[qubes-users] Re: Leaky Through Faraday Cage Shielding
On Monday, February 12, 2018 at 2:10:09 AM UTC+1, Tim W wrote: > On Sunday, February 11, 2018 at 1:06:06 PM UTC-5, David L. Craig wrote: > > https://thehackernews.com/2018/02/airgap-computer-hacking.html > > > > Dang! Be certain your vaults cannot be compromised. > > -- > > > > May the LORD God bless you exceedingly abundantly! > > > > Dave_Craig__ > > "So the universe is not quite as you thought it was. > > You'd better rearrange your beliefs, then. > > Because you certainly can't rearrange the universe." > > __--from_Nightfall_by_Asimov/Silverberg_ > > that is a lab only hack and makes some big assumptions to be successful. > Secondly, they are careful to only say faraday cage not official SCIF yet > tries to insinuate this. The pic diagram on the left is not even close to how > a SCIF or even basic faraday cage would be built. Its not a Faraday cage is > one side is some standard office wall. A SCIF is a complete enclosure on all > sides including top and bottom. Official SCIFs are Tempest certified > enclosure which is far more than a basic faraday cage. SCIFs and TIPS are > GSA/NSA grade 5 spec'd and also deal with heat transmissions. > > Second the hack requires not only having access to the area around the > enclosure but to the computer itself and further that it allows for > successful upload the initial transmission side of the hack which has to be > done physically thru conventional means. Then a receiver has to be in some > close proximity to the SCIF enclosure/building to pickup these extremely weak > transmissions which a real TIPS SCIF to current spec would defeat. > > I don't know how many people have seen or used top grade TIPS/SCIF, but this > is not going to happen without it evolving a high level conspiracy. No > leaving a bunch of flash drives in the parking lot is going to work. Heck, at this point we're looking to soon be needing tinfoil hats to farady our very own brains. Putting chips inside the brain won't even be enough. In a few years we may have to take notes from Magneto to shield our brains. Joke a side, this kind of hacks might become more commonplace one day. This kind of hacking has been going on for at least some years now, and some are pretty advanced. For people with a high profile attack value, taking measures against these earlier on than other people may indeed be advized, although still within reason, though of course when having a high profile attack value, paranoia may be more useful than otherwise. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6057df1f-52a3-4c53-ac2e-eb7944549d21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.0 backup vm to USB from dom0
On Sunday, February 11, 2018 at 5:09:31 PM UTC+1, cybe...@national.shitposting.agency wrote: > @Yuraeitha > actually i am experiencing this bug with qvm-backup-restore: > > https://groups.google.com/forum/#!topic/qubes-users/HZVBAqerLoI > > Is there a way to manually trigger a refresh of the drop-down menu of > available qubes? qvm-backup-restore does not reliably add qubes to the menu > of available vm's and my only way to use them is by using qvm-run > > to be specific, this bug is only happening when trying to restore > fedora-25-dvm backed up from qubes 4.0-rc1, all other vm's restoration worked > fine Apologies, I'm a bit exhausted/tired atm so I didn't read your post properly. You talked about backup from RC-1, and not updating from RC-1, so I definitely misunderstood. Though still, I'm only postulating, but it may also be a possible explanation as to why the dvm disappeared if it came from RC-1. But that's only guessing. Above all, none of the RC-x versions are production ready, so be careful if you put any important data on Qubes 4 early release cycles, before it becomes officially stable. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/354f2508-33ce-42d5-97b0-e96d230ef02e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: If you get "no authenticators available" with mutt
On Friday, February 9, 2018 at 12:32:21 PM UTC-5, Konstantin Ryabitsev wrote: > If you are trying to use mutt with the default Fedora-26 template and > can't figure out why authenticated smtp sending is giving you a "No > Authenticators Available" error, you need to install cyrus-sasl-plain. > > Drove me half-mad before I figured that out. Hopefully it saves you a > bunch of clicks (and hair). > > -K thank you that saved me the time of doing a bunch of searching and forum reading. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80737693-e515-4996-9233-587ee4ac7b4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to change desktop password?
The same when I see screensaver password. How could I change it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13efbe95-f72f-4735-a457-4c48f6d36d7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.0 backup vm to USB from dom0
On Sunday, February 11, 2018 at 5:09:31 PM UTC+1, cybe...@national.shitposting.agency wrote: > @Yuraeitha > actually i am experiencing this bug with qvm-backup-restore: > > https://groups.google.com/forum/#!topic/qubes-users/HZVBAqerLoI > > Is there a way to manually trigger a refresh of the drop-down menu of > available qubes? qvm-backup-restore does not reliably add qubes to the menu > of available vm's and my only way to use them is by using qvm-run > > to be specific, this bug is only happening when trying to restore > fedora-25-dvm backed up from qubes 4.0-rc1, all other vm's restoration worked > fine Sorry for late reply, I missed your post until now. Wait, you installed RC-1 and updated to RC-4? The developers explicitedly recommend not to do this, and reinstall between RC-1 and RC-2. You can find this info in the release cycles for RC-2. But it should be no problem to upgrade from RC-2 to RC-3 and RC-4, though as memory serves there are some bits of extra information to take notice of in the RC-4 upgrade. It could be you run into some of these issues because if updated up from RC-1. There are some good quick approaches to get a list while you include and exclude backup VM's. The most straight forward is to simply execute the qvm backup command prematurely, which prints two lists in the terminal, which are all those included and all those excluded, right before asking Yes/No to proceed. If it doesn't look right, just press "N" for no, and return to adjust your qvm-backup/qvm-backup-restore command for whichever to exclude or include. You can also open a second terminal window and run qvm-ls. A third approach is to use the Qubes Manager, but I prefer not to use it. I listed these approaches in the order I prefer my self. The first one I mentioned is my favorite as its straight forward. I only use qvm-ls if I have a lot of VM's to exclude or include. By executing it prematurely, you easily get two lists that makes it easy to get an overview. - - - - I'm not sure if the dvm you report as a bug is actually a bug, and not a feature? It might be Qubes adjusting and fixing old settings to current settings. dvm's, as far as I know anyway, being temporary VM's and all, hold no information on their own, so you can easily make new ones. I think it might be removed because dvm's has changed and been updated in Qubes 4 to allow any VM to have a dvm version, rather than just one like in Qubes 3.2. So it may just be Qubes autoadjusting itself. But I wouldn't know, it's guessing on my part at this point. But if dvm is all there is, then I wouldn't worry, though it would be nice with a more official explanation of course. For example if this could happen to a non dvm, then it gets a whole lot more scary all of a sudden, but at this point, it's hard to tell which it is for sure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db438c46-ba9f-495a-98d1-d7b926286a4d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: 4.0 rc-4 Blank screen on booting
On Tuesday, February 13, 2018 at 5:54:01 AM UTC+1, SM wrote: > Hi > > I installed qubes 4.0 rc-4 on my hp laptop the installation went perfectly > fine. I rebooted after the installation was over, laptop boots into qubes and > after a few lines passing by there is a blank screen endlessly. > > I am dual booting with windows. Is there anything that I need to modify I > order for this to work correctly. > > Thanks If you're installing Qubes for the first time, then the most obvious first place to look is if you're using nvidia or other high-end graphic cards on Qubes, especially and most importantly, nvidia does frequently not work out-of-the-box. Intel graphics tend to work quite nice out-of-the-box though. If your laptop have two graphic cards as many laptops tend to have these days, then try make a temporary solution and disable the extra graphic card, and use the one that is considering onboard. For example you may very well have an Intel graphic card on that HP laptop. This would probably be the first thing to try if you haven't tried this already. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12c2d630-9da0-4293-9c4b-055687f65fc4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to change desktop password?
вторник, 13 февраля 2018 г., 14:36:20 UTC+3 пользователь Yuraeitha написал: > On Tuesday, February 13, 2018 at 11:59:02 AM UTC+1, Daniil .Travnikov wrote: > > The same when I see screensaver password. How could I change it? > > I believe passwd is a UNIX command across all Linux systems, including Qubes > OS which is based on-top of Fedora/Xen. So this is "perhaps" what you're > looking for. > > I looked around, and I found this different Qubes password issue fix which > includes the use of passwd > https://groups.google.com/forum/#!topic/qubes-users/ckDuXUz1qOw it seems to > indicate that passwd is used for Qubes too, not surprisingly, but I can't > tell with certainty so I had to look for confirmation. > > Try "man passwd" or "passwd --help" in dom0, it should give you instructions. > I believe there is no difference here between Fedora and Qubes running on-top > of Fedora, when it comes to passwords, however, be careful as I do not know > this for certain. > > You might want to backup everything first if you're doing something that can > potentially lock you out of your system. If you are in a hurry, then only > backup the AppVM's or the most important AppVM's, just be sure to keep your > important data safe. Too many take the risk and some day end up paying the > price. Very appreciate! 'passwd --help' command helped me to change my password. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0df5319b-012a-4a11-9697-8fa00e8554ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to change desktop password?
