[qubes-users] Re: Install software inside dom0

[Drew White]

On Tuesday, 22 August 2017 11:13:52 UTC+10, Gecko  wrote:
> Can I install something like GParted inside dom0? I don't know how to make 
> any of the VM's see all of my partitions. I can only see the entire disk 
> inside dom0 terminal.
> 
> How can I delete all other partitions and resize Qubes to use all the hd?

[root@dom0 ~]# qubes-dom0-update gparted
That will install what you want.

Run fdisk on your hdd then.

Or else you are using LVM's?
Or is it GPT? MBR?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b1b3b30-a88d-4619-bf5f-90431af33f5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Grub Boot Screen cannot open Windows

[Drew White]

Easiest way is to manually edit the grub configuration files and just pass 
through from grub to windows.

There are many ways to do it depending on how your system is built and set up.

Google it, and there will be many ways to do it, or else you can inform us here 
for your setup, and the grub config is easy to do.

HDD Layout (Wether HDA HDB SDA SDB etc... And what the partition layout is 
completely. an 'fdisk -l' run as root will suffice.) 

Then I can easily tell you what you need to add in where to do it.


On Sunday, 20 August 2017 01:35:07 UTC+10, Person  wrote:
> I made an entry for Windows 7 on the Grub Boot Screen, but when I attempt to 
> open it, it shows the error "hd1 cannot get c/h/s values".
> 
> I've tried changing BIOS to UEFI mode, but it displays the same error. I've 
> also tried changing the device boot order. 
> 
> I've also tried to recover Windows through sudo mount /dev/sdC on both BIOS 
> and UEFI mode, but the terminal states that the device does not exist.
> 
> I know that Qubes is working fine, and that I did not overwrite the Windows 
> OS file (it still appears when I check the file system on Qubes).
> 
> I wish to be able to dual boot Windows 7 with Qubes 3.2 without losing any 
> programs installed on Windows 7 and without messing up Qubes. What do I do?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f68404c-1500-4eba-a92f-81bfaf5dbd74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Unable to uninstall Qubes

[Drew White]

On Tuesday, 22 August 2017 13:38:55 UTC+10, Person  wrote:
> I finally got access to the fdisk partitions, but I can't figure out how to 
> delete anything.
> What do I do?

write zero to the partitions from a LIVE DVD or RESCUE DVD and that will erase 
everything on those partitions. then delete and re-create, or else do whatever 
you want to do.

I have Qubes running under Qubes when I want to trial things.

So just use DD from Linux, whatever version you want to use.
#   dd if=/dev/zero of=/dev/sdXY bs=4096

Then fdisk to delete and create partitions, or just re-install Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d08b6fd-12af-41aa-9fa4-043df09fa631%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles

[Drew White]

On Saturday, 19 August 2017 03:14:40 UTC+10, Daniel Nelson  wrote:
> That seems to be a great question!  I have no idea what the answer is.  :-)  
> I can only say that I experienced the same problem symptoms that several 
> people before me did - that Windows setup hung at the initial boot screen 
> with glowing logo.  Following the same steps that helped many others also 
> helped me (changing to Cirrus driver).  All the details to the how are 
> summarised nicely here:  https://github.com/QubesOS/qubes-issues/issues/2488. 
>  I don't recall any mention of the why, though.

(I have never personally had this issue on ANY of the machines that I have used 
that has required this as a fix.)

I have had it lock once before because of other issues, which i just had to 
restart the pc to unlock the loops to get it working again.

> I guess I can also say that my system is a standard Intel Skylake Core M7 
> utilising the on-processor Intel HD graphics, and that my BIOS is a 
> combination of Coreboot and Tianocore, purely UEFI.  Just some fundamental 
> driver incompatibility maybe.

Perhaps.

> 
> 
> Incidentally, in case it might help anybody that comes after me and reads 
> this thread...
> 
> 
> I upgraded from the previous build of QWT to the latest (3.2.2-3) since the 
> previous version didn't work particularly better for me.
> Since then I was able to run Windows apps at least twice in seamless mode, no 
> debug!  It's pretty random, though.  It fails to display a window at all most 
> times, and the VM has to be killed.  I will try to find time to look deeper, 
> maybe increase the loglevel of some of the components and see more of what's 
> happening when it fails vs. when it succeeds.  Not sure on when I can find 
> the time for that, but I'll try to remember to report back if I find anything 
> that allows me to get it working consistently all the time.  For now I've 
> accepted running it always in debug mode for the stability.
> 

I am currently running the latest version. And I am having no issues on my 
laptop at this resolution.
1366x768
I also have my PC running at 1080p

My Dual Monitor Desktop is one monitor at 1920x1080 and the other at 1600x900
And that works fine.

But anything larger than that I have to run the system BEFORE i activate those 
screens and have the UI be notified of the size change to then do the resize 
after it's all working correctly and active.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2c59029-02ee-47e8-8571-dcd162b51f00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] GPU is deal-breaker

[cdgamlin]

My situation: Don't have funds to get a new computer (for hardware compliance) 
or mobile phone (for Skype), and can't use an alternative to Skype (not my 
choice and beyond my control)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae0fbda8-1106-4280-ba41-78867f093be2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Windows 7 problems (R3.2)

[Drew White]

On Monday, 21 August 2017 00:17:25 UTC+10, Hugo Costa  wrote:
> Thank you for your answers.
> 
> 
> I've tried using an earlier version of the Windows tools (3.2.1-3) and the 
> problem persists. I'll have to try it in a new vm with no updates (this one 
> was fully updated, already came with SP1 out-of-the-ISO). My VM isn't a 
> template, I was a bit lazy.
> 
> 
Try installing as a template then. see if that helps?
SP1 has SP1, and is still missing about 1.* GB of updates.

If you update, it may help too.

Try tools version 3.0.2

I have the latest installed in my Win7 Standard Edition on my PC here, and it 
runs seamless with all the perks no issue. It's only on 30 day trial until I 
enter my key, only trial because i am currently just testing things out before 
i use my key again.


> I've also noticed a new error. Qubes is unable to start the qrexec-daemon.
> 

That is normal, you will need to use qvm-prefs to set the timeout to maybe 120 
seconds. Depends how long it takes for your win7 guest to boot. mine takes 12 
seconds but i still have it set to 120 seconds timeout incase sometimes i have 
overloaded win7 and it takes forever to boot, or has to do a scan or an update 
install.


> 
> Thanks!
> 
> 
> On 10 August 2017 at 18:38,   wrote:
> Hey,
> 
> 
> 
> Installed everything, had to use this method 
> https://github.com/QubesOS/qubes-issues/issues/2488, and now it "works".
> 
> 
> 
> If I start the VM in Seemless GUI, it goes on but doesn't open any 
> application (with and without debug mode on).
> 
> If I start the VM without Seemless GUI, it only goes on with debug mode on, 
> otherwise it'll follow the above pattern.
> 
> 
> 
> Also, 2nd problem, I've installed MS Office, I've copied the shortcuts to the 
> "All Programs" folder and I'm unable to find them in the "Applications" tab 
> in the VM config. Is there anything I can do? Also, other installed 
> programmes don't appear on the list, it's not just Office.
> 
> 
> 
> Thanks for your time!
> 
> 
> 
> Hugo
> 
> 
> 
> --
> 
> You received this message because you are subscribed to a topic in the Google 
> Groups "qubes-users" group.
> 
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/qubes-users/PrgPTjNJPHw/unsubscribe.
> 
> To unsubscribe from this group and all its topics, send an email to 
> qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/56cb754b-3c5f-4d6d-99be-3a62538a840f%40googlegroups.com.
> 
> For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> 
> 
> -- 
> 
> 
> 
> Hugo Costa

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68398f5f-9dd5-4c2d-9232-eaa9c7da8608%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: UEFI secureboot issue

[qubester]

On 08/20/2017 05:48 AM, cooloutac wrote:

On Sunday, August 20, 2017 at 11:44:42 AM UTC-4, cooloutac wrote:

On Sunday, August 20, 2017 at 12:42:55 AM UTC-4, qubester wrote:
The guy Brad Spengler already warned dom0 and vms can be compromised by bad 
system updates. And I believe this happened to me and led to my bank account 
being hacked.   Also just after intel announced their patch for the hardware 
backdoor that existed for 8 years.

Qubes did last almost 2 years for me though(minus gaming),  when barebones 
linux wouldn't last a day and windows wouldn't last a couple months. Simply 
because I refuse to give up doing the things I own a pc for.   The other thing 
he warned about was using too much of the gpu in qubes...  I foresee that 
coming in the future with people demanding passthrough for it.

If you do decide to go back to windows 10,  hardenwindows10forsecurity.com  
also might interest you hardenubuntu.com  (scroll down to harden ubuntu 
section) The user activities and security and trust of the developers become 
the deciding factor after a point.

I don't think any operating system does it all.   Just like alot of people 
didn't think root privilege escalation in
vms, being trivial to bypass, was an excuse not to add that layer of 
protection.  I think its even worse not to use secure boot.


also if my hardware is compromised it really doesn't matter what os I use at 
that point either.


from some Q&A , I just read with the Pax Spengler, guy, he seemed to be 
using windows 7  because "he plays games"  , and for convenience, no 
mention that it might have something to do with  Secure Boot ..


So, would you feel more secure doing your banking on a Windows Box, 
since you think an broken update of Qubes  caused  you to "be hacked" ? 
just curious, not being rhetorical. :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/72d922ae-59a0-cd18-9da9-0774df80b37b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Blocking of clearnet on Tor & relay question

[qubester]

On 08/21/2017 01:31 PM, 
anguilla1980-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

How is everyone preventing Tor browser from loading any clearnet urls for 
anything? Is there is browser add-on? I want to keep my browser from trying to 
load anything that's a clearnet url to prevent from being outed by a 
compromised exit node. Accidents happen, and if I screwup and click on a 
clearnet link or something tries to load within a webpage that contains 
clearnet content, how do I mitigate this?

Is this maybe the best answer? 
https://forums.whonix.org/t/qubes-whonix-corridor-where-to-insert-the-bridges/4124

Also, is it possible to prevent Tor from connecting to any relays in the United 
States? Will using the bridges as described in the link above also take care of 
that too? I've yet to configure any use bridges yet.

Seems like the best config is qubes>sys-net>sys-firewall>sys-whonix-corridor w/obfs4 
bridges>anon-whonix>tor browser>vpn add-on using socks5>

Thanks!


if you've not already, suggest ask over at the whonix forum  not here

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cbfbb9be-ebc1-0575-2825-080904fd202d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to uninstall Qubes

[Person]

I finally got access to the fdisk partitions, but I can't figure out how to 
delete anything.
What do I do?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ead72e1-34ae-4e7b-8cc9-3f1eb555ed82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best pratice for crypto-currency wallets?

[Franz]

Anguilla

On Mon, Aug 21, 2017 at 8:14 PM,  wrote:

> I'd like to use Qubes for my crypto-currency wallets.
>
> I'm thinking a vm for running Exodus wallet so I can manage my multiple
> currencies in one wallet.
>
> I also want a cold storage Ethereum wallet.
>
> What is the generally accepted best practice far as how to
> create/configure vms for an online wallet and an offline wallet?
>
>
A tutorial for Electrum is here https://www.qubes-os.org/doc/split-bitcoin/

In general you need a wallet able to produce a transaction file not
completely signed and also able to import the same file. Not all wallets
are able to do that. Then you install you wallet in the template from which
two different VMs depend: one for connecting to the network and the other
offline for signing the imported file.

For moving the file between the two VMs you use Qubes secure file transfer
system.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCeuxr6avO4AMzR2Osn-zboKZPe%2BOGx%3D%2BaxyjgkcDijAQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to uninstall Qubes

[Person]

I messed up Qubes a little too much while using it, so I plan to uninstall it. 
I have attempted to wipe the partitions from fdisk on the Terminal Emulator, 
but my access is denied. Is there any other way to uninstall Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e80fa6a4-3fa9-4199-a229-346b4bdae9a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Install software inside dom0

[Gecko]

Can I install something like GParted inside dom0? I don't know how to make any 
of the VM's see all of my partitions. I can only see the entire disk inside 
dom0 terminal.

How can I delete all other partitions and resize Qubes to use all the hd?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38ddf359-10e3-4eef-aab1-6e41b28eb8cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Partition Disk

[Gecko]

Can someone tell me how I

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a8cf7bb-dc43-4385-8ae1-bdbd72f9ecd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Windows 7 HVM: how to remove Users-Folder-Redirection?

['PhR' via qubes-users]

Hello,

I would like to remove the redirection which has been made by Qubes Tools:

C:\Users --> E:\Users

As I can't run this within windows is there any trick to remove the link 
without booting up a 2nd OS?


Next question is, what is the downside if I have my USERS-folders on c:\ 
instead of e:\


- PhR

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a8bb457-67f6-4cad-7c7b-8490a89d0b46%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)

['PhR' via qubes-users]

Hello,

On 08/22/2017 12:55 AM, Chris Laprise wrote:

Some more questions:
[...]


some more information:

Strangely I can connect via OpenConnect from the command line/CLI:

root@my-work:~# openconnect -u MYUSERNAME VPNLINK.com
POST https:///
Attempting to connect to server 213.xxx.xxx.xxx:443
SSL negotiation with 
Connected to HTTPS on 
XML POST enabled
Please enter your username and password.
GROUP: [MYCOMPANY]:MYUSERNAME

POST https:///
XML POST enabled
Please enter your username and password.
Password:
POST https:///
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as 172.21.2.13, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite AES256-SHA.

I can then connect to my corporate network.
As such it seems that the problem of greyed out fields in the VPN-Setup 
of Network-Manager is not a OpenConnect issue, but more a Network 
Manager problem.


- PhR

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c21b2b40-0342-968f-eafe-fb6440b903e4%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)

['PhR' via qubes-users]

Hello Chris,


On 08/22/2017 12:55 AM, Chris Laprise wrote:


Is this Qubes 3.2?

Yes.

What changes does the Cisco client make to the routing table ('route' 
command)?

Before starting AnyConnect:

[user@my-work-vpn ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.137.2.1  0.0.0.0 UG0 00 eth0
10.137.2.1  0.0.0.0 255.255.255.255 UH0 00 eth0

After starting AnyConnect:
[user@my-work-vpn ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.137.2.1  0.0.0.0 UG0 00 eth0
10.5.48.0   0.0.0.0 255.255.255.0   U 0 00 cscotun0
10.137.2.1  0.0.0.0 255.255.255.255 UH0 00 eth0
192.168.1.0 0.0.0.0 255.255.255.0   U 0 00 cscotun0
vsrv-dc-3. 0.0.0.0 255.255.255.255 UH0  0 0 cscotun0
vsrv-dc-2. 0.0.0.0 255.255.255.255 UH0  0 0 cscotun0
213.xxx.xxx.xxx  10.137.2.1  255.255.255.255 UGH   0 00 eth0



What changes (if any) to 'FORWARD' chain ('iptables -L')?


Before starting AnyConnect:

[user@my-work-vpn ~]$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source   destination
DROP   udp  --  anywhere anywhere udp dpt:bootpc
ACCEPT all  --  anywhere anywhere ctstate 
RELATED,ESTABLISHED

ACCEPT icmp --  anywhere anywhere
ACCEPT all  --  anywhere anywhere
REJECT all  --  anywhere anywhere reject-with 
icmp-host-prohibited


Chain FORWARD (policy DROP)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere ctstate 
RELATED,ESTABLISHED

ACCEPT all  --  anywhere anywhere
DROP   all  --  anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


After starting AnyConnect:

[user@my-work-vpn ~]$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source   destination
ciscovpn   all  --  anywhere anywhere
ciscovpnfw  all  --  anywhere anywhere
DROP   udp  --  anywhere anywhere udp dpt:bootpc
ACCEPT all  --  anywhere anywhere ctstate 
RELATED,ESTABLISHED

ACCEPT icmp --  anywhere anywhere
ACCEPT all  --  anywhere anywhere
REJECT all  --  anywhere anywhere reject-with 
icmp-host-prohibited


Chain FORWARD (policy DROP)
target prot opt source   destination
ciscovpn   all  --  anywhere anywhere
ciscovpnfw  all  --  anywhere anywhere
ACCEPT all  --  anywhere anywhere ctstate 
RELATED,ESTABLISHED

ACCEPT all  --  anywhere anywhere
DROP   all  --  anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination
ciscovpn   all  --  anywhere anywhere
ciscovpnfw  all  --  anywhere anywhere

Chain ciscovpn (3 references)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere state 
RELATED,ESTABLISHED

ACCEPT all  --  anywhere anywhere
ACCEPT all  --  anywhere anywhere
ACCEPT udp  --  anywhere anywhere udp 
spt:bootpc dpt:bootps
ACCEPT udp  --  anywhere anywhere udp 
spt:bootps dpt:bootpc
ACCEPT udp  --  anywhere anywhere udp 
spt:dhcpv6-client dpt:dhcpv6-server
ACCEPT udp  --  anywhere anywhere udp 
spt:dhcpv6-server dpt:dhcpv6-client

ACCEPT tcp  --  10.137.2.26  213.xxx.xxx.xxx   tcp dpt:https
ACCEPT tcp  --  213.xxx.xxx.xxx   10.137.2.26  tcp spt:https
ACCEPT udp  --  10.137.2.26  213.xxx.xxx.xxx   udp dpt:https
ACCEPT udp  --  213.xxx.xxx.xxx   10.137.2.26  udp spt:https
RETURN all  --  10.137.2.26  anywhere
RETURN all  --  anywhere 10.137.2.26
RETURN all  --  10.137.2.26  10.137.2.26
RETURN all  --  10.137.2.26  10.137.2.26
RETURN udp  --  10.137.2.26  224.0.0.251  udp dpt:mdns
RETURN udp  --  10.137.2.26 after launching it I can 
224.0.0.251  udp dpt:mdns

RETURN udp  --  10.137.2.26  239.255.255.250  udp dpt:ssdp
RETURN udp  --  10.137.2.26  239.255.255.250  udp dpt:ssdp
RETURN all  --  anywhere base-address.mcast.net/4
RETURN all  --  10.137.2.26  base-address.mcast.net/4
RETURN all  --  anywhere 255.255.255.255
RETURN all  --  10.137.2.26  255.255.255.255
RETURN all  --  172.21.2.13  a.de/24
RETURN all  --  isys-team.

[qubes-users] Blocking of clearnet on Tor & relay question

[anguilla1980]

How is everyone preventing Tor browser from loading any clearnet urls for 
anything? Is there is browser add-on? I want to keep my browser from trying to 
load anything that's a clearnet url to prevent from being outed by a 
compromised exit node. Accidents happen, and if I screwup and click on a 
clearnet link or something tries to load within a webpage that contains 
clearnet content, how do I mitigate this? 

Is this maybe the best answer? 
https://forums.whonix.org/t/qubes-whonix-corridor-where-to-insert-the-bridges/4124

Also, is it possible to prevent Tor from connecting to any relays in the United 
States? Will using the bridges as described in the link above also take care of 
that too? I've yet to configure any use bridges yet. 

Seems like the best config is qubes>sys-net>sys-firewall>sys-whonix-corridor 
w/obfs4 bridges>anon-whonix>tor browser>vpn add-on using socks5> 

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25c27251-c829-41ef-9f73-dcef989c6adb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Best pratice for crypto-currency wallets?

[anguilla1980]

I'd like to use Qubes for my crypto-currency wallets.

I'm thinking a vm for running Exodus wallet so I can manage my multiple 
currencies in one wallet. 

I also want a cold storage Ethereum wallet.

What is the generally accepted best practice far as how to create/configure vms 
for an online wallet and an offline wallet?

Thanks! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/282f5d26-56f5-4721-9ee6-bfef67defadc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)

[Chris Laprise]

On 08/21/2017 05:19 PM, PhR wrote:


Any more ideas?

- PhR



Some more questions:

Is this Qubes 3.2?

What changes does the Cisco client make to the routing table ('route' 
command)?


What changes (if any) to 'FORWARD' chain ('iptables -L')?

Does running '/usr/lib/qubes/qubes-setup-dnat-to-ns' update the PR-QBS 
chain ('iptables -L -t nat)? Does that allow appVM to communicate?


What firewall rules are in the appVM's settings (Qubes Manager)? For 
testing (and probably for use) it should be set to "Allow network access 
except" and also allow DNS and ICMP with a blank list below.


Is the appVM based on a regular Linux template such as fedora-25 or 
debian-8?


Further:

The 'vpnc' package may be a viable alternative to Anyconnect (the open 
source counterpart is 'openconnect'). Also, Network Manager has an 
openconnect plugin; you would need to install the plugin in the template 
then enable NM for the proxyVM.


If you request help from the Cisco community, you can describe the 
proxyVM as being like an external router, but my limited searching 
suggests Cisco doesn't support this type of configuration.


Another option: Simply run the Anyconnect client in the appVM (no 
proxyVM for the VPN client). This may be the simplest route.


--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ca02e5c-9a53-e1ad-c7e9-bd0ed40ea39d%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)

['PhR' via qubes-users]

Hello Chris


On 08/21/2017 06:28 PM, Chris Laprise wrote:

On 08/20/2017 05:38 PM, 'PhR' via qubes-users wrote:

Unfortunately the App-VM which uses the VPN Proxy VM can't connect.
The Setup:
sys-net <-- sys-firewall <-- my-vpn (Proxy VM) <-- my-work (App VM)
(...)


You could ping a known IP address from the appVM. If it works the 
problem is likely limited to DNS.


Pinging a VPN-Adress from within my Proxy VPN (work-vpn) after 
connecting via anyConnect VPN works.

But pinging from my work-AppVM doesn't work.

In the proxyVM, check the contents of /etc/resolv.conf after your 
Cisco client connects. If its updated (not a 10.137.x.x number) you 
can run /usr/lib/qubes/qubes-setup-dnat-to-ns to enable DNS forwarding 
over the VPN.


Ihave checked /etc/resolv.conf:

[user@my-work-vpn ~]$ cat /etc/resolv.conf
domain intern.MYCOMPANY.de
nameserver 192.168.1.6
nameserver 192.168.1.11
nameserver 10.137.2.1
nameserver 10.137.2.254
search intern.MYCOMPANY.de

Another setting to check is /proc/sys/net/ipv4/ip_forward which should 
contain a value of '1'. Also, the iptables 'POSTROUTING' chain should 
have a masquerade target:


$ cat /proc/sys/net/ipv4/ip_forward


It is enabled (content: 1)


$ sudo iptables -L -t nat


[user@my-work-vpn ~]$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination
PR-QBS all  --  anywhere anywhere
PR-QBS-SERVICES  all  --  anywhere anywhere

Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
ACCEPT all  --  anywhere anywhere
MASQUERADE  all  --  anywhere anywhere

Chain PR-QBS (1 references)
target prot opt source   destination
DNAT   udp  --  anywhere 10.137.5.1   udp 
dpt:domain to:10.137.2.1
DNAT   tcp  --  anywhere 10.137.5.1   tcp 
dpt:domain to:10.137.2.1
DNAT   udp  --  anywhere 10.137.5.254 udp 
dpt:domain to:10.137.2.254
DNAT   tcp  --  anywhere 10.137.5.254 tcp 
dpt:domain to:10.137.2.254


Chain PR-QBS-SERVICES (1 references)
target prot opt source   destination

Do I need to tweak any other rules or setting in the ProxyVM or AppVM?
As the ProxyVM can perfectly connect to corporate servers, VPN is working.

If I switch the Net-VM in my work AppVM to the normal sys-firewall I can 
connect to the internet.
As such it seems that both proxyVM and AppVM seem to work normaly but 
not if I put everything together.


Any more ideas?

- PhR

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a478774d-4ae0-7c17-dff5-5585855d707a%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Error Starting VMs

[Person]

I created some new VMs and deleted some old ones, and when I tried to start the 
new VMs, an error popped up saying "maximum recursion depth exceeded". What do 
I do?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3aec0e6f-16e2-4b79-b189-2f555b3a4f82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Failing to passthrough an USB3 PCIE card

[zhongliangq]

On Tuesday, February 9, 2016 at 11:00:12 AM UTC-8, David Hobach wrote:
> > I've uploaded kernel-4.1.13-8.3 to qubes-dom0-unstable repo (for R3.1).
> > It have applied patches sent by Konrad on xen-devel in this thread:
> > http://markmail.org/message/dxiyuob24e7mp3lt
> > devel-4.1 branch in my qubes-linux-kernel repo on github.
> >
> > Can you test it out? It should fix USB 3.0 passthrough issue
> > ("xen:events: Failed to obtain physical IRQ" error, not sure about the
> > other cases).
> >
> > BTW Qubes ticket for reference:
> > https://github.com/QubesOS/qubes-issues/issues/1734
> 
> Hi Marek,
> 
> thanks for your efforts!
> 
> Unfortunately I sent the unusable hardware back to get a refund and went 
> for the USB 2 PCIE card solution, i.e. I cannot test it anymore, sorry. 
> I only have one USB 3 PCIE card left, which didn't work half the time 
> for passthrough due to apparently different issues.
> 
> Maybe someone else read this thread, has similar issues and is willing 
> to provide feedback?
> 
> Kind Regards
> David

Disabling MSI (Message Signaled Interrupts) for the usb 3.0 card specifically 
may solve your issue. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66bc7f34-5cde-4a7f-b8fc-6f36d23a4b4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)

[Chris Laprise]

On 08/20/2017 05:38 PM, 'PhR' via qubes-users wrote:

Hello,

I have successfully setup a fedora 25 bases ProxyVM, which has Cisco's 
Anyconnect Secure Mobility Client installed.


I can successfully connect via VPN and can also ping/reach servers via 
VPN.


Unfortunately the App-VM which uses the VPN Proxy VM can't connect.

The Setup:

sys-net <-- sys-firewall <-- my-vpn (Proxy VM) <-- my-work (App VM)

As I can connect from the Proxy my-vpn VM, it seems the problem is 
between the connection of my App-VM to the new Proxy VPN VM.


How can I troubleshoot and investigate the issues?

- PhR



You could ping a known IP address from the appVM. If it works the 
problem is likely limited to DNS.


In the proxyVM, check the contents of /etc/resolv.conf after your Cisco 
client connects. If its updated (not a 10.137.x.x number) you can run 
/usr/lib/qubes/qubes-setup-dnat-to-ns to enable DNS forwarding over the VPN.


Another setting to check is /proc/sys/net/ipv4/ip_forward which should 
contain a value of '1'. Also, the iptables 'POSTROUTING' chain should 
have a masquerade target:


$ cat /proc/sys/net/ipv4/ip_forward
$ sudo iptables -L -t nat

-

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8b65b147-fb6d-d840-4fba-77eeb646ae5f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Intel NUC NUC6i3SYK

[wannabeironman]

On Monday, November 28, 2016 at 7:46:49 PM UTC-5, Magnus Hedemark wrote:
> I just wanted to report that my Intel NUC6i3SYK is working great so far with 
> Qubes. Quite a nice desktop experience. I've not run into any hiccups yet. 
> Listening to headphones on the 1/8" jack works fine, too.
> 
> 
> 
> 
> Sent from ProtonMail, encrypted email based in Switzerland.

Did you have to do anything special to get the Intel I219V working?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cebcadb9-6426-40fc-9512-f7abe2eec88c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Opening links in your preferred AppVM

[John Maher]

On Tuesday, May 2, 2017 at 1:14:47 PM UTC-4, Gaiko wrote:
> Thanks for the reply!
> 
> 
> my ~/.local/share/applications/mimeapps.list is a bit different than yours, 
> really I was most interested in it handling http/https 
> 
> 
> [Default Applications]
> text/html=open_work_vm.desktop
> x-scheme-handler/http=open_work_vm.desktop
> x-scheme-handler/https=open_work_vm.desktop
> x-scheme-handler/about=open_work_vm.desktop
> x-scheme-handler/unknown=open_work_vm.desktop
> 
> 
> I tried just copying/pasting yours into mine (just for kicks) but that didn't 
> work either :(
> 
> 
> 
> 
> 
> 
> On Tue, May 2, 2017 at 4:36 AM,   wrote:
> Gaiko  [2017-05-02 03:36 +0200]:
> 
> > > What happens if you run `qvm-open-in-vm work https://qubes-os.org` in
> 
> > > tbirdVM
> 
> >
> 
> > it seems to work just fine that way
> 
> >
> 
> > > and when you run xdg-open https://qubes-os.org in the work VM
> 
> > > (without the quotes)?
> 
> >
> 
> > ok, xdg-open I hadn't tried. But regardless this seems to work fine as well.
> 
> 
> 
> Good! That means qvm-open-in-vm (sending the link to the work VM and
> 
> telling it to open it) and opening it internally in the work VM
> 
> works as intended.
> 
> 
> 
> What does ~/.local/share/applications/mimeapps.list in tbird look like?
> 
> It should look like this (from the mentioned how-to):
> 
> 
> 
>         [Default Applications]
> 
>         x-scheme-handler/unknown=open_work_vm.desktop
> 
>         x-scheme-handler/about=open_work_vm.desktop
> 
>         x-scheme-handler/http=open_work_vm.desktop
> 
>         x-scheme-handler/https=open_work_vm.desktop
> 
>         text/html=open_work_vm.desktop
> 
>         text/xml=open_work_vm.desktop
> 
>         image/gif=open_work_vm.desktop
> 
>         image/jpeg=open_work_vm.desktop
> 
>         image/png=open_work_vm.desktop
> 
>         application/xhtml+xml=open_work_vm.desktop
> 
>         application/xml=open_work_vm.desktop
> 
>         application/vnd.mozilla.xul+xml=open_work_vm.desktop
> 
>         application/rss+xml=open_work_vm.desktop
> 
>         application/rdf+xml=open_work_vm.desktop
> 
> 
> 
> Remove the lines for any MIME types you don't want to open with your
> 
> work VM.
> 
> 
> 
> --
> 
> ubestemt

Gaiko, did you get this to work? I have the exact same experience. And placing 
the files in /usr/share/applications did not help. 

When running "desktop-file-validate browser_vm.desktop" from ~/. I get "file 
does not exist". From ~/.local/share/applications I get 'browser_vm.desktop: 
warning: key "Encoding" in group "Desktop Entry" is deprecated', similar to you.

Thanks.
John

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80c01987-e9a2-457c-9e14-69e26ff35f19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 Building an up to date dom0 3.18 Kernel

[Reg Tiangha]

On 2017-08-21 4:59 AM, 'Vincent Adultman' via qubes-users wrote:
> As previously detailed ad nauseum, none of the Qubes dom0 4.4 or 4.9
> version Kernels will boot on my laptop (HP Elitebook 2540p). This means
> I'm stuck on the ancient 3.18.17-8.
> 
> I'm comfortable(ish - have built a Xenial template) using Qubes builder
> and I notice Reg Tiangha has a repo with updated 3.18 kernel at
> https://github.com/rtiangha/qubes-linux-kernel/ I notice Reg also
> submits patches which are merged into the official qubes-linux-kernel
> repo after review by Marek.
> 
> 1. Is there any chance of getting the updated 3.18 kernel merged into
> the official repos so anyone (read me) with truculent hardware can
> remain on this, even if it means building the package ourselves? (this
> is actually what I was envisaging maybe happening when previously
> inquiring whether it was possible to buy a support case from ITL)
> 
> 2. If not (not worth the effort of Marek to review?) given the existence
> of https://github.com/rtiangha/qubes-linux-kernel
>  what are the
> suggestions to an 'ordinary' end user who wants to build a 3.18 kernel
> from there? Specifically, I'd be extending my trust from the Qubes
> developers to Reg, who apart from clearly being active in the Qubes
> community, I know nothing about. Are there sensible actions that can /
> should be taken with git to verify the kernel code? No insult to Reg
> here intended whatsoever :)
> 

If you don't trust me, you can easily do it yourself. Just clone the
master qubes-linux-kernel repo from the QubesOS account, change the
number in the 'version' file to the latest number (as of now, it's
3.18.66 but you can verify that at kernel.org) and that'll update what's
already there.

But some Xen security patches released since the last 3.18 version will
be missing and you'll probably want to add those. Easiest way to do that
is to go here:

https://xenbits.xen.org/xsa/

and grab any patches from there that have to do with the Kernel since
the last time a 3.18 release was pushed out and add them to your tree
(you can look at how Marek has applied them in the 4.9 branch; basically
you add the path to the patch into the series.conf file). Hint: It's XSA
157 (though not all five of them) and XSA 216.

Finally, for bonus points, if you want a slightly harder kernel, you can
implement some of the KSPP recommended settings listed here (but not all
of them exist in 3.18 so you'll need to search first):

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

and the Linux Hardened project here:

https://github.com/copperhead/linux-hardened/wiki/Upstream-progress-tracking

Those are basically the only changes I've made; in the 4.9+ kernel
configs, other changes have been for newer driver support that didn't
exist in older versions. Good luck!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/onenp1%24gpi%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] GPU is deal-breaker

[Sandy Harris]

On Mon, Aug 21, 2017 at 8:54 AM, Matty South  wrote:

> On Monday, August 21, 2017 at 7:14:29 AM UTC-5, Francesco wrote:

>> On Mon, Aug 21, 2017 at 12:38 AM,   wrote:

>> *** TL;DR: Would the option to attach the GPU to a single qube be feasible? 
>> ***

> I can't really speak to the GPU, but for screen sharing with Skype, that will 
> not be a possibility on Qubes. Dom0 controls the GUI/desktop and you can't 
> install (nor would you ever want to) install an insecure MS product on Dom0.

If you have multiple video devices, can you use one for Dom0 and put
another under direct control of a guest OS?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACXcFm%3D7bKb-ng3JYDZ1vFakDrCz3E9Q1bJNraQ4Pee1EQWo0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] GPU is deal-breaker

[Matty South]

On Monday, August 21, 2017 at 7:14:29 AM UTC-5, Francesco wrote:
> Hello
> 
> 
> 
> 
> On Mon, Aug 21, 2017 at 12:38 AM,   wrote:
> Hi!
> 
> 
> 
> *** TL;DR: Would the option to attach the GPU to a single qube be feasible? 
> ***
> 
> 
> 
> Recently tried out Q3.2 and Q4.0-rc1. Pretty happy with most of it, and have 
> some ideas on what might make it better (if those ideas are plausible) - but 
> the GPU seems to be the deal breaker.
> 
> 
> 
> On LinuxMint, I like using VLC video player to watch lectures, using it's 
> option to speed up without altering pitch. On both versions of Q, video on 
> VLC behaved badly (often freezing up). Audio was good, so can only think it 
> is GPU issue
> 
> 
> 
> 
> 
> This is not normal, probably an issue with your hardware. Look if your 
> computer is on HCL
>  
> 
> I also use Skype a fair bit on LinuxMint, and find the "share screen" mode 
> useful to show stuff. Video on Skype also performed badly on on both versions 
> of Q, and "share screen" wouldn't work at all. Again, I can only think this 
> is GPU
> 
> 
> 
> 
> 
> For the video it is the same as above, but for Skype and VOIP in general I 
> find it much practical to use it on my cellphone

I can't really speak to the GPU, but for screen sharing with Skype, that will 
not be a possibility on Qubes. Dom0 controls the GUI/desktop and you can't 
install (nor would you ever want to) install an insecure MS product on Dom0. 
For me, I just send screenshots now instead of screen sharing. It's a little 
less convenient, but i'm happy to trade a little convenience for security.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8efafee-9efe-44ef-932b-6c34b365ad1b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] GPU is deal-breaker

[Franz]

Hello

On Mon, Aug 21, 2017 at 12:38 AM,  wrote:

> Hi!
>
> *** TL;DR: Would the option to attach the GPU to a single qube be
> feasible? ***
>
> Recently tried out Q3.2 and Q4.0-rc1. Pretty happy with most of it, and
> have some ideas on what might make it better (if those ideas are plausible)
> - but the GPU seems to be the deal breaker.
>
> On LinuxMint, I like using VLC video player to watch lectures, using it's
> option to speed up without altering pitch. On both versions of Q, video on
> VLC behaved badly (often freezing up). Audio was good, so can only think it
> is GPU issue
>
>
This is not normal, probably an issue with your hardware. Look if your
computer is on HCL


> I also use Skype a fair bit on LinuxMint, and find the "share screen" mode
> useful to show stuff. Video on Skype also performed badly on on both
> versions of Q, and "share screen" wouldn't work at all. Again, I can only
> think this is GPU
>
>
For the video it is the same as above, but for Skype and VOIP in general I
find it much practical to use it on my cellphone

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qC0fRzXP_XhVYKsfV0Mi34TqJibMfQiO_dKPpaaLV%3DDsw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 3.2 Building an up to date dom0 3.18 Kernel

['Vincent Adultman' via qubes-users]

As previously detailed ad nauseum, none of the Qubes dom0 4.4 or 4.9 version 
Kernels will boot on my laptop (HP Elitebook 2540p). This means I'm stuck on 
the ancient 3.18.17-8.

I'm comfortable(ish - have built a Xenial template) using Qubes builder and I 
notice Reg Tiangha has a repo with updated 3.18 kernel at 
https://github.com/rtiangha/qubes-linux-kernel/ I notice Reg also submits 
patches which are merged into the official qubes-linux-kernel repo after review 
by Marek.

1. Is there any chance of getting the updated 3.18 kernel merged into the 
official repos so anyone (read me) with truculent hardware can remain on this, 
even if it means building the package ourselves? (this is actually what I was 
envisaging maybe happening when previously inquiring whether it was possible to 
buy a support case from ITL)

2. If not (not worth the effort of Marek to review?) given the existence of 
[https://github.com/rtiangha/qubes-linux-kernel](https://github.com/rtiangha/qubes-linux-kernel/)
 what are the suggestions to an 'ordinary' end user who wants to build a 3.18 
kernel from there? Specifically, I'd be extending my trust from the Qubes 
developers to Reg, who apart from clearly being active in the Qubes community, 
I know nothing about. Are there sensible actions that can / should be taken 
with git to verify the kernel code? No insult to Reg here intended whatsoever :)

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/NoNPAoqjdRjpJ4aVcJXpaFMHKYJAWeRFLl6U98aj1bcPWbWnAMcCC9n-KpzknHplNV8yAk3Rn_Yq43IaYufwmViyWUF7Cg5La4jzZUye-SE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

[cyrinux]

Le lundi 14 août 2017 00:29:41 UTC+2, Yethal a écrit :
> W dniu niedziela, 13 sierpnia 2017 22:45:01 UTC+2 użytkownik Grzesiek 
> Chodzicki napisał:
> > W dniu niedziela, 13 sierpnia 2017 14:17:33 UTC+2 użytkownik Epitre napisał:
> > > Le dimanche 13 août 2017 09:41:53 UTC+2, Foppe de Haan a écrit :
> > > > On Sunday, August 13, 2017 at 9:38:06 AM UTC+2, Epitre wrote:
> > > > > Le dimanche 13 août 2017 09:19:25 UTC+2, Epitre a écrit :
> > > > > > Le dimanche 13 août 2017 07:24:29 UTC+2, Foppe de Haan a écrit :
> > > > > > > For any newcomers: can you tell me if this covers all the bases? 
> > > > > > > https://github.com/0spinboson/qubes-doc/blob/patch-1/managing-os/compiling-your-own-kernel.md
> > > > > > > (or if not, what's missing?)
> > > > > > 
> > > > > > Hi,
> > > > > > 
> > > > > > It seems right for me. Just a a comment for the version in 
> > > > > > devel-4.11, the last working version (at least for me, and need to 
> > > > > > be confirmed) is 4.11.8:
> > > > > > 
> > > > > > The 4.11.12 has a Xen bug which has to be fixed and prevent Xen to 
> > > > > > work.
> > > > > > The 4.12.5 has also the same bug but need to have also 3 patches 
> > > > > > updated.
> > > > > > 
> > > > > > In both cases, qubes-core status:
> > > > > > 
> > > > > > août 11 21:37:07 dom0 startup-misc.sh[2712]: xenstore-write: 
> > > > > > xs_open: No such file or directory
> > > > > > août 11 21:37:07 dom0 startup-misc.sh[2712]: xenstore-write: 
> > > > > > xs_open: No such file or directory
> > > > > > août 11 21:37:07 dom0 startup-misc.sh[2712]: xc: error: Could not 
> > > > > > obtain handle on privileged command interface (2 = No such file or 
> > > > > > directory): Internal error
> > > > > > août 11 21:37:07 dom0 startup-misc.sh[2712]: libxl: error: 
> > > > > > libxl.c:116:libxl_ctx_alloc: cannot open libxc handle: No such file 
> > > > > > or directory
> > > > > > août 11 21:37:07 dom0 startup-misc.sh[2712]: cannot init xl context
> > > > > > 
> > > > > > I will dig more into the problem in the next week but if someone 
> > > > > > would like to test to confirm or not, it would help.
> > > > > > 
> > > > > > Moreover, for those who have problem with NOUVEAU driver (see my 
> > > > > > first post asking help: 
> > > > > > https://groups.google.com/d/msg/qubes-devel/koDHzHJICEs/M5B19MBgCgAJ)
> > > > > >  and their GTX970 with 4G of VRAM, I patched the qubes kernel 
> > > > > > (https://github.com/fepitre/qubes-linux-kernel) for version 4.9 and 
> > > > > > 4.11. The major problem is in the computation of VRAM which has 
> > > > > > been completely remade and solved in kernel 4.12.
> > > > > 
> > > > > Sorry for the quick updates but writing the message it came to mind 
> > > > > that it would maybe something related to Grub...and yes...I boot the 
> > > > > my dev machine and I don't know why but the grub conf was badly 
> > > > > updated...
> > > > > 
> > > > > I can confirm that the lastest working version is 4.11.12. I will 
> > > > > also update properly my repo for the patches in devel-4.12.
> > > > 
> > > > np. I had a look, but didn't see any error messages akin to yours 
> > > > (running 4.11.12). 4.12.6 indeed only built for me if I disabled 3 
> > > > kernel patches, 1 related to xsa155.
> > > 
> > > Now building and running properly kernel-4.12 is ok. I pushed on my 
> > > devel-4.12 branch the updated 3 kernel patches who failed at first 
> > > instance (rewrite in the kernel sources to obtain properly updated lines).
> > > 
> > > We can now go on the next releases (especially if someone like has Ryzen 
> > > or Kaby Lake CPU or latest NVIDIA cards).
> > 
> > Interestingly enough, your 4.12 branch compiles fine in the AppVM 
> > previously used to (unsuccessfully) compile Reg's 4.11 kernel.
> 
> Just booted into the 4.12 slim kernel. Works great so far.
> I use Reg's slim config as a baseline and then as much stuff I safely could. 
> Final kernel size is 44mb. I can paste the final config here if anybody's 
> interested.

Hi, I'm interested :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2baf3734-c64d-488c-9062-2e47e1decdc3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problem installing Qubes R4.0 in EFI mode

[DocCZs plus]

I followed all instruction in this manual
https://www.qubes-os.org/doc/installation-guide/


With USB disk it boot into grub, but

chainloader /EFI/BOOT/xen.efi

does nothing, it only returns back to grub.

I found that my laptop is not in the hardware compatibility list
https://www.qubes-os.org/hcl/

Finally I decided to install it into Legacy BIOS mode on MBR Bios formatted 
harddisk, and there was no problem with installation. That installation runs 
normally after transferred via fsarchiver into previous GPT EFI formatted SSD 
disk. Qubes only boot through 2.02~beta2-36ubuntu3 loader after adding qubes 
lines.

Has anyone else had problem booting with /EFI/BOOT/xen.efi ?? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f6d7e8d-add2-4beb-ac07-9ab6dfc713d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] usb qube with one of two usb buses?

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/20/2017 08:52 AM, pixel fairy wrote:
> im on a desktop with 2 usb buses. is it possible to make a usb qube
> with one of those controllers and leave the other one in dom0 for
> the keyboard and mouse?
> 

Yes, but:
- - you have to find out which physical USB "connector" attached to
which PCI device. (It is mainboard specific) Then you can decide which
should be remain in dom0.

- - you have to remove the "rd.qubes.hide_all_usb" from the GRUB cmd line.

- -- 
Zrubi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZmoopAAoJEH7adOMCkunmwUoP/iKay5YmA1n+HZq6PolyiXdy
zzYZ8i+X1fb/Nrb+Mj50qL5fhtm3HO/Be/Y9aM801TYJ3LSGwKIi1e5ieNK95oc9
TiFxIQ/PjcGCG6kDZHL7eWCBx96dkfHZsSKYNgyX8MWpGLbFQ+YpFqnEG3GYREzz
W+h/6Jsp+62Kpn9t4Z2/qG2fO8kDqtpTNKRycJo7YhVoa4QFoUGM020zfX6Z8mHy
7RCBlhqQZ0dPV+ZouHFPUu74tKDLhGAWjal+21looP/ju+Gz6v8L0ptkNr4CuwBC
07U6CJRL8ngO7dA/nwTgqrNFj/aFrycoQGCFJTUqeh1NY7MqVzGplleBox6d/vFN
GxC4SrOWB4EWR5/vwKg2KNNYe+clP14ozhDZOiB6juLz3pl9HI7MPDNNmZD2LsWA
PczHz29Tekhd14owOu0l7zptAY3hza8434eAJO9l2rw0+JEDpU+BhuRZbJbteWwf
MwHwiKIYkn2Gy+/1yALIQRVA6xaAFUkDIxRK/IY4eqnX2gw4HWPnMCeaZ/pS5qTk
HuoyoWi35k3P3R2lmt4t2OICSUmxLVxL+E5fMenTrSwzyGSJZ+IvG7jwNxfuEK0B
19+/m1n6M7OKQdyD8bri3mXpL1bRO7j9YCcr5tWRWxRk0VXywQ3X8QUpzCkuEbxH
H8PiBirnm3DTQLr+y7TT
=VO6Z
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f387cd5-94ba-f877-6121-d9852acd1ced%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.