Re: [qubes-users] Qubes and ram

[Ted Brenner]

I added another 8 GB so now I'm at 16 total and I've not run into any
issues yet. knock on wood. I think the max I've had is 9 VMs including the
sys-net, sys-firewall and sys-whonix. One being a Windows HVM. I plan to
optimize my setup at some point but right now there's no rush.

On Sat, Mar 4, 2017 at 2:50 PM,  wrote:

> On Wednesday, February 22, 2017 at 10:35:11 AM UTC-5, Laszlo Zrubecz wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On 02/22/2017 04:09 PM, Ted Brenner wrote:
> > > I have 8 GB of RAM and I feel like I can't have more than 3 AppVMs
> > > open (with Chrome) before I hit a limit and can't open up anymore
> > > appVMs. Could be my configuration in terms of what minimal amount
> > > of memory I assign though I'm using everything as it comes right
> > > out of the box. If someone can get 12, I must be doing something
> > > wrong.
> >
> > Well that 12 online VM are distrbuted something like:
> >
> > sys-firewall
> > WiFi
> > Ethernet
> > sys-usb
> > 2 different VPN proxy VM
> >
> > those are with only 300Mb initial 512Mb max memory.
> >
> > the remaining ~6  AppVMs are starting with 512Mb to 2048Mb max.
> >
> > Of course all depend on what you are suing in those VM's. But I
> > usually have at least 1 browser +terminals  +mail clients open.
> >
> >
> > - --
> > Zrubi
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v2
> >
> > iQIcBAEBCAAGBQJYra+gAAoJEH7adOMCkunmCkQQAI10dZeSNyrth4HpPYZFzOG0
> > zgqVBdzfb0hQuG9ZVe0djVmEmn3kDueDFNDZx3xB28KrM3vuHLnW9jz8We1tkuAx
> > MqhUXjcxzkJRu2ZuWwRiXPa/TWI3h3vIALZosgvuKhQJ/QVFzvqIQKf4gqPzszkn
> > nglHgdrZK8rH90bxbFko798Ti7gU74tEIK3N6xq6/5KIRAC/9JJpCBr0zzmSqUaK
> > srsq1Sn2Ve5vtQmSSL/QC7E6Qr8FUkwsJYOYEMwHubr7QkNGIfmyc6UfI1YkLo6z
> > RjTZzxuyv7TXHa0sdK72NoLMI9xpoBTmWDiFTu5AYXiDo+Nc2mhXYa1iuYr2bPLy
> > TM049KFGqUBd+RD2FT1vDx3JjkVGtYCgBQEBesypOFUnyZYRuc+nbuUTqVqm4g4g
> > E72C9eKO2dH0IqaTYiBJQGyQVIK3k5cg/01brPhDFyWOV7ws2zzKwKHmRMJY0COc
> > dKiI2P+1w52Xo7XJ7OS/rB6M8A7h9d09dDw92fUGZdBl/vAYObnFAL8/+7pERZz7
> > YydSnTjY9k+OG05f4kd+PrCjV2BJSNkmNT2VyzIHKI5EaRwLsOcMWPvmp8TvjG3Y
> > Xzzo7uUE0BDZ67iiH5D4NFDmWaqnDXLl7z486e1MqPosWozm1Kta+bma9TqHRaQt
> > zYzHA79W2uCaBimT7eKU
> > =xQ1o
> > -END PGP SIGNATURE-
>
> ya just browsing can eat all 8gb of ram nowadays haha.




-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutwHrvW91NCMQkUjk9JSS-wSdtoOpcAmLfp90dLm1zmhyw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Assigning microphone to AppVM from terminal

[Unman]

On Sat, Mar 04, 2017 at 05:37:38PM -0800, Fabrizio Romano Genovese wrote:
> As the title says. I've built a little toggle script to automatically 
> attach/detach my camera to an appvm. For the sake of completeness, I'd like 
> to do the same for the internal microphone.
> 
> Since microphone can be attached/detached to/from an appvm using Qubes 
> manager, I suppose there is some kind of script in dom0 that is invoked to 
> perform this operation.The problem is that I don't know where I have to look 
> to find it.
> 
> Can someone help me?
> 
> Thanks for your Time,
> Fab
> 

I dont think there's a separate script - there's code in
/usr/lib64/python/2.7/site-packages/qubesmanager you can adapt.
Look in main.py

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170305033546.GC12046%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] install python(abi) in dom0

[Unman]

On Sat, Mar 04, 2017 at 07:30:52AM -0800, sofoob...@gmail.com wrote:
> Trying to fix my borked Qubes install, would really appreciate a quick 
> pointer...
> 
> Qubes packages in dom0 won't install because of missing dependency python(abi)
> 
> Requires: python(abi) = 3.4
> 
> I've spent hours reading python and fedora and qubes mailing lists and I 
> cannot figure out what abi is or where to get it.
> 
> No net access, only 3.2 install media in rescue
> mode
> 
> help?
> 
> thanks
> sf
> 

look on the install disk under Packages/p
You need to install python-2.7.11-10.fc23.x86-64.rpm
It provides python(abi)

rpmfind.net is a good resource to use in this sort of case.

Good luck

unman



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170305032309.GB12046%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Unman]

On Sat, Mar 04, 2017 at 11:30:35PM -, pixr...@mail2tor.com wrote:

> What needs to be done that IMAP goes over TOR? can this be done and if so
> how should I set it up in Qubes?
> 

Just put your mail qubes downstream from a TorVM, so that the traffic is
routed through Tor.
Or look at implementing this on a whonix workstation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170305030914.GA12046%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Assigning microphone to AppVM from terminal

[Fabrizio Romano Genovese]

As the title says. I've built a little toggle script to automatically 
attach/detach my camera to an appvm. For the sake of completeness, I'd like to 
do the same for the internal microphone.

