Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
On Sunday, September 25, 2016 at 7:34:28 AM UTC-4, johny...@sigaint.org wrote: > > Simple question: Why are Ethernet and WiFi in sys-net..? > > > > Is it > > > > (A) Just for easy access to the same network for all App VMs..? > > > > (B) Because this is isolating Ethernet and WiFi from the rest of the > > system, to stop DMA attacks..? > > Primarily (B). Any DMA attack or other network hardware compromise is > confined to the net VM, and not your more critical work VM's (or dom0). > > > It's not clear to me whether the VT-D protection is occurring because you > > are putting these devices in sys-net. > > > > Or whether the VT-D is implemented regardless of which VM the > > Wifi/Ethernet are in. > > I'm not quite clear what you're getting at here. The network device(s) > could live in any VM, and thus be isolated from the rest of the system. > > But by Qubes convention, the devices are put in sys-net, which is > sys-firewall's NetVM, which in turn is typically the NetVM for other > AppVM's. > > > I ask this because I want to run some programs in sys-net, and wonder > > whether a DMA attack could screw up these programs. > > It absolutely could. I'd generally recommend against running anything in > sys-net unless its very specifically needed, raw net-related, or low-risk. > Things like wireshark, iptraf are useful to have in sys-net, for example. > > Any program running in sys-net doesn't benefit from the firewall rules > protection at all, either. > > Just as with dom0, the fewer programs running (and thus the smaller attack > surface) in sys-net (and sys-firewall), the better. > > Which is why I'd like to see unnecessary things like pulseaudio, exim, > (and possibly even the X server) not included in sys-net by default. I > think there's a Qubes ticket to that effect. > > Digressing a bit, but here's an interesting, leaner replacement for > sys-firewall: > > http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ > > What's the nature of the program(s) you want to run in sys-net? Is there > any reason they couldn't be run in another AppVM instead? > > JJ anything listening to traffic is a security risk. wireshark is a known security risk in itself. But that is whats cool about qubes, the sys-net is considered untrusted anyways. so actually perfect for running something like wireshark. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac07e942-7735-4c5a-a73b-81b74776ff90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes Windows Tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 It gives me no pleasure (well...) to gang up on a guy who obviously doesn't have the slightest notion of what it means to possess even a modicum of social grace. But in the absence of a downvote button, how else do you voice your disapproval of a community member that is as ignorant as he is arrogant and who repeatedly insults fellow users that try to help? [BTW, it's all Marek's fault for having the extraordinary patience to indulge this buffoon with a straight face.] Drew White: > On Wednesday, 28 September 2016 18:33:25 UTC+10, Dave Ewart wrote: >> On Wednesday, 28.09.2016 at 01:06 -0700, Drew White wrote: >>> On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan >>> wrote: On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: > Does QWT require any specific version of Windows 7? Or will > they work with all versions of Windows 7? covered here: all. https://www.qubes-os.org/doc/windows-tools-3/ >>> >>> Doesn't even BEGIN to answer the question. >> >> It *completely* answers your question. In the first line: "Only >> 64-bit Windows 7 (any edition) is supported". So you need Windows >> 7 64-bit, but the edition doesn't matter (e.g. Home, Enterprise, >> whatever). > > I said VERSION, not EDITION. You should have stuck to Edition and just said, "Thanks for the answer", because now you look like a bigger idiot than when you began. A Windows version/build/release is just a collection of installed updates. That means that whatever version you install changes the moment you update it. Did you expect the devs to test every possible combination of Windows updates? Or to test a buggy old release? > Why does QWT require TESTSIGNING to be turned on? Is that > because Win7 requires things to be signed? https://www.qubes-os.org/doc/windows-appvms/ "Before ... >>> >>> Still doesn't answer that question either. >>> >>> I said "hi devs" because I needed someone with the knowledge of >>> WHY, not just an end user reason, but a dev description that is >>> technical. >> >> Again, that really *does* answer your question. Windows 7 requires >> drivers to be signed by a recognised certificate. The Qubes Tools >> drivers are *not* signed by a recognised certificate, so to make >> them work one needs to toggle the TESTSIGNING flag so that Windows >> 7 no longer cares about their certificates. > > Okay, it seems you can't understand a simple questions so I will > rectify it to be more the way I would have normally asked it before > I started asking the questions in a way that more people can > understand, again, you are not a dev... > > Why do you need testsigning on when you can easily get a certificate > for signing your software when people could intercept with unsigned > software that will cause harm instead of goo and cause that guest > machine to be infected and mean that qubes wasn't doing things > right security wise? > > Does that better clarify the question that I'm asking as to the WHY? Perfectly. Drew, thank you for refining your initial question to make it more "technical". Because now, the answer is... EXACTLY THE SAME as the one Foppe gave you at the outset. >>> So please, refrain from answering my questions with details that >>> don't answer anything. If the website had the information, I >>> would not be asking. >> >> It sounds like the web site *does* include the information, you >> failed to find it (or didn't look), someone answered by pointing >> you at the right information and you merely insulted them in >> reply. Glad to see you're still trolling here, Drew... :-/ > > If you read my current reply, you will see that it doesn't answer > the question(s) > ... > True, but he wasn't a dev, so I saw no reason to give more information. > ... > The question was perfectly stated, I was after a technical WHY, not an > end-user WHY. > ... > That is precise to an end-user, but I wanted a technical explanation. As I > said in a recent post, which may be worth you reading that sentence that also > relates here. My bad, here's the technical version coming from an end-user: RTFM. (The answer starts with R- and ends with -PM.) I know it's hard to believe but, #IAmNotADev. >>> That only tells me what you assign to a Windows Guest. >>> What it doesn't tell me is what the tools require in seamless mode, >>> including but not limited to the Windows Guest and Dom0. >> >> I'm sorry, but what I'm missing here is your explanation/indication as to >> what you have already tried yourself, and why the information you seek could >> not be retrieved by you installing a w7 VM, installing the tools, and >> checking ram use in a running VM; and secondly, if you had indeed checked >> that out before asking it here, why that information wasn't >> useful/sufficiently informative to you. > > That information doesn't tell me enough. >
Re: [qubes-users] Why won't Google Chrome remember my Google logins?