On Tuesday, February 13, 2018 at 11:59:02 AM UTC+1, Daniil .Travnikov wrote: > The same when I see screensaver password. How could I change it? I believe passwd is a UNIX command across all Linux systems, including Qubes OS which is based on-top of Fedora/Xen. So this is "perhaps" what you're looking for. I looked around, and I found this different Qubes password issue fix which includes the use of passwd https://groups.google.com/forum/#!topic/qubes-users/ckDuXUz1qOw it seems to indicate that passwd is used for Qubes too, not surprisingly, but I can't tell with certainty so I had to look for confirmation. Try "man passwd" or "passwd --help" in dom0, it should give you instructions. I believe there is no difference here between Fedora and Qubes running on-top of Fedora, when it comes to passwords, however, be careful as I do not know this for certain. You might want to backup everything first if you're doing something that can potentially lock you out of your system. If you are in a hurry, then only backup the AppVM's or the most important AppVM's, just be sure to keep your important data safe. Too many take the risk and some day end up paying the price. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19e3ca0a-0bdb-46bc-96a7-5cb01f84ef84%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Three systems (linux)
On Friday, February 9, 2018 at 6:18:38 PM UTC-5, bm-2ctrx1tl5lg8cfa...@bitmessage.ch wrote: > I solved the problem. The thread can be removed. Just mark the posts completed and it will show completed in the listed -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61af5d1d-3d35-4a89-915c-64bf0b061ee4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Install on Dell XPS 13 (9350)
Thank you for your help awokd, I now have sys-net running in HVM mode on the XPS 9350 wifi card in permissive mode, this resolve the issue on 4.0. > > PV is ParaVirtual mode. It's OK for testing, but in R4.0 you want to use > PVH mode for everything except for qubes with an attached PCI device need > HVM mode. > > PS I have a document update in progress explaining how to assign devices > in permissive mode in R4.0. It's a different procedure than R3.2. See > https://github.com/awokd/qubes-doc/blob/patch-15/configuration/assigning-devices.md/#pci-passthrough-issues > for the working copy. The approved version of it should end up here > eventually: https://www.qubes-os.org/doc/assigning-devices/ . -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d26f2ab5-0fc0-4f13-a031-df1964c2dc40%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Install on Dell XPS 13 (9350)
On Tue, February 13, 2018 11:32 am, xxx.l...@gmail.com wrote: > Thank you for your help awokd, I now have sys-net running in HVM mode on > the XPS 9350 wifi card in permissive mode, this resolve the issue on 4.0. Glad it worked out! But consider getting a different wifi card some day that doesn't need permissive mode, it's not the best from a security perspective. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d68758aa5ad194faf78c3b94d1f8f647.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL report (success!) - Gigabyte Z170X-UD3, i5-6600K, Nvidia Geforce 1070 | Qubes 4.0-rc4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 No problems with this setup at all. - - Tested 4k and 1080p displays in extended configuration with stock nouveau drivers and working well. - - Was able to use a variety of USB devices, attaching them to various VMs without incident. - - Sandisk Extreme USB 3.0 128Gb was used as installation media (prepared using dd). - - Installation did not interfere/write to any non-targeted drives (verified absence of issue from 3.2). - - Audio working fine as well. -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQQu8ZeEbCC1CKCz+5U+AIqI6+k68QUCWoLizQAKCRA+AIqI6+k6 8Zq8AQC9LDlXGVeiUuniZxCgOzWLbrKLCohxrimd3ZrFV4Ra6AEA9heitrzFMcR5 jwZIMQ3vwbiL3OTUxPcHpRLZ6MvQzQY= =ZfFt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a46d47a-10a3-85db-bef8-aeaba5f23a23%40posteo.net. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Gigabyte_Technology_Co___Ltd_-Z170X_UD3-20180213-043325.yml Description: application/yaml 0x714DAB5C.asc Description: application/pgp-keys Qubes-HCL-Gigabyte_Technology_Co___Ltd_-Z170X_UD3-20180213-043325.yml.sig Description: PGP signature 0x714DAB5C.asc.sig Description: PGP signature
[qubes-users] Re: RC 4.0 Bootup problem
On Monday, February 12, 2018 at 6:20:44 PM UTC+1, Mr F wrote: > Hi! > > This problem is most likely not unique but I dont know how to formulate this > screen in writing in order to search for others that might have the same > problem (Please see the attached image) > > Using a Lenovo Yoga 720. > > From this menu I have tried these two suggested fixes: > > 1) "In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press > e. > At the end of chainloader line add /mapbs /noexitboot. > Perform installation normally, but don’t reboot the system at the end yet." > > 2) "In GRUB menu1 press e. > At the end of chainloader line add -- efi=attr=uc. > Perform installation normally, but don’t reboot the system at the end yet." > > None of them work and the system halts showing the attached screen. > > F In addition to what awokd suggested which I agree with. Is this the installer boot? or an existing install boot? If installer boot or after boot from after finished new install, then try re-install with LegacyBIOS/Grub instead of UEFI/EFI, besides UEFI/EFI really isn't any more secure, while LegacyBIOS/Grub is old, UEFI/EFI is crapware, so they even out somehwat, however you may have an easier time with LegacyBIOS/Grub. With little information you get a lot of suggestions though, so there are plenty of other things you can try, for example look here for more things to try out, even if the reason is different, this debugging and fix work-arounds could work for you too: https://groups.google.com/forum/#!topic/qubes-users/M5laQSahuiE In order to give more accurate help, we'd need more information. For example questions, such as like those I asked the other guy in the link. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a3513a8-4d86-4e22-b7cf-3b24ff945fd3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
On 02/12/2018 07:01 PM, vel...@tutamail.com wrote: I have tried, tried, tried ...and tried and I am over my head! (Fedora 26, Qubes 3.2) I am stuck I tried this: https://www.qubes-os.org/doc/vpn/ and this, this was a pretty good video but unfortunately its not the same as PIAs config.: https://www.youtube.com/watch?v=K1_zqT7_N7k (Nice video internetz.me...learned a lot) Qubester I went down your path as well but wasn't sure where to go after. But couldn't really get off step 2 of the Qubes instructions...primarily due to my linux skills. Can anybody help? I got a NetVM working but with out a kill switch and credentials exposed it just doesn't work for me. Looking at the Qubes instructions, I was able to create the "sudo mkdir /rw/config/vpn" but then things fall apart. My specific questions from the VPN instructions that keep derailing me, specifically the basic commands needed are: 1) How do I copy files to: "Copy your VPN config files to /rw/config/vpn"? Each VPN service supplies configs in their own way, but usually there should be some option to simply download a zip or tar. In PIA's case they don't make it easy to find where the openvpn configs are, but they're there: https://www.privateinternetaccess.com/pages/client-support/#fifth Any of the three *ip, *tcp or *strong-tcp will work. After downloading the file, unzip the contents to /rw/config/vpn. For example: $ cd /rw/config/vpn $ sudo unzip ~/Downloads/openvpn-ip.zip There are multiple configs (one for each region) so pick one and copy it to the config filename that will be used: $ sudo cp "US East.ovpn" openvpn-client.ovpn -- At this point you can continue with the doc instructions, but I'd recommend switching to the method at https://github.com/tasket/Qubes-vpn-support It comes with an installer and you'll notice the instructions are pretty simple. 2) "Create a file in the /rw/config/vpn folder with your credentials and using a directive"...how do I do this? This is done automatically by the Qubes-vpn-support installer. To do it manually, just "sudo nano /rw/config/vpn/pass.txt" and add your PIA username and password, one on each line. 3) I haven't gotten further but suspect I'll have more questions. Anybody have a source for a tutorial...I have googled the h3ll out of this and more questions then answers. I'm preparing new vpn tunnel support in Qubes and a simplified doc to go with it. This should be available within a week or two. In the meantime I suggest using Qubes-vpn-support at the above link. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/160e3e39-5aa8-3b4b-f4d2-a0ed69b3eebf%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: 4.0 rc-4 Blank screen on booting
On Tuesday, February 13, 2018 at 5:54:01 AM UTC+1, SM wrote: > Hi > > I installed qubes 4.0 rc-4 on my hp laptop the installation went perfectly > fine. I rebooted after the installation was over, laptop boots into qubes and > after a few lines passing by there is a blank screen endlessly. > > I am dual booting with windows. Is there anything that I need to modify I > order for this to work correctly. > > Thanks Also remember the act of taking out your drive which also has Windows installed on it, and putting it in another machine, as I suggested in one of the examples above, may break Windows's ability to boot in UEFI/EFI once you put it back in again. So be sure you backup your Windows and any valuable data on the drive if you try this approach, just to be safe. Windows is generally more robust when it comes to restoring UEFI/EFI, but you can never be too careful with this kind of buggy crapware that is UEFI, not to mention, Windows. So be careful here if you go with the drive swap approach, there may be dragons for any existing data, both on the drive itself, and the other machine's UEFI/EFI paths too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a23d1f8-778a-4924-af7e-334d904060f9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Do you use Qubes OS as your main OS on primary PC? What kind of work do you get done on it?
On Tuesday, February 13, 2018 at 2:32:17 AM UTC+1, StefanUrkel . wrote: > btw, is upgrading an existing Qubes install to a new version pretty much > simply downloading the new version and choosing an option for upgrading > existing installations? or is it more involved than that or even requires a > fresh install? > > > > > > > On Fri, Feb 9, 2018 at 2:20 PM,wrote: > Without support for hardware acceleration of virtual machines, plus needing > specific hardware compatible with Qubes OS, what kinds of work do you get > done if Qubes is your main OS on primary PC? > > > > I want to run Davinci Resolve, which is a video editor that runs on Linux, > but it takes advantage of the discrete GPU, and it seems Qubes does not > support hardware acceleration nor virtual machines. > > > > So, I'm curious, for those who use Qubes, what actual work do you get done? > > > > I've also tried playing youtube videos but found audio out of sync and I > could not resize or maximize the playback window. > > > > I may have tried the second to latest version released so maybe things have > changed or will change in 4.x? > > > > Not being able to run VMs, Davinci Resolve, or youtube are making me have to > look at other options like OS X, Windows 10, and Linux. > > > > I was leaning towards OS X but enabling case sensitivity for the file system > can break certain apps like those from Adobe, or cause other problems.. And I > prefer linux/unix like command-lines to DOS, so kind of leaning away from > Windows 10. > > > > That leaves Linux distros like Debian, Mint, e bv But I'm wondering how > secure it will be compared to Qubes? > > > > > > > > -- > > You received this message because you are subscribed to a topic in the Google > Groups "qubes-users" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/0MTK1iFG0hI/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > qubes-users...@googlegroups.com. > > To post to this group, send email to qubes...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/e6383ea1-5152-4995-addd-36891420db58%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. In addition to what Tim W said, you can also keep a Qubes RC-2 install, and update normally to RC-3 and RC-4, simply by updating dom0 and templates, like you normally do, nothing special to do here. But I do recommend you read each release cycle news, as the developers sometimes have special notes on this issue as they began doing in Qubes 4 RC-X releases. For example RC-3 to RC-4 has some notes. But yes, RC-2 to RC-3, RC-3 to RC-4, and RC-2 to RC-4, should all be good paths to take. But stay clear of RC-1, the developers recommend a re-install between RC-1 and RC-2. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f708f38-ba9c-4605-a0cf-a603dcbcc4ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template
On Tuesday, February 13, 2018 at 9:29:40 AM UTC+1, Ivan Mitev wrote: > On 02/12/2018 07:12 PM, Ivan Mitev wrote: > > > > > > On 02/12/2018 06:47 PM, Unman wrote: > >> On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote: > >>> > >>> > >>> On 02/12/2018 06:26 PM, Unman wrote: > On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote: > > > > > > On 02/12/2018 11:42 AM, Yuraeitha wrote: > >> On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev wrote: > >>> Hi, > >>> > >>> In an effort to decrease R4's memory consumption I'm replacing the > >>> default fedora-26 template with a customized one based on the > >>> official > >>> minimal fedora-26 template. > >>> > >>> I installed additional RPMs according to the documentation [1] and > >>> everything seems to be working well, with a noticeable decrease of > >>> memory usage. However I get the following error when opening a VM's > >>> firewall settings gui: > >>> > >>> "The 'work' qube is network connected to 'sys-firewall', which > >>> does not > >>> support firewall! > >>> You may edit the 'work' qube firewall rules, but these will not > >>> take any > >>> effect until you connect it to a working Firewall qube." > >>> > >>> But again, everything seems to work fine: the firewall rules are > >>> properly enforced, there's no problem with net connectivity, the > >>> update > >>> proxy is working, ... > >>> > >>> There's no error message when sys-firewall is based on the default > >>> fedora-26 template so I'm likely missing something but I don't > >>> see what. > >>> I compared the qubes rpms installed in both templates but didn't > >>> notice > >>> anything striking. Maybe there's a flag/preference or something that > >>> needs to be set but I don't see where. > >>> > >>> Any ideas ? > >>> > >>> Thanks > >>> Ivan > >>> > >>> [1] https://www.qubes-os.org/doc/templates/fedora-minimal/ > >> > >> > >> It sounds odd, it usually should work changing the template. My > >> initial thought-line on this issue goes like this, maybe it can be > >> of use. > >> > >> Is the iptable firewall package installed in the minimal template? > >> > >> I'm thinking it may be iptables that is missing, since minimal > >> templates can be used for offline purposes too, then iptables is > >> probably not included like most other things that has been removed. > > > > iptables is installed (that's one of the first thing I checked > > after I saw > > the error msg). > > > > > > [...] > > > >> - If Qubes tools are installed, networking works etc, and you got > >> iptables installed already, then my thoughts are that it's likely > >> missing system-config-*'s and the unavoidable full array of > >> dependencies going with it. > > > > Hmm, what are those system-config-*s you're talking about ? > > > > > >> - Try clone the template and essentially go berserk and not > >> holding back, install the entire system-config- array of packages, > >> see if networking works. If not, then either something is still > >> missing, or firewalling has nothing to do with the system-config > >> packages. > >> > >> - If it works, then try narrow down which packages that are used > >> for firewalling, perhaps you can reduce the amount of dependency > >> packages being pulled if you install just the package that > >> firewall is using. > > > > If there aren't hardcoded changes or manual configurations made in the > > default fedora-26 template then yes, installing the exact same of > > rpms would > > in theory fix the problem. But before spending significant time on > > installing a bunch of rpms and then dissecting I thought I'd ask > > fellow > > users first... Maybe the cause is obvious and I'm overlooking > > something. > > > > I just want to check - you say that the firewall rules are properly > enforced, and that everything works properly EXCEPT that you get a > warning. > >>> > >>> Exactly. > >>> > >>> BTW qvm-firewall works and doesn't output any error message... > >>> > >> > >> Yes, thought so - it's probably a bug in the gui code that checks > >> connected netvm status. Does it happen with every connected qube? > > > > Yes, it happens to all the vms connected to sys-firewall. > > > > I just reverted sys-firewall's template to the default f26 and there was > > no more error message, so it doesn't look like a bug in the gui, > > something is likely missing in my customized template. Just have to find > > what :) > > figured it out quickly this morning: in qubes-manager/settings.py the > error message is displayed when the template doesn't have the > 'qubes-firewall' feature. > > fix:
[qubes-users] Re: 4.0 rc-4 Blank screen on booting
On Tuesday, February 13, 2018 at 5:54:01 AM UTC+1, SM wrote: > Hi > > I installed qubes 4.0 rc-4 on my hp laptop the installation went perfectly > fine. I rebooted after the installation was over, laptop boots into qubes and > after a few lines passing by there is a blank screen endlessly. > > I am dual booting with windows. Is there anything that I need to modify I > order for this to work correctly. > > Thanks It's unlikely to be caused by Windows, just be sure you know what you do in advance so you don't wipe your Windows install or make it unbootable. Also take note, Qubes is less secure when using dual-boot, although if you have to dual-boot, then Qubes is still worth it in terms of security, it's just "less" secure than it could be, although the risk are typically exotic attacks, but in the future they may become common attacks. As for the black screen, - It sounds a lot like a graphic driver issue, did Qubes 4 work on previous versions? - Does Qubes 3.2. work on this machine? - Does other Linux/kernel's work on this machine? - Did you check and make sure settings are correct in UEFI? Sometimes unobvious settings, even graphic settings in UEFI, can cause boot issues for Qubes. - Did you try change between UEFI/EFI and LegacyBIOS/Grub boot?' - Does your laptop support Qubes minimum specifications? Do you get a lack of hardware-support warning during early Qubes install? Do you have virtualization on your Intel or AMD CPU/Motherboard? Is it enabled in UEFI? If the graphic driver is bad, then you can try change it in Grub menu (assuming you installed with Grub, which makes this easier to fix). As for which driver to change into, I'm not sure, but there are people around here far, far more knowledgable than I, so maybe wait for those and hope someone will post. You can also find a lot of graphic boot fixes in other Linux discussions, try google it up. If this is the fault, then it's not uniquely a Qubes issue, and you can find a lot of topics on this on the internet. Meanwhile I can offer some other work-arounds you can try. Please read them all before picking one, one may be more attractive to try than another. - - - - - One alternative is to try install RC-3 or RC-2 instead, these are direct updateable to the same updates in RC-4. The reason they released new RC-x versions, as far as I can tell, is only because of two reasons, first better working out-of-the-box with fewer required updates to get things started, and second and more importantly, boot issues and hardware support, for example like these. Odds are that something was changed which might not work for your hardware, so it's worth trying to see if you install RC-3 or RC-2. Don't install RC-1, as noted here: "As a consequence of the partition layout change, it will be necessary for current 4.0-rc1 testers to perform a clean reinstall of 4.0-rc2 rather than attempting to upgrade in-place." https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/ But you can install RC-2, as noted here: "Current users of Qubes 4.0-rc2 can upgrade in-place by downloading the latest updates from the testing repositories in both dom0 and TemplateVMs." https://www.qubes-os.org/news/2017/11/27/qubes-40-rc3/ And you can install RC-3, as noted here: "Current users of Qubes 4.0-rc3 can upgrade in-place by downloading the latest updates from the testing repositories in both dom0 and TemplateVMs. As explained in QSB #37, Qubes 4.0-rc4 uses PVH instead of HVM for almost all VMs without PCI devices by default as a security measure against Meltdown, and this change will also be released as a patch for existing Qubes 4.0 installations in the coming days. Therefore, current Qubes 4.0 users will benefit from this change whether they upgrade in-place from a previous release candidate or perform a clean installation of 4.0-rc4." https://www.qubes-os.org/news/2018/01/31/qubes-40-rc4/ * * * * Keep in mind to follow the link above in case you pick a RC-3 version to try, to read up on any details, for example RC-3 to RC-4 has some upgrade details to take note on. - - - - A third approach could be to take out the drive and install Qubes on another machine, then update everything on the other machine, before putting it back in your first machine again. This way you can often bypass issues that are later fixed, or only occurring during install. Just make sure you trust your second machines hardware, and remove any existing drives during install, and don't install with UEFI/EFI on the second machine if you got existing UEFI/EFI installs on it, it can sometimes be messy to restore UEFI/EFI paths, you may loose these OS systems. Use LegacyBIOS/Grub install, it's much safer. I've managed to install a good handful Qubes 4 systems using this approach, which otherwise would not have worked despite hours of debugging. So this may be worth a shot for you too. - - - - - Last approach I can think of right now, is to boot
Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template
On 02/12/2018 07:12 PM, Ivan Mitev wrote: On 02/12/2018 06:47 PM, Unman wrote: On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote: On 02/12/2018 06:26 PM, Unman wrote: On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote: On 02/12/2018 11:42 AM, Yuraeitha wrote: On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev wrote: Hi, In an effort to decrease R4's memory consumption I'm replacing the default fedora-26 template with a customized one based on the official minimal fedora-26 template. I installed additional RPMs according to the documentation [1] and everything seems to be working well, with a noticeable decrease of memory usage. However I get the following error when opening a VM's firewall settings gui: "The 'work' qube is network connected to 'sys-firewall', which does not support firewall! You may edit the 'work' qube firewall rules, but these will not take any effect until you connect it to a working Firewall qube." But again, everything seems to work fine: the firewall rules are properly enforced, there's no problem with net connectivity, the update proxy is working, ... There's no error message when sys-firewall is based on the default fedora-26 template so I'm likely missing something but I don't see what. I compared the qubes rpms installed in both templates but didn't notice anything striking. Maybe there's a flag/preference or something that needs to be set but I don't see where. Any ideas ? Thanks Ivan [1] https://www.qubes-os.org/doc/templates/fedora-minimal/ It sounds odd, it usually should work changing the template. My initial thought-line on this issue goes like this, maybe it can be of use. Is the iptable firewall package installed in the minimal template? I'm thinking it may be iptables that is missing, since minimal templates can be used for offline purposes too, then iptables is probably not included like most other things that has been removed. iptables is installed (that's one of the first thing I checked after I saw the error msg). [...] - If Qubes tools are installed, networking works etc, and you got iptables installed already, then my thoughts are that it's likely missing system-config-*'s and the unavoidable full array of dependencies going with it. Hmm, what are those system-config-*s you're talking about ? - Try clone the template and essentially go berserk and not holding back, install the entire system-config- array of packages, see if networking works. If not, then either something is still missing, or firewalling has nothing to do with the system-config packages. - If it works, then try narrow down which packages that are used for firewalling, perhaps you can reduce the amount of dependency packages being pulled if you install just the package that firewall is using. If there aren't hardcoded changes or manual configurations made in the default fedora-26 template then yes, installing the exact same of rpms would in theory fix the problem. But before spending significant time on installing a bunch of rpms and then dissecting I thought I'd ask fellow users first... Maybe the cause is obvious and I'm overlooking something. I just want to check - you say that the firewall rules are properly enforced, and that everything works properly EXCEPT that you get a warning. Exactly. BTW qvm-firewall works and doesn't output any error message... Yes, thought so - it's probably a bug in the gui code that checks connected netvm status. Does it happen with every connected qube? Yes, it happens to all the vms connected to sys-firewall. I just reverted sys-firewall's template to the default f26 and there was no more error message, so it doesn't look like a bug in the gui, something is likely missing in my customized template. Just have to find what :) figured it out quickly this morning: in qubes-manager/settings.py the error message is displayed when the template doesn't have the 'qubes-firewall' feature. fix: qvm-features fedora-26-minimal qubes-firewall 1 out of curiosity I tried to find where/when this feature is set for the default fedora-26 template: there's a comment in qubes/ext/core_features.py that says '[this feature] can be freely enabled or disabled by template' but I don't understand what it's supposed to mean - whether the template automatically sets it somehow (but then how ?) or if it can be set for each template. It's probably the latter; in that case maybe the feature is set by the template's rpm postscripts (but then I couldn't find any mention of "qvm-features" in the qubes-builder-fedora repo). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit
Re: [qubes-users] How to set/hange propterty 'Qubes.default_dispvm'?
On Mon, 2018-02-12 at 09:10 -0800, brendan.h...@gmail.com wrote: > I had to reread the thread three times to realize that qvm-prefs and > qubes-prefs were different. :) > Indeed ... that is what happened to me too ... after changing the default dvm for all VMs via 'qvm-prefs' and globally via 'qubes-prefs' I was able to cull fedora-25 from my installation (other than dom0). Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518515862.16585.2.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall rules for Thunderbird and Gmail
On Monday, February 12, 2018 at 8:58:17 PM UTC+1, donoban wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 02/12/2018 06:39 PM, Demi Obenour wrote: > > What websites and ports do I need to whitelist if I want to enable > > use Thunderbird with GMail and Google Calendar? I am using the > > Google Calendar add-on. > > Since Google uses a lot of different ip's it's pretty hard to maintain > an ip based firewall for access their services. You can try with ping > and digg commands for get some ip's of their domains but them will > likely change in few time. > > > I think that you can achieve it using http filtering [1] but I've > never tried. > > [1] https://www.qubes-os.org/doc/config/http-filtering-proxy/ > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqB8c0ACgkQFBMQ2OPt > CKUQLg//QCWyf/Tf28luozYNWaZ5xY1IqpdWL4y4l5x/1jw9y5CCNPXyhPsu911F > zxbvLR4r18007tmNtJdCCF7LmH3vCU+FwQb54e10kObTz0QyhZ7AQd22RTa6TgF1 > FM9N7dQdaT4OxtmbTvy1wLEwllSvqDGg0n/Iqbj7QNw5x9M7X0Y/A/WlMBFZzY1E > 3BagXL398m7Ha1ZKiOKRX2xI0odrvCUmknChssJQsRnlaFsFsAUFooCdPeeucEQl > /NZuM3XhV/K5yNZZSuMTDo8AD2E4cWicG0EHKGHaGWls0c4GjQzTEOA7Wt+Y9zrl > XnQCTWgPvo9va2AM4H+YX4phtp8XR5eh0wXJ5dEdFToa+FCAteVzpMSaxM208xvs > fb/mjOvqWf7ubxCRdpCgEHxlSINri2FhopMi3i+h/0KG7/pzhdQlQsSNsPKVxhMZ > ebvIv04VCNPso5BnIVykz5p1AhQvB10KT+ITiTpKKOFhS+P57A35kptlGCC0ztOV > 7cdAz/3Sp3YfDOcyBuqLsl33KQfpnjgeaTAnHx5v6ND5M2bTzSx7IT//EmWjRbzm > jckEuecHP2kh1g3D2AWu/c2AW82PWcHEg1Qj6RgqmsZtgovpx96w4zLGKeRS0C40 > flTk5zNTpXlZ+ZZxp44MY3kkweUy3CUgjqPIOOg7Fo48buisJC4= > =C5BZ > -END PGP SIGNATURE- Isn't it possible to use DNS on those multiple of IP's from google? or are they changing DNS's too like they change IP's? That would be such a headache if they do though... Also, DNS can be stolen through hacking DNS services (but not spoofed right?), so I guess it may be a security risk not to use IP's over DNS? But Google should have some pretty tight security on their DNS's? Like not just a password, but second factor authentication etc. too. I'm merely thinking out aloud here, any chance anyone can put this straight with facts? As such, it might help the OP if a DNS approach works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/70b6d8a6-ac2c-4d6e-8822-dc9c2ae58615%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: 4.0 rc-4 Blank screen on booting
Hi Yuraeitha As for the laptop part it’s a fairly old machine, and it does satisfy the hardware requirements. I did have Debian stretch installed previously and it was working great. For the hardware warning part the installation starts without any warnings and boots into graphical installer and the installation completes normally with no errors. After booting into qubes initially the boot is successful but the screen never displays the login screen, it goes blank. I’d like to try if there is anything I can do on the machine before I take the drive to other machine or something like that. The last solution you mentioned about updating dom0 by getting into current installation could expand on that please. Could you guide me on how that can be done? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fd3a00e-1b91-49e0-b2f7-427dff9a1f2c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Feb 13, 2018 at 10:29:33AM +0200, Ivan Mitev wrote: > > > On 02/12/2018 07:12 PM, Ivan Mitev wrote: > > > > > > On 02/12/2018 06:47 PM, Unman wrote: > > > On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote: > > > > > > > > > > > > On 02/12/2018 06:26 PM, Unman wrote: > > > > > On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote: > > > > > > > > > > > > > > > > > > On 02/12/2018 11:42 AM, Yuraeitha wrote: > > > > > > > On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev > > > > > > > wrote: > > > > > > > > Hi, > > > > > > > > > > > > > > > > In an effort to decrease R4's memory consumption I'm replacing > > > > > > > > the > > > > > > > > default fedora-26 template with a customized one > > > > > > > > based on the official > > > > > > > > minimal fedora-26 template. > > > > > > > > > > > > > > > > I installed additional RPMs according to the documentation [1] > > > > > > > > and > > > > > > > > everything seems to be working well, with a noticeable decrease > > > > > > > > of > > > > > > > > memory usage. However I get the following error when opening a > > > > > > > > VM's > > > > > > > > firewall settings gui: > > > > > > > > > > > > > > > > "The 'work' qube is network connected to > > > > > > > > 'sys-firewall', which does not > > > > > > > > support firewall! > > > > > > > > You may edit the 'work' qube firewall rules, but > > > > > > > > these will not take any > > > > > > > > effect until you connect it to a working Firewall qube." > > > > > > > > > > > > > > > > But again, everything seems to work fine: the firewall rules are > > > > > > > > properly enforced, there's no problem with net > > > > > > > > connectivity, the update > > > > > > > > proxy is working, ... > > > > > > > > > > > > > > > > There's no error message when sys-firewall is based on the > > > > > > > > default > > > > > > > > fedora-26 template so I'm likely missing > > > > > > > > something but I don't see what. > > > > > > > > I compared the qubes rpms installed in both > > > > > > > > templates but didn't notice > > > > > > > > anything striking. Maybe there's a flag/preference or something > > > > > > > > that > > > > > > > > needs to be set but I don't see where. > > > > > > > > > > > > > > > > Any ideas ? > > > > > > > > > > > > > > > > Thanks > > > > > > > > Ivan > > > > > > > > > > > > > > > > [1] https://www.qubes-os.org/doc/templates/fedora-minimal/ > > > > > > > > > > > > > > > > > > > > > It sounds odd, it usually should work changing the > > > > > > > template. My initial thought-line on this issue goes > > > > > > > like this, maybe it can be of use. > > > > > > > > > > > > > > Is the iptable firewall package installed in the minimal template? > > > > > > > > > > > > > > I'm thinking it may be iptables that is missing, > > > > > > > since minimal templates can be used for offline > > > > > > > purposes too, then iptables is probably not included > > > > > > > like most other things that has been removed. > > > > > > > > > > > > iptables is installed (that's one of the first thing I > > > > > > checked after I saw > > > > > > the error msg). > > > > > > > > > > > > > > > > > > [...] > > > > > > > > > > > > > - If Qubes tools are installed, networking works > > > > > > > etc, and you got iptables installed already, then my > > > > > > > thoughts are that it's likely missing > > > > > > > system-config-*'s and the unavoidable full array of > > > > > > > dependencies going with it. > > > > > > > > > > > > Hmm, what are those system-config-*s you're talking about ? > > > > > > > > > > > > > > > > > > > - Try clone the template and essentially go berserk > > > > > > > and not holding back, install the entire > > > > > > > system-config- array of packages, see if networking > > > > > > > works. If not, then either something is still > > > > > > > missing, or firewalling has nothing to do with the > > > > > > > system-config packages. > > > > > > > > > > > > > > - If it works, then try narrow down which packages > > > > > > > that are used for firewalling, perhaps you can > > > > > > > reduce the amount of dependency packages being > > > > > > > pulled if you install just the package that firewall > > > > > > > is using. > > > > > > > > > > > > If there aren't hardcoded changes or manual configurations made in > > > > > > the > > > > > > default fedora-26 template then yes, installing the > > > > > > exact same of rpms would > > > > > > in theory fix the problem. But before spending significant time on > > > > > > installing a bunch of rpms and then dissecting I thought > > > > > > I'd ask fellow > > > > > > users first... Maybe the cause is obvious and I'm > > > > > > overlooking something. > > > > > > > > > > > > > > > > I just want to check - you say that the firewall rules are properly > > > > > enforced, and that everything works properly EXCEPT that you get a > > > > > warning. > > > > > > > >
[qubes-users] Building Centos template conflict error?
I was having issues building Centos template for 4.0 so I decided to first see if it would build for 3.2. Doing setup script templates only. I editing example-confg 3.2 conf file and removed the FC version from DISTS_VM line. I built it per component and it fails on the last one linux-template-builder. os In the centos7-template.log it shows the following conflict error file /etc/dconf/profile/user from install of qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package dconf-0.26.0-2.el7.x86_64 Ultimately I want to build these for 4.0 but figured first getting it working for 3.2 as its suppose to work there already. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab93793f-ebc9-4869-aba9-ab962625a2a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] fixing LVM corruption, question about LVM locking type in Qubes
Summary: fixing LVM corruption, question about LVM locking My laptop battery went to 0%. The lid was closed but maybe the laptop was not suspended, which was could have been the cause of an LVM corruption which I did manage to fix with the help of numerous obscure sources. I'm posting the fix here since I couldnt find a description of this exact issue anywhere else. I didn't write down the exact wording of the errors when they happened, I hope the keywords make it clear enough. I'm not an LVM expert so please correct any errors. I also have a question at the end about LVM locking and Qubes which I hope somebody can answer. Problem description - At boot I Enter the luks password - Errormessages (unsure about order in which they appeared): 'dracut initqueue timeout - starting timeout scripts' > repeated 30 times 'you may have to regenerate initramfs' '/dev/mapper/qubes_dom0-root does not exist' - Computer enters into a dracut shell Regenerating initramfs did NOT solve the problem. The following did: - in the dracut shell, start lvm - Enter command: "vgchange -ay". Response should be 'Volumegroup x activated' or something similar - Enter command: 'lvconvert --repair (logical volume name, in my case qubes_dom0/pool00' - Errormessage: 'cannot repair, lvm locking type = 4 (read only)'. - Change lvm locking type to 1 in /etc/lvm/lvm.conf - Retry command lvconvert --repair (logical volume name, in my case qubes_dom0/pool00. - After the process finishes exit the dracut shell and continue boot process. Questions: - what is the standard LVM locking type for a Qubes install? (in Fedora it is 1). - if not 1 should I change it back? - if 1 what caused it to be changed? - is powerfailure the probable cause of this issue? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b735c4fe-3a99-9cce-92ac-0f4303ce56d3%40disroot.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 4.0-rc3: sys-net not getting updated template OS image?
I have a strange situation where my sys-net's software template "fedora-26-net" (variant of fedora-minimal) does not appear to be providing updated OS images. My sys-net is the only vm using this specific image. I have a necessary network service installed in the template "fedora-26-net" /opt/service-name directory, installed from an rpm, which was working perfectly until I was forced to recover from backup. I have been trying to get it working as it once was to no avail. Every time I boot up the networking vm's I now get a sys-net without my required /opt/service-name directory installed. The template has it, and sys-net uses that template, but sys-net never seems to get a new copy of it. The /opt/service-name directory in sys-net is not even there, and one sub-directory that is not even in that template anymore *is* there, and it even starts up that service which I do not want running in sys-net. Each time I want to connect to the corporate network I now have to kill one service, reinstall that required service directly in sys-net COW, just to temporarily create that required service so I can connect. That modification of course goes away just as soon as sys-net is shut down, so this gets repeated often. As another test, I created a brand new user vm (test-fedora-26-net) based on fedora-26-net and opened a terminal there, and one in the template itself. The /opt directories were different. The test-fedora-26-net has a file structure that should never have existed when it was created. Any idea how to force this rogue and defiant template to pass along a new OS image? Apparently doing a "dnf update" in the template itself isn't enough to kick it into gear and get it to happen. Changing the source template, and changing it back again does not trigger it either. Even creating a new vm gets an old copy! I think I may need to buy a clue. Is this somehow a qvm-feature related thing? A qubes-rpc not happening? What signaling is supposed to happen that isn't? thanks, Steve. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fac163c5-a813-a295-4b94-e07b0747fbae%40jhuapl.edu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Do you use Qubes OS as your main OS on primary PC? What kind of work do you get done on it?
I've been using Qubes for about a year. It took me a few weeks to get everything just right, I did a TON if tiny customizations for the sake of opsec. Even tho I have a Surface Pro, I use my Qubes laptop 99.999% of the time. I specifically bought an Acer laptop that was totally compatible and put 32GBs of RAM in it. I use it for all kinds of things, personal use like forums, darnet, etc. I also have a Kali HVM that connects straight to the wifi device only bypassing sys-net. I run only dom0 and my Kali HVM when in use. Even tho I have template VMs, my run VMs have allot of customizations to I did not want to include in the template. I've gotten in the habit of running duplicates and burning them after a couple uses then making another and so on. When 4 final is released and there is a pack for full support of a Windows 10/Server 2016 HVM, I'mm for sure be doing that as well. I do have a Windows 7 HVM now for the VERY few apps that there are not Linux variants of, but I only need that like 1% of the time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c15d7ac0-e3fd-4d10-8de9-75d42a418152%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: help with sys-firewall based on minimal f26 template
fix: qvm-features fedora-26-minimal qubes-firewall 1 out of curiosity I tried to find where/when this feature is set for the default fedora-26 template: there's a comment in qubes/ext/core_features.py that says '[this feature] can be freely enabled or disabled by template' but I don't understand what it's supposed to mean - whether the template automatically sets it somehow (but then how ?) or if it can be set for each template. It's probably the latter; in that case maybe the feature is set by the template's rpm postscripts (but then I couldn't find any mention of "qvm-features" in the qubes-builder-fedora repo). See here: https://github.com/QubesOS/qubes-issues/issues/2829 In short: there is qubes.PostInstall service called just after template installation, to let template advertise supported features. I think it should be also called automatically after installing new packages (or even updating existing), because that can influence supported features - like in this case. Ah, everything makes sense now... You can try triggering it manually. From the template call /etc/qubes-rpc/qubes.PostInstall Yep, it works. for other people reading this thread, this amounts to: qvm-features-request qubes-firewall=1 qvm-features-request --commit Issue for tracking this problem: https://github.com/QubesOS/qubes-issues/issues/3579 thanks ! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f75376ef-54ee-366b-0485-c3a0a8d5ce4e%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fixing LVM corruption, question about LVM locking type in Qubes
On Tue, February 13, 2018 6:36 pm, qtpie wrote: > Summary: fixing LVM corruption, question about LVM locking > Questions: > - what is the standard LVM locking type for a Qubes install? (in Fedora > it is 1). - if not 1 should I change it back? On my fresh install of rc4, it's set to 1. Per the comment in there, that's the "standard mode". > - if 1 what caused it to be changed? Possibly when something detected LVM corruption? > - is powerfailure the probable cause of this issue? I think that's a reasonable guess but haven't seen a power failure cause LVM corruption before. Not like a have a fleet of servers running it, though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ac3628b01ffe55038da50fba66c05f5.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?
On Tuesday, February 13, 2018 at 2:06:59 PM UTC-5, brenda...@gmail.com wrote: > On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fällman wrote: > > > Does the issue still occur after You change the default Windows user in > > > Qubes settings? qvm-prefs -s windows default_user admin ? > > > > Just tried it, yep. This is strange! > > I am seeing the same issue with a Win7 HVM under R4.0rc4 using the qubes > windows drivers. First copy seems to work from a fedora VM but no file shows > up in windows. Additional attempts to copy says it failed because the file is > already there. Happens across reboots (fedora source says file is "there" but > nothing on the drives in windows). Found it (windows 7 search explicitly skips the system directory, so it's a little difficult to discover). The following directory is the receiving directory: C:\Windows\System32\config\systemprofile\Documents\QubesIncoming\ Presumably this maps correctly for the account that qubes tools component is running under. Just FYI, in case someone else runs into this. Thanks, Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f606743b-e27f-47cb-a60a-b2e7c2a509f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?
On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fällman wrote: > > > > Does the issue still occur after You change the default Windows user in > > Qubes settings? qvm-prefs -s windows default_user admin ? > > Just tried it, yep. This is strange! > > //MLF. Hi Martin - were you ever able to resolve exactly where these files were going? I am seeing the same issue with a Win7 HVM under R4.0rc4 using the qubes windows drivers. First copy seems to work from a fedora VM but no file shows up in windows. Additional attempts to copy says it failed because the file is already there. Happens across reboots (fedora source says file is "there" but nothing on the drives in windows). Thanks, Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85f7924e-8ef5-4727-ab6e-356916a19387%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 4.0-rc3: sys-net not getting updated template OS image?
On Tue, February 13, 2018 6:32 pm, Steve Coleman wrote: > I have a strange situation where my sys-net's software template > "fedora-26-net" (variant of fedora-minimal) does not appear to be > providing updated OS images. My sys-net is the only vm using this specific > image. Are you running low on disk space? Not exactly sure what's going on there, but can you try to clone the problem template and point your AppVM to the clone instead, and see if that works? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9a3ae4001a2046949039421dcbe19ab.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
Thanks Chris(and "tasket"!)took me a few tries but I managed to get it going, I tweaked the implementation a bit(scarey). I was not however able to get this command going from step #3 of the Github guide: sudo /usr/lib/qubes/qubes-vpn-setup --config I doubt I did this right/well but when I went to DNSleaktest.com it showed no leaks. Couple of questions: * What security am I not getting by doing step #3? * Is using a script from Github good? Appreciate the lead but will this be sanctioned by the Qubes community long term? * How can I test the kill switch functionality? * Any feedback, comments, ways to do it better? Looking forward to those instructions Chris... My sketchy/newbie steps are detailed below: Create Proxy VM Make Green Proxy Connected to sys-Net - Name it Add Files and Firefox in applications (didn’t really need firefox as I could download it in a disposable and the move it to my new sys-VPN) Go to the services tab and add vpn-handler-openvpn then hit the + button Notes: * All commands were done in the proxy VM (No template was used) * Not a huge terminal expert, so used GUI for some things Download config files: https://github.com/tasket/Qubes-vpn-support hit the green Clone or Download button https://www.privateinternetaccess.com/pages/client-support/ (Download the “openvpn-ip.zip” file) specifically https://www.privateinternetaccess.com/openvpn/openvpn-ip.zip Unzip openvpn-ip.zip in download folder Manualy change name in file from “US East.ovpn” to “openvpn-client.ovpn” sudo mkdir /rw/config/vpn sudo mv “openvpn-client.ovpn” '/rw/config/vpn' sudo mv “.crt file” '/rw/config/vpn' sudo mv “.pem file” '/rw/config/vpn' cd '/home/user/Downloads/Qubes-vpn-support-master' Type cd(space)then drag and drop from downloads the whole “Qubes-vpn-support” from “Github” in your downloads folder(Manually Unzipped folder by double clicking) sudo bash ./install Enter VPN User name and password Close terminal cd /rw/config/vpn sudo ln -s openvpn-client.ovpn vpn-client.conf Restart VM Connect your VMs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b126ae28-d76a-4670-9f6a-3e8e200aa56b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QUBES 4 r4 - dom0 UTC time is incorrect - manual change each reboot.
Hi there, I have a fresh install of Qubes 4r4. However, when I reboot and or login I have to manually change dom0 time to UTC. Impact: Whonix/Tor does not work because of the incorrect time. Manual workaround: 1. Get the correct UTC from a browser. 2. Open Dom0 Terminal and update to UTC such as the following: sudo date --set "2018-02-13 21:30" 3. Shutdown Service:sys-whonix 4. Restart a whonix domain such as Domain:anon-whonix(this restarts the sys-whonix service that was just shutdown. 5. Then run WhonixCheck to make sure it works. It usually does and Whonix/Tor is functional. = Qubes cannot be this bad, really. How can I have this Date and time correctly updated on boot up? Like it should. Thanks for all your help. NSJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ca99c3d-f134-4687-9ffb-57e1b9261187%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)
On Wednesday, June 22, 2016 at 8:26:50 AM UTC-7, Marcus at WetwareLabs wrote: > Hello all, > > I've been tinkering with GPU passthrough these couple of weeks and I thought > I should now share some of my findings. It's not so much unlike the earlier > report on GPU passthrough here > (https://groups.google.com/forum/#!searchin/qubes-users/passthrough/qubes-users/cmPRMOkxkdA/gIV68O0-CQAJ). > > I started with Nvidia GTX 980, but I had no luck with ANY of the Xen > hypervisors or Qubes versions. Please see my other thread for more > information > (https://groups.google.com/forum/#!searchin/qubes-users/passthrough/qubes-users/PuZLWxhTgM0/pWe7LXI-AgAJ). > > However after I switched to Radeon 6950, I've had success with all the Xen > versions. So I guess it's a thing with Nvidia driver initialization. On a > side note, someone should really test this with Nvidia Quadros that are > officially supported to be used in VMs. (And of course, there are the hacks > to convert older Geforces to Quadros..) > > Anyway, here's a quick and most likely incomplete list (for most users) for > getting GPU passthrough working on Win 8.1 VM. (works identically on Win7) > > Enclosed are the VM configuration file and HCL file for information about my > hardware setup (feel free to add this to HW compatibility list!) > > TUTORIAL > > Check which PCI addresses correspond to your GPU (and optionally, USB host) > with lspci.Here's mine: > ... > > > # lspci > > 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] > Cayman XT [Radeon HD 6970] > 03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cayman/Antilles > HDMI Audio [Radeon HD 6900 Series] > Note that you have to pass both of these devices if you have similar GPU with > dual functionality. > > Edit /etc/default/grub and add following options (change the pci address if > needed): > > GRUB_CMDLINE_LINUX=" rd.qubes.hide_pci=03:00.0,03:00.1 > modprobe=xen-pciback.passthrough=1 xen-pciback.permissive" > GRUB_CMDLINE_XEN_DEFAULT="... dom0_mem=min:1024M dom0_mem=max:4096M" > > For extra logging: > > > GRUB_CMDLINE_XEN_DEFAULT="... apic_verbosity=debug loglvl=all > guest_loglvl=all iommu=verbose" > > There are many other options available, but I didn't see any difference in > success rate. See here: > http://xenbits.xen.org/docs/unstable/misc/xen-command-line.html > http://wiki.xenproject.org/wiki/Xen_PCI_Passthrough > http://wiki.xenproject.org/wiki/XenVGAPassthrough > > Update grub: > > # grub2-mkconfig -o /boot/grub2/grub.cfg > Reboot. Check that VT-t is enabled: > > # xl dmesg > ... > (XEN) Intel VT-d iommu 0 supported page sizes: 4kB, 2MB, 1GB. > (XEN) Intel VT-d iommu 1 supported page sizes: 4kB, 2MB, 1GB. > (XEN) Intel VT-d Snoop Control not enabled. > (XEN) Intel VT-d Dom0 DMA Passthrough not enabled. > (XEN) Intel VT-d Queued Invalidation enabled. > (XEN) Intel VT-d Interrupt Remapping enabled. > (XEN) Intel VT-d Shared EPT tables enabled. > (XEN) I/O virtualisation enabled > (XEN) - Dom0 mode: Relaxed > Check that pci devices are available to be passed: > > # xl pci-assignable list > :03:00.0 > :03:00.1 > Create disk images: > > # dd if=/dev/zero of=win8.img bs=1M count=3 > # dd if=/dev/zero of=win8-user.img bs=1M count=3 > Install VNC server into Dom0 > > # qubes-dom0-update vnc > Modify the win8.hvm: Check that the disk images and Windows installation > CDROM image are correct, and that the IP address does not conflict with any > other VM (I haven't figured out yet how to set up dhcp) Check that 'pci = [ > ]' is commented for nowStart the VM ( -V option runs automatically VNC > client) > > # xl create win8.hvm -V > > If you happen to close the client (but VM is still running), start it again > with > > > # xl vncviewer win8 > Note that I had success starting the VM only as root. Also killing the VM > with 'xl destroy win8' would leave the qemu process lingering if not done as > root (if that occurs, you have to kill that process manually) > Install WindowsPartition the user image using 'Disk Manager'Download signed > paravirtualized drivers here (Qubes PV drivers work only in Win > 7):http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x64_signed_0.11.0.373.msi > Don't mind the name, it works on Win 8.1 as well. > For more info: > http://wiki.univention.com/index.php?title=Installing-signed-GPLPV-drivers > > Move the drivers inside user image partition (shut down VM first): > > # losetup (Check for free loop device) > # losetup -P /dev/loop10 win8-user.img (Setup loop device and scan > partition. Assuming loop10 is free) > # mount /dev/loop10p1 /mnt/removable ( Mount the first partition )- copy the > driver there and unmount. > > Reboot VM, install paravirtual drivers and reboot againCreate this script > inside sys-firewall (check that the sys-net vm ip address 10.137.1.1 is > correct though): > > fwcfg.sh: > #!/bin/bash >
[qubes-users] Re: Building Centos template conflict error?
Le mardi 13 février 2018 15:47:38 UTC+1, Tim W a écrit : > I was having issues building Centos template for 4.0 so I decided to first > see if it would build for 3.2. > > Doing setup script templates only. I editing example-confg 3.2 conf file and > removed the FC version from DISTS_VM line. > > I built it per component and it fails on the last one linux-template-builder. > os > > In the centos7-template.log it shows the following conflict error > > file /etc/dconf/profile/user from install of > qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package > dconf-0.26.0-2.el7.x86_64 > > Ultimately I want to build these for 4.0 but figured first getting it working > for 3.2 as its suppose to work there already. The template for CentOS in Q4 is still not completely achieved. I still need time to fix several things. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d46c623-0515-4345-bec8-ab27a9dccc36%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL HP EliteDesk 800 G1 SFF
Qubes R4 rc4 on USB 3.0 stick - no problems to report -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9fa56d71-5cb6-442a-8b71-eb7901609dc8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Hewlett_Packard-HP_EliteDesk_800_G1_SFF-20180213-210514.yml Description: Binary data
[qubes-users] Qubes 4.0-RC4 – sys-usb – devices not detected after suspend/resume
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello. Mostly, not always, usb devices are not detected any more after suspend/resume (e.g. via Power Manager/Xscreensaver) on my machine (Asus Zenbook UX303LNB). Which is no big deal with »standard« devices – but pretty annoying if you have a specific, rigid Yubikey setup. ;) Any hints or solutions? Perhaps forcing USB 2.0 modes? Thanks, cheers, Rob -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEn4MBjePgsWS+NbV8RR68spzrChwFAlqDc+VfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDlG ODMwMThERTNFMEIxNjRCRTM1QjU3QzQ1MUVCQ0IyOUNFQjBBMUMACgkQRR68spzr Chwq0g//ZFO/m7d09Tcl7MuBZEMz5KkJWxMLi/tBNf4wnt0MYh9k2vvGeTc6W5Wg I1g/M8UtLViRMhr/un/fHp3ZwITf4I9LDjhlfadLzR4Mdyk915uW3sqQsBhxIna4 N/QLGoBtq4MLp141CXkNZJKy6ydX3Ftdye5AEkq0E0OjC1Lh8tX+yOkNmag8ort3 Mgbq6XkGjVuoX4cxYdf+hxgUIfx7mgLwUP/MwqO4Y5KgA2Hcdtkyl/ARND9dC7/q GDIevxO8XMeDSOStufUSeToiMN4Xlieg1kkUncIl33ZUeZbRt0La/ccpXn0jz14t RhmahF40PtHZmg4vVevLCyVvpnm8WPCxbyK/8cBU78z9vnmqILNJjVhMqeeTSoGe b3jzS0HkP7J47tDD+U4bRi+ReJe3ZitbopRLpONb9xGaxHqgmSSsQM/non+stXa6 NDD5quMguCQL6YpOMZw4K9uDIBEVN3YmXoq8zFbAUGgMipBmEBTHZl4u6Zd2dgCP xOh7JA1r0fq6fB7/TYDf/jENhWbuUm7R8/6zQBE2EalHFQM8oPUzDSz5XBU9sFm9 rdUCai5HevcGDANXTkrP8nb2rmnUBe0TRIm0Z1rgEMkrP2jpBswW9mv+1KNj3YXb CWtgIHdXj5fAJLqii9AAuEc2A0lK8VUhJlhLutyql/NxQII78oY= =AFFn -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/p5vs1j%24gae%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: sys-usb / template install yubikey tools ?