Since microphone can be attached/detached to/from an appvm using Qubes manager, 
I suppose there is some kind of script in dom0 that is invoked to perform this 
operation.The problem is that I don't know where I have to look to find it.

Can someone help me?

Thanks for your Time,
Fab

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d36dae6c-98ca-4d3b-9893-cd5a1d648820%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Attaching a single USB device to a qube (USB passthrough)

[Franz]

On Sat, Mar 4, 2017 at 5:14 PM,  wrote:

> On Saturday, March 4, 2017 at 10:18:18 AM UTC-5, Francesco wrote:
> > Hello,
> > for the first time I am trying this new feature of Qubes 3.2 with the
> idea of using attaching a scanner to a scannerVM.
> >
> > Fist installed qubes-usb-proxy and simple-scan in the template from
> which both sys-usb and scannerVM depend.
> >
> > Then connected the usb cable and the scanner appeared in sys-usb
> terminal:
> > user@sys-usb:~$ lsusb
> > Bus 003 Device 005: ID 04a9:190f Canon, Inc.
> > but
> > it does not show in dom0 with
> > qvm-usb
> > as taught at the end of this document:
> > https://www.qubes-os.org/doc/usb/
> > In fact only the webcam appears there.
> >
> >
> > So which is the difference between webcam and scanner? Perhaps that the
> webcam was already installed at boot, while the scanner was connected
> after? But from a security point of view is it advisable to boot with the
> scanner already connected?
> > Best
> > Fran
>
> did you install proxy in the usb vm too?>


yes

> not sure havent; tried with a scanner only printer.  I still print and
> scan over network with a raspberry pi that i set up on earlier version of
> Qubes.


That may be a cleaner way to do that

>   I;ve gotten android phone to work as single usb device though too.
> maybe scanner use some diff protocol or port?
>

May be, but it seems strange that qvm-usb does not see it
Best
Fran

>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/5fe54565-d6f7-4aa3-a61d-28ed0e0cefbb%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qDOsiUV2aqRSYOGZvEr%2B5xxNHNqi%3DxeGjO_uQ11PetxXQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[pixr811]

Hi Tim,

>On Thu, Feb 23, 2017, pix...@mail2tor.com wrote:
>> [user@mail postfix]$ make
>> Makefile:2: *** missing separator.  Stop.
>>
>> Any idea where to start troubleshooting from this point on?

>On Thu, Feb 24, 2017, timw...@gmail.com wrote:
>This generally indicates that you have a syntax error in the Makefile.
>Spaces not tabs would be an obvious error, particularly if you have
>just done a cut and paste job. Try replacing indent spaces with tabs.

exactly this was the problem (no spaces allowed).
I followed all 3 howtos to install fetchmail + postfix + mutt.

1) Install a MRA (Mail Retrieval Agent) to receive Email via IMAP/POP
   => Fetchmail
  Install Howto: https://www.qubes-os.org/doc/fetchmail/

2) Install a MTA (Mail Transfer Agent) to send Email via SMTP
   => Posfix
  Install Howto: https://www.qubes-os.org/doc/postfix/

3) Install Textmail-Client
   => MUTT
   Install Howto: https://www.qubes-os.org/doc/mutt/

In the end I was unable to receive emails with this setup and honestly I
didn't understand why I need to setup fetchmal+postfix to receive emails
which can just be pulled via IMAP, which seems to work fine with mutt.

>Incidentally, mutt itself does have support for pop and imap, and so
>your use case may enable you to use a much more straightforward set up
>than that described in the docs.


reading some example configurations I was able to setup MUTT to connect to
googlemail for a test.

QUESTION:
In case I have created a mail account somewhere via a WebGUI and I have
used my anon-whonix App-VM nobody should know who this emails belongs to,
as I am hidden behind tor.
What do I need to do, so that all IMAP traffic is now also running via TOR
as I want to keep my identity protected, even when I use IMAP to get my
emails.
What needs to be done that IMAP goes over TOR? can this be done and if so
how should I set it up in Qubes?


To complete the information within this topic, my /home/user/.mutt/muttrc
looks like this (maybe helpfull for others searching the archives)


# accounts
#
set from = "Name "

# Setup to get emails from Googlemail per IMAP
set imap_user = 'usern...@gmail.com'
set imap_pass = 'SUPER-SECRET-PASSWORD'
set folder = imaps://imap.gmail.com/
set spoolfile = +INBOX
set record = "+[Gmail]/Sent Mail"
set postponed = "+[Gmail]/Drafts"

# IMAP Tweaks
# https://gist.github.com/bnagy/8914f712f689cc01c267
#set imap_keepalive=60
#set imap_passive=no
#set imap_check_subscribed=yes
#set imap_idle=yes
#set mail_check=60

#Setup a Sidebar
# https://vigasdeep.com/2014/05/07/install-config-mutt-sidebar/
#change width accordingly
set sidebar_width=30
#Visible at first, then change its value to yes
set sidebar_visible=no
#set sidebar_delim='|'
#set sidebar_sort=yes
mailboxes =inbox =ml
bind index CP sidebar-prev
bind index CN sidebar-next
bind index CO sidebar-open
bind pager CP sidebar-prev
bind pager CN sidebar-next
bind pager CO sidebar-open
macro index b 'toggle sidebar_visible'
macro pager b 'toggle sidebar_visible'
bind index B bounce-message


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1868f414a66744a750e8314531121f2f.squirrel%40_.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - ASUS UX305FA

[Jane Jok]

Hi!
Could you please tell more about your experience with Qubes on UX305FA? I am 
considering ordering a notebook with  M-5Y10c CPU for use with Qubes but I'd 
like to know more

