[qubes-users] Re: can not start terminal on debian

[evo]

Am 03/10/2017 um 05:49 AM schrieb cooloutac:
> On Thursday, March 9, 2017 at 5:01:17 PM UTC-5, evo wrote:
>> Hello again!
>>
>> I have a strange problem, i dont understand.
>>
>> After i tried to install another language on debian (with no success) by
>> dpkg-reconfigure,
>>
>> now i can not start terminal ... not on template-VM and not on
>> debian-VM.. Xterm can be started, but not terminal, which is more
>> comfortable.
>>
>> Is it about language??
> 
> yes I think so happened to me once.  switch back to that default english one 
> and see, I forget exactly which off top my head.
> 


ok, i have it!!! :)
the thing is, you must change the language in the template VM and not
just in the App-VM. As i changed it to the selected language also in the
template VM, so the terminal works.

But the firefox is still in english, fedora changed the language of
every program automatically.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e283e8e0-1b16-8812-511a-4fbc0db03001%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Configuring AppVMs for multiple NICs?

[JW]

Thanks unman, this was very helpful!! I'm new to iptables, so perhaps a basic 
question: 

> > There are simple mechanisms to do this:
> > www.qubes-os.org/doc/firewall is helpful.
> > On sys-net you can use an entry in /rw/config/rc.local to set up the new
> > firewall restriction: something like
> > iptables -I FORWARD -s 10.137.100.10 -j DROP
> > iptables -I FORWARD -s 10.137.100.10 -d 10.0.0.0/8 -j ACCEPT

To recap, I'd like my "restricted" firewall (with IP 10.137.100.10) to grant 
access to  a 192.168.1.* network, and not allow any traffic to the second 
interface on a 10.* network. The "unrestricted" firewall would allow access to 
both networks. So in my sys-net, why don't I just do the following?

iptables -I FORWARD -s 10.137.100.10 -d 10.0.0.0/8 -j DROP

I ask because the above worked as expected, but when I tried: 

iptables -I FORWARD -s 10.137.100.10  -j DROP
iptables -I FORWARD -s 10.137.100.10 -d 192.0.0.0/8 -j ACCEPT

I could ping 192.168.1.1, but I could not browse the web on the restricted 
firewall.

Thank you, 

-J

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5154fda6-3ed4-4168-a76c-dda036e9c172%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Videostream with Qubes??

[evo]

Am 03/10/2017 um 02:04 AM schrieb sm8ax1:
> Grzesiek Chodzicki:
>> W dniu czwartek, 9 marca 2017 23:28:24 UTC+1 użytkownik evo napisał:
>>> Am 03/09/2017 um 11:26 PM schrieb Grzesiek Chodzicki:
 W dniu czwartek, 9 marca 2017 23:19:23 UTC+1 użytkownik evo napisał:
> Am 03/09/2017 um 11:12 PM schrieb Grzesiek Chodzicki:
>> W dniu czwartek, 9 marca 2017 21:41:02 UTC+1 użytkownik evo napisał:
>>> On 03/09/2017 09:11 PM, Grzesiek Chodzicki wrote:
 W dniu czwartek, 9 marca 2017 21:01:12 UTC+1 użytkownik evo napisał:
> On 03/09/2017 08:37 PM, Grzesiek Chodzicki wrote:
>> W dniu czwartek, 9 marca 2017 20:34:17 UTC+1 użytkownik evo napisał:
>>> On 03/09/2017 08:27 PM, Grzegorz Chodzicki wrote:


 On 03/09/2017 08:23 PM, evo wrote:
>
> On 03/09/2017 08:10 PM, Grzesiek Chodzicki wrote:
>> W dniu czwartek, 9 marca 2017 20:08:37 UTC+1 użytkownik evo 
>> napisał:
>>> On 03/09/2017 08:02 PM, Grzesiek Chodzicki wrote:
 W dniu czwartek, 9 marca 2017 19:44:38 UTC+1 użytkownik evo 
 napisał:
> Hello!
>
> i have problems with the most streams on the net.
> Youtube is ok, but i suppose rather slow.
>
> I think, this is the thing with flash, HTML5 and openH264.
> H264 is deactivated and if i want to activate it, it seems to 
> be not
> possible.
>
> Is it so, that HTML5 needs H264?
> Or is it so, that i need flash for every other stream.
> I tried also some links, that should be HTML5, but they were 
> not
> possible... maby they were not really in HTML5 or HTML5 
> does't work good.
>
> Do somebody has an idea?
 try sudo nano /etc/qubes.guid.conf and add audio_low_latency = 
 true; parameter to the VM used for movie watching (or add it 
 to global variables).
 Alternatively, install Google Chrome (Not Chromium) and use 
 that.

>>>
>>> hmm... i don't have qubes.guid.conf in etc, not in dom0 and not 
>>> in the VM
>> Sorry, I meant /etc/qubes/guid.conf
>>
> ah, ok, thanks!
> so i did add the new line under allow_fullscreen = true; by the 
> VM, that
> restarted the VM, but i think... nothing happens.
> if i want to stream MP4, it comes the download, which i don't 
> want at
> all. So firefox wants to download it instead of streaming.
>
> what i don't understand, what does audio have to do with stream?
>
> i will try it with chrome (i don't like)
 Video may stutter because video players and browsers automatically 
 try
 to synchronize video with audio (to avoid desyncs) so if audio 
 stutters,
 video will stutter as well. You may also want to try enable 
 vertical
 blank synchronization in WIndow Manager tweaks.

 How does the formatting of the file look like? It should look like 
 this:
 VM: {
 work: {
 audio_low_latency = true;
 };
 };
 Additionally, You need to restart the VM after changing its 
 settings in
 the guid.conf file

>>>
>>> are ok, so low latancy is usefull also on youtube... is there any
>>> security problems with it?
>>
>> IIRC this setting was used because having it on caused a CPU spike 
>> on older kernels. It shouldn't matter now
>>
>>>
>>> what do you mean with "window manager tweaks"?
>>> where can i find vertical blank synchronization?
>>
>> Go to System Tools > Window Manager Tweaks > Compositor > 
>> Synchronize drawing to vertical blank
>>>
>>> the formating is like
>>>
>>> VM: {
>>>work: {
>>> allow_fullscreen = true;
>>> audio_low_latency = true;
>>>
>>> };
>>> };
>>>
>>> i restarted the VM after change in quid.conf
>>
>> Formatting looks good, You may want to try restarting the physical 
>> machine just in case.
>>
>
> restarted the PM... firefox wants still to download the MP4-stream...
> i suppose that youtube runs better, quicker.. maby just my feeling and
> not fact.
>
> fedora don't have chrom in the sources, strange... i will try to 

[qubes-users] Re: Videostream with Qubes??

[evo]

Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
>> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
>>> Hello!
>>>
>>> i have problems with the most streams on the net.
>>> Youtube is ok, but i suppose rather slow.
>>>
>>> I think, this is the thing with flash, HTML5 and openH264.
>>> H264 is deactivated and if i want to activate it, it seems to be not
>>> possible.
>>>
>>> Is it so, that HTML5 needs H264?
>>> Or is it so, that i need flash for every other stream.
>>> I tried also some links, that should be HTML5, but they were not
>>> possible... maby they were not really in HTML5 or HTML5 does't work good.
>>>
>>> Do somebody has an idea?
>>
>> whats the templatevm its based on fedora or debian?  If fedora you have to 
>> enable rpmfusion and install gstreamer package to get that format.  I forget 
>> exactly which one though man.  I think i posted about it here once i;ll t ry 
>> tolook.
> 
> gstreamer1-libav
> 
> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> 

i run fedora 23 on it, rpm fusion is almost on... but i can not find
gstreamer1-libav on the server... strange

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b597270-6801-6e5c-150c-b809e272e531%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

[evo]

Am 03/10/2017 um 03:38 AM schrieb Unman:
> On Thu, Mar 09, 2017 at 06:40:15PM -0500, Chris Laprise wrote:
>> On 03/09/2017 05:57 PM, evo wrote:
>>> Hey!
>>>
>>> the last question for today! :D
>>> qubes is really great, but i want to understand some things, that are
>>> new for me.
>>>
>>> i don't understand the storage occupancy in Qubes OS.
>>>
>>> I can give the home-folder more space, but where can i understand how
>>> much space i have already used? where can i see the whole storage usage?
>>>
>>> and how can i add new SSD to the special VM (for example "work")?
>>>
>>> thanks for help!
>>>
>>
>> When you expand an appVM's storage, you're really changing the maximum
>> limit. The space isn't allocated from dom0 storage until its used (and
>> deletions will cause the space to be returned to dom0).
>>
>> Normal space reporting tools for Linux will show you the overall space and
>> usage in dom0. For instance, I use the KDE disk space widget on my desktop.
>>
>> You can attach additional storage to a VM by right-clicking on it in Qubes
>> Manager and using the attach/detach menu. Or you can use 'qvm-block' command
>> in dom0. Unfortunately, Qubes doesn't have a way to permanently attach
>> additional volumes to template-based VMs, so this always has to be done
>> manually or via a udev script, etc.
>>
> 
> This isn't true - it's pretty straightforward to add volumes at boot, and
> it can be done automatically.
> 
> Let's say you want to add /dev/sda4 to work, and mount it at
> /home/user/sda4. (It's ext4)
> 
> In dom0 look at the config files in /var/lib/qubes/appvms/work.
> copy work.conf to work2.conf
> edit work2.conf and add a stanza in the "devices" section
> 
> 
> 
> 
> 
> 
> 
> That's enough to attach the device to the qube.
> If you also want to have it mounted automatically you have to do some
> configuration in the qube.
> Start up the work qube, and create a file /rw/config/fstab
> containing:
> /dev/xvde /home/user/disk ext4 defaults,noatime   0 0
> 
> And then in /rw/config/rc.local add line:
> cat /rw/config/fstab >> /etc/fstab
> mount -a
> 
> Remember to chmod +x /rw/config/rc.local
> 
> Shutdown work
> 
> Now start work with the custom config -
> qvm-start work --custom-config=/var/lib/qubes/appvms/work/work2.conf
> 
> work will start up with the drive attached and it will be mounted
> automatically.
> 
> This is somewhat clunky - Qubes 4 will have better support for loading
> custom configs. But configure a keyboard shortcut to that "qvm-start"
> command and it's easy to work with.
> 
> Note that if you start work without the custom config it will start as
> normal without the volume attached. This may be desirable at times.
> If you want the menu items to start with the custom configs you'll have
> to do some editing of the relevant files: again, that's fairly
> standard stuff.
> 
> unman
> 

