[qubes-users] Re: Can I hope to run Qubes OS on Macbook Air 2013
On Wednesday, January 13, 2016 at 5:15:06 AM UTC-8, mariusz...@gmail.com wrote: > Same as topic name. I am currently running mac os with heavy virtual machines > usage to get more security/privacy. I will probably switch to linux soon but > since i plan on using a lot of one time use VMs or even whonix i would rather > get as secure host as possible. So i figured why not use Qubes OS since i > already do everything manually. > > If not mba what high end ultrabook would you recommend ? Have you seen the Purism Libre laptops? https://puri.sm/products/librem-13/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c158cfdb-f45e-4419-aa6e-ff034986d999%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bash autocomplete
On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote: > to have the shell behave nicer. If I have some free time, I might > customize this stub to suggest available options to all qvm-* and > qubes-* commands. I am surprised that I might be the first one to > discuss this subject (?!) Bernhard i'm definitly interested in this, this is super useful. -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302191022.ygh2qllrumvrczfx%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] bash autocomplete
On