On Tuesday, February 14, 2017 at 9:49:59 AM UTC+3, CF wrote:
> Works well. I was able to use a bluetooth external speaker in a
> fedora-24 based VM:
> sudo dnf install pavucontrol pulseaudio-module-bluetooth bluez blueman
> sudo service bluetooth restart
> pactl load-module module-bluetooth-driver
> blueman-manager &
> pavucontrol &

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50698fa8-1cb9-450a-a78a-5c081115266a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes wallpaper

[Grzesiek Chodzicki]

W dniu sobota, 4 marca 2017 16:15:22 UTC+1 użytkownik haaber napisał:
> Hello,
> 
> I understand that importing a custom wallpaper may open a security
> breach for exploits against the image decoder inside dom0. On the other
> hand side, people (me inclusive) like to customize a little bit their
> system.
> 
> Nothing would be more natural as to 'sanitize' pictures that should go
> to dom0. Since qubes trusts rgb format (at least to secure pdf's), this
> seems a natural starting point. Helas!  xfce wallpaper management cannot
> read rgb files ...
> 
> Did someone already think about a possible solution? Bernhard

You know you could just view the picture in fullscreen and then take a 
screenshot of it right?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a37017f-c8d9-4f09-9f94-c335bb10ed12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes and ram

[raahelps]

On Wednesday, February 22, 2017 at 10:35:11 AM UTC-5, Laszlo Zrubecz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 02/22/2017 04:09 PM, Ted Brenner wrote:
> > I have 8 GB of RAM and I feel like I can't have more than 3 AppVMs
> > open (with Chrome) before I hit a limit and can't open up anymore
> > appVMs. Could be my configuration in terms of what minimal amount
> > of memory I assign though I'm using everything as it comes right
> > out of the box. If someone can get 12, I must be doing something
> > wrong.
> 
> Well that 12 online VM are distrbuted something like:
> 
> sys-firewall
> WiFi
> Ethernet
> sys-usb
> 2 different VPN proxy VM
> 
> those are with only 300Mb initial 512Mb max memory.
> 
> the remaining ~6  AppVMs are starting with 512Mb to 2048Mb max.
> 
> Of course all depend on what you are suing in those VM's. But I
> usually have at least 1 browser +terminals  +mail clients open.
> 
> 
> - -- 
> Zrubi
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJYra+gAAoJEH7adOMCkunmCkQQAI10dZeSNyrth4HpPYZFzOG0
> zgqVBdzfb0hQuG9ZVe0djVmEmn3kDueDFNDZx3xB28KrM3vuHLnW9jz8We1tkuAx
> MqhUXjcxzkJRu2ZuWwRiXPa/TWI3h3vIALZosgvuKhQJ/QVFzvqIQKf4gqPzszkn
> nglHgdrZK8rH90bxbFko798Ti7gU74tEIK3N6xq6/5KIRAC/9JJpCBr0zzmSqUaK
> srsq1Sn2Ve5vtQmSSL/QC7E6Qr8FUkwsJYOYEMwHubr7QkNGIfmyc6UfI1YkLo6z
> RjTZzxuyv7TXHa0sdK72NoLMI9xpoBTmWDiFTu5AYXiDo+Nc2mhXYa1iuYr2bPLy
> TM049KFGqUBd+RD2FT1vDx3JjkVGtYCgBQEBesypOFUnyZYRuc+nbuUTqVqm4g4g
> E72C9eKO2dH0IqaTYiBJQGyQVIK3k5cg/01brPhDFyWOV7ws2zzKwKHmRMJY0COc
> dKiI2P+1w52Xo7XJ7OS/rB6M8A7h9d09dDw92fUGZdBl/vAYObnFAL8/+7pERZz7
> YydSnTjY9k+OG05f4kd+PrCjV2BJSNkmNT2VyzIHKI5EaRwLsOcMWPvmp8TvjG3Y
> Xzzo7uUE0BDZ67iiH5D4NFDmWaqnDXLl7z486e1MqPosWozm1Kta+bma9TqHRaQt
> zYzHA79W2uCaBimT7eKU
> =xQ1o
> -END PGP SIGNATURE-

ya just browsing can eat all 8gb of ram nowadays haha.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82ae3fc5-f131-49a0-8790-9a8b9d6d2a1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes and ram

[raahelps]

