Re: [qubes-users] [3.2] qvm-block -A doesn't work reliably anymore?!
On 10/23/2016 04:15 PM, David Hobach wrote: Dear all, after upgrading to 3.2 (in-place) I noticed the following issue: qvm-block -A fooVM dom0:/var/lib/qubes/appvms/blaVM/private.img Traceback (most recent call last): File "/usr/bin/qvm-block", line 151, in main() File "/usr/bin/qvm-block", line 105, in main block_attach(qvm_collection, vm, dev, **kwargs) File "/usr/lib64/python2.7/site-packages/qubes/qubesutils.py", line 429, in block_attach vm.libvirt_domain.attachDevice(etree.tostring(disk, encoding='utf-8')) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 530, in attachDevice if ret == -1: raise libvirtError ('virDomainAttachDevice() failed', dom=self) libvirt.libvirtError: internal error: libxenlight failed to attach disk 'xvdi' Strangely enough, xvdi still appears in fooVM and can be mounted. Attempting to attach another file to fooVM however fails with the same error and xvdj does not appear. More stranegely, it works perfectly on another Qubes machine (same kernel, same Xen version, no in-place-upgrade though) I got. Found a stupid workaround: losetup -f /var/lib/qubes/appvms/blaVM/private.img qvm-block -A fooVM dom0:loop[justCreated] works - even for multiple calls. Funnily enough, qvm-block -a does not work contrary to its description @qvm-block -h. Looks like dom0 is some special case which is not handled 100% correctly (it's a loop _device_ and not a file anymore, isn't it?). Possibly related: I also noticed that netvm and firewallVM don't always start with the 4.4.14-11 kernel on boot anymore; thus I'm currently testing 4.1.13-9. 4.1.13-9 shows the same issue, but the netvm & firewallvm start via qvm-start. By right-clicking on the VM in the Qubes manager and starting the VMs they don't start though. Not sure what's the difference... xl info host : dom0 release: 4.4.14-11.pvops.qubes.x86_64 version: #1 SMP Tue Jul 19 01:14:58 UTC 2016 machine: x86_64 nr_cpus: 4 max_cpu_id : 3 nr_nodes : 1 cores_per_socket : 4 threads_per_core : 1 cpu_mhz: 3399 hw_caps: bfebfbff:2c100800::7f00:77fafbff::0021:2fbb virt_caps : hvm hvm_directio total_memory : 16048 free_memory: 71 sharing_freed_memory : 0 sharing_used_memory: 0 outstanding_claims : 0 free_cpus : 0 xen_major : 4 xen_minor : 6 xen_extra : .1 xen_version: 4.6.1 xen_caps : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 xen_scheduler : credit xen_pagesize : 4096 platform_params: virt_start=0x8000 xen_changeset : xen_commandline: placeholder console=none cc_compiler: gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) cc_compile_by : user cc_compile_domain : cc_compile_date: Tue Jul 26 11:55:46 UTC 2016 xend_config_format : 4 Dom0 is 100% up-to-date as of today. Anyone got an idea on how to fix that qvm-block -A issue? Still interested... Kind Regards David -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15f20cba-02bc-77ec-d1b8-121a99e75285%40hackingthe.net. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
[qubes-users] Re: AEM, no stick ... no boot
On Sunday, October 23, 2016 at 9:50:04 AM UTC-4, James Bisno wrote: > Is there a way to forbid or obstruct grub from booting up a disk encrypted > Qubes when grub is loaded from the harddrive, so that a removable AEM device > is required to load Qubes? I have a feeling the informed users/developers may easily overcome such an obstacle (way beyond me) but stopping a sophisticated attacker seems like an exercise in futility (camera on the keyboard and foobar router). Now if some clueless thug starts poking around, armed with a flashdrive from hackers.com, and he cant figure out how to turn the damn thing on, thats a total win in my book. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e7e9d79f-58c2-4d32-8e31-fcab517d8857%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Why it's so big secret?
> lol typical linux stuff lol. so you are saying your graphics card doesn't > work with the default open source driver? dam that sucks. what if you just > disable one of the gpu's in the bios? There is a 3 things: 1. Nvidia created automatic(!) technology and name it - Optimus. There is no the opportunity to disable it. 2. Torvald showed finger to Nvidia. And Nvidia did not pay much attention to the drivers for Linux. 3. MSI created laptop (which i bought) with stupid bios, which have no function "disable integrated devices". I cant disable GPU or camera or something else. Funny, right? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41c9ae9d-5588-48d1-a33a-4d91b4473264%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Future plans for KDE on Qubes?
On Sunday, October 23, 2016 at 3:28:27 PM UTC-4, Grzesiek Chodzicki wrote: > W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim > Patzner napisał: > > Hi! > > > > > > After a few months of severe suffering from xfce on a HiDPI display I > > gave in and installed @kde-desktop-qubes on my system – and I'm pretty > > sure I don't want to see xfce for the next few years. Title bars have a > > usable size (something that cannot be configured in xfce without > > building your own themes), icon aren't scaled randomly and fonts are > > finally looking as they should. And third-party software like Softmaker > > Office is finally working as expected. So: Will there be support for KDE > > beyond Qubes 3.2 or will I have to plan for carrying a third machine for > > my office work space? > > > > > > > > Achim > > On my previous machine Qubes with KDE was unusable. Damn thing kept > crashing/hanging. It was totally unusable. I switched over to XFCE and the > entire system became 3x faster. what version of qubes? on 3.1 was stable for me. I haven't used kde on 3.2 which might be the new version of kde which definitely is buggy on other bare metal distros. but I haven't tried it on qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2cffdcbd-dfc0-4d1a-8cb2-bbb2dcd27758%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security announcement mailing list? [and others]
On Friday, October 21, 2016 at 11:50:33 PM UTC-4, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-10-21 15:47, Franz wrote: > > On Fri, Oct 21, 2016 at 4:00 AM, jkitt wrote: > > > >> Shouldn't a security focused distro make security announcement in a more > >> direct and urgent way? I was surprised to find that Qubes only had a > >> 'users' and 'development' mailing list. > >> > >> > > Marek, what do you think about having a no-reply "qubes-announcements" > mailing list? > > Messages sent from qubes-announcements would also be duplicated to > qubes-devel and possibly qubes-users so that people have a chance to discuss > and ask questions. > oh good idea, like a regular security mailing list which is just patch announcements. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ee25ac9-c1ae-400a-a0cf-877311a80134%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Why it's so big secret?