thanks, i will work through it next days, but i think its not a big
problem, to mount the SSD every time with just one klick.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa08dab0-3cc8-5d2e-1fb0-1105c0c8b1a9%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Archlinux template system update

[Steven Sheffey]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/21/2017 03:55 AM,
trul...@gmail.com wrote:
>> latest 'qubes-vm-gui' binary
> 
> How to replace qubes-vm-gui with old version?
> 
> https://github.com/QubesOS/qubes-gui-agent-linux
> 
> pulse Added pulseaudio 10.0 headers
> 
> xf86-video-dummy  xf86-video-dummy: adjust for xorg-server-1.19.0
> 
> 
> 
> 
I was able to fix this issue by writing

[qubes-r3.2]
Server = http://olivier.medoc.free.fr/archlinux/current

into /etc/pacman.d/99-qubes-repository/3.2.conf

Then you have to trust Olivier Medoc's key by running as root: (verify
this first to make sure you trust this)

pacman-key -r D85EE12F967851CCF433515A2043E7ACC1833B9C
pacman-key --lsign-key D85EE12F967851CCF433515A2043E7ACC1833B9C


I'm not 100% sure of how trustable this key or repository is so take
this with a grain of salt.

After you've added the repository and key, run

pacman -Syu

to do a full upgrade

I've had some issues with arch after upgrading the kernel -- namely,
what is discussed here
https://github.com/QubesOS/qubes-issues/issues/2649 -- so beware that
this is only a beginning solution.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQE2BAEBCAAgBQJYwcKqGRxzdGV2ZW5zaGVmZmV5NEBnbWFpbC5jb20ACgkQOPDe
NhvY38jlwwf+IZ2Ny8X12BVYHlufk2Y0PY9VhQN6XlS2/Blw2GsvFHyp/pKEtEe3
zk6OLk2rnb3hLDj/GiBGoJVeCxPoIs7r7RECkIExg9OvZXciN3bEJ8Wd1aPgzZ91
1UzQImh1m2ue+VEaZYsnyM5zhnRLpZ9heZga+UEfQptMH89Sx0HFSrZlZDO52zNj
JiEoobFibazyqe1VvP3JpB/B4OTBXnlSjInOM+KcMvlD19aQCklX60gyJWyh8mny
WKjMHjn3woEUxFuCeL6iNN8SfVKAO9vLokzbUZjJy7gMyGhCC953lBQMK9u/BZX3
PQYOMAV0ALXYFzka9MiyX1DGOKWsp9TkRw==
=g3nY
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o9sfr5%24fnr%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Archlinux template system update

[truleeeeeed]

пятница, 10 марта 2017 г., 13:24:51 UTC+3 пользователь Steven Sheffey написал:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 02/21/2017 03:55 AM,
> trul...@gmail.com wrote:
> >> latest 'qubes-vm-gui' binary
> > 
> > How to replace qubes-vm-gui with old version?
> > 
> > https://github.com/QubesOS/qubes-gui-agent-linux
> > 
> > pulse   Added pulseaudio 10.0 headers
> > 
> > xf86-video-dummyxf86-video-dummy: adjust for xorg-server-1.19.0
> > 
> > 
> > 
> > 
> I was able to fix this issue by writing
> 
> [qubes-r3.2]
> Server = http://olivier.medoc.free.fr/archlinux/current
> 
> into /etc/pacman.d/99-qubes-repository/3.2.conf
> 
> Then you have to trust Olivier Medoc's key by running as root: (verify
> this first to make sure you trust this)
> 
> pacman-key -r D85EE12F967851CCF433515A2043E7ACC1833B9C
> pacman-key --lsign-key D85EE12F967851CCF433515A2043E7ACC1833B9C
> 
> 
> I'm not 100% sure of how trustable this key or repository is so take
> this with a grain of salt.
> 
> After you've added the repository and key, run
> 
> pacman -Syu
> 
> to do a full upgrade
> 
> I've had some issues with arch after upgrading the kernel -- namely,
> what is discussed here
> https://github.com/QubesOS/qubes-issues/issues/2649 -- so beware that
> this is only a beginning solution.
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQE2BAEBCAAgBQJYwcKqGRxzdGV2ZW5zaGVmZmV5NEBnbWFpbC5jb20ACgkQOPDe
> NhvY38jlwwf+IZ2Ny8X12BVYHlufk2Y0PY9VhQN6XlS2/Blw2GsvFHyp/pKEtEe3
> zk6OLk2rnb3hLDj/GiBGoJVeCxPoIs7r7RECkIExg9OvZXciN3bEJ8Wd1aPgzZ91
> 1UzQImh1m2ue+VEaZYsnyM5zhnRLpZ9heZga+UEfQptMH89Sx0HFSrZlZDO52zNj
> JiEoobFibazyqe1VvP3JpB/B4OTBXnlSjInOM+KcMvlD19aQCklX60gyJWyh8mny
> WKjMHjn3woEUxFuCeL6iNN8SfVKAO9vLokzbUZjJy7gMyGhCC953lBQMK9u/BZX3
> PQYOMAV0ALXYFzka9MiyX1DGOKWsp9TkRw==
> =g3nY
> -END PGP SIGNATURE-

Hi, Steven. Are you fix this in template from 
https://ftp.qubes-os.org/repo/yum/r3.2/templates-community/rpm/ ?

archlinux# cat /etc/pacman.d/99-qubes-repository-3.2.conf 
[qubes-r3.2]
Server = http://olivier.medoc.free.fr/archlinux/current

gpg --keyserver pool.sks-keyservers.net --recv-keys 
D85EE12F967851CCF433515A2043E7ACC1833B9C
gpg: key 2043E7ACC1833B9C: public key "Olivier MEDOC (Qubes-OS signing key) 
" imported


archlinux# pacman -Suy
:: Synchronizing package databases...
 core 123.8 KiB   223K/s 00:01 [##] 100%
 extra   1680.3 KiB   538K/s 00:03 [##] 100%
 community  3.8 MiB   370K/s 00:10 [##] 100%
 multilib 176.7 KiB   287K/s 00:01 [##] 100%
:: Starting full system upgrade...
:: Replace fuse with extra/fuse2? [Y/n] y
resolving dependencies...
looking for conflicting packages...
:: xorg-server and xf86-input-joystick are in conflict (X-ABI-XINPUT_VERSION). 
Remove xf86-input-joystick? [y/N] y
error: failed to prepare transaction (could not satisfy dependencies)
:: qubes-vm-gui: installing pulseaudio (10.0-2) breaks dependency 
'pulseaudio<10.0'
:: qubes-vm-gui: installing xorg-server (1.19.2-1) breaks dependency 
'xorg-server<1.19.0'


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/305c5f21-e713-403a-bc13-5308d3c34483%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] RAM for Qubes OS

[jeanpierrefr22]

Hi there,

I have a Xiaomi Air Notebook 12.5":

- Intel Core m3-6Y30 Dual Core 0.9GHz, Up to 2.2GHz
- 12.5 inch IPS Screen with 1920 x 1080 Resolution
- 4GB DDR3 RAM for Advanced Multitasking
- 128GB SSD Storage Capacity

(http://www.gearbest.com/laptops/pp_416105.html)

I wonder if 4GB of RAM is enough to run Qubes OS.
I know that 4GB is the minimum required nevertheless I won't install Qubes on 
it if I can't open 2 AppVM at the same time or if the laptop is very slow.

Thank you,


Feedbacks appreciated if someone alreday installed Qubes on the Xiaomi :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2a57fd8-aefa-4621-a591-ed41487ac802%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Save session Fedora-23 AppVM

[Mark Wilson]

Is possible to save session on Fedora-23 AppVM? (In a similar way as dom0.)