On Wednesday, February 22, 2017 at 10:09:31 AM UTC-5, Ted Brenner wrote:
> I have 8 GB of RAM and I feel like I can't have more than 3 AppVMs open (with 
> Chrome) before I hit a limit and can't open up anymore appVMs. Could be my 
> configuration in terms of what minimal amount of memory I assign though I'm 
> using everything as it comes right out of the box. If someone can get 12, I 
> must be doing something wrong.
> 
> 
> On Wed, Feb 22, 2017 at 4:55 AM, Zrubi  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> 
> Hash: SHA256
> 
> 
> 
> On 02/22/2017 11:36 AM, sgshsjj...@gmail.com wrote:
> 
> > How does Qubes uses memory? I use about 20VMs (AppVMs, NetVMs,
> 
> > ProxyVMs, etc) and i don't see any difference between 8 and 16 gigs
> 
> > on laptop, does it make sense to add more memory?
> 
> 
> 
> there is no such thing as too much RAM. :)
> 
> 
> 
> I'm using ~12 online VMs  and usually hitting memory limits of my 8Gb.
> 
> 
> 
> - --
> 
> Zrubi
> 
> -BEGIN PGP SIGNATURE-
> 
> Version: GnuPG v2
> 
> 
> 
> iQIcBAEBCAAGBQJYrW4gAAoJEH7adOMCkunmDooP/RVipZoCy6sIaYxMH83Cuz4V
> 
> HLVZjYPRxss/GiXf59XA/0XmnXTEBt9KoZQEr4JQ3MwaJUzL3r4wsdb4IL0DdEgO
> 
> NzcCGnLaOI4y2KXVOBRiKOyTYi0FujNorMGCpNdmW4BWmtPjq4jWiwcXLPnsWd35
> 
> ZrPKTCdmtBHQLRtZv4TLIfso1d2RKMtpBHKmlLDwGOlt4WC2mKnNdRFLGoSe4waM
> 
> dCfiKjyiWHhPSwhR1o/PzvnMe0N5NgC8AvwVEd52NqZHfjDks3IS1qgLPhRQ5KPO
> 
> QlWN+2cmQpYfpSPmJAM1g4eWheuh+6OcJLieFjDqdqYj3zFnclEQnGKlD0XRRfg6
> 
> T+tMI/akoIh5NcxTGdRLz5WdKI2VzF699GW0dJ5H5TWw4W7BQkhQrNUQRgeZNhp8
> 
> 6IpTrgBNaYiyg7pXXMv/0lq0QslV/0Onmg/dYc/g7wQHGVk6N8g40/J2r6uckZNu
> 
> Py5nNDBEiLLkAk5KLuq9isXIo5BlcJvxNvOvvrcaMU32wgjDClr5in4Qo9ea3R/o
> 
> 48zFzz2kbHtlS40STPE3FFI+pNxk9NiH7s2Oao2Jy9p/to6+8a7kCU2jl7KZC6Bs
> 
> x36GToI6OUNZur5IiWvc8cHrC4H2yXl/ONlezR26VGxNjgBmeSxe+xDJZnlvw7uU
> 
> cDb9JeORSf7zWpQGShVl
> 
> =jySu
> 
> -END PGP SIGNATURE-
> 
> 
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/bae9891a-e216-dab9-4c30-3606ab69842a%40zrubi.hu.
> 
> 
> 
> For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> 
> 
> -- 
> 
> Sent from my Desktop

haha no u doing it right,   I saw 20 vms for 8gb and was like what!>!   Depends 
on what you using your vms for. whats running on them etc...  in other words 
you actually use your pc for more then just looking at it.

on my 8g i can only have like 6 or 7 vms running, including sys-vms.  on the 16 
gb machine about double that.  before I notice slowdown. or dom 0 ram going 
down.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7593856d-b7ec-4a78-8a5e-95fd71795442%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: shrink ntfs from qubes - what do use for this?

[raahelps]

diskpart on a windows boot disc? or make ur own boot media.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d09c94f-bc98-49b4-a2c5-f9365dce5190%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Asus H97M-E

[Timo Saarinen]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/687aa73d-887c-2ba9-213c-bb08dbbd9146%40neomailbox.net.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASUS-All_Series-20170304-205543.yml
Description: application/yaml


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Mssing WiFi capabilities Qubes OS R3.2

[raahelps]

On Saturday, March 4, 2017 at 11:35:12 AM UTC-5, hela...@gmail.com wrote:
> It loads the module R8723AU for the WiFi and that seems ok. On Lenovo the 
> WiFi card is listed under lsusb as an usb device. Do I then have to add the 
> whole USB controller to sys-net to be able to manage it ?

ya

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e945af59-628b-4242-a974-eaf5687e8e4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Fedora-24 Template Corrupted?

[raahelps]

On Saturday, March 4, 2017 at 7:48:27 AM UTC-5, qub...@tutanota.com wrote:
> --
> 
> 
> Securely sent with Tutanota. Claim your encrypted mailbox today!
> 
> 
> https://tutanota.com
> 
> 3. Mar 2017 23:35 by raah...@gmail.com:
> 
> On Friday, March 3, 2017 at 10:56:26 AM UTC-5, qub...@tutanota.com 
> wrote:Fedora-24 template shows updates available. However updates terminal 
> returns error [cannot copy/past results]. I then open gnome terminal and get 
> the following:
> [user@fedora-24 ~]$ sudo dnf update
> Last metadata expiration check: 2:23:51 ago on Fri Mar  3  2017.
> Dependencies resolved.
> 
>  Package   Arch  Version   Repository  
> Size
> 
> Skipping packages with broken dependencies:
>  gnome-software    x86_64    3.22.5-1.fc24 updates    9.3 
> M
> 
> Transaction Summary
> 
> Skip  1 Package
> 
> Nothing to do.
> Sending application list and icons to dom0
> The above output from gnome terminal is completely different from the updates 
> terminal - which refers to skipping "flatpak" package.
> To resolve I reloaded Qubes OS 3.2 but got same errors.
> Any thoughts?
> 
> 
> --
> 
> 
> Securely sent with Tutanota. Claim your encrypted mailbox today!
> 
> 
> https://tutanota.com
> I had the same exact issue. And yes you only get the message when running the 
> update from the qubes-manager, which halts the update.
> If updating manually from a terminal it will just skip that package and 
> proceed with rest of the updates.
> 
> What I did was sudo dnf autoremove and then sudo dnf remove flatpak and just 
> hit y to remove dependencies that were listed.  I haven't noticed any 
> problems running my vms after doing so, but I also wonder what it is.
> 
> 
> This issue has been fixed for me - Today, New template updates are available 
> from Fedora; - this installed 6 new packages associated with "flatpak"

well i;ve already removed them all lol.  hopefully that didn;t hurt my security.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3853530-b278-49af-ac08-c98da390dd4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Attaching a single USB device to a qube (USB passthrough)

[raahelps]