On Sunday, October 23, 2016 at 10:34:04 PM UTC-4, nezn...@xy9ce.tk wrote: > i reinstalled Qubes again. This time the network works! (When i disabled > "whonix" option in the process of instalation - the Qubes has wrong MAC - > like FE:FF:FF:FF:FF:FF - and thats why cloned MAC doesnt worked) > So.. Now i installed NVIDIA.run driver as it recomended in "Manual > installation -> Userspace > components"(https://www.qubes-os.org/doc/install-nvidia-driver/) > Next step (excerption): > "Kernel module > > You will need: > > nvidia kernel module sources (left from previous step) > kernel-devel package installed > gcc, make, etc" > > H... "nvidia kernel module sources (left from previous step)" - is it > means that i need fedora18 anyway? (I thought "Manual installation" is > alternative of something building.. i.e. i need build something anyway, ok). > But this step have no sense: > "Build kernel package > You will need at least kernel-devel (matching your Qubes dom0 kernel)". > Because Qubes dom0 kernel have another versions: > 4.1.24-10.pvops.qubes.x86_64. RPMfusion have some packages with words "pvops" > and "qubes"? I think no. > > "The only package you have to compile is the kernel module (but there is a > ready built src.rpm package)." Where > > Fuck.. I so tired from this shit((( All instructions is "advice, advice, > advice" instead of full series of "command, command, command" lol typical linux stuff lol. so you are saying your graphics card doesn't work with the default open source driver? dam that sucks. what if you just disable one of the gpu's in the bios? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86e4ee67-a586-4ad0-b4a3-299cc02651d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Why it's so big secret?
i reinstalled Qubes again. This time the network works! (When i disabled "whonix" option in the process of instalation - the Qubes has wrong MAC - like FE:FF:FF:FF:FF:FF - and thats why cloned MAC doesnt worked) So.. Now i installed NVIDIA.run driver as it recomended in "Manual installation -> Userspace components"(https://www.qubes-os.org/doc/install-nvidia-driver/) Next step (excerption): "Kernel module You will need: nvidia kernel module sources (left from previous step) kernel-devel package installed gcc, make, etc" H... "nvidia kernel module sources (left from previous step)" - is it means that i need fedora18 anyway? (I thought "Manual installation" is alternative of something building.. i.e. i need build something anyway, ok). But this step have no sense: "Build kernel package You will need at least kernel-devel (matching your Qubes dom0 kernel)". Because Qubes dom0 kernel have another versions: 4.1.24-10.pvops.qubes.x86_64. RPMfusion have some packages with words "pvops" and "qubes"? I think no. "The only package you have to compile is the kernel module (but there is a ready built src.rpm package)." Where Fuck.. I so tired from this shit((( All instructions is "advice, advice, advice" instead of full series of "command, command, command" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c0973fe8-9e70-4858-b881-8351783ce4ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security announcement mailing list? [and others]
>> I'm not sure if it worth it. There is not much such announcements. On >> the other hand, this may be exactly the reason for having a separate >> mailing list for this. I would also love to see a QSB-announce mailing (especially because qubes-users is quite active, and only subscribing to qubes-users to filter for "[qubes-users] Announcing QSB #" is not the best way to handle the current lack of QSB-announce). I guess it is not a big effort for you to create one more list and send the QSB's to one more recipient. Looking forward to be able to subscribe to QSB-announce :) > For now, we have already some non-email channels >> for announcements: >> - @QubesOS on twitter - every security and release announcement is >>duplicated there >> - https://www.qubes-os.org/news/, with its RSS/Atom feed; but we don't >>link security announcements there - maybe we should start? > >> If you think additional ML channel would be useful, then sure, we can >> create one. Thanks for considering it! Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66816335-e97f-c4f4-b289-03386692d149%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Re: Import a .img file (Windows7) into Qubes?
On 10/23/2016 04:18 PM, Achim Patzner wrote: If wasting money is not a problem you can use a physical-to-virtual tool to convert it to a VMware image which will do all those things on the way and convert the VMware disk to a Xen image; the better ones will also disable drivers that won't work in virtual environments. Achim qemu-img has worked for an "enterprise" VM I use without any issue (going from VMDK to raw/qcow2). If the disk is encrypted you might be SOL though. --jidar -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nuja61%24p3f%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Import a .img file (Windows7) into Qubes?
Am 23.10.2016 um 23:10 schrieb Marek Marczykowski-Górecki: > On Sun, Oct 23, 2016 at 12:29:32PM -0700, Dima Puntus wrote: > > Is it possible at all? I'm trying to virtualize my windows machine > and move > > entirely to Qubes. Some of the applications can't be reinstalled so > fresh > > install isn't an option. > > Should be possible, but probably you'll need to install some drivers (as > the emulated hardware is most likely different than your real one). And it depends on the installed software; some "enterprise-typical software" for remote administration will make things hard to impossible (I have a few machines) that really work hard on not being compatible with Qubes, even as pure HVM without any XEN drivers). > You'll need a lot of disk space for this... You can make it smaller by > first filling all free space of the (windows) disk with zeros (create > big file with zeros, then remove it). And then add "conv=sparse" to dd > command. It will not copy unused space. If wasting money is not a problem you can use a physical-to-virtual tool to convert it to a VMware image which will do all those things on the way and convert the VMware disk to a Xen image; the better ones will also disable drivers that won't work in virtual environments. Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa1af92a-9c39-e44c-af94-5727153d6636%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Future plans for KDE on Qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Oct 23, 2016 at 08:17:24PM +, Jeremy Rand wrote: > 7v5w7go9ub0o: > > > > On 10/23/2016 09:38 AM, Achim Patzner wrote: > >> Hi! > >> > >> > >> After a few months of severe suffering from xfce on a HiDPI display I > >> gave in and installed @kde-desktop-qubes on my system – and I'm pretty > >> sure I don't want to see xfce for the next few years. Title bars have a > >> usable size (something that cannot be configured in xfce without > >> building your own themes), icon aren't scaled randomly and fonts are > >> finally looking as they should. And third-party software like Softmaker > >> Office is finally working as expected. So: Will there be support for KDE > >> beyond Qubes 3.2 or will I have to plan for carrying a third machine for > >> my office work space? > > > > +1 > > > > Never thought I'd admit it, but KDE (despite its legendary (and today > > overstated) bloat and complexity) - actually works rather well. > > Good to see that I'm not the only Qubes user out there who finds KDE to > be more usable than the alternatives. Totally agree -- I really hope > KDE continues to be supported on Qubes for those who prefer it. I think we can keep its current state. Shouldn't be a problem for Qubes 4.0 and later. At least until next major incompatible changes in KDE... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYDSg8AAoJENuP0xzK19csoxoH/jKwGDrcdzKQKs0CLKxMpEsw E3S48UzsF3IxJ02zrTROeeZ3lIZqKkkM8qXkuMjssdugqoXbrOzq+S3GJIZPJUBv yV4eiHmDrXDOtLDOplWUIc5wxowFwPIBDhb8PG+//SN5r9B12S+9Nh7OIna78xb3 6xmEoIq030BRZ3VZmrSUD18nNETd1ZibRjFBVYILjbCyrkW2lMfddBoxyQ3voNu4 oNoKQj3/Ng/M6CTAIY3JBSzFfTTK0Jhgc633GS//E2CPFdFDt6y5Cu+SO/VTA012 JgXz2ynYeJChIj/upXmwqebwtVqKbHOojOTdC0kUEET/XVP2ElVtcA5UfFD6vg8= =9Yk1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161023211435.GX1136%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Future plans for KDE on Qubes?