Regards



-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-79afcf39-edc0-4ed2-856a-c8bd953c0407-1489161369997%403capp-mailcom-lxa12.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

[cooloutac]

On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> > On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> >> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> >>> Hello!
> >>>
> >>> i have problems with the most streams on the net.
> >>> Youtube is ok, but i suppose rather slow.
> >>>
> >>> I think, this is the thing with flash, HTML5 and openH264.
> >>> H264 is deactivated and if i want to activate it, it seems to be not
> >>> possible.
> >>>
> >>> Is it so, that HTML5 needs H264?
> >>> Or is it so, that i need flash for every other stream.
> >>> I tried also some links, that should be HTML5, but they were not
> >>> possible... maby they were not really in HTML5 or HTML5 does't work good.
> >>>
> >>> Do somebody has an idea?
> >>
> >> whats the templatevm its based on fedora or debian?  If fedora you have to 
> >> enable rpmfusion and install gstreamer package to get that format.  I 
> >> forget exactly which one though man.  I think i posted about it here once 
> >> i;ll t ry tolook.
> > 
> > gstreamer1-libav
> > 
> > https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> > 
> 
> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> gstreamer1-libav on the server... strange

hmm... did you install both rpm fusion free and nonfree?  Im not sure which one 
its in. 

Also make sure you looking gstreamer1 and not gstreamer.

Its in there somewhere and it will play the mp4 streams on firefox without 
flash.  Maybe just search gstreamer1 and scroll through the list maybe I 
spelled it wrong. look for the libav one.

https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4b019d3-ff3f-4669-a7ee-731775a90db2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: problem with qubes xfce menu

[cooloutac]

On Friday, March 10, 2017 at 6:40:17 AM UTC-5, Unman wrote:
> On Fri, Mar 10, 2017 at 08:52:37AM +0100, haaber wrote:
> > On 03/10/2017 05:51 AM, cooloutac wrote:
> > > On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
> > >> Hello,
> > >> I realise with surprise that some items in the "Q"-symbol that gives the
> > >> xfce menu have disappeared: the settings menu (!), the link to a dom0
> > >> termnal  & the link to debian-8 template.
> > >>
> > >> Is there a way to recreate these items? Bernhard
> > > 
> > > what desktop you using? xfce  try alt f3.
> > 
> > Hello cooloutac, that brings indeed the "application finder". But it
> > won't find the items I miss.  For debian-8 I fear my endless attempts to
> > install debian-8-dvm as standard template (involving
> > virsh -c xen:/// undefine debian-8-dvm )
> > seems to have taken away the debian-8 out of the list. This is not the
> > most annoying. Qubes-VM-manager still sees it, so I can start & run a
> > command by hand. The missing dom0-console is more annoying (I can still
> > do Alt+F2 + xterm), but the missing xfce settings is really annoying.
> > 
> > Bernhard
> 
> Bernhard
> 
> To recreate the debian-8 menu you should be able to run
> qvm-sync-appmenus. (You'll need to start the template first.)
> This is referred to at www.qubes-os.org/doc/managing-appvm-shortcuts
> 
> There have been numerous threads about using and abusing the menu
> system in xfce - please search and read them before posting here.

main problem with xfce menu editor is it doesn't let you "abuse" it lol.  like 
creating or deleting new entries.  Which would be much easier then editing some 
files like a developer.

Would that command also help other default shortcuts like shortcut for dom0 
desktop settings?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71a55f61-c013-4521-959c-f832f87fcb79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

[cooloutac]

On Friday, March 10, 2017 at 1:14:47 AM UTC-5, Drew White wrote:
> On Friday, 10 March 2017 15:36:49 UTC+11, cooloutac  wrote:
> > My problem with Qubes is that i'm still noob.  I don't even know what alot 
> > of system processes are or what they do. Qubes is more complicated then a 
> > normal os even just to monitor network traffic. I'm mostly in the dark 
> > compared to on bare metal os.
> > 
> 
> I know more about qubes than the developers do by now.
> monitoring is easy, just have a proxy that does it after the netvm.
> NetVM -> Firewall/Proxy running WireShark or similar -> AppVM/HVM
> 
> 
> > I'm basically at mercy of a default setup lol.  But I think thats part of 
> > qubes goal.  It has the misnomer of being called for nerds or enthusiasts.  
> > But its really for noobs.  The hard part is just taking a step in these 
> > waters of a new world, even for most security experts. 
> > 
> 
> I wrote my own applications for qubes because the developers wouldn't fix 
> things and didn't change things to use less RAM.
> I wrote my own manager that uses only 200 MB VRAM, instead of the current one 
> that uses over 1 GB VRAM. (Approximations)
> 
> Qubes is built for end users, not nerds or developers or anything (or so they 
> claimed, will post reference later).
> 
> > The hard part is just accepting the fact you will be compartmentalizing 
> > diff aspects of your daily activity on your pc.  Its a different way of 
> > thinking.  
> > 
> 
> it is a different way for many people. Those of us that are like me, and are 
> developers and such, we use virtualisation every day just to do our jobs.
> 
> 
> > Its about accepting the fact you are never 100% secure and its just a 
> > matter of how persistent your assailant is.  No matter what OS you are 
> > using. Everyone gets compromised imo, even most security experts.  The only 
> > people that don't are people that use their computers like monks.  All we 
> > can do most of the time is mitigate it.
> 
> Accept you aren't secure. Accept that you are compromised. Then try your best 
> to prevent things from going wrong.
> 
> It's always good to prevent what you can.
> 
> I have a way of doing things that permits me to protect myself up the wahzoo.
> 
> More advanced than the way qubes initially did it.
> It involves me doing different things with the iptables rules, but it's 
> workable.
> 
> I've done things and tested things, even the vulnerabilities that they say 
> there are that makes qubes super duper easy to break, and mine hasn't broken 
> or had that vulnerability.
> 
> Default setups, they can cause issues.
> SystemD, issues.
> 
> Hopefully one day, things will be back to being better, but until then, we 
> just have to try to protect ourselves as best as we can. What else can we do 
> when people like Google and Microsoft and all those others are trying to 
> steal your data and take over your life and your pc and everything about you, 
> then sell your data to the everyone

true.   Why not just use wireshark in sys-net, since its considered unsafe 
anyways?

The problem for me is identifying what vm and what process is causing the 
traffic.  To use baremetal methods on every vm is impractical.

I still never figured out how to make the firewall scripts to control 
everything outgoing. I still don't even believe its possible for some system 
processes. Sure i've made iptables rules file on baremetal linux no probs.  But 
I have to be honest, with Qubes its too complicated for me.

another issue for is monitoring hdd activity in similar manner.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05b01d4e-c901-4f9e-aef5-bdc52e947476%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can not start terminal on debian

[cooloutac]

On Friday, March 10, 2017 at 4:06:37 AM UTC-5, evo wrote:
> Am 03/10/2017 um 05:49 AM schrieb cooloutac:
> > On Thursday, March 9, 2017 at 5:01:17 PM UTC-5, evo wrote:
> >> Hello again!
> >>
> >> I have a strange problem, i dont understand.
> >>
> >> After i tried to install another language on debian (with no success) by
> >> dpkg-reconfigure,
> >>
> >> now i can not start terminal ... not on template-VM and not on
> >> debian-VM.. Xterm can be started, but not terminal, which is more
> >> comfortable.
> >>
> >> Is it about language??
> > 
> > yes I think so happened to me once.  switch back to that default english 
> > one and see, I forget exactly which off top my head.
> > 
> 
> 
> ok, i have it!!! :)
> the thing is, you must change the language in the template VM and not
> just in the App-VM. As i changed it to the selected language also in the
> template VM, so the terminal works.
> 
> But the firefox is still in english, fedora changed the language of
> every program automatically.

nice

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43ecb3bc-f1b6-4470-b49e-78ea8f79745a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Non UEFI

[cooloutac]

On Friday, March 10, 2017 at 1:02:58 AM UTC-5, Drew White wrote:
> On Friday, 10 March 2017 15:47:25 UTC+11, cooloutac  wrote:
> > On Thursday, March 9, 2017 at 10:38:36 PM UTC-5, Drew White wrote:
> > > Is there any version of all the templates that are NON UEFI?
> > > i.e. without EFI?
> > 
> > what?
> 
> The question is straight forward and simple.
> What of it do you not comprehend completely and query?

well i know what template and uefi is.  Don't know what they have to do with 
each other though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd3b1888-ed9a-43c3-89d9-6380767f7e9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: RAM for Qubes OS

[cooloutac]

On Friday, March 10, 2017 at 1:49:25 PM UTC-5, cooloutac wrote:
> On Friday, March 10, 2017 at 10:56:17 AM UTC-5, jeanpie...@gmail.com wrote:
> > Hi there,
> > 
> > I have a Xiaomi Air Notebook 12.5":
> > 
> > - Intel Core m3-6Y30 Dual Core 0.9GHz, Up to 2.2GHz
> > - 12.5 inch IPS Screen with 1920 x 1080 Resolution
> > - 4GB DDR3 RAM for Advanced Multitasking
> > - 128GB SSD Storage Capacity
> > 
> > (http://www.gearbest.com/laptops/pp_416105.html)
> > 
> > I wonder if 4GB of RAM is enough to run Qubes OS.
> > I know that 4GB is the minimum required nevertheless I won't install Qubes 
> > on it if I can't open 2 AppVM at the same time or if the laptop is very 
> > slow.
> > 
> > Thank you,
> > 
> > 
> > Feedbacks appreciated if someone alreday installed Qubes on the Xiaomi :)
> 
> it will run fine but whether or not you  can run 2 appvm at same time depends 
> what you do in them?  you have 
> 
> two appvms with 40 firefox tabs open? prolly not lol.   I have 6gb and I can 
> run 3 appvm and 3 sysvms but do run into slowdowns if using too much ram.
> 
> You can run the live usb just to see how qubes runs on your system.  
> https://www.qubes-os.org/doc/live-usb/

you can tell when qubes starts using too much ram if dom0 ram keeps getting 
lower.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ff9dc9d6-4d4e-4da1-9ed5-0efac947d45e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: problem with qubes xfce menu