On Monday, September 26, 2016 at 9:01:35 AM UTC-4, Mathew Evans wrote: > On Sunday, 25 September 2016 15:33:35 UTC+1, Clark Venable wrote: > > On Sunday, September 25, 2016 at 8:42:08 AM UTC-4, Clark Venable wrote: > > > Nope. Allow local data to be set is enabled. > > > > It all works as I expect in Firefox, So I'm happy to leave this alone and > > just use Firefox rather than Chrome (which is probably what the devlopers > > intended by including Firefox in the distro. :-) > > I can confirm i had the same issue with Chrome. There is somthing funky going > on between seahorse and chrome and how in the AppVMs details are stored. As > long as you do not restart the AppVM you can close and reopen chrome as many > times as you want and it will work fine, even with disable background > processes. when you restart the AppVM the info in seahorse seams to expire > instantly. Just use keepassx in the vault vm. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b21f705d-1fec-43a7-b03e-43431f32ca44%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
On Wednesday, September 28, 2016 at 10:48:00 PM UTC-4, raah...@gmail.com wrote: > On Tuesday, September 27, 2016 at 10:31:42 PM UTC-4, johny...@sigaint.org > wrote: > > > You can get a motherboard that has a removable bios chip that you can just > > > snap in to replace, Then call the company and have them send you one or > > > two to hold onto for emergency lol. There is also mobos with dualbios, > > > most ly this is for bringing a bricked board back to life. > > > > I actually have one of those motherboards here. It sounded like a very > > kick-ass feature, the double-bios to restore in case of problems. And the > > board has 8 SATA, a dozen USB, some serious video and audio capabilities, > > 32g memory capabilities, IOMMU, etc. > > > > But it was given to me out of the blue right after I retired a > > dodgy/compromised machine, so I'm a little wary. A shame, because it's > > one hell of a motherboard. > > > > I might fire it up with Qubes in a non-critical/non-trusted manner. (Or > > set it up in a Windows machine, sell it, and buy a known secure > > motherboard. :) ) > > > > > Also don't forget malware can reside in other firmware also. SO that > > > means all pci devices, like gpu, netcard. etc... most experts will > > > tell you just to replace everything to be sure if you think you are > > > compromised at that level and its important. > > > > Would you say a motherboard that integrates a lot of that (with the dual > > recovery BIOS) would be less prone to compromise (or at least easier to > > restore from compromise) than a machine that separate PCI cards providing > > that sound/video/net? > > > > Presumably, if you can trust the vendor and its BIOS, one flashing of the > > BIOS (or recovery from the backup) should restore you to a state that > > could be trusted. A lot easier than doing the same (if even possible) for > > the net/sound/video add-on cards, no? > > > > Or would it be easier for a threat actor to attack a specific motherboard > > and its integrated peripherals, rather than a random set of add-on cards? > > > > JJ > > I'm not sure if whether its integrated matters to how prone to compromise it > is. I would imagine being able to replace a component you think compromised > is better then not being able to, for example replacing gpu or netcard you > think is compromised. But I don't know of many boards that dont' have some > pci devices integrated so we probably have no choice. Again, only way to be > 100% is probably to replace the whole system. With a laptop it would be more > necessary probably. > > Regarding attacking a specific motherboard or firmware, imo, this would all > fall under that category of targeted attack. I think it is still very rare > nowadays for some random or automated attack to infect your firmwares and > bios. At least I hope it is lmao. Especially on a custom machine. But on > the same token it is less rare nowadays for someone to be personally targeted > by a persistent actor with lots of resources. So I guess it all depends on > how paranoid you are and how much you are willing to spend. IMO I don't > think there is much any of us can do against a very persistent attacker, > especially if its the government. when I say nothing you can do, I mean if you want to keep doing the things you want to do on a pc that make you vulnerable and out of your control in the first place unfortunately. Like walking down a public street. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f15e209-ba32-4772-9bae-f6c1cf15be76%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] System still freezes, still no resolution.
On Wednesday, September 28, 2016 at 10:58:57 PM UTC-4, raah...@gmail.com wrote: > saves energy, keeps pc cool, clears ram, keeps it unconnected when idle, > saves boot time. about keeping it unconnected you have to make sure all wakes are off in the bios. and then the really paranoids are worried about big brother in cahoots with hardware manufacturers when it don't matter even if your pc is off lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f20e8450-b07c-47b2-acf1-a10237a212b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Available memory
On Thursday, September 29, 2016 at 12:11:29 AM UTC-4, raah...@gmail.com wrote: > On Wednesday, September 28, 2016 at 4:16:35 PM UTC-4, Jeremy Rand wrote: > > York Keyser: > > > Hi group, > > > > > > I have a short, maybe stupid question, where or how can I see the > > > available memory. Not the memory of each VM I need to know how much > > > memory is availably global wide. (Short-term and Long-term memory) > > > > > > Regards York > > > > Last I heard, there isn't an easy way to see the total available RAM in > > all VM's. Maybe some progress happened there and I haven't heard? It > > would certainly be a useful feature. > > > > Cheers, > > -Jeremy > > add cpu and hdd activity and all that as well lol. xentop is another way to > only show only activity for each vm but I find it more accurate then > qubes-manager. > > Before 3.1 I use to just add all the ram up from all the vms with a > calculator, but after 3.1 they changed the way how dom0 handles ram, > probaby for a very good reason, but there is now now way to tell for me when > what vm is giving back ram or not. or how much total being used or free. what I do is show inactive vms and keep qubes-manager open at all time and look for triangles to see if there is a problem in a vm to shut it down when needed. Like Justin Cooper(Salute) for Hillary's server haha unplug it(Shut it down) for a second and restart it see if it persists. I never saw in a Campaign, a candidate say go to my website and we will be fact checking everything in real time haha. Pioneer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/043831ee-3af5-49ce-93a4-8ba792c616dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Available memory
On Wednesday, September 28, 2016 at 4:16:35 PM UTC-4, Jeremy Rand wrote: > York Keyser: > > Hi group, > > > > I have a short, maybe stupid question, where or how can I see the > > available memory. Not the memory of each VM I need to know how much > > memory is availably global wide. (Short-term and Long-term memory) > > > > Regards York > > Last I heard, there isn't an easy way to see the total available RAM in > all VM's. Maybe some progress happened there and I haven't heard? It > would certainly be a useful feature. > > Cheers, > -Jeremy add cpu and hdd activity and all that as well lol. xentop is another way to only show only activity for each vm but I find it more accurate then qubes-manager. Before 3.1 I use to just add all the ram up from all the vms with a calculator, but after 3.1 they changed the way how dom0 handles ram, probaby for a very good reason, but there is now now way to tell for me when what vm is giving back ram or not. or how much total being used or free. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd310e8d-a9a3-402e-abf9-9fad68e5efae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] System still freezes, still no resolution.
saves energy, keeps pc cool, clears ram, keeps it unconnected when idle, saves boot time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6562a0b0-4fc7-4a5e-95de-6111ada0e9b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
On Tuesday, September 27, 2016 at 10:31:42 PM UTC-4, johny...@sigaint.org wrote: > > You can get a motherboard that has a removable bios chip that you can just > > snap in to replace, Then call the company and have them send you one or > > two to hold onto for emergency lol. There is also mobos with dualbios, > > most ly this is for bringing a bricked board back to life. > > I actually have one of those motherboards here. It sounded like a very > kick-ass feature, the double-bios to restore in case of problems. And the > board has 8 SATA, a dozen USB, some serious video and audio capabilities, > 32g memory capabilities, IOMMU, etc. > > But it was given to me out of the blue right after I retired a > dodgy/compromised machine, so I'm a little wary. A shame, because it's > one hell of a motherboard. > > I might fire it up with Qubes in a non-critical/non-trusted manner. (Or > set it up in a Windows machine, sell it, and buy a known secure > motherboard. :) ) > > > Also don't forget malware can reside in other firmware also. SO that > > means all pci devices, like gpu, netcard. etc... most experts will > > tell you just to replace everything to be sure if you think you are > > compromised at that level and its important. > > Would you say a motherboard that integrates a lot of that (with the dual > recovery BIOS) would be less prone to compromise (or at least easier to > restore from compromise) than a machine that separate PCI cards providing > that sound/video/net? > > Presumably, if you can trust the vendor and its BIOS, one flashing of the > BIOS (or recovery from the backup) should restore you to a state that > could be trusted. A lot easier than doing the same (if even possible) for > the net/sound/video add-on cards, no? > > Or would it be easier for a threat actor to attack a specific motherboard > and its integrated peripherals, rather than a random set of add-on cards? > > JJ I'm not sure if whether its integrated matters to how prone to compromise it is. I would imagine being able to replace a component you think compromised is better then not being able to, for example replacing gpu or netcard you think is compromised. But I don't know of many boards that dont' have some pci devices integrated so we probably have no choice. Again, only way to be 100% is probably to replace the whole system. With a laptop it would be more necessary probably. Regarding attacking a specific motherboard or firmware, imo, this would all fall under that category of targeted attack. I think it is still very rare nowadays for some random or automated attack to infect your firmwares and bios. At least I hope it is lmao. Especially on a custom machine. But on the same token it is less rare nowadays for someone to be personally targeted by a persistent actor with lots of resources. So I guess it all depends on how paranoid you are and how much you are willing to spend. IMO I don't think there is much any of us can do against a very persistent attacker, especially if its the government. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/698014d4-ef40-43e6-ab74-bf3dc6c3996b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
On Tuesday, September 27, 2016 at 9:51:10 PM UTC-4, johny...@sigaint.org wrote: > > Yeah, Joanna is seriously epic. > > Upon that, we can all agree. > > Everything she designs or writes up, seems bang-on (and wonderfully > informative) in this increasingly security-threatened world we're living > in. > > She's probably just a fictional character created by the NSA to mesmerize > and lure us Linux geeks into this honeypot known as Qubes. :) > > (Even I'm not quite that paranoid. Yet, at least.) > > > How about Raspberry Pi..? That seems to have very few components. > > That's interesting. > > As a side project (one of s s many), I'm working on a > Arduino-based system that will let me do secure, encrypted note-taking, > email, SMS, messaging, etc., with (similarly secure/encrypted/hack-proof) > mouse/keyboard/storage, as well as even being a platform for further > development of the same system, without dependency upon a vulnerable PC or > laptop. > > And also being lower-power and mobile, which helps security further. > > Things like secure and encrypted SMS, messaging, email, note taking, > PDA-like functionality (on par with Palm Pilots in days of old) are > certainly possible, without being threatened by hacks from all the > organized (or disorganized) crooks or overly-aggressive governments > pushing, unhindered and beyond reproach, way beyond constitutional and > ethical boundaries. > > They will be portable, low power, low cost, open source, transparent tools > that could be used by the oppressed, the abused, whistle-blowers, the > relentlessly hacked, that are afraid to speak out, as well as the general > public. > > I've been focused upon Arduino/atmega328 due to the low cost, > accessibility, transparency, etc.. > > (The harassment I've personally been undergoing has been keeping me, errr, > rather "frugal," so the atmega328 platform is appealing.) > > Raspberry is a bit like Arduino/atmega on steroids. I've not gone there > because it draws more power, costs more; but at the end of the day, it's > more powerful and probably has similar security/transparency as the > Arduino/atmega328 if done properly. > > And with its additional processing power, it's a more likely candidate for > replacing a PC for things like web browsing, Tor, VPN, PGP, (things a bit > beyond atmega328's capabilities). And in those cases, the extra cost is > still far below even a basic notebook or tablet. > > (Not sure how it rates power-consumption-wise as compared to > notebooks/tablets, maybe a bit worse. I see it used a lot for home media > PC's, which I doubt would last long on a couple of CR2032 batteries. :) > But still way better than a PC, as long as we still can rely upon power to > our homes, it'll do. :) ) > > I am firmly convinced that the only salvation to corrupt surveillance > states and the take-over of the world by the greedy and corrupt, is a > revolution to more simplistic, secure, and (especially) transparent > technology that achieves a lot of the same things as today's hopelessly > complex smartphones, Wifi, broadbands, web browsers. > > I'll stop the rant now. :) But progressing/expanding up to the > Raspberry's power while still achieving the same goals, is something I'm > going to seriously ponder. > > (There are a number of other processors, like STM32 and others, that can > similarly bring more processing power without blowing security. My > approach is quite portable, so any or all of the platforms should be > viable to include in the solution.) > > Thanks for the inspiration. :) > > JJ I use a raspberry pi as a print server with a usb printer for my qubes machine. Its great its just like running debian. and chromium running on it for google loud print for android devices. runs great. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a0a5b3b-183a-4938-9bc9-2bc9a6419e77%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Carrying forward" a DMA attack..?
On Tuesday, September 27, 2016 at 9:14:51 PM UTC-4, Jeremy Rand wrote: > raahe...@gmail.com: > > On Tuesday, September 27, 2016 at 5:11:27 PM UTC-4, Jeremy Rand wrote: > >> raahe...@gmail.com: > >>> or just only allow https in the vm firewall settings. > >> > >> I assume you mean whitelisting TCP port 443? If so, be aware that while > >> this will stop most non-HTTPS traffic, there is nothing that prevents > >> other protocols from using port 443. It's a fairly well-known attack on > >> Tor's "stream isolation by port" feature for websites to use nonstandard > >> ports in order to get isolated in the wrong Tor circuit (e.g. in order > >> to deanonymize SSH traffic), which is why Tor doesn't stream-isolate by > >> port by default. > >> > >> Whitelisting TCP port 443 is still better than nothing, though, assuming > >> that you don't expect any legitimate traffic to go over other ports. > >> Just be aware that it's trivially easy to bypass for an attacker. > >> > >> Assuming that you're using a Firefox-based browser (including Tor > >> Browser), you can get some defense in depth by also enabling the feature > >> of HTTPS-Everywhere that blocks all non-TLS requests. Nothing wrong > >> with combining this with the firewall whitelist that you suggested. > >> > >> Cheers, > >> -Jeremy > > > > oh I see now there is the feature in the plugin ive never used lol. I > > still think its unescessary if you already blocking that traffic with the > > firewall, especially if that plugin or browser is compromised, especially > > with latest news about firefox plugins. For example noscript itself is > > considered a vulnerability on firefox now. > > > As I said, it gets you defense in depth because the two mechanisms > prevent different (though overlapping) attacks. > > HTTPS Everywhere's feature for blocking non-TLS requests will block > non-TLS requests from Firefox that use port 443, while the FirewallVM > won't be able to stop this. For example, a request to > http://www.nsa.gov:443/ will be stopped by HTTPS Everywhere, since it > knows the protocol being used as opposed to just the TCP port. > > The FirewallVM, on the other hand, will block TCP connections on ports > other than 443 even if Firefox in the AppVM is compromised. E.g. you > visit https://www.nsa.gov/ , they deploy a Firefox zero-day, and are > thus able to bypass HTTPS Everywhere. > > Both of these attacks have a lot of overlap (e.g. a simple request to > http://www.nsa.gov/ will be blocked by both). But each defense does > prevent some types of attack that the other doesn't, so it makes sense > IMO to use both. Definitely won't hurt you, and it might help depending > on what attacks get aimed at you. > > (Of course, either of those defenses alone is likely to prevent the vast > majority of real-world attacks, but I'd still suggest doing both. > Justified paranoia is why we're all here, right? :) ) > > Cheers, > -Jeremy good points. Yes seems like a good idea to do both. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95ea1c42-5f2f-477a-9314-e4460d374fb1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Physical isolation using Whonix and Qubes..?
I am looking to use Qubes/Whonix as a dedicated Tor router. And then route a laptop through my Qubes/Whonix system. Main router => Qubes/Whonix computer that acts as a Tor-only router => My laptop for browsing web I want to know how to share the connection of Whonix/Tor in Qubes, with a laptop that connects into the machine physically. I tried asking this question on Whonix forums, but they told me to ask on qubes-users instead, because it is "unsupported". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6be60815-54a4-47de-90b7-fa92052597f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Standalone AppVM losing Apps
Hi folks, Q: 3.2-R1 FULLY UPDATED. I have a standalone AppVM, I installed applications on it. Now I start the guest and it has not got it installed any more. I have not KILLED the guest, only shutit down when I had to restart. Has anyone else experienced this issue or know what could be causing it? Sincerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8968fb72-5954-4585-9fc1-b7d434930bea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
Is there any way to assign just one specific USB port to a specific VM? Or assign a storage device to a guest AS a USB device not a physical device? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f63903c1-eb58-4a6a-af4d-6443651a9996%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
On Wednesday, 28 September 2016 21:07:47 UTC+10, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Sep 27, 2016 at 07:59:55PM -0700, Drew White wrote: > > On Wednesday, 28 September 2016 12:46:10 UTC+10, johny...@sigaint.org > > wrote: > > > Pretty sure the answer is "no." You can assign a whole USB bus (which is > > > typically a single PCI device) to a VM, but you can't split it up beyond > > > that, other than the default of having dom0 relay specific devices to > > > specific VM's (which isn't dom0 USB isolation at all). > > > > > > My mobo has 8 USB ports, but they're all on a single bus, so it's all or > > > nothing. > > > > > > > Hi JJ, > > > > My PC has 10 USB Bus's. > > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I > > left that one on Dom0. > > > > However I now have another issue... > > > > "Error starting VM 'sys-usb': Requested operation is not valid: PCI device > > :00:1a.0 is in use by driver xenlight, domain sys-usb" > > I assume this is after previous failed sys-usb startup, right? There is > a bug in libvirt that device is not marked as unused when VM fails to > start. Workaround: restart libvirtd service. Close Qubes Manager first. > If you still get an error, take a look here: > https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot That appears to have resolved the problem thanks Marek. As for doing the pci strict reset to false, they are being assigned to a container, so that's good, they won't be available to dom0. How do I assign them and deassign them from Dom0 before the system boots? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fbd6b35-fc94-4346-82da-a47c44677782%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
On Wednesday, 28 September 2016 19:35:44 UTC+10, johny...@sigaint.org wrote: > > Hi JJ, > > > > Did some more testing, you were right, I only have 3. > > Hey, that's still pretty handy for separation. > > In Qubes VM Manager, for a chosen VM, you *should* be able to pick a given > PCI USB device and assign it. Yup, I did that, and it fails everything, it says the vm already using it, but the vm isn't even on to start using it and so the vm it's assigned to can't start because it's using a device it's got assigned to it. weird.. lol > Only having one USB bus myself, also used for root, I haven't tried this. > > I have a USB PCI card I've been tempted to use for similar reasons. But > once again, it was given to me out of the blue, which doesn't put it in my > "trusted hardware" chain. > > Not that *any* use bus or device should ever be trusted, the main > motivation for us stuffing them in a VM. :) It is annoying isn't it? > > I have 2 bus's on the motherboard... > > I plugged a USB drive into each set to find out which were which. > > > > But that doesn't explain why it isn't working when I even just attach my > > USB3 card to the USBVM. > > > > That alone should work, but it doesn't. > > Agreed, it should work, from my understanding. You reboot after assigning > things? rebooted, rebuilt, checked it wasn't on any other guests.. > There's some protection about PCI devices not being allowed to go back to > dom0 for reassignment after use, to protect against potentially > compromised devices then touching dom0 (to DMA-attack away): > > https://www.qubes-os.org/doc/user-faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0 > > Not sure if that's relevant or not. I'm over my head with this, and just > guessing, so I probably shouldn't be giving advice, lol. Nope, that isn't relevant. Interesting, but not relevant. Thanks. :} > > So this means I should be able to attach the USB3 card, and the 4 other > > USB to the USBVM, leaving 2 attached to Dom0 for my use. > > Makes sense to me. (Again, getting those darn keyboard/mice off of USB > and onto PS/2 certainly wouldn't hurt figuring things out.) It wouldn't change anything. If I can't assign a PCI-e USB3 4 port card to the VM and have it start... Bit of a problem? > > So why does it have the error? > > dmesg have any hints? (Or is that where the error messages your are > seeing are coming from in the first place?) No hints, no tips, no help button. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e623d1e-70ed-4511-888c-263947b401c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes Windows Tools
On Thursday, 29 September 2016 06:08:12 UTC+10, Jeremy Rand wrote: > Achim Patzner: > > Am 28.09.2016 um 10:06 schrieb Drew White: > >> On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: > >>> On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: > Why does QWT require TESTSIGNING to be turned on? > Is that because Win7 requires things to be signed? > >>> https://www.qubes-os.org/doc/windows-appvms/ > >>> "Before proceeding with the installation we need to disable Windows > >>> mechanism that allows only signed drivers to be installed, because > >>> currently (beta releases) the drivers we provide as part of the Windows > >>> Tools are not digitally signed with a publicly recognizable certificate." > >> Still doesn't answer that question either. > >> > >> I said "hi devs" because I needed someone with the knowledge of WHY, not > >> just an end user reason, but a dev description that is technical. > > > > Which part of "we don't provide signed drivers so if you want to run > > them you have to turn that requirement off" needs a developer to make > > you understand it and what kind of LART do you expect said developer to > > use for beating some sense into you? It's clear, it's precise and unless > > you need a translation into another language there is not much anyone > > could do for you. Please keep the developers doing something more > > important than correcting your refusal to accept facts. > > > > > > Achim > > > > It occurs to me that although I've re-routed messages from Drew to > /dev/null for quite a while (thus saving me from reading that drivel), I > didn't do so for messages that reply to him. I think I'm actually okay > with that oversight, as now I get to enjoy reading 3 different people > explaining to him why his messages are the type of message that resulted > in me null-routing him, but I don't have to subject myself to reading > whatever replies he comes up with. > > (On that note -- kudos to the 3 of you who managed to reply to him, > explaining in reasonable detail why he's off base, without losing your > sanity. Quite impressive.) > > Cheers, > -Jeremy Jeremy, I missed your trolling me like this. Thanks for showing me you aren't ignoring me and are actually making the time to come on here just to troll me again. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c37798d3-e985-48c4-b63f-7e4a15ff9b80%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes Windows Tools