Am 23.10.2016 um 21:28 schrieb Grzesiek Chodzicki: > W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim > Patzner napisał: >> Hi! >> >> >> After a few months of severe suffering from xfce on a HiDPI display I >> gave in and installed @kde-desktop-qubes on my system – and I'm pretty >> sure I don't want to see xfce for the next few years. > On my previous machine Qubes with KDE was unusable. Damn thing kept > crashing/hanging. It was totally unusable. I switched over to XFCE and the > entire system became 3x faster. I've been using KDE as long as it was around, starting with FreeBSD and I never had it crashing on me unless I was using broken hardware. I can't say much about Qubes yet; I have it on a number of machines for 9 months now but KDE never crashed. And I don't care for the speed – I need a certain result (i. e. a working environment suited to my needs); geting nothing done three times as fast doesn't sole my problems (and I don't believe these numbers anyway as I'm having both on the same machine). Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa9154ca-344d-dda6-25ec-1164757ba64e%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Import a .img file (Windows7) into Qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Oct 23, 2016 at 12:29:32PM -0700, Dima Puntus wrote: > Is it possible at all? I'm trying to virtualize my windows machine and move > entirely to Qubes. Some of the applications can't be reinstalled so fresh > install isn't an option. Should be possible, but probably you'll need to install some drivers (as the emulated hardware is most likely different than your real one). After that, you can simply copy your disk into .img file (using dd) and point to that file when creating HVM, like: qvm-create --hvm --label red --root-move-from=/path/to/file.img some-vm-name You'll need a lot of disk space for this... You can make it smaller by first filling all free space of the (windows) disk with zeros (create big file with zeros, then remove it). And then add "conv=sparse" to dd command. It will not copy unused space. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYDScpAAoJENuP0xzK19csctoH/A+l9gz55qsArSJTtekdITew /S2zv2mvEJykiz50utUV4IphMsuYxTg6K4siw757b3Y3/yYVOSD0+k/gaLiF7BTd 5yTGOoXvwrRO6uHeQwpjhe1SnRSBvp0rU80ELKaCsy7m3hPh+NWR5xnJYUC4VQuK A9J9pJJKyoYgN13qJsurytrqebhb/7aYwEJtylBowKSafvAFYBSSpUIfr/JQ8ikL A7oCuOYlsaZSio1rfMFwxR/azCOBINMghrj4zI0jAy3LPXdEEjXVMkZaAF43tWRq kKiZXPhbtHY3idLQv1q4Wgp0Xu5VU4OUOWyGcpHyKVnpBHOuSR1M2/2j1aKcpjw= =r5BK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161023211001.GV1136%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dual Boot - Live CD Knoppix & USB-SSD Qubes?
Hello, if nobody can control the BIOS, if it is maybe or maybe not clean and infected with a root-kit in some way... Will it not be some advantage, if the stateless laptop has a firmware-module, which is mobile? $ So I can unplug the firmware, the PC-body is without interest, because it has no persistent Memory (like the lapdoc of Motorola). The best, would be, if the mobile module exists of two components, the SSD disk and the firmware module. Both can be stored on a safe place and replaced by plug an play. In advantage, with a second module some Dual Host system will run also. Safe Plug and Play for Qubes or Windows or Ubuntu or... Sure, there should be a disaster recovery plan for the firmware module, how you make sure, that you came back to a clean System with Firmware Security, so you can start a real clean re-installation of the OS, if necessary. And in the last case a cheap replacement of the Firmware-Module (e.g. that for security reasons you will replace it all 30 days, because it might be some cheap electronic device, instead of the hole PC). The firmware/hardware must be complete in some sense, so you need only to update the BIOS with security considerations, but not to expand the configuration-stuff in some way (This leads to a more complete systems, including touch screen, 3D). Will this work in some way? So you would have different ways to start with a proofen clean Firmware? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/760dce93-7467-4a54-9ad3-55a069c65f59%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Future plans for KDE on Qubes?
7v5w7go9ub0o: > > On 10/23/2016 09:38 AM, Achim Patzner wrote: >> Hi! >> >> >> After a few months of severe suffering from xfce on a HiDPI display I >> gave in and installed @kde-desktop-qubes on my system – and I'm pretty >> sure I don't want to see xfce for the next few years. Title bars have a >> usable size (something that cannot be configured in xfce without >> building your own themes), icon aren't scaled randomly and fonts are >> finally looking as they should. And third-party software like Softmaker >> Office is finally working as expected. So: Will there be support for KDE >> beyond Qubes 3.2 or will I have to plan for carrying a third machine for >> my office work space? > > +1 > > Never thought I'd admit it, but KDE (despite its legendary (and today > overstated) bloat and complexity) - actually works rather well. Good to see that I'm not the only Qubes user out there who finds KDE to be more usable than the alternatives. Totally agree -- I really hope KDE continues to be supported on Qubes for those who prefer it. Cheers, -Jeremy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e77bfd4b-4ca7-c3c4-e538-49551bfc77c8%40airmail.cc. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Import a .img file (Windows7) into Qubes?
Is it possible at all? I'm trying to virtualize my windows machine and move entirely to Qubes. Some of the applications can't be reinstalled so fresh install isn't an option. Thanks, Dima -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAFGffdo%3D7ysPPYngzabXUOfHYfyP2%2BRtNib3tJ%2BOC%3DvGfLqY5g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Future plans for KDE on Qubes?
W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim Patzner napisał: > Hi! > > > After a few months of severe suffering from xfce on a HiDPI display I > gave in and installed @kde-desktop-qubes on my system – and I'm pretty > sure I don't want to see xfce for the next few years. Title bars have a > usable size (something that cannot be configured in xfce without > building your own themes), icon aren't scaled randomly and fonts are > finally looking as they should. And third-party software like Softmaker > Office is finally working as expected. So: Will there be support for KDE > beyond Qubes 3.2 or will I have to plan for carrying a third machine for > my office work space? > > > > Achim On my previous machine Qubes with KDE was unusable. Damn thing kept crashing/hanging. It was totally unusable. I switched over to XFCE and the entire system became 3x faster. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/76d951d7-5719-4bcb-aa12-aac905015aa8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can't figure out how to install a couple of things in dom0
> Does this page answer your questions? > > https://www.qubes-os.org/doc/software-update-dom0/ Only in part, it answers how package management should be done in Qubes, not how to enable RPMFusion for dom0 nor which repo I should enable to find Krita or Xorg Wacom drivers and even if they are within these repos, no way was provided to search the repo for a package list to find out what the package names are since that varies from distro to distro. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f144b4e8-154d-4606-9f11-22c9b1502c51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] install on a partition?
