Re: [qubes-users] VT-d support in hcl report
On 11/17/2016 08:04 PM, te...@outoftheblue.pl wrote: > Hi everyone, > > I was about to add my hcl report to wiki when I noticed that for some > reson it reports IOMMU as enabled, while to my best knowledge it should > not be supported on my system. As googling didn't help me understand > what's going on I hope someone here can shed some light on this. > > I have Intel i5-2540,Sandy Bridge, with VT-d): > http://ark.intel.com/products/50072/Intel-Core-i5-2540M-Processor-3M-Cache-up-to-3_30-GHz > and Intel HM65 chipset: > http://ark.intel.com/products/52808/Intel-BD82HM65-PCH) > which does not support VT-d. > According to every resource I was able to find, both(and BIOS) shall > support it in order for VT-d to be enabled, but my hcl report(attached) > states: > IOMMU: "yes", > which is confirmed(somehow) by: > xl info | grep virt_caps > virt_caps: hvm hvm_directio > as well as: > xl dmesg reporting: > (XEN) Intel VT-d iommu 0 supported page sizes: 4kB. > (XEN) Intel VT-d iommu 1 supported page sizes: 4kB. > (XEN) Intel VT-d Snoop Control not enabled. > (XEN) Intel VT-d Dom0 DMA Passthrough not enabled. > (XEN) Intel VT-d Queued Invaldiation enabled > (XEN) Intel VT-d Interrupt Remapping enabled. > (XEN) Intel VT-d Shared EPT tables not enabled. > (XEN) I/O virtualisation enabled > ... > (XEN) VMX: Supported advanced features: > (XEN) - APIC MMIO access virtualisation > (XEN) - APIC TPR shadow > (XEN) - Extended Page Tables (EPT) > (XEN) - Virtual-Processor Identifiers (VPID) > (XEN) - Virtual NMI > (XEN) - MSR direct-access bitmap > (XEN) - Unrestricted Guest > (XEN) HVM: VMX enabled > > It seems as if at least part of VT-d is enabled so shall I trust Intel > specs or log outputs? Is hcl tool working correctly? Well, as you noted the qubes-hcl-report tool relays on xl info, and xl dmesg output. If both states tat IOMMU is enabled: > virt_caps: hvm hvm_directio > (XEN) I/O virtualisation enabled what else can it say? If you 100% sure that this is a false positive, then we should address this issue for sure. However I can't see how we can check if IOMMU is really working? Maybe we can try DMA attack PoC script and try to break out from a netvm for example? (of course not as part of the hcl report :) -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b54c71e3-fe01-afe8-477e-b61084473eba%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Qubes not shutting down
W dniu środa, 23 listopada 2016 00:34:09 UTC+1 użytkownik Drew White napisał: > On Tuesday, 22 November 2016 13:41:30 UTC+11, Loren Rogers wrote: > > On 11/21/2016 06:24 PM, Drew White wrote: > > > On Tuesday, 22 November 2016 06:04:43 UTC+11, Loren Rogers wrote: > > >> On 11/21/2016 11:04 AM, Loren Rogers wrote: > > >>> On 11/21/2016 12:42 AM, Drew White wrote: > > On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers wrote: > > > Another correlation I've noticed is that my machine randomly shuts > > > itself down without warning when I'm browsing in the Anon-Whonix VM. > > > It > > > seems that simply having the Whonix browser open causes the problem. > > > I've not been able to pin down an exact cause, but it seems to happen > > > after about 5-20min. When this happens, the machine sometimes ends > > > up in > > > a hung state (black screen) at the end of the shutdown process. > > > > > > I've also noticed that the fan speeds up right at it starts to > > > shutdown. > > > (The screen turns to the Qubes logo with the progress bar, then the > > > fan > > > cranks up.) Sometimes the bar makes it all the way to the end, other > > > times it seems to simply crash to a hault. As I mentioned elsewhere, > > > the > > > Thinkpad X201t is known to have overheating issues, but I'm not sure > > > if > > > this is related. I'm not working the machine particularly hard (just > > > browsing articles on the web), and the hardware is not particularly > > > hot > > > to the touch. > > When it gets to the qubes logo screen, press ESC to see what it's > > actually doing. > > > > If you wish to always know what it's doing, turn off rhgb and quiet > > in the boot config. > > > > Then you will see where the issue is. > > >>> Thanks, I'll give that a shot next time it happens. I feel like it'll > > >>> go by too quickly for me to see what's happening; does it also write > > >>> its activity to a log somewhere? > > >> I can now confirm that it's an over heating issue. When it went into the > > >> automatic shutdown sequence, I pressed escape and managed to take note > > >> of a few of the messages. One of the very first ones was something about > > >> "thermal_zone_0 critical temperature reached: 128C", which I assume is > > >> the cause. (This isn't an exact quote, since I noted it from memory.) > > >> > > >> This raises some questions: > > >> - What could be causing this overheating issue in Whonix? > > >> - Is 128C a normal temperature for the safety shutdown to kick in? > > >> - Does Qubes have a warning / alert system for potential overheat? (Like > > >> low battery) > > > It is a high temperature, but does it ONLY happen in Whonix? > > > Or if you push the PC does it happen also? > > > Have you tried limiting the threads Whonix can use? > > > > > > Sometimes CPUs have shutdown at 99 degrees. > > > So 128 degrees is a bit high in my own opinion. > > > > > > I recommend you check the CPU Fan and heatsinks (if it has them). > > > > Thanks for the input - I just dusted out the fan, and we'll see if it > > helps. It wasn't too bad, but we'll see if there's an improvement. > > > > No, it also randomly goes into auto-shutdown when backing up VMs. > > However, that happens about 20% of the time. Whonix seems to do it about > > 80% of the time, the other 20% I figure I shut it down before it does so > > on its own. I figure there may be something in the Whonix VM that's > > causing my processor to over work itself. The auto-shutdowns may be > > ultimately linked to dust in the fan or something like that, but if > > there's something processor intensive in Whonix, it may be worth looking > > into. > > > > Also, a heat warning message would be nice. I assume the thresholds are > > set via the bios - is there a standard way of monitoring this? (I'm not > > particularly well versed in this sort of thing.) > > > > I recommend you get your HDD checked, and your RAM. > > Test both thoroughly. > Could be some bad sectors. > Also run a smartd check. > > Some PCs have system diagnostics built in for RAM in the startup sequence. Thinkpads have known problem that after long time of usage GPU radiator glued to the chip goes loose and X201 is rather older model. Not sure how to measure GPU temp but if this is the case you can improve it yourself with superglue & silver smear or any repair shop around shall do it for a few coppers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0a91d23-f62b-426f-a143-c9850c4d5161%40googlegroups.com. For more options, visit h
[qubes-users] Fedora 24 Network Manager icon is missing (and other small issues).
