[qubes-users] Re: Qubes 4 with Grsec could make a big splash
W dniu wtorek, 22 listopada 2016 19:57:56 UTC+1 użytkownik kev27 napisał: > I saw this being retweeted by the Qubes account on Twitter. Can Grsec support > still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc? > > I think if Grsec would be enabled by default in Qubes, it would be no > question that Qubes is the most secure operating system out there. Or we could just wait for SubgraphOS guys to release a template of their system for Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/945ba01f-3995-4c67-97dc-678c6b1f06ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.x and Librem 13
W dniu sobota, 26 listopada 2016 03:06:06 UTC+1 użytkownik rspei...@gmail.com napisał: > It seems that Purism has failed to follow through on its promise to provide > open firmware (i.e coreboot) and overstated it's capability to provide a > completely free firmware (i.e. libreboot). As a result, they have left many > unhappy customers and/or prospective customers. I doubt that we will ever > have libreboot on current/new Intel hardware. > > Optimistically speaking, a truly open hardware ecosystem (i.e. Risc-V, > OpenPower) will likely take ~3-10 years to become commercially viable. > Considering the pragmatic approach that Qubes OS is taking, it would seem > ideal to get the most secure and privacy-protecting hardware in the > short-term until such time that we can have "truly" secure and > privacy-protecting hardware in the long-term. > > As Marek pointed out, the Librem 13 would work with Qubes OS 4.x and "may be > somehow more secure with Coreboot (less places to hide some backdoor), but > may be also less stable - depending how mature is Librem 13 support in > Coreboot." As Grzesiek pointed out, waiting until 4.x to be released makes > sense since "a better option might present itself". In addition, it would > give Purism an opportunity to right a wrong. > > That said, besides the Librem 13, I haven't seen nor heard of another laptop > that provides hardware switches to disable camera/audio/wifi and components > that do not require blobs (CPU excepted of course). Besides my Google Pixel > LS Chromebook running linux, I'm unsure whether there is a better option at > this point. > > Thanks, > Roberto Don't get me wrong, I respect the idea the Purism guys had when they created Librem. But the Librem 15 costs 1600$ for an 8GB of ram, dual core i7 and a sata SSD. 32 GB of RAM are additional 530$. Total cost of the most pimped out version is over 3400$. For half that money you can have the most pimped out version of Thinkpad T560. High prices alienate the userbase and make it seem like the privacy is a privilege of the rich. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/626d8958-3215-436d-b937-fb75c5dd16da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4 with Grsec could make a big splash
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 25, 2016 at 09:08:03PM -0800, jkitt wrote: > The point is that the security of a grsecurity protected system depends on > the userspace being compiled in a special way. The binaries need to be > compiled with pie, and shared objects need to be compiled with pic. There are > also some other mitigations like SSP. Shared objects are always compiled as pic, these days. As for pie executables - I think most distributions do this only for selected binaries only. > A grsecurity kernel on it's own is not adequate enough. Someone will need to > distribute a hardened userspace. > > The coldhaka kernel is in alpha. It's a start but not a solution. > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOWr8AAoJENuP0xzK19csNYoH/iaSyiPdIK0quLx1nu3WaB1A kgqEkY2W9/JIjprX7di8POL9xOSs6m0S7GAlefuhj4XOtY2vJSbfnaBt3AkKUK/9 G0x9o6UdmbjeiXPqGDEvHi0PfKdVer138IkdcgvFmBp9WAj0mgJdq1cKrZ9VfV8s dBwX6R2uJkQ/F/EXaSuDNqy9xmI3x5Ea96pCQ8bcocj+7gSUzsVxl9F7Zkni3nUU 9ffnoxlzNMoxvqzi+liRCnwSYplNdcKkhIIJ/d/8Lz0ibyTjxkBPZFmUXYw6AKlr +FK7wrD1ODYBeYEAcHEYpU3rmUkpmvErwR2PH5ZL9BpNZ8rp5z+NhJLSldQ72kM= =lyTt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126105907.GJ1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 24, 2016 at 08:46:19AM -0800, Fabrizio Romano Genovese wrote: > Looks like qubes-mgmt-salt-vm-connector is already installed in my templates. > Are you sure the command is This needs to be installed in your _default_ template (which may be different from the one you're trying to update). > pkg.uptodate: [] > > ? This looks right in the salt documentation, but there is nothing else I can > think about... Yes, looks ok. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOYHnAAoJENuP0xzK19csTh4H/j+MXULwA3t4WHm4e3wVATQu x2WOkNyS9KUKtSCZQbpxZmAq/8urjsfTd7FMp+EoXd1P/yllaIVFjnS/BeERMpap 3rXY93bTKsL54zDzOqQEKfcAqcT61nFfCcZtB3l5W2givSlH16Q6aWrsIr5W43NB ONvl/WOSjfnfwwN7ppnXRcWUJHHgdbEISDIjaUEPURnJaICkDvSXTdiDLg2RjV6Y 15oGPL7FvBVkp6AvS6ZfAidt00ViRwldjS0xQYZA1AkWxNFiPTU2vYtwPHEIj0QP QeopTKK12DIGQJ5UFsdyMOA/uxH+VH4Tc+4Mg0ZcYwIHj+66+Us94phZ70fr1F8= =l1Fw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126123653.GB26735%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to check Fedora version of dom0?
Folks, I have already upgraded dom0 but update still fetches fc23 packages. cat /etc/*redh* shows Qubes release 3.2 (R3.2) How can I check the exact Fedora release in use for dom0? Regards, PD -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c302bb59-9e6c-4b80-a501-97c01de7d899%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to check Fedora version of dom0?