Hdd is for testing. Hdd has 3 nfts partitions, sda1, sda2 and sda3. How do I get qubes installed on sda1? Can qubes be installed side by side with trisquel 7 and subgraph? Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAO%3D71n5oQtiJL_190HcSkb6OiOgegsAJRkO2ATTzxC36jDxHfQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Future plans for KDE on Qubes?
On 10/23/2016 09:38 AM, Achim Patzner wrote: Hi! After a few months of severe suffering from xfce on a HiDPI display I gave in and installed @kde-desktop-qubes on my system – and I'm pretty sure I don't want to see xfce for the next few years. Title bars have a usable size (something that cannot be configured in xfce without building your own themes), icon aren't scaled randomly and fonts are finally looking as they should. And third-party software like Softmaker Office is finally working as expected. So: Will there be support for KDE beyond Qubes 3.2 or will I have to plan for carrying a third machine for my office work space? +1 Never thought I'd admit it, but KDE (despite its legendary (and today overstated) bloat and complexity) - actually works rather well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca85a02c-7443-c020-fb54-d3bb00e55e0f%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
Thank you Marek. I was not able to put this to work via the network manager,since if I opt to choose eth0 this the connection will not be activated. And create a dedicated virtual interface just for this purpose its a little overkill. Therefore I followed your second suggestion and added the routes manually in the qubes-ip-change-hook . Although I don't think this is a very elegant solution, at least the routes were persistent added in each reboot, which solves my issue. Thank you once again. Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77c4f1b1316438f3e03fea5bc5e1f41ead76%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Trouble with enabling networking between two Vms
Hi Max, so it looks like you started getting complicated quick. I think your first attempt should be fine actually, with one modification. 1) insert a rule at the top of the forwarding table (above 3) accepting connections between the two, as you did 2) try an 'arping' command between the two and you'll probably see no response -- in which case, turn on 'proxy_arp' for each of the interfaces in question in the firewall: sysctl -w net/ipv4/conf/vifX.0/proxy_arp=1 <= where vifX.0 are the interfaces to the VMs you want to network Then if you do 'arping' it should return the broadcast MAC (fe:ff:ff:ff:ff:ff) and the firewall should route packets between your VMs. Hope that's helpful, cheers, =D On Sun, Oct 23, 2016 at 2:11 AM, Maxwrote: > Hi, > > I am a new user of Qubes OS so apologies in advance if the question here > has been answered already in a separate topic (there are similar issues) > and I haven’t discovered this or it is not one suited to this mailing list. > I am running Qubes 3.2 and attempting to ping from one VM to another VM, > specifically from a Standalone Windows 7 VM to a Qubes VM based on the > Debian 8 template. > > All my VM’s were initially connected in the default manner i.e. to a > sys-firewall and through to the sys-net VM, both of which are Fedora 23. > There are no firewall rules on these VMs restricting which IP addresses can > be accessed. > > Current status: > - I am able to ping from my Windows 7 VM (10.137.2.19) to the Firewall VM > (10.137.1.8) using the IP address visible in the VM Manager > > - I am unable to ping the Debian 8 VM (10.137.2.18) from my Windows VM. > > Steps taken: > 1) I followed the instructions here (https://www.qubes-os.org/doc/ > qubes-firewall/#enabling-networking-between-two-vms) and in the firewall > VM’s terminal enter the following iptables rule... > > sudo iptables -I FORWARD 2 -s -d of Debian 8 VM> -j ACCEPT > > … In VM B’s terminal (Debian 8) I entered the following iptables rule... > > sudo iptables -I INPUT -s -j ACCEPT > > ...but from here when using the ping function to my Debian 8 VM in the cmd > prompt in Windows, all packets were lost. > > 2) As this was not successful I attempted to see if I could connect to VMs > from an external machine and followed the instructions here > https://www.qubes-os.org/doc/qubes-firewall/#port- > forwarding-to-a-vm-from-the-outside-world. > > The Eth0 IP address (192.168.1.6) appeared to be what I should expose the > service to. > > I put the below rule in the sys-net VM’s Terminal... > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 192.168.x.x -j > DNAT --to-destination 10.137.1.x > > ...and this rule into the sys-firewall VM’s Terminal > > iptables -I FORWARD 2 -i eth0 -d 10.137.1.x -p tcp --dport 443 -m > conntrack --ctstate NEW -j ACCEPT > > But using ping or Telnet resulted in lost packets and failed to increase > the counters when using the iptables -t nat -L -v -n command in the > sys-firewall VM's terminal. > > 3) With this not being successful either I attempted to add a “sys-proxy” > VM as described here https://groups.google.com/ > forum/#!searchin/qubes-users/intervm%7Csort:relevance/ > qubes-users/lA2SgPcV9fU/U969uapYAAAJ and entered the following in the new > sys-proxy VM's terminal: > > iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d > $intervm_internalnet/24 -m state --state NEW -p tcp -m tcp -j ACCEPT > > iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d > $intervm_internalnet/24 -p udp -m udp -j ACCEPT > > After this, I was still unable to ping the Debian 8 VM from my Windows VM. > > Questions: > > 1) Are there any obvious errors in the steps I took and does anyone have > any suggestions how I can resolve this issue? > > 2) There are a number of other incidences of what seemed to be a similar > issue here: https://groups.google.com/forum/?nomobile=true#!msg/ > qubes-users/59kOjfQFBI4/bjS47-jJJgAJ, https://groups.google.com/ > forum/#!msg/qubes-users/vSyUaOSloYU/ONZNJlhrBAAJ. Are the enabling > networking between VMs steps described here still correct and applicable > for Qubes 3.2? > > 3) The IP address assignment suggests that the VMs are on the same network > – the Subnet Mask is 255.255.255.0 so surely any devices with an IP address > of 10.137.2.x would be able to communicate with each other? What is unique > in Xen / Qubes that stops this? > > 4) Is there a way in which the current routing rules can be displayed and > reset back to the default if required? > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ >
[qubes-users] Re: HCL Asrock X99E_ITX_ac
W dniu niedziela, 23 października 2016 16:22:28 UTC+2 użytkownik Grzesiek Chodzicki napisał: > VT-x VT-D and EPT work, require enabling in BIOS beforehand > > USB controllers require strictreset set to false in order to attach them > to sys-usb. > > Motherboard has one PS/2 connector, I don't know whether its a true PS/2 > controller or a converter connected internally to a USB controller, I'm > waiting for AsRock cs team to reply to my query. Will update immediately. > > If you have any questions regarding the motherboard, feel free to ask. TPM header available, untested. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbdf8996-f9a7-4753-82bf-d207871fad5e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL Asrock X99E_ITX_ac
VT-x VT-D and EPT work, require enabling in BIOS beforehand USB controllers require strictreset set to false in order to attach them to sys-usb. Motherboard has one PS/2 connector, I don't know whether its a true PS/2 controller or a converter connected internally to a USB controller, I'm waiting for AsRock cs team to reply to my query. Will update immediately. If you have any questions regarding the motherboard, feel free to ask. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa8a444a-dbcc-4ac9-d200-099bd09754be%40gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASRock-X99E_ITX_ac-20161023-161505.yml Description: application/yaml
[qubes-users] [3.2] qvm-block -A doesn't work reliably anymore?!
