Re: [qubes-devel] Automatic incremental encrypted offsite backups using btrfs

On 05/24/2016 07:35 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, May 24, 2016 at 07:22:06PM -0400, Chris Laprise wrote: On 05/24/2016 11:26 AM, li...@mullvad.net wrote: On Friday, May 20, 2016 at 3:19:07 PM UTC+2, Chris Laprise wrote

Re: [qubes-devel] VPN-Firewall, deafeating shared VPN/Tor server leak bug in Qubes

Some notes about a VPN firewall solution... Objectives: * Prevent all communication between downstream vms and upstream clearnet (eth0) when the vpn client fails or the link goes down. * Implement vpn link as a dedicated vm, transparent to downstream vms. * Remain compatible with conventional

Re: [qubes-devel] VPN-Firewall, deafeating shared VPN/Tor server leak bug in Qubes

On 05/27/2016 09:41 AM, Ivan wrote: Hi, On 05/27/2016 04:00 PM, Chris Laprise wrote: Some notes about a VPN firewall solution... Objectives: * Prevent all communication between downstream vms and upstream clearnet (eth0) when the vpn client fails or the link goes down. * Implement vpn link

Re: [qubes-devel] let domU change the displayed cursor

On 05/28/2016 06:18 PM, john.david.r.smith wrote: hi. there is a small thing annoying me when working with qubes. if i want to resize gui elements in an domU window (not the window itself, but some sidebar similar to the one displayed by the google groups webinterface), my cursor does not cha

Re: [qubes-devel] VPN-Firewall, deafeating shared VPN/Tor server leak bug in Qubes

On 05/27/2016 09:41 AM, Ivan wrote: Hi, On 05/27/2016 04:00 PM, Chris Laprise wrote: Some notes about a VPN firewall solution... Objectives: * Prevent all communication between downstream vms and upstream clearnet (eth0) when the vpn client fails or the link goes down. * Implement vpn link

Re: [qubes-devel] VPN-Firewall, deafeating shared VPN/Tor server leak bug in Qubes

Here's a revision of the firewall script: --- ## ## qubes-firewall-user-script for use with a VPN client such as openvpn. ## ## iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP ## Stop all leaks be

[qubes-devel] Simplify Qubes firewall forwarding in proxy vms?

Hi Marek, While focusing on the vpn stuff[1] I may have stumbled upon a way to make the forwarding chain much simpler. Replace all the specific rules for downstream vm addresses with this: FORWARD -i vif+ -d subnet.1 -j ACCEPT FORWARD -i vif+ -d subnet.254 -j ACCEPT So qubes-firewall would b

Re: [qubes-devel] Simplify Qubes firewall forwarding in proxy vms?

On 05/30/2016 10:27 PM, HW42 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: Hi Marek, While focusing on the vpn stuff[1] I may have stumbled upon a way to make the forwarding chain much simpler. Replace all the specific rules for downstream vm addresses with this

Re: [qubes-devel] Simplify Qubes firewall forwarding in proxy vms?

On 05/30/2016 10:27 PM, HW42 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: Hi Marek, While focusing on the vpn stuff[1] I may have stumbled upon a way to make the forwarding chain much simpler. Replace all the specific rules for downstream vm addresses with this

Re: [qubes-devel] VPN-Firewall, deafeating shared VPN/Tor server leak bug in Qubes

On 05/30/2016 08:03 PM, Chris Laprise wrote: Here's a revision of the firewall script: --- I'm going to follow-up with a suggested openvpn "up" script that will take care of the dns-dnat rules in chain PR-QBS. The user can opt to enter their vpn dns addresses or

Re: [qubes-devel] Re: power consumption when running on battery

On 05/30/2016 09:44 AM, Cyril LEVIS wrote: Anyone try to play with xenpm? http://wiki.xenproject.org/wiki/Xen_power_management ? And cpuidle boot settings? I've played with xenpm and changing the CPU speeds. I have a 'todo' to write some battery event scripts to lower CPU speed on battery

[qubes-devel] Project for 'leakproof' VPN firewalls on Qubes (incl. Tor over VPN)

Qubes-vpn-support contains an automatic firewall script that will make a dedicated VPN VM fail closed, and also prevent DNS queries and other info from leaking--whether your VPN client of choice is working or has gone down. Attempts to go around a failed VPN tunnel by Tor, for instance, shouldn

