install Qubes" in the bootmanager > the installer start loading image files but then reboots the > laptop. > > A friend of my once had the same problem with a T450 and told me > that he needed an older kernel in order to install Qubes. Does > anyone know more about that? I have a T450 and I can install and run every Qubes OS release. Including the latest 4.0-rc1. All you have to do is disable UEFI boot, and set "legacy boot only" in BIOS. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZiWc/AAoJEH7adOMCkunm1H4P/1myU3LkL7S93AlTwMYxFqGi Rn5TeOxSaMS+/00eD8NspH/MLtfPqKapxVlHMLfjVBM4KFg7WIsKmDRjJ7+6edFt SVTWT2LuUxlcXD30eIeSpbQ0vr3NCJZ7jbwZ9ww+lQ8MkIYyOvpCf6C8NVpHavnF x5Z31wPLNgt86UTlVpTP0Vtb/l+n7lbU/MRDvzJSHYok040+9p6LfPKxX6jwvb5L Bql/NP9M3cjt861HLWaO/COsYdvTOsWCv4bdYkoGZmxTg1oq3powLjSTGX4p0Vob gzKfub6vsWOSRPUFBL/nzTSfsoOiWtL2rL8d8GMi+02cQ/oIzPoEnATe+nZmmpaj /pQYeFrMiVqR9OtJj/sP+Oxv17y1hpUQS8kG/mv47/6dqt2X7iu/z3ikTplvtu4V r8CT7wXcSMRwQdUFW7NAhbhxi9doX18TRLcfiJZz4hN5hsMOY90ULufIiluMEqC0 wh75YzNSPIjcE1ryg33C+cFHLBs197ehdXxTVGdbA34+8Xv28zmhhAHd1DK36DHZ p8y2KcrOhtsP4cSUZRenxnDMrR7Awp2EoQF3BrxZf/RDe5+GCVcFmJkrrlbDdq8L s0G1p2g9SYhPTfHcTYCj9Sf4mfiAy9HKcCr1VI177lZGGqJIqhXQRWJDhGMpu4Ox Jd1hjrQSw8WEL6lZ8C22 =DUlr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/401a7ee8-2934-8fe4-5e10-77737351a678%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem installing Qubes on Lenovo Thinkpad T450s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/08/2017 02:44 PM, Janik Besendorf wrote: > Hi, > > I tried 4.0 today and that worked. But I dont think that I want to > use the RC on my productive system. I attached my UEFI settings in > the mail. With this setting, you should be ebale to install/use Qubes 3.2 as well. As I have this setup too. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZigXfAAoJEH7adOMCkunmMKsP/0ynjy/tGo9eHcnENDijf6ru 0N5oHi2EgDJBzVfLkiWXuADGGpCAiWFw+oXjiHRwvJxM1HdX7fi15nIiIYoU6fmz O7oTkDtLELm/J99bwnomEHGenLfeSGd8v9o4xlbqTmjkzCZHa9NRMMfdshpdAaqY PuADwYK0pdjs/ziBYckPEgyz0UxvlPCcypQZQmtAvk8Y/bDh5HW2rEpjcuE55M2W vksEh0HJnB4LP9zLo9pGyKgZVzSI4dL4iQO6flqAGROlnHII9F+E1ilOg95gtWQ1 h6Alwt0FYD758VuBIKlO45dlZgTBfGOlmdLCxASZtaCR/Vt3vIyXVEhrboF8znPd Q9aKu/tsCzW71plOsCUaRgev4oCRwVdSVmk04vtEotaTs+4lNqJyPj+0pnQCX2M1 iEJb5zQ2ibYrhspXkj5aFv77uKaG0z+DkSY8ZPc6GjJ5sEFtlU0pIeVMZtY+Fb+V Qz2UpvugQatSC6BWUnA4vaPfV2yapXDJZDVkGEFbyeITwu2eKO6zVSV9i7fWuTQy spxlZYxOEId2o1FoMLdbFS8aeVjw6djDiihMqgkcrFH10eZmXFn9fvoNyWMjKf1t FDyVWaBkKhmlkNU8DCbtkzBM3I6Uho3acBVLgtrUyQq012Q/RdpCtvYnAUf8rWoL pV9s0U9WQy6APN7+ozHu =LO29 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe84058c-0eaa-f3a0-2c18-03c7e881aa99%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] usb qube with one of two usb buses?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/20/2017 08:52 AM, pixel fairy wrote: > im on a desktop with 2 usb buses. is it possible to make a usb qube > with one of those controllers and leave the other one in dom0 for > the keyboard and mouse? > Yes, but: - - you have to find out which physical USB "connector" attached to which PCI device. (It is mainboard specific) Then you can decide which should be remain in dom0. - - you have to remove the "rd.qubes.hide_all_usb" from the GRUB cmd line. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZmoopAAoJEH7adOMCkunmwUoP/iKay5YmA1n+HZq6PolyiXdy zzYZ8i+X1fb/Nrb+Mj50qL5fhtm3HO/Be/Y9aM801TYJ3LSGwKIi1e5ieNK95oc9 TiFxIQ/PjcGCG6kDZHL7eWCBx96dkfHZsSKYNgyX8MWpGLbFQ+YpFqnEG3GYREzz W+h/6Jsp+62Kpn9t4Z2/qG2fO8kDqtpTNKRycJo7YhVoa4QFoUGM020zfX6Z8mHy 7RCBlhqQZ0dPV+ZouHFPUu74tKDLhGAWjal+21looP/ju+Gz6v8L0ptkNr4CuwBC 07U6CJRL8ngO7dA/nwTgqrNFj/aFrycoQGCFJTUqeh1NY7MqVzGplleBox6d/vFN GxC4SrOWB4EWR5/vwKg2KNNYe+clP14ozhDZOiB6juLz3pl9HI7MPDNNmZD2LsWA PczHz29Tekhd14owOu0l7zptAY3hza8434eAJO9l2rw0+JEDpU+BhuRZbJbteWwf MwHwiKIYkn2Gy+/1yALIQRVA6xaAFUkDIxRK/IY4eqnX2gw4HWPnMCeaZ/pS5qTk HuoyoWi35k3P3R2lmt4t2OICSUmxLVxL+E5fMenTrSwzyGSJZ+IvG7jwNxfuEK0B 19+/m1n6M7OKQdyD8bri3mXpL1bRO7j9YCcr5tWRWxRk0VXywQ3X8QUpzCkuEbxH H8PiBirnm3DTQLr+y7TT =VO6Z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f387cd5-94ba-f877-6121-d9852acd1ced%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] GPU is deal-breaker
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/22/2017 10:18 AM, cdgam...@gmail.com wrote: > Summary: Deal-breaker probably is down to getting VLC working > properly > did you tried to switch video output? I would start with X11 instead of automatic. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZm+ndAAoJEH7adOMCkunm2h8P/iWgY9IyZtSpxvzK7c6EFhQO LJSh6x7WVJkRwK4lUSHtvabzMQ5FjZkd/tJIOPjGF0pLpnqofKorfMf02ZGDNrIW n1yuccSo+3bGIYL94UVV2biNHY9IXALm1QnPB/cp2dehkQYPHQhLRi1Jh1Yhfsps 5Fj+4jVWenqtzzjN0Q9shOthhN0d6xarcnig8jTidDQ1ss8FBI/rQ9Ds2ZrNsJ7B DeyrC9/nUKr4ZsOqHoXXL/dVtJxs9t3mwvck1ed9a4KwB2jmHdW9smANyu5HV09W 3jD22RQPRe6FB4g0Sqb1He6mgAryWT55J43FwiL5VxWIaZXNG0IN02u15BQivmIA VLGQpcBD0l8qUKrdtQnEMJIcyHFvvclA/3EnIAjqKFfN7SkLESuYZ5VPqFHm6b8E 6JtQhyW/AlnD9BWf8uatl8nqUHOjrBKfkH0FzHBeffdjTgOlkMknoUsyhg4VQgAD APRUzrqJJSXLVkgK0I2KN3mbaaaY9gI74hzikuLnP/SJylLM3Cu7QJxXwhWD25yq 8QUeqUCkmTYx2PA6NnXSKRrXxOJ60RBCW5Xc1pruSdMYkrO3apKwRdDjqki7z+UZ Io/EUHeOA5rMBZjFf7DlD3JfTpm4N2Qwy2yLzXn8jOk9QIG8tWgdgIDp4ssomFsS bVq6MeralPxwE6y3vLzE =OzTG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b1b7152b-7e85-dc3d-b76f-566b2ebdae81%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Lenovo X230 - List of USB-Ports and USB-Controllers (Layout)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/2017 07:07 PM, 'PhR' via qubes-users wrote: > One question: why the first USB-Controller doesn't seem to connect > any USB-devices/-ports. > > I have attached each of the 3 USB-Controllers to my sys-usb AppVM > and then looked up which USB-devices are recognized ('lsusb' in > sys-net) and tested out which USB-Ports work. > > Any idea what is happening with the first Controller? Probably it is connected to the optional docking station, and it's ports . - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZsZAPAAoJEH7adOMCkunmq8IQAJyQ78/kwgSf60jTJA6XdJ0A 9IHc7oaKuQKaYeUAoLQNj40zsU1/hxjUudonsnk+SKhgrQuLhiM2cT5L/eeAwtsI SkUku2SyskS3iA+oFZPTeww2fj/XmqKSaqSq4eWKud5uoILEeWTKxowmyffryTHo 0T7pNJ5AljiP5emcCv5DFT/HLKDKiiWT5hYVPdUfZj6Z8/LyEvai1qdLwfEdXkGy rTDF/W+kOFR8s89DWGZSmOokixSIRS6ZjNZ2dukucoub8tddp3KwA91HikPaHqTp lW9iA0WB+OOyeLvD18vrR5Iw4vq7kdHFsy8e9ohMxJ+x14JVsE5KrNfjL1/zXshm LKyE/sH4jp0MILd2yEKhYFLfDz/Gbe6vOic0eVRUzw+FCZdM1IOJY/NhUMp5v/6/ vzWaihZjJ4OM5l2Eze90Y98tO7HNZXo48i7/XKyrtElZusKwKFowH8fZPkdtGL8q 1CuecHvE51mDwJdAWmxPa0MmeDuqjzF/7tvEn9OKFy/K/DdnAtWPxtq+TTDOWyWD /0/J7wF1bLaZnwc8f7X7rv1Q0K+fgw2R7oUIm+5/Y7JmoLycqVFxGhmCrgxty81P CXeypsECIwPOaw9r5EClL91dVdPB/o4sSOy8jL7nQ47CINgqepwzGBF8j+1INBju XWQ9E2zUuYhxK1dUwQvk =dZCe -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/60f06b61-0e78-a0af-cb6e-c0ee15c64310%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Relation between increasing RAM and the increased need for display memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/21/2017 08:47 PM, Teqleez wrote: > Hi all. > > I assume this is relevant not only for considerations related to > the practical limit/benefit of increasing RAM in existing > computers, but also regarding the specifications when buying new > computers. > > - At the following amounts of RAM; 8GB -> 16GB -> 24GB -> 32GB -> > 48GB -> 64GB, how much does the requirements for the graphics card > memory increase with each step, if we assume the > normal/daily/"permanent" usage to be 70-80% of the available RAM? > > This obviously depends on how many different VM's one has open, and > how much video memory each one needs, but can we make an assumption > on some sort of average number for this, to see if it is possible > to find some kind of rule-of-thumb figures? > > For example, if we assume a "normal"(?!?) Qubes-OS user whose sole > reason for increasing memory is in fact to be able to run more > Qubes simultaneously; how many more Qubes can he/she expect to be > running per extra 8gb of RAM, and how much more