Dear all, after upgrading to 3.2 (in-place) I noticed the following issue: qvm-block -A fooVM dom0:/var/lib/qubes/appvms/blaVM/private.img Traceback (most recent call last): File "/usr/bin/qvm-block", line 151, in main() File "/usr/bin/qvm-block", line 105, in main block_attach(qvm_collection, vm, dev, **kwargs) File "/usr/lib64/python2.7/site-packages/qubes/qubesutils.py", line 429, in block_attach vm.libvirt_domain.attachDevice(etree.tostring(disk, encoding='utf-8')) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 530, in attachDevice if ret == -1: raise libvirtError ('virDomainAttachDevice() failed', dom=self) libvirt.libvirtError: internal error: libxenlight failed to attach disk 'xvdi' Strangely enough, xvdi still appears in fooVM and can be mounted. Attempting to attach another file to fooVM however fails with the same error and xvdj does not appear. More stranegely, it works perfectly on another Qubes machine (same kernel, same Xen version, no in-place-upgrade though) I got. Possibly related: I also noticed that netvm and firewallVM don't always start with the 4.4.14-11 kernel on boot anymore; thus I'm currently testing 4.1.13-9. xl info host : dom0 release: 4.4.14-11.pvops.qubes.x86_64 version: #1 SMP Tue Jul 19 01:14:58 UTC 2016 machine: x86_64 nr_cpus: 4 max_cpu_id : 3 nr_nodes : 1 cores_per_socket : 4 threads_per_core : 1 cpu_mhz: 3399 hw_caps: bfebfbff:2c100800::7f00:77fafbff::0021:2fbb virt_caps : hvm hvm_directio total_memory : 16048 free_memory: 71 sharing_freed_memory : 0 sharing_used_memory: 0 outstanding_claims : 0 free_cpus : 0 xen_major : 4 xen_minor : 6 xen_extra : .1 xen_version: 4.6.1 xen_caps : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 xen_scheduler : credit xen_pagesize : 4096 platform_params: virt_start=0x8000 xen_changeset : xen_commandline: placeholder console=none cc_compiler: gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) cc_compile_by : user cc_compile_domain : cc_compile_date: Tue Jul 26 11:55:46 UTC 2016 xend_config_format : 4 Dom0 is 100% up-to-date as of today. Anyone got an idea on how to fix that qvm-block -A issue? Kind Regards David -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f88a6c6-8e85-2598-42d4-1349490b9bb7%40hackingthe.net. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
[qubes-users] AEM, no stick ... no boot
Is there a way to forbid or obstruct grub from booting up a disk encrypted Qubes when grub is loaded from the harddrive, so that a removable AEM device is required to load Qubes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/63be512f-7eea-438e-877e-4cbcf3c4e489%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Oct 23, 2016 at 12:56:56PM +, 4p3dkf+6lmws56jxixyk via qubes-users wrote: > Yes, the symlink is in place: > > ls /etc/NetworkManager/system-connections > 131205 lrwxrwxrwx 1 root root 32 Oct 17 21:17 > /etc/NetworkManager/system-connections -> /rw/config/NM-system-connections/ > > > The /dev/xvdb is properly mounted on /rw : > > /dev/xvdb on /rw type ext4 (rw,relatime,discard,data=ordered) > > I don't have a /etc/system directory on my system, are you referring to the > unit files? > For the sys-firewall I'm using the default template - > fedora-23 > > When I set the routes by hand via NetworkManager they are reflected on the > qubes-uplink-eth0 file: > (...) > [ipv4] > address1=10.137.1.8/32,10.137.1.1 > dns=10.137.1.1;10.137.1.254; > dns-search= > may-fail=false > method=manual > never-default=true > route1=192.168.0.0/16,10.137.1.1 > route2=172.16.0.0/16,10.137.1.1 > #---EOF--- > > The file before the sys-firewall is rebooted has the following checksum and > md5sum: > > 2551335477 425 qubes-uplink-eth0 > 83b37a6b68007838efb1e9e9fbc841f4 qubes-uplink-eth0 > > As soon as the sys-firewall is booted the file with the NW configuration is > overwritten : > > [ipv4] > method=manual > may-fail=false > dns=10.137.1.1;10.137.1.254 > addresses1=10.137.1.8;32;10.137.1.1 > #---EOF--- > > As you can see the configuration was not preserved. > Therefore something is clearly overwritten the NM configuration, the problem > is to know what and how to avoid it, preserving the NM config. Yes, the file `qubes-uplink-eth0` is automatically generated at each VM startup (or changing network options - like switching to different netvm). I thing there was a comment about it, but indeed it isn't there right now... Anyway, your options are: 1. Create new connection with different name and set routes there. 2. Modify routing table (or NetworkManager settings) from /rw/config/rc.local, or /rw/config/qubes-ip-change-hook. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYDL+jAAoJENuP0xzK19csqqoIAIcN1VAv4btJWY9xPYSqLsBH 0RuD+4wew2c1cpLF8w7yp+4WKeSXTJIdztnSYen6Ic8Ce4Ugr+86br2z74O0z6+O ic8cyDC+urVDWTzfxvX4CjHcSWV4e7OF9zNWHNKkJHHPsJKChmVR9Q9DuvXDOTG9 xkcy+pDCVc1fPrwrYc/6SvQ6q1kic44X3K6piZkJMas55eNOThRLDpqirSi/aGZQ oSIkUpFrHDdWTWG7ULWWt+CwZOoNlt3Tr8NVuir7YHTOxSTjhqNDXsKHM7YRGdBO w+Klxv5MuOXTmTRk3LwYkbGdHV1JxlSavY5s0I59C1NjvsFgsVpQCt1SQxGPc40= =0wZ6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161023134819.GU1136%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes Windows Tools 3.2.2-3 released
W dniu sobota, 22 października 2016 15:26:08 UTC+2 użytkownik omeg napisał: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi all, > > We uploaded a new version of Qubes Windows Tools (3.2.2-3) to the > current-testing repository. > > Changelog: > - - Updated Xen PV drivers to be in line with upstream > - - Private disk image is now initialized during setup making the > install process require one less reboot > - - Added handler for qubes.OpenURL qrexec service > - - Fixed a bug that could make moving user profiles to the private > image fail if there were files with ACLs explicitly disallowing SYSTEM > access > - - Fixed handling qrexec service requests for non-existing services > - - Minor log readability improvements > > - -- > Rafał Wojdyła > Qubes Windows Tools developer > https://qubes-os.org/ > -BEGIN PGP SIGNATURE- > > iQEcBAEBCAAGBQJYC2jwAAoJEIWi9rB2GrW7/7cH/jx9JY5UozOG0hQC12J+clcb > RagLMypHGSg/0awxal1FpQar/TUS8uxPcoym6PEeWQliNTko5F3QYBVm49yl5R3c > GY13+bp3lQB9Iaj3pXAU2il5WJ0ZQmxPj6tISMMNQLIJs0/mADUuvuw9hJaiOfNR > Ho2WCv2eM4gnaJxKKhcZOlgX7abApHZreBaZkMxLpe4oZFHyYr/yH8bFOTIc8jGw > rP/nLGUjoUrMIZMyRlC7SMjafLbRDRCbN4RoRRsrIgbh/6NvoGLBU7qbnnmPE6Y0 > ZfJWusvUrCLuO5c/+Ckbl+FnpItwqzmx2Q9Gj7Qxfprk2zLa+sb0UA+H/muZ5w4= > =ow4Z > -END PGP SIGNATURE- Relocating C:\Users fails consistently on my machine. Following error message is printed in the relocate-dir file: [*] Start time: 2016-10-23 13:18:43.644 [!] FileGetAttributes(C:\Program) failed: c034 [*] End time: 2016-10-23 13:18:43.832 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9518fa4-c483-46ad-8373-ea18999fc390%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
I'm sorry for my bad temper, but given the amount of days that I'm involved on this issue, waiting for a simple reply (since this is inherent of the Qubes design and therefore easy to answer by any of the devs) I got a little frustrated. I didn't mean to be rude/aggressive/impolite/disrespectful in any way nor making inflammatory or baseless accusations. So my sincere apologies for that. Regarding the Qubes main page, I was not aware of this discussion. I was simply baffled by the lack of the 'help' section and erroneous concluded (based on this and the lack of reply from anyone from the official team) that the ML is no longer supported. Again my apologies for that. As for the issue it was outlined in details in this thread, (and I did respond to JJ with the detailed description of the issue, which I'm quoting below): Yes, the symlink is in place: ls /etc/NetworkManager/system-connections 131205 lrwxrwxrwx 1 root root 32 Oct 17 21:17 /etc/NetworkManager/system-connections -> /rw/config/NM-system-connections/ The /dev/xvdb is properly mounted on /rw : /dev/xvdb on /rw type ext4 (rw,relatime,discard,data=ordered) I don't have a /etc/system directory on my system, are you referring to the unit files? For the sys-firewall I'm using the default template - > fedora-23 When I set the routes by hand via NetworkManager they are reflected on the qubes-uplink-eth0 file: (...) [ipv4] address1=10.137.1.8/32,10.137.1.1 dns=10.137.1.1;10.137.1.254; dns-search= may-fail=false method=manual never-default=true route1=192.168.0.0/16,10.137.1.1 route2=172.16.0.0/16,10.137.1.1 #---EOF--- The file before the sys-firewall is rebooted has the following checksum and md5sum: 2551335477 425 qubes-uplink-eth0 83b37a6b68007838efb1e9e9fbc841f4 qubes-uplink-eth0 As soon as the sys-firewall is booted the file with the NW configuration is overwritten : [ipv4] method=manual may-fail=false dns=10.137.1.1;10.137.1.254 addresses1=10.137.1.8;32;10.137.1.1 #---EOF--- As you can see the configuration was not preserved. Therefore something is clearly overwritten the NM configuration, the problem is to know what and how to avoid it, preserving the NM config. Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5623f6ad25a81d84876b7f619828db8b3247%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-22 16:23, 4ok80g+4fl8s3n7pesd8 via qubes-users wrote: > So far not a single soul from the qubes project has mentioned a single word > about this and this is simply unacceptable! This mailing list is been > abandoned! Please review the mailing list guidelines: https://www.qubes-os.org/mailing-lists/ I'll make a few points explicit: 1. No one owes you a reply. 2. If people don't know the answer to your question, they're very unlikely to reply. That doesn't mean your message is being ignored. It just means that no one who has had time to reply knows the answer. 3. The devs who are likely to know the answer to your question are very busy working on Qubes. They can't just drop everything to answer every question that comes across the mailing list. If they were to try, no development work would ever get done. Sometimes, they don't have time to respond to certain messages on the mailing list for days or even weeks. You have to be patient. Even then, there's no guarantee that your question will be answered, because no one here has an obligation to solve your problems for you (see point 1). 4. If you want people to help you, should (a) be polite and (b) make it as easy as possible for people to help you. Repeatedly bumping your own thread in a short period of time, then making baseless and inflammatory accusations is not very polite. > Point proven - all the contacts for the ML and the help section were removed > from the main site. The page https://www.qubes-os.org/help/ is now redirected > to https://www.qubes-os.org/doc/ . That was part of a website reorganization that has been under discussion for months. See: https://github.com/QubesOS/qubes-issues/issues/1833 https://github.com/QubesOS/qubes-issues/issues/1841 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYDJUXAAoJENtN07w5UDAwSj8P/2zv1SzRpYhhd7jhmgbwXMKz wcOZNy5Vh4v5XteyHg7J8hRBSm50ty0gkZ9iLpXqDTBUZA/G87VFII/KyLkkPF9D BhQbi04ZJNDyaScxtWxhhsgByCgG7gzQYbQ7eTKEEWq7f1veCjfFgjTJ+WWwqDm8 /T1OZfWHyRI8xvuaUbUlaeGGlRFCfNkbIQy7Pe28XChPWR++nbrVoEa/XiyfLAT/ pAvuVBQhgWCChf2vYKkTa7mH/RLXk9J26WvBT3UDX0q+DEuvEdRC2XioOu1FJb/X tJ+y0NTE931pE51QhUEtTNOD6eEK9gtp7DN3hgbssKliTol+Q09PoDknv2Ecf7AE Pxe4/OabReJ7wCAChpIIxLISZzX81S57zjS5KBbz66Itd8es21mwj8uTuGSGHGgt Uus3CqxG+QEnQPjP5QZQJ8xTxjqNoxr+bTiOtWzXdcqwAoshiFH2+rUs017Qjq0C zAdxsn/mHVVOspqRM6cNLAI1MWViIFrmgmgnvBFEZXr1CMZbjb2OgolFMQOXSDOt xD+tAbH5QOJyQ1aK/uZUYjD4BlGcKpriVvwjFmUhPJPotmy6PR6qWHE8klUGpZsR 0436mSU8U2nGg9ZKesGXk6/HwPnIO5Lpe1vDYPxjkAkjgaXm4jGvMDBTYanc+KwP 8acYlSP/TshmG9yEUwqq =Zznw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56c2f55a-8d19-75cb-d9f7-363608395179%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can't figure out how to install a couple of things in dom0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-22 20:03, cestar...@gmail.com wrote: > I need to install the following things: > > Krita 3.0.1 (I tried to use the appimage that they provide but I get an error > about not finding something like libfuse.so) > xorg wacom tablet drivers > > And although this is not quite decided yet, I may or may not need to install > Nvidia Proprietary Drivers and Optirun/Bumblebee (On a laptop) > > I know the nvidia thing is in RPMFusion but I'm not sure if I should just add > the rpmfusion repository the same way I would on fedora 22 or if there's a > qubesos specific approach for it. > > My only ideas for getting my hands on the other two packages was to enable > some fedora repositories (like rawhide which has the krita package I need) > and then install them from there, but I'm not sure if that would be a very > good idea. The reason I need krita on dom0 is mostly for the hardware > accelerated graphics capability, since it's just a digital painting > application I don't see any harm in having it on dom0 and if I run it from a > VM it'll of course run slower. > > How should I go about achieving this? > > Does this page answer your questions? https://www.qubes-os.org/doc/software-update-dom0/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYDJJaAAoJENtN07w5UDAwArAP/jTp/wXWRCK2DSVCg+7xP/jR WTJ9gZpnxrcA2VcGXXpwnKkkmfjZ112u1JRIIe/mteQOB/Ub4eDwV9kKs8zwsko1 rNXeb0fsqU7XcKfjdrKi3sMQ+nwK5hLZWZjNzS5/QNKcxrn0fYbmy/A1aGJhLk+8 YwgGhcSLIqYn812NH1JFn4Vs7oQj0eyND+cN04JJAwb4oxPZK1zpzx5NcCmNkPtr xgv1+7Wb2U4k1ngRclqz8l900upBKw9Bq2STvpycqD6J8Ji0wJmgHLrcv0HAQd1+ XEGPUWLLgZt50rsUmHm9L3aIBE7/kAF73DrgVA6yC2+n1PwCYwhFUaxWiI69S4N7 neF4oUzuO3aH9k0Hc4spHeogD8EZty+w5n7HQ2dT1/N9qEl0+gBoeKZrq0hRLbd3 j25WZacDTCzfeoS0+ki7z04NGUEfk9hZBR51UtpxpDLuFGXGtYdu7GWtjd5U9JTW 9vpM4OWqrclCgH39kEFnhpBJlyDrZuP8eujOUzUbZBSjxZ95voAH+s7JUNr9bd4b qURmqVD/guTkiWkVNaprWV1u4IEnRsN82GlFg8oEnTJD/gBs+R9m4MLQGwdzRX3P 4Z++7pNbjwsmqJVNQ35ELY+YDni7SOzzhOTh/B9qMCTAd9V6xkhXu5iHwaiF8JFd ni38yU5io2tSQhcLAROU =6Uk2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a40bf29-b5df-75ca-59c9-8015cac322fe%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Future plans for KDE on Qubes?
Hi! After a few months of severe suffering from xfce on a HiDPI display I gave in and installed @kde-desktop-qubes on my system – and I'm pretty sure I don't want to see xfce for the next few years. Title bars have a usable size (something that cannot be configured in xfce without building your own themes), icon aren't scaled randomly and fonts are finally looking as they should. And third-party software like Softmaker Office is finally working as expected. So: Will there be support for KDE beyond Qubes 3.2 or will I have to plan for carrying a third machine for my office work space? Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/776d86b7-4e65-cfa8-e624-5e1e50c6f983%40noses.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Trouble with enabling networking between two Vms
Hi, I am a new user of Qubes OS so apologies in advance if the question here has been answered already in a separate topic (there are similar issues) and I haven’t discovered this or it is not one suited to this mailing list. I am running Qubes 3.2 and attempting to ping from one VM to another VM, specifically from a Standalone Windows 7 VM to a Qubes VM based on the Debian 8 template. All my VM’s were initially connected in the default manner i.e. to a sys-firewall and through to the sys-net VM, both of which are Fedora 23. There are no firewall rules on these VMs restricting which IP addresses can be accessed. Current status: - I am able to ping from my Windows 7 VM (10.137.2.19) to the Firewall VM (10.137.1.8) using the IP address visible in the VM Manager - I am unable to ping the Debian 8 VM (10.137.2.18) from my Windows VM. Steps taken: 1) I followed the instructions here (https://www.qubes-os.org/doc/qubes-firewall/#enabling-networking-between-two-vms) and in the firewall VM’s terminal enter the following iptables rule... sudo iptables -I FORWARD 2 -s -d -j ACCEPT … In VM B’s terminal (Debian 8) I entered the following iptables rule... sudo iptables -I INPUT -s -j ACCEPT ...but from here when using the ping function to my Debian 8 VM in the cmd prompt in Windows, all packets were lost. 2) As this was not successful I attempted to see if I could connect to VMs from an external machine and followed the instructions here https://www.qubes-os.org/doc/qubes-firewall/#port-forwarding-to-a-vm-from-the-outside-world. The Eth0 IP address (192.168.1.6) appeared to be what I should expose the service to. I put the below rule in the sys-net VM’s Terminal... iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 192.168.x.x -j DNAT --to-destination 10.137.1.x ...and this rule into the sys-firewall VM’s Terminal iptables -I FORWARD 2 -i eth0 -d 10.137.1.x -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT But using ping or Telnet resulted in lost packets and failed to increase the counters when using the iptables -t nat -L -v -n command in the sys-firewall VM's terminal. 3) With this not being successful either I attempted to add a “sys-proxy” VM as described here https://groups.google.com/forum/#!searchin/qubes-users/intervm%7Csort:relevance/qubes-users/lA2SgPcV9fU/U969uapYAAAJ and entered the following in the new sys-proxy VM's terminal: iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d $intervm_internalnet/24 -m state --state NEW -p tcp -m tcp -j ACCEPT iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d $intervm_internalnet/24 -p udp -m udp -j ACCEPT After this, I was still unable to ping the Debian 8 VM from my Windows VM. Questions: 1) Are there any obvious errors in the steps I took and does anyone have any suggestions how I can resolve this issue? 2) There are a number of other incidences of what seemed to be a similar issue here: https://groups.google.com/forum/?nomobile=true#!msg/qubes-users/59kOjfQFBI4/bjS47-jJJgAJ, https://groups.google.com/forum/#!msg/qubes-users/vSyUaOSloYU/ONZNJlhrBAAJ. Are the enabling networking between VMs steps described here still correct and applicable for Qubes 3.2? 3) The IP address assignment suggests that the VMs are on the same network – the Subnet Mask is 255.255.255.0 so surely any devices with an IP address of 10.137.2.x would be able to communicate with each other? What is unique in Xen / Qubes that stops this? 4) Is there a way in which the current routing rules can be displayed and reset back to the default if required? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0514e15b-950e-4636-95f7-849fc5671fc1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Most Secure way to encrypt your usb stick ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-22 05:09, lakschmi wrote: > have sensitive data on your usb stick? > > whats the best way to encrypt/decrypt it? > > > > normally I use whonix-ws pgp and encrypt every file but Id rather have a > different method > > > > is there a way to install the tails os ecryption system in qubes os? > I prefere it over the whonix workstation system. > My personal favorite is to use LUKS via the `cryptsetup` command. Documentation is available with `man cryptsetup`. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYDHCCAAoJENtN07w5UDAwdDIP/ixz7F+2NRc+/y9SJX+GNBUk M1hhNCUGzpqp3WsHayUh14dDr6NsYjLydvaeUnsDn1iV31t+0HTCzzKYRRANQIpk XeiHNALG/IIhKbYB5aTuY4C1hckBSC1etyqdSjxjT4Co/roqMyMGj6FUyMo0bw3K ZusOXG9zQT+e9l2BGKOOlLFONIRyt7e6RoEqBPm+Gg205g+JLo+PRXu7VzvBo+Di zW7kA/O78M7kcYYVt3GhkmFXqRZJjepRmW84dTTnl6Pjc3l1lkuNtEYti/+zh6MP NwNDTXDp6BEg8cZZp1tXeFuCPzKSAlr14xBZSjpEn8ODJswgzEfuj5xOoq1jfJc5 3zoYUeKchWAsb9zA8luQbyp9a844th3rxpXyhB9Oe6qTj5JPV/nlW9XiJmus/kPw fYBQCg5+bQDRUUf6JZSoXGIJIR8xnv6P+oAzlK0t/j9z6eCr9d+H3BM039uzmZSY NXTx4EvxsK6+f0KEB3wGzt5RRz3QvwdpqSLLxIyw4X7SQHGuy+4pme6tLVfjlu7c GwYLwWdw/4Zyj6Kd2hPkwIp3nOheIOE33yOegkeaOYqqvv8gPm6/WI2N5KQYriKL thfbIeu4hcrKf1KKC2DVLoXHqkufRupwm5FSIe+/scaMq7HZkil6eHaDCyCiSAsx VhocQhQOpp/D261Xs0Kx =Idh/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9eca6c8c-2936-b107-ae72-f0a6c7296e43%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security announcement mailing list? [and others]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-22 12:56, Marek Marczykowski-Górecki wrote: > On Sat, Oct 22, 2016 at 09:56:07PM +0200, Marek Marczykowski-Górecki wrote: >> On Fri, Oct 21, 2016 at 08:50:20PM -0700, Andrew David Wong wrote: >>> On 2016-10-21 15:47, Franz wrote: On Fri, Oct 21, 2016 at 4:00 AM, jkittwrote: > Shouldn't a security focused distro make security announcement in a more > direct and urgent way? I was surprised to find that Qubes only had a > 'users' and 'development' mailing list. > > >>> >>> Marek, what do you think about having a no-reply "qubes-announcements" >>> mailing list? >>> >>> Messages sent from qubes-announcements would also be duplicated to >>> qubes-devel and possibly qubes-users so that people have a chance to >>> discuss and ask questions. > >> I'm not sure if it worth it. There is not much such announcements. On >> the other hand, this may be exactly the reason for having a separate >> mailing list for this. For now, we have already some non-email channels >> for announcements: >> - @QubesOS on twitter - every security and release announcement is >>duplicated there >> - https://www.qubes-os.org/news/, with its RSS/Atom feed; but we don't >>link security announcements there - maybe we should start? > >> If you think additional ML channel would be useful, then sure, we can >> create one. > > "would be useful" -> "those existing are not enough". > The main reason to have such a mailing list would be so that people who don't want to use Twitter or RSS, and/or who want to receive *only* critical updates via email can have a way to do so. Some people might be opposed to Twitter as a platform. Probably fewer would object to RSS, but it might be inconvenient for them for one reason or another. Both Twitter and RSS include many non-critical updates. I don't know how much demand there is for the ability to receive only critical updates via email. If there's high demand, we should do it. If there's little or no demand, then it might not be worthwhile to saddle ourselves with the additional overhead. The problem is that we don't have any data on which to base the decision. Shall I create a poll? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYDGAGAAoJENtN07w5UDAwl4wQAJorbpnBb9QtNxLJ4foD6MTp h2l/RaH2P75w58aTHP2/VA2LM3mVvkqzQI+cstKdmEoEkMSiuZxKG0+/zUYBvkfl BauTumkpexJQ1OPjn0uu2Foee4v7l2a46XLzHdGTXmfKUL6953JSH/Dm+zY8waJj F1S9cPkw0/HDvoGiVUso5qDxnv2UO/uCK/1ivR06SCvnfWR3AeE5iS+BZaNFZ1wC Vf76fFdCqfuqfhG9bxjcz7zJnK5epaLVnoiaCR4t9XpKFgAwfPcpDIfyGPaoECKb 6FlltXKxjgb1WyV+XqnMLgTzwELTlkAGeDtkTEfnDrw1S74xdZNpDznPzIpqlJEr 9BQmcDucsnPX6ehNRU/ygHeV6zaDLjHyqCTBc9Bwt1ug6CRal4vR2iK2OPRp91pS AZRIyBeW2Z4ysSe8FxgQoo25QI6cWtmM6PrXxp7XvexZJADpPBPPAB1fwE4A1bcD ShjeuIXEyqZD59xNU+IN3D7qnG0cNRSB7kKfoXHKkVCogQfH2tXvDjzxLpE4nn1a mO9blcJYc97hhBxhIhtUJEMdLSDL/bv8Evg8EUve9U1D5jOk9mr2Mq8pGcq80tGy rJETaiqCzNQKvToJm9fc//YQrp1CWfeaX14FZY9Wrl/o1sy7gZArWEW3gVHJwWun p7yGN78z6AP1oyS2XuPh =vQ+J -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1fb5a616-8f69-f1fa-4fe4-465df3912277%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.