On 11/26/2016 03:13 PM, Pawel Debski wrote: > Folks, > > I have already upgraded dom0 but update still fetches fc23 packages. > > cat /etc/*redh* shows Qubes release 3.2 (R3.2) > > How can I check the exact Fedora release in use for dom0? > > Regards, PD dom0 uses fedora 23 as of now. Both /etc/fedora-release and /etc/redhat-release are customized for Qubes, because dom0 cannot be updated so lightheartedly. The qubes packages for dom0 are only for fedora 20 (older releases) or fedora 23 (R3.2). Because of the Qubes security model there is no immediate reason to have a cutting-edge dom0. The problems may be with hardware support... -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f494932-9b0e-309c-f905-f7a669db2675%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to check Fedora version of dom0?
W dniu sobota, 26 listopada 2016 15:17:25 UTC+1 użytkownik Alex napisał: > On 11/26/2016 03:13 PM, Pawel Debski wrote: > > Folks, > > > > I have already upgraded dom0 but update still fetches fc23 packages. > > > > cat /etc/*redh* shows Qubes release 3.2 (R3.2) > > > > How can I check the exact Fedora release in use for dom0? > > > > Regards, PD > dom0 uses fedora 23 as of now. Both /etc/fedora-release and > /etc/redhat-release are customized for Qubes, because dom0 cannot be > updated so lightheartedly. > > The qubes packages for dom0 are only for fedora 20 (older releases) or > fedora 23 (R3.2). Because of the Qubes security model there is no > immediate reason to have a cutting-edge dom0. The problems may be with > hardware support... > > -- > Alex Now I understand. Tx. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01d5aefd-e9f2-4e61-b5b9-8724ff394fbd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to check Qubes Debian TVM status?
Folks, I am not familiar with Debian. What is the best way to check its exact version and installed Qubes packages? Best regards PD -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/048241d9-adec-4ef3-9e5d-f64019765588%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Unsolicited feedback on qubes-issue #2455
Hi, I'm reporting some user experience tests for fedora 25 template (ref. issue mentioned in subject). I updated a fedora 24 template with many customizations on it, bringing it to f25 via DNF and enabling qubes-vm-r3.2-current-testing repo. Environment: Qubes R3.2 fully updated, i3WM as window manager. Mindset: upgrading my AppVMs, and in the meanwhile helping with issue #2455, with specific attention to graphical/GUI issues (because of recent Fedora switch to Wayland, which Qubes does not support, as mentioned by marmarek on said issue). # dnf --releasever=25 --enablerepo=qubes-vm-r3.2-current-testing update The upgrade process was smooth, took 4 hours overall (I was working during the process, so this may have slowed it down) and template size (after trim) increased slightly from 8.46GB to 8.57GB (not bad!). The repos for torproject don't have fc25 as an available release yet... As far as I am concerned, these were the measured facts: - many AppVMs started just fine after changing the template in their settings from fedora 24 to fedora 25. - firefox, thunderbird and libreoffice work just fine. Firefox can play youtube videos without delays, glitches nor jitter. - pinta (graphic manipulation program) works ok - Android studio works ok - gnome-terminal, xterm and urxvt all work with their customizations (themes) - Android emulator (emulating ARM processor, so it's normally slow) works exactly as before - Monodevelop works ok - window resizing works ok, both dragging corners (for floating windows) and splitting monitors in various ways (i3wm is a tiling window manager). Now for more unsolicited input, but trying to be as specific as I can be - please note that I don't fully understand the working of Qubes-GUID (I never studied it, until now :) - One AppVM with a lot of installed software took a couple of tries to correctly start. The first time the start failed with "qrexec daemon not running", and in guid log I found a long list of "invalid PMaxSize for 0x201d (32767/32767)" and so on. Cannot reproduce this problem. - Qubes-GUID crashed in one AppVM as soon as I started monodevelop the first time. Cannot reproduce this problem either. Error in guid log was: ErrorHandler: BadAccess (attempt to access private resource denied) Major opcode: 130 (MIT-SHM) Minor opcode: 1 (X_ShmAttach) ResourceID: 0x254 Failed serial number: 3670 Current serial number: 3671 may be related to the fact that monodevelop shows and hides many windows in rapid sequence when starting? Overall the switch was good. I'll report further problems should they arise. Thank you for your work, let me know if I can help more. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6f013db-0bcb-3395-6161-ed24461ccbe6%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unsolicited feedback on qubes-issue #2455
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/26/16 07:13, Alex wrote: > Hi, > I'm reporting some user experience tests for fedora 25 template (ref. > issue mentioned in subject). > > I updated a fedora 24 template with many customizations on it, bringing > it to f25 via DNF and enabling qubes-vm-r3.2-current-testing repo. > > [...] Thank you, Alex. This is very helpful. (Added as a comment on #2455.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYObNsAAoJENtN07w5UDAwSA4P/1DFvS5LNR9XauU0zr2OemAz HvUPb8xrvCUrPsUCFr5m3gTreD+XQphbw9WTWRSid1DEW7dNvF3a4gu5SEILPWpK 0EFNuYZW9hyNsVz8XVTneS+02hggFPrKn3DLF0Y/gtQf7//zHSKZHXLO6jlNgvDz 7IX32oq8H2h52YW/EiJ2hyHRla1aSaE0dCAVZM1x7tl2F/ibUa7OryU34/ZYzKHY YFrBGYMIdqXSX6uF2qlrWDnRnuCUSHWQPM/kJX/CrFpvoOoYHYyfBMgs16AiGcll iqq8YtuweTH8k+zwq1CRiOfZCEXJFGAgVxpN52ESDCW/NEjmZD2L4RSw4PDw+kjQ 7XfnYRFNVJ5eD5tSR5BXdL/uWIbi3xwTAjGjS9uTl4CcL05FgyzusAIEG5iFRCwQ iK4V3AdNTchg7D9ZYbOgRYqg4mkXcxZZlDlhAGXNBqu89LnZQ6pjJle/PsueVTsJ JlA/s1fVZwhCHUxA0ySMmMNe57jTQ1akEOGtDcJThrrxHsb6/ME00r1oyXXWKpWn Nj9PinitfeMsCx39XyhuAXbW3+pX8CmAqs/8jea20l7FbDjvhwtQ5pXxpyaS63Id sw/rfx3m5pRoL3ZUj1hBGeF6f5z5tVO92f9zMFaknX4vCD2JJ3LIPUiT9qJjj2Dr S6vCrSq3OaiLxXBp42uw =JUd9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25095a7f-ea68-59b1-4560-015c3c154520%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to check Qubes Debian TVM status?