[cooloutac]

On Friday, March 10, 2017 at 1:59:45 PM UTC-5, cooloutac wrote:
> On Friday, March 10, 2017 at 6:40:17 AM UTC-5, Unman wrote:
> > On Fri, Mar 10, 2017 at 08:52:37AM +0100, haaber wrote:
> > > On 03/10/2017 05:51 AM, cooloutac wrote:
> > > > On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
> > > >> Hello,
> > > >> I realise with surprise that some items in the "Q"-symbol that gives 
> > > >> the
> > > >> xfce menu have disappeared: the settings menu (!), the link to a dom0
> > > >> termnal  & the link to debian-8 template.
> > > >>
> > > >> Is there a way to recreate these items? Bernhard
> > > > 
> > > > what desktop you using? xfce  try alt f3.
> > > 
> > > Hello cooloutac, that brings indeed the "application finder". But it
> > > won't find the items I miss.  For debian-8 I fear my endless attempts to
> > > install debian-8-dvm as standard template (involving
> > > virsh -c xen:/// undefine debian-8-dvm )
> > > seems to have taken away the debian-8 out of the list. This is not the
> > > most annoying. Qubes-VM-manager still sees it, so I can start & run a
> > > command by hand. The missing dom0-console is more annoying (I can still
> > > do Alt+F2 + xterm), but the missing xfce settings is really annoying.
> > > 
> > > Bernhard
> > 
> > Bernhard
> > 
> > To recreate the debian-8 menu you should be able to run
> > qvm-sync-appmenus. (You'll need to start the template first.)
> > This is referred to at www.qubes-os.org/doc/managing-appvm-shortcuts
> > 
> > There have been numerous threads about using and abusing the menu
> > system in xfce - please search and read them before posting here.
> 
> main problem with xfce menu editor is it doesn't let you "abuse" it lol.  
> like creating or deleting new entries.  Which would be much easier then 
> editing some files like a developer.
> 
> Would that command also help other default shortcuts like shortcut for dom0 
> desktop settings?

Actually  I gotta say Bernhard if that happened to me I would freak the heck 
out and probably reinstall the whole system from another iso.  Do you know how 
it happened or what you were doing possibly cuased it, if I'm understanding you 
correctly? You are missing the settings shortcut? Were you tinkering with 
anything?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be822d7f-c94b-4797-a189-2fc95044a328%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: RAM for Qubes OS

[cooloutac]

On Friday, March 10, 2017 at 10:56:17 AM UTC-5, jeanpie...@gmail.com wrote:
> Hi there,
> 
> I have a Xiaomi Air Notebook 12.5":
> 
> - Intel Core m3-6Y30 Dual Core 0.9GHz, Up to 2.2GHz
> - 12.5 inch IPS Screen with 1920 x 1080 Resolution
> - 4GB DDR3 RAM for Advanced Multitasking
> - 128GB SSD Storage Capacity
> 
> (http://www.gearbest.com/laptops/pp_416105.html)
> 
> I wonder if 4GB of RAM is enough to run Qubes OS.
> I know that 4GB is the minimum required nevertheless I won't install Qubes on 
> it if I can't open 2 AppVM at the same time or if the laptop is very slow.
> 
> Thank you,
> 
> 
> Feedbacks appreciated if someone alreday installed Qubes on the Xiaomi :)

it will run fine but whether or not you  can run 2 appvm at same time depends 
what you do in them?  you have 

two appvms with 40 firefox tabs open? prolly not lol.   I have 6gb and I can 
run 3 appvm and 3 sysvms but do run into slowdowns if using too much ram.

You can run the live usb just to see how qubes runs on your system.  
https://www.qubes-os.org/doc/live-usb/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d176b9bb-ece0-4a52-8e39-66215407f141%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles

[Ed Welch]

On 03/10/2017 01:28 AM, Drew White wrote:

Problem is, they don't care.
I'm new to this OS and new to this community, however, after searching 
many many threads for info, looking at git/documentation/etc.  I really 
have not gotten this impression at all, I regularly see developers 
responding to threads and offering assistance.


There are bugs in the tools that I pointed out in version 2 of the tools, and 
they still aren't fixed.

The worse the issues got, the more I pressed it, and the more issues they put 
in instead of fixing.

Then they fixed one issue, and then started putting more in.

3.2.1.3 is alright and works, as I posted about months ago after I upgraded to 
3.2.2.3 and it broke Windows and caused lag in the Qubes Video Driver along 
with a major flicker.

The only way to resolve that was to remove QWT and then perform a complete 
reinstall of it, without the video driver.
But to do that I had to start in safe mode, and enable the standard display 
adapter and disable the Qubes Video.

I've been complaining for so long about things it's not funny, and they have 
not resolved the issues. (yet) That was stared in Qubes 2.

Now at Qubes 4, I don't expect there to be any advancement in the Windows 
integration for the GPU side of things.

But I stick to Qubes for security, that's one thing that they did get right, 
the whole reason behind it.

So all in all, since QWT changed hands a couple of times, things went wrong.
So in essence, I just hope for the future because having multiple people work 
on the QWT system and it going wrong mainly after it changed hands, was 
expected.

So, in a few years, the bugs in QWT 2* GFX side might be fixed.
Maybe they might do a complete re-write and get it all resolved in a month or 2.



I would say my experiences thus far have given me the impression windows 
support is not a primary focus of this project.  Windows tools/support 
seems to be mainly user contributed, and while mostly functional, Qubes 
in no way offers the kind of windows experience running on bare metal 
would get you.


This is perfectly ok with me, and in my personal opinion I think if 
someone is looking for a windows machine with full hardware acceleration 
(to support something like game playing), Qubes (or almost any 
virtualization technology) is not going to be the answer.


If I were to offer any criticism to the qubes project, strictly 
regarding Windows support, it would be that their documentation should 
set expectations of what Windows support is available a little more 
clearly.  After looking at the Qubes homepage a few weeks ago before 
heading down the road of installing it myself, I was mostly expecting 
windows support to be on par with linux ( I was never expecting graphics 
acceleration or much direct hardware, as it is made clear linux appvm's 
do not support hardware acceleration). I was however expecting things 
like usb passthrough to work, and I was troubled by problems with the 
most recent version of QWT which the docs I don't think quite explained 
(so I decided to help by submitting my experience to the news group 
archive to hopefully help others)



On a personal note, after reading a handful of your emails last night, I 
found the tone of all your emails leaving a rather poor taste in my 
mouth.  There was an arrogance and sense of entitlement that I think 
totally detract from any useful information you may have been providing.


It sounds like you are doing good work with slackware and with good 
purpose, but then I read comments like "I know more about qubes than the 
developers do by now." and "I've been complaining for so long about 
things it's not funny, and they have not resolved the issues. (yet)" and 
I'm not sure if you realize just how off putting that is to someone who 
is working very hard on an open source project.


The qubes developers do not owe us anything, rather quite the opposite, 
we owe them immensely for  all their hard work creating a fantastic 
operating system!


Ed

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e5fe963-e0cf-2bb0-880c-94957e3c2de4%40edjusted.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

[decuser]

On Thursday, March 9, 2017 at 8:38:21 PM UTC-6, Unman wrote:
> On Thu, Mar 09, 2017 at 06:40:15PM -0500, Chris Laprise wrote:
> > On 03/09/2017 05:57 PM, evo wrote:
> > >Hey!
> > >
> > >the last question for today! :D
> > >qubes is really great, but i want to understand some things, that are
> > >new for me.
> > >
> > >i don't understand the storage occupancy in Qubes OS.
> > >
> > >I can give the home-folder more space, but where can i understand how
> > >much space i have already used? where can i see the whole storage usage?
> > >
> > >and how can i add new SSD to the special VM (for example "work")?
> > >
> > >thanks for help!
> > >
> > 
> > When you expand an appVM's storage, you're really changing the maximum
> > limit. The space isn't allocated from dom0 storage until its used (and
> > deletions will cause the space to be returned to dom0).
> > 
> > Normal space reporting tools for Linux will show you the overall space and
> > usage in dom0. For instance, I use the KDE disk space widget on my desktop.
> > 
> > You can attach additional storage to a VM by right-clicking on it in Qubes
> > Manager and using the attach/detach menu. Or you can use 'qvm-block' command
> > in dom0. Unfortunately, Qubes doesn't have a way to permanently attach
> > additional volumes to template-based VMs, so this always has to be done
> > manually or via a udev script, etc.
> > 
> 
> This isn't true - it's pretty straightforward to add volumes at boot, and
> it can be done automatically.
> 
> Let's say you want to add /dev/sda4 to work, and mount it at
> /home/user/sda4. (It's ext4)
> 
> In dom0 look at the config files in /var/lib/qubes/appvms/work.
> copy work.conf to work2.conf
> edit work2.conf and add a stanza in the "devices" section
> 
> 
> 
> 
> 
> 
> 
> That's enough to attach the device to the qube.
> If you also want to have it mounted automatically you have to do some
> configuration in the qube.
> Start up the work qube, and create a file /rw/config/fstab
> containing:
> /dev/xvde /home/user/disk ext4 defaults,noatime   0 0
> 
> And then in /rw/config/rc.local add line:
> cat /rw/config/fstab >> /etc/fstab
> mount -a
> 
> Remember to chmod +x /rw/config/rc.local
> 
> Shutdown work
> 
> Now start work with the custom config -
> qvm-start work --custom-config=/var/lib/qubes/appvms/work/work2.conf
> 
> work will start up with the drive attached and it will be mounted
> automatically.
> 
> This is somewhat clunky - Qubes 4 will have better support for loading
> custom configs. But configure a keyboard shortcut to that "qvm-start"
> command and it's easy to work with.
> 
> Note that if you start work without the custom config it will start as
> normal without the volume attached. This may be desirable at times.
> If you want the menu items to start with the custom configs you'll have
> to do some editing of the relevant files: again, that's fairly
> standard stuff.
> 
> unman