On Saturday, March 4, 2017 at 10:18:18 AM UTC-5, Francesco wrote:
> Hello,
> for the first time I am trying this new feature of Qubes 3.2 with the idea of 
> using attaching a scanner to a scannerVM.
> 
> Fist installed qubes-usb-proxy and simple-scan in the template from which 
> both sys-usb and scannerVM depend.
> 
> Then connected the usb cable and the scanner appeared in sys-usb terminal:
> user@sys-usb:~$ lsusb
> Bus 003 Device 005: ID 04a9:190f Canon, Inc. 
> but 
> it does not show in dom0 with 
> qvm-usb
> as taught at the end of this document:
> https://www.qubes-os.org/doc/usb/
> In fact only the webcam appears there.
> 
> 
> So which is the difference between webcam and scanner? Perhaps that the 
> webcam was already installed at boot, while the scanner was connected after? 
> But from a security point of view is it advisable to boot with the scanner 
> already connected?
> Best
> Fran

did you install proxy in the usb vm too?>  not sure havent; tried with a 
scanner only printer.  I still print and scan over network with a raspberry pi 
that i set up on earlier version of Qubes.  I;ve gotten android phone to work 
as single usb device though too.  maybe scanner use some diff protocol or port?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fe54565-d6f7-4aa3-a61d-28ed0e0cefbb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] flexlm license manager in AppVM

[Stephan Marwedel]

On 04/03/2017 16:05, Unman wrote:

On Fri, Mar 03, 2017 at 05:30:30PM +0100, Stephan Marwedel wrote:

Hi Steve,

thank you for the information.

Your approach probably won't work in my case, as the license served by
flexlm software is tied to MAC address and hostname. If I install it in the
TemplateVM the license will be created with MAC address and hostname of that
TemplateVM. If I later start the software from the AppVM like you suggested,
it will provide a different MAC address and hostname which will invalidate
the license. So there seems to be no alternative other than to create a
standalone VM and install the commercial package in that VM.

Regards,
Stephan

On 02/28/2017 04:15 PM, Steve Coleman wrote:

On 02/25/2017 04:07 PM, Stephan Marwedel wrote:

Hi,
I use a commercial simulation environment running on Debian. I installed
the software in the Debian TemplateVM and it is running fine. However,
when starting an AppVM based on that template I cannot use the
simulation software because of the flexlm license manager failing. This
is most likely caused by the AppVM getting both a hostname and MAC
address being different from those of the corresponding TemplateVM.

What options do I have, if any, to work with such a commercial software
in an AppVM, as I don't want to work in the TemplateVM?


What I have done is install the COTS software base in the template VM. I
generally choose /opt for COTS products to keep them separate.

Then I install a service to start the license manager in the one client
VM and create a desktop file pointing to that installed application
location. Install the desktop file in the template
/usr/share/applications but assign it in the start menu of just that one
VM. Look at qvm-service for how to assign the license manager service to
just that one VM instance.

Any VM may see the software on disk, but as long as you don't actually
run from the software template or other VMs then you should be good with
the license server seeing only the one install instance.

Things can get a bit trickier if the service/software demands to be able
to write to the system area of the template provided ro file system.
Then you may need some fixups performed prior to starting the license
service.

Other options might be to install in /usr/local in the client VM itself,

t> or even in your home directory if that is possible. The service is

likely required as before unless you write a script to launch the
license manager, wait for it, and then launch the application when the
license manager is ready.

My worst case situation would be a standalone VM, but I haven't found
anything quite that stubborn just yet.

Steve


Stephen,

You can use macchanger to change your MAC address to match the flexlm
expectation. Similarly, changing the hostname is straightforward,
Depending on what the software is, you may be able to choose the
installation point: if so, you can install in a TemplateBasedVM in /home
or /usr/local, rather than in a Template.

I did have one issue where I was able to show the vendor that the
license issued with appropriate MAC/hostname/user details didn't work on
the qube. They provided me with effectively an open license, so it's
definitely worth talking to them if you have issues.

You haven't said what the software is - knowing that may help.

unman


Hi Unman,

I intend to use the simulation software package MLDesigner 
(http://www.mldesigner.com) which is supported on RHEL/CentOS and 
Debian. I already tried macchanger and that works. As I did not install 
the software in /usr/local, but in /opt, it didn't help. I will try to 
reinstall in in the AppVM in /usr/local and then use macchanger to 
adjust MAC address and hostname.


Regards,

Stephan

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8e2e531-7c63-ded0-d945-3ef2d101e58d%40tu-ilmenau.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

[Vít Šesták]

Holger, restore is already implemented in some basic form. (I havre mentioned 
it here on Mar 1.) Both backup and restore are equally important: Without 
backup you have nothing to restore from.

Feel free to try it, but remember, this is early stage of development and you 
should read limitations. I have decided to publish it in such early stage in 
order to get feedback. (And I already got some valuable feedback.)

On testing: Some basic manual test passed, but I should create automated tests. 
(Maybe integration tests are more important than unit tests here – after ali, 
it mostly integrates existing products together.)

You can test restore scenario (at some level) now:

1. Backup.
2. Create new BackupStorageVM and new config directory for restore testing.
3. Run restore (./backup --action=restore other-args…) with specified config 
directory and VM name template. For example, you specify template 
“restore-testing-%” in order to add prefix “restore-testing-”.
4. Verify that restored VMs contain the desired data.

If you forget to specify VM name template, it will try to restore it under the 
original name. However, if the VM still exists, it will fail at creating the VM 
and will not continue. This is intentional: It will never overwrite existing VM 
by default. (In future, --force will probably overwrite the existing VM.)

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c750fffc-57ee-473d-9d82-2a030929b5a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Samsung RV510

[Todd Kleinpaste]

Seems to work well overall. I haven't pushed it to the limit, but then I
don't have a need to try, either. I have submitted 1 bug report on
GitHub, too.

If you have any questions please feel free to ask and I will attempt to
assist in any way possible.

Thank you for all your work,

Todd Kleinpaste

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3552f2e-7e12-02b0-ef44-ba6aa1341e05%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-SAMSUNG_ELECTRONICS_CO___LTD_-RV410_RV510_S3510_E3510_-20170304-113851.yml
Description: application/yaml


0x01B1F9BF.asc
Description: application/pgp-keys

[qubes-users] Samsung RV510

[Todd Kleinpaste]

Seems to work well overall. I haven't pushed it to the limit, but then I
don't have a need to try, either. I have submitted 1 bug report on
GitHub, too.

If you have any questions please feel free to ask and I will attempt to
assist in any way possible.

Thank you for all your work,

Todd Kleinpaste

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08d4481c-5cf3-e0e0-5b53-a099c3270f36%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-SAMSUNG_ELECTRONICS_CO___LTD_-RV410_RV510_S3510_E3510_-20170304-113851.yml
Description: application/yaml


0x01B1F9BF.asc
Description: application/pgp-keys

[qubes-users] Re: Mssing WiFi capabilities Qubes OS R3.2

[helangen]

It loads the module R8723AU for the WiFi and that seems ok. On Lenovo the WiFi 
card is listed under lsusb as an usb device. Do I then have to add the whole 
USB controller to sys-net to be able to manage it ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d1cf1b2-1fc9-49a7-a0c5-dc3eb3507b0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qubes wallpaper

[Unman]

On Sat, Mar 04, 2017 at 07:37:49AM -0800, loke...@gmail.com wrote:
> On Saturday, 4 March 2017 23:15:22 UTC+8, haaber  wrote:
> 
> > Nothing would be more natural as to 'sanitize' pictures that should go
> > to dom0. Since qubes trusts rgb format (at least to secure pdf's), this
> > seems a natural starting point. Helas!  xfce wallpaper management cannot
> > read rgb files ...
> 
> You can always convert the image from its original source into PNM (or some 
> equally simple format) and then convert it to something that Xfce can read 
> (like PNG).
> 
> If you want to be as safe as possible, you should do the initial conversion 
> in a dispvm, and then use a different VM to convert to PNG. This is because 
> you should assume that the dispvm has been compromised after the conversion.
> 

Have you looked at the qvm-convert-img tool? I think it is what you're
looking for.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170304161452.GA9328%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] install python(abi) in dom0

[sofoobard]

Trying to fix my borked Qubes install, would really appreciate a quick 
pointer...

Qubes packages in dom0 won't install because of missing dependency python(abi)

Requires: python(abi) = 3.4

I've spent hours reading python and fedora and qubes mailing lists and I cannot 
figure out what abi is or where to get it.

No net access, only 3.2 install media in rescue
mode

help?

thanks
sf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78eb9ecb-84b4-40dc-b938-426f1a43146f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Programmatically performing software update

[lokedhs]

On Thursday, 2 March 2017 03:59:39 UTC+8, Jimmy Axenhus  wrote:

> I got a Python script for that. Put in dom0 and run it. Unlike Andrews
> script this one will update all VMs in parallel and is interactive
> rather than non-interactive.

Thanks a lot to both you and David for helping out with this. I have no managed 
to do what I want.

By the way, is there a way to access this Qubes management API without using 
Python? (I specifically want to use Lisp, but I can hook into anything that 
isn't language-specific).

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de5c80dd-2ef5-41c1-a5d8-ef264733114b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Attaching a single USB device to a qube (USB passthrough)

[Franz]

Hello,
for the first time I am trying this new feature of Qubes 3.2 with the idea
of using attaching a scanner to a scannerVM.

Fist installed qubes-usb-proxy and simple-scan in the template from which
both sys-usb and scannerVM depend.

Then connected the usb cable and the scanner appeared in sys-usb terminal:
user@sys-usb:~$ lsusb
Bus 003 Device 005: ID 04a9:190f Canon, Inc.
but
it does not show in dom0 with
qvm-usb
as taught at the end of this document:
https://www.qubes-os.org/doc/usb/
In fact only the webcam appears there.

So which is the difference between webcam and scanner? Perhaps that the
webcam was already installed at boot, while the scanner was connected
after? But from a security point of view is it advisable to boot with the
scanner already connected?
Best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAAohxRo6CL5JjJS5srrYz2KfLoh9w%2ByYzaJTobKvNqzQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Compositing in AppVMs

[Unman]

On Sat, Mar 04, 2017 at 09:06:14AM +0100, Alex wrote:
> On 03/04/2017 04:54 AM, jimmy.dack...@gmail.com wrote:
> > I really like transparent Terminal windows and would like to use them
> > in AppVMs. They work on the dom0 Terminal, no sweat. But when I try
> > to set the Background to transparent in the Terminal Preferences in
> > any Fedora-24 AppVM I get: "Sorry, your Window Manager does not
> > support compositing: Opacity setting is not available."
> AFAIR, having transparent/semitransparent windows from AppVMs is a
> potential security problem: rogue software may overlay hard-to-spot
> windows on top of legitimate software to get confirmations/other actions
> performed by an unsuspecting user.
> 
> So if something like this gets ever implemented in the GUI daemon (maybe
> when wayland is supported?), I hope that I can disable the
> functionality; it would be even better if that was disabled by default,
> and had to be turned on by the user.
> 
> -- 
> Alex

Also, all the window effects you see are implemented in the GUI domain,
currently dom0, and there are a number of effects that aren't supported
there. (e.g flashing alerts are not propagated to dom0 as another suer
has pointed out.) I think that window opacity is one of these, and as
Alex suggests, that's a good thing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170304151831.GB8838%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes wallpaper

[haaber]

Hello,

I understand that importing a custom wallpaper may open a security
breach for exploits against the image decoder inside dom0. On the other
hand side, people (me inclusive) like to customize a little bit their
system.

Nothing would be more natural as to 'sanitize' pictures that should go
to dom0. Since qubes trusts rgb format (at least to secure pdf's), this
seems a natural starting point. Helas!  xfce wallpaper management cannot
read rgb files ...