On Sat, 26 Nov 2016 06:40:07 -0800 (PST), Pawel Debski wrote: > Folks, > > I am not familiar with Debian. What is the best way to check its > exact version $ cat /etc/debian_version > and installed Qubes packages? Not sure if it's the best way, but: $ dpkg -l|grep qubes -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126161906.2C4F8104A27%40mail2.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to check Qubes Debian TVM status?
W dniu sobota, 26 listopada 2016 17:19:08 UTC+1 użytkownik yaqu napisał: > On Sat, 26 Nov 2016 06:40:07 -0800 (PST), Pawel Debski > wrote: > > > Folks, > > > > I am not familiar with Debian. What is the best way to check its > > exact version > > $ cat /etc/debian_version > > > and installed Qubes packages? > > Not sure if it's the best way, but: > > $ dpkg -l|grep qubes > > -- > yaqu user@debian-8:~$ cat /etc/deb*ver* 8.6 is the newest version I guess, and for the Qubes mark I take: ii qubes-core-agent 3.2.10-1+deb8u1amd64 great, tx. Not sure however what these two iis at the beginning of the line mean. PD -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e023bea-3025-402a-b4cd-8f93315c777c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 A strange networking problem just started in the past day or so: Every few hours, around 2/3 of my VMs will suddenly lose network access. I can still ping websites from sys-net and sys-firewall, and some VMs still have normal network access, even though all of them are using the same sys-firewall. (Other devices on my LAN are also fine.) The weird part is, if I create a new, additional "sys-firewall1" ProxyVM and switch over one of the non-working VMs to it *without restarting* the non-working VM, network access gets successfully restored. So, the problem must be in sys-firewall or the AppVMs, I think. I've tried basing sys-firewall on fedora-24 and fedora-24-minimal with the same results. Also double-checked NetVM assignments and firewall rules, of course. Any ideas for logs or tools I should check to find out what's failing, or where it's failing? - - I can't imagine what caused this problem to suddenly start, except maybe a dom0 or template update, so here are the packages I've updated in dom0 recently as part of normal qubes-dom0-update: libsndfile sudo bind99-libs bind99-license ghostscript-core hswdata perf ntfs-3g ntfsprogs perl perl-libs perl-macros And here are the packages I've updated in my fedora-24 template (again, as normal updates): libicu libidn2 gnome-abrt gnome-software libdmapsharing libmetalink lz4 lz4-r131 rpm rpm-build-libs rpm-libs rpm-plugin-selinux rpm-plugin-systemd-inhibit rpm-python rpm-python3 Any ideas? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYOcmCAAoJENtN07w5UDAwiqUP/3CylKymAzATJE5e7wyG98GZ 1pByD7hTfgs5X4X56emHgO5enCZbhugQ/JJrQZj4q8vPdur2WVG99cWfi9cVnPNJ wBWo4r2O1sS0HS85o8ya6Jv93XJ+rsmScBwBobq9P/D3x5PL8petLVbpGgd02Kaw C76vPmy00ZBKaTVpGtV90bcasF6vMVLT3osymRkwOPqxbimVMUqz0tfzD3s1PI5O PpYK8Im18xjCxNhrdjY/K+jhG7mOkVssK0qc31LCK0HZ/jnaDM7gyFAb2NPKOG+w EmpuvPU6TnzUEoLhPgj9k9RlNojwqy2OuClnefN/iqvp582oIZtN4OHSaXqAsU3U Eo/MIFZqDOn9SZkyKF2lRb7Ro3DvfEXQHOHNVDbtlH/Jk1GgZ07UhaYLkRPK/m/L N2qpV9zwzeRDlBVtP0BtbdiQzQdLmUVXvcz4FxONXfARDhLMUALakXpbV8UDRqfG 2r1wNa4DrTXtL7wf0wgy9mCxYzm2IXfIISQ9t3pfXeLemu3cY5Khwz/9kB/9iKRC 86xH0j75S5YJw+caOyO4q/3AVoGbsMCseRQyKDvdeiau7jEv2Jvaf60li8nwjAgv pF1Ygq590P+WcDPGFnAqwjYc/0CyKtasWuFoAOlCXxMbZ3CLaBJdjh6XDre7wXBp Tg3rZomPyMw/9crPQVwf =gGCn -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41b2609d-2324-f6ad-6bd5-2d57b28593d1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-26 09:42, Andrew David Wong wrote: > A strange networking problem just started in the past day or so: > > Every few hours, around 2/3 of my VMs will suddenly lose network > access. I can still ping websites from sys-net and sys-firewall, > and some VMs still have normal network access, even though all of > them are using the same sys-firewall. (Other devices on my LAN are > also fine.) > > [...] Apparently, if I just wait 5-15 minutes, network access gets restored to the affected VMs. (Note: This is not a solution for me. I'm just noting it here in case it's a relevant clue to figuring out the root cause.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYOcq/AAoJENtN07w5UDAwFQMQALKWIzDdBkaC+nKtOR5oysaj f89zy8TbfFj7BYOzfzmtqTZdHhpCFFtuNy/BV/Im8FcAkASFpxmyvUMpb4LLzAJi mrpYCm4cgiekDGvZ7/Z7+HP7layGnD1afRmGk2yuExeZZdLjfA2ukxYbGjptnVSL 1AA/HL2LFgXhbEwauuzlJOvn/1EivXb81b5LqgIHqAwcPeEtrtJR5AJJslQTyMcJ AvzHEUjHKvMAyvR9YYU4pdP+4uOmD7j0n430iBW2K1XiYqy3E3/XwTYb4461l99D AwUk9vPbmmi8hX6+pJc7dGMuSxNUawkRbVTMZNYazQ8cc9+BqvP5ZGLY+PeT4NuO 3WspLob19QD9ELGDjC2z40V9+sD2ufbcbFEsHKIVRiUXWWCWCcUMG9BfOKNnI59L AQFag5MN+GSlFZzVuLXW9TriTZhYG81FlBYyvVFXsqatsC2GBexJ1825JZiV2m7M MPrNMhsAFoVhd9LHeGLIWzX60LtDI9/6voSEYurMqVIjduYKk/uqjuulQBgEF6d3 Xvo74fm7sScBCN18hvqHP8r6z3TQcc16RbGXBquW6zjBao1K3yrDEJVQHgBDb5Mm qHN0Q41gr0YYV4qkwhLT6PMCAq9qs5Xz3xDstnGpZXMezzP74vCQzY9n7Kgz9UIS S4ZZZljEEiKXeVa39ia+ =oDOf -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c7da884-359c-dcdf-0ead-f756e0426247%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Creating USB qube: PCI device in use by driver xenlight
Folks, I'm trying to create a VM that will handle all USB devices that are or may be connected to the machine. 1. I have created a new AppVM based on fedora-24-full-sw template. 2. fedora-24-full-sw template is a copy of Fedora 24 template with all sorts of additional software installed, for example for Bluetooth handling, 3G modem, finger print reader, camera, flash card reader and so on. 3. I have assigned an USB controller to the newly created AppVM and switched-off memory balancing in the options as recommended by the message on "Advanced" tab. 4. When I'm trying to start the VM I'm getting the following message: "PCI device in use by driver xenlight" Please note that at the moment only one single USB bus is assigned to this VM. Without any assigned devices this VM starts properly. What shall I do to make it work with USB bus? Best regards PD -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f6372346-5253-42b4-bc93-70bf2b3f2339%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Creating USB qube: PCI device in use by driver xenlight