This works, but is there a way to get qubes to use the custom config rather 
than its default when rebooting qubes and autostarting the VM (or in the gui)?

Thanks,
Will

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a198845-3630-47e7-9a6f-6d15f9bd1b0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] postfix

[Ted Brenner]

On Thu, Mar 9, 2017 at 9:24 PM, Ted Brenner  wrote:

> On Thu, Mar 9, 2017 at 6:57 AM, Unman  wrote:
>
>> On Wed, Mar 08, 2017 at 08:36:11PM -0600, Ted Brenner wrote:
>> > On Wed, Mar 8, 2017 at 9:32 AM, Ted Brenner  wrote:
>> >
>> > > On Wed, Mar 8, 2017 at 9:15 AM, Unman 
>> wrote:
>> > >
>> > >> On Tue, Mar 07, 2017 at 09:56:02PM -0600, Ted Brenner wrote:
>> > >> > Hi all,
>> > >> >
>> > >> > I'm trying to setup postfix following this guide
>> > >> > . But I'm not able to get
>> a few
>> > >> > things to work.
>> > >> >
>> > >> > First, the commands I added to /rw/config/rc.local don't seem to
>> run.
>> > >> > Namely, it doesn't appear to be mounting the /usr/local/etc/postfix
>> > >> > directory in /etc/postfix. Also postfix doesn't appear to be
>> running on
>> > >> > startup. How do we tell if that gets run correctly?
>> > >> >
>> > >> > Thanks!
>> > >> > Ted
>> > >> >
>> > >>
>> > >> Other have pointed out that you need to set the executable bit on
>> > >> rc.local.
>> > >> You might want to cnsider instead the use of bind-dirs :
>> > >> www.qubes-os.org/doc/bind-dirs which provides similar functionality.
>> > >>
>> > >
>> > > Thanks all. Yes, this was the issue. Still can't get postfix to work
>> but
>> > > that now appears to be due to missing the aliases.db.
>> > >
>> > > Is there a reason rc.local isn't executable by default?
>> > >
>> > > --
>> > > Sent from my Desktop
>> > >
>> >
>> > Quick follow up. What user is running rc.local? Is it root or user? I
>> > assume it is user since I'm seeing a permission denied when the call to
>> run
>> > postfix tries to access the aliases.db file. So should I throw a sudo in
>> > front of the command to start postfix in the rc.local file? Or should I
>> > change the permissions on aliases.db? Per the instructions I'm also
>> doing a
>> > mount command but that succeeds. Which is odd since if I try it as
>> user, it
>> > fails saying only root can do it. Which is why I ask which user is
>> running
>> > rc.local.
>> >
>> It's root - you could see this by appending:
>> echo `whoami` >> /home/user/rc_perms
>> But I suspect you already know this.
>>
>> What are the permissions on aliases.db?
>> What template are you using and do you have selinux enabled?
>>
>>
>>
> Thanks Unman. I'm using Fedora-24 and selinux is not enabled. aliases.db
> is owned by root:root with rw-r--r--.
>
> --
> Sent from my Desktop
>

I think the source of my problem was that postfix does some initial
configuration on its first launch. This requires the postfix-files file.
But that didn't get copied to /usr/local/etc/postfix which is mounted over
/etc/postfix. Once I added that file it launched successfully which appears
to have properly set up the aliases.db file so now all appears to be well.
Perhaps I'll submit a PR to update the postfix page to include copying
postfix-files to /usr/local/etc/postfix.

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutzBuXd41OiGucR14-7rVNK-nXbocLkCb36QNod9yVfFbw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

[Ted Brenner]

We should really add a page in the docs for how to automatically add a disk
to a qube on boot. I know this was something I struggled with and there
have been multiple threads on this list asking the same question.

On Fri, Mar 10, 2017 at 9:45 AM, decuser  wrote:

> On Thursday, March 9, 2017 at 8:38:21 PM UTC-6, Unman wrote:
> > On Thu, Mar 09, 2017 at 06:40:15PM -0500, Chris Laprise wrote:
> > > On 03/09/2017 05:57 PM, evo wrote:
> > > >Hey!
> > > >
> > > >the last question for today! :D
> > > >qubes is really great, but i want to understand some things, that are
> > > >new for me.
> > > >
> > > >i don't understand the storage occupancy in Qubes OS.
> > > >
> > > >I can give the home-folder more space, but where can i understand how
> > > >much space i have already used? where can i see the whole storage
> usage?
> > > >
> > > >and how can i add new SSD to the special VM (for example "work")?
> > > >
> > > >thanks for help!
> > > >
> > >
> > > When you expand an appVM's storage, you're really changing the maximum
> > > limit. The space isn't allocated from dom0 storage until its used (and
> > > deletions will cause the space to be returned to dom0).
> > >
> > > Normal space reporting tools for Linux will show you the overall space
> and
> > > usage in dom0. For instance, I use the KDE disk space widget on my
> desktop.
> > >
> > > You can attach additional storage to a VM by right-clicking on it in
> Qubes
> > > Manager and using the attach/detach menu. Or you can use 'qvm-block'
> command
> > > in dom0. Unfortunately, Qubes doesn't have a way to permanently attach
> > > additional volumes to template-based VMs, so this always has to be done
> > > manually or via a udev script, etc.
> > >
> >
> > This isn't true - it's pretty straightforward to add volumes at boot, and
> > it can be done automatically.
> >
> > Let's say you want to add /dev/sda4 to work, and mount it at
> > /home/user/sda4. (It's ext4)
> >
> > In dom0 look at the config files in /var/lib/qubes/appvms/work.
> > copy work.conf to work2.conf
> > edit work2.conf and add a stanza in the "devices" section
> >
> > 
> > 
> > 
> > 
> > 
> >
> > That's enough to attach the device to the qube.
> > If you also want to have it mounted automatically you have to do some
> > configuration in the qube.
> > Start up the work qube, and create a file /rw/config/fstab
> > containing:
> > /dev/xvde /home/user/disk ext4 defaults,noatime   0 0
> >
> > And then in /rw/config/rc.local add line:
> > cat /rw/config/fstab >> /etc/fstab
> > mount -a
> >
> > Remember to chmod +x /rw/config/rc.local
> >
> > Shutdown work
> >
> > Now start work with the custom config -
> > qvm-start work --custom-config=/var/lib/qubes/appvms/work/work2.conf
> >
> > work will start up with the drive attached and it will be mounted
> > automatically.
> >
> > This is somewhat clunky - Qubes 4 will have better support for loading
> > custom configs. But configure a keyboard shortcut to that "qvm-start"
> > command and it's easy to work with.
> >
> > Note that if you start work without the custom config it will start as
> > normal without the volume attached. This may be desirable at times.
> > If you want the menu items to start with the custom configs you'll have
> > to do some editing of the relevant files: again, that's fairly
> > standard stuff.
> >
> > unman
>
> This works, but is there a way to get qubes to use the custom config
> rather than its default when rebooting qubes and autostarting the VM (or in
> the gui)?
>
> Thanks,
> Will
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/2a198845-3630-47e7-9a6f-6d15f9bd1b0f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutyWJQBOaxOiYo%2BZ%3DBsNGjbTcMmjn7VRE3mM6FxjP81tRQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Mount different folders on same partition to different AppVMs?

[andresmrm]

Hello!

I think the answer will be no, but I want be sure before splitting my files 
into multiple partitions... Is it possible to mount folders on the same 
partition to multiple AppVMs preserving isolation?

I have an external HDD with many files, on the same partition. Now, migrating 
to Qubes, some of those files should be accessible only from AppVM "A", and 
others only from AppVM "B". Do I need to split them in 2 partitions and mount 
each one to an AppVM, or is there a way to mount folders to AppVMs preserving 
isolation?


Thanks for the attention!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77db7cf9-d5f6-413f-b1dd-98b202fbc767%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

[Robert Nyman]

Would you mind detailing the steps you went through to make that happen?

Thank you in advance.