Re: [qubes-devel] Refinement via Compatability

On 06/05/2016 05:33 PM, middi...@gmail.com wrote: Just a curious fan here interested in upcoming 3.2 and beyond. So with 3 units separately tested 3.1 with newest kernels (including 4.4) all have been struggles to get installed and working on each various piece of hardware. 2 involved increm

Re: [qubes-devel] Refinement via Compatability

On 06/06/2016 08:34 AM, J.M. Porup wrote: On Mon, Jun 06, 2016 at 05:19:01AM -0400, Chris Laprise wrote: This is probably an issue where Qubes will have to evolve in order to succeed. Compare the "desktop Linux" category with Android: The latter has a reference hardware platform i

Re: [qubes-devel] Re: Reinitialize Templates

On 06/14/2016 06:20 AM, Ivan wrote: Hi, On 06/14/2016 12:34 PM, Jasper Weiss wrote: There's some new documentation added to the website on reinstalling templates here I guess many qubes users have a shared template they use for both sys-*

Re: [qubes-devel] Re: Reinitialize Templates

On 06/14/2016 07:22 AM, Ivan wrote: On 06/14/2016 02:01 PM, Chris Laprise wrote: On 06/14/2016 06:20 AM, Ivan wrote: Hi, On 06/14/2016 12:34 PM, Jasper Weiss wrote: There's some new documentation added to the website on reinstalling templates here <https://www.qubes-os

[qubes-devel] Feature: Sanitized / trusted webcam input

The 3.2rc1 announcement with its news about USB passthrough--and the persistent problem of securely using USB peripherals--got me thinking that sanitizing a webcam video stream is not far-fetched today. PCs can encode video in real time, even without GPU help, so re-creating a stream as 'truste

Re: [qubes-devel] Anti Evil Maid PCRs

On 06/22/2016 02:10 PM, Rusty Bird wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Marcin, How would Anti Evil Maid detect BIOS/hardware modifications without sealing to PCR 0-3? By default it seals only to PCR 13,17,18,19. PCRs 17-19 come from tboot, which uses Intel TXT to prote

Re: [qubes-devel] Re: Qubes 3.2 rc1 has been released!

On 06/26/2016 08:56 AM, tal...@gmail.com wrote: Thanks - that worked. After upgrading, I couldn't get it to boot with the Linux 4.4 kernel (ThinkPad T550; just a blank screen followed by a reboot), but selecting 4.1.13 from the grub menu allowed it to start. -- This reset problem sounds sim

Re: [qubes-devel] Question about nonfree software in Qubes

On 06/30/2016 09:36 PM, Unman wrote: On Thu, Jun 23, 2016 at 12:28:01AM +0100, D G wrote: Dear Qubes developers, I am interested in Qubes OS because of its design. However, I have a question about what software is included in Qubes, and whether it is free or non-free, particularly the Linux ker

Re: [qubes-devel] Subduing the bright window border colors

On 05/14/2016 02:03 PM, Chris Laprise wrote: [...] QubesLabel (QUBES_LABEL_DOM0, "dom0", QColor::fromHsv (0, 0, 210), Qt::black), QubesLabel (QUBES_LABEL_RED, "red", QColor::fromHsv (0,154, 168), Qt::black, Qt::lightGray), QubesLabel (QUBES_LABEL_ORANGE, "

[qubes-devel] Moving cache dirs out of /dev/xvdb

prefer block-device backups. So having a "cache" class of storage volume for each VM makes sense from this perspective. I just wanted to post this idea to explore whether its worth exploring. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP:

Re: [qubes-devel] Offering salt help

r setting up VM sudo/pam configuration. Also explore if its useful for configuring VPNs. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Gr

[qubes-devel] IP forwarding is on while qubes-firewall starts

hould be a patch (ex: /etc/sysctl.conf) to have the initial VM forwarding state at '0' until qubes-firewall finishes initializing. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You r

Re: [qubes-devel] IP forwarding is on while qubes-firewall starts

On 04/19/2018 09:10 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Apr 19, 2018 at 08:29:17PM -0400, Chris Laprise wrote: A departure from the R3.x behavior that I think may compromise network security is that in R4.0 proxyVMs /proc/sys/net/ipv4

Re: [qubes-devel] IP forwarding is on while qubes-firewall starts

On 04/19/2018 10:54 PM, Chris Laprise wrote: On 04/19/2018 09:10 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Apr 19, 2018 at 08:29:17PM -0400, Chris Laprise wrote: A departure from the R3.x behavior that I think may compromise network security

Re: [qubes-devel] IP forwarding is on while qubes-firewall starts

On 04/19/2018 10:59 PM, Chris Laprise wrote: On 04/19/2018 10:54 PM, Chris Laprise wrote: On 04/19/2018 09:10 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Apr 19, 2018 at 08:29:17PM -0400, Chris Laprise wrote: A departure from the R3.x

Re: [qubes-devel] How to use VPN for encrypt traffic from Tor exit node of Whonix?

d ports for TCP. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this

Re: [qubes-devel] Whonix Testers Wanted!

far. Only quirk that I also have with stable is when I shutdown a browser VM with my hotkey config (it runs a script that quits firefox + thunderbird in the foreground VM, then does qvm-shutdown on it) there is a popup saying "Error: Failed to start Tor Browser". -- Chris La

Re: [qubes-devel] Total removal of swap files from qubes as an installation option

ophone-equipped audience monitoring TVs, there is reason to distrust their products based on their motives and lack of respect for people's privacy. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1

[qubes-devel] qubes-builder stops with error

usr/share/perl5/vendor_perl/Digest.pm line 44. make[2]: *** [/home/user/qubes-builder/qubes-src/builder-debian/Makefile.debian:173: dist-build-dep] Error 2 make[1]: *** [Makefile.generic:177: packages] Error 1 make: *** [Makefile:217: vmm-xen-vm] Error 1 -- Chris Laprise, tas...@poste

Re: [qubes-devel] qubes-builder stops with error

Error 1 make: *** [Makefile:217: meta-packages-vm] Error 1 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes

Re: [qubes-devel] qubes-builder stops with error

On 09/20/2018 10:30 AM, unman wrote: I saw that yesterday and thought it was my meddling. It's a new bug - will you report it? OK, its https://github.com/QubesOS/qubes-issues/issues/4327 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP:

[qubes-devel] Re: [qubes-users] nftables vs iptables

:56 AM, mfreemon wrote: On 10/2/18 2:25 AM, Ivan Mitev wrote: On 10/2/18 1:32 AM, Chris Laprise wrote: On 10/01/2018 05:48 PM, mfreemon wrote: On 1/11/18 3:01 PM, Chris Laprise wrote:     > On 01/10/2018 03:47 PM, Connor Page wrote:     >> The official templates use nftables so shouldn’t

Re: [qubes-devel] Rewriting; set up ProxyVM as a VPN using iptables and CLI scripts

tails at these links: https://github.com/tasket/qubes-tunnel https://github.com/QubesOS/qubes-issues/issues/3503 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message becaus

Re: [qubes-devel] Where does Qubes-UX fit in?

es 4.0 now because recovering the old 3.x UI options will be a gradual process. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Gro

Re: [qubes-devel] Qubes as #NextGen #FileManagement efficiency tool (alleviating Information Overload while securing the info..?!)

re Qubes is supposed to get a new type of VM/qube for handling storage. This is intended to protect the OS from compromised HD/SSD firmware, for example. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

Re: [qubes-devel] Where does Qubes-UX fit in?

er something is impossible (except qvm-block --attach-file), but rather that is has become cumbersome compared to Qubes 3.x, especially 3.1! sincerely GammaSQ -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106

Re: [qubes-devel] Dropping support for old templates

ter only 12-15 months of use. With that said, I don't think long-term Debian support should necessarily apply to Whonix, which is its own distro in a sense. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1D

Re: [qubes-devel] Dropping support for old templates

On 11/30/2018 08:16 PM, unman wrote: On Fri, Nov 30, 2018 at 07:25:15PM -0500, Chris Laprise wrote: On 11/30/2018 06:06 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [moved discussion from ticket #2065] On Fri, Nov 30, 2018 at 11:44:21AM +, Patrick

[qubes-devel] ANN: Fast incremental backups project

27;Todo' I should also mention is the name: I don't really like the current working title and would appreciate your suggestions and PRs on this and many other issues! -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/09/2018 10:38 AM, Chris Laprise wrote: 'Sparsebak' Fast Time Machine-like disk image backups for Qubes OS and Linux LVM. And of course, a link to the project :) https://github.com/tasket/sparsebak -- Chris Laprise, tas...@posteo.net https://github.com/ta

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/10/2018 05:23 AM, Ivan Mitev wrote: That's really great work. On 12/9/18 5:38 PM, Chris Laprise wrote: Status - Alpha version -- Can do full or incremental backups of Linux thin-provisioned LVM to local dom0 or VM filesystems or via ssh, as well as simple volume retrieva

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/10/2018 09:42 PM, Outback Dingo wrote: On Tue, Dec 11, 2018 at 12:57 AM Chris Laprise wrote: On 12/10/2018 05:23 AM, Ivan Mitev wrote: That's really great work. On 12/9/18 5:38 PM, Chris Laprise wrote: Status - Alpha version -- Can do full or incremental backups of Linux

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/10/2018 08:27 PM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/10/18 11:57 AM, Chris Laprise wrote: On 12/10/2018 05:23 AM, Ivan Mitev wrote: That's really great work. On 12/9/18 5:38 PM, Chris Laprise wrote: Status - Alpha version -- C

Re: [qubes-devel] ANN: Fast incremental backups project

ce the error? I also posted an update in the 'new' branch that will print out the relevant values if/when the error occurs: https://github.com/tasket/sparsebak/tree/new Thanks! -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E

Re: [qubes-devel] RAM troubles

controller where refresh rates and other timings are incorrectly set. Check the mfg specs carefully to make sure it supports your model of laptop; if it does, then check to see if your BIOS has an update available. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.co

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/11/2018 02:20 PM, Ivan Mitev wrote: On 12/11/18 8:46 PM, Chris Laprise wrote: On 12/11/2018 11:19 AM, Ivan Mitev wrote: On 12/11/18 5:20 PM, Steve Coleman wrote: I was attempting to "send" all my VM's private sections to a drive mounted on sys-usb, and I seem to

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/12/2018 09:11 AM, Steve Coleman wrote: On 12/12/18 8:13 AM, Chris Laprise wrote: A fix has been pushed to master (alpha2). I ran this new version and the first time it gave another error. Second time the same error, third time trying to capture a logfile it ran but was incomplete

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/12/2018 05:12 PM, Steve Coleman wrote: On 12/12/18 2:41 PM, Chris Laprise wrote: On 12/12/2018 09:11 AM, Steve Coleman wrote: On 12/12/18 8:13 AM, Chris Laprise wrote: A fix has been pushed to master (alpha2). I ran this new version and the first time it gave another error. Second

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/13/2018 02:33 PM, Chris Laprise wrote: On 12/12/2018 05:12 PM, Steve Coleman wrote: On 12/12/18 2:41 PM, Chris Laprise wrote: On 12/12/2018 09:11 AM, Steve Coleman wrote: On 12/12/18 8:13 AM, Chris Laprise wrote: A fix has been pushed to master (alpha2). I ran this new version and

[qubes-devel] VM settings extraction & restoration

Is there a general procedure for assembling Qubes VM configuration data so that a complete backup and restoration of VM settings can be neatly executed? Related: https://github.com/tasket/sparsebak/issues/18 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com

Re: [qubes-devel] ANN: Fast incremental backups project

is could include those areas: - more abstract and simplified handling of remote repositories (like duplicity) Actually this is one of Sparsebak's strong points... very low interactivity during remote operations. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.c

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/22/2018 08:48 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Dec 21, 2018 at 08:39:43AM -0500, Chris Laprise wrote: On 12/20/2018 09:40 PM, Marek Marczykowski-Górecki wrote: Thanks for doing this! I haven't really looked at the code,

Re: [qubes-devel] ANN: Fast incremental backups project

On 12/31/2018 08:49 AM, Brendan Hoar wrote: On Saturday, December 29, 2018 at 2:30:12 PM UTC-5, Chris Laprise wrote: Also note that we'd like to have at least some level of hiding metadata - - like VM names (leaked through file names). I have an idea for a relatively simple obfuscation

Re: [qubes-devel] apt RCE

d' in the sense that Debian's temporary update instructions from their security bulletin do not work in the Qubes template. So we are missing a straightforward resolution that Qubes users can follow. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/tta

Re: [qubes-devel] apt RCE

On 01/22/2019 08:49 PM, unman wrote: On Tue, Jan 22, 2019 at 12:57:37PM -0500, Chris Laprise wrote: On 01/22/2019 12:03 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jan 22, 2019 at 08:03:01AM -0800, Brendan Hoar wrote: https://justi.cz

Re: [qubes-devel] apt RCE

On 01/22/2019 09:51 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jan 22, 2019 at 09:44:31PM -0500, Chris Laprise wrote: On 01/22/2019 08:49 PM, unman wrote: On Tue, Jan 22, 2019 at 12:57:37PM -0500, Chris Laprise wrote: On 01/22/2019 12:03 PM

Re: [qubes-devel] apt RCE

consider. I suppose the latter is relatively easy to update, but the iso not so much. I wouldn't object to a dom0 solution that - at template install time - tests a watchlist of package versions for that OS. This could be touted as a form of VM hardening offered by Qubes. -- Chris Laprise

Re: [qubes-devel] apt RCE

On 01/23/2019 09:03 AM, unman wrote: On Tue, Jan 22, 2019 at 10:06:01PM -0500, Chris Laprise wrote: I didn't realize, as Ilpo suggested, that I should comment-out the other sources temporarily. That did the trick. deb.debian.org, which you are using, isnt a repository. It's a p

Re: [qubes-devel] Re: Password encryption for individual vm's

ust like to remind people (again) that Qubes has a storage pool feature. So it IS possible to encrypt VMs with different encryption keys. It requires some initiative from the user to set it up, however, to define the pools so they reside in encrypted volumes. -- Chris Laprise, tas...@posteo.net

Re: [qubes-devel] Why is the RAM always gone?

d it. Setting the max RAM for dom0 can save a lot of memory but requires editing the "dom0_mem" parameters in /etc/default/grub (if not using UEFI) and then update with the 'dracut' command. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.co

Re: [qubes-devel] Why is the RAM always gone?

On 2/3/19 7:41 AM, Plex wrote: On Sunday, February 3, 2019 at 10:41:22 AM UTC, Hugo Riebmann wrote: Chris Laprise: I wrote a script to condense the info with a sum of the total amount used: https://github.com/tasket/Qubes-scripts/blob/master/system-stats-xen Thank you! My shell-foo is not

Re: [qubes-devel] Why is the RAM always gone?

than a desktop with some windows. Even with KDE, 1500MB lets the system run smoothly. Overall, this can make a critical improvement in usability. On an 8GB system, there's a big difference between being able to run 6 appVMs and being able to run 9. -- Chris Laprise, tas...@posteo.net

Re: [qubes-devel] Allocating(too fast)fails and triggers OOM-killer before MemTotal reaches AppVM's set Max memory

here the delays incurred by swap are used to buy time for qmemman. If I were more familiar with the subject, I might propose a memory allocation method that is synchronous and therefore more deterministic. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/tta

Re: [qubes-devel] More regular point releases schedule?

ing a sub-point increment (just as for bug fixes) but with a date indicator also present in all the relevant release and package files. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You rec

Re: [qubes-devel] Would Qubes OS run slow on a HDD with 8GB of RAM?

s-net, sys-firewall, etc) and 700-2000MB as a rule of thumb for each appVM depending on the apps needs. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because yo

Re: [qubes-devel] Possibly dropping support for old qemu-traditional subdomain in R4.1

older. If you have such VM, you can try switching to the new stubdomain and see how it works. Any opinions? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

Re: [qubes-devel] QSB #49: Microarchitectural Data Sampling speculative side channel (XSA-297)

consider recommending a switch to AMD processors as a short-term mitigation against CPU vulnerabilities. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

Re: [qubes-devel] Re: ANN: Fast incremental backups project

On 5/21/19 6:24 PM, qtpie wrote: Chris Laprise: On 12/09/2018 10:38 AM, Chris Laprise wrote: 'Sparsebak' Fast Time Machine-like disk image backups for Qubes OS and Linux LVM. And of course, a link to the project :) https://github.com/tasket/sparsebak Have people