As the title says: I've cloned my fedora 23 templates and followed the procedure to upgrade them to fedora 24. Everything is splendid, the only two disappointing things are: a) Network manager applet icon is missing. May this be related to the fact that my netvm runs on a minimal template? b) Fonts look a bit changed. Again, not that much of a problem, it's just unexpected. Cheers, Fab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80a6a6a6-55de-400c-87a3-0c078d0bdeda%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
Dear Marek, I've tried the solution you proposed in that post. I've managed to make that little script to work (strangely enough, it looks like salt minds about indenting in the code. I'm mainly used to latex that doesn't care and this left me a bit surprised. I created a file /srv/salt/update-templates.sls and wrote uptodate: pkg.uptodate: [] into it. Then I created /srv/salt/update-templates.top and wrote base: qubes:type:template: - match: pillar - update-templates into it. Then I gave ' sudo qubesctl top.enalbe update-templates ' and tested it with ' sudo qubesctl --all state.highstate ' (these commands don't work for me if I'm not superuser). unfortunately, this doesn't work for me. There is some green stuff going on (like qvm.exists and other things that I don't really understand). Then, it runs through the templates returning errors (it basically says, as an instance, 'fedora-23: ERROR'). On the app vm it just skips saying that there is nothing to do (and this is what it is supposed to do, so at least it recognizes that it has to run only on templates). My feeling (that may be wrong, obviously) is that the command pkg.uptodate: [] does not work for god only knows what reason. Any idea? Cheers, Fab. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28a0a898-f265-4189-9d05-d3578eb2a1dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows 7 Install Hangs At Starting Page
I just get the "Starting Windows" and the glowing logo on a black screen. Left it for an hour, nothing else happens. I found this which doesn't seem relevant (or if it is I can't make the connection) : https://groups.google.com/forum/#!searchin/qubes-users/starting$20windows$20hang%7Csort:relevance/qubes-users/2q19jFeTFGk/DgL6a67_CAAJ Is there anything generally I should be looking for? Thanks, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/faa42c13-24ce-4ae6-9082-7c5adbbd79e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 Install Hangs At Starting Page
Just to add - Windows Home Premium, 64bit. All linux VMs work fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca6b0126-dde6-4955-90a9-0973411307d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Network problem since upgrade to fedora-24 template
On Thursday, November 24, 2016 at 8:33:14 AM UTC+1, BePe wrote: > Hi All, > > I have an installation of QubeOS 3.2 inside a KVM VM (I know > that it's not recommended but it's very practical for testing) > that was working without any major issue since last week when I > decided to upgrade to the fedora-24 template and have migrated > the net-vm et the firewall-vm to use the new template. > > Since then, the networking (e.g. internet access) is no longer > working on all the AppVM except on the net-vm. > > I noted that when an AppVM is started there is no vif interface > that is brought up in its configured NetVM as it used be the > case when fedora-23 template was used for the NetVM. > > Does somebody have the same issue? How could I fix/workaround > the problem? > > Is there a way to manually and properply bring up the vif.XX > interface to establish the connection between a VM and its > configured NetVM? > > Thanks for your help. > > Regards, > > > -- > BePe Hi BePe, I don't have the same issue, but maybe you can manually put the required ifconfig orso commands in your /rw/config/rc.local file? (and make that file executable.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fc688557-c6d5-4617-8c32-97cf3cf6bd4a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 Install Hangs At Starting Page
On Thursday, November 24, 2016 at 12:59:04 PM UTC+1, David Wylie wrote: > I just get the "Starting Windows" and the glowing logo on a black screen. > Left it for an hour, nothing else happens. > > I found this which doesn't seem relevant (or if it is I can't make the > connection) : > > https://groups.google.com/forum/#!searchin/qubes-users/starting$20windows$20hang%7Csort:relevance/qubes-users/2q19jFeTFGk/DgL6a67_CAAJ > > Is there anything generally I should be looking for? > > Thanks, I have win 7 as my windows HVM, if I remember correctly, you need to have windows 7, and not windows home. The windows-tools-package that qubes uses is only for win 7. There is a great page on all this at: https://www.qubes-os.org/doc/windows-appvms/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eaf901eb-d07c-4868-b7a2-b1cde68d448c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 Install Hangs At Starting Page
Hi - it is W7 Home Premium (I said it in the title but missed the 7 out in the body, apologies). Followed all the links I can find on the Qubes website, including that one. Installed windows-tools from the current-testing repo. One thing I am doing is loading the iso from another VM (as documented here : https://www.qubes-os.org/doc/hvm/ It finds it fine, and as I say gets as far as that starting page, but then nothing. I have to Kill VM to stop it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec962e90-3838-4e4c-89f1-3898a9b8594b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Playing with docker in an app-vm
Hi all, I've not seen many docker posts, but for the heck of it I'd like to report on how I made an app-vm that has a website running in docker and reachable by everything connected to sys-firewall. 1) install docker in fedora-24, dnf install docker 2) create the new appvm, I called it 'docker' 3) in that app-vm in /rw/config/rc.local, i put: rm -rf /var/lib/docker ln -s /home/user/docker /var/lib/docker systemctl start docker , and I made the dir in /home/user/docker now as root i can use 'docker ps' and everything. 4) networking, making 'docker' visible: on docker app-vm in /rw/config/qubes-firewall-user-script, i put: iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT Ok, that's all i have on docker, and it works great. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6af5d4b-63c0-4d1f-9a8c-8fab4f5c173c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
On Thursday, November 24, 2016 at 2:05:30 PM UTC+1, Opal Raava wrote: > Hi all, > > I've not seen many docker posts, but for the heck of it I'd like to report on > how I made an app-vm that has a website running in docker and reachable by > everything connected to sys-firewall. > > 1) install docker in fedora-24, dnf install docker > > 2) create the new appvm, I called it 'docker' > > 3) in that app-vm in /rw/config/rc.local, i put: > > rm -rf /var/lib/docker > ln -s /home/user/docker /var/lib/docker > systemctl start docker > > , and I made the dir in /home/user/docker > now as root i can use 'docker ps' and everything. > > > 4) networking, making 'docker' visible: >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > Ok, that's all i have on docker, and it works great. Edit: your network is perhaps different from 10.137.2.0/24, sorry -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ea4f819-2a9c-42b3-9b03-cc37c95d4eea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 Install Hangs At Starting Page
Looking at the log file (which I can't copy/paste - shift-ctl-v & ctl_v just doesn't copy the log file contents like it says it will), the last entry is vga s->lfb_addr = f000 s->lfb_end = f100 Don't know if that helps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c16cb8e8-2722-4309-b89f-47102b192afc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 23, 2016 at 10:48:23PM -0800, tom...@gmail.com wrote: > So, after Marek's fix here, > https://github.com/QubesOS/qubes-issues/issues/1659 > is it true that I can expect this from it: > - HVM passthrough working using stub domain via xl ? > (following your guide above, exlcuding 'qemu-xen-traditional') > And not: > - HVM passthrough working via VM created with Qubes manager and started with > it / qvm-start ? Actually, generic PCI passthrough should just work in both cases now. Don't know if GPU passthrough is any special here, but I wouldn't be surprised if it is... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYNvBNAAoJENuP0xzK19csycgH/jSvl5JNBfFzSAyj2BFB4WsD Ig6+VUNBSKCXdL4wEl2RTIE4EylU3/0hjEIaw1mSRLAx4NLRmmZVOUAq51rMMlBz /RXQIzggOzcqdyUXa4Hi185SZg3SJeVV04Lm9YBTV4hQ5i7AKw0+Sn3/PBaoui2D 9A0HPUGV9c+bMvUWc0yp26podxVoicz0v7en3WAOvJVhoDare9ioLRQKhQ7inNrY Kp7/1S/WAMF4c2tbThrfFjAN/ou87UWyKhhWTzDBa+crC8t/75lHpQp8sS6Ec1tU 51t3eiGPKWEghlvHY2sCwQRAKtZjkqSGxu73RCxPYDZ1nuUf/yw7hsmC1uRwUNQ= =ViLz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124135107.GT1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 24, 2016 at 02:44:25AM -0800, Fabrizio Romano Genovese wrote: > Dear Marek, > > I've tried the solution you proposed in that post. I've managed to make that > little script to work (strangely enough, it looks like salt minds about > indenting in the code. I'm mainly used to latex that doesn't care and this > left me a bit surprised. > > I created a file /srv/salt/update-templates.sls and wrote > > uptodate: > pkg.uptodate: [] > > into it. Then I created /srv/salt/update-templates.top and wrote > > base: > qubes:type:template: > - match: pillar > - update-templates > > into it. Then I gave ' sudo qubesctl top.enalbe update-templates ' and tested > it with ' sudo qubesctl --all state.highstate ' (these commands don't work > for me if I'm not superuser). unfortunately, this doesn't work for me. There > is some green stuff going on (like qvm.exists and other things that I don't > really understand). Then, it runs through the templates returning errors (it > basically says, as an instance, 'fedora-23: ERROR'). On the app vm it just > skips saying that there is nothing to do (and this is what it is supposed to > do, so at least it recognizes that it has to run only on templates). > > My feeling (that may be wrong, obviously) is that the command pkg.uptodate: > [] does not work for god only knows what reason. Any idea? You can find details in /var/log/qubes/mgmt-fedora-23.log. Or add "--show-output" option to qubesctl to have it on stdout. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYNvI/AAoJENuP0xzK19cseHgH/jJi8AxLulTdA2vqvecMQFJi mDu5JLnB29QRDc3mEU59UeK/04Up+Gwp3NYhqMA7/+bSV2oIFYQcDuUGTqlO2Kbn zXaSi0Yj/S9O/yz6vTjY+a7OxCa16cn8gO56jKuNFZudwWtIx2qkhZmD5tEYydGM XUq3e+3Q4P3/ye9PKXCPu9z1q+TGAK3uQgSbAvJLshK8/z38tUuWaSJOsVfd2xL9 pPsChoxJLBJTO9EInhbz2DxQO4nYg3dN9CVc0vUE+d+w4nx84C6/gPlFMCE6LCW0 f6vlO4V6iPDCQgQEet1zFYHawMOmVFxX5kMdmw7IVyu9OzgeexM5XK3Q8HCN+tw= =h+Pw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124135926.GV1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Network problem since upgrade to fedora-24 template
Hi Opal, Thanks. But I don't know all the actions that should be realized. For sur there will be IP configuration, routing and probably iptables rules. BePe On 11/24/2016 01:22 PM, Opal Raava wrote: > On Thursday, November 24, 2016 at 8:33:14 AM UTC+1, BePe wrote: >> Hi All, >> >> I have an installation of QubeOS 3.2 inside a KVM VM (I know >> that it's not recommended but it's very practical for testing) >> that was working without any major issue since last week when I >> decided to upgrade to the fedora-24 template and have migrated >> the net-vm et the firewall-vm to use the new template. >> >> Since then, the networking (e.g. internet access) is no longer >> working on all the AppVM except on the net-vm. >> >> I noted that when an AppVM is started there is no vif interface >> that is brought up in its configured NetVM as it used be the >> case when fedora-23 template was used for the NetVM. >> >> Does somebody have the same issue? How could I fix/workaround >> the problem? >> >> Is there a way to manually and properply bring up the vif.XX >> interface to establish the connection between a VM and its >> configured NetVM? >> >> Thanks for your help. >> >> Regards, >> >> >> -- >> BePe > Hi BePe, I don't have the same issue, but maybe you can manually put the > required ifconfig orso commands in your /rw/config/rc.local file? (and make > that file executable.) > -- BePe -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b90c0e88-73ac-2543-b38f-279b4301145b%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Network problem since upgrade to fedora-24 template
On Thursday, November 24, 2016 at 3:03:01 PM UTC+1, BePe wrote: > Hi Opal, > Thanks. > But I don't know all the actions that should be realized. For sur there > will be IP configuration, routing and probably iptables rules. > BePe > > On 11/24/2016 01:22 PM, Opal Raava wrote: > > On Thursday, November 24, 2016 at 8:33:14 AM UTC+1, BePe wrote: > >> Hi All, > >> > >> I have an installation of QubeOS 3.2 inside a KVM VM (I know > >> that it's not recommended but it's very practical for testing) > >> that was working without any major issue since last week when I > >> decided to upgrade to the fedora-24 template and have migrated > >> the net-vm et the firewall-vm to use the new template. > >> > >> Since then, the networking (e.g. internet access) is no longer > >> working on all the AppVM except on the net-vm. > >> > >> I noted that when an AppVM is started there is no vif interface > >> that is brought up in its configured NetVM as it used be the > >> case when fedora-23 template was used for the NetVM. > >> > >> Does somebody have the same issue? How could I fix/workaround > >> the problem? > >> > >> Is there a way to manually and properply bring up the vif.XX > >> interface to establish the connection between a VM and its > >> configured NetVM? > >> > >> Thanks for your help. > >> > >> Regards, > >> > >> > >> -- > >> BePe > > Hi BePe, I don't have the same issue, but maybe you can manually put the > > required ifconfig orso commands in your /rw/config/rc.local file? (and make > > that file executable.) > > > > -- > BePe Hmm there should be an easier way, but I dont know how... I'm still a noob :/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3aeefa65-95be-4a8a-9a89-5f4c9772ea4f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Questions
First, I want to thank you for your efforts on Qubes OS, and for improving OS security/privacy in general. I am new to Qubes OS, have been enjoying it a lot, and have a few questions: * Primarily I would like to use Qubes for data science work. I understand that OpenGL is not supported for security concerns. I'm wondering whether I could use a OpenCL on a GPU in Qubes for running deep learning algorithms. Would this be supported? Is it a security concern as well? * Secondarily I would like to use Qubes for development work in Rust. I understand that Rust can eliminate many different sorts of memory related bugs. Would this be helpful to use in Qubes OS development for improving security? Are there any security concerns to prevent using Rust? * Finally, I am interested in the Purism Librem 13 laptop and noticed that it was supported for Qubes R3.x but not R4.x. Is this because of some hardware issues or because R4.x hasn't been released yet? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0da5dc2a-6c31-4e4e-bef3-935bdf350791%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
The error I get is 127, that should be "command not found" if I got it right... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82b9ca5d-632a-4fdc-a2b7-2a47ad9bb88b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 24, 2016 at 08:19:22AM -0800, Fabrizio Romano Genovese wrote: > The error I get is 127, that should be "command not found" if I got it > right... Have you installed qubes-mgmt-salt-vm-connector in your default template during upgrade to Qubes 3.2? https://www.qubes-os.org/doc/upgrade-to-r3.2/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYNxVeAAoJENuP0xzK19csCaMH/3VWe8Scqq0yhXjt7U6PHz9H dUDWzhA1AA5yQTNJadzDPBYiFyNcyZDUxdv9B6/5F1u/M33tq3UMEC8qxuTFp/EA KqPES8Rgh1TT29jEZrVW0/WcNoKnfnti8LUH+ilRmvU+xw/6w9H9oJxlzGNjLXlX sVR1szS5PsPx7K8MHVH8fH9QGd+cBvdKi/hbDDKKd/mAxV1v+qrjdsLTojP0ZGK2 Uj/KOrmx64SR2XMc7FJBpI65T/Udo0rgP3bYJH8Wel5ozDAwDubH3Bkg6/pVFgER kVEMrD8Pdwjaw7+/n3fOEbP9yEuKGsfrdZShVd+LmHRXEc6YNfaFHBk4Ul6LetI= =TmVB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124162917.GK2130%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
W dniu czwartek, 24 listopada 2016 14:05:30 UTC+1 użytkownik Opal Raava napisał: > Hi all, > > I've not seen many docker posts, but for the heck of it I'd like to report on > how I made an app-vm that has a website running in docker and reachable by > everything connected to sys-firewall. > > 1) install docker in fedora-24, dnf install docker > > 2) create the new appvm, I called it 'docker' > > 3) in that app-vm in /rw/config/rc.local, i put: > > rm -rf /var/lib/docker > ln -s /home/user/docker /var/lib/docker > systemctl start docker > > , and I made the dir in /home/user/docker > now as root i can use 'docker ps' and everything. > > > 4) networking, making 'docker' visible: >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > Ok, that's all i have on docker, and it works great. 10.137.2.0?24 is the IP addres of your sys-firewall machine, right? I'm trying to apply a similar configuration to my qubes instance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cfac8d0-7129-4efb-9a0e-0ee4683909ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 Install Hangs At Starting Page
On Thursday, November 24, 2016 at 5:08:23 AM UTC-8, David Wylie wrote: > Looking at the log file (which I can't copy/paste - shift-ctl-v & ctl_v just > doesn't copy the log file contents like it says it will), the last entry is > > vga s->lfb_addr = f000 s->lfb_end = f100 > > > Don't know if that helps. That seems suspiciously like problems with the vga emulation. Did you try the fix in the thread you linked? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59faf4e2-4a1b-4d3e-8e92-f1ad62b7ad2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
Looks like qubes-mgmt-salt-vm-connector is already installed in my templates. Are you sure the command is pkg.uptodate: [] ? This looks right in the salt documentation, but there is nothing else I can think about... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a41543f-21aa-40d6-aee6-11222a647ba1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DisposableVM help
Hello, i deleted the appvm for disposable-vm ... does anyone know how to recreate it? Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8fd4c484-d705-8ece-815d-d4693584822d%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 Install Hangs At Starting Page
I didn't follow the instructions properly. I modified the existing conf file which gets overwritten. I copied it as per the instructions and it all works as it should. I hereby offer myself to be roundly whipped through the streets of Aberdeen. Apologies, and thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d035dec-7eb4-465f-89b9-30636ed010f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes not shutting down
On 11/24/2016 03:57 AM, Pawel Debski wrote: W dniu środa, 23 listopada 2016 00:34:09 UTC+1 użytkownik Drew White napisał: On Tuesday, 22 November 2016 13:41:30 UTC+11, Loren Rogers wrote: On 11/21/2016 06:24 PM, Drew White wrote: On Tuesday, 22 November 2016 06:04:43 UTC+11, Loren Rogers wrote: On 11/21/2016 11:04 AM, Loren Rogers wrote: On 11/21/2016 12:42 AM, Drew White wrote: On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers wrote: Another correlation I've noticed is that my machine randomly shuts itself down without warning when I'm browsing in the Anon-Whonix VM. It seems that simply having the Whonix browser open causes the problem. I've not been able to pin down an exact cause, but it seems to happen after about 5-20min. When this happens, the machine sometimes ends up in a hung state (black screen) at the end of the shutdown process. I've also noticed that the fan speeds up right at it starts to shutdown. (The screen turns to the Qubes logo with the progress bar, then the fan cranks up.) Sometimes the bar makes it all the way to the end, other times it seems to simply crash to a hault. As I mentioned elsewhere, the Thinkpad X201t is known to have overheating issues, but I'm not sure if this is related. I'm not working the machine particularly hard (just browsing articles on the web), and the hardware is not particularly hot to the touch. When it gets to the qubes logo screen, press ESC to see what it's actually doing. If you wish to always know what it's doing, turn off rhgb and quiet in the boot config. Then you will see where the issue is. Thanks, I'll give that a shot next time it happens. I feel like it'll go by too quickly for me to see what's happening; does it also write its activity to a log somewhere? I can now confirm that it's an over heating issue. When it went into the automatic shutdown sequence, I pressed escape and managed to take note of a few of the messages. One of the very first ones was something about "thermal_zone_0 critical temperature reached: 128C", which I assume is the cause. (This isn't an exact quote, since I noted it from memory.) This raises some questions: - What could be causing this overheating issue in Whonix? - Is 128C a normal temperature for the safety shutdown to kick in? - Does Qubes have a warning / alert system for potential overheat? (Like low battery) It is a high temperature, but does it ONLY happen in Whonix? Or if you push the PC does it happen also? Have you tried limiting the threads Whonix can use? Sometimes CPUs have shutdown at 99 degrees. So 128 degrees is a bit high in my own opinion. I recommend you check the CPU Fan and heatsinks (if it has them). Thanks for the input - I just dusted out the fan, and we'll see if it helps. It wasn't too bad, but we'll see if there's an improvement. No, it also randomly goes into auto-shutdown when backing up VMs. However, that happens about 20% of the time. Whonix seems to do it about 80% of the time, the other 20% I figure I shut it down before it does so on its own. I figure there may be something in the Whonix VM that's causing my processor to over work itself. The auto-shutdowns may be ultimately linked to dust in the fan or something like that, but if there's something processor intensive in Whonix, it may be worth looking into. Also, a heat warning message would be nice. I assume the thresholds are set via the bios - is there a standard way of monitoring this? (I'm not particularly well versed in this sort of thing.) I recommend you get your HDD checked, and your RAM. Test both thoroughly. Could be some bad sectors. Also run a smartd check. Some PCs have system diagnostics built in for RAM in the startup sequence. Thinkpads have known problem that after long time of usage GPU radiator glued to the chip goes loose and X201 is rather older model. Not sure how to measure GPU temp but if this is the case you can improve it yourself with superglue & silver smear or any repair shop around shall do it for a few coppers. Thanks everyone -- this is great info. I think the dust removal was really helpful. I've noticed that the fan is working a lot less, and it's not crashing during backups like it did before. I'll check the HDD and RAM soon, and I'll keep the GPU radiator issue in mind. (I had no idea this was an issue - thanks for the pointer!) Any thoughts on a temperature warning message? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1e105586-076b-3d43-c0d6-bc2863ae4119%40lorentrogers.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