=rk=
> On Mar 8, 2017, at 4:07 PM, Slideshowbob  wrote:
> 
>  Original Message 
>> Subject: [qubes-users] Re: Why is there no built-in nvidia driver support? 
>> aka GTX 980 issues
>> Local Time: March 8, 2017 11:58 PM
>> UTC Time: March 8, 2017 10:58 PM
>> From: rkny...@nymantechnology.com
>> To: qubes-users 
>> almightyl...@gmail.com
>> 
>> Did this ever get resolved? I am fighting this very battle. I'm assuming 
>> that trying to hack through anaconda JUST TO GET THE INSTALLER TO WORK is a 
>> waste.
>> 
>> Is there something I can try? How can I help?
>> 
>> =rk= 
> 
> I had lots of weird errors and a non working installer, too. Booting using 
> nouveau.modeset=0 made all my issues go away. Worth a try :).
> 
> ssb

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/205CA934-23BA-47E5-A6E9-4912A9F71190%40nymantechnology.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SystemD sucks - qubes shouldn't use it

[Jean-Philippe Ouellet]

On Fri, Mar 10, 2017 at 1:14 AM, Drew White  wrote:
> I wrote my own applications for qubes because the developers wouldn't fix 
> things and didn't change things to use less RAM.
> I wrote my own manager that uses only 200 MB VRAM, instead of the current one 
> that uses over 1 GB VRAM. (Approximations)

Feel free to share ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_BaG47E%3DW_pMucBiPux--f-rACY8C-FSX3-N6O-XhsELg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: problem with qubes xfce menu

[haaber]

On 03/10/2017 08:05 PM, cooloutac wrote:
>> Hello,
>> I realise with surprise that some items in the "Q"-symbol that gives the
>> xfce menu have disappeared: the settings menu (!), the link to a dom0
>> termnal  & the link to debian-8 template.
>>
>> Is there a way to recreate these items? Bernhard
>
>>>
>>> To recreate the debian-8 menu you should be able to run
>>> qvm-sync-appmenus. (You'll need to start the template first.)
>>> This is referred to at www.qubes-os.org/doc/managing-appvm-shortcuts
>>>
>>> There have been numerous threads about using and abusing the menu
>>> system in xfce - please search and read them before posting here.
>>
>> main problem with xfce menu editor is it doesn't let you "abuse" it lol.  
>> like creating or deleting new entries.  Which would be much easier then 
>> editing some files like a developer.
>>
>> Would that command also help other default shortcuts like shortcut for dom0 
>> desktop settings?
> 
> Actually  I gotta say Bernhard if that happened to me I would freak the heck 
> out and probably reinstall the whole system from another iso.  Do you know 
> how it happened or what you were doing possibly cuased it, if I'm 
> understanding you correctly? You are missing the settings shortcut? Were you 
> tinkering with anything?

This is not the only 'strange' thing, and I wait the first occasion of 1
day without anything good to do to reinstall everything. Hope this
happens before Q4 comes out .. I already tested emergency backup of
data, via a live-usb key break-in into my crypto-descs. Knowing that I
am able to do that is relaxing a lot :)

So: Unman's command worked for debian menu item, but it does not work
for dom0.
Would be too easy! But he pointed a page to read, so I rtfm.

Thnaks a lot, guys! Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e403fa9-817b-a564-2689-fb0b08f39bfd%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: RAM for Qubes OS

[jeanpierrefr22]

Le vendredi 10 mars 2017 19:51:50 UTC+1, cooloutac a écrit :
> On Friday, March 10, 2017 at 1:49:25 PM UTC-5, cooloutac wrote:
> > On Friday, March 10, 2017 at 10:56:17 AM UTC-5, jeanpie...@gmail.com wrote:
> > > Hi there,
> > > 
> > > I have a Xiaomi Air Notebook 12.5":
> > > 
> > > - Intel Core m3-6Y30 Dual Core 0.9GHz, Up to 2.2GHz
> > > - 12.5 inch IPS Screen with 1920 x 1080 Resolution
> > > - 4GB DDR3 RAM for Advanced Multitasking
> > > - 128GB SSD Storage Capacity
> > > 
> > > (http://www.gearbest.com/laptops/pp_416105.html)
> > > 
> > > I wonder if 4GB of RAM is enough to run Qubes OS.
> > > I know that 4GB is the minimum required nevertheless I won't install 
> > > Qubes on it if I can't open 2 AppVM at the same time or if the laptop is 
> > > very slow.
> > > 
> > > Thank you,
> > > 
> > > 
> > > Feedbacks appreciated if someone alreday installed Qubes on the Xiaomi :)
> > 
> > it will run fine but whether or not you  can run 2 appvm at same time 
> > depends what you do in them?  you have 
> > 
> > two appvms with 40 firefox tabs open? prolly not lol.   I have 6gb and I 
> > can run 3 appvm and 3 sysvms but do run into slowdowns if using too much 
> > ram.
> > 
> > You can run the live usb just to see how qubes runs on your system.  
> > https://www.qubes-os.org/doc/live-usb/
> 
> you can tell when qubes starts using too much ram if dom0 ram keeps getting 
> lower.

So 4 GB is fine to run 2/3 light VM ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5cb4019-d47f-4cb6-8d97-c0c03a2336f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dom0 startup setup failed

[mwray2]

Got the same problem after installing ubuntu. At first I couldn't manage to 
boot ubuntu from qubes startup menu, then I run boot-repair from live usb so 
now I can boot Ubuntu and qubes, but qubes not working properly (Quebes Dom0 
startup setup failed)

followed these instructions: 

https://micahflee.com/2014/04/dual-booting-qubes-and-ubuntu-with-encrypted-disks/

https://www.qubes-os.org/doc/multiboot/

but couldn't boot ubuntu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1829c78b-a88b-483c-bc79-bc1634e22b66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

[evo]

Am 03/10/2017 um 05:08 PM schrieb Ted Brenner:
> We should really add a page in the docs for how to automatically add a
> disk to a qube on boot. I know this was something I struggled with and
> there have been multiple threads on this list asking the same question.
> 
> On Fri, Mar 10, 2017 at 9:45 AM, decuser  > wrote:
> 
> On Thursday, March 9, 2017 at 8:38:21 PM UTC-6, Unman wrote:
> > On Thu, Mar 09, 2017 at 06:40:15PM -0500, Chris Laprise wrote:
> > > On 03/09/2017 05:57 PM, evo wrote:
> > > >Hey!
> > > >
> > > >the last question for today! :D
> > > >qubes is really great, but i want to understand some things,
> that are
> > > >new for me.
> > > >
> > > >i don't understand the storage occupancy in Qubes OS.
> > > >
> > > >I can give the home-folder more space, but where can i
> understand how
> > > >much space i have already used? where can i see the whole
> storage usage?
> > > >
> > > >and how can i add new SSD to the special VM (for example "work")?
> > > >
> > > >thanks for help!
> > > >
> > >
> > > When you expand an appVM's storage, you're really changing the
> maximum
> > > limit. The space isn't allocated from dom0 storage until its
> used (and
> > > deletions will cause the space to be returned to dom0).
> > >
> > > Normal space reporting tools for Linux will show you the overall
> space and
> > > usage in dom0. For instance, I use the KDE disk space widget on
> my desktop.
> > >
> > > You can attach additional storage to a VM by right-clicking on
> it in Qubes
> > > Manager and using the attach/detach menu. Or you can use
> 'qvm-block' command
> > > in dom0. Unfortunately, Qubes doesn't have a way to permanently
> attach
> > > additional volumes to template-based VMs, so this always has to
> be done
> > > manually or via a udev script, etc.
> > >
> >
> > This isn't true - it's pretty straightforward to add volumes at
> boot, and
> > it can be done automatically.
> >
> > Let's say you want to add /dev/sda4 to work, and mount it at
> > /home/user/sda4. (It's ext4)
> >
> > In dom0 look at the config files in /var/lib/qubes/appvms/work.
> > copy work.conf to work2.conf
> > edit work2.conf and add a stanza in the "devices" section
> >
> > 
> > 
> > 
> > 
> > 
> >
> > That's enough to attach the device to the qube.
> > If you also want to have it mounted automatically you have to do some
> > configuration in the qube.
> > Start up the work qube, and create a file /rw/config/fstab
> > containing:
> > /dev/xvde /home/user/disk ext4 defaults,noatime   0 0
> >
> > And then in /rw/config/rc.local add line:
> > cat /rw/config/fstab >> /etc/fstab
> > mount -a
> >
> > Remember to chmod +x /rw/config/rc.local
> >
> > Shutdown work
> >
> > Now start work with the custom config -
> > qvm-start work --custom-config=/var/lib/qubes/appvms/work/work2.conf
> >
> > work will start up with the drive attached and it will be mounted
> > automatically.
> >
> > This is somewhat clunky - Qubes 4 will have better support for loading
> > custom configs. But configure a keyboard shortcut to that "qvm-start"
> > command and it's easy to work with.
> >
> > Note that if you start work without the custom config it will start as
> > normal without the volume attached. This may be desirable at times.
> > If you want the menu items to start with the custom configs you'll
> have
> > to do some editing of the relevant files: again, that's fairly
> > standard stuff.
> >
> > unman
> 
> This works, but is there a way to get qubes to use the custom config
> rather than its default when rebooting qubes and autostarting the VM
> (or in the gui)?
> 
> Thanks,
> Will
> 
> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to qubes-users+unsubscr...@googlegroups.com
> .
> To post to this group, send email to qubes-users@googlegroups.com
> .
> To view this discussion on the web visit
> 
> https://groups.google.com/d/msgid/qubes-users/2a198845-3630-47e7-9a6f-6d15f9bd1b0f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout
> .
> 
> 
> 
> 
> -- 
> Sent from my Desktop


this would be a great idea, to add a doc-page about storage occupancy
under qubes and 

[qubes-users] VLC player on fedora-24

[Eva Star]

Do something other or only I have problem with VLC player on fedora-24 
template? Problem: It request a lot of time to start video playing. 
~minute. On fedora-23 I do not have this problem. Maybe it's because new 
VLC player version?