W dniu sobota, 26 listopada 2016 18:53:26 UTC+1 użytkownik Pawel Debski napisał: > Folks, > > I'm trying to create a VM that will handle all USB devices that are or may be > connected to the machine. > > 1. I have created a new AppVM based on fedora-24-full-sw template. > > 2. fedora-24-full-sw template is a copy of Fedora 24 template with all sorts > of additional software installed, for example for Bluetooth handling, 3G > modem, finger print reader, camera, flash card reader and so on. > > 3. I have assigned an USB controller to the newly created AppVM and > switched-off memory balancing in the options as recommended by the message on > "Advanced" tab. > > 4. When I'm trying to start the VM I'm getting the following message: > "PCI device in use by driver xenlight" > > Please note that at the moment only one single USB bus is assigned to this VM. > Without any assigned devices this VM starts properly. > > What shall I do to make it work with USB bus? > > Best regards > PD put following command in dom0 terminal: qvm-prefs -s vmname pci_strictreset false -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3302dab9-e690-4c67-aa9f-77811819bebc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Creating USB qube: PCI device in use by driver xenlight
W dniu sobota, 26 listopada 2016 18:56:49 UTC+1 użytkownik Grzesiek Chodzicki napisał: > W dniu sobota, 26 listopada 2016 18:53:26 UTC+1 użytkownik Pawel Debski > napisał: > > Folks, > > > > I'm trying to create a VM that will handle all USB devices that are or may > > be connected to the machine. > > > > 1. I have created a new AppVM based on fedora-24-full-sw template. > > > > 2. fedora-24-full-sw template is a copy of Fedora 24 template with all > > sorts of additional software installed, for example for Bluetooth handling, > > 3G modem, finger print reader, camera, flash card reader and so on. > > > > 3. I have assigned an USB controller to the newly created AppVM and > > switched-off memory balancing in the options as recommended by the message > > on "Advanced" tab. > > > > 4. When I'm trying to start the VM I'm getting the following message: > > "PCI device in use by driver xenlight" > > > > Please note that at the moment only one single USB bus is assigned to this > > VM. > > Without any assigned devices this VM starts properly. > > > > What shall I do to make it work with USB bus? > > > > Best regards > > PD > > put following command in dom0 terminal: qvm-prefs -s vmname pci_strictreset > false Tx Greg, that works. Can we briefly discuss how much does it lower the security of the workstation. I mean: does it really allow to plug-in fabricated USB device to install keylogger to obtain credentials to highly sensitive applications running in other qube (say VaultVM). What other potential attack scenaria does it open? (assuming that one is interested only to protect VaultVM transient content) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c48ebb07-ed82-418d-9276-b5623e5bc815%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes AppVM full screen in a window
Folks, How can I start AppVM to see all the boot messages and have it to have a separate desktop in a window just I like I am used to in VMWare or Virtual Box? I mean I do not want the VM to grab the whole screen but rather have it in a separate window that from the VM point of view is the whole screen. Best regards PD -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc7251ee-fbe6-414d-9b2f-35ef80f397c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
On Sat, Nov 26, 2016 at 12:42 PM, Andrew David Wong wrote: > Any ideas for logs or tools I should check to find out what's > failing, or where it's failing? I'd start with: dmesg, ifconfig -a -v, tcpdump, iptables-save. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_BL4DzDKrz-Eag5oXmPt4P3h3%3DR8-Xyb2xGTfOJVmX1yw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
On Sat, Nov 26, 2016 at 2:25 PM, Jean-Philippe Ouellet wrote: > On Sat, Nov 26, 2016 at 12:42 PM, Andrew David Wong wrote: >> Any ideas for logs or tools I should check to find out what's >> failing, or where it's failing? > > I'd start with: dmesg, ifconfig -a -v, tcpdump, iptables-save. Particularly tcpdump on both sides to see where the packets are being dropped. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_B_SnNiBGE%3DXYqq_gnEVmYJ22BSiTUXwKnTHvoGk4zvDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes AppVM full screen in a window
Am Samstag, 26. November 2016 20:15:03 UTC+1 schrieb Pawel Debski: > Folks, > > How can I start AppVM to see all the boot messages and have it to have a > separate desktop in a window just I like I am used to in VMWare or Virtual > Box? > > I mean I do not want the VM to grab the whole screen but rather have it in a > separate window that from the VM point of view is the whole screen. > > Best regards > PD Go to Qubes VM Manager, open the settings of the VM you want to have windowed and uncheck enable Seamless GUI under the basic tab. That should show it like VmWare inside a window with all controls. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9d49239c-a7c7-424b-bd01-23e6ce9628b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 3.2 Installation Issues: anaconda 'text mode' Installation Destination autopart failed LUKS
Any further insights on this, experts? This issue is a complete show stopper right now and nothing I can find online seems to directly address it. Thanks again for any assistance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11b8b17f-f8b9-4d98-9a64-0f8a65557613%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL submission : Dell Precision 5510
Hi, I've just installed Qubes 3.2 on a new Dell Precision 5510 laptop, and it seems to be working fine. I've just had to disable secure boot and UEFI, then it went smoothly. The touchpad did not work in the installer, but after that it works OK. I've also had to disable wake on USB-C, to make suspend work. regards Tomas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc57d3a6-fcd9-d2e8-c478-c4af94d99bcf%40fuzzy.cz. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Dell_Inc_-Precision_5510-20161126-214715.yml Description: application/yaml
Re: [qubes-users] How to check Qubes Debian TVM status?