On Thursday, November 24, 2016 at 5:30:52 PM UTC+1, Grzesiek Chodzicki wrote: > W dniu czwartek, 24 listopada 2016 14:05:30 UTC+1 użytkownik Opal Raava > napisał: > > Hi all, > > > > I've not seen many docker posts, but for the heck of it I'd like to report > > on how I made an app-vm that has a website running in docker and reachable > > by everything connected to sys-firewall. > > > > 1) install docker in fedora-24, dnf install docker > > > > 2) create the new appvm, I called it 'docker' > > > > 3) in that app-vm in /rw/config/rc.local, i put: > > > > rm -rf /var/lib/docker > > ln -s /home/user/docker /var/lib/docker > > systemctl start docker > > > > , and I made the dir in /home/user/docker > > now as root i can use 'docker ps' and everything. > > > > > > 4) networking, making 'docker' visible: > >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > > > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > > > Ok, that's all i have on docker, and it works great. > > 10.137.2.0?24 is the IP addres of your sys-firewall machine, right? I'm > trying to apply a similar configuration to my qubes instance. Yea, it's the network provided by sys-firewall. I look at the ip number of an appvm using sys-firewall to figure out my net(mask) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1406c9e-521f-4fc2-9075-5b1965a31c60%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)
W dniu czwartek, 24 listopada 2016 14:51:14 UTC+1 użytkownik Marek Marczykowski-Górecki napisał: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Nov 23, 2016 at 10:48:23PM -0800, tom...@gmail.com wrote: > > So, after Marek's fix here, > > https://github.com/QubesOS/qubes-issues/issues/1659 > > is it true that I can expect this from it: > > - HVM passthrough working using stub domain via xl ? > > (following your guide above, exlcuding 'qemu-xen-traditional') > > And not: > > - HVM passthrough working via VM created with Qubes manager and started > > with it / qvm-start ? > > Actually, generic PCI passthrough should just work in both cases now. > Don't know if GPU passthrough is any special here, but I wouldn't be > surprised if it is... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJYNvBNAAoJENuP0xzK19csycgH/jSvl5JNBfFzSAyj2BFB4WsD > Ig6+VUNBSKCXdL4wEl2RTIE4EylU3/0hjEIaw1mSRLAx4NLRmmZVOUAq51rMMlBz > /RXQIzggOzcqdyUXa4Hi185SZg3SJeVV04Lm9YBTV4hQ5i7AKw0+Sn3/PBaoui2D > 9A0HPUGV9c+bMvUWc0yp26podxVoicz0v7en3WAOvJVhoDare9ioLRQKhQ7inNrY > Kp7/1S/WAMF4c2tbThrfFjAN/ou87UWyKhhWTzDBa+crC8t/75lHpQp8sS6Ec1tU > 51t3eiGPKWEghlvHY2sCwQRAKtZjkqSGxu73RCxPYDZ1nuUf/yw7hsmC1uRwUNQ= > =ViLz > -END PGP SIGNATURE- I've tried passing through a USB controller to my windows hvm. Despite setting the pci_strictreset to false, qvm-start still fails with libvirt.libvirtError: internal error: libxenlight failed to create new domain 'windows-7' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c6e9df6-332b-4f8f-955b-09772dce2ca5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
10.137.2.0/24 is a network specification of all hosts, a way of saying 10.137.2.*, i dont think the ip number of the sys-firewall comes into it. Its probably got an ip of 10.137.2.1 orso -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58e0d248-43ec-47f4-8ff7-a1f12e478790%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4.x and Librem 13
I am interested in purchasing the Purism Librem 13 laptop and noticed that it was supported for Qubes R3.x but not R4.x. Is this because of some hardware issues or because R4.x hasn't been released yet? Would it make sense to wait for R4.x before purchasing? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a3a0ebb-9489-4c61-a35d-ab9483a33d52%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.x and Librem 13
W dniu czwartek, 24 listopada 2016 20:53:08 UTC+1 użytkownik rspei...@gmail.com napisał: > I am interested in purchasing the Purism Librem 13 laptop and noticed that it > was supported for Qubes R3.x but not R4.x. > > Is this because of some hardware issues or because R4.x hasn't been released > yet? Would it make sense to wait for R4.x before purchasing? Definitely wait for 4.X -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a70b452-badc-4d1e-b486-9711aa21ba06%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
On Thu, Nov 24, 2016 at 3:00 PM, Grzesiek Chodzicki wrote: > W dniu czwartek, 24 listopada 2016 20:53:08 UTC+1 użytkownik > rspei...@gmail.com napisał: >> I am interested in purchasing the Purism Librem 13 laptop and noticed that >> it was supported for Qubes R3.x but not R4.x. >> >> Is this because of some hardware issues or because R4.x hasn't been released >> yet? Would it make sense to wait for R4.x before purchasing? > > Definitely wait for 4.X Why? I don't see the logic for that... I can't envision hardware support regressions on a laptop that (afaik at least one?) of the devs use as their primary machine. AFAIK the librem isn't certified for Qubes 4 because it lacks open firmware which is one of the requiements to be certified for qubes 4 [1], but no machine currently meets those, and librem hardware won't magically degrade itself with the passage of time in qubes-land. IMO if it meets your needs now, it will continue to meet your needs then... [1]: https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_C_2STmGof6KZ6%2BAEcQOByqvq0WGTHg-rvvCH8HBgAO-g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
W dniu czwartek, 24 listopada 2016 21:06:45 UTC+1 użytkownik Jean-Philippe Ouellet napisał: > On Thu, Nov 24, 2016 at 3:00 PM, Grzesiek Chodzicki > wrote: > > W dniu czwartek, 24 listopada 2016 20:53:08 UTC+1 użytkownik > > rspei...@gmail.com napisał: > >> I am interested in purchasing the Purism Librem 13 laptop and noticed that > >> it was supported for Qubes R3.x but not R4.x. > >> > >> Is this because of some hardware issues or because R4.x hasn't been > >> released yet? Would it make sense to wait for R4.x before purchasing? > > > > Definitely wait for 4.X > > Why? I don't see the logic for that... > > I can't envision hardware support regressions on a laptop that (afaik > at least one?) of the devs use as their primary machine. > > AFAIK the librem isn't certified for Qubes 4 because it lacks open > firmware which is one of the requiements to be certified for qubes 4 > [1], but no machine currently meets those, and librem hardware won't > magically degrade itself with the passage of time in qubes-land. > > IMO if it meets your needs now, it will continue to meet your needs then... > > [1]: https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ Because we have no idea when 4.X is going to be released and until then a better option might present itself. Librem laptops are imho a bit overpriced for the hardware you get. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a43a708-1083-484b-800c-9beaeb426617%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
Thanks for you feedback. I heard that Coreboot was released for Librem 13 by a 3rd party. Is that not open enough or is it that it hasn't been officially accepted by Librem? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b50932c0-4431-4ea9-92f8-32accc55038a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes and Rust
I would like to use Qubes for development work in Rust. I understand that Rust can eliminate many different sorts of memory related bugs. Would it be helpful to use in Qubes OS development for improving security? Are there any security concerns to prevent using Rust? For example, the Qubes GUI could be rewritten in rust... would that help security? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d3f1937-b237-401d-b4e9-85262bdb3cb0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes and GPUs for Data Science
I would like to use Qubes for data science work. I understand that OpenGL is not supported for security concerns. I'm wondering whether I could use a OpenCL on a GPU in Qubes for running deep learning algorithms. I'm leaning towards getting an AMD Vega GPU when it comes out. I guess what I am wondering is whether the GPU could safely be in a separate container for churning through machine/deep learning problems and whether there is any reason why that wouldn't work. Does that make sense? Would this be supported? Is it a security concern? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80288645-8d26-4685-88b4-b1c836536add%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
Thanks for your feedback. I heard that Coreboot was released for Librem 13 by a 3rd party. Is that not open enough or is it that it hasn't been officially accepted by Librem? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dadd7e6f-6fe6-4ae7-9ee9-4e52663f4fb5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cryptsetup Vulnerability affects QubesOS?