Re: [qubes-devel] Re: ANN: Fast incremental backups project

On 5/28/19 4:31 PM, Mike Keehan wrote: On Mon, 27 May 2019 12:45:15 -0700 (PDT) Ivan Mitev wrote: On Wednesday, 22 May 2019 01:03:44 UTC, qtpie wrote: Chris Laprise: On 12/09/2018 10:38 AM, Chris Laprise wrote: 'Sparsebak' Fast Time Machine-like disk image backups for Qubes OS

[qubes-devel] Re: [qubes-users] Fedora 28 has reached EOL

f update again and there are 219 packages to update. 2. Trying to remove thunderbird, dnf wants to remove 67 packages incl. most of qubes*, nftables, salt, tinyproxy. It would be good to be able to remove thunderbird or other large apps without the OS crumbling to pieces. -- Chris Laprise

[qubes-devel] Python 3.6 in dom0

ecific for general use (what if the user has 3.7?) and the latter leaves me stuck with 3.5 in dom0. Is there some way to convert dom0 to use python 3.6 as the default for 'python3', without breaking Qubes? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.co

[qubes-devel] Backport newer 'thin-provisioning-tools' to dom0?

dom0 and they work fine with both 4.14 and 4.19 kernels; none of the updated commands have crashed on me. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

Re: [qubes-devel] Backport newer 'thin-provisioning-tools' to dom0?

On 6/28/19 3:35 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 28, 2019 at 02:56:46PM -0400, Chris Laprise wrote: Before releasing my lvm backup tool, I thought I'd ask about updating thin-provisioning-tools package from the rather old

Re: [qubes-devel] Backport newer 'thin-provisioning-tools' to dom0?

On 6/28/19 5:29 PM, Chris Laprise wrote: On 6/28/19 3:35 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jun 28, 2019 at 02:56:46PM -0400, Chris Laprise wrote: Before releasing my lvm backup tool, I thought I'd ask about updating thin-provisi

Re: [qubes-devel] QSB #050: Reinstalling a TemplateVM does not reset the private volume

/QubesOS/qubes-issues/issues/5192 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubs

[qubes-devel] Gigantic kernel updates taking 25+minutes to dl

4.19.36 = 253MB 4.19.43 (vm) = 513MB 4.19.67 (vm) taking >25min to download at 120kBytes / sec. What is going on? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this mess

Re: [qubes-devel] Gigantic kernel updates taking 25+minutes to dl

On 9/10/19 6:43 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 10, 2019 at 06:33:28PM -0400, Chris Laprise wrote: 4.19.36 = 253MB 4.19.43 (vm) = 513MB 4.19.67 (vm) taking >25min to download at 120kBytes / sec. What is going on? The si

Re: [qubes-devel] Gigantic kernel updates taking 25+minutes to dl

On 9/10/19 8:22 PM, Chris Laprise wrote: On 9/10/19 6:43 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 10, 2019 at 06:33:28PM -0400, Chris Laprise wrote: 4.19.36 = 253MB 4.19.43 (vm) = 513MB 4.19.67 (vm) taking >25min to download

[qubes-devel] Certifying AMD based systems

post summarizes my thoughts about why Intel is so problematic (beyond being closed design) that AMD is currently a more responsible choice... https://groups.google.com/d/msgid/qubes-users/85c426f7-7e17-b1ab-87c3-71f92d169955%40posteo.net -- Chris Laprise, tas...@posteo.net https://github.com

Re: [qubes-devel] Qubes 4.0.2 severe issue - dom0 kernel crash

0.2 installer? That could reduce the urgency for a new release. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qube

Re: [qubes-devel] Qubes 4.0.2 severe issue - dom0 kernel crash

On 1/4/20 9:39 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jan 04, 2020 at 09:28:45AM -0500, Chris Laprise wrote: Can discards be disabled from the 4.0.2 installer? That could reduce the urgency for a new release. Not easily, besides 'di

Re: [qubes-devel] Qubes 4.0.2 severe issue - dom0 kernel crash

t it is in such a way that my earlier suggestion would work. :( -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups &q