On Sat, 26 Nov 2016 09:35:59 -0800 (PST), Pawel Debski wrote: > user@debian-8:~$ cat /etc/deb*ver* > 8.6 > > is the newest version I guess Correct, 8.6 is currently the latest 'stable' release. https://www.debian.org/releases/ > and for the Qubes mark I take: > > ii qubes-core-agent 3.2.10-1+deb8u1amd64 > > great, tx. > Not sure however what these two iis at the beginning of the line mean. First character shows the desired state of package, and second shows its current state. "ii" means package should be installed and it is installed. More details you can find in manual: $ man dpkg-query -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126212307.6D18F207007%40mail.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Creating USB qube: PCI device in use by driver xenlight
W dniu sobota, 26 listopada 2016 19:52:39 UTC+1 użytkownik Pawel Debski napisał: > W dniu sobota, 26 listopada 2016 18:56:49 UTC+1 użytkownik Grzesiek Chodzicki > napisał: > > W dniu sobota, 26 listopada 2016 18:53:26 UTC+1 użytkownik Pawel Debski > > napisał: > > > Folks, > > > > > > I'm trying to create a VM that will handle all USB devices that are or > > > may be connected to the machine. > > > > > > 1. I have created a new AppVM based on fedora-24-full-sw template. > > > > > > 2. fedora-24-full-sw template is a copy of Fedora 24 template with all > > > sorts of additional software installed, for example for Bluetooth > > > handling, 3G modem, finger print reader, camera, flash card reader and so > > > on. > > > > > > 3. I have assigned an USB controller to the newly created AppVM and > > > switched-off memory balancing in the options as recommended by the > > > message on "Advanced" tab. > > > > > > 4. When I'm trying to start the VM I'm getting the following message: > > > "PCI device in use by driver xenlight" > > > > > > Please note that at the moment only one single USB bus is assigned to > > > this VM. > > > Without any assigned devices this VM starts properly. > > > > > > What shall I do to make it work with USB bus? > > > > > > Best regards > > > PD > > > > put following command in dom0 terminal: qvm-prefs -s vmname pci_strictreset > > false > > Tx Greg, that works. > > Can we briefly discuss how much does it lower the security of the > workstation. I mean: does it really allow to plug-in fabricated USB device to > install keylogger to obtain credentials to highly sensitive applications > running in other qube (say VaultVM). > > What other potential attack scenaria does it open? > (assuming that one is interested only to protect VaultVM transient content) If the device is assigned to one vm only at all times then it doesn't lower security afaik. PCI strict reset is used to reset the device's state when moving the device between machines. If the device is not moved between machines then it shouldn't matter. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c965fe62-57f0-4dc1-ad5a-ba3108df6b15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unsolicited feedback on qubes-issue #2455
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 26, 2016 at 04:13:48PM +0100, Alex wrote: > Hi, > I'm reporting some user experience tests for fedora 25 template (ref. > issue mentioned in subject). > > I updated a fedora 24 template with many customizations on it, bringing > it to f25 via DNF and enabling qubes-vm-r3.2-current-testing repo. > > Environment: Qubes R3.2 fully updated, i3WM as window manager. > > Mindset: upgrading my AppVMs, and in the meanwhile helping with issue > #2455, with specific attention to graphical/GUI issues (because of > recent Fedora switch to Wayland, which Qubes does not support, as > mentioned by marmarek on said issue). Thanks! I was planning to send a little announcement asking for testing today/tomorrow, but I guess you read my mind ;) I've uploaded packages to repository just today... > # dnf --releasever=25 --enablerepo=qubes-vm-r3.2-current-testing update > > The upgrade process was smooth, took 4 hours overall (I was working > during the process, so this may have slowed it down) and template size > (after trim) increased slightly from 8.46GB to 8.57GB (not bad!). The > repos for torproject don't have fc25 as an available release yet... In my case upgrade was somehow faster - like 1h or so. But I wasn't using the machine in the meantime. > As far as I am concerned, these were the measured facts: > - many AppVMs started just fine after changing the template in their > settings from fedora 24 to fedora 25. > - firefox, thunderbird and libreoffice work just fine. Firefox can play > youtube videos without delays, glitches nor jitter. > - pinta (graphic manipulation program) works ok > - Android studio works ok > - gnome-terminal, xterm and urxvt all work with their customizations > (themes) > - Android emulator (emulating ARM processor, so it's normally slow) > works exactly as before > - Monodevelop works ok > - window resizing works ok, both dragging corners (for floating windows) > and splitting monitors in various ways (i3wm is a tiling window manager). In addition to this, all automatic tests also passes, so basic things like DispVM, NetVM etc should work. > Now for more unsolicited input, but trying to be as specific as I can be > - please note that I don't fully understand the working of Qubes-GUID (I > never studied it, until now :) > - One AppVM with a lot of installed software took a couple of tries to > correctly