On 11/19/2016 10:31 PM, Marek Marczykowski-Górecki wrote: Yes, exactly Is it possible to check non encrypted boot part of the disk for checksums after OS was loaded and warn user about some changes? ( or check some files on boot part) Is it a good idea? Or maybe some USB disk with loader which will do the same. And user User periodically will be able to check his disk. -- Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/959c27bc-446b-593f-df95-885d4f9255f1%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DisposableVM help
On Thu, Nov 24, 2016 at 11:59:43AM -0500, Shpendi Dika wrote: > Hello, i deleted the appvm for disposable-vm ... does anyone know how to > recreate it? Thanks. > I assume you deleted something like fedora-23-dvm You can regenerate it from dom0 konsole: qvm-create-default-dvm fedora-23 Or create a new dvm from any template: qvm-create-default-dvm -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124213956.GA10440%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 24, 2016 at 12:51:41PM -0800, rspeiglv...@gmail.com wrote: > Thanks for your feedback. I heard that Coreboot was released for Librem 13 by > a 3rd party. Is that not open enough or is it that it hasn't been officially > accepted by Librem? The later. Librem as you can buy it is still shipped with proprietary BIOS and I haven't heard of any realistic plans for changing it. Even though most (all?) the work on Coreboot side is done... Other than that, Librem definitely meet minimum requirements, but as mentioned before - is somehow overpriced. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYN17KAAoJENuP0xzK19csQhQH/0DMyOzETXvSRdZxyDlJ28y2 RGTJvJwtV5gHSYkHeZN261sZTNEm6bJkwt3Pdhtuw+4auvulOdE41iOwvq2UCEm5 osG8wFmAxGgcsexDAuqhk78HQUcWKOnm5AI4/lJJAJNmO94/sOJHj5j1be+fvb5/ DEsiv5hO7WiKJScjIyzwC3jJc2YWE6sh4Cv9NTPl7aEot2b4cG28K1XTB3vOvMia 99tIjN9Hb9TzOVvRH/0L8dOWHqNqGoP0WV2mwlAa+Ad0QEhYvOUI7HZ7orvBXtGi O5mhd2v+EuDu+D8BUfvt5UrRHFOkZa5l+6vDPN8jfOdYB2Za4US8IDS4zpfeldE= =R78q -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124214232.GX1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installing lshw on dom-0
I am interested in knowing hardware details for my pc and want to run lshw on dom-0. How can I install it on dom-0? Is there any alternative to it that is already present on dom-0? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2683195c-7465-4add-bb3e-1cd2d49aabe5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
Thanks Marek... that was very helpful. Realistically speaking... could I purchase the Librem 13, install the Coreboot firmware and then it make be compatible with R4.x? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d66f3102-dcd8-47fa-95c9-bf0571de56cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 24, 2016 at 02:30:30PM -0800, rspeiglv...@gmail.com wrote: > Thanks Marek... that was very helpful. Realistically speaking... could I > purchase the Librem 13, install the Coreboot firmware and then it make be > compatible with R4.x? As I said - compatible with Qubes 4.x (in meaning "Qubes 4.x will work on it") it will be even without Coreboot. It may be somehow more secure with Coreboot (less places to hide some backdoor), but may be also less stable - depending how mature is Librem 13 support in Coreboot. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYN2urAAoJENuP0xzK19csxMQH/RVNVTS1x/Ri+aKr3pMgdmF9 nGUjHdZFRYlExYXizo2TJiNdKleNaQVxhk9dramJ6bEQIy5PwcbjNwIozxXSvSn7 HPQ2skgzkD/qyNygKV4ZEfJ5Stt0pot9mQ12gEtrbWbx4Sev5llPL5IsN0i+thpK YNha18WkFCtBZbPs6uMh3twsFSUbkY3MsqRgF11oHKXmYjdPQyyHJt6TsL/2Rqpq W9HrR3PYDHChJIQgVQ/DSL0u+DqxzPGuc4kfzaDErE9w5sPeqsBDXyPajYKl1wAA zNCvaFPpvzmQj4PV8ETP/pEB5vLhrEgR2+spL5NZ8vD8/7f/mo+3y6tXT9bZ8Bw= =bNoI -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124223729.GY1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cryptsetup Vulnerability affects QubesOS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 25, 2016 at 12:19:14AM +0300, Eva Star wrote: > On 11/19/2016 10:31 PM, Marek Marczykowski-Górecki wrote: > > > Yes, exactly > > Is it possible to check non encrypted boot part of the disk for checksums > after OS was loaded and warn user about some changes? ( or check some files > on boot part) > Is it a good idea? If someone have planted some malware there, he/she can also replace your integrity checking tool. So such solution will not be bulletproof. > Or maybe some USB disk with loader which will do the same. And user User > periodically will be able to check his disk. This would be better. Or you can go one step further - store /boot on some USB stick. Or two steps further - use AEM with that. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYN2x5AAoJENuP0xzK19csaesH/jxwp92Tv/96utIuPaMShfIx PtiNeZT/98kMrdBNLwrJHH6D/eio8v+3wOdK5gNkGxQs8W4IezOLf21ja1T1cNRe 5gG5FgUafayKu+0nPBpSgpK2vO3QubQPOqKRaE3YBGJcByRpCRgDqqzP6h3BNmoa MBSOI6pUKAu6CWN5wryNOUv/lvfG9fxrCKcSIB94f7AV5yBMJ3hIJluE94/tvb8E qobrPWFHMZMRa5upUjxNuEfGSuwhdfgymeGUOqc8bokoScA4cnLVJRxbdowcNILW 6uh//37IvU6rjlkKtpfiDaW4Yvxntx9sPBiBEuwuoveWr7SPyvKKTnJCgL4BMvI= =+axr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124224055.GZ1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 24, 2016 at 11:08:33AM -0800, Grzesiek Chodzicki wrote: > W dniu czwartek, 24 listopada 2016 14:51:14 UTC+1 użytkownik Marek > Marczykowski-Górecki napisał: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Wed, Nov 23, 2016 at 10:48:23PM -0800, tom...@gmail.com wrote: > > > So, after Marek's fix here, > > > https://github.com/QubesOS/qubes-issues/issues/1659 > > > is it true that I can expect this from it: > > > - HVM passthrough working using stub domain via xl ? > > > (following your guide above, exlcuding 'qemu-xen-traditional') > > > And not: > > > - HVM passthrough working via VM created with Qubes manager and started > > > with it / qvm-start ? > > > > Actually, generic PCI passthrough should just work in both cases now. > > Don't know if GPU passthrough is any special here, but I wouldn't be > > surprised if it is... > > > > I've tried passing through a USB controller to my windows hvm. Despite > setting the pci_strictreset to false, qvm-start still fails with > libvirt.libvirtError: internal error: libxenlight failed to create new domain > 'windows-7' Do you have VT-d (aka IOMMU) supported and enabled? You can check for details in /var/log/libvirt/libxl/libxl-driver.log. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYN25VAAoJENuP0xzK19csxxAH/R2x4FXcoikNcZqj2LycK35n G3+zJe5c84HreQVTRi4f512IsOc0oyenDxqXPJ8Y3Bud/Fyk6LObFRU8qCpFe/U4 s/8KSQ8H94eI3bPQ5dyrLJSY8KkgPDbwIkeNJaFUxxjWpAPfbZLKr6ibmkO3ivD+ brvD87vS14oZQQ0ffoUQ14AI+jAK6Jx+f4WKz8zmi3G3ZTVAhjr4cbHyI039mZ0u K9um9tN94a2TK5xUfT6+ciRWLicRYgxd8szgjXQIlcT51rud/E/EVlQbUrBXBrYp QZv6zWXGykZfzRRzq400aXOdXDFxL62J8ZgywYcOPCxiSbmdMEy24VhXMTHa4Io= =WZz9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124224851.GA1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Questions