On Thursday, 29 September 2016 04:05:41 UTC+10, Achim Patzner wrote: > Am 28.09.2016 um 10:06 schrieb Drew White: > > On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: > >> On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: > >>> Why does QWT require TESTSIGNING to be turned on? > >>> Is that because Win7 requires things to be signed? > >> https://www.qubes-os.org/doc/windows-appvms/ > >> "Before proceeding with the installation we need to disable Windows > >> mechanism that allows only signed drivers to be installed, because > >> currently (beta releases) the drivers we provide as part of the Windows > >> Tools are not digitally signed with a publicly recognizable certificate." > > Still doesn't answer that question either. > > > > I said "hi devs" because I needed someone with the knowledge of WHY, not > > just an end user reason, but a dev description that is technical. > > Which part of "we don't provide signed drivers so if you want to run > them you have to turn that requirement off" needs a developer to make > you understand it and what kind of LART do you expect said developer to > use for beating some sense into you? It's clear, it's precise and unless > you need a translation into another language there is not much anyone > could do for you. Please keep the developers doing something more > important than correcting your refusal to accept facts. That is precise to an end-user, but I wanted a technical explanation. As I said in a recent post, which may be worth you reading that sentence that also relates here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/75261864-bfd7-47ba-a4dc-871a0004c50b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes Windows Tools
On Thursday, 29 September 2016 01:48:28 UTC+10, Foppe de Haan wrote: > On Wednesday, September 28, 2016 at 10:06:13 AM UTC+2, Drew White wrote: > > On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: > > > On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: > > > > Hi Devs, > > > > > > > > I would like to know from a dev what the requirements are for Qubes > > > > Windows Tools (QWT). > > > > > > > > All O/S reference are known to be x86_64. > > > > > > > > Does QWT require any specific version of Windows 7? > > > > Or will they work with all versions of Windows 7? > > > covered here: all. > > > https://www.qubes-os.org/doc/windows-tools-3/ > > > > Doesn't even BEGIN to answer the question. > > > Assertions really aren't very useful unless accompanied by reasons. True, but he wasn't a dev, so I saw no reason to give more information. > > > > > > > > > > > > Why does QWT require TESTSIGNING to be turned on? > > > > Is that because Win7 requires things to be signed? > > > https://www.qubes-os.org/doc/windows-appvms/ > > > "Before proceeding with the installation we need to disable Windows > > > mechanism that allows only signed drivers to be installed, because > > > currently (beta releases) the drivers we provide as part of the Windows > > > Tools are not digitally signed with a publicly recognizable certificate." > > > > Still doesn't answer that question either. > > So long as you do not ask sufficiently specific questions that indicate why > that doesn't answer your question, I see little reason for you to demand a > dev's time. The question was perfectly stated, I was after a technical WHY, not an end-user WHY. > > I said "hi devs" because I needed someone with the knowledge of WHY, not > > just an end user reason, but a dev description that is technical. > Ask technical questions, you might get technical answers. All you do is ask > exceedingly generic questions that betray little technical background, given > that you don't seem to realize that you're asking insufficiently specific > questions to get the answers/attention you seek. > > > > > What are the CPU/RAM requirements for running QWT Seamless Mode? > > > As far as I can tell, they are no different. I myself generally assign 2 > > > cores of a modern cpu + 1.2-2gb ram. Works well enough > > > > That tells me nothing. > please stop using all this hyperbole. It was the FIRST sentence before the explanation. > > That only tells me what you assign to a Windows Guest. > > What it doesn't tell me is what the tools require in seamless mode, > > including but not limited to the Windows Guest and Dom0. > > I'm sorry, but what I'm missing here is your explanation/indication as to > what you have already tried yourself, and why the information you seek could > not be retrieved by you installing a w7 VM, installing the tools, and > checking ram use in a running VM; and secondly, if you had indeed checked > that out before asking it here, why that information wasn't > useful/sufficiently informative to you. That information doesn't tell me enough. It doesn't tell me what it REQUIRES. It only tells me what it's using. The devs would know what it requires. Please, my questions are very specific. > > > Further to that question being answered was... How many resources does it > > require per window that is converted to it's own display window? > > Along with, Is there a big difference for requirements comparing 1440x900 > > and 1920x1080 ? > Again, please indicate why this information is important to you, in an age > where 16gb ram is easily achievable on any home pc. Also indicate what kind > of programs you wish to run, as I would think that some are rather more > demanding than others. Dom0 has 4 GB RAM. I have dual GPUs. I'm talking about running Windows. I have asked questions before and got no answer, so I thought I'd ask a DIFFERENT WAY than what I normally do and provide information and then find out why such and such is going wrong. IF you want to know that, just search for my posts regarding the Windows Tools. They are hard to miss, there are enough of them. > > > > > Why not have QWT be it's own GUI rather than explorer.exe, and also > > > > replace the login shell for windows? > > > > Or is that something that would be difficult to do? > > > I would assume so, yes. > > > > You don't know, so you are not a dev? > What's with these rhetorical questions? Did you mistake this for a > high-school debate class, and are you hoping to score "points"? rhetorical question because it was there and available. Just pushing my point that he is not a dev, and the whole thing is directed at devs, so only devs OR people that know enough technical information should be answering. > > > The thing is they are already separating the windows to make individual > > windows on Dom0, even though each of those are merely the overlapped > > windows in windows itself, and
Re: [qubes-users] Re: Qubes Windows Tools
On Wednesday, 28 September 2016 18:33:25 UTC+10, Dave Ewart wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Wednesday, 28.09.2016 at 01:06 -0700, Drew White wrote: > > > On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: > > > On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White > > > wrote: > > > > Hi Devs, > > > > > > > > I would like to know from a dev what the requirements are for > > > > Qubes Windows Tools (QWT). > > > > > > > > All O/S reference are known to be x86_64. > > > > > > > > Does QWT require any specific version of Windows 7? Or will they > > > > work with all versions of Windows 7? > > > covered here: all. https://www.qubes-os.org/doc/windows-tools-3/ > > > > Doesn't even BEGIN to answer the question. > > It *completely* answers your question. In the first line: "Only 64-bit > Windows 7 (any edition) is supported". So you need Windows 7 64-bit, > but the edition doesn't matter (e.g. Home, Enterprise, whatever). I said VERSION, not EDITION. > > > > Why does QWT require TESTSIGNING to be turned on? Is that because > > > > Win7 requires things to be signed? > > > https://www.qubes-os.org/doc/windows-appvms/ "Before proceeding with > > > the installation we need to disable Windows mechanism that allows > > > only signed drivers to be installed, because currently (beta > > > releases) the drivers we provide as part of the Windows Tools are > > > not digitally signed with a publicly recognizable certificate." > > > > Still doesn't answer that question either. > > > > I said "hi devs" because I needed someone with the knowledge of WHY, > > not just an end user reason, but a dev description that is technical. > > Again, that really *does* answer your question. Windows 7 requires > drivers to be signed by a recognised certificate. The Qubes Tools > drivers are *not* signed by a recognised certificate, so to make them > work one needs to toggle the TESTSIGNING flag so that Windows 7 no > longer cares about their certificates. Okay, it seems you can't understand a simple questions so I will rectify it to be more the way I would have normally asked it before I started asking the questions in a way that more people can understand, again, you are not a dev... Why do you need testsigning on when you can easily get a certificate for signing your software when people could intercept with unsigned software that will cause harm instead of goo and cause that guest machine to be infected and mean that qubes wasn't doing things right security wise? Does that better clarify the question that I'm asking as to the WHY? > > [...] > > > > So please, refrain from answering my questions with details that don't > > answer anything. If the website had the information, I would not be > > asking. > > It sounds like the web site *does* include the information, you failed > to find it (or didn't look), someone answered by pointing you at the > right information and you merely insulted them in reply. Glad to see > you're still trolling here, Drew... :-/ If you read my current reply, you will see that it doesn't answer the question(s) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20a09e4a-e9ad-49c6-9c78-d8f3c74424fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Available memory
York Keyser: > Hi group, > > I have a short, maybe stupid question, where or how can I see the > available memory. Not the memory of each VM I need to know how much > memory is availably global wide. (Short-term and Long-term memory) > > Regards York Last I heard, there isn't an easy way to see the total available RAM in all VM's. Maybe some progress happened there and I haven't heard? It would certainly be a useful feature. Cheers, -Jeremy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f7dd740-bdba-3337-f464-f2f507f34e48%40airmail.cc. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Qubes Windows Tools
Achim Patzner: > Am 28.09.2016 um 10:06 schrieb Drew White: >> On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: >>> On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: Why does QWT require TESTSIGNING to be turned on? Is that because Win7 requires things to be signed? >>> https://www.qubes-os.org/doc/windows-appvms/ >>> "Before proceeding with the installation we need to disable Windows >>> mechanism that allows only signed drivers to be installed, because >>> currently (beta releases) the drivers we provide as part of the Windows >>> Tools are not digitally signed with a publicly recognizable certificate." >> Still doesn't answer that question either. >> >> I said "hi devs" because I needed someone with the knowledge of WHY, not >> just an end user reason, but a dev description that is technical. > > Which part of "we don't provide signed drivers so if you want to run > them you have to turn that requirement off" needs a developer to make > you understand it and what kind of LART do you expect said developer to > use for beating some sense into you? It's clear, it's precise and unless > you need a translation into another language there is not much anyone > could do for you. Please keep the developers doing something more > important than correcting your refusal to accept facts. > > > Achim > It occurs to me that although I've re-routed messages from Drew to /dev/null for quite a while (thus saving me from reading that drivel), I didn't do so for messages that reply to him. I think I'm actually okay with that oversight, as now I get to enjoy reading 3 different people explaining to him why his messages are the type of message that resulted in me null-routing him, but I don't have to subject myself to reading whatever replies he comes up with. (On that note -- kudos to the 3 of you who managed to reply to him, explaining in reasonable detail why he's off base, without losing your sanity. Quite impressive.) Cheers, -Jeremy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f180040c-2a30-c5be-6f84-6b6f056c2abf%40airmail.cc. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Qubes Windows Tools
Am 28.09.2016 um 10:06 schrieb Drew White: > On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: >> On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: >>> Why does QWT require TESTSIGNING to be turned on? >>> Is that because Win7 requires things to be signed? >> https://www.qubes-os.org/doc/windows-appvms/ >> "Before proceeding with the installation we need to disable Windows >> mechanism that allows only signed drivers to be installed, because currently >> (beta releases) the drivers we provide as part of the Windows Tools are not >> digitally signed with a publicly recognizable certificate." > Still doesn't answer that question either. > > I said "hi devs" because I needed someone with the knowledge of WHY, not just > an end user reason, but a dev description that is technical. Which part of "we don't provide signed drivers so if you want to run them you have to turn that requirement off" needs a developer to make you understand it and what kind of LART do you expect said developer to use for beating some sense into you? It's clear, it's precise and unless you need a translation into another language there is not much anyone could do for you. Please keep the developers doing something more important than correcting your refusal to accept facts. Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1102da2-761d-d890-515f-c9060fe1f9c6%40noses.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Available memory
Hi group, I have a short, maybe stupid question, where or how can I see the available memory. Not the memory of each VM I need to know how much memory is availably global wide. (Short-term and Long-term memory) Regards York -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/abc91a4b-8495-cdd2-c4dd-f7205fab7681%40cryptea.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] System still freezes, still no resolution.
On Wed, 28 Sep 2016 02:20:35 -, johnyju...@sigaint.org wrote: > A bit late to the party (as they say) in this discussion, but why is > it so important to suspend/restore in the first place? [...] > For a laptop on the go, okay, I can see the argument. But I don't > think most Qubes users are on laptops, given the hardware > requirements. (Very much moreso with 4.0. :P) Correct me if I'm > wrong. Yes, it's for laptops. Using laptop at home and in the office, and commuting every day, makes suspend/restore very useful feature. Hibernate would be even better, but it's not supported by Qubes. Qubes on laptops are not rare, according to published HCLs. And Qubes-compatible laptop doesn't have to be expensive - e.g. used Thinkpad T520 with i5-2520M for $200 and 16 GB RAM for $110 is really affordable. And I hope it will also run Qubes 4.0, since it supports SLAT/EPT (well, according to specs). -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160928132829.28AF2101528%40mail2.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] exit code 1 of qubes.RecieveUpdate, what does it mean? Failing to install dev packages in dom0
On 09/27/2016 01:10 PM, Marek Marczykowski-Górecki wrote: On Tue, Sep 27, 2016 at 12:53:54PM +0200, Tobias Abenius wrote: On 09/23/2016 03:22 PM, Marek Marczykowski-Górecki wrote: '/usr/lib/qubes/qrexec-client-vm dom0 qubes.ReceiveUpdates /usr/lib/qubes/qfile-agent /var/lib/qubes/dom0-updates/packages/*.rpm' failed with exit code 1! Check /var/log/qubes/qrexec.sys-firewall.log. I'd guess it is something about package signature verification. Thank you for your reply. That last lines of the file is not informative: Rpc allowed: sys-firewall dom0 qubes.NotifyUpdates Rpc allowed: sys-firewall dom0 qubes.ReceiveUpdates What next? Ah, error messages from qrexec services are now forwarded to journald - check `journalctl -b` and search for qubes.ReceiveUpdates. Aha! I'm installing ZFS but I didn't have the key. Thanks, Tobias sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: Error while verifing spl-0.6.5.8-1.fc23.x86_64.rpm signature: /var/lib/qubes/updates/rpm/spl-0.6.5.8-1.fc23.x86_64.rpm: (RSA) sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: RSA#f14ab620 (MD5) PGP#f14ab620) sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: Domain sys-firewall sent not signed rpm: spl-0.6.5.8-1.fc23.x86_64.rpm sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: Traceback (most recent call last): sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: File "/usr/libexec/qubes/qubes-receive-updates", line 132, in sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: main() sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: File "/usr/libexec/qubes/qubes-receive-updates", line 130, in main sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: handle_dom0updates(updatevm) sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: File "/usr/libexec/qubes/qubes-receive-updates", line 99, in handle_dom0updates sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: dom0updates_fatal(full_path, 'Domain ' + source + ' sent not signed rpm: ' + f) sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: File "/usr/libexec/qubes/qubes-receive-updates", line 57, in dom0updates_fatal sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: os.remove(pkg) sep 28 12:55:49 dom0 qubes.ReceiveUpdates-sys-firewall[4060]: OSError: [Errno 2] No such file or directory: '/var/lib/qubes/updates/rpm/spl-0.6.5.8-1.fc23.x86_64.rpm' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d3ec9b21-2ada-db2a-ec01-107f0ef8ebcb%40tobbe.nu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 27, 2016 at 07:59:55PM -0700, Drew White wrote: > On Wednesday, 28 September 2016 12:46:10 UTC+10, johny...@sigaint.org wrote: > > Pretty sure the answer is "no." You can assign a whole USB bus (which is > > typically a single PCI device) to a VM, but you can't split it up beyond > > that, other than the default of having dom0 relay specific devices to > > specific VM's (which isn't dom0 USB isolation at all). > > > > My mobo has 8 USB ports, but they're all on a single bus, so it's all or > > nothing. > > > > Hi JJ, > > My PC has 10 USB Bus's. > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I left > that one on Dom0. > > However I now have another issue... > > "Error starting VM 'sys-usb': Requested operation is not valid: PCI device > :00:1a.0 is in use by driver xenlight, domain sys-usb" I assume this is after previous failed sys-usb startup, right? There is a bug in libvirt that device is not marked as unused when VM fails to start. Workaround: restart libvirtd service. Close Qubes Manager first. If you still get an error, take a look here: https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX66R8AAoJENuP0xzK19csYsQH/1EtR+VOp9LPys+sFh6yHHWJ ehsHKFRkvF/iJgHghRNM/707jylYYf+LEuuR/2ncymFPTuF2GjrLG8mxIys8HChC ZY7uQLhy2sNMWQAW+Z9BNN/6dIyKyfXLO1uiVoahddef4e5gk/PFulEPiBDunuFN J2pVr6BNg3xh8yeyqt1WddKYv3oRWiP9pOfQMGyaqHPt9cSmA942rMY0cHnFbRAu X1uSVroqvjeQhVnhWQm++Weoq0IoO0Of5+JnNDQ3oNHIC8F9cQ2niRPjKL5BJfAZ Dp2ShhCsg26B2UjWgPl77zJ+XID2JRlxUbi73PlVXdyyKYkPVMntwPF74ZqDUko= =qQzz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160928110738.GL31510%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
> Hi JJ, > > Did some more testing, you were right, I only have 3. Hey, that's still pretty handy for separation. In Qubes VM Manager, for a chosen VM, you *should* be able to pick a given PCI USB device and assign it. Only having one USB bus myself, also used for root, I haven't tried this. I have a USB PCI card I've been tempted to use for similar reasons. But once again, it was given to me out of the blue, which doesn't put it in my "trusted hardware" chain. Not that *any* use bus or device should ever be trusted, the main motivation for us stuffing them in a VM. :) > I have 2 bus's on the motherboard... > I plugged a USB drive into each set to find out which were which. > > But that doesn't explain why it isn't working when I even just attach my > USB3 card to the USBVM. > > That alone should work, but it doesn't. Agreed, it should work, from my understanding. You reboot after assigning things? There's some protection about PCI devices not being allowed to go back to dom0 for reassignment after use, to protect against potentially compromised devices then touching dom0 (to DMA-attack away): https://www.qubes-os.org/doc/user-faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0 Not sure if that's relevant or not. I'm over my head with this, and just guessing, so I probably shouldn't be giving advice, lol. > So this means I should be able to attach the USB3 card, and the 4 other > USB to the USBVM, leaving 2 attached to Dom0 for my use. Makes sense to me. (Again, getting those darn keyboard/mice off of USB and onto PS/2 certainly wouldn't hurt figuring things out.) > So why does it have the error? dmesg have any hints? (Or is that where the error messages your are seeing are coming from in the first place?) JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d5958c755d11fdad9df1c519e23c032.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes Windows Tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wednesday, 28.09.2016 at 01:06 -0700, Drew White wrote: > On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: > > On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White > > wrote: > > > Hi Devs, > > > > > > I would like to know from a dev what the requirements are for > > > Qubes Windows Tools (QWT). > > > > > > All O/S reference are known to be x86_64. > > > > > > Does QWT require any specific version of Windows 7? Or will they > > > work with all versions of Windows 7? > > covered here: all. https://www.qubes-os.org/doc/windows-tools-3/ > > Doesn't even BEGIN to answer the question. It *completely* answers your question. In the first line: "Only 64-bit Windows 7 (any edition) is supported". So you need Windows 7 64-bit, but the edition doesn't matter (e.g. Home, Enterprise, whatever). > > > Why does QWT require TESTSIGNING to be turned on? Is that because > > > Win7 requires things to be signed? > > https://www.qubes-os.org/doc/windows-appvms/ "Before proceeding with > > the installation we need to disable Windows mechanism that allows > > only signed drivers to be installed, because currently (beta > > releases) the drivers we provide as part of the Windows Tools are > > not digitally signed with a publicly recognizable certificate." > > Still doesn't answer that question either. > > I said "hi devs" because I needed someone with the knowledge of WHY, > not just an end user reason, but a dev description that is technical. Again, that really *does* answer your question. Windows 7 requires drivers to be signed by a recognised certificate. The Qubes Tools drivers are *not* signed by a recognised certificate, so to make them work one needs to toggle the TESTSIGNING flag so that Windows 7 no longer cares about their certificates. > [...] > > So please, refrain from answering my questions with details that don't > answer anything. If the website had the information, I would not be > asking. It sounds like the web site *does* include the information, you failed to find it (or didn't look), someone answered by pointing you at the right information and you merely insulted them in reply. Glad to see you're still trolling here, Drew... :-/ Dave. - -- Dave Ewart da...@sungate.co.uk, http://twitter.com/DaveEwart All email from me is digitally signed, http://www.sungate.co.uk/ GPG key updated Jan 2013 see http://www.sungate.co.uk/gpg Fingerprint: CF3A 93EF 01E6 16C5 AE7A 1D27 45E1 E473 378B B197 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQQcBAEBCgAGBQJX64BSAAoJEEXh5HM3i7GXZrcgAKCm0rkZmJetbLUo1GNscebW CWVyUvUkgSLuzuTdgBJu015S/BwydQgZfd5Dl4LvK4HYFMl4SO7p1vrkchFPcwv4 4+656TVEATRCY2XQS90w8DZwQMoiqLCoaudPjyK6MJxk+zLIdW04lmgz9E2jVZ7Z GpxpQ6QPlXAZsvOQJH7LMQMgsr0QeC67XGbW2QGQx79ZXUaijB5jY6KUaqoMNolM 0QEzQVa3EEW3araIsOnPp8DHs1d1W+3/4LdmMC7hTQXtMoK+PNsrp/Nlnb1CA4oo NRzCFCZSS/OQuCHhRbTcB/nUNMZbswFjDgNHxxEJIVwcEk2CBmKlHo+/GUKzxI7a S/BwpoFLaCvTfLeTo46N1L8GLrilZFlF1l+BC21Nv02lHVuD7ehnL4sQFAfCfzS6 kb9LNtqOXS1+9PoojJZ/MMnXuuxlG2FzpjcUzaI6c4OeMMznSI7vowYrRUTOEEqE 5uUYyW8yULJXkdhm7DOBjSJH+WQOveJxCXKNlDWvmsK8lz3DDGYHn8VWCO1qOefg PQS7HIV4O9rQ9aenyZ+GuHBKmJ/Y2RKmLlYKblp3hInf2tMcwfxdoFf1YWhqYyaV nPOSTldaq7vXgufPF/xM/YMHaTBCXuqpjKp+2AtaD4PCG4HUgqd3OZS0dgIvtoed 0gd82v486DTGYxtTyKJoJGB0sCDsKvu1OcDFrN7R59u5q8Ey0PuGHZmiccwYzPeS 1OfdxWIkF6cc6ZZVsZ6iE18UB/3H/Z4s9QEuG6iwMPQGTjC/gGJOS75P5ZhqemrX zYLZzsti+0gPRMwG9llYtsnqPA42w7isMR+VhbIxheu5sCYGSYhvsuQVnoQqR1ez 8G8WTnRKR2LAhg2RFLPn4B7K7ZkpHEi3e4+BOJpw8tE+d/8dFMISbk8976iYrcAD kMbbFoniOnXjllypiTTGgPMDyRPuwEiH3Co3HfxVwPRBLu96wFSE6CWIJLEaEKHx Cjg4EK9LQt3/qbe6sLehHlR2KeK8nb9TYCPEl0u8hedj9Y32twFzEQ3hOhi508+K Dub7RNQPZr79IdxFXtakywkPXTJxey9ouZn5QGjyPlTw4hI1NYN5USTeP0oOredL +SLCFo0cq8PjuSA/R+7hhqyQbMaFqDwEoMdRizwTbRvtGq8hQvWe3aunBiBTxLvp PJHwam2BIXyGNqTIIM5Y3CRAEp0OIfumSi13Ul4l1FeKl6M6wXlrWa0bSNhobys7 l6qKFlfFkR08zT461UdfPY1iMQv2CIRG+9/xgEO43F/pRHvfw1eUkp6yDTL58Y37 SUzE07cJxUePTOag1x3z4Lin90dlUHdRdywDzfyOmcMpbCISkK4KmjFw1a+/RWI= =MArm -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160928083323.GG11916%40sungate.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Proper way of implementing unlock with keyfile instead of passphrase
On Sunday, September 18, 2016 at 9:50:59 PM UTC+3, Connor Page wrote: > https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_crypto_luks_key_on_removable_device_support Thanks for your reply. I am not skilled enough yet to understand the sections relating to "gpg", specifically, how to put them to use. Unfortunately after much experimentation only one "fix" seems to make my below setup work. These are the steps I have taken to attempt unlock via keyfile: - create keyfile of random data and move it to /boot. - add keyfile to LUKS keychain. " sudo cryptsetup luksAddKey /dev/disk/by-UUID/ /boot/keyfile " - edit /etc/crypttab to look similar to this: " luks- UUID= /boot/keyfile luks " - checked to make sure dracut config contains the following: ' add_dracutmodules+="lvm crypt" ' - edited /etc/default/grub to add the following to GRUB_CMDLINE_LINUX: " rd.luks.key=/boot/keyfile:UUID= " - made sure "systemd" is an omitted module in dracut. - regenerated dracut and grub2 configurations. This was done in Qubes R3.2. Will attempt in 3.1 as well. Without omitting "systemd" module in dracut, the above setup does not work and qubes defaults to asking for a passphrase. Why it is this way, I do not know. Any more information anyone could provide on how this can be properly done is appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/245f9458-bf4d-480e-a155-b2ab97d71694%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes Windows Tools
On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan wrote: > On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: > > Hi Devs, > > > > I would like to know from a dev what the requirements are for Qubes Windows > > Tools (QWT). > > > > All O/S reference are known to be x86_64. > > > > Does QWT require any specific version of Windows 7? > > Or will they work with all versions of Windows 7? > covered here: all. > https://www.qubes-os.org/doc/windows-tools-3/ Doesn't even BEGIN to answer the question. > > > > Why does QWT require TESTSIGNING to be turned on? > > Is that because Win7 requires things to be signed? > https://www.qubes-os.org/doc/windows-appvms/ > "Before proceeding with the installation we need to disable Windows mechanism > that allows only signed drivers to be installed, because currently (beta > releases) the drivers we provide as part of the Windows Tools are not > digitally signed with a publicly recognizable certificate." Still doesn't answer that question either. I said "hi devs" because I needed someone with the knowledge of WHY, not just an end user reason, but a dev description that is technical. > > > > > What are the CPU/RAM requirements for running QWT Seamless Mode? > As far as I can tell, they are no different. I myself generally assign 2 > cores of a modern cpu + 1.2-2gb ram. Works well enough That tells me nothing. That only tells me what you assign to a Windows Guest. What it doesn't tell me is what the tools require in seamless mode, including but not limited to the Windows Guest and Dom0. Further to that question being answered was... How many resources does it require per window that is converted to it's own display window? Along with, Is there a big difference for requirements comparing 1440x900 and 1920x1080 ? > > Why not have QWT be it's own GUI rather than explorer.exe, and also replace > > the login shell for windows? > > Or is that something that would be difficult to do? > I would assume so, yes. You don't know, so you are not a dev? The thing is they are already separating the windows to make individual windows on Dom0, even though each of those are merely the overlapped windows in windows itself, and they remain overlapped in windows. I am inquiring this in technical form so that I can further understand some things in regards to parts that I"m looking at at the moment. While I do appreciate user involvement, I prefer you to not answer what you have no idea about, that keeps things clean and me not getting frustrated because an end user tries to answer a technical question that they have no idea about nor the knowledge of what is involved in such a task. So please, refrain from answering my questions with details that don't answer anything. If the website had the information, I would not be asking. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bca70b91-99a9-43b6-971c-b88bb3aadf9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes Windows Tools
On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote: > Hi Devs, > > I would like to know from a dev what the requirements are for Qubes Windows > Tools (QWT). > > All O/S reference are known to be x86_64. > > Does QWT require any specific version of Windows 7? > Or will they work with all versions of Windows 7? covered here: all. https://www.qubes-os.org/doc/windows-tools-3/ > > Why does QWT require TESTSIGNING to be turned on? > Is that because Win7 requires things to be signed? https://www.qubes-os.org/doc/windows-appvms/ "Before proceeding with the installation we need to disable Windows mechanism that allows only signed drivers to be installed, because currently (beta releases) the drivers we provide as part of the Windows Tools are not digitally signed with a publicly recognizable certificate." > > What are the CPU/RAM requirements for running QWT Seamless Mode? As far as I can tell, they are no different. I myself generally assign 2 cores of a modern cpu + 1.2-2gb ram. Works well enough > > Why not have QWT be it's own GUI rather than explorer.exe, and also replace > the login shell for windows? > Or is that something that would be difficult to do? I would assume so, yes. > > Only a few questions here, I'll keep the rest that may also depend on the > answers to those. > > Hope to hear from you soon. > > Sincerely, > Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d962e21-ed5a-4253-bbe9-c09ad75cf9da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] backup
On 2016-09-27 06:59, 'Gabriel' via qubes-users wrote: > Hi fellows, > > I started using qubes a while ago and I have a question concerning backups. > What I want is a complete backup to a dedicated external USB HDD. I > understand to achieve this all the VMs must be shut down. > Therefore when I plugged in the HDD I mounted it in dom0 under /mnt. > >This is fine as long as you trust the USB device you're attaching to dom0. If >you don't, consider using a USB qube instead: >https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube The USB device is trsted but I'll consider the usb-cube too. > Questions: > 1. When I ran Qubes VM Manager -> Backup VMs, I received an error message > stating no place on device and a zero byte backup file. Permissions are OK, > there's more than enough space on the HDD. > Any reasons why the backup did not succeed? > >Are you sure you selected the correct device in the menu? There was only one option > 2. I tried running qvm-backup from the command line, which ran fine, no > permission problems on the same HDD. However, the template VMs are not > included by default and I saw no command-line option to automatically achieve > this. Am I missing something here? > >The RPM-managed TemplateVMs should normally not be backed up. Instead, you >should clone them (if you can spare the drive space), make your >customizations, then back up the clones. Does this imply the AppVMs should be based upon the cloned VMs? > 3. I know I can manually list all the VMs on the command line to be backed > up, but I find that a bit awkward, so I tried this: > qvm-ls --raw-list | xargs qvm-backup /mnt/test/ > > but this threw a Python exception... > > For now I resorted to typing all the VMs by hand ... not elegant. > > Any help is appreciated. > Try this: $ qvm-backup /mnt/test/ `qvm-ls --raw-list` This one works nice, thank you. Gabe -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7jVsr2iHJEOfEeyN1cR_geYvDZnXIWWUa4iu_iCYAGBrQnpPD1p03FxuJdeTqK1qbIB8SPZZihvglfzbMD4iC0d97cn2RTKdO2lB2nuweio%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Windows Tools
Hi Devs, I would like to know from a dev what the requirements are for Qubes Windows Tools (QWT). All O/S reference are known to be x86_64. Does QWT require any specific version of Windows 7? Or will they work with all versions of Windows 7? Why does QWT require TESTSIGNING to be turned on? Is that because Win7 requires things to be signed? What are the CPU/RAM requirements for running QWT Seamless Mode? Why not have QWT be it's own GUI rather than explorer.exe, and also replace the login shell for windows? Or is that something that would be difficult to do? Only a few questions here, I'll keep the rest that may also depend on the answers to those. Hope to hear from you soon. Sincerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/115a0e13-4800-4054-8fa9-924dd4b1629c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