start. The first time the start failed with "qrexec daemon not > running", and in guid log I found a long list of "invalid PMaxSize for > 0x201d (32767/32767)" and so on. Cannot reproduce this problem. This particular message shouldn't be a problem, probably the reason is somewhere else. Do you still have the last message of the log? > - Qubes-GUID crashed in one AppVM as soon as I started monodevelop the > first time. Cannot reproduce this problem either. Error in guid log was: > > ErrorHandler: BadAccess (attempt to access private resource denied) > Major opcode: 130 (MIT-SHM) > Minor opcode: 1 (X_ShmAttach) > ResourceID: 0x254 > Failed serial number: 3670 > Current serial number: 3671 > > may be related to the fact that monodevelop shows and hides many windows > in rapid sequence when starting? Yes, it may be. Very similar error (#2171) was already fixed some time ago, but apparently not all the cases. Anyway it's rather problem in gui-daemon, independent of Fedora version. > Overall the switch was good. I'll report further problems should they > arise. Thank you for your work, let me know if I can help more. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOhO2AAoJENuP0xzK19cs/8EH/2DjYZVaLLh0RiYY4OmESN/Q 17Wb9B7fst6S74NAE2jwMv6H46QtaT3PvAZj/DFVOUDcpJpqEQ8yebwgwaAC7k/1 ZXTCBX7igAP081QdMUzUyIBjQlH3iD69cwstJ563TBlSwniyp1xDayV1vvwl/x3H ZgPOca5JmtaT8gWtDC9hPGkSL+EUCarAu6nV1Ws/5D3D27lxexBfQkr7VDLrAoHG ib/OdvuJg6TLLw8xVoGcRJByc62MkpvgLmHMwSGfiI1fkOJDv5iU4uLKvVEWNRub g7AbelyuFEX4rG6BhB/q1usdwiSmU087ia8w+QIEcxsLi9iIANOfoqJ1We6LXIs= =gR7B -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126225902.GP1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 26, 2016 at 09:47:46AM -0800, Andrew David Wong wrote: > On 2016-11-26 09:42, Andrew David Wong wrote: > > A strange networking problem just started in the past day or so: > > > > Every few hours, around 2/3 of my VMs will suddenly lose network > > access. I can still ping websites from sys-net and sys-firewall, > > and some VMs still have normal network access, even though all of > > them are using the same sys-firewall. (Other devices on my LAN are > > also fine.) > > > > [...] > > Apparently, if I just wait 5-15 minutes, network access gets > restored to the affected VMs. (Note: This is not a solution for me. > I'm just noting it here in case it's a relevant clue to figuring > out the root cause.) Do you see some correlation with: - starting/stopping another VM? - affected VMs have or not firewall rules? Also, check if restarting qubes-firewall service in sys-firewall helps (and check it status first). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOhUMAAoJENuP0xzK19cs6fYH/1kn6ZYkJI4aXhBj3qN+pTKT yKT9LLSu1Cc5SP/fx4Yi5RinJ2W5++lzhqImsWgeDekN4VdFJuAoaGPSuumyUgzn 2vnttfm8QaBZhftqeU/Sp524Yoodo0GNzLY/uUDwahLvrjiGo/h8SquwI2hQbX61 oPxN0S6Rd6rv2CA4PUVhQeoj5ksSXDrAcP6MndxAZr2O8cYsYN5wndDPy1kF7pIm Bb0DUFE0+Ntd53EKFd5FyiGkJai8GxSoCmAEluDPjJn2AuXgeqPQGBsrBLoga34h lc9/eNhLmUte91BQHOQra5mBajcat2u7eVw7+AOCMVJuDm9Ki/QrVuTJaPtrk4U= =1JzG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126230444.GQ1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
On 11/26/2016 12:42 PM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 A strange networking problem just started in the past day or so: Every few hours, around 2/3 of my VMs will suddenly lose network access. I can still ping websites from sys-net and sys-firewall, and some VMs still have normal network access, even though all of them are using the same sys-firewall. (Other devices on my LAN are also fine.) The weird part is, if I create a new, additional "sys-firewall1" ProxyVM and switch over one of the non-working VMs to it *without restarting* the non-working VM, network access gets successfully restored. So, the problem must be in sys-firewall or the AppVMs, I think. I've tried basing sys-firewall on fedora-24 and fedora-24-minimal with the same results. Also double-checked NetVM assignments and firewall rules, of course. Any ideas for logs or tools I should check to find out what's failing, or where it's failing? - - I can't imagine what caused this problem to suddenly start, except maybe a dom0 or template update, so here are the packages I've updated in dom0 recently as part of normal qubes-dom0-update: libsndfile sudo bind99-libs bind99-license ghostscript-core hswdata perf ntfs-3g ntfsprogs perl perl-libs perl-macros And here are the packages I've updated in my fedora-24 template (again, as normal updates): libicu libidn2 gnome-abrt gnome-software libdmapsharing libmetalink lz4 lz4-r131 rpm rpm-build-libs rpm-libs rpm-plugin-selinux rpm-plugin-systemd-inhibit rpm-python rpm-python3 Any ideas? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org Check out this thread: https://groups.google.com/d/msgid/qubes-users/3aa66b77-9a06-83d8-d965-6583ef10d2a9%40gmail.com Author claims its dependent on running Qubes in a VM, but the symptoms are about the same and the trigger is a switch to fedora 24. My own problem with fedora 24 is that the minimal template seems incapable of acting as a simple Qubes firewall. No time to troubleshoot it. You may want to switch to debian for your service VMs... Versions 8 and 9 are working well for me. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3872bce-42ed-8fef-0a0f-fec31e294ee6%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes can not decrypt the root directory partition.
Regards!: Although it was today that for the first time that I join the group, I have been using Qubes for years. But today when I wrote the disk encryption password, the system displays a message saying it can not boot. Try to load the encrypted disk with a bootable pendriver that has the Tails operating system installed, from the file browser, asked for the password, I wrote it, but could not load the partition of the hard disk containing Qubes. The unencrypted partitions were able to load and read them. I understand that maybe I should give more information to solve the problem. I will provide the information requested. I write from Venezuela, I translated this with the help of Google. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca686404-6483-4f31-baec-da44de0021e9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes AppVM full screen in a window
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 26, 2016 at 11:15:03AM -0800, Pawel Debski wrote: > Folks, > > How can I start AppVM to see all the boot messages and have it to have a > separate desktop in a window just I like I am used to in VMWare or Virtual > Box? > > I mean I do not want the VM to grab the whole screen but rather have it in a > separate window that from the VM point of view is the whole screen. This isn't possible for standard AppVMs - this part (emulated GPU) is intentionally disabled there. If you really want, for whatever reason, you can: - start vncserver in the VM and connect to it from the same VM - create HVM and install some linux (or other system) there - HVMs are running with emulated GPU and can be viewed with full desktop in a window: https://www.qubes-os.org/doc/hvm/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOiDwAAoJENuP0xzK19csq5sH/R60sxQDrUZlMo4gHtjop1a0 rSXv34phAvWcKzaGi4SIT35BuyclZ6HROl+jO3lRVXS24+yV1pavXGi7E8G2sCTg DsCtFVd6lk+mpxYEcj6jo35HUuXiFUl4CbRP11mTQerUw9QWnl4x3BqQzTlNtGBJ u8vUhbClUR15CAJOWLgtQZYTBZnWJ8iZIRiz7AQjSj0HiEu0/8xO7HWc8Ri4VNLE aNpMOiQxIv1OrtgL7tbN4IyxkLArQ6jn9gkPEZeUv5Qj2fFBHJyBIAmiiZtaC5UX Mda3CKYFZXqasYKe+3OPVCIxPJW7y7Bh++Gw6StvQ6JD3N1NL0g6kk9SobhT8VE= =dn8N -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161126235528.GR1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS 3.2 Installation Issues: anaconda 'text mode' Installation Destination autopart failed LUKS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 22, 2016 at 04:16:40PM -0800, pixelit...@gmail.com wrote: > Device: Lenovo ThinkPad L450 modified with OCZ Trion 150 (480GB) SSD > Installation Setup: USB Drive with prepared ISO, using Basic Graphics mode > under Troubleshooting due to system lockup in GUI mode. > > Primary Problem: When trying to setup partitioning, and selecting either > Standard or LVM, this error occurs: "storage configuration failed: autopart > failed: Encryption requested for LUKS device sda2 but no encryption key > specified for this device. > > Could this have something to do with the fact that the original SSD had OPAL > 2.0 and the replacement SSD does NOT have that feature? Am I unable to use > the OCZ drive as a result, or is this something entirely different. Take a look here: https://github.com/QubesOS/qubes-issues/issues/1161#issuecomment-156713740 In short: text based installer currently requires some additional manual steps. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOiIfAAoJENuP0xzK19cs5+IH+wcLzDyV+ajXvwc4zd7Ia3Bv USELUJ6lfvNgDaRDzwc6TGWkQxAw6CdQmudtiBPADMUjO8/r/5q8dRAeAEUQd0/6 8Qbtj2ddAIkHdGAo4WBm27Eh4ocsNlFY11aYABB4LzXIAN78h5uCbNh5do/jTStO BAylypoGpLysDuG5nNtNA00qd0Py5yg7T3EK71XGj2HAyUmos048EtQDSNgJPPHR BWzpEUOScz4tKOC+68e5EYvj7cQz6NTw8SbCQmRsCZJ929TuqWzeNbRrBcipopyi Iq38acOGGDGiwifjx1sSVC3KQBhI0FIOOUzGGdMYCbz93T6TWLZ0e7B1xJ0owJE= =Qo48 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016112731.GS1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes can not decrypt the root directory partition.
On Sat, 26 Nov 2016 15:35:06 -0800 (PST) Alexander Villalba wrote: > Regards!: > > Although it was today that for the first time that I join the group, > I have been using Qubes for years. But today when I wrote the disk > encryption password, the system displays a message saying it can not > boot. Try to load the encrypted disk with a bootable pendriver that > has the Tails operating system installed, from the file browser, > asked for the password, I wrote it, but could not load the partition > of the hard disk containing Qubes. The unencrypted partitions were > able to load and read them. Actually similar issue has happend to me. The partition was no longer accessible via Qubes boot process nor Qubes USB with properly set keymap. This happened after upgrade/reboot cycle, although I suspect some kind of HW issue. According to cryptsetup/luks man page, you should always have a backup of LUKS partition header as it may get corrupted. Due to some anti-forensic techniques in place such corruption is claimed to be irrecoverable. Hope that you had backups. Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127010638.6fa91243%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VT-d support in hcl report
On Thu, 24 Nov 2016 09:33:23 +0100 Zrubi wrote: > > Well, as you noted the qubes-hcl-report tool relays on xl info, and xl > dmesg output. > If both states tat IOMMU is enabled: > > > virt_caps: hvm hvm_directio > > (XEN) I/O virtualisation enabled > > what else can it say? > > If you 100% sure that this is a false positive, then we should address > this issue for sure. > However I can't see how we can check if IOMMU is really working? Maybe > we can try DMA attack PoC script and try to break out from a netvm for > example? > (of course not as part of the hcl report :) Thanks for your reply. After reading it I realized that I should probably ask at Xen devel mailing list. I am not 100% sure, but the specs about my HW says so(and I am 100% sure about what HW I have). Anyway, I like the idea of DMA PoC attack. Sounds like a definitve measure of VT-d separation. Are there any PoCs publicly available? Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127011328.2c7c0f51%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes can not decrypt the root directory partition.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 26, 2016 at 03:35:06PM -0800, Alexander Villalba wrote: > Regards!: > > Although it was today that for the first time that I join the group, I have > been using Qubes for years. Welcome! > But today when I wrote the disk encryption password, the system displays a > message saying it can not boot. Try to load the encrypted disk with a > bootable pendriver that has the Tails operating system installed, from the > file browser, asked for the password, I wrote it, but could not load the > partition of the hard disk containing Qubes. The unencrypted partitions were > able to load and read them. I guess you've checked obvious things like Caps Lock or such? Or maybe some key on your keyboard is broken? Or maybe different keyboard layout? Generally the above looks like you're entering wrong password (at least from the tool point of view), or your data is somehow broken (faulty disk or such). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOijyAAoJENuP0xzK19cstjAH/ij27PGHgC+adC3yNXFaS01F vxVQS0/gpz5HAVkna7YDlKBH4UaGV5V/CTz++VZg4i0YNoxoxADcP93JxOrGu9fK +xbnxWvc3UYI6BW9fVtkxWA1MjypTe6TFRMu3v7wtdHM46qj13bYSTIoSPMxs8+D /mYg+MmLxIfpxtvFI3KIkPYjOZBaxE72Bn0vpRh+foPoYOAsWZeYxSD7hymwHIlM Je7aLZjVhQ8qZMC/CIEBaJquqBeRV6P2cGyWc2phMJi4xAV/cXek9FBbjO0gpzfV kuEH2T1DCGwswh18Ee4demSeGWnBiJl4cTlIn7ydrHvd6JcdvfPNkgT7aN+3Qsk= =hVpl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127002938.GT1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-26 09:42, Andrew David Wong wrote: > A strange networking problem just started in the past day or so: > [...] Thanks for the tips, Jean-Philippe, Marek, and Chris! On 2016-11-26 11:26, Jean-Philippe Ouellet wrote: >> I'd start with: dmesg, ifconfig -a -v, tcpdump, iptables-save. > > Particularly tcpdump on both sides to see where the packets are being dropped. > Ok, thanks. Will do. On 2016-11-26 15:04, Marek Marczykowski-Górecki wrote: > Do you see some correlation with: > - starting/stopping another VM? > - affected VMs have or not firewall rules? > > Also, check if restarting qubes-firewall service in sys-firewall helps > (and check it status first). I didn't notice any, but I'll check again if/when it recurs. On 2016-11-26 15:28, Chris Laprise wrote: > Check out this thread: > https://groups.google.com/d/msgid/qubes-users/3aa66b77-9a06-83d8-d965-6583ef10d2a9%40gmail.com > > Author claims its dependent on running Qubes in a VM, but the symptoms are > about the same and the trigger is a switch to fedora 24. > > My own problem with fedora 24 is that the minimal template seems incapable of > acting as a simple Qubes firewall. No time to troubleshoot it. > > You may want to switch to debian for your service VMs... Versions 8 and 9 are > working well for me. > > Chris > I did notice that other read, but at a glance I thought it was about a different issue. I'll give it a second look. The funny thing is that fedora-24-minimal had been working fine as a firewall (at least as far as I could tell) until just very recently, and fedora-24 (full) also exhibited the same problem. If I can't get it resolved quickly on Fedora, I'll certainly give Debian a try! :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYOjnKAAoJENtN07w5UDAwziEP/A699pbXl884HraKrFCnP2oH dYwL81u5zj0y+wuPmB4HjQojVGTPrG4WCGunN6gPtwfbPP3+MpigXNj97HfPG/iK 8n79KfROJI2EooEMxMG8pGq3+8egSZj6ZZrlAricyt82HcO2WLeN/TGMSVArrhR/ kw31OmWZN1r1si2tn+XsM9kzvxkI+WnYZts+MtNi+iPiN9qGXi8VBhDSe/5ZETm8 VzE50avSFeCoyDVtmYJVIO1DzI5JyQHZ2G0pHPCp0CcEgjdL22FuWKUoXotEbYvO iavRN2W8SxG2K37TdKmTjJf72ZoHVKKdTlzsQHSVNcMfeTRRvv4D3O5pFoTCMIFz MCA0/EsZIAZ7XEVHgxIOjBL/xUoq9ubmbfr2JVLTbr/ZcGS86fw/4nLGNTP2ASDo Kpa83lhkMGzWBfDTZF65SucBYUUId6nqNDXedcRj9ejsAaNCQEIVH0Djt7Wo6RpF 2gAp6WOjsNZpS1chM9L4Dl/BdkSTFO45XhVTcu/3wLOt2Mn92N6mhrrex3o2CrSu 26k1D8iiwu8L71ovhr8DqQF/jhREjcewW81PNSKTqvP524vnogHpeHKAICo7VUT/ 5h+rTexkpZ/ejqs59PS9z4GNVvLtkmP1jhs7iaVCy1IS+gGlPBBJYlQuecJq0ugP NXKsfLF+UYtj67UlkLrj =PEC4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b549b462-0422-d6ec-59eb-4c06555cc320%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] custom kernel doesn't work installed in debian cloned template
I followed instructions to install pvgrub2-xen in dom0. Then in template vm installed qubes-kernel-vm-support and grub2-common. Then i installed the distribution kernel from debian repos with apt-get (3.16). then update-grub and shutdown but It doesn't work right. I eventually would like to be able to compile my own kernel, was hoping it would be easier with pvgrub support but I think I must be missing something. When I boot it after selecting pvgrub in kernel settings. sudo xl console sows it has booted fine but then is asking me for a login. If I type root i get root. But I can't load any applications in the gui environment. from dom0 terminal or from the start menu on desktop. Thanks, Rich -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d38ecb0b-88c6-4e16-a9f4-a5bf911c4275%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.