will each such step > "typically" require of the graphics card memory, if we assume a > "linear" growth in the number of concurrently open Qubes? > > I am guessing that with the capacity to run (increasingly) many > Qubes, the amount of applications running in each one will be > lower, to the point where we most often choose to run > "one-app-qubes". For the sake of this example we could also assume > that this example user is a "lazy" person who will not bother > configuring minimal templates, but only use the default shipped > fedora-24(++) template for each one, just for the sake of > simplicity and playing around with these numbers a bit. > IMHO there is no real connection between RAM used by the OS and apps, a and the RAM ins your VGA. (VRAM) VRAM is used for: - - game (3D) data rendering, which is out of scope in case of Qubes (maybe if you using Compiz with fancy desktop effects) - - display rendering. The later is still need more and more VRAM because of the bigger and bigger common resolutions Like: 800x600 -> 1024x768 -> 1920x1080 -> 2560x1080 -> 4K -> 8K -> etc. So you still need more and more VRAM to render all your pixels in your screens. These can be multiplied if you start using multi-monitor setups . But these needs are not growing as fast as your conventional RAM needs. I'm using 3xHD screens, and the 512Mb VRAM used by the integrated VGA is still enough for that, while my OS has 16Gb RAM. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZzM+6AAoJEBozWgtUjzdkzbUQAMuN8HsuXf5YeKERJ8pubew9 5bzQIbv7bffzF0O7w4VndyxF28jE49KLjBkFf6siInOgL4SbG2SQVPP/lyHZG2kq 9rlCu0294ICHU7ASDOfnuQx+6IPJZdUGTXb2tt0r3OlY418Gdj/cHNIT5Ul1j/DW nGpvKUNQzVzmV0Bl43KlKD4ZwBh1+Xz5AgfI21E2GGKiwpMMKWEGy6ZYmSoe7Opu 0LC/MHWABnQtNwNcGsXyZ6K0BhakuT3va32x4aQC7d2e60iJjvxHaLP+WEFEVSDd LpbEPQVWA1+LJ4eOC5xmT0LkKCxeBezU2zOk+ZCP0jVcgwS7VecMQchuKUViNBEe Lgx3BBSb39ZXZb89zwK6y+3nDb81Ewuq95d2i3PnCU72SJi9Z4Uhu5m2xVVYNNf8 eHk+dChrGp7QZ51bHNl4sdDsVGiWC6c7/Vf7LAeL5WBQi6hgeASvoTBWEOsHSgPj PjTHXw0R3IXrLyfzajLmc51UMh9zn67pstI5y/6KjX89Bv9h38kXg5DnIxNDbxjD FX0MJAECd2e4y3NOIclPVa8dY1m5nMgo4H4GbPXvF2mXsi1kY/CzTY/zT7/R0HaM ufXupUY+Hnlv/v+QRlTob+d38H7eLeHf5wqmgIxSrQnsDSqc5HeprMjzQOCNvnaB dW9yigS7udjNfVDjVbi1 =fVJ+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/085fcd85-f38c-6522-69ae-cb4e57d070d5%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Relation between increasing RAM and the increased need for display memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/11/2017 04:22 PM, @LeeteqXV (Twitter & Mastodon.technology) wrote: > Ref. "(maybe if you using Compiz with fancy desktop effects) " > > For me, the desktop environment affects my well-being and mood > very much, so yes some of such "effects" are important, both for > efficiency and for the general good feeling when working etc.,, not > the fancy part. > > I prefer to have 12+ viewports/workspaces, each with its own name > and background image, so I can associate specific > tasks/applications to each one, plus with a wrap-around function to > navigate beyond the borders. I use Compiz for this on Ubuntu, and > fortunately all of the above is possible in Qubes without any extra > tools. > > Compiz provides customized window transparency so that when I > write, I arrange for good (text++) contrast towards the nice > background image on each desktop, on a per-window basis. I use > Alt+[numeric"+"] and Alt-[numeric"-"] keyboard shortcuts to > increase/decrease the transparency on the active window. (Not sure > if this is possible in Qubes out-of-the-box?) > > With this as the background (all done outside of the VMs), along > with the initially mentioned points about increasing use of > one-app-vms, are you saying that we can basically just keep upping > the RAM without worrying about the potential need for increased > display memory? I used those effects as well. So yes, I would still say you do not have to worry about your video RAM. > I would like to know what are the minimum requirements for the > graphics card in this respect, for "both ends of the spectre", so > to speak; My experience is that you can't have any Qubes compatible hardware that is not enough for any kind of fancy compiz effects. Mainly because the VGA is integrated into the CPU package (most of the systems nowadays). You may have to increase the default assigned video RAM in BIOS, but that's all. > a) ~16GB RAM, which is getting increasingly possible with > sub-€1000 laptops (just for the perspective on the limits). b) > >32GB RAM, for the high-end computers. > > Will it be possible to use a (compatible) laptop in the sub-€1000 > range as long as it has enough RAM, or should one also verify that > the display card meet some kind of minimum specifications (for the > scenario where we are going to run a LOT of VMs, only limited by > the available RAM)? See my note above. > + How is this different with Qubes 4.x compared to 3.2? Nothing changed about VGA. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaCF1jAAoJEBozWgtUjzdkIkYQAMQqUpqMo2SgApIgni5Gvj44 M5dOvhWYVIgOGw+SyG9VwuAxvPAfeJKvSrv1U4W9JayM6IwsRtWE37xD51PGERPD Z+Ge1HMZnU5v+qR3yDKLo7qgIjAzj/12r3waWUuf89KdMGFOhOKTWEE9SS20Tpv0 GfaLwTJHZkNU1RBfroui0maoUXA9mp4LB/Pix9ueIa3ygtXlhcA98nJd7zTYTJ1Z VhVj1vBoR0Qwdh5EutMCknXSEnV3H8HojNT168BdqkQcIfxOaG2IWJiYBDZ3fjgg V9DfbRrHUbH8C/zBm9K45cRTKZFglvvL6zFJC3o8ktLTVfJsQTO/eEAapUAj3H1l 7YlDuCw7eHWlX0gdMMvgu9jWKtWNVWGxXucuqVBk+kso/T8svNYb2YQraWr93Ovq 8n057Eb76KumDHTMrFZ0hr1neZPzBVUf7FHzODBt7qMGF0FpukjzsX6Q8sN6DVmw MLAIW+UOJ859VHXzblfbPDvvTBcZDaZlwvhOWdd109Lqb+dcqbuTqJEAnN1nLibV 1YSGrcKfCdiBZqxSFhFKDt3727ddr3+56a1N+ZZBtAgfh3nPqdzGi5tJocEl/hoc m57BN+H4evHtoq0XPiDhSm9HQj+j65Bd8w8ep6j4NFMKF3xxxgHAMQA7SThXBr88 5TPYItMNE4R2OYjw7oBq =h9IP -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f871941b-dc09-7393-bc13-cb0de47306e1%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Baffled About Passphrases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/16/2017 08:01 AM, Ron Allen Smith wrote: > Hi, > > I'm new to Qubes/Linux and would like to know how to > change/add/remove passphrases applied to the USB I installed Qubes > 3.2 on. I looked around at Qubes FAQs and elsewhere, which was > helpful, but not giving a step-by-step of what to do. > > [user@untrusted ~]$ lsblk NAME MAJ:MIN RM SIZE RO TYPE > MOUNTPOINT xvdc 202:32 1 11.5G 0 disk ├─xvdc2202:34 > 1 10.5G 0 part │ └─dmroot 253:00 10G 0 dm / └─xvdc1 > 202:33 11G 0 part [SWAP] xvda 202:01 10G 1 > disk └─dmroot 253:00 10G 0 dm / xvdd 202:48 1 > 500M 1 disk /usr/lib/modules/4.9.56-21.pvops.qubes.x86_64 xvdb > 202:16 12G 0 disk /rw > > Although I selected default encryption during the Qubes install, I > can't determine whether or not enryption is actually set. > > I also looked at 'man cryptsetup', but unsure of how to use it, or > even if I should use it. > > Can anyone set me on the right path? > https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Cryptset up_actions_specific_for_LUKS https://unix.stackexchange.com/questions/252672/how-do-i-change-a-luks-p assword - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJaDViJAAoJEBozWgtUjzdkjEgP/0YJaJx02wCw58jXYDOFf3xY sa3VASFf9lNtWz3B9JSK8hM+mn4aIh402zS2oGu+OQLaE9oG4H+c2e2oNDwHihyu +nBGflOj0uPK4iWHrvKHiGm5p+etlrZMu7HJElMHLL5VE7LnHFsASwSfCDYAFKXL 6+pZXTIwXGF5RPiI0YZWdXf1+j1YA+i5VFaUWDaUXwLqcjgdCzrHyzI6T1oJXiGK fUzA6y1ynJ03GDb7Ik3XunS8rwzaIgjwke0LlNsST75CYhErGJt5Xw0tqNhVKK6A xdB920aFFA00G1yE5IbdNSkGSQiE9BqaAk3HGmMlNkD06i6dyczXoSFJ+7tS32dT SeoxfEGDK35k75lyTbY3md+NBM+xwdoYDvT1Hk9uOIAIMrckUJ2WVf7uqHSteCTR 2zdvQK55PDhR0cdx/YdXsHU+cYAHg4gV+fGV1PUAjuAfjjqcXRmrpjghlgffVvNF D3GHBkPWYNWtNqNXTVGNZBPLrxRyVeBFdjPUANefQd4PaOB+027a5TflBhtkRipU PnugdE14uU5/XDGbth2YIZtkfPPVOcjuoMUGzKBUo4Ak3Dbt7RQCEgySzGemJmYp 8PyM40qLTu+YcBoDtnmb1cmtv4gA2fjK1+fYlKqMBBBIQx0r6xrRYiyHZN/D4x3N tQHRthMFEhBep7ff2vpD =f8MO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4fde44df-7c27-2099-516a-edde9e6c697d%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] WHERE is VT-D implemented..?