--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d684391-6b37-edb2-a54e-5540020bb561%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

[evo]

Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
>> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
>>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
 On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> Hello!
>
> i have problems with the most streams on the net.
> Youtube is ok, but i suppose rather slow.
>
> I think, this is the thing with flash, HTML5 and openH264.
> H264 is deactivated and if i want to activate it, it seems to be not
> possible.
>
> Is it so, that HTML5 needs H264?
> Or is it so, that i need flash for every other stream.
> I tried also some links, that should be HTML5, but they were not
> possible... maby they were not really in HTML5 or HTML5 does't work good.
>
> Do somebody has an idea?

 whats the templatevm its based on fedora or debian?  If fedora you have to 
 enable rpmfusion and install gstreamer package to get that format.  I 
 forget exactly which one though man.  I think i posted about it here once 
 i;ll t ry tolook.
>>>
>>> gstreamer1-libav
>>>
>>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
>>>
>>
>> i run fedora 23 on it, rpm fusion is almost on... but i can not find
>> gstreamer1-libav on the server... strange
> 
> hmm... did you install both rpm fusion free and nonfree?  Im not sure which 
> one its in. 
> 
> Also make sure you looking gstreamer1 and not gstreamer.
> 
> Its in there somewhere and it will play the mp4 streams on firefox without 
> flash.  Maybe just search gstreamer1 and scroll through the list maybe I 
> spelled it wrong. look for the libav one.
> 
> https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> 

hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
installed... but firefox still do not want to play, hmmm

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fe00c81-3454-87ff-95bf-62ddf63fa7b4%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

[Eva Star]

On 03/10/2017 01:57 AM, evo wrote:

Hey!

the last question for today! :D
qubes is really great, but i want to understand some things, that are
new for me.

i don't understand the storage occupancy in Qubes OS.

I can give the home-folder more space, but where can i understand how
much space i have already used? where can i see the whole storage usage?

and how can i add new SSD to the special VM (for example "work")?

thanks for help!



On dom0 terminal you can see actual used space by all VMs.
cd /var/lib/qubes/vm-templates/
du -hcd

https://i.imgur.com/rsOCM0G.png

You can attach any media if need at Qubes Manager -> Right Click -> 
Attach Block Device.


--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/779a396b-aad2-f00f-57e1-9a464f3fac8d%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Kicking the sudoers dead horse

[andresmrm]

Hello!

The "open" root behavior seems a little strange to me too. But, thinking 
coldly, what would change in your scenario if root was protected?

The attacker would not be able to modify /usr/bin/audacious, or install 
muhbackdoorz to system. But she/he could still delete all your home data, or 
send it through web, or install something inside home and add it to .bashrc, or 
...

Considering all important data in a DomU is owned by one user, and neither root 
nor the non-root user can leave DomU, the damage caused by any of them seems 
almost the same.

More info:
https://www.qubes-os.org/doc/vm-sudo/


Regards!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd734ccd-61ca-4be7-a590-46de944a9324%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

[cooloutac]

On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> > On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> >> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> >>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
>  On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> > Hello!
> >
> > i have problems with the most streams on the net.
> > Youtube is ok, but i suppose rather slow.
> >
> > I think, this is the thing with flash, HTML5 and openH264.
> > H264 is deactivated and if i want to activate it, it seems to be not
> > possible.
> >
> > Is it so, that HTML5 needs H264?
> > Or is it so, that i need flash for every other stream.
> > I tried also some links, that should be HTML5, but they were not
> > possible... maby they were not really in HTML5 or HTML5 does't work 
> > good.
> >
> > Do somebody has an idea?
> 
>  whats the templatevm its based on fedora or debian?  If fedora you have 
>  to enable rpmfusion and install gstreamer package to get that format.  I 
>  forget exactly which one though man.  I think i posted about it here 
>  once i;ll t ry tolook.
> >>>
> >>> gstreamer1-libav
> >>>
> >>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> >>>
> >>
> >> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> >> gstreamer1-libav on the server... strange
> > 
> > hmm... did you install both rpm fusion free and nonfree?  Im not sure which 
> > one its in. 
> > 
> > Also make sure you looking gstreamer1 and not gstreamer.
> > 
> > Its in there somewhere and it will play the mp4 streams on firefox without 
> > flash.  Maybe just search gstreamer1 and scroll through the list maybe I 
> > spelled it wrong. look for the libav one.
> > 
> > https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> > 
> 
> hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
> installed... but firefox still do not want to play, hmmm

weird.  you installed the gstreamer1-libav package? It doesn't have that 
version number, the libav package is something seperate.  You need to install 
that specific package it is def in rpmfusion repos.  I don't believe you need 
any other gstreamer package to stream mp4 but you might. maybe ffmpeg, but 
idoubt it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d8d4efb-4cf0-4e1f-80be-74784db62d8e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

[cooloutac]

On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> > Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> > > On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> > >> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> > >>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> >  On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> > > Hello!
> > >
> > > i have problems with the most streams on the net.
> > > Youtube is ok, but i suppose rather slow.
> > >
> > > I think, this is the thing with flash, HTML5 and openH264.
> > > H264 is deactivated and if i want to activate it, it seems to be not
> > > possible.
> > >
> > > Is it so, that HTML5 needs H264?
> > > Or is it so, that i need flash for every other stream.
> > > I tried also some links, that should be HTML5, but they were not
> > > possible... maby they were not really in HTML5 or HTML5 does't work 
> > > good.
> > >
> > > Do somebody has an idea?
> > 
> >  whats the templatevm its based on fedora or debian?  If fedora you 
> >  have to enable rpmfusion and install gstreamer package to get that 
> >  format.  I forget exactly which one though man.  I think i posted 
> >  about it here once i;ll t ry tolook.
> > >>>
> > >>> gstreamer1-libav
> > >>>
> > >>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> > >>>
> > >>
> > >> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> > >> gstreamer1-libav on the server... strange
> > > 
> > > hmm... did you install both rpm fusion free and nonfree?  Im not sure 
> > > which one its in. 
> > > 
> > > Also make sure you looking gstreamer1 and not gstreamer.
> > > 
> > > Its in there somewhere and it will play the mp4 streams on firefox 
> > > without flash.  Maybe just search gstreamer1 and scroll through the list 
> > > maybe I spelled it wrong. look for the libav one.
> > > 
> > > https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> > > 
> > 
> > hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
> > installed... but firefox still do not want to play, hmmm
> 
> weird.  you installed the gstreamer1-libav package? It doesn't have that 
> version number, the libav package is something seperate.  You need to install 
> that specific package it is def in rpmfusion repos.  I don't believe you need 
> any other gstreamer package to stream mp4 but you might. maybe ffmpeg, but 
> idoubt it.

you can also try using a debian template instead and see if firefox stream the 
mp4 by default but if not you will need the same package but maybe its easier 
to find and install from debian repo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ab2aac7-19fa-4441-b7c3-88f3dfcbf812%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: RAM for Qubes OS

[cooloutac]

On Friday, March 10, 2017 at 3:26:28 PM UTC-5, jeanpie...@gmail.com wrote:
> Le vendredi 10 mars 2017 19:51:50 UTC+1, cooloutac a écrit :
> > On Friday, March 10, 2017 at 1:49:25 PM UTC-5, cooloutac wrote:
> > > On Friday, March 10, 2017 at 10:56:17 AM UTC-5, jeanpie...@gmail.com 
> > > wrote:
> > > > Hi there,
> > > > 
> > > > I have a Xiaomi Air Notebook 12.5":
> > > > 
> > > > - Intel Core m3-6Y30 Dual Core 0.9GHz, Up to 2.2GHz
> > > > - 12.5 inch IPS Screen with 1920 x 1080 Resolution
> > > > - 4GB DDR3 RAM for Advanced Multitasking
> > > > - 128GB SSD Storage Capacity
> > > > 
> > > > (http://www.gearbest.com/laptops/pp_416105.html)
> > > > 
> > > > I wonder if 4GB of RAM is enough to run Qubes OS.
> > > > I know that 4GB is the minimum required nevertheless I won't install 
> > > > Qubes on it if I can't open 2 AppVM at the same time or if the laptop 
> > > > is very slow.
> > > > 
> > > > Thank you,
> > > > 
> > > > 
> > > > Feedbacks appreciated if someone alreday installed Qubes on the Xiaomi 
> > > > :)
> > > 
> > > it will run fine but whether or not you  can run 2 appvm at same time 
> > > depends what you do in them?  you have 
> > > 
> > > two appvms with 40 firefox tabs open? prolly not lol.   I have 6gb and I 
> > > can run 3 appvm and 3 sysvms but do run into slowdowns if using too much 
> > > ram.
> > > 
> > > You can run the live usb just to see how qubes runs on your system.  
> > > https://www.qubes-os.org/doc/live-usb/
> > 
> > you can tell when qubes starts using too much ram if dom0 ram keeps getting 
> > lower.
> 
> So 4 GB is fine to run 2/3 light VM ?