On Thu, Nov 24, 2016 at 10:29 AM, wrote: > * Primarily I would like to use Qubes for data science work. I understand > that OpenGL is not supported for security concerns. I'm wondering whether I > could use a OpenCL on a GPU in Qubes for running deep learning algorithms. > Would this be supported? Is it a security concern as well? If you have a dedicated GPU which you are not trying to use to render output to a display and just using for GPGPU computing, then AFAIK it should be a simple matter of doing PCI for it to the VM in which you wish to do your data science. A thing to look for is whether your GPU supports Function Level Reset (FLR) [1], which makes pci un-assigning and re-assigning much more likely to not leave things in an unusable state requiring reboots. You may find that you need to blacklist drivers from attaching to the device in dom0 so that dom0 does not put it into an unknown state before it gets initialized in your AppVM. I am currently trying to get similar things working, but am by no means an expert in this area. [1]: https://wiki.xen.org/wiki/Xen_PCI_Passthrough#How_can_I_check_if_PCI_device_supports_FLR_.28Function_Level_Reset.29_.3F > * Secondarily I would like to use Qubes for development work in Rust. I > understand that Rust can eliminate many different sorts of memory related > bugs. Would this be helpful to use in Qubes OS development for improving > security? Are there any security concerns to prevent using Rust? If you are talking about re-writing core qubes things in rust, then I think that'd be pretty cool, but there are some things to keep in mind: 1) It is desirable for qubes core stuff to remain portable. In particular, some of the core things were made to work on windows. See https://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html 2) It would be nice to try to keep the set things in the core ecosystem smal, for both auditability (many people (including myself) are not qualified to audit rust) and for complexity and dependencies for building. > * Finally, I am interested in the Purism Librem 13 laptop and noticed that it > was supported for Qubes R3.x but not R4.x. Is this because of some hardware > issues or because R4.x hasn't been released yet? AFAIK because it still has a non-free BIOS? I'm not certain. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_CgKzsDbs9xRiNyyGZJigTKsLU2LQdOA8rbdxmtJo1cwg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes and Rust
On Thu, Nov 24, 2016 at 3:44 PM, wrote: > I would like to use Qubes for development work in Rust. I understand that > Rust can eliminate many different sorts of memory related bugs. Would it be > helpful to use in Qubes OS development for improving security? Are there any > security concerns to prevent using Rust? For example, the Qubes GUI could be > rewritten in rust... would that help security? There are lots of issues here which are not within the class of coding errors which Rust seeks to eliminate, but rather algorithm and protocol-level issues and issues inherent to interfacing across VMs. These problems are hard, and I am unconvinced that Rust makes them easier to solve. That said, an awesome part of open source is that you are free to just go ahead and try, and if it turns out to be indeed superior, then it could be integrated. Yay ecosystem diversity! :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_AiBMH7-7fk1VS6RbkEBS2Wtu3kZj%2B7GAUw94OPULDmCg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes not shutting down
On Friday, 25 November 2016 07:11:15 UTC+11, Loren Rogers wrote: > On 11/24/2016 01:39 PM, Loren Rogers wrote: > > > > > > On 11/24/2016 03:57 AM, Pawel Debski wrote: > >> W dniu środa, 23 listopada 2016 00:34:09 UTC+1 użytkownik Drew White > >> napisał: > >>> On Tuesday, 22 November 2016 13:41:30 UTC+11, Loren Rogers wrote: > On 11/21/2016 06:24 PM, Drew White wrote: > > On Tuesday, 22 November 2016 06:04:43 UTC+11, Loren Rogers wrote: > >> On 11/21/2016 11:04 AM, Loren Rogers wrote: > >>> On 11/21/2016 12:42 AM, Drew White wrote: > On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers wrote: > > Another correlation I've noticed is that my machine randomly > > shuts > > itself down without warning when I'm browsing in the > > Anon-Whonix VM. It > > seems that simply having the Whonix browser open causes the > > problem. > > I've not been able to pin down an exact cause, but it seems to > > happen > > after about 5-20min. When this happens, the machine sometimes > > ends > > up in > > a hung state (black screen) at the end of the shutdown process. > > > > I've also noticed that the fan speeds up right at it starts to > > shutdown. > > (The screen turns to the Qubes logo with the progress bar, > > then the fan > > cranks up.) Sometimes the bar makes it all the way to the end, > > other > > times it seems to simply crash to a hault. As I mentioned > > elsewhere, > > the > > Thinkpad X201t is known to have overheating issues, but I'm > > not sure if > > this is related. I'm not working the machine particularly hard > > (just > > browsing articles on the web), and the hardware is not > > particularly hot > > to the touch. > When it gets to the qubes logo screen, press ESC to see what it's > actually doing. > > If you wish to always know what it's doing, turn off rhgb and > quiet > in the boot config. > > Then you will see where the issue is. > >>> Thanks, I'll give that a shot next time it happens. I feel like > >>> it'll > >>> go by too quickly for me to see what's happening; does it also > >>> write > >>> its activity to a log somewhere? > >> I can now confirm that it's an over heating issue. When it went > >> into the > >> automatic shutdown sequence, I pressed escape and managed to take > >> note > >> of a few of the messages. One of the very first ones was > >> something about > >> "thermal_zone_0 critical temperature reached: 128C", which I > >> assume is > >> the cause. (This isn't an exact quote, since I noted it from > >> memory.) > >> > >> This raises some questions: > >> - What could be causing this overheating issue in Whonix? > >> - Is 128C a normal temperature for the safety shutdown to kick in? > >> - Does Qubes have a warning / alert system for potential > >> overheat? (Like > >> low battery) > > It is a high temperature, but does it ONLY happen in Whonix? > > Or if you push the PC does it happen also? > > Have you tried limiting the threads Whonix can use? > > > > Sometimes CPUs have shutdown at 99 degrees. > > So 128 degrees is a bit high in my own opinion. > > > > I recommend you check the CPU Fan and heatsinks (if it has them). > Thanks for the input - I just dusted out the fan, and we'll see if it > helps. It wasn't too bad, but we'll see if there's an improvement. > > No, it also randomly goes into auto-shutdown when backing up VMs. > However, that happens about 20% of the time. Whonix seems to do it > about > 80% of the time, the other 20% I figure I shut it down before it > does so > on its own. I figure there may be something in the Whonix VM that's > causing my processor to over work itself. The auto-shutdowns may be > ultimately linked to dust in the fan or something like that, but if > there's something processor intensive in Whonix, it may be worth > looking > into. > > Also, a heat warning message would be nice. I assume the thresholds > are > set via the bios - is there a standard way of monitoring this? (I'm > not > particularly well versed in this sort of thing.) > >>> > >>> > >>> I recommend you get your HDD checked, and your RAM. > >>> > >>> Test both thoroughly. > >>> Could be some bad sectors. > >>> Also run a smartd check. > >>> > >>> Some PCs have system diagnostics built in for RAM in the startup > >>> sequence. > >> Thinkpads have known problem that after long time of usage GPU > >> radiator glued to the chip goes loose and X201 is rather older model. > >> Not sure how to measure GPU temp but i
[qubes-users] Re: Installing lshw on dom-0
On Friday, 25 November 2016 09:11:09 UTC+11, grv wrote: > I am interested in knowing hardware details for my pc and want to run lshw on > dom-0. > > How can I install it on dom-0? Is there any alternative to it that is already > present on dom-0? as root, run [root@dom0 ]$ qubes-dom0-update lshw -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20999fcb-23fd-403c-8b5c-2e0b80125c9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)
On Thu, Nov 24, 2016 at 8:51 AM, Marek Marczykowski-Górecki wrote: > Actually, generic PCI passthrough should just work in both cases now. > Don't know if GPU passthrough is any special here, but I wouldn't be > surprised if it is... At least for intel-integrated stuff I can confirm that it definitely is. The relevant drivers poke at pci config space registers of other pci devices besides only the GPU, and expect them to be the actual hw with the intended physical-world side-effects, not qemu. It is currently making my effort to get hardware accelerated graphics in non-dom0 difficult :( -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_CezYfMDQOVAbuJ-Ouj-16EWNin78DtMju4G2WR2U03YA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Passthrough
Is there any way that I can pass through all real hardware specifics to the guest to make it not think it's running under xen? (primarily Windows) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8d35d38-a5af-4888-bb15-0463c54f96b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
Purism laptops are new intel so they will never have real coreboot support, only FSP shimboot which is a black box that does most of the work. Its pointless, honestly you might as well just get an AMD (with iommu/amd-vi) laptop if you want to avoid ME (just make sure it does not have AMD PSP, lol) - it'll have a closed source BIOS but no more dangerous than FSP in terms of backdoor potential. You could also get an older pre-FSP thinkpad, as there is some work being done RE: stripping out and thus nerfing most of ME. https://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Still-Blobbed https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/ Purism is at best, selling an unfinished product and at worst being incredibly dishonest. If google can't get intel to hand over the FSP and ME code then nobody can. I think it is funny that the purism types thinks that setting ME to "disabled" in option rom actually shuts it off. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ae79ef7-5510-b7ba-f868-79ead8cedd29%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
On 25.11.2016 01:44, taii...@gmx.com wrote: Purism laptops are new intel so they will never have real coreboot support, only FSP shimboot which is a black box that does most of the work. Its pointless, honestly you might as well just get an AMD (with iommu/amd-vi) laptop if you want to avoid ME (just make sure it does not have AMD PSP, lol) - it'll have a closed source BIOS but no more dangerous than FSP in terms of backdoor potential. You could also get an older pre-FSP thinkpad, as there is some work being done RE: stripping out and thus nerfing most of ME. https://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Still-Blobbed https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/ Purism is at best, selling an unfinished product and at worst being incredibly dishonest. If google can't get intel to hand over the FSP and ME code then nobody can. I think it is funny that the purism types thinks that setting ME to "disabled" in option rom actually shuts it off. Hej folks, Yes, Purism was basically a scam. They could at least have made the thing boot faster by including blobbed Coreboot, but they couldn't even be bothered doing that. I'd like to add my thoughts about the current situation with Coreboot and the Intel FSP. Virtualisation is currently broken on the most recent ThinkPad X200, T400, etc laptops and desktops that work without the ME blob, but it is presumably possible to make them boot, perhaps through including microcode updates in the Coreboot build. I haven't tested this yet so it is not clear yet. Either way IOMMU is also broken on this generation (and this will probably never change since this is a flaw in the hardware implementation of IOMMU) so Qubes might not be so secure here. Better than nothing, but still... Another good option might be the ThinkPad X201, where VT-d is thankfully not broken, but it does include the ME blob in order to make the thing boot. It doesn't include Intel FSP (it is from way before that), so it isn't *that* bad, and certainly it stops *Lenovo* (as opposed to Intel) from putting bad things through the BIOS to attack Qubes. But it is still fatally flawed in that the ME's reach is far indeed... But you get native graphics init which is nice if you are a Coreboot nerd. And it is possible, albeit hard to reverse engineer the chipset to find a flaw to bypass the ME. So this may be a *really* good option in the future for Qubes, if people work on it. Here lies the dillema with Coreboot and Qubes. Broken IOMMU sans ME, or working (as it stands) IOMMU along with the ME? The X201 is probably a better choice than the vile Librem laptops for the average Qubes user. Durable, cheap second hand, IOMMU all present and correct. ME is bad but not *as* bad as it has become as of late. And of course Coreboot is fast and fun. D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fcdc8c4d278e565af3dc4c44d601d49%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Error restoring data, no reason for it to fail.
Error occurrs for no reason. This is all the information it tells me. It extracts each file one at a time, so there should be no issue. Any advice on what is wrong? Extracting data: 48.4 GiB to restore Some errors occurred during data extraction, continuing anyway to restore at least some VMs -> Restoring QubesHVm {VMName}... ERROR: [Errno 2] No such file or directory: u'/var/tmp/restore_kID_7z/vm12' *** Skipping VM: {VMName} -> Done. Please install updates for all the restored templates. Please unmount your backup volume and cancel the file selection dialog. Finished with errors! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/477d2141-ba9b-4704-b95c-c5a9ee32d3c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Attaching Item as FDD
How do I attach am IMG to appear as an FDD? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d02b1101-a745-4952-8ac2-d3767709aab1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Passthrough
On Thu, Nov 24, 2016 at 6:55 PM, Drew White wrote: > Is there any way that I can pass through all real hardware specifics to the > guest to make it not think it's running under xen? (primarily Windows) Malware trying to determine if it's on bare metal will likely always be able to do so, other classes of software should "Just Work" in HVM and (barring bugs in device emulation) are not likely to care. Is there a particular reason you ask? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_D2%2BuyaP8B_OZfLYER_n6oC5thU50%2BtmVNSq1D3GsqSmg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Passthrough
On Friday, 25 November 2016 14:30:43 UTC+11, Jean-Philippe Ouellet wrote: > On Thu, Nov 24, 2016 at 6:55 PM, Drew White wrote: > > Is there any way that I can pass through all real hardware specifics to the > > guest to make it not think it's running under xen? (primarily Windows) > > Malware trying to determine if it's on bare metal will likely always > be able to do so, other classes of software should "Just Work" in HVM > and (barring bugs in device emulation) are not likely to care. > > Is there a particular reason you ask? I'm asking because I want to know if there is a way or not. To get some software to work properly it needs to be able to read certain parts of the system to get the identity and generate the keys to identify the pc as the pc to activate. I.E. it can't be run on multiple PCs, only the one that I registered it on. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f296d0e-6e1a-47a3-83af-713a310bf320%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.