Le dimanche 11 février 2018 10:08:52 UTC+2, ThierryIT a écrit : > Le samedi 10 février 2018 22:58:15 UTC+2, Alex Dubois a écrit : > > > On 10 Feb 2018, at 17:46, ThierryITwrote: > > > > > > Le samedi 10 février 2018 01:44:36 UTC+2, Alex Dubois a écrit : > > >> On Saturday, 3 February 2018 22:42:46 UTC, Alex Dubois wrote: > > >>> On Saturday, 3 February 2018 10:12:25 UTC, ThierryIT wrote: > > Le vendredi 19 janvier 2018 13:19:29 UTC+2, Alex Dubois a écrit : > > >> On Friday, 19 January 2018 05:57:16 UTC, ThierryIT wrote: > > >> Not familiar with this ... Will need procediure to follow. > > >> > > >> > > >> Le mercredi 17 janvier 2018 23:03:31 UTC+2, Alex Dubois a écrit : > > >>> On Wednesday, 17 January 2018 15:15:45 UTC, ThierryIT wrote: > > No, I am still under R3.2 > > > > Le mercredi 17 janvier 2018 16:54:58 UTC+2, awokd a écrit : > > > On Wed, January 17, 2018 2:09 pm, ThierryIT wrote: > > >> "https://github.com/adubois/qubes-app-linux-yubikey; > > >> > > >> > > >> Le mercredi 17 janvier 2018 16:05:52 UTC+2, awokd a écrit : > > >> > > >>> On Wed, January 17, 2018 1:09 pm, ThierryIT wrote: > > >>> > > Nobody ? > > > > > > > > Le mercredi 17 janvier 2018 09:23:34 UTC+2, ThierryIT a écrit : > > > > > > > Hi, > > > > > > > > > > > > I am going to install a new sys-usb. > > > I have before to install all what I need to the template > > > (fedora-26) > > > first. When following your procedure: > > > > > > > > > ykpers has been installed but: I cannot do the same for > > > qubes-yubikey-vm and qubes-yubikey-dom0 : > > > > > > no match for argument > > > > > > ideas ? > > >>> > > >>> Not quite sure what you are trying to do here. What procedure? > > >>> What > > >>> command are you entering? > > > > > > Are you trying this on Qubes 4.0? Those Yubikey packages might > > > not be in > > > the Qubes repo yet. > > >>> > > >>> Hi, > > >>> > > >>> I have not maintained this for some time. So long that I can't > > >>> remember if the packages had been created/tested, I don't think > > >>> they have. > > >>> > > >>> Best is you follow the steps to build it on a new temporary VM, > > >>> don't be afraid it should not be too hard: > > >>> - Execute the yum command in "Build dependancies" > > >>> - Also install pam-devel > > >>> - Follow the steps in preparing the build and build > > >>> - Deploy the code in Dom0 and the USB VM. > > >>> > > >>> I am about to upgrade to Qubes 4.0 rc4 (when released) so won't > > >>> probably be able to help until this is done. > > >>> > > >>> Any help from someone who is used to packaging under Fedora would > > >>> be nice. > > >>> > > >>> Alex > > > > > > Sure, I'll update the doc and post here. However as I said don't want > > > to touch my Qubes set-up before my upgrade to 4.0 rc4. So might be in > > > 2-3weeks > > > > Did you upgrade to Q4R4 ? > > >>> > > >>> I'm in the process. Having issues with PCI path-through of my second > > >>> NIC that I need to solve. I have to use PV mode for now and not too > > >>> happy to have too. I'll open another thread if I can't find a way... > > >> > > >> Hi Thierry, > > >> > > >> I have recompiled it OK. This was working on R3.2. You can test it on R4 > > >> but no idea if it will work. I hope to have a bit of time to look at it > > >> this week. > > >> > > >> To compile it if you want to test / debugInR4 > > >> create new VM with network (to get the github) or without network but > > >> you'll have to copy the download to the VM by another mean. Then: > > >> yum install pam-devel gettext-devel git libtool libyubikey > > >> libyubikey-devel -y > > >> yum group install "Development Tools" > > >> git clone https://github.com/adubois/qubes-app-linux-yubikey.git > > >> cd qubes-app-linux-yubikey/ > > >> libtoolize --install > > >> autoreconf --install > > >> ./configure > > >> make check > > >> > > >> files to copy to Dom0 are in folder back-end > > >> files to copy to USBVM are in folder front-end > > >> > > >> USBVM should be a VM started on boot with the USB controller that you > > >> insert the key in... > > >> > > >> Read the doc, it is not polished. > > >> There are mechanisms to detect USBVM compromise, hold-replay attacks, > > >> etc... > > > > > > Starting to do it, everything went fine, but I do not find the way when I > > > need to copy a folfder (not a file) to dom0 ... > > > > > > Thx > > > >
[qubes-users] Re: Please help with Qubes 4.0 rc4 on 8th Generation Intel
On Monday, 5 February 2018 14:13:25 UTC, Krišjānis Gross wrote: > Hi, > > I have recently installed Qubes 4.0 rc4 on a new 8th generation Intel > hardware and have an issue that I would like to get help with. > > The issue is that graphics appear to be very very slow. Each time there is > some visual activity on the screen it is vary 'laggy'. I noticed that > whenever there is a GUI action, the process called Xorg is using 100% of one > of the processor cores. > > I have made captured a video of how that looks: > https://drive.google.com/open?id=1vrtVnVLu6WBrMl_6O-R7qs2syyOKypnQ > > I have also gathered some logs that might help to resolve this: > 1) archive of /var/logs folder: > https://drive.google.com/open?id=171-f2-d3D_CPrSFJKFwcuIrQgZXYf5L3 > 2) result of "sudo journalctl -b > journal.log" : > https://drive.google.com/open?id=1eOJMT4uGAQyatXFcQvF9ElGRpbdTTQSp > > Hardware details: > MB: ASRock Z370 Pro4 https://www.asrock.com/MB/Intel/Z370%20Pro4/index.asp >CPU: Intel® Core™ i5-8600K > https://ark.intel.com/products/126685/Intel-Core-i5-8600K-Processor-9M-Cache-up-to-4_30-GHz > >RAM: 16 GB DDR4 > > > Please help to resolve this! Thank You, awokd! That indeed helped to resolve the issue! The exact steps that I did was: 1) Install Qubes 4.0 rc4; 2) Start Qubes. Notice the software rendering of the video; 3) Open dom0 terminal and edit /boot/efi/EFI/qubes/xen.cfg (e.g. sudo nano /boot/efi/EFI/qubes/xen.cfg) Replace 2 occurances of "i915.preliminary_hw_support=1" with "i915.alpha_support=1"; 4) Reboot the system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c0bc2bcb-92a8-4f33-b836-ee31803e9bf9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Building Centos template conflict error?
On Tuesday, February 13, 2018 at 5:07:32 PM UTC-5, Frédéric Pierret (fepitre) wrote: > Le mardi 13 février 2018 15:47:38 UTC+1, Tim W a écrit : > > I was having issues building Centos template for 4.0 so I decided to first > > see if it would build for 3.2. > > > > Doing setup script templates only. I editing example-confg 3.2 conf file > > and removed the FC version from DISTS_VM line. > > > > I built it per component and it fails on the last one > > linux-template-builder. > > os > > > > In the centos7-template.log it shows the following conflict error > > > > file /etc/dconf/profile/user from install of > > qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package > > dconf-0.26.0-2.el7.x86_64 > > > > Ultimately I want to build these for 4.0 but figured first getting it > > working for 3.2 as its suppose to work there already. > > The template for CentOS in Q4 is still not completely achieved. I still need > time to fix several things. But the error I am getting is for Q-3.2 not 4.0. Its listed in my first post, I had not included the 4.0 errors as I thought it might just be a needed update of software version or module but here they are from 4.0 in case they are of any use to you. Error: Package: python3-qubesimgconverter-4.0.15-1.el7.centos.x86_64 (template-builder-repo) Requires: python3-pillow Error: Package: python2-qubesimgconverter-4.0.15-1.el7.centos.x86_64 (template-builder-repo) Requires: python2-numpy Error: Package: python2-qubesimgconverter-4.0.15-1.el7.centos.x86_64 (template-builder-repo) Requires: python2-pillow Error: Package: python3-qubesimgconverter-4.0.15-1.el7.centos.x86_64 (template-builder-repo) Requires: python3-numpy Shouldn't 3.2 still be buildable ? Instead in 3.2 I am getting the following during $ make linux-template-builder : file /etc/dconf/profile/user from install of qubes-core-vm-3.2.23-1.el7.centos.x86_64 conflicts with file from package dconf-0.26.0-2.el7.x86_64 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1279f026-e979-456c-80e8-e9d34f73ee23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.