On 09/20/2016 02:44 AM, neilhard...@gmail.com wrote: > WHERE is VT-D protection against DMA attacks implemented..? VT-D is implemented in Xen and it is actually protecting PCI passtrough feature: https://wiki.xen.org/wiki/Xen_PCI_Passthrough Because Qubes using Xen, all the VM's are protected against DMA attacks, however most of the VM's are not even affected by DMA attacks, only the ones having PCI device assigned. (sys-net and sys-usb by default) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6dacb497-f561-c5bd-3801-b0f22378a8c7%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Future plans for KDE on Qubes?
On 10/23/2016 11:14 PM, Marek Marczykowski-Górecki wrote: >> Good to see that I'm not the only Qubes user out there who finds KDE to >> be more usable than the alternatives. Totally agree -- I really hope >> KDE continues to be supported on Qubes for those who prefer it. I'm also chosed to use the new version of the "broken" KDE instead of switching to Xfce. > I think we can keep its current state. Shouldn't be a problem for Qubes > 4.0 and later. At least until next major incompatible changes in KDE... The problem is that the old KDE 4 was mature enough to just leave it as it was packed by the Fedora 18, 20. But KDE 5 is heavily developed so not even bugfixes gonne be released to F23 - we currently using in dom0 So KDE 5 support would means to me: - keep an up to date Fedora release in dom0 - and/or backport KDE 5 packages to the actual dom0 release - whatever it is based on. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/968de8fb-b5aa-f055-ef2f-5b0c32afefb7%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: Request for test: Re: [qubes-users] Fedora 24?
On 09/06/2016 01:24 AM, Marek Marczykowski-Górecki wrote: > I've just tried this and successfully upgraded Fedora 23 to Fedora 24 > template. > > TL;DR version: > 1. Clone fedora-23 to fedora-24-test. > 2. Open terminal in fedora-24-test. > 3. Run "dnf upgrade --releasever=24". > 4. Shutdown the template. > 5. Switch (some of?) VMs to this template. > Just tried to upgrade my templates and got this error: Error: Transaction check error: file /usr/lib64/libpython3.so from install of system-python-libs-3.5.1-17.fc24.x86_64 conflicts with file from package python3-libs-3.4.3-12.fc23.x86_64 Was not able to workaround it, because(?) those libs are used by dnf itself :o The official fedora upgrade way: https://fedoraproject.org/wiki/DNF_system_upgrade seems not compatible with Qubes any hints how to solve this? Thanks. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74308bcb-80b6-9992-9240-14da9073c5b9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: Request for test: Re: [qubes-users] Fedora 24?
On 10/27/2016 03:31 PM, Marek Marczykowski-Górecki wrote: > I haven't tried recently, but it worked before. Maybe a workaround would > be to disable "updates" repository for the upgrade time? Just add > --disablerepo=updates. I do not understand the reason - but it was worked this way - thanks. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e387590-84b9-bcfd-45e2-b56a4f11a058%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: Request for test: Re: [qubes-users] Fedora 24?
On 10/28/2016 10:06 AM, Zrubi wrote: > On 10/27/2016 03:31 PM, Marek Marczykowski-Górecki wrote: > >> I haven't tried recently, but it worked before. Maybe a workaround would >> be to disable "updates" repository for the upgrade time? Just add >> --disablerepo=updates. > > I do not understand the reason - but it was worked this way - thanks. I just celebrated to early :( now it seems I'm running FC24 - but still have a lot of packages named: *fc23* including several qubes related. And if i try to update the system got the same dependency error as before :( Also noticed that the update skipping several packages because boken dependencies - see the attached file "b" distro-sync (and system-upgrade) also fails by broken dependencies - see file "c" -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35eaba28-7faf-d291-aa3f-d7b741a201a2%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. Skipping packages with broken dependencies: dnfnoarch 1.1.10-1.fc24updates 276 k dnf-conf noarch 1.1.10-1.fc24updates 96 k dnf-plugin-system-upgrade noarch 0.7.1-2.fc24 fedora 49 k dnf-yumnoarch 1.1.10-1.fc24updates 79 k libcomps x86_64 0.1.7-4.fc24 fedora 75 k librepox86_64 1.7.18-2.fc24fedora 87 k pulseaudio x86_64 8.0-6.fc24 fedora 919 k pulseaudio-libsx86_64 8.0-6.fc24 fedora 586 k python3x86_64 3.5.1-17.fc24updates 57 k python3-dnfnoarch 1.1.10-1.fc24updates 452 k python3-dnf-plugin-system-upgrade noarch 0.7.1-2.fc24 fedora 31 k python3-iniparse noarch 0.4-19.fc24 fedora 46 k python3-libcomps x86_64 0.1.7-4.fc24 fedora 47 k python3-librepox86_64 1.7.18-2.fc24fedora 57 k python3-libs x86_64 3.5.1-17.fc24updates 1.3 M python3-pipnoarch 8.0.2-1.fc24 fedora 1.7 M python3-pygpgmex86_64 0.3-18.fc24 updates 90 k python3-setuptools noarch 20.1.1-1.fc24fedora 421 k python3-sixnoarch 1.10.0-2.fc24fedora 35 k python3-systemdx86_64 232-1.fc24 updates 70 k rpmx86_64 4.13.0-0.rc1.27.fc24 fedora 513 k rpm-build-libs x86_64 4.13.0-0.r
Re: Request for test: Re: [qubes-users] Fedora 24?
On 10/28/2016 10:46 AM, Marek Marczykowski-Górecki wrote: > Wait a sec, qubes-gui-vm-3.1.7 ? Is this Qubes 3.1? We don't have fc24 > support there... Well no. It is Qubes 3.2 - but a restored template. Maybe I just messed up something related to 3.1 -> 3.2 upgrade? However to template is working fine. I'm using it for a while for production. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d28663d-3256-9940-ea6a-0ad700693a49%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: Request for test: Re: [qubes-users] Fedora 24?
On 10/28/2016 11:44 AM, Marek Marczykowski-Górecki wrote: > Or maybe > it's still at 3.1 there (and the updated one saved in .rpmnew file)? That was the case. My templates are updated to fc24 now. A few notes about this: - skipping the template upgrade from 3.1 has no immediate visible effect, easy to forget. - the /etc/yum.repos.d/qubes-r3.repo file hardcoded to Qubes versions, and the upgrade not overwriting it if you made any change (enable more repos for example) - the short upgrade path (You discribed before) is working fine :) Thanks for the fast response :) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9b075a2-c1dd-dbf5-aff3-eca047148770%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Introducing the qubes-announce read-only mailing list
On 10/28/2016 12:32 PM, Manuel Amador (Rudd-O) wrote: > Forgive me for asking this: > > Anyone else beginning to get annoyed with Drew's constant participation > that contributes nothing of value, and in fact often detracts from the > value of the mailing list? > > I don't want to be mean, but it's like we have our own Ken M in this > mailing list, and it is Drew. Yes, He is really annoying. I just ignoring all the posts from him (and maybe whole threads) for a while. Not easy for me - but nothing you can do about such issues. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c072fd02-960d-878c-1e53-52de87525f34%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
On 09/03/2016 12:49 AM, Connor Page wrote: > I have calibrated my yellow screen using argyllcms. > I don't attach usb devices to dom0 so installed it in sys-usb as well. > used > https://encrypted.pcode.nl/blog/2013/11/24/display-color-profiling-on-linux/ > as a rough guide. > to get the calibration done you just need to run dispcal and then transfer > the calibration file to dom0. > then test it with "dispwin xxx.cal" in dom0. if happy, create an autostart > item with that command (probably, > using the full path to the calibration file) and you're done. I just started to experiment with display color correction things. I wonder how it is workig in Qubes because as far as i know: - the display profile is used only the programs are aware of icc profiles. - the X server runs in dom0, the apps are in AppVMs - but no communication about display prifiles (colord) because of the qubes gui protocol. > I went further and created an icc profile for use in firefox and photo > software. If no colord is runnin in an appvm, how they apply your prifile then? You just manually configure all of the icc profile aware apps?? Can you please describe in more details what and how you achieved? Thanks. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fbdc9bc-dc48-8a25-ecd5-9686b62800ce%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
On 10/28/2016 01:19 PM, Zrubi wrote: > On 09/03/2016 12:49 AM, Connor Page wrote: >> I have calibrated my yellow screen using argyllcms. >> I don't attach usb devices to dom0 so installed it in sys-usb as well. >> used >> https://encrypted.pcode.nl/blog/2013/11/24/display-color-profiling-on-linux/ >> as a rough guide. >> to get the calibration done you just need to run dispcal and then transfer >> the calibration file to dom0. >> then test it with "dispwin xxx.cal" in dom0. if happy, create an autostart >> item with that command (probably, >> using the full path to the calibration file) and you're done. > > I just started to experiment with display color correction things. > > I wonder how it is workig in Qubes because as far as i know: > > - the display profile is used only the programs are aware of icc profiles. > > - the X server runs in dom0, the apps are in AppVMs - but no > communication about display prifiles (colord) because of the qubes gui > protocol. > @Marek: Do you have any idea what to look for in order to be able to calibrate my screen under Qubes? What I already tried: - the standard gnome color management tools runned in (sys-usb) But it is complaining that there is no display to calibrate. running the same calibration software directly complains about there is no colord available (masked) (gcm-calibrate:1459): Gcm-WARNING **: failed to connect to colord: Error calling StartServiceByName for org.freedesktop.ColorManager: GDBus.Error:org.freedesktop.systemd1.UnitMasked: Unit colord.service is masked. - diplayCal is happy with the dummy display seen by the AppVM, and do not depend on colord - but it fails on some X calls(?) Debug: window wxComboBox(0x561c58c3a230, ) lost focus even though it didn't have it X Error of failed request: BadMatch (invalid parameter attributes) Major opcode of failed request: 42 (X_SetInputFocus) Or I should connect the calibration device to dom0 and start the calibration from dom0? (Also noted that there is no colord running, so I may have to apply the profile viea diplaycal cli) Thanks. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9c23f28-57a0-e380-2a71-781795825e8c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
On 11/02/2016 07:28 PM, Marek Marczykowski-Górecki wrote: > I have no idea how such software works... Especially at which stage > calibration is applied. The gonme frontend will apply the resulted profile at the end - if started from the gnome-control-center. It will gonna fail - as it is not even see any calibration aware device. (but this is maybe because of the missing colord) The other GUI (displaycal) is just create a profile, and the user has a choice to use (apply) it from a CLI, or whatever. > Is it something that application does > "internally", or adjust display driver options? Apps can use the (colord provided) profiles in our own. In the same time it can be apply X server wise by modifying the graphics driver output via LUT curvers. of course that means that the later have to be done in the GUI domain - which is currently dom0 For the best results we would need both. But in case of Qubes that would means: - apply the profile globally in dom0 (or GUI domain) - provide (the same) profile in VMs via colord The current issue is to create a profile without attaching the calibration device to dom0. Even the profile creating is tricky because those calibration software may try to apply the result but at lest needs to create an app window which is: - always on top - always in focus - shown on all desktop - prevents screen blank/lock Those thing should be only be able to achieve by dom0 (GUI domain) The real strange thing that it was able to pup a window with most of the features above - but then crashed. The last error message was the result of that crash. The calibration itself ir really simple that window will switch colors, and the calibrating device (placed over that window) measuring the actual shown colors, and the "difference" goes to the resulting profile to get correct colors when applied. You can read a more detailed (and probably more accurate) writing about this here: https://displaycal.net/#concept >> running the same calibration software directly complains about there is >> no colord available (masked) > > Try unmasking colord (systemctl unmask should do). I assumed that colord is masked for a reason by Qubes devs. Because in a default feadora colord is up and running by default. Will try to unmask it - but not hoping too much. As I writing this I see no real chance to make it work without plugging the calibration device to dom0. - but let me know if you have any idea. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c087c626-81f8-f7dc-604e-4951d8347638%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
On 11/03/2016 12:01 PM, Zrubi wrote: > The current issue is to create a profile without attaching the > calibration device to dom0. > Even the profile creating is tricky because those calibration software > may try to apply the result but at lest needs to create an app window > which is: > - always on top > - always in focus > - shown on all desktop > - prevents screen blank/lock And forget to mention that it will also try to set the screen brightness to maximum before the calibration process starts. > Those thing should be only be able to achieve by dom0 (GUI domain) > The real strange thing that it was able to pup a window with most of the > features above - but then crashed. The last error message was the result > of that crash. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3aa64fab-5a1d-a375-d15b-b652d93b5dbe%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] paste clipboard text into rdp session?
On 11/03/2016 12:23 PM, pixel fairy wrote: > is it possible to paste into an rdp session? not share the clipboard with any > app in the session, but the session itself, to type those characters. > > im using remmina, but i dont care what rdp client i use. i just dont want > anything sensitive falling to keyboard timing attacks. > > if not, i realize a couple options. > > 1. keepassx in the appvm. would probably make a dedicated appvm and ssh key > for this. > 2. xdotool in the appvm. > > any other ideas? > I'm using a (dirty) workaround for this: - Qubes copy from my vault - Qubes paste it to the dest AppVM - insert it to a simple terminal/gedit whatever - copy it again from there - paste it to the RDP session. Really annoying - but do not have time and motivation to reveal the problem behind. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbb5149e-c262-12ab-bdc4-4a1e97bb8eae%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
On 11/03/2016 07:51 PM, Marek Marczykowski-Górecki wrote: > Really is all that needed? I'd guess you need to have the window visible > during calibration only, which means it should be ok to manually switch > it to fullscreen (from titlebar menu) for that time only. As for the > brightness - is it ok to set it manually? Theoretically yes, setting up those things manually should be enough - but the actual software simply not designed to this case. > If the software do not need to change any video driver properties during > the process, it should be ok to run it in the VM. > Of course in practice calibration software may not like those > constrains... Just found out that some test during an 'accurate' (long) calibration process do want to modify (apply the half baked profile) driver settings and checking the results, then make modification and checking it again. Doing this till find the best results. So calibrating from a Qubes AppVM seems to be a dead end. (but I still in a hope for a calibrated display - it is really needed if you want to work on photographs - like I do) Already tried to lower the security bar and attached the device to dom0, and run the calibration there. The software is running fine, however applying the resulted (or any other pre definde/test) profile seems not working as expected. (no effect seen) Work in progress in this part -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3143c292-5973-5307-1b91-697255f94652%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Intrusion detection daemons in VMs
On 11/03/2016 11:42 PM, miguel.j...@gmail.com wrote: > Coming out of a discussion in > https://groups.google.com/forum/#!topic/qubes-users/hs2yapPlUVA > > I am interested, does anyone run intrusion detection tools within their VMs? Intrusion/virus detection inside the affected VM not really makes sense. However newer Xen versions has a nice feature: https://wiki.xenproject.org/wiki/Virtual_Machine_Introspection And already a real project using this feature: https://drakvuf.com/ That feature wound really make sense and would fit in Qubes philosophy pretty nicely. Another - currently implementable - way to use a proxy VM (as it is currently used as a dnf/yum proxy) and install your desired intrusion detection software there. Suricata is a good candidate for such thing: https://suricata-ids.org/ (I would just need more time and more RAM to play with such things ;) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/890bc090-fc22-9d91-b8bc-a8f55b1fa665%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration
On 11/04/2016 10:06 AM, Zrubi wrote: > Just found out that some test during an 'accurate' (long) calibration > process do want to modify (apply the half baked profile) driver settings > and checking the results, then make modification and checking it again. > Doing this till find the best results. > > So calibrating from a Qubes AppVM seems to be a dead end. > > (but I still in a hope for a calibrated display - it is really needed if > you want to work on photographs - like I do) > > Already tried to lower the security bar and attached the device to dom0, > and run the calibration there. The software is running fine, however > applying the resulted (or any other pre definde/test) profile seems not > working as expected. (no effect seen) > > Work in progress in this part > Connecting the calibration device directly to dom0, and installing the required software packages (gnome-color-manager) was allow me to calibrate my display under Qubes :) However I got different results on different devices: - Dell E6430: The color manager see tha LCD panel as a color manageable device, clibration runs fine, but - for some reason - I have to apply the color profile manually to take it's effects. - Lenovo T450 I do not even see the LCD panel in color manager :( It is working on Fedora 23, 24, and RedHat 7.2 on the same device. However I'm not sure if I was configuring something or this is a "Qubes default" issue. Applying the color profile is half of the job, next part is to provide the same profile for AppVMs. Here I'm stuck a bit because I would need to make the DUMMY display (provided by Qubes) as a color managed device. Then I would be able to "apply" the same profile. Here the apply only would means that colord can provide that profile to the colord aware applications. (Firefox, Eog, Darktable in my case) @Marek: Any idea how to achieve this? Without this I still getting better colors overall - but the real color management is only achievable if the apps are using the same profile. For now I can configure apps (at least Darktable for sure) to use my color profile manually. (BTW: I'm about to create a "color management in Qubes" documentation soon) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50b775ac-8774-a3d7-63f7-0c8435ebb246%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Encrypted Secondary Drive? (is it? Is it needed?)
On 11/09/2016 02:45 PM, donoban wrote: > > On 11/09/2016 02:33 PM, Gaiko Kyofusho wrote: >> If its and it should be (ie good practice) is there a doc for >> that? I looked over the docs section, and poked around in general >> but didn't find much info? > > > You can use any tutorial for standard Linux distributions like Debian > or Fedora. Or you can use the original LUKS documentation: > > https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions# > 2-setup > And/Or you can read the related Qubes docs: https://www.qubes-os.org/doc/secondary-storage/ https://www.qubes-os.org/doc/encryption-config/ -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c0a1fea-2cb9-d802-dc12-85438519075d%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Display Calibration
On 11/09/2016 06:31 PM, Connor Page wrote: > darktable and firefox can use a defined profile without colord. the profile > has to be in a specific place and selected as the display profile (with > colord option switched off) Yeah, that's what I called the "manual way". But in general it would be more convenient to just let colord do it's work. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efe9a902-8c79-85d5-a088-dc41a244428d%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On 11/15/2016 02:46 PM, Andrew David Wong wrote: > Licensing is a tricky issue. I'm not sure whether the Windows license allows > you to clone Windows VMs or to run multiple Windows AppVMs from a single > Windows TemplateHVM. That's a question for the lawyers. Maybe others around > here have information about it. If we are talking about a normal (OEM) desktop license you are allowed to RUN a SINGLE instance of windows VM. This means you are fine with running a single HVM instance. Because of windows OS licencing is bound to the hardware. In case of qubes, the hardware is a virtual one. Moreover if you are try to run a template based windows you will face a technical issue You can't activate your windows permanently, because: - activate the template itself One may think that this should be ok. and it is. Your template will be activated - but You only use the template for OS updates. Once you start an AppVM based on this template, that's gonna be a NEW virtual hardware which will break the activation. - activate the AppVM You can do it for sure. However you have to do it on EVERY startup. Not sure how many activation will be tolerated by Microsoft. Conclusion: Windows is not designed to be run as a template based VM. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd40817b-6a1b-06dd-4ea8-4939b13616c9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] VT-d support in hcl report
On 11/17/2016 08:04 PM, te...@outoftheblue.pl wrote: > Hi everyone, > > I was about to add my hcl report to wiki when I noticed that for some > reson it reports IOMMU as enabled, while to my best knowledge it should > not be supported on my system. As googling didn't help me understand > what's going on I hope someone here can shed some light on this. > > I have Intel i5-2540,Sandy Bridge, with VT-d): > http://ark.intel.com/products/50072/Intel-Core-i5-2540M-Processor-3M-Cache-up-to-3_30-GHz > and Intel HM65 chipset: > http://ark.intel.com/products/52808/Intel-BD82HM65-PCH) > which does not support VT-d. > According to every resource I was able to find, both(and BIOS) shall > support it in order for VT-d to be enabled, but my hcl report(attached) > states: > IOMMU: "yes", > which is confirmed(somehow) by: > xl info | grep virt_caps > virt_caps: hvm hvm_directio > as well as: > xl dmesg reporting: > (XEN) Intel VT-d iommu 0 supported page sizes: 4kB. > (XEN) Intel VT-d iommu 1 supported page sizes: 4kB. > (XEN) Intel VT-d Snoop Control not enabled. > (XEN) Intel VT-d Dom0 DMA Passthrough not enabled. > (XEN) Intel VT-d Queued Invaldiation enabled > (XEN) Intel VT-d Interrupt Remapping enabled. > (XEN) Intel VT-d Shared EPT tables not enabled. > (XEN) I/O virtualisation enabled > ... > (XEN) VMX: Supported advanced features: > (XEN) - APIC MMIO access virtualisation > (XEN) - APIC TPR shadow > (XEN) - Extended Page Tables (EPT) > (XEN) - Virtual-Processor Identifiers (VPID) > (XEN) - Virtual NMI > (XEN) - MSR direct-access bitmap > (XEN) - Unrestricted Guest > (XEN) HVM: VMX enabled > > It seems as if at least part of VT-d is enabled so shall I trust Intel > specs or log outputs? Is hcl tool working correctly? Well, as you noted the qubes-hcl-report tool relays on xl info, and xl dmesg output. If both states tat IOMMU is enabled: > virt_caps: hvm hvm_directio > (XEN) I/O virtualisation enabled what else can it say? If you 100% sure that this is a false positive, then we should address this issue for sure. However I can't see how we can check if IOMMU is really working? Maybe we can try DMA attack PoC script and try to break out from a netvm for example? (of course not as part of the hcl report :) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b54c71e3-fe01-afe8-477e-b61084473eba%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] TemplateVM Best-Practices?
On 11/30/2016 02:59 PM, Loren Rogers wrote: > Hi all, > > Are there any recommended strategies for creating and managing > TemplateVMs for regular users? > I'm having those templates: netVMs, Proxym Firewall, VPN: fedora minimal based regular AppVMs: Fedora, stuffed with all the apps I ever needed. Devel VMs : Fedora, with development focused things. Work : Fedora with work related apps. Still thinking of merging the Devel one with my regular template because of the update overhead. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e05ce082-80a0-e49a-0198-38a6092bdfd4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] TemplateVM Best-Practices?
On 12/01/2016 10:32 PM, Chris Laprise wrote: > One precaution I usually follow is not putting development tools like > compilers in systems that are meant for non-development use. That is the reason it is separated right now :) But in case of the actual Devel AppVM is network enabled (it is in my case) so an attacker free to download any shit - including the missing compilers. So it is only a very thin layer of added security - if any. In contrast I have a huge the upgrade and backup overhead. > If I were to merge any of those categories you listed, it would be Work and > Regular. In my case the work VM contains real work related apps that is only for internal use, coming from an internal repo. So it is no way to mix with any of my other templates. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cff51c52-65f3-0555-53cd-334739dfc403%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] qubes-devel, what are the rules for posting?
On 12/07/2016 03:11 PM, jkitt wrote: > Can I ask development related questions there? Or is the mailing list only > for core developers and contributors? (I'd like to get involved) > You can of course - but read the related "rules" https://www.qubes-os.org/mailing-lists/ Also worth reading: https://www.qubes-os.org/join/ -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48cf4431-2813-466f-ef3f-98178b63cf6d%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] use different network configuration for each template
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/09/2016 09:23 PM, Andrew David Wong wrote: > On 2016-06-09 08:00, Nicola Schwendener wrote: >> Hello all, I'm totally new to Qubes OS and I'm really fell in >> love. My 2 questions is about network connectivity. 1. there's a >> way to connect a switch with multiple VLAN in Trunk mode and let >> the templates work indipentently with a single VLAN? 2. there's a >> way to configure the template to use a Wireless LAN to connect to >> the internet while using the wired connection on other templates > > > I haven't tested this, but I think if your hardware supports > assigning the wireless NIC to one VM and the wired NIC to another > VM, you should be able to have two NetVMs. (You may also want to > have two FirewallVMs.) Then it should just be a matter of assigning > one set of TemplateVMs to one and the other set to the other. > > I'm having a separate WiFi, and Ethernet netVMs. And several proxyVMs for different VPNs. If you have only one netVM with all your network devices assigned, you need to - - deassign one device first, - - reboot, - - create another NetvM, and assign the "free" network device You can read more about these: http://blog.invisiblethings.org/2011/09/28/playing-with-qubes-networking - -for-fun.html - -- Laszlo Zrubecz - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXWmk0AAoJEC3TtYFBiXSvGCgQAKYcumgcBuC3yAAouvkoiOXv ooWggRnG27JMEiLKuI2Jkl2nKtU4lpRbZatUHql6VtwCGjMYPRZfY3Gp7O17zkHk Rqt/ZFPjQC/+Jl8JW0FHhBd9x3rZPs5SQs5qp6+Nc6JwGi7WLI16YYWC1nNOfRLU o8vsSBOK7fVeHhJk3hSfflS+lG8F1US6sHTRBZMwaEmXckU1ZMg7KBqIKgAS2S6F MnqNr2WxeQogVL4iWg2mNPEhZTBSsb0FYicJ8tiaYv2KkifXWaziwPm6xSt0hOs4 HBnl51I1xWdATrwah/CdtOxhN074W5tivFzVK5LApI9uukvCgeAV3ZeqfUwcmFed 8skMrSiNdAgYCfol9BFWi/qv40kLDE5GFqtufDKuMKpEmq8RtidSXV0CzFJolHFx SI/s+M3oqa5CBCb1JmayxvIGZ5WHcbfpNquV0d0ohPdRX6GRMbeOC/dHIJ6W4KGe AdDL5ajaEZ4qI8FtW6kjKRI6iUJwUhvT2kN3uLg2M/TzwBzlVVQBpzBDec9PPqr2 j4iKyrN4UtT/Wjq06o0WqI2QLQ7MvmMmlMNulUMaTc8cwvpY0a2hE24C/HBG7aX+ HgjfP2BVb1Rw0OI/lGZqiCq78yeRD8j1oFd76M56pcdCkIIZKB+w2eMDM5miOtKF FB5iO5aJCNvJ/6hfHd7E =cqWZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f31c4244-e0f5-8f37-4098-b8f9621e4683%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Likely that installing a second hard drive in CDrom dray would *not* work?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/09/2016 05:13 PM, gaikokujinkyofu...@gmail.com wrote: > I had problems with my cdrom drive, mainly that I could not get > Qubes, or any other Linux, to see it. I didn't have much use for it > before but now it is totally useless. Even before this I had > considered replacing it with a hard drive caddy but now I am less > sure since the cdrom wasn't recognized. > > Is my reasoning correct or since I would be installing a regular > hard drive and I think the interface is just SATA then its likely > it should work? Thoughts? (not looking for "guarantees" just some > feedback from those more Qubes savvy than myself). I was using such HDD caddy in my Dell E6430. So if your device support this (means you have a HDD caddy and it fits to the SATA connectors) this will just work. Your BIOS and Qubes will see you 2nd HDD. Using the 2nd HDD under Qubes is another question, you may find discussions about that topic on the mailing lists. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXWmz+AAoJEC3TtYFBiXSvECcQAJlwPqekYm/IPzm5uaXmXof7 HeAsMhaq8pHdXheyHpmZ2cXtR1uCg8v4+DPEQVMXAchTEX1ReThihpdvK8VsYaMW 6qRwYIJ3lxqn5u/hTO32CVJnTFooy3Llt6KnGxs/Nw7tOXqhXCzlm43EtWI4P1cz ubEmV7BZYTg6sxPxevygr20xOBo3Pkpvf/DeQba3zMgRcsaNN0eft9GpV9Dh0xj7 Mijoxmpqk0tn0XHDfdRyBy/2gOE0gKblwtXUOx/Fk1RIIuabOGXzmyWxpO/26e7+ paaeuvPlorE/0CqGV5s/fqrUovo4xXiE2wa6UbmcG3TX38Q4/vuhLSDTAOnj3sUr BSa0EO7l5YA5HLJjEJKRSH1kqEGO0aHxebpDvEr2qfErP4+DhPESkHaB/sDBOI8T DJp0pxTe1Ti/JFNQm06OEa07xjyEp3Sd/DVKhrBrtep5wyTtE89oJDEfZYYCg635 3tP8o43jeLftXJuEtPHruWiPCSz0DQQWMP/6KDUixnEFlVINcJpXhvoSMU9ShUzf jrNrotD58PHzAGzHSmco8K5BPr9vBzkkcbD40TpoY6ba5+DYlkxcK7wkV7pkU3qN BuUnqfI26Oc1W/8/7MYo1j1wF7+3KPElcvTH+AhF/JCla+mlI5Cm/i0vw0OYqKYy 00sGIA3YsudEyu0xz2+2 =elOm -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1007ec44-698d-79c5-b216-a314b2c7ded3%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes-Cheatsheet user feedback request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/11/2016 04:35 PM, J. Eppler wrote: > Hello, > > what would you change or add to the Qubes Cheatsheet? You should update the qubes-hcl-report entry according to --help - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXYlCCAAoJEC3TtYFBiXSvYCkP/1YeSpC6DkGNo+Rc7UF1ruTW 2jzN+N2iyzZbrfz8Vr/pjKBLtp/sqHYpnfJXAQU8R2LhGBzAKjhO0yvfNaQGwRe6 M53gAsjgjlb/4raW1SAqNzXQWifC31IM6g3EMP7Il3DNgEUvWdLqpt/4MJlVwp1L OwwiNkPH2Ep+CGWzoQtz/1II9W2BeJ+3Th2Zz5JfkOd4bDf44LKPR4pWLl0RjlKZ U/UwdWyx4vNhhEZSOWMLfcLxr8ogTsdjLBW2/i0HA9wxZTpxdRqAQ8RyUM0TTKDB nn2X6yv2C7dym9jl3pLznl72hLgxPuvCVcqeBPM/MZmq1Xdpjm9Xfp0NzUO0g/6i 8nOpIRVkMgk6ZuDjLHIwUz3CcGgwa3KfVBweHWRXeT2dIykTNEeqk3gPxZ+PCAdS Qoa3ZC9zB03Elytj+AdJa/1LMhI0H3zfROlN5eX6pB06dvjrlqtGjoDQNouDZ6nx r0NtBpRCaHw+GCakAiCJgARB009KEjU5iSrsB3F/6xgZOEA7YriT/Nheg48vNSOq meoJeyOxRAPkTYrBq9m6dYbcdi/v1SHGWdxOu2ZkIZ+A7GU6VyoLHlP5dXvKEV+V ho+Hf5CX2lIyD5IuOYWg4WOBVj7HKrzbJTs/V0QcdcHH4X0xFy+q87JReeo8ySkl AIPZeo9NhVERENgVOrrj =3efV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/78509251-8736-578b-d5a9-4b0bcc952a9e%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] no bootoption for windows 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/16/2016 10:38 AM, stefan.goenit...@gmail.com wrote: > So you think any encryption will fail, when you spend enough time & > material? https://xkcd.com/538/ - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXYmZ1AAoJEC3TtYFBiXSvZ7MP/i/h2b/9Txkl2SCf5NJXGy+x KSAJCO5J/3WK1LryJwUzvUetN4QtjpVeyafvMiky/R8OfYHw+znP6icHf8Oh/0Q9 tJbI9pOYYMELYczylMnmUWsaGUV8tP+gBjDSckHFE1I1kHvHu+x2dNFcZDdWvozY og9l3WMpywgZE3maWCGZIQ0hnYfx77Mmju9mV1NHemdw4YoP4CGMhd6hWf8pS+mV OqhMVWHhPxzAdHI9CjW/DfK1jUkfmCKYg3PtFxBgjcG6yi5cMKv6+3kZEBoz10qX i3NoS9MUTSdAgpMYDzBvKAxqxyX49wMovBHt3Z9TudrNflKWIW2C5dYC2MaoTo/N x81pD3DGktY0Z+FY7WazcM63XNOC3TyK7bWzMtfiRIwdQbyoxc7eDSGgoX0ZXQiC L6ac1d3V7X5hqokNIXtNOEIBl01Z87Sj61ubdoxqIb+OYJAhMD2ngfWDFtskHOSE BwmLLjY+TEP8k4+sS6Lsov9zcFBUQDvRorEEJJttEcz8r8enRPaQhrTIDMx52Egp XAGxlRMWL6SC1d8P8TnklujvOf8pg2tDdNzeTOILNDkGu3c61cPqhOZddd2xGmXR IMlyuyekHk+ir3lgGyxPQMnEAhvykIBVLlbdWqryXkx+7mvYMQiY2gGNxWAQNXXV 9L8l4+AHFkLzXExueL7V =DKth -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a30c51cb-9336-72a7-6f0a-87fc3aae9386%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] i3 and nm-applet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/16/2016 01:39 PM, Niels Kobschaetzki wrote: > Hi, > > I just installed i3 and the default settings delivered by the > qubes-team are already quite nice. What I am missing though is > nm-applet (at least for sys-net). I know that I can start it from > dom0 via "qvm-run sys-net nm-applet". > > So I tried adding exec --no-startup-id "qvm-run sys-net nm-applet" > to my .i3/config but it doesn't work. I also tried exec_always > --no-startup-id "qvm-run sys-net nm-applet" to my .i3/config" I > also tried both with /usr/bin/qvm-run > > I had the applet turn up once but that's it. Since then nm-applet > won't autostart even though sys-net is started. > > Interestingly when I start a VM which has another ProxyVM attached > for my work VPN the nm-applet from the VPN-Proxy-VM automatically > shows up. > > Any ideas what the problem could be or how did others solved this? check your netVM Settings->Services tab. Add network-manager if missing. Reboot the VM. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXYpmiAAoJEC3TtYFBiXSvDDcP/1vA7sVXA/AG6Y6NLe3WFcn4 CK81g3TNDUt4Nf8401bKdHImB5LQymjuzTaDrjgxWdeiFkrdl6v8RGFF+krDX37M nkLHFIKJrBfB00fMsDoAw1BytadP3Ev0jkJC1N3HAEEVVkxNfFoP4WTu16KuUeQ2 XijHVWo8GZFZa6rU50nSBYYSG7gFg9y1aFaVtAzwybmsmRVbsmOCO4SyQxedDRq3 /dguGxocMMEA+xHCuvvyBSg/tPAeFsACpL7kWXToeJqsSS8CoUKtV6ci0VUGUGww yVQ9MgDDGja9FiOt4MZisMVPtscwHV9iCUh0iD4l3HMuIJqDI3ns63Y/rVRV5fJY m3wbT+GXYZT+ihhM7kvq4QcHa3U51e4zaRDxTJ1HAVIl5Vw7KmSBHkqD+L66kiCS L/tj2z/EW4UNatG0yS4mQJQx03OVMK6QZT4s60oU16EVrTonS1kMRRpMfpljbJ1Q Dtmm1pgwWq/K6x6Iu0XwZx7Y+ifK9n+xpgJfQ+bURQeK9iZqtiW4enqbGpnXi9CI 8hBB4+DSPtdsO1pW2utfmNPR45O+7L3SvmltfreWyLJplrWZOLULQbHpJ8C7/yYJ 3n0tfkZVTpljfbYAFOhe7UsNzMFKDMTq4uDvR5rrsEHVC8qoUg9vmss8GeOt6kxT KrKEKWFFZfTYkLkRhBHu =e9eu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f8d627f-e225-8880-7493-c0712679351e%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes-Cheatsheet user feedback request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/20/2016 02:48 AM, J. Eppler wrote: > I assume you mean the qubes-hcl-report -s option. Sadly > qubes-hcl-report with and without -s did not work on my system. This is a know bug https://github.com/QubesOS/qubes-issues/issues/1994 and already fixed by Marek: https://github.com/QubesOS/qubes-core-admin/commit/7c0f5a4be682866670ee0 124c5655e97aa3a2982#diff-271a81f4d91fe1172e89e3f192a0b7d7 But it seems packages are not updated jet. You can apply the fix for now by hand it is only one line of change. @Marek what is the plan with this? > you can give me a more detailed hint on what to update? I guess --help still work, but attached the output just in case :) But in general the -s option is added for detailed support file generation. By default (if no VM name given as a parameter) output file is generated in dom0. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXastQAAoJEC3TtYFBiXSvB30P/3R1qX+y/0Q4Td7YQhKiQH/e a+ok/eTT1i7DY6RGSfHUB72l0JBOjtwg1q5NCgLyJ3e2Kh1M7LJrOydRfyq0nrN3 BTlEy2l8UdYHMythqEwYgl2Q833mdmqP8jUOTVDZ8w1ZAY22f3Qxw9AePv/P7ic1 WmZaFQxeOk5DZ5qBblPSdKELyRQrEERBVRYspPZ6jXpLmhvl4N3K4XBCjnRy/f0E aYRSlYfkD6Zs2DltmOPGEONps9QgtU+/ORYmTBKkj3xWlMbJp1y3uAa5VSoBAx2n S9j4AmR6U0nOUFa7xFyXXjG1NeZ7dNR57VPD9pNESVILaXh87csSzE8suf0xkA1e ueZv2ZFjuAUSRry5BJqQ1jEYceFjpAWPYTIHowiE31ltNj48gGzB8kN+qvcth/Q2 25kp4d/9Rntj+ZMYlxae63hZDZiLdqiyCocLE68gqENPedqPAldeoU1raC0yTSSf Kq084WMaZaXuli3mEh9qQOFcQ3C5lPXXZDDi+9yRa3O3gN7ggJatNAWBtAIJ4CU2 MO3mB8CaEFvZ/hN6RzyBBdLZkWvv0nuBO+uv1I8uOiQhhzDYeceXeemVMHinSk/f NCllhvDhAnrHUOaghHQ0tdV0WnjcAyV7s++08WMrCVHdKBchjcmkzml/vNaqaVBe hu25wY8CpICeA+deg8FJ =v1bt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22d6d27f-fe51-7c39-fc14-fafbd15af2a9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. qubes-hcl-report v2.5 This tool is used to gather basic hardware information for the Qubes HCL (Hardware Compatibility List) and copy the results to the given AppVM for the easy contribution. Usage: qubes-hcl-report [OPTIONS] [] Options are: -h, --help Display this help text and exit. -s, --support Generate more detailed HCL Support Files WARNING: The HCL Support Files may contain numerous hardware details, including serial numbers. If, for privacy or security reasons, you do not wish to make this information public, please do not send the .cpio.gz file to the public mailing list. Copy the results to the given AppVM. The default is to keep it in dom0
Re: [qubes-users] How do I install packages to a template over a VPN?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/23/2016 06:16 PM, Chris Laprise wrote: > There is an issue with updating a template over a vpn: The > intercepting updates proxy normally runs in sys-net, which can't > see inside the encrypted vpn traffic. This may be a cause of the > problem, however it should really only manifest if you are using > yum/dnf; Programs like wget should be able to access the net OK if > you've set the template's firewall setting to 'allow...'. I'm usually commenting out the yum/dnf proxy for such templates. in case of fedora 23 /etc/dnf/dnf.conf You will find the qubes proxy related line, comment out that line, and the update will be successful. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXbE+JAAoJEC3TtYFBiXSvl+IP/iL4KkBq5/liHyKfS0KlTcCv 8PsiLfIZ901cWDk/oTZXtUMO0IPhdx4Jm0RYYe4TOqNGyDm5rqAPx5BOTp9Voixp 4Y/Ecxfikp8ZwsK/xs07UorL3QNnFRzgrM5zk/AfJ8ztyDwXsYQ3MBP6h1HA78Zf I5d4OSJsMPXCIL8NX1sMOJE8qxwnWbCTnFVSYdF8R7PwCBlQyla8V+zOHXiJ0AaK 8bfqE/xw79SahOhs7RTYRykGtbswdjD8JxKGSoHPBK/MozkqeeBBQZ772XBORFxZ y5ldAgiQJDb2MvIXHMzP+UnB8DYpOjOwKo8/xdXEq2O5mSgoC3ccqTkIbP7HhOxA MwEBzSsz8e32c7QVaZK16mBdh4mrTIJk3hI8ARJR1GkE+OIQ4Vaf5/jJjCjsgRGh M2809aLRr0xJBPddoA20NbVb0/8jmafaD9NNmWZSYdZG4NUvUMM8tZLG3fkDWXjo qWg0Qp7EZscvWARNObMuD35Peek8p0N294y37WdfhpYQEnvlDfMaIxFqP/egYOjv J4s7McN6EN6ZBFUOe8RpRJKL6ZckkWCqX4GBInk4eXGVjfPguCkeElStDZBzVjC/ ReG9LL7RThblU6X+ikeqnhKDALiurXu7qR1pojSipYyNRLZ7YLzyXy/DJ+lum8kO y3wDi9k3kC5ADL03Yrif =4xyN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c131abc4-3f49-42f6-b9aa-3a59c439bd3a%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes top priorities suggestions for me as an user.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/05/2016 10:38 AM, Franz wrote: > I fully agree with the idea of respecting user needs, but why do > you think gamers are really interested in strong security? Only > because they spend money for expensive computers? It seems a poor > motivation for me. I'm playing games - while interested in strong security. That's why I using Qubes on my laptop and running windows (as a gaming platform) on my "gamer" desktop :) But I would never ever mix the two. Not even with dual boot. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXe4n2AAoJEC3TtYFBiXSvRuwP/A637kHTTdnY7gkuJ2IIStNC DJ+c5rav6BzMgfCZlPJsE0bkOOTYp6h/aHzhE3f+d8fQTEINkWmclp1xjVK2hp32 X36GoadmErrt94jticCtKWZzEVQhCtE32xBKONsRgl6uc2Ig6R76bMreBj7R1JcH GEGC4fY0DiF5MTedHkaULpKgNvdt8ayIAdtqWvOZT/rNoHpUVImUb7SVNh5AtmiL 9q+vpc1bORnRZy/BlENayeW3wzWzhsfurYUXXAzG69aPQXDf+wZgOpjRF1wLSpHt IQ5yigOawq7Rk+FpLsgChvRDcu9PZmcuv6JtBUlaw4o32y0Ghq1ILtbszm1+4XtT NnliW+t1Cay/4MBIyXbnsWVEG2kzVpJx6UglpzhqIVK5jUUnb5dUHYPcP1c90/tr UYk3zyeA8fXhhNhkdlJJR6XPY4TslcK9Ne/uK95JtXWq6QgdPyoYDKVCuVYo5hpJ JdHOtYrZlXFyzRtx9ly2e1EzPvNlZaeszthyU+No3lAh3rUIF1ni0TErzKXGB1Bq NmhkjbFCISvMdaoxeV9zc+ZYnXRSluJq9gyv3XL2fkeoQy3tnKSI1SPXQlvMTRkx AvHxaWKryICXW9w9n7XMGB7Dcvc1LPNV/BAf73uUlafsx7h+XfxE8kTqY8/lWTrv Nejzf4uerTet73dzugGI =V20z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3309f91-d2ad-a517-b3e4-089ec1a93f62%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes top priorities suggestions for me as an user.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/08/2016 09:54 AM, juris...@gmail.com wrote: > Ah and just 1 more thing. Dont forget that a large part of users > has FAMILY that uses the computer. And family WILL keep wanting to > use windows. And wont allow people to change the system if their > fully working windows is not there. If somebody is happy with his/her windows/MAC/Ubuntu/WhatEver, then no problem at all. They should keep using it. Qubes is not for everyone. Especially not for the "happy windows users". First priority for Qubes is security and privacy. On windows those tho phrase not even exists. Maybe that is the reason for the Windows users not even care about those as well. BTW Windows itself is not ready for Qubes. It cannot be run as a template based system because of: - - legal shit. Let's consult your windows licencing expert about this. - - It has no real file system standards, - - Moreover don't even keep any standards. - - I is keeping all kind of thing in the registry. These points prevents it from running from template. Or at least make your life really hard. And it is just the OS, then we can start using software made for such OS ;) Most of those are unable to run on a template based windows because placing it's shit all over the system, including registry -> they will not survive a reboot and/or messing up everything. Only the real "portable" apps are compatible. Ohh, and I'm just a hapy Qubes user - for ages. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXf2GjAAoJEC3TtYFBiXSvqCoP/AiL5a2pRcBngzUG54WBOq+s bMh86xkOPFjD+Qb7uhumnGR8lPlE/CBus7TbWppyV6Knil26j7QgJODpIHqqhm07 YM5uQ7J/z0bgHcIq/hubc3MD7ZYxEXLhtRpqpK8SUPPy6pyjF019LwMyesSiXRCm sVfuOeFU+hemZo3SxmNmkmF+2b+g2PovRtpX04qJvuwK8L+aGg9Dcae17Lg/u2V8 YRBZBE5EJEow7wRZDWgZ7xlDk2qCN7FtqO52iIl6k9+bhw6Gy/iRLYFxq2Vd/Mhj xokQ5kmo2tK3w0gbzQxpkjMMHGlt0mFwpLQ14iNaHLrySwII/wRUSEcpl6LugXiX sQXZvwklDF1k+3Kc8SKirMgMWObq/zR6gLypTUVAsRak/+NGwtenbnUkG+fU9g7n DlZLtmMSDwWbP77ecJbrRq0xAp4k4jOiJjnZr9EsuGpEyGKd0tEEC5e2ivNyRcYP mrPacgCiUwTcR6l8FLM/BU5Ujlwda5oLnpKeEUFcT/OwF2YB5BmFHeoFzBpCNC2p 5vJYelE+0sufI6Y9Wmgt6pHOMp6R8JV5j8bYs46paKwXTc97BrJvLtPiJS8Ni2xy 3BoxMJuy2RMqtXYMdcKXYSKh5mKydVgznFbWSFOaN6qbVKRQ12bEfSJidky76lKd ed9yLHLGj0c6FbKrz4F7 =HkUz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b34947f2-45a8-76dd-ba93-ab02cb6ca264%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes top priorities suggestions for me as an user.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/08/2016 10:40 AM, juris...@gmail.com wrote: > Em sexta-feira, 8 de julho de 2016 05:17:54 UTC-3, Laszlo Zrubecz > escreveu: On 07/08/2016 09:54 AM, juris...@gmail.com wrote: >>>> Ah and just 1 more thing. Dont forget that a large part of >>>> users has FAMILY that uses the computer. And family WILL keep >>>> wanting to use windows. And wont allow people to change the >>>> system if their fully working windows is not there. > I did not like your tone and i will take that as an insult. Sorry to hear that, because that was not my intention. However I would never talked to you that way you did. I'm only referring to your sentences like: > And family WILL keep wanting to use windows. And wont allow people > to change the system if their fully working windows is not there. > 99% OF PEOPLE WILL NOT INSTALL AND ABANDON WINDOWS IF THEY CANT FULLY > USE VIRTUALIZED WINDOWS INCLUDING GAMES Those people will never ever be the target audience of ANY other operating system. Because they not really need the SOLUTIONS that Qubes can provide. They already sacrificed all the things Qubes can give: Security and Privacy - in turn they can play games and use skype. And all your thinking are around windows?? A commercial, proprietary product of Microsoft. - Who the heck cares about that thing??? (I'm also using that OS anyway, but only for gaming on a SEPARATE machin e) This is an open source desktops solution. If ANY would care about running windows under Qubes for real, why not managed to get a team of programmers to make that work?? - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXf4ViAAoJEC3TtYFBiXSvKAcP/3adVRMei3RDo4Ji8F1b7gsm Ldp0QdsipTGTosVIQ3ea+ucGnYwHUWrENAVL9SAOPCfGcu7Q4MOlbyAwqwy03eU/ vdN9/dSKLs4m9sfcS2tl7rvKsyYSN93kIKRGK48SsLmu+pQP1jXQ2Q6pltjGUg2y wLEGU42bkLu2eFwV3XGEhCffbpWUPr41xGQH0nhj4HCUNJgVQUK6cve/hWG/Y3WT wRX+n59EFt9N9Ot4dgKVYyWd79yVwtTr08cAFrNl7PaT51qQc+asb0CDac+sJ7FE 8HGktDt+uYiYsLqbjcsxsvLvFE3pB7LzR9FBS/NLCEFWnLlqz1x5qTkxZeFhrESC BfkoFFCOrVeTVtwdpe0Q1/VqVeSdVGx0bLWDQDLuQQVLiZZFW8I6z1M6qnNSOpA6 rZ4VsI+2O+xL239rM3Z2yA3M6odvDCHFRoWbD/be1bWZzwe1Kh/VUC/y8LN7zi5u G3cZLNzxy/GSpEFrmMgfKxvyI19/YGvvO4P4icuglsjwsHMNpaO0IU8KDaSgRJn+ 3mHOK/8odIyJYh8bgQtYtA2S92EzwOaRxW2qwjrOxfr4DNqyRYKLRiP0W2f4cvQi t4E+TF/qrv0td4utlVtBDw8smOPaDaz7koW0Sbb90kxfujN9xmEc84cgcwRWBGkH kYTtnzJEf0UKXCKDRGNv =0d0k -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59f8e8e4-dd3f-ffa5-8a11-9328470d2cbc%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Buying new laptop.. What check should I do in-store..?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/13/2016 02:02 AM, neilhard...@gmail.com wrote: > I have QUBES running now, but my processor only has VT-X, and not > VT-D. > > So I'm thinking about buying a new laptop just to get VT-D. > > I want to go into a physical store and try out the live USB for > 3.1.. just to make sure that everything is working before I buy > the laptop. > > My question is... what checks should I do in-store..? > > What do you consider a full list of things that I should check for > QUBES compatibility...? qubes-hcl-report should collect all available info from a laptop. Not sure what version was included in the Live image, check the --help and be sure to generate (and gather) support files as well. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXhdmJAAoJEC3TtYFBiXSvbNsQAK7PIh7YmqLbCegCO5UB1zjo DTyXJ9hzYcGzhhfDyLjrjxpT5u2KuB9tWrIcTlKV8XmELbEh2wbUpCfq8s3Dn7E8 +JTTVPEbUz+vtcqqXz13QP1aCVea6hr5ZrY4/+b2dnvMkq3lHBEWaf8p19Mz13BX aQs0w73alihS3fy6sK6/rWJnaLoZ0ztzzGoeSAVIjW2l2L2zRd/EErMxHXEg8TLC DQsrW7N2HBC9Pd3cH10a2Qjxo4YoijiMQFSXFaM8wzttYPILgY4dtDwbs6oJrwlz I+ptu3vFrs9DWrGcH+lK51yBAAdfg8DmvcDnVuGEWqStzdCNjHwuS2cYyfX8J12N RP19PoMoSwbJGpAU8gXyRURP1bNVC71hFKndHwN5lJEiA+iYQqAghcWWJVfqWCFP Cefx1WeUQ1X27umdkjjLAa3OxKPQKsqphF+8y1TIm1YXGBmKtsDAh2dgF6nu22VC /0p1BwsK8mxRd9HsWe+I//9/lvDoqBABChBCFUSP/prH3TRFpxpFVWV7VVe/jFUd 0Y5RGFWfCPtjfpJTII8SX+lF55+w2wmU6VkFAwUMM9nGHAfUNB0x6i4qthaXlTXw HaFg2T46z/NFkO9FOcO1kmRaIzrcKqtbH02PkeI5Bipq9RjLBYvh/FGONvEliMl/ ti7FbK8iIFg8UuPNby7s =wA0U -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46ac1f1a-4428-2b63-11b6-e297161d67a1%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Newbie-ish question about networking and firewalls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/14/2016 05:54 AM, qubenewb...@sigaint.org wrote: > It seems pretty dangerous to not have any firewall for sys-net. It has a Qubes default firewall policy which is deny all incoming traffic from the physical network devices. you can check that by issuing the following command in your netVM: sudo iptables -L -n -v > And in case I want to do that, is it correct that I should do it > by installing ufw in the TemplateVM, and then enable it in > sys-net? Replacing the Qubes firewall policy is not straight forward and I would not recommend to do that. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXhzPYAAoJEC3TtYFBiXSvh9sQAKdtAQph7pux4ZG0yCtpN3c/ b9odTOc8Q3RdTSxzvUCHWvgA7yXnYfgWug1V17Gu0iDDB+zFAtU3+JVJabmwEINn NN6B2k1IOSJAQ5uE+D4Jo+h8MuGbe46n+DIl9WbVpOA9Ynrlur6qDfSJgCNjh6ev MLNbMPHyba85m06flKk1k3NnO3CMayyf4RguDvUqEj/p8q6VPXh8SosdYlBf6Dkk 73EBVVoR1H/j2cCSKrCVOSXuppBFL0mW6RFPmQMzrmUDydNuqxhS+157/BT+2YsA T97qG+ldvaKBv+1gzT7pIZpUIiAdTycIvqidHpGM00TTq99DEZjGQu7/GtHHL9Jq lrIk9ANc2zjRqvvAgmD+C6PoUUQXkMcGoehOWYNi+bYCRjZAlLVOB7aB42cT0jaW 4w+BFpyj7j10npj8P/OdyOWXrPV83G0ynTUHkvqi6hrTdfcnD+aboGRpyqg3gNd0 th3MzpBiS0a+EVDI6E9sbbCNNOvI2dUxI2aL2bPG6y5Dvt3eh1eyAyvKe2YIZKYd weuOcn0u6pIwTed6XsLWz9M986HMfyEw5854CLgG4tyrvMKRacwqH+kEuLsdA0/s djsETTDP0Uw11FYLzZ5NOUJdplJcnN8hUXkfNy8r66gzQn203cI8JjOYCi1fBrzM bw+q0zZ3ej5Uq2U33SsR =KTRQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ffac22b-0940-c8d5-cbea-81812ffe2149%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Live network traffic monitor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/08/2016 01:16 AM, admix...@gmail.com wrote: > Hello, Sometimes I see that my computer sends sth to the internet > without my interaction, maybe sometimes it was cause by something > like auto check for upgrades or something else, but I always wonder > which VM is doing that. Is there a tool or is it possible to do > something like live (graphics or not) monitor. I mean usage of > network traffic and (if it possible without additional security > risk) to which host/ip and port VM is sending the packet. Of course > for each VM separately. I'm using iptraf. You can run it in a proxy or netwm to see all connected VM's traffic. - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXqCdcAAoJEC3TtYFBiXSvGroP/REY13xThAhfjN7HkGGXITLi KJfcGmD8kAHDERD4pNPINRZucKvTTY2sMiZXgEEmCMd8cQRm7iCoBoz/JrLAMiVV dOyyDQJU7/R5ES32mAjp1ecEs//Ox9LX130Ffu89MOF6be7FH2JrcNmo5FoogFzb AdntLUVN08gk+xH2P4ftpmmfjk80j+tbZOQP0FH0Bm1Ku6kni7iRKMBjtKqHfYOY aMiu1Pgy0UI1D6k1q6VyXybmXoTmAw998yF8j/q1UMAJ0Fk2Efc1PRvqQej1beu4 ClD8GC52Pbjl9BZ4RJOSje9ZQxLVOPcF6eyPX+hojzLlmtmbOGtRWXdmKr+LgkPV 4d0lumH5Vhh0iWOF108iG9UYGGeBoLpg0KGqQ47FKA0T+B+EE+ykSmRwrGGQQmLX a34mascQI0lXaWowRGpxujrB3C7UYBP5sdIoAxgV+jqEIU2B9SNBIWP4PVN21G/8 iy6w7ox3iDYj0i5TUBYbittm/GYhH2/Tkrc1GkKEqvSYrGgDw80ZIS3hEvO0uUbZ We9AWrySOaI/CtFY0ipxDqMUeqBIC+IE7oZiAqNZyohqPsoWmmhew2A47kAjRoSk WtboYz3Dq5FPvlrjzlfCUommSOEckNXleaTYKJuXz3XLtDlGjyP9Ltipa6txVPax +/sfF3JkazB0hAzErfBt =+7jl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ae021b3-ae7d-6dd2-4ea6-4e55cc4579f8%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora Minimal ProxyVPN template?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/05/2016 04:39 PM, el...@tutanota.com wrote: > VPN Services usually offer a number of different sites/cities to > connect to. I am trying to set up a minimalist bare-bones Fedora23 > template that I can base all of my ProxyVM's off of (via cloning), > such that I only have to change the .ovpn file within each Proxy in > the /rw/config/openvpn folder (and name the ProxyVM accordingly). > This would allow me to choose to have a quick way to easily have a > distinct proxyvm for each appvm that I can change at will w/o > taking up excess memory. > > Does anyone have this set-up (or a better idea)? If you do, care > to share what packages you have pared it down to? This is not what you are looking for? https://www.qubes-os.org/doc/templates/fedora-minimal/ - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXqChmAAoJEC3TtYFBiXSvD9oP/ibgjH+3FiTZ3siMoAw7DPmo f7wslWHaFQTaaXCxgcOpqYmsmfU58Ce7tHiPFA/XCqq/wXghEB7h8g7E0GsUAaVx bH0LbHlsxRvXnXz/9OGIgGndipoJXH3HV5aI+8klZY9/8Tj6VUeQ4bhXT/cRyX08 JHGIPelJrae84dSmFsTfjehF8Z9Cu+W84ugiUEUg9xz11F5sDMF3QpxtwuOhkfuS Kaf9TttXY7O+M+yzgUN+JEe13xlEI49U0AA/QSPiR651vkwhJhzHkt2s5T0bHES+ mbnygZJVrwCNanPmHRR5yiHtwJJPSnz4l+F+uu3qjkp2V76UeRz8qUbmXVReEYRp F9pakAb712iV5eqIVdKDf7rFNW26p+Sb1PRGCdMoziCfgJ5kLgNK6Tm4hv0LZKv8 6QMczvJpYLABUypQAnfYXvo/RZHBfsepeOqm3M8NrzZ/+MlovIRWqp9g9MCf1u1d GyYbivaCjtha32+aempd/dv9Ax704B2PTe86WKBOl0Jju/y7cJGF6vZYJxdLxHni HVjd7kyBvPK5JK2fNApMgK+g+Z0Dc/2U9zOK4EtR6YA370Klxq7EQurbEUtQ+K61 /cJTO2M9gRmYGLZ09vD3EG7NKrTrdwfqRnV+FmL8wj16gZijnJT0RBHlbFMIDfPV Xi4Z4wSnDjbp78bnttkb =k3Qr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16453c37-c1d0-949c-04bc-bc3e8fdb3dcb%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] multiple display support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Multiple (2 external +the internal) display support seems to be broken starting by Qubes 3.2rc* At least for me it was working as expected up until I upgraded to 3.2rc3. The problems I have: * display settings are not saved. - under KDE it is saved somehow, but have to be disable composition for stable operation. But still not always keep after reboot :( - under XFCE even if I have the same session if I detach then attach again my external screens connected as disabled. I have to be move around and enable every time I connect them. In this way it is completely useless and broken. * panel are not sticked to my internal (primary) display. Both KDE and XFCE behaving this way. My panel gets replaced to the most left display instead of the primary one. Really annoying. in previous releases I also had to disable composition (under KDE4) to get bug free multidisplay support - but at least that was WORKING. It is only me or a general problem? is there ANY workaround for those problems? Thanks. - -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f507f8dd-66b5-5d61-7e82-34f43a308f62%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] multiple display support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/13/2016 10:02 AM, Marek Marczykowski-Górecki wrote: >> * panel are not sticked to my internal (primary) display. Both >> KDE and XFCE behaving this way. My panel gets replaced to the >> most left display instead of the primary one. Really annoying. > > Can you elaborate? You have multiple panels, one for each display > and those are mixed up, right? I haven't seen such problem, > because I have only one panel, on primary display. No. I have only one panel. And wanted to stick it on my primary display. But whenever I attach an external screen that single panel moves to the most left one instead of the primary (internal laptop screen) But because of the other (deconfigure) bug/feature i can't even use Xfce without major headache. BTW I'm using a T450 with a docking station. It has 2 attached external display. So every time I have to remove my laptop from the docking station I lost my screen settings what i really can't tolerate at work. (I was using the same setup with a Dell 6430 with Qubes 2.0 then 3.1 before - without such problems) - -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/517f1d41-fb26-677b-f8bd-3cfda8207261%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2-rc3 is awesome...but where is NetworkManager?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/13/2016 11:55 PM, georgewalke...@gmail.com wrote: > I just installed 3.2-rc3 on a Thinkpad T460s and it's great...but > the NetworkManager widget is gone. It is a known bug: https://github.com/QubesOS/qubes-issues/issues/2293 - -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ade6323-b58f-d90f-f845-f5afd7f681bd%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] multiple display support
On 09/13/2016 08:44 AM, Zrubi wrote: > Multiple (2 external +the internal) display support seems to be broken > starting by Qubes 3.2rc* > > * display settings are not saved. > - under KDE it is saved somehow, but have to be disable composition > for stable operation. But still not always keep after reboot :( Started to investigate this issue by: - resetting ALL the settings in dom0 by removed all the old config files This gives me a state of a clean install - at least regarding the dom0 GUI settings. - the first time I attached my external displays always failing resulting a scattered display. If that happens delete all the kscreen settings located at: .local/share/kscreen/ The workaround for this is attaching the external display BEFORE boot, or at least before logging in. - after successfully setup all the external displays I copied the kscreen configs located here: .local/share/kscreen/ to a safe place like the ~/Documents folder. It seems to be storing all the unique display configurations in separate files. So for me it was one for the external screens attached and another one for the single internal display. Whenever my display settings are lost for any reason I checked the directory above and compared the files against the saved ones. It shows that for some reason they where changed - even if I was never touched the screen settings. For a workaround I just copied back the files I saved to the original locations then reboot/relog and got back my working display setup :) Since it is a local user settings this can be done automatically by some early X bash or KDE scripts - but still have to figure out the way it works... > * panel are not sticked to my internal (primary) display. > Both KDE and XFCE behaving this way. My panel gets replaced to the > most left display instead of the primary one. Really annoying. This may be related to the messed up display settings. For now I haven't seen this issue as I using the workaround described above. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6fb17ec-f396-414e-2a55-3b85210950b9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] PCIE gen 4 m.2 cards supported?
On 11/8/20 4:38 PM, Stumpy wrote: > I was listening to the ubuntu podcast and one of the guys there > mentioned he just setup his new computer with a PCIE gen4 m.2 card which > enabled him to run 4 m.2 drives at the same time, he also squeezed more > performance out of it by doing raid 0 across the 4 drives. Theoretically, and in some test cases, maybe... > Asides from the risk of loosing data, does/would #1 Qubes support pcie > gen4? #2 Is is possible to (if the hardware doesnt support it for some > strange reason) to do raid0 across 4 drives on a pcie m.2 card? Not as strange as you thing... as usually those RAID features are meaning windonws only software raid. So in practice, there is no (or at least very rare) hardware RAID on a desktop board. on Qubes (or in Linux in general) you can safely relay on software raid not the one your motherboard suggest, but what the Linux kernel (even the fedora installer) provides you > I am not in a huge hurry to upgrade but when i do i am keen on getting a > storage option that will make my qubes setup fairly fast and i assume > that with a super fast drive setup it would be able to sping up appvms > faster? In practice (like appvm startup times), you can't even tell if your system runs from a SATA SSD or from an NVME m.2 SSD. Imagine the much less theoretical speed difference you may get using a PCI gen 4 device -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a03bcf8-9e7b-c98d-da5f-56bdc5dac9b9%40zrubi.hu.
Re: [qubes-users] HCL - Lenovo Thinkpad P52
next_to_use <1> > [ 21.104136] next_to_clean<0> > [ 21.104136] buffer_info[next_to_clean]: > [ 21.104136] time_stamp > [ 21.104136] next_to_watch<0> > [ 21.104136] jiffies > [ 21.104136] next_to_watch.status <0> > [ 21.104136] MAC Status <80083> > [ 21.104136] PHY Status <796d> > [ 21.104136] PHY 1000BASE-T Status <3800> > [ 21.104136] PHY Extended Status<3000> > [ 21.104136] PCI Status <10> tried with kernel latest, and kernel 4.19 Can you give me some details how are you menaged to use it? Given the fact that - the external monitor not working, - the CPU is mostly around 90C, then the fan is always sounds like jet. a I'm tending to throw away this crap pretty soon. :(( -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82a020b9-158b-c34f-bb9d-740af17b6a59%40zrubi.hu. OpenPGP_0x617D70488F0E7BC6.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] Re: Qubes Canary 026
On 3/11/21 1:06 PM, Andrew David Wong wrote: > Dear Qubes Community, > > *Note:* When preparing the announcement for this canary, we discovered > a typographical error in the title (the canary number "025" had not been > updated to "026"). > > https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-026-2020.txt Aaand the correct link is: https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-026-2021.txt :) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86b0f5a8-f97d-fc23-4599-8f5f96afc41c%40zrubi.hu.