I would say 2 light vm. depending onhow light.   but why not test it out for 
yourself.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb70ac1f-77a4-49cc-b0b3-4d7ae5691a4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dom0 startup setup failed

[cooloutac]

On Friday, March 10, 2017 at 8:32:54 PM UTC-5, cooloutac wrote:
> On Friday, March 10, 2017 at 8:09:45 PM UTC-5, mwr...@gmail.com wrote:
> > Got the same problem after installing ubuntu. At first I couldn't manage to 
> > boot ubuntu from qubes startup menu, then I run boot-repair from live usb 
> > so now I can boot Ubuntu and qubes, but qubes not working properly (Quebes 
> > Dom0 startup setup failed)
> > 
> > followed these instructions: 
> > 
> > https://micahflee.com/2014/04/dual-booting-qubes-and-ubuntu-with-encrypted-disks/
> > 
> > https://www.qubes-os.org/doc/multiboot/
> > 
> > but couldn't boot ubuntu
> 
> if you want to reinstall the ubuntu grub,  What I do is copy the xen section 
> from the boot.cfg file of qubes boot partition and paste/append that into 
> /etc/grub.d/40_custom file on ubuntu.
> 
> Then update-grub and reboot and you should be able to boot qubes from ubuntu 
> grub.

use these instructions for installing the ubuntu grub. 
https://community.linuxmint.com/tutorial/view/245

Then its the boot.cfg file in grub2 directory of qubes boot partition.  From  
that file  copy everything between the xen start and end section. and paste 
into the 40_custom file on ubuntu.  Then update-grub.

You will have to repeat this everytime Qubes updates its kernel.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4df1f04e-08f8-4080-9986-c7469900d5d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

[cooloutac]

On Friday, March 10, 2017 at 6:25:22 PM UTC-5, Eva Star wrote:
> On 03/10/2017 01:57 AM, evo wrote:
> > Hey!
> >
> > the last question for today! :D
> > qubes is really great, but i want to understand some things, that are
> > new for me.
> >
> > i don't understand the storage occupancy in Qubes OS.
> >
> > I can give the home-folder more space, but where can i understand how
> > much space i have already used? where can i see the whole storage usage?
> >
> > and how can i add new SSD to the special VM (for example "work")?
> >
> > thanks for help!
> >
> 
> On dom0 terminal you can see actual used space by all VMs.
> cd /var/lib/qubes/vm-templates/
> du -hcd
> 
> https://i.imgur.com/rsOCM0G.png
> 
> You can attach any media if need at Qubes Manager -> Right Click -> 
> Attach Block Device.
> 
> -- 
> Regards

another command is qvm-ls -d

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88da01a9-4a83-4ca5-bbb3-61faf0b6ed55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

[Chris Laprise]

On 03/10/2017 06:33 PM, hib0...@gmail.com wrote:

Im sure this has been kicked into a pulp (considering the threads and the text in the sudoers 
files) but I am still perturbed by the argument that allowing unrestricted sudo to root in a DomU 
VM is "safe" and there is "no benefit" to disallowing it.  Perhaps I am 
misunderstanding something, I have only installed and begun to pull the system apart today, so bear 
with me.



Hi,

I used to be in the "only VM isolation matters" camp. But then I 
realized there is no reason NOT to keep the guest OS security intact; 
that's how it was designed to be used.


Furthermore, assuming that Linus & Co are never going to come through 
with a patch for vuln X before your systems encounter X is foolhardy. 
I'd rather give the guest OS a chance to stop attacks. especially if 
the OS is already configured to do that.


Re-enabling sudo security is possible; check out the vmsudo doc:

https://www.qubes-os.org/doc/vm-sudo/


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/feab905a-15b6-eef0-32e4-1d970c15e8b6%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mount different folders on same partition to different AppVMs?

[Unman]

On Fri, Mar 10, 2017 at 08:22:57AM -0800, andres...@gmail.com wrote:
> Hello!
> 
> I think the answer will be no, but I want be sure before splitting my files 
> into multiple partitions... Is it possible to mount folders on the same 
> partition to multiple AppVMs preserving isolation?
> 
> I have an external HDD with many files, on the same partition. Now, migrating 
> to Qubes, some of those files should be accessible only from AppVM "A", and 
> others only from AppVM "B". Do I need to split them in 2 partitions and mount 
> each one to an AppVM, or is there a way to mount folders to AppVMs preserving 
> isolation?
> 
> 
> Thanks for the attention!
> 

This isn't possible.

If you're not yet at a stage where you want to start splitting
partitions, a temporary measure would be to attach the disk to a
stand alone qube and create users with ssh access to individual folders.

You'll have to modify networking to allow ssh traffic between the qubes,
but the documentation on this is pretty good.

Then on the client qubes you could access the files with sshfs.
Obviously samba, nfs are alternatives.

Just a thought.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170311022355.GA19792%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: problem with qubes xfce menu

[Unman]

On Fri, Mar 10, 2017 at 08:52:37AM +0100, haaber wrote:
> On 03/10/2017 05:51 AM, cooloutac wrote:
> > On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
> >> Hello,
> >> I realise with surprise that some items in the "Q"-symbol that gives the
> >> xfce menu have disappeared: the settings menu (!), the link to a dom0
> >> termnal  & the link to debian-8 template.
> >>
> >> Is there a way to recreate these items? Bernhard
> > 
> > what desktop you using? xfce  try alt f3.
> 
> Hello cooloutac, that brings indeed the "application finder". But it
> won't find the items I miss.  For debian-8 I fear my endless attempts to
> install debian-8-dvm as standard template (involving
> virsh -c xen:/// undefine debian-8-dvm )
> seems to have taken away the debian-8 out of the list. This is not the
> most annoying. Qubes-VM-manager still sees it, so I can start & run a
> command by hand. The missing dom0-console is more annoying (I can still
> do Alt+F2 + xterm), but the missing xfce settings is really annoying.
> 
> Bernhard

Bernhard

To recreate the debian-8 menu you should be able to run
qvm-sync-appmenus. (You'll need to start the template first.)
This is referred to at www.qubes-os.org/doc/managing-appvm-shortcuts

There have been numerous threads about using and abusing the menu
system in xfce - please search and read them before posting here.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170310114014.GA15946%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Configuring AppVMs for multiple NICs?

[Unman]

On Fri, Mar 10, 2017 at 12:19:31AM -0800, JW wrote:
> Thanks unman, this was very helpful!! I'm new to iptables, so perhaps a basic 
> question: 
> 
> > > There are simple mechanisms to do this:
> > > www.qubes-os.org/doc/firewall is helpful.
> > > On sys-net you can use an entry in /rw/config/rc.local to set up the new
> > > firewall restriction: something like
> > > iptables -I FORWARD -s 10.137.100.10 -j DROP
> > > iptables -I FORWARD -s 10.137.100.10 -d 10.0.0.0/8 -j ACCEPT
> 
> To recap, I'd like my "restricted" firewall (with IP 10.137.100.10) to grant 
> access to  a 192.168.1.* network, and not allow any traffic to the second 
> interface on a 10.* network. The "unrestricted" firewall would allow access 
> to both networks. So in my sys-net, why don't I just do the following?
> 
> iptables -I FORWARD -s 10.137.100.10 -d 10.0.0.0/8 -j DROP
> 
> I ask because the above worked as expected, but when I tried: 
> 
> iptables -I FORWARD -s 10.137.100.10  -j DROP
> iptables -I FORWARD -s 10.137.100.10 -d 192.0.0.0/8 -j ACCEPT
> 
> I could ping 192.168.1.1, but I could not browse the web on the restricted 
> firewall.
> 
> Thank you, 
> 
> -J
> 

That's a "recap" that says a good deal more. ;-) 
I thnk the specification here has changed.

If you read my first reply I specifically covered this case, where you
wanted to use a gateway on one of the networks, and sugegsted filtering
by interface.

The difference between the two sets of rules you have posted is that the
first only drops traffic to the 10 net, what happens next depends on
what other rules in tthe FORWARD chain may come in to play.

The second set allows traffic to 192 net and then the 1st rule (whioch
appears second because the next instruction INSERTS a rule above it )
drops everything else.
So the traffic to 192 net is explicitly allowed and anything else is
explicitly dropped. That's why you cant access the web.

You can see these rules using 'iptables -L -nv' - remember that the
rules apply in order until a match is found.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170310115223.GB15946%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SystemD sucks - qubes shouldn't use it

[Holger Levsen]

On Thu, Mar 09, 2017 at 10:06:24PM -0800, Drew White wrote:
> systemd is bad, things were simpler and easier without it.

you think having a 1000 ways to start deamons (written and maintained by
a 1000 people) is more secure and simpler? That's a curious POV…


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170310115029.GA9041%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature