[qubes-users] Re: Leaky Through Faraday Cage Shielding

[Yuraeitha]

On Monday, February 12, 2018 at 2:10:09 AM UTC+1, Tim W wrote:
> On Sunday, February 11, 2018 at 1:06:06 PM UTC-5, David L. Craig wrote:
> > https://thehackernews.com/2018/02/airgap-computer-hacking.html
> > 
> > Dang!  Be certain your vaults cannot be compromised.
> > -- 
> > 
> > May the LORD God bless you exceedingly abundantly!
> > 
> > Dave_Craig__
> > "So the universe is not quite as you thought it was.
> >  You'd better rearrange your beliefs, then.
> >  Because you certainly can't rearrange the universe."
> > __--from_Nightfall_by_Asimov/Silverberg_
> 
> that is a lab only hack and makes some big assumptions to be successful.  
> Secondly, they are careful to only say faraday cage not official SCIF yet 
> tries to insinuate this. The pic diagram on the left is not even close to how 
> a SCIF or even basic faraday cage would be built.  Its not a Faraday cage is 
> one side is some standard office wall. A SCIF is a complete enclosure on all 
> sides including top and bottom.  Official SCIFs are Tempest certified 
> enclosure which is far more than a basic faraday cage. SCIFs and TIPS are 
> GSA/NSA grade 5 spec'd and also deal with heat transmissions.  
> 
> Second the hack requires not only having access to the area around the 
> enclosure but to the computer itself and further that it allows for 
> successful upload the initial transmission side of the hack which has to be 
> done physically thru conventional means. Then a receiver has to be in some 
> close proximity to the SCIF enclosure/building to pickup these extremely weak 
> transmissions which a real TIPS SCIF to current spec would defeat.   
> 
> I don't know how many people have seen or used top grade TIPS/SCIF, but this 
> is not going to happen without it evolving a high level conspiracy.  No 
> leaving a bunch of flash drives in the parking lot is going to work.

Heck, at this point we're looking to soon be needing tinfoil hats to farady our 
very own brains. Putting chips inside the brain won't even be enough. In a few 
years we may have to take notes from Magneto to shield our brains.

Joke a side, this kind of hacks might become more commonplace one day. This 
kind of hacking has been going on for at least some years now, and some are 
pretty advanced. For people with a high profile attack value, taking measures 
against these earlier on than other people may indeed be advized, although 
still within reason, though of course when having a high profile attack value, 
paranoia may be more useful than otherwise.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6057df1f-52a3-4c53-ac2e-eb7944549d21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0 backup vm to USB from dom0

[Yuraeitha]

On Sunday, February 11, 2018 at 5:09:31 PM UTC+1, 
cybe...@national.shitposting.agency wrote:
> @Yuraeitha
> actually i am experiencing this bug with qvm-backup-restore:
> 
> https://groups.google.com/forum/#!topic/qubes-users/HZVBAqerLoI
> 
> Is there a way to manually trigger a refresh of the drop-down menu of 
> available qubes?  qvm-backup-restore does not reliably add qubes to the menu 
> of available vm's and my only way to use them is by using qvm-run
> 
> to be specific, this bug is only happening when trying to restore 
> fedora-25-dvm backed up from qubes 4.0-rc1, all other vm's restoration worked 
> fine

Apologies, I'm a bit exhausted/tired atm so I didn't read your post properly. 
You talked about backup from RC-1, and not updating from RC-1, so I definitely 
misunderstood. Though still, I'm only postulating, but it may also be a 
possible explanation as to why the dvm disappeared if it came from RC-1. But 
that's only guessing. Above all, none of the RC-x versions are production 
ready, so be careful if you put any important data on Qubes 4 early release 
cycles, before it becomes officially stable.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/354f2508-33ce-42d5-97b0-e96d230ef02e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: If you get "no authenticators available" with mutt

[Tim W]

On Friday, February 9, 2018 at 12:32:21 PM UTC-5, Konstantin Ryabitsev wrote:
> If you are trying to use mutt with the default Fedora-26 template and 
> can't figure out why authenticated smtp sending is giving you a "No 
> Authenticators Available" error, you need to install cyrus-sasl-plain.
> 
> Drove me half-mad before I figured that out. Hopefully it saves you a 
> bunch of clicks (and hair).
> 
> -K

thank you   that saved me the time of doing a bunch of searching and forum 
reading.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80737693-e515-4996-9233-587ee4ac7b4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to change desktop password?

[loadcorp]

The same when I see screensaver password. How could I change it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13efbe95-f72f-4735-a457-4c48f6d36d7c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0 backup vm to USB from dom0

[Yuraeitha]

On Sunday, February 11, 2018 at 5:09:31 PM UTC+1, 
cybe...@national.shitposting.agency wrote:
> @Yuraeitha
> actually i am experiencing this bug with qvm-backup-restore:
> 
> https://groups.google.com/forum/#!topic/qubes-users/HZVBAqerLoI
> 
> Is there a way to manually trigger a refresh of the drop-down menu of 
> available qubes?  qvm-backup-restore does not reliably add qubes to the menu 
> of available vm's and my only way to use them is by using qvm-run
> 
> to be specific, this bug is only happening when trying to restore 
> fedora-25-dvm backed up from qubes 4.0-rc1, all other vm's restoration worked 
> fine

Sorry for late reply, I missed your post until now. 

Wait, you installed RC-1 and updated to RC-4? The developers explicitedly 
recommend not to do this, and reinstall between RC-1 and RC-2. You can find 
this info in the release cycles for RC-2. But it should be no problem to 
upgrade from RC-2 to RC-3 and RC-4, though as memory serves there are some bits 
of extra information to take notice of in the RC-4 upgrade. It could be you run 
into some of these issues because if updated up from RC-1.


There are some good quick approaches to get a list while you include and 
exclude backup VM's. The most straight forward is to simply execute the qvm 
backup command prematurely, which prints two lists in the terminal, which are 
all those included and all those excluded, right before asking Yes/No to 
proceed. If it doesn't look right, just press "N" for no, and return to adjust 
your qvm-backup/qvm-backup-restore command for whichever to exclude or include. 

You can also open a second terminal window and run qvm-ls.

A third approach is to use the Qubes Manager, but I prefer not to use it. I 
listed these approaches in the order I prefer my self. 

The first one I mentioned is my favorite as its straight forward. I only use 
qvm-ls if I have a lot of VM's to exclude or include. By executing it 
prematurely, you easily get two lists that makes it easy to get an overview.
 

- - - - 
I'm not sure if the dvm you report as a bug is actually a bug, and not a 
feature? It might be Qubes adjusting and fixing old settings to current 
settings. dvm's, as far as I know anyway, being temporary VM's and all, hold no 
information on their own, so you can easily make new ones. I think it might be 
removed because dvm's has changed and been updated in Qubes 4 to allow any VM 
to have a dvm version, rather than just one like in Qubes 3.2. So it may just 
be Qubes autoadjusting itself. But I wouldn't know, it's guessing on my part at 
this point. But if dvm is all there is, then I wouldn't worry, though it would 
be nice with a more official explanation of course. For example if this could 
happen to a non dvm, then it gets a whole lot more scary all of a sudden, but 
at this point, it's hard to tell which it is for sure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db438c46-ba9f-495a-98d1-d7b926286a4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 4.0 rc-4 Blank screen on booting

[Yuraeitha]

On Tuesday, February 13, 2018 at 5:54:01 AM UTC+1, SM wrote:
> Hi
> 
> I installed qubes 4.0 rc-4 on my hp laptop the installation went perfectly 
> fine. I rebooted after the installation was over, laptop boots into qubes and 
> after a few lines passing by there is a blank screen endlessly. 
> 
> I am dual booting with windows. Is there anything that I need to modify I 
> order for this to work correctly. 
> 
> Thanks

If you're installing Qubes for the first time, then the most obvious first 
place to look is if you're using nvidia or other high-end graphic cards on 
Qubes, especially and most importantly, nvidia does frequently not work 
out-of-the-box. Intel graphics tend to work quite nice out-of-the-box though. 

If your laptop have two graphic cards as many laptops tend to have these days, 
then try make a temporary solution and disable the extra graphic card, and use 
the one that is considering onboard. For example you may very well have an 
Intel graphic card on that HP laptop. This would probably be the first thing to 
try if you haven't tried this already.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12c2d630-9da0-4293-9c4b-055687f65fc4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to change desktop password?

[Daniil .Travnikov]

вторник, 13 февраля 2018 г., 14:36:20 UTC+3 пользователь Yuraeitha написал:
> On Tuesday, February 13, 2018 at 11:59:02 AM UTC+1, Daniil .Travnikov wrote:
> > The same when I see screensaver password. How could I change it?
> 
> I believe passwd is a UNIX command across all Linux systems, including Qubes 
> OS which is based on-top of Fedora/Xen. So this is "perhaps" what you're 
> looking for.
> 
> I looked around, and I found this different Qubes password issue fix which 
> includes the use of passwd 
> https://groups.google.com/forum/#!topic/qubes-users/ckDuXUz1qOw it seems to 
> indicate that passwd is used for Qubes too, not surprisingly, but I can't 
> tell with certainty so I had to look for confirmation.
> 
> Try "man passwd" or "passwd --help" in dom0, it should give you instructions. 
> I believe there is no difference here between Fedora and Qubes running on-top 
> of Fedora, when it comes to passwords, however, be careful as I do not know 
> this for certain. 
> 
> You might want to backup everything first if you're doing something that can 
> potentially lock you out of your system. If you are in a hurry, then only 
> backup the AppVM's or the most important AppVM's, just be sure to keep your 
> important data safe. Too many take the risk and some day end up paying the 
> price.

Very appreciate!
'passwd --help' command helped me to change my password.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0df5319b-012a-4a11-9697-8fa00e8554ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to change desktop password?

[Yuraeitha]

On Tuesday, February 13, 2018 at 11:59:02 AM UTC+1, Daniil .Travnikov wrote:
> The same when I see screensaver password. How could I change it?

I believe passwd is a UNIX command across all Linux systems, including Qubes OS 
which is based on-top of Fedora/Xen. So this is "perhaps" what you're looking 
for.

I looked around, and I found this different Qubes password issue fix which 
includes the use of passwd 
https://groups.google.com/forum/#!topic/qubes-users/ckDuXUz1qOw it seems to 
indicate that passwd is used for Qubes too, not surprisingly, but I can't tell 
with certainty so I had to look for confirmation.

Try "man passwd" or "passwd --help" in dom0, it should give you instructions. I 
believe there is no difference here between Fedora and Qubes running on-top of 
Fedora, when it comes to passwords, however, be careful as I do not know this 
for certain. 

You might want to backup everything first if you're doing something that can 
potentially lock you out of your system. If you are in a hurry, then only 
backup the AppVM's or the most important AppVM's, just be sure to keep your 
important data safe. Too many take the risk and some day end up paying the 
price.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19e3ca0a-0bdb-46bc-96a7-5cb01f84ef84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Three systems (linux)

[Tim W]

On Friday, February 9, 2018 at 6:18:38 PM UTC-5, 
bm-2ctrx1tl5lg8cfa...@bitmessage.ch wrote:
> I solved the problem. The thread can be removed.

Just mark the posts completed and it will show completed in the listed

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61af5d1d-3d35-4a89-915c-64bf0b061ee4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Install on Dell XPS 13 (9350)

[xxx . leny]

Thank you for your help awokd, I now have sys-net running in HVM mode on the 
XPS 9350 wifi card in permissive mode, this resolve the issue on 4.0.



> 
> PV is ParaVirtual mode. It's OK for testing, but in R4.0 you want to use
> PVH mode for everything except for qubes with an attached PCI device need
> HVM mode.
> 
> PS I have a document update in progress explaining how to assign devices
> in permissive mode in R4.0. It's a different procedure than R3.2. See
> https://github.com/awokd/qubes-doc/blob/patch-15/configuration/assigning-devices.md/#pci-passthrough-issues
> for the working copy. The approved version of it should end up here
> eventually: https://www.qubes-os.org/doc/assigning-devices/ .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d26f2ab5-0fc0-4f13-a031-df1964c2dc40%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Install on Dell XPS 13 (9350)

['awokd' via qubes-users]

On Tue, February 13, 2018 11:32 am, xxx.l...@gmail.com wrote:
> Thank you for your help awokd, I now have sys-net running in HVM mode on
> the XPS 9350 wifi card in permissive mode, this resolve the issue on 4.0.

Glad it worked out! But consider getting a different wifi card some day
that doesn't need permissive mode, it's not the best from a security
perspective. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d68758aa5ad194faf78c3b94d1f8f647.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL report (success!) - Gigabyte Z170X-UD3, i5-6600K, Nvidia Geforce 1070 | Qubes 4.0-rc4

[Christopher Ludwin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

No problems with this setup at all.

- - Tested 4k and 1080p displays in extended configuration with stock
nouveau drivers and working well.

- - Was able to use a variety of USB devices, attaching them to various
VMs without incident.

- - Sandisk Extreme USB 3.0 128Gb was used as installation media
(prepared using dd).

- - Installation did not interfere/write to any non-targeted drives
(verified absence of issue from 3.2).

- - Audio working fine as well.
-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQQu8ZeEbCC1CKCz+5U+AIqI6+k68QUCWoLizQAKCRA+AIqI6+k6
8Zq8AQC9LDlXGVeiUuniZxCgOzWLbrKLCohxrimd3ZrFV4Ra6AEA9heitrzFMcR5
jwZIMQ3vwbiL3OTUxPcHpRLZ6MvQzQY=
=ZfFt
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a46d47a-10a3-85db-bef8-aeaba5f23a23%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Gigabyte_Technology_Co___Ltd_-Z170X_UD3-20180213-043325.yml
Description: application/yaml


0x714DAB5C.asc
Description: application/pgp-keys


Qubes-HCL-Gigabyte_Technology_Co___Ltd_-Z170X_UD3-20180213-043325.yml.sig
Description: PGP signature


0x714DAB5C.asc.sig
Description: PGP signature

[qubes-users] Re: RC 4.0 Bootup problem

[Yuraeitha]

On Monday, February 12, 2018 at 6:20:44 PM UTC+1, Mr F wrote:
> Hi!
> 
> This problem is most likely not unique but I dont know how to formulate this 
> screen in writing in order to search for others that might have the same 
> problem (Please see the attached image)
> 
> Using a Lenovo Yoga 720. 
> 
> From this menu I have tried these two suggested fixes:
> 
> 1) "In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press 
> e.
> At the end of chainloader line add /mapbs /noexitboot.
> Perform installation normally, but don’t reboot the system at the end yet."
> 
> 2) "In GRUB menu1 press e.
> At the end of chainloader line add -- efi=attr=uc.
> Perform installation normally, but don’t reboot the system at the end yet."
> 
> None of them work and the system halts showing the attached screen. 
> 
> F

In addition to what awokd suggested which I agree with.

Is this the installer boot? or an existing install boot?
If installer boot or after boot from after finished new install, then try 
re-install with LegacyBIOS/Grub instead of UEFI/EFI, besides UEFI/EFI really 
isn't any more secure, while LegacyBIOS/Grub is old, UEFI/EFI is crapware, so 
they even out somehwat, however you may have an easier time with 
LegacyBIOS/Grub. With little information you get a lot of suggestions though, 
so there are plenty of other things you can try, for example look here for more 
things to try out, even if the reason is different, this debugging and fix 
work-arounds could work for you too: 
https://groups.google.com/forum/#!topic/qubes-users/M5laQSahuiE

In order to give more accurate help, we'd need more information. For example 
questions, such as like those I asked the other guy in the link.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a3513a8-4d86-4e22-b7cf-3b24ff945fd3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2

[Chris Laprise]

On 02/12/2018 07:01 PM, vel...@tutamail.com wrote:

I have tried, tried, tried ...and tried and I am over my head! (Fedora 26, 
Qubes 3.2)

I am stuck

I tried this:
https://www.qubes-os.org/doc/vpn/

and this, this was a pretty good video but unfortunately its not the same as 
PIAs config.:
https://www.youtube.com/watch?v=K1_zqT7_N7k (Nice video internetz.me...learned 
a lot)

Qubester I went down your path as well but wasn't sure where to go after.


But couldn't really get off step 2 of the Qubes instructions...primarily due to 
my linux skills.

Can anybody help?

I got a NetVM working but with out a kill switch and credentials exposed it 
just doesn't work for me.

Looking at the Qubes instructions, I was able to create the "sudo mkdir 
/rw/config/vpn" but then things fall apart.

My specific questions from the VPN instructions that keep derailing me, 
specifically the basic commands needed are:

1) How do I copy files to: "Copy your VPN config files to /rw/config/vpn"?



Each VPN service supplies configs in their own way, but usually there 
should be some option to simply download a zip or tar.


In PIA's case they don't make it easy to find where the openvpn configs 
are, but they're there:


https://www.privateinternetaccess.com/pages/client-support/#fifth

Any of the three *ip, *tcp or *strong-tcp will work.

After downloading the file, unzip the contents to /rw/config/vpn. For 
example:


$ cd /rw/config/vpn
$ sudo unzip ~/Downloads/openvpn-ip.zip

There are multiple configs (one for each region) so pick one and copy it 
to the config filename that will be used:


$ sudo cp "US East.ovpn" openvpn-client.ovpn


--

At this point you can continue with the doc instructions, but I'd 
recommend switching to the method at 
https://github.com/tasket/Qubes-vpn-support


It comes with an installer and you'll notice the instructions are pretty 
simple.




2) "Create a file in the /rw/config/vpn folder with your credentials and using a 
directive"...how do I do this?


This is done automatically by the Qubes-vpn-support installer. To do it 
manually, just "sudo nano /rw/config/vpn/pass.txt" and add your PIA 
username and password, one on each line.



3) I haven't gotten further but suspect I'll have more questions.

Anybody have a source for a tutorial...I have googled the h3ll out of this and 
more questions then answers.


I'm preparing new vpn tunnel support in Qubes and a simplified doc to go 
with it. This should be available within a week or two. In the meantime 
I suggest using Qubes-vpn-support at the above link.



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/160e3e39-5aa8-3b4b-f4d2-a0ed69b3eebf%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 4.0 rc-4 Blank screen on booting

[Yuraeitha]

On Tuesday, February 13, 2018 at 5:54:01 AM UTC+1, SM wrote:
> Hi
> 
> I installed qubes 4.0 rc-4 on my hp laptop the installation went perfectly 
> fine. I rebooted after the installation was over, laptop boots into qubes and 
> after a few lines passing by there is a blank screen endlessly. 
> 
> I am dual booting with windows. Is there anything that I need to modify I 
> order for this to work correctly. 
> 
> Thanks

Also remember the act of taking out your drive which also has Windows installed 
on it, and putting it in another machine, as I suggested in one of the examples 
above, may break Windows's ability to boot in UEFI/EFI once you put it back in 
again. So be sure you backup your Windows and any valuable data on the drive if 
you try this approach, just to be safe. Windows is generally more robust when 
it comes to restoring UEFI/EFI, but you can never be too careful with this kind 
of buggy crapware that is UEFI, not to mention, Windows. So be careful here if 
you go with the drive swap approach, there may be dragons for any existing 
data, both on the drive itself, and the other machine's UEFI/EFI paths too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a23d1f8-778a-4924-af7e-334d904060f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Do you use Qubes OS as your main OS on primary PC? What kind of work do you get done on it?

[Yuraeitha]

On Tuesday, February 13, 2018 at 2:32:17 AM UTC+1, StefanUrkel . wrote:
> btw, is upgrading an existing Qubes install to a new version pretty much 
> simply downloading the new version and choosing an option for upgrading 
> existing installations?  or is it more involved than that or even requires a 
> fresh install?
> 
> 
> 
> 
> 
> 
> On Fri, Feb 9, 2018 at 2:20 PM,   wrote:
> Without support for hardware acceleration of virtual machines, plus needing 
> specific hardware compatible with Qubes OS, what kinds of work do you get 
> done if Qubes is your main OS on primary PC?
> 
> 
> 
> I want to run Davinci Resolve, which is a video editor that runs on Linux, 
> but it takes advantage of the discrete GPU, and it seems Qubes does not 
> support hardware acceleration nor virtual machines.
> 
> 
> 
> So, I'm curious, for those who use Qubes, what actual work do you get done?
> 
> 
> 
> I've also tried playing youtube videos but found audio out of sync and I 
> could not resize or maximize the playback window.
> 
> 
> 
> I may have tried the second to latest version released so maybe things have 
> changed or will change in 4.x?
> 
> 
> 
> Not being able to run VMs, Davinci Resolve, or youtube are making me have to 
> look at other options like OS X, Windows 10, and Linux.
> 
> 
> 
> I was leaning towards OS X but enabling case sensitivity for the file system 
> can break certain apps like those from Adobe, or cause other problems.. And I 
> prefer linux/unix like command-lines to DOS, so kind of leaning away from 
> Windows 10.
> 
> 
> 
> That leaves Linux distros like Debian, Mint, e bv  But I'm wondering how 
> secure it will be compared to Qubes?
> 
> 
> 
> 
> 
> 
> 
> --
> 
> You received this message because you are subscribed to a topic in the Google 
> Groups "qubes-users" group.
> 
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/qubes-users/0MTK1iFG0hI/unsubscribe.
> 
> To unsubscribe from this group and all its topics, send an email to 
> qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/e6383ea1-5152-4995-addd-36891420db58%40googlegroups.com.
> 
> For more options, visit https://groups.google.com/d/optout.

In addition to what Tim W said, you can also keep a Qubes RC-2 install, and 
update normally to RC-3 and RC-4, simply by updating dom0 and templates, like 
you normally do, nothing special to do here. But I do recommend you read each 
release cycle news, as the developers sometimes have special notes on this 
issue as they began doing in Qubes 4 RC-X releases. For example RC-3 to RC-4 
has some notes.

But yes, 
RC-2 to RC-3, 
RC-3 to RC-4, 
and 
RC-2 to RC-4, 

should all be good paths to take.
But stay clear of RC-1, the developers recommend a re-install between RC-1 and 
RC-2.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f708f38-ba9c-4605-a0cf-a603dcbcc4ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template

[Yuraeitha]

On Tuesday, February 13, 2018 at 9:29:40 AM UTC+1, Ivan Mitev wrote:
> On 02/12/2018 07:12 PM, Ivan Mitev wrote:
> > 
> > 
> > On 02/12/2018 06:47 PM, Unman wrote:
> >> On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote:
> >>>
> >>>
> >>> On 02/12/2018 06:26 PM, Unman wrote:
>  On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote:
> >
> >
> > On 02/12/2018 11:42 AM, Yuraeitha wrote:
> >> On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev wrote:
> >>> Hi,
> >>>
> >>> In an effort to decrease R4's memory consumption I'm replacing the
> >>> default fedora-26 template with a customized one based on the 
> >>> official
> >>> minimal fedora-26 template.
> >>>
> >>> I installed additional RPMs according to the documentation [1] and
> >>> everything seems to be working well, with a noticeable decrease of
> >>> memory usage. However I get the following error when opening a VM's
> >>> firewall settings gui:
> >>>
> >>> "The 'work' qube is network connected to 'sys-firewall', which 
> >>> does not
> >>> support firewall!
> >>> You may edit the 'work' qube firewall rules, but these will not 
> >>> take any
> >>> effect until you connect it to a working Firewall qube."
> >>>
> >>> But again, everything seems to work fine: the firewall rules are
> >>> properly enforced, there's no problem with net connectivity, the 
> >>> update
> >>> proxy is working, ...
> >>>
> >>> There's no error message when sys-firewall is based on the default
> >>> fedora-26 template so I'm likely missing something but I don't 
> >>> see what.
> >>> I compared the qubes rpms installed in both templates but didn't 
> >>> notice
> >>> anything striking. Maybe there's a flag/preference or something that
> >>> needs to be set but I don't see where.
> >>>
> >>> Any ideas ?
> >>>
> >>> Thanks
> >>> Ivan
> >>>
> >>> [1] https://www.qubes-os.org/doc/templates/fedora-minimal/
> >>
> >>
> >> It sounds odd, it usually should work changing the template. My 
> >> initial thought-line on this issue goes like this, maybe it can be 
> >> of use.
> >>
> >> Is the iptable firewall package installed in the minimal template?
> >>
> >> I'm thinking it may be iptables that is missing, since minimal 
> >> templates can be used for offline purposes too, then iptables is 
> >> probably not included like most other things that has been removed.
> >
> > iptables is installed (that's one of the first thing I checked 
> > after I saw
> > the error msg).
> >
> >
> > [...]
> >
> >> - If Qubes tools are installed, networking works etc, and you got 
> >> iptables installed already, then my thoughts are that it's likely 
> >> missing system-config-*'s and the unavoidable full array of 
> >> dependencies going with it.
> >
> > Hmm, what are those system-config-*s you're talking about ?
> >
> >
> >> - Try clone the template and essentially go berserk and not 
> >> holding back, install the entire system-config- array of packages, 
> >> see if networking works. If not, then either something is still 
> >> missing, or firewalling has nothing to do with the system-config 
> >> packages.
> >>
> >> - If it works, then try narrow down which packages that are used 
> >> for firewalling, perhaps you can reduce the amount of dependency 
> >> packages being pulled if you install just the package that 
> >> firewall is using.
> >
> > If there aren't hardcoded changes or manual configurations made in the
> > default fedora-26 template then yes, installing the exact same of 
> > rpms would
> > in theory fix the problem. But before spending significant time on
> > installing a bunch of rpms and then dissecting I thought I'd ask 
> > fellow
> > users first... Maybe the cause is obvious and I'm overlooking 
> > something.
> >
> 
>  I just want to check - you say that the firewall rules are properly
>  enforced, and that everything works properly EXCEPT that you get a
>  warning.
> >>>
> >>> Exactly.
> >>>
> >>> BTW qvm-firewall works and doesn't output any error message...
> >>>
> >>
> >> Yes, thought so - it's probably a bug in the gui code that checks
> >> connected  netvm status. Does it happen with every connected qube?
> > 
> > Yes, it happens to all the vms connected to sys-firewall.
> > 
> > I just reverted sys-firewall's template to the default f26 and there was 
> > no more error message, so it doesn't look like a bug in the gui, 
> > something is likely missing in my customized template. Just have to find 
> > what :)
> 
> figured it out quickly this morning: in qubes-manager/settings.py the 
> error message is displayed when the template doesn't have the 
> 'qubes-firewall' feature.
> 
> fix:

[qubes-users] Re: 4.0 rc-4 Blank screen on booting

[Yuraeitha]

On Tuesday, February 13, 2018 at 5:54:01 AM UTC+1, SM wrote:
> Hi
> 
> I installed qubes 4.0 rc-4 on my hp laptop the installation went perfectly 
> fine. I rebooted after the installation was over, laptop boots into qubes and 
> after a few lines passing by there is a blank screen endlessly. 
> 
> I am dual booting with windows. Is there anything that I need to modify I 
> order for this to work correctly. 
> 
> Thanks

It's unlikely to be caused by Windows, just be sure you know what you do in 
advance so you don't wipe your Windows install or make it unbootable. Also take 
note, Qubes is less secure when using dual-boot, although if you have to 
dual-boot, then Qubes is still worth it in terms of security, it's just "less" 
secure than it could be, although the risk are typically exotic attacks, but in 
the future they may become common attacks.

As for the black screen, 
- It sounds a lot like a graphic driver issue, did Qubes 4 work on previous 
versions? 
- Does Qubes 3.2. work on this machine? 
- Does other Linux/kernel's work on this machine?
- Did you check and make sure settings are correct in UEFI? Sometimes unobvious 
settings, even graphic settings in UEFI, can cause boot issues for Qubes.
- Did you try change between UEFI/EFI and LegacyBIOS/Grub boot?'
- Does your laptop support Qubes minimum specifications? Do you get a lack of 
hardware-support warning during early Qubes install? Do you have virtualization 
on your Intel or AMD CPU/Motherboard? Is it enabled in UEFI? 

If the graphic driver is bad, then you can try change it in Grub menu (assuming 
you installed with Grub, which makes this easier to fix). As for which driver 
to change into, I'm not sure, but there are people around here far, far more 
knowledgable than I, so maybe wait for those and hope someone will post. You 
can also find a lot of graphic boot fixes in other Linux discussions, try 
google it up. If this is the fault, then it's not uniquely a Qubes issue, and 
you can find a lot of topics on this on the internet. Meanwhile I can offer 
some other work-arounds you can try.

Please read them all before picking one, one may be more attractive to try than 
another.


- - - - -
One alternative is to try install RC-3 or RC-2 instead, these are direct 
updateable to the same updates in RC-4. The reason they released new RC-x 
versions, as far as I can tell, is only because of two reasons, first better 
working out-of-the-box with fewer required updates to get things started, and 
second and more importantly, boot issues and hardware support, for example like 
these. Odds are that something was changed which might not work for your 
hardware, so it's worth trying to see if you install RC-3 or RC-2. 

Don't install RC-1, as noted here:
"As a consequence of the partition layout change, it will be necessary for 
current 4.0-rc1 testers to perform a clean reinstall of 4.0-rc2 rather than 
attempting to upgrade in-place." 
https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/

But you can install RC-2, as noted here: 
"Current users of Qubes 4.0-rc2 can upgrade in-place by downloading the latest 
updates from the testing repositories in both dom0 and TemplateVMs." 
https://www.qubes-os.org/news/2017/11/27/qubes-40-rc3/

And you can install RC-3, as noted here:
"Current users of Qubes 4.0-rc3 can upgrade in-place by downloading the latest 
updates from the testing repositories in both dom0 and TemplateVMs. As 
explained in QSB #37, Qubes 4.0-rc4 uses PVH instead of HVM for almost all VMs 
without PCI devices by default as a security measure against Meltdown, and this 
change will also be released as a patch for existing Qubes 4.0 installations in 
the coming days. Therefore, current Qubes 4.0 users will benefit from this 
change whether they upgrade in-place from a previous release candidate or 
perform a clean installation of 4.0-rc4." 
https://www.qubes-os.org/news/2018/01/31/qubes-40-rc4/


* * * * 
Keep in mind to follow the link above in case you pick a RC-3 version to try, 
to read up on any details, for example RC-3 to RC-4 has some upgrade details to 
take note on.


- - - -
A third approach could be to take out the drive and install Qubes on another 
machine, then update everything on the other machine, before putting it back in 
your first machine again. This way you can often bypass issues that are later 
fixed, or only occurring during install. Just make sure you trust your second 
machines hardware, and remove any existing drives during install, and don't 
install with UEFI/EFI on the second machine if you got existing UEFI/EFI 
installs on it, it can sometimes be messy to restore UEFI/EFI paths, you may 
loose these OS systems. Use LegacyBIOS/Grub install, it's much safer. I've 
managed to install a good handful Qubes 4 systems using this approach, which 
otherwise would not have worked despite hours of debugging. So this may be 
worth a shot for you too.


- - - - - 
Last approach I can think of right now, is to boot 

Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template

[Ivan Mitev]

On 02/12/2018 07:12 PM, Ivan Mitev wrote:



On 02/12/2018 06:47 PM, Unman wrote:

On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote:



On 02/12/2018 06:26 PM, Unman wrote:

On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote:



On 02/12/2018 11:42 AM, Yuraeitha wrote:

On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev wrote:

Hi,

In an effort to decrease R4's memory consumption I'm replacing the
default fedora-26 template with a customized one based on the 
official

minimal fedora-26 template.

I installed additional RPMs according to the documentation [1] and
everything seems to be working well, with a noticeable decrease of
memory usage. However I get the following error when opening a VM's
firewall settings gui:

"The 'work' qube is network connected to 'sys-firewall', which 
does not

support firewall!
You may edit the 'work' qube firewall rules, but these will not 
take any

effect until you connect it to a working Firewall qube."

But again, everything seems to work fine: the firewall rules are
properly enforced, there's no problem with net connectivity, the 
update

proxy is working, ...

There's no error message when sys-firewall is based on the default
fedora-26 template so I'm likely missing something but I don't 
see what.
I compared the qubes rpms installed in both templates but didn't 
notice

anything striking. Maybe there's a flag/preference or something that
needs to be set but I don't see where.

Any ideas ?

Thanks
Ivan

[1] https://www.qubes-os.org/doc/templates/fedora-minimal/



It sounds odd, it usually should work changing the template. My 
initial thought-line on this issue goes like this, maybe it can be 
of use.


Is the iptable firewall package installed in the minimal template?

I'm thinking it may be iptables that is missing, since minimal 
templates can be used for offline purposes too, then iptables is 
probably not included like most other things that has been removed.


iptables is installed (that's one of the first thing I checked 
after I saw

the error msg).


[...]

- If Qubes tools are installed, networking works etc, and you got 
iptables installed already, then my thoughts are that it's likely 
missing system-config-*'s and the unavoidable full array of 
dependencies going with it.


Hmm, what are those system-config-*s you're talking about ?


- Try clone the template and essentially go berserk and not 
holding back, install the entire system-config- array of packages, 
see if networking works. If not, then either something is still 
missing, or firewalling has nothing to do with the system-config 
packages.


- If it works, then try narrow down which packages that are used 
for firewalling, perhaps you can reduce the amount of dependency 
packages being pulled if you install just the package that 
firewall is using.


If there aren't hardcoded changes or manual configurations made in the
default fedora-26 template then yes, installing the exact same of 
rpms would

in theory fix the problem. But before spending significant time on
installing a bunch of rpms and then dissecting I thought I'd ask 
fellow
users first... Maybe the cause is obvious and I'm overlooking 
something.




I just want to check - you say that the firewall rules are properly
enforced, and that everything works properly EXCEPT that you get a
warning.


Exactly.

BTW qvm-firewall works and doesn't output any error message...



Yes, thought so - it's probably a bug in the gui code that checks
connected  netvm status. Does it happen with every connected qube?


Yes, it happens to all the vms connected to sys-firewall.

I just reverted sys-firewall's template to the default f26 and there was 
no more error message, so it doesn't look like a bug in the gui, 
something is likely missing in my customized template. Just have to find 
what :)


figured it out quickly this morning: in qubes-manager/settings.py the 
error message is displayed when the template doesn't have the 
'qubes-firewall' feature.


fix:

qvm-features fedora-26-minimal qubes-firewall 1

out of curiosity I tried to find where/when this feature is set for the 
default fedora-26 template: there's a comment in 
qubes/ext/core_features.py that says '[this feature] can be freely 
enabled or disabled by template' but I don't understand what it's 
supposed to mean - whether the template automatically sets it somehow 
(but then how ?) or if it can be set for each template. It's probably 
the latter; in that case maybe the feature is set by the template's rpm 
postscripts (but then I couldn't find any mention of "qvm-features" in 
the qubes-builder-fedora repo).




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] How to set/hange propterty 'Qubes.default_dispvm'?

[Johannes Graumann]

On Mon, 2018-02-12 at 09:10 -0800, brendan.h...@gmail.com wrote:
> I had to reread the thread three times to realize that qvm-prefs and
> qubes-prefs were different. :)
> 


Indeed ... that is what happened to me too ... after changing the
default dvm for all VMs via 'qvm-prefs' and globally via 'qubes-prefs'
I was able to cull fedora-25 from my installation (other than dom0).

Sincerely, Joh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1518515862.16585.2.camel%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Firewall rules for Thunderbird and Gmail

[Yuraeitha]

On Monday, February 12, 2018 at 8:58:17 PM UTC+1, donoban wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 02/12/2018 06:39 PM, Demi Obenour wrote:
> > What websites and ports do I need to whitelist if I want to enable
> > use Thunderbird with GMail and Google Calendar?  I am using the
> > Google Calendar add-on.
> 
> Since Google uses a lot of different ip's it's pretty hard to maintain
> an ip based firewall for access their services. You can try with ping
> and digg commands for get some ip's of their domains but them will
> likely change in few time.
> 
> 
> I think that you can achieve it using http filtering [1] but I've
> never tried.
> 
> [1] https://www.qubes-os.org/doc/config/http-filtering-proxy/
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqB8c0ACgkQFBMQ2OPt
> CKUQLg//QCWyf/Tf28luozYNWaZ5xY1IqpdWL4y4l5x/1jw9y5CCNPXyhPsu911F
> zxbvLR4r18007tmNtJdCCF7LmH3vCU+FwQb54e10kObTz0QyhZ7AQd22RTa6TgF1
> FM9N7dQdaT4OxtmbTvy1wLEwllSvqDGg0n/Iqbj7QNw5x9M7X0Y/A/WlMBFZzY1E
> 3BagXL398m7Ha1ZKiOKRX2xI0odrvCUmknChssJQsRnlaFsFsAUFooCdPeeucEQl
> /NZuM3XhV/K5yNZZSuMTDo8AD2E4cWicG0EHKGHaGWls0c4GjQzTEOA7Wt+Y9zrl
> XnQCTWgPvo9va2AM4H+YX4phtp8XR5eh0wXJ5dEdFToa+FCAteVzpMSaxM208xvs
> fb/mjOvqWf7ubxCRdpCgEHxlSINri2FhopMi3i+h/0KG7/pzhdQlQsSNsPKVxhMZ
> ebvIv04VCNPso5BnIVykz5p1AhQvB10KT+ITiTpKKOFhS+P57A35kptlGCC0ztOV
> 7cdAz/3Sp3YfDOcyBuqLsl33KQfpnjgeaTAnHx5v6ND5M2bTzSx7IT//EmWjRbzm
> jckEuecHP2kh1g3D2AWu/c2AW82PWcHEg1Qj6RgqmsZtgovpx96w4zLGKeRS0C40
> flTk5zNTpXlZ+ZZxp44MY3kkweUy3CUgjqPIOOg7Fo48buisJC4=
> =C5BZ
> -END PGP SIGNATURE-

Isn't it possible to use DNS on those multiple of IP's from google? or are they 
changing DNS's too like they change IP's? That would be such a headache if they 
do though... Also, DNS can be stolen through hacking DNS services (but not 
spoofed right?), so I guess it may be a security risk not to use IP's over DNS? 
But Google should have some pretty tight security on their DNS's? Like not just 
a password, but second factor authentication etc. too. I'm merely thinking out 
aloud here, any chance anyone can put this straight with facts? As such, it 
might help the OP if a DNS approach works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/70b6d8a6-ac2c-4d6e-8822-dc9c2ae58615%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 4.0 rc-4 Blank screen on booting

[SM]

Hi Yuraeitha

As for the laptop part it’s a fairly old machine, and it does satisfy the 
hardware requirements. I did have Debian stretch installed previously and it 
was working great. 

For the hardware warning part the installation starts without any warnings and 
boots into graphical installer and the installation completes normally with no 
errors. 

After booting into qubes initially the boot is successful but the screen never 
displays the login screen, it goes blank. I’d like to try if there is anything 
I can do on the machine before I take the drive to other machine or something 
like that. 

The last solution you mentioned about updating dom0 by getting into current 
installation could expand on that please. Could you guide me on how that can be 
done?

Thanks 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6fd3a00e-1b91-49e0-b2f7-427dff9a1f2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Feb 13, 2018 at 10:29:33AM +0200, Ivan Mitev wrote:
> 
> 
> On 02/12/2018 07:12 PM, Ivan Mitev wrote:
> > 
> > 
> > On 02/12/2018 06:47 PM, Unman wrote:
> > > On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote:
> > > > 
> > > > 
> > > > On 02/12/2018 06:26 PM, Unman wrote:
> > > > > On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote:
> > > > > > 
> > > > > > 
> > > > > > On 02/12/2018 11:42 AM, Yuraeitha wrote:
> > > > > > > On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev 
> > > > > > > wrote:
> > > > > > > > Hi,
> > > > > > > > 
> > > > > > > > In an effort to decrease R4's memory consumption I'm replacing 
> > > > > > > > the
> > > > > > > > default fedora-26 template with a customized one
> > > > > > > > based on the official
> > > > > > > > minimal fedora-26 template.
> > > > > > > > 
> > > > > > > > I installed additional RPMs according to the documentation [1] 
> > > > > > > > and
> > > > > > > > everything seems to be working well, with a noticeable decrease 
> > > > > > > > of
> > > > > > > > memory usage. However I get the following error when opening a 
> > > > > > > > VM's
> > > > > > > > firewall settings gui:
> > > > > > > > 
> > > > > > > > "The 'work' qube is network connected to
> > > > > > > > 'sys-firewall', which does not
> > > > > > > > support firewall!
> > > > > > > > You may edit the 'work' qube firewall rules, but
> > > > > > > > these will not take any
> > > > > > > > effect until you connect it to a working Firewall qube."
> > > > > > > > 
> > > > > > > > But again, everything seems to work fine: the firewall rules are
> > > > > > > > properly enforced, there's no problem with net
> > > > > > > > connectivity, the update
> > > > > > > > proxy is working, ...
> > > > > > > > 
> > > > > > > > There's no error message when sys-firewall is based on the 
> > > > > > > > default
> > > > > > > > fedora-26 template so I'm likely missing
> > > > > > > > something but I don't see what.
> > > > > > > > I compared the qubes rpms installed in both
> > > > > > > > templates but didn't notice
> > > > > > > > anything striking. Maybe there's a flag/preference or something 
> > > > > > > > that
> > > > > > > > needs to be set but I don't see where.
> > > > > > > > 
> > > > > > > > Any ideas ?
> > > > > > > > 
> > > > > > > > Thanks
> > > > > > > > Ivan
> > > > > > > > 
> > > > > > > > [1] https://www.qubes-os.org/doc/templates/fedora-minimal/
> > > > > > > 
> > > > > > > 
> > > > > > > It sounds odd, it usually should work changing the
> > > > > > > template. My initial thought-line on this issue goes
> > > > > > > like this, maybe it can be of use.
> > > > > > > 
> > > > > > > Is the iptable firewall package installed in the minimal template?
> > > > > > > 
> > > > > > > I'm thinking it may be iptables that is missing,
> > > > > > > since minimal templates can be used for offline
> > > > > > > purposes too, then iptables is probably not included
> > > > > > > like most other things that has been removed.
> > > > > > 
> > > > > > iptables is installed (that's one of the first thing I
> > > > > > checked after I saw
> > > > > > the error msg).
> > > > > > 
> > > > > > 
> > > > > > [...]
> > > > > > 
> > > > > > > - If Qubes tools are installed, networking works
> > > > > > > etc, and you got iptables installed already, then my
> > > > > > > thoughts are that it's likely missing
> > > > > > > system-config-*'s and the unavoidable full array of
> > > > > > > dependencies going with it.
> > > > > > 
> > > > > > Hmm, what are those system-config-*s you're talking about ?
> > > > > > 
> > > > > > 
> > > > > > > - Try clone the template and essentially go berserk
> > > > > > > and not holding back, install the entire
> > > > > > > system-config- array of packages, see if networking
> > > > > > > works. If not, then either something is still
> > > > > > > missing, or firewalling has nothing to do with the
> > > > > > > system-config packages.
> > > > > > > 
> > > > > > > - If it works, then try narrow down which packages
> > > > > > > that are used for firewalling, perhaps you can
> > > > > > > reduce the amount of dependency packages being
> > > > > > > pulled if you install just the package that firewall
> > > > > > > is using.
> > > > > > 
> > > > > > If there aren't hardcoded changes or manual configurations made in 
> > > > > > the
> > > > > > default fedora-26 template then yes, installing the
> > > > > > exact same of rpms would
> > > > > > in theory fix the problem. But before spending significant time on
> > > > > > installing a bunch of rpms and then dissecting I thought
> > > > > > I'd ask fellow
> > > > > > users first... Maybe the cause is obvious and I'm
> > > > > > overlooking something.
> > > > > > 
> > > > > 
> > > > > I just want to check - you say that the firewall rules are properly
> > > > > enforced, and that everything works properly EXCEPT that you get a
> > > > > warning.
> > > > 
> > > > 

[qubes-users] Building Centos template conflict error?

[Tim W]

I was having issues building Centos template for 4.0 so I decided to first see 
if it would build for 3.2.

Doing setup script templates only.  I editing example-confg 3.2 conf file and 
removed the FC version from DISTS_VM line.

I built it per component and it fails on the last one linux-template-builder.
os

In the centos7-template.log it shows the following conflict error

file /etc/dconf/profile/user from install of 
qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package 
dconf-0.26.0-2.el7.x86_64

Ultimately I want to build these for 4.0 but figured first getting it working 
for 3.2 as its suppose to work there already.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab93793f-ebc9-4869-aba9-ab962625a2a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] fixing LVM corruption, question about LVM locking type in Qubes

[qtpie]

Summary: fixing LVM corruption, question about LVM locking

My laptop battery went to 0%. The lid was closed but maybe the laptop
was not suspended, which was could have been the cause of an LVM
corruption which I did manage to fix with the help of numerous obscure
sources.

I'm posting the fix here since I couldnt find a description of this
exact issue anywhere else. I didn't write down the exact wording of the
errors when they happened, I hope the keywords make it clear enough. I'm
not an LVM expert so please correct any errors.

I also have a question at the end about LVM locking and Qubes which I
hope somebody can answer.

Problem description
- At boot I Enter the luks password
- Errormessages (unsure about order in which they appeared):
'dracut initqueue timeout - starting timeout scripts' > repeated 30 
times
'you may have to regenerate initramfs'
'/dev/mapper/qubes_dom0-root does not exist'
- Computer enters into a dracut shell

Regenerating initramfs did NOT solve the problem. The following did:

- in the dracut shell, start lvm
- Enter command: "vgchange -ay". Response should be 'Volumegroup x
activated' or something similar
- Enter command: 'lvconvert --repair (logical volume name, in my case
qubes_dom0/pool00'
- Errormessage: 'cannot repair, lvm locking type = 4 (read only)'.
- Change lvm locking type to 1 in /etc/lvm/lvm.conf
- Retry command lvconvert --repair (logical volume name, in my case
qubes_dom0/pool00.
- After the process finishes exit the dracut shell and continue boot
process.

Questions:
- what is the standard LVM locking type for a Qubes install? (in Fedora
it is 1).
- if not 1 should I change it back?
- if 1 what caused it to be changed?
- is powerfailure the probable cause of this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b735c4fe-3a99-9cce-92ac-0f4303ce56d3%40disroot.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 4.0-rc3: sys-net not getting updated template OS image?

[Steve Coleman]

I have a strange situation where my sys-net's software template 
"fedora-26-net" (variant of fedora-minimal) does not appear to be 
providing updated OS images. My sys-net is the only vm using this 
specific image.


I have a necessary network service installed in the template 
"fedora-26-net" /opt/service-name directory, installed from an rpm, 
which was working perfectly until I was forced to recover from backup. I 
have been trying to get it working as it once was to no avail. Every 
time I boot up the networking vm's I now get a sys-net without my 
required /opt/service-name directory installed. The template has it, and 
sys-net uses that template, but sys-net never seems to get a new copy of 
it.


The /opt/service-name directory in sys-net is not even there, and one 
sub-directory that is not even in that template anymore *is* there, and 
it even starts up that service which I do not want running in sys-net.


Each time I want to connect to the corporate network I now have to kill 
one service, reinstall that required service directly in sys-net COW, 
just to temporarily create that required service so I can connect. That 
modification of course goes away just as soon as sys-net is shut down, 
so this gets repeated often.


As another test, I created a brand new user vm (test-fedora-26-net) 
based on fedora-26-net and opened a terminal there, and one in the 
template itself. The /opt directories were different. The 
test-fedora-26-net has a file structure that should never have existed 
when it was created.


Any idea how to force this rogue and defiant template to pass along a 
new OS image? Apparently doing a "dnf update" in the template itself 
isn't enough to kick it into gear and get it to happen. Changing the 
source template, and changing it back again does not trigger it either. 
Even creating a new vm gets an old copy!


I think I may need to buy a clue. Is this somehow a qvm-feature related 
thing? A qubes-rpc not happening? What signaling is supposed to happen 
that isn't?


thanks,

Steve.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fac163c5-a813-a295-4b94-e07b0747fbae%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Do you use Qubes OS as your main OS on primary PC? What kind of work do you get done on it?

[alexclaytor]

I've been using Qubes for about a year. It took me a few weeks to get 
everything just right, I did a TON if tiny customizations for the sake of 
opsec. Even tho I have a Surface Pro, I use my Qubes laptop 99.999% of the 
time. I specifically bought an Acer laptop that was totally compatible and put 
32GBs of RAM in it. 

I use it for all kinds of things, personal use like forums, darnet, etc. I also 
have a Kali HVM that connects straight to the wifi device only bypassing 
sys-net. I run only dom0 and my Kali HVM when in use. Even tho I have template 
VMs, my run VMs have allot of customizations to I did not want to include in 
the template. I've gotten in the habit of running duplicates and burning them 
after a couple uses then making another and so on. 

When 4 final is released and there is a pack for full support of a Windows 
10/Server 2016 HVM, I'mm for sure be doing that as well. I do have a Windows 7 
HVM now for the VERY few apps that there are not Linux variants of, but I only 
need that like 1% of the time. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c15d7ac0-e3fd-4d10-8de9-75d42a418152%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template

[Ivan Mitev]

fix:

qvm-features fedora-26-minimal qubes-firewall 1

out of curiosity I tried to find where/when this feature is set for the
default fedora-26 template: there's a comment in qubes/ext/core_features.py
that says '[this feature] can be freely enabled or disabled by template' but
I don't understand what it's supposed to mean - whether the template
automatically sets it somehow (but then how ?) or if it can be set for each
template. It's probably the latter; in that case maybe the feature is set by
the template's rpm postscripts (but then I couldn't find any mention of
"qvm-features" in the qubes-builder-fedora repo).


See here: https://github.com/QubesOS/qubes-issues/issues/2829

In short: there is qubes.PostInstall service called just after template
installation, to let template advertise supported features. I think it
should be also called automatically after installing new packages (or
even updating existing), because that can influence supported features -
like in this case.


Ah, everything makes sense now...



You can try triggering it manually. From the template call

 /etc/qubes-rpc/qubes.PostInstall


Yep, it works.

for other people reading this thread, this amounts to:

qvm-features-request qubes-firewall=1
qvm-features-request --commit



Issue for tracking this problem: 
https://github.com/QubesOS/qubes-issues/issues/3579


thanks !

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f75376ef-54ee-366b-0485-c3a0a8d5ce4e%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fixing LVM corruption, question about LVM locking type in Qubes

['awokd' via qubes-users]

On Tue, February 13, 2018 6:36 pm, qtpie wrote:
> Summary: fixing LVM corruption, question about LVM locking


> Questions:
> - what is the standard LVM locking type for a Qubes install? (in Fedora
> it is 1). - if not 1 should I change it back?

On my fresh install of rc4, it's set to 1. Per the comment in there,
that's the "standard mode".

> - if 1 what caused it to be changed?

Possibly when something detected LVM corruption?

> - is powerfailure the probable cause of this issue?

I think that's a reasonable guess but haven't seen a power failure cause
LVM corruption before. Not like a have a fleet of servers running it,
though.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ac3628b01ffe55038da50fba66c05f5.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?

[brendan . hoar]

On Tuesday, February 13, 2018 at 2:06:59 PM UTC-5, brenda...@gmail.com wrote:
> On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fällman wrote:
> > > Does the issue still occur after You change the default Windows user in
> > > Qubes settings? qvm-prefs -s windows default_user admin ?
> > 
> > Just tried it, yep. This is strange!
> 
> I am seeing the same issue with a Win7 HVM under R4.0rc4 using the qubes 
> windows drivers. First copy seems to work from a fedora VM but no file shows 
> up in windows. Additional attempts to copy says it failed because the file is 
> already there. Happens across reboots (fedora source says file is "there" but 
> nothing on the drives in windows).

Found it (windows 7 search explicitly skips the system directory, so it's a 
little difficult to discover).

The following directory is the receiving directory:

  C:\Windows\System32\config\systemprofile\Documents\QubesIncoming\

Presumably this maps correctly for the account that qubes tools component is 
running under.

Just FYI, in case someone else runs into this.

Thanks,
Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f606743b-e27f-47cb-a60a-b2e7c2a509f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?

[brendan . hoar]

On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fällman wrote:
> > 
> > Does the issue still occur after You change the default Windows user in
> > Qubes settings? qvm-prefs -s windows default_user admin ?
> 
> Just tried it, yep. This is strange!
> 
> //MLF.

Hi Martin - were you ever able to resolve exactly where these files were going? 

I am seeing the same issue with a Win7 HVM under R4.0rc4 using the qubes 
windows drivers. First copy seems to work from a fedora VM but no file shows up 
in windows. Additional attempts to copy says it failed because the file is 
already there. Happens across reboots (fedora source says file is "there" but 
nothing on the drives in windows).

Thanks,
Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85f7924e-8ef5-4727-ab6e-356916a19387%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 4.0-rc3: sys-net not getting updated template OS image?

['awokd' via qubes-users]

On Tue, February 13, 2018 6:32 pm, Steve Coleman wrote:
> I have a strange situation where my sys-net's software template
> "fedora-26-net" (variant of fedora-minimal) does not appear to be
> providing updated OS images. My sys-net is the only vm using this specific
> image.

Are you running low on disk space?

Not exactly sure what's going on there, but can you try to clone the
problem template and point your AppVM to the clone instead, and see if
that works?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9a3ae4001a2046949039421dcbe19ab.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2

[velcro]

Thanks Chris(and "tasket"!)took me a few tries but I managed to get it 
going, I tweaked the implementation a bit(scarey).

I was not however able to get this command going from step #3 of the Github 
guide:  sudo /usr/lib/qubes/qubes-vpn-setup --config

I doubt I did this right/well but when I went to DNSleaktest.com it showed no 
leaks.

Couple of questions:
* What security am I not getting by doing step #3?
* Is using a script from Github good? Appreciate the lead but will this be 
sanctioned by the Qubes community long term?
* How can I test the kill switch functionality?
* Any feedback, comments, ways to do it better?

Looking forward to those instructions Chris...

My sketchy/newbie steps are detailed below:

Create Proxy VM  Make Green  Proxy  Connected to sys-Net -  Name it

Add Files and Firefox in applications (didn’t really need firefox as I could 
download it in a disposable and the move it to my new sys-VPN)

Go to the services tab and add vpn-handler-openvpn then hit the + button

Notes:
* All commands were done in the proxy VM (No template was used)
* Not a huge terminal expert, so used GUI for some things

Download config files:
https://github.com/tasket/Qubes-vpn-support hit the green Clone or Download 
button
https://www.privateinternetaccess.com/pages/client-support/ (Download the 
“openvpn-ip.zip” file) specifically 
https://www.privateinternetaccess.com/openvpn/openvpn-ip.zip
 
Unzip openvpn-ip.zip in download folder
Manualy change name in file from “US East.ovpn” to  “openvpn-client.ovpn”

sudo mkdir /rw/config/vpn
sudo mv “openvpn-client.ovpn” '/rw/config/vpn'
sudo mv “.crt file” '/rw/config/vpn'
sudo mv “.pem file” '/rw/config/vpn'

cd '/home/user/Downloads/Qubes-vpn-support-master'
Type cd(space)then drag and drop from downloads the whole “Qubes-vpn-support” 
from “Github” in your downloads folder(Manually Unzipped folder by double 
clicking)

sudo bash ./install

Enter VPN User name and password


Close terminal

cd /rw/config/vpn
sudo ln -s openvpn-client.ovpn vpn-client.conf

Restart VM

Connect your VMs


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b126ae28-d76a-4670-9f6a-3e8e200aa56b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] QUBES 4 r4 - dom0 UTC time is incorrect - manual change each reboot.

[QUBE-A-LICIOUS]

Hi there,

I have a fresh install of Qubes 4r4.  However, when I reboot and or login I 
have to manually change dom0 time to UTC.

Impact: Whonix/Tor does not work because of the incorrect time.

Manual workaround:
1.  Get the correct UTC from a browser.
2.  Open Dom0 Terminal and update to UTC such as the following:

  sudo date --set "2018-02-13 21:30"

3. Shutdown Service:sys-whonix
4.  Restart a whonix domain such as Domain:anon-whonix(this restarts the 
sys-whonix service that was just shutdown.
5.  Then run WhonixCheck to make sure it works.  It usually does and Whonix/Tor 
is functional.

=
Qubes cannot be this bad, really.

How can I have this Date and time correctly updated on boot up?  Like it should.

Thanks for all your help.
NSJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ca99c3d-f134-4687-9ffb-57e1b9261187%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

[lemondezurich]

On Wednesday, June 22, 2016 at 8:26:50 AM UTC-7, Marcus at WetwareLabs wrote:
> Hello all,
> 
> I've been tinkering with GPU passthrough these couple of weeks and I thought 
> I should now share some of my findings. It's not so much unlike the earlier 
> report on GPU passthrough here 
> (https://groups.google.com/forum/#!searchin/qubes-users/passthrough/qubes-users/cmPRMOkxkdA/gIV68O0-CQAJ).
> 
> I started with Nvidia GTX 980, but I had no luck with ANY of the Xen 
> hypervisors or Qubes versions. Please see my other thread for more 
> information 
> (https://groups.google.com/forum/#!searchin/qubes-users/passthrough/qubes-users/PuZLWxhTgM0/pWe7LXI-AgAJ).
> 
> However after I switched to Radeon 6950, I've had success with all the Xen 
> versions. So I guess it's a thing with Nvidia driver initialization. On a 
> side note, someone should really test this with Nvidia Quadros that are 
> officially supported to be used in VMs. (And of course, there are the hacks 
> to convert older Geforces to Quadros..)
> 
> Anyway, here's a quick and most likely incomplete list (for most users) for 
> getting GPU passthrough working on Win 8.1 VM. (works identically on Win7)
> 
> Enclosed are the VM configuration file and HCL file for information about my 
> hardware setup (feel free to add this to HW compatibility list!)
> 
> TUTORIAL
> 
> Check which PCI addresses correspond to your GPU (and optionally, USB host) 
> with lspci.Here's mine:
> ...
> 
> 
> # lspci
> 
> 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
> Cayman XT [Radeon HD 6970]
> 03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cayman/Antilles 
> HDMI Audio [Radeon HD 6900 Series]
> Note that you have to pass both of these devices if you have similar GPU with 
> dual functionality.
> 
> Edit /etc/default/grub and add following options (change the pci address if 
> needed):
> 
> GRUB_CMDLINE_LINUX=" rd.qubes.hide_pci=03:00.0,03:00.1 
> modprobe=xen-pciback.passthrough=1 xen-pciback.permissive"
> GRUB_CMDLINE_XEN_DEFAULT="... dom0_mem=min:1024M dom0_mem=max:4096M"
> 
> For extra logging:
> 
> 
> GRUB_CMDLINE_XEN_DEFAULT="... apic_verbosity=debug loglvl=all 
> guest_loglvl=all iommu=verbose"
> 
> There are many other options available, but I didn't see any difference in 
> success rate. See here:
> http://xenbits.xen.org/docs/unstable/misc/xen-command-line.html
> http://wiki.xenproject.org/wiki/Xen_PCI_Passthrough
> http://wiki.xenproject.org/wiki/XenVGAPassthrough
> 
> Update grub:
> 
> # grub2-mkconfig -o /boot/grub2/grub.cfg
> Reboot. Check that VT-t is enabled:
> 
> # xl dmesg
> ...
> (XEN) Intel VT-d iommu 0 supported page sizes: 4kB, 2MB, 1GB.
> (XEN) Intel VT-d iommu 1 supported page sizes: 4kB, 2MB, 1GB.
> (XEN) Intel VT-d Snoop Control not enabled.
> (XEN) Intel VT-d Dom0 DMA Passthrough not enabled.
> (XEN) Intel VT-d Queued Invalidation enabled.
> (XEN) Intel VT-d Interrupt Remapping enabled.
> (XEN) Intel VT-d Shared EPT tables enabled.
> (XEN) I/O virtualisation enabled
> (XEN)  - Dom0 mode: Relaxed
> Check that pci devices are available to be passed:
> 
> # xl pci-assignable list
> :03:00.0
> :03:00.1
> Create disk images:
> 
> # dd if=/dev/zero of=win8.img bs=1M count=3
> # dd if=/dev/zero of=win8-user.img bs=1M count=3
> Install VNC server into Dom0
> 
> # qubes-dom0-update vnc
> Modify the win8.hvm: Check that the disk images and Windows installation 
> CDROM image are correct, and that the IP address does not conflict with any 
> other VM (I haven't figured out yet how to set up dhcp) Check that 'pci = [ 
>  ]' is commented for nowStart the VM ( -V option runs automatically VNC 
> client)
> 
> # xl create win8.hvm -V
> 
> If you happen to close the client (but VM is still running), start it again 
> with
> 
> 
> # xl vncviewer win8
> Note that I had success starting the VM only as root. Also killing the VM 
> with 'xl destroy win8' would leave the qemu process lingering if not done as 
> root (if that occurs, you have to kill that process manually)
> Install WindowsPartition the user image using 'Disk Manager'Download signed 
> paravirtualized drivers here (Qubes PV drivers work only in Win 
> 7):http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x64_signed_0.11.0.373.msi
> Don't mind the name, it works on Win 8.1 as well.
> For more info: 
> http://wiki.univention.com/index.php?title=Installing-signed-GPLPV-drivers
> 
> Move the drivers inside user image partition (shut down VM first):
> 
> # losetup   (Check for free loop device)
> # losetup -P /dev/loop10 win8-user.img   (Setup loop device and scan 
> partition. Assuming loop10 is free)
> # mount /dev/loop10p1 /mnt/removable  ( Mount the first partition )- copy the 
> driver there and unmount.
> 
> Reboot VM, install paravirtual drivers and reboot againCreate this script 
> inside sys-firewall (check that the sys-net vm ip address 10.137.1.1 is 
> correct though):
> 
> fwcfg.sh:
> #!/bin/bash
>    

[qubes-users] Re: Building Centos template conflict error?

[fepitre]

Le mardi 13 février 2018 15:47:38 UTC+1, Tim W a écrit :
> I was having issues building Centos template for 4.0 so I decided to first 
> see if it would build for 3.2.
> 
> Doing setup script templates only.  I editing example-confg 3.2 conf file and 
> removed the FC version from DISTS_VM line.
> 
> I built it per component and it fails on the last one linux-template-builder.
> os
> 
> In the centos7-template.log it shows the following conflict error
> 
> file /etc/dconf/profile/user from install of 
> qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package 
> dconf-0.26.0-2.el7.x86_64
> 
> Ultimately I want to build these for 4.0 but figured first getting it working 
> for 3.2 as its suppose to work there already.

The template for CentOS in Q4 is still not completely achieved. I still need 
time to fix several things.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d46c623-0515-4345-bec8-ab27a9dccc36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL HP EliteDesk 800 G1 SFF

[JPL]

Qubes R4 rc4 on USB 3.0 stick - no problems to report

 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9fa56d71-5cb6-442a-8b71-eb7901609dc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Hewlett_Packard-HP_EliteDesk_800_G1_SFF-20180213-210514.yml
Description: Binary data

[qubes-users] Qubes 4.0-RC4 – sys-usb – devices not detected after suspend/resume

[rob_66]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello.

Mostly, not always, usb devices are not detected any more after suspend/resume 
(e.g. via
Power Manager/Xscreensaver) on my machine (Asus Zenbook UX303LNB).

Which is no big deal with »standard« devices – but pretty annoying if you have 
a specific, rigid
Yubikey setup. ;)

Any hints or solutions? Perhaps forcing USB 2.0 modes?

Thanks, cheers,
Rob
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEn4MBjePgsWS+NbV8RR68spzrChwFAlqDc+VfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDlG
ODMwMThERTNFMEIxNjRCRTM1QjU3QzQ1MUVCQ0IyOUNFQjBBMUMACgkQRR68spzr
Chwq0g//ZFO/m7d09Tcl7MuBZEMz5KkJWxMLi/tBNf4wnt0MYh9k2vvGeTc6W5Wg
I1g/M8UtLViRMhr/un/fHp3ZwITf4I9LDjhlfadLzR4Mdyk915uW3sqQsBhxIna4
N/QLGoBtq4MLp141CXkNZJKy6ydX3Ftdye5AEkq0E0OjC1Lh8tX+yOkNmag8ort3
Mgbq6XkGjVuoX4cxYdf+hxgUIfx7mgLwUP/MwqO4Y5KgA2Hcdtkyl/ARND9dC7/q
GDIevxO8XMeDSOStufUSeToiMN4Xlieg1kkUncIl33ZUeZbRt0La/ccpXn0jz14t
RhmahF40PtHZmg4vVevLCyVvpnm8WPCxbyK/8cBU78z9vnmqILNJjVhMqeeTSoGe
b3jzS0HkP7J47tDD+U4bRi+ReJe3ZitbopRLpONb9xGaxHqgmSSsQM/non+stXa6
NDD5quMguCQL6YpOMZw4K9uDIBEVN3YmXoq8zFbAUGgMipBmEBTHZl4u6Zd2dgCP
xOh7JA1r0fq6fB7/TYDf/jENhWbuUm7R8/6zQBE2EalHFQM8oPUzDSz5XBU9sFm9
rdUCai5HevcGDANXTkrP8nb2rmnUBe0TRIm0Z1rgEMkrP2jpBswW9mv+1KNj3YXb
CWtgIHdXj5fAJLqii9AAuEc2A0lK8VUhJlhLutyql/NxQII78oY=
=AFFn
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p5vs1j%24gae%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: sys-usb / template install yubikey tools ?

[ThierryIT]

Le dimanche 11 février 2018 10:08:52 UTC+2, ThierryIT a écrit :
> Le samedi 10 février 2018 22:58:15 UTC+2, Alex Dubois a écrit :
> > > On 10 Feb 2018, at 17:46, ThierryIT  wrote:
> > > 
> > > Le samedi 10 février 2018 01:44:36 UTC+2, Alex Dubois a écrit :
> > >> On Saturday, 3 February 2018 22:42:46 UTC, Alex Dubois  wrote:
> > >>> On Saturday, 3 February 2018 10:12:25 UTC, ThierryIT  wrote:
> >  Le vendredi 19 janvier 2018 13:19:29 UTC+2, Alex Dubois a écrit :
> > >> On Friday, 19 January 2018 05:57:16 UTC, ThierryIT  wrote:
> > >> Not familiar with this ... Will need procediure to follow.
> > >> 
> > >> 
> > >> Le mercredi 17 janvier 2018 23:03:31 UTC+2, Alex Dubois a écrit :
> > >>> On Wednesday, 17 January 2018 15:15:45 UTC, ThierryIT  wrote:
> >  No, I am still under R3.2
> >  
> >  Le mercredi 17 janvier 2018 16:54:58 UTC+2, awokd a écrit :
> > > On Wed, January 17, 2018 2:09 pm, ThierryIT wrote:
> > >> "https://github.com/adubois/qubes-app-linux-yubikey;
> > >> 
> > >> 
> > >> Le mercredi 17 janvier 2018 16:05:52 UTC+2, awokd a écrit :
> > >> 
> > >>> On Wed, January 17, 2018 1:09 pm, ThierryIT wrote:
> > >>> 
> >  Nobody ?
> >  
> >  
> >  
> >  Le mercredi 17 janvier 2018 09:23:34 UTC+2, ThierryIT a écrit :
> >  
> >  
> > > Hi,
> > > 
> > > 
> > > 
> > > I am going to install a new sys-usb.
> > > I have before to install all what I need to the template 
> > > (fedora-26)
> > > first. When following your procedure:
> > > 
> > > 
> > > ykpers has been installed but: I cannot do the same for
> > > qubes-yubikey-vm and qubes-yubikey-dom0 :
> > > 
> > > no match for argument
> > > 
> > > ideas ?
> > >>> 
> > >>> Not quite sure what you are trying to do here. What procedure? 
> > >>> What
> > >>> command are you entering?
> > > 
> > > Are you trying this on Qubes 4.0? Those Yubikey packages might 
> > > not be in
> > > the Qubes repo yet.
> > >>> 
> > >>> Hi,
> > >>> 
> > >>> I have not maintained this for some time. So long that I can't 
> > >>> remember if the packages had been created/tested, I don't think 
> > >>> they have.
> > >>> 
> > >>> Best is you follow the steps to build it on a new temporary VM, 
> > >>> don't be afraid it should not be too hard:
> > >>> - Execute the yum command in "Build dependancies"
> > >>> - Also install pam-devel
> > >>> - Follow the steps in preparing the build and build
> > >>> - Deploy the code in Dom0 and the USB VM.
> > >>> 
> > >>> I am about to upgrade to Qubes 4.0 rc4 (when released) so won't 
> > >>> probably be able to help until this is done.
> > >>> 
> > >>> Any help from someone who is used to packaging under Fedora would 
> > >>> be nice.
> > >>> 
> > >>> Alex
> > > 
> > > Sure, I'll update the doc and post here. However as I said don't want 
> > > to touch my Qubes set-up before my upgrade to 4.0 rc4. So might be in 
> > > 2-3weeks
> >  
> >  Did you upgrade to Q4R4 ?
> > >>> 
> > >>> I'm in the process. Having issues with PCI path-through of my second 
> > >>> NIC that I need to solve. I have to use PV mode for now and not too 
> > >>> happy to have too. I'll open another thread if I can't find a way...
> > >> 
> > >> Hi Thierry,
> > >> 
> > >> I have recompiled it OK. This was working on R3.2. You can test it on R4 
> > >> but no idea if it will work. I hope to have a bit of time to look at it 
> > >> this week.
> > >> 
> > >> To compile it if you want to test / debugInR4
> > >> create new VM with network (to get the github) or without network but 
> > >> you'll have to copy the download to the VM by another mean. Then:
> > >> yum install pam-devel gettext-devel git libtool libyubikey 
> > >> libyubikey-devel -y
> > >> yum group install "Development Tools"
> > >> git clone https://github.com/adubois/qubes-app-linux-yubikey.git
> > >> cd qubes-app-linux-yubikey/
> > >> libtoolize --install
> > >> autoreconf --install
> > >> ./configure
> > >> make check
> > >> 
> > >> files to copy to Dom0 are in folder back-end
> > >> files to copy to USBVM are in folder front-end
> > >> 
> > >> USBVM should be a VM started on boot with the USB controller that you 
> > >> insert the key in...
> > >> 
> > >> Read the doc, it is not polished.
> > >> There are mechanisms to detect USBVM compromise, hold-replay attacks, 
> > >> etc...
> > > 
> > > Starting to do it, everything went fine, but I do not find the way when I 
> > > need to copy a folfder (not a file) to dom0 ...
> > > 
> > > Thx
> > 
> > 

[qubes-users] Re: Please help with Qubes 4.0 rc4 on 8th Generation Intel

[Krišjānis Gross]

On Monday, 5 February 2018 14:13:25 UTC, Krišjānis Gross  wrote:
> Hi, 
> 
> I have recently installed Qubes 4.0 rc4 on a new 8th generation Intel 
> hardware and have an issue that I would like to get help with.
> 
> The issue is that graphics appear to be very very slow. Each time there is 
> some visual activity on the screen it is vary 'laggy'. I noticed that 
> whenever there is a GUI action, the process called Xorg is using 100% of one 
> of the processor cores.  
> 
> I have made captured a video of how that looks: 
> https://drive.google.com/open?id=1vrtVnVLu6WBrMl_6O-R7qs2syyOKypnQ
> 
> I have also gathered some logs that might help to resolve this:
>  1) archive of /var/logs folder: 
> https://drive.google.com/open?id=171-f2-d3D_CPrSFJKFwcuIrQgZXYf5L3
>  2) result of "sudo journalctl -b > journal.log" : 
> https://drive.google.com/open?id=1eOJMT4uGAQyatXFcQvF9ElGRpbdTTQSp
> 
> Hardware details:
>  MB: ASRock Z370 Pro4 https://www.asrock.com/MB/Intel/Z370%20Pro4/index.asp 
>CPU: Intel® Core™ i5-8600K 
> https://ark.intel.com/products/126685/Intel-Core-i5-8600K-Processor-9M-Cache-up-to-4_30-GHz
>  
>RAM: 16 GB DDR4 
> 
> 
> Please help to resolve this!

Thank You, awokd! 

That indeed helped to resolve the issue! 

The exact steps that I did was:
  1) Install Qubes 4.0 rc4;
  2) Start Qubes. Notice the software rendering of the video;
  3) Open dom0 terminal and edit /boot/efi/EFI/qubes/xen.cfg (e.g. sudo nano 
/boot/efi/EFI/qubes/xen.cfg) 
 Replace 2 occurances of "i915.preliminary_hw_support=1" with 
"i915.alpha_support=1";
  4) Reboot the system.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0bc2bcb-92a8-4f33-b836-ee31803e9bf9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Building Centos template conflict error?

[Tim W]

On Tuesday, February 13, 2018 at 5:07:32 PM UTC-5, Frédéric Pierret (fepitre) 
wrote:
> Le mardi 13 février 2018 15:47:38 UTC+1, Tim W a écrit :
> > I was having issues building Centos template for 4.0 so I decided to first 
> > see if it would build for 3.2.
> > 
> > Doing setup script templates only.  I editing example-confg 3.2 conf file 
> > and removed the FC version from DISTS_VM line.
> > 
> > I built it per component and it fails on the last one 
> > linux-template-builder.
> > os
> > 
> > In the centos7-template.log it shows the following conflict error
> > 
> > file /etc/dconf/profile/user from install of 
> > qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package 
> > dconf-0.26.0-2.el7.x86_64
> > 
> > Ultimately I want to build these for 4.0 but figured first getting it 
> > working for 3.2 as its suppose to work there already.
> 
> The template for CentOS in Q4 is still not completely achieved. I still need 
> time to fix several things.

But the error I am getting is for Q-3.2 not 4.0.  Its listed in my first post, 

I had not included the 4.0 errors as I thought it might just be a needed update 
of software version or module but here they are from 4.0 in case they are of 
any use to you.

Error: Package: python3-qubesimgconverter-4.0.15-1.el7.centos.x86_64 
(template-builder-repo)
   Requires: python3-pillow
Error: Package: python2-qubesimgconverter-4.0.15-1.el7.centos.x86_64 
(template-builder-repo)
   Requires: python2-numpy
Error: Package: python2-qubesimgconverter-4.0.15-1.el7.centos.x86_64 
(template-builder-repo)
   Requires: python2-pillow
Error: Package: python3-qubesimgconverter-4.0.15-1.el7.centos.x86_64 
(template-builder-repo)
   Requires: python3-numpy

Shouldn't 3.2 still be buildable ?

Instead in 3.2 I am getting the following during $ make linux-template-builder  
:
 
file /etc/dconf/profile/user from install of 
qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package 
dconf-0.26.0-2.el7.x86_64 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1279f026-e979-456c-80e8-e9d34f73ee23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.