[qubes-devel] AEM upgrade locks up

Upgrading : anti-evil-maid-4.0.2-1 After 25 minutes nothing has happened. Ctrl-c doesn't stop it so I'll have to reboot without completing the dnf transaction... -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A

Re: [qubes-devel] AEM upgrade locks up

On 1/16/20 12:21 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jan 15, 2020 at 11:03:44PM -0500, Chris Laprise wrote: Upgrading : anti-evil-maid-4.0.2-1 After 25 minutes nothing has happened. Ctrl-c doesn't stop it so I'll have

Re: [qubes-devel] Shared /home partition

s not meant to hold application data files. They are a security risk if you use them there. And there is no space issue... the dom0 'root' logical volume doesn't occupy any more space than it needs to hold the operating system (bc it exists in the thin pool). -- Chris Lapris

Re: [qubes-devel] Thoughts on PGP vs signify and age?

hange, and also I think Joanna Rutkowska (although no longer with Qubes) is right to be supportive of the GPG project. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message b

Re: [qubes-devel] Thoughts on PGP vs signify and age?

On 3/18/20 2:24 PM, Konstantin Ryabitsev wrote: On Wed, Mar 18, 2020 at 02:16:34PM -0400, Chris Laprise wrote: On 3/18/20 1:48 PM, Konstantin Ryabitsev wrote: Will Qubes transition at some point? I think Qubes should offer signify-style signatures on its released objects, sure. But how

[qubes-devel] Re: Nvidia driver issue

5.6.13 did not help (with either the iGPU or dGPU as the sink) in my case. An "Nvidia Graphics" logo on a computer should serve as a warning to users of open source operating systems. Even Linus Torvalds is visibly angry at that company. -- Chris Laprise, tas...@posteo.net https

Re: [qubes-devel] WIP: Qubes on KVM

https://gpuopen.com/ -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this

[qubes-devel] Feasibility of modifying Qubes metadata outside Qubes dom0 env

me' functions as the key. Thanks in advance... -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel&qu

Re: [qubes-devel] "Make an Alpha!"

th 4.1 installation: * Excluding all templates and vm kernels * Allocating a thin lvm pool and then using the plain file pool type * VMs ignoring the selected keyboard layout * Incompatibility with a popular Intel wifi card Those first few are pretty rough. -- Chris Laprise, tas...@posteo.net https:

Re: [qubes-devel] "Make an Alpha!"

14 AMD. If you have suggestions for gathering debug info I'll try them. Chris Laprise: * Allocating a thin lvm pool and then using the plain file pool type Can you expand on what you're trying to do and how it's going wrong? After building the iso and storing it on usb flas

Re: [qubes-devel] "Make an Alpha!"

Chris Laprise: * Allocating a thin lvm pool and then using the plain file pool type Can you expand on what you're trying to do and how it's going wrong? From the 'initial-setup-ks.cfg' file on the 4.1 machine: > %packages > @^qubes-xfce > @qubes-ui And: > %

Re: [qubes-devel] "Make an Alpha!"

On 9/21/20 6:28 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 21, 2020 at 08:18:19AM -0400, Chris Laprise wrote: (BTW, running qubes-builder in fc32 instead of fc30 results in an iso with an invalid grub config). Can you post what exactly

Re: [qubes-devel] "Make an Alpha!"

On 9/21/20 6:27 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 21, 2020 at 09:18:35AM -0400, Chris Laprise wrote: Chris Laprise: * Allocating a thin lvm pool and then using the plain file pool type Can you expand on what you're trying

Re: [qubes-devel] "Make an Alpha!"

thers? Thanks... -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this

[qubes-devel] R4.1 some qubes-rpc rules are not working

ow' but no dice. 2. The manual instructions for sys-usb keyboard proxy do not work with 'ask'... they only work with 'allow'. I'd really like to get both of these security-critical prompts working on Qubes 4.1. -- Chris Laprise, tas...@posteo.net https://github

Re: [qubes-devel] R4.1 some qubes-rpc rules are not working

On 10/1/20 11:12 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 28, 2020 at 08:12:48PM -0400, Chris Laprise wrote: There are two separate rpc configurations I tried recently which failed to work: 1. The 'vm-sudo' doc instructions

  1   2   3   >