Did someone already think about a possible solution? Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c4aae7e-9a9c-8c08-d09c-b070e9d78a44%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] flexlm license manager in AppVM

[Unman]

On Fri, Mar 03, 2017 at 05:30:30PM +0100, Stephan Marwedel wrote:
> Hi Steve,
> 
> thank you for the information.
> 
> Your approach probably won't work in my case, as the license served by
> flexlm software is tied to MAC address and hostname. If I install it in the
> TemplateVM the license will be created with MAC address and hostname of that
> TemplateVM. If I later start the software from the AppVM like you suggested,
> it will provide a different MAC address and hostname which will invalidate
> the license. So there seems to be no alternative other than to create a
> standalone VM and install the commercial package in that VM.
> 
> Regards,
> Stephan
> 
> On 02/28/2017 04:15 PM, Steve Coleman wrote:
> >On 02/25/2017 04:07 PM, Stephan Marwedel wrote:
> >>Hi,
> >>I use a commercial simulation environment running on Debian. I installed
> >>the software in the Debian TemplateVM and it is running fine. However,
> >>when starting an AppVM based on that template I cannot use the
> >>simulation software because of the flexlm license manager failing. This
> >>is most likely caused by the AppVM getting both a hostname and MAC
> >>address being different from those of the corresponding TemplateVM.
> >>
> >>What options do I have, if any, to work with such a commercial software
> >>in an AppVM, as I don't want to work in the TemplateVM?
> >>
> >
> >What I have done is install the COTS software base in the template VM. I
> >generally choose /opt for COTS products to keep them separate.
> >
> >Then I install a service to start the license manager in the one client
> >VM and create a desktop file pointing to that installed application
> >location. Install the desktop file in the template
> >/usr/share/applications but assign it in the start menu of just that one
> >VM. Look at qvm-service for how to assign the license manager service to
> >just that one VM instance.
> >
> >Any VM may see the software on disk, but as long as you don't actually
> >run from the software template or other VMs then you should be good with
> >the license server seeing only the one install instance.
> >
> >Things can get a bit trickier if the service/software demands to be able
> >to write to the system area of the template provided ro file system.
> >Then you may need some fixups performed prior to starting the license
> >service.
> >
> >Other options might be to install in /usr/local in the client VM itself,
> t> or even in your home directory if that is possible. The service is
> >likely required as before unless you write a script to launch the
> >license manager, wait for it, and then launch the application when the
> >license manager is ready.
> >
> >My worst case situation would be a standalone VM, but I haven't found
> >anything quite that stubborn just yet.
> >
> >Steve
> >

Stephen,

You can use macchanger to change your MAC address to match the flexlm
expectation. Similarly, changing the hostname is straightforward,
Depending on what the software is, you may be able to choose the
installation point: if so, you can install in a TemplateBasedVM in /home
or /usr/local, rather than in a Template.

I did have one issue where I was able to show the vendor that the
license issued with appropriate MAC/hostname/user details didn't work on
the qube. They provided me with effectively an open license, so it's
definitely worth talking to them if you have issues.

You haven't said what the software is - knowing that may help.

unman


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170304150558.GA8838%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] First time user: initial issues and thoughts

[sm8ax1]

Hi,

I just installed Qubes yesterday and wanted to share my thoughts and
some issues I ran into.

Table of Contents
1. Use Case / Thanks
2. Minor issues with manual partitioning and assigning mountpoints
3. First-boot dialog
4. NetworkManager applet didn't start the first time
5. Modifying /etc files in template-inherited VMs persistently
6. Screensaver blacks screen but doesn't turn off the backlight
7. sys-firewall uses much more RAM than it should have to
8. Encrypted /boot partition support

First, I want to thank the developers. I've used Xen with QEMU and GTK+
on other Linuxes before, so I'm familiar with some of the concepts. I
was trying to accomplish basically what Qubes did, but it was a real
pain to manage, the actual security of the whole system was
questionable, and even simple tasks like pasting text or transferring
files were a pain. You guys did a great job with Qubes. It's the OS I've
been waiting for.

I learned about it a long time ago, probably around the time it first
came out, but I didn't think about trying it until it was featured on
the Tor blog and I learned about some new features. (For anyone who's
interested, I had a thoughtful, though theoretical, debate with another
reader about the some of the design choices around Qubes:
https://blog.torproject.org/blog/tor-heart-qubes-os#comment-229452)

The installation was pretty easy, but I ran into somewhat of an edge
case that held me up a little. I did my partitioning manually, and kept
the same GPT (and protective MBR) that was already installed.

BIOS Boot Partition (1007K) - out-of-alignment filesystemless partition
that allows GRUB to embed itself
EFI System Partition
/boot partition
encrypted main partition with LVM
root
swap

All good. Here's the issue. I thought I would "help" the installer by
creating a BTRFS LV for the root filesystem. It showed up in the
installer with a weird name like "btrfs.XXX" (where X is a digit that
changed on each reboot), and it didn't have the logical volume name in
the subtext like my swap LV did. I was typing "/" into the mountpoint
field, but instead of moving the partition up to the
to-be-assigned-a-mount-point group (above the list of available
partitions) when I clicked away like /boot and /boot/efi, the "/"
disappeared and the partition stayed put. I didn't think anything of
pre-formatting the LV with BTRFS because it was okay for all of the
other partitions.

I worked around it by removing the filesystem from the LV (zeroing it
out), and then the installer finally allowed me to have a new BTRFS
filesystem created on the LV and a mountpoint assigned. I think at some
point I read in the documentation that the root filesystem MUST be newly
created, but it would have saved me a lot of time if the installer had
just told me that. Overall I'd say it did alright for an LVM-on-LUKS
with BTRFS installation though.

The first-boot options dialog could have explained the options a little
better, or they should be explained in the documentation. For example,
the option to proxy all applications and upgrades through Tor, I
selected it because it sounded like what I wanted, but I didn't really
understand how it would affect the networking VM hierarchy or whether I
could still create unproxied VMs. I left the USB VM (sys-usb) option
unselected because I wasn't sure how reliable it would be, I don't have
an IOMMU anyway, and I don't connect a lot of random USB devices to my
computer, but I would like to try the feature in the future. All along I
was thinking "Can I change my mind later? Am I stuck with these
decisions for the rest of my life?"

Next, and this is the biggest one, the NetworkManager applet in sys-net
didn't start the first time, so I spent an a lot of extra time tinkering
with it and researching the problem until I found a bug report that
described the exact problem I was having. All I had to do was restart
sys-net, but it would have saved me a lot of time if it had started on
its own the first time.

I wanted to setup MAC address spoofing on my wireless interface too, so
I modified /etc/NetworkManager/NetworkManager.conf in sys-net, but when
I restarted it my changes were gone. I read that I have to make changes
in the TemplateVM itself (fedora-23) for them to be persistent, but the
problem is that I don't necessarily need all VMs to have this change.
I'm still not sure of the correct way to make changes to a single VM
that inherits from a TemplateVM.

Also, the screen saver doesn't turn off the display backlight like it
did on my old OS on this machine. Rather, the screen goes black but the
backlight is still on. I've seen other machines do the same thing, but I
know the hardware and drivers support turning off the backlight on this
machine if I can figure out how to configure it. I'm really hoping it
doesn't involve recompiling the kernel or anything like that.

When the Qubes VM Manager came up, my first thought (after noticing how
nice it looked) was "1400MB of RAM 

[qubes-users] Re: Mssing WiFi capabilities Qubes OS R3.2

[helangen]

On Saturday, 4 March 2017 00:44:22 UTC+1, cooloutac  wrote:
> On Friday, March 3, 2017 at 12:25:25 AM UTC-5, hela...@gmail.com wrote:
> > Hi,
> > 
> > I just installed Qubes R3.2 on a Lenovo Ideapad Yoga i7 with a Realtek 
> > RTL8732 NIC. I can't see the NIC under  sys-netvm and hence can't change it 
> > to a managed device. dmesg shows that it finds it, but the kernel module 
> > for the NIC does not seem loaded. In the menu I can only see 'Device not 
> > managed' for networking as would be expected.
> > 
> > I have read a few posts about Realtek cards being troublesome to use under 
> > Qubes.
> > 
> > Unfortunately I'm not by my Qubes laptop writing this so I cant' post any 
> > outputs from the machine.
> > 
> > Anyone have any ideas how to proceed ?
> > 
> > Thanks
> 
> Might want to check what driver module needed for fedora. or Maybe you need 
> to use a diff kernel

Thanks. It worked fine on a previous Fedora 24 install on the same computer 
though, but I can check. I just assumed since it worked there there would be no 
problems with Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cec9a874-503d-4d0e-90d1-d110c0078c36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Fedora-24 Template Corrupted?

[qubesos]

--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

3. Mar 2017 23:35 by raahe...@gmail.com:


> On Friday, March 3, 2017 at 10:56:26 AM UTC-5, > qub...@tutanota.com>  wrote:
>> Fedora-24 template shows updates available. However updates terminal returns 
>> error [cannot copy/past results]. I then open gnome terminal and get the 
>> following:
>> [user@fedora-24 ~]$ sudo dnf update
>> Last metadata expiration check: 2:23:51 ago on Fri Mar  3  2017.
>> Dependencies resolved.
>> 
>>  Package   Arch  Version   Repository  
>> Size
>> 
>> Skipping packages with broken dependencies:
>>  gnome-software    x86_64    3.22.5-1.fc24 updates    
>> 9.3 M
>>
>> Transaction Summary
>> 
>> Skip  1 Package
>>
>> Nothing to do.
>> Sending application list and icons to dom0
>> The above output from gnome terminal is completely different from the 
>> updates terminal - which refers to skipping "flatpak" package.
>> To resolve I reloaded Qubes OS 3.2 but got same errors.
>> Any thoughts?
>>
>>
>> --
>>
>>
>> Securely sent with Tutanota. Claim your encrypted mailbox today!
>>
>>
>> https://tutanota.com
>
> I had the same exact issue. And yes you only get the message when running the 
> update from the qubes-manager, which halts the update.
> If updating manually from a terminal it will just skip that package and 
> proceed with rest of the updates.
>
> What I did was sudo dnf autoremove and then sudo dnf remove flatpak and just 
> hit y to remove dependencies that were listed.  I haven't noticed any 
> problems running my vms after doing so, but I also wonder what it is.




This issue has been fixed for me - Today, New template updates are available 
from Fedora; - this installed 6 new packages associated with "flatpak" 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KeOMHHF--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Compositing in AppVMs

[Alex]

On 03/04/2017 04:54 AM, jimmy.dack...@gmail.com wrote:
> I really like transparent Terminal windows and would like to use them
> in AppVMs. They work on the dom0 Terminal, no sweat. But when I try
> to set the Background to transparent in the Terminal Preferences in
> any Fedora-24 AppVM I get: "Sorry, your Window Manager does not
> support compositing: Opacity setting is not available."
AFAIR, having transparent/semitransparent windows from AppVMs is a
potential security problem: rogue software may overlay hard-to-spot
windows on top of legitimate software to get confirmations/other actions
performed by an unsuspecting user.

So if something like this gets ever implemented in the GUI daemon (maybe
when wayland is supported?), I hope that I can disable the
functionality; it would be even better if that was disabled by default,
and had to be turned on by the user.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe2908c8-1078-ddd5-07a4-6ae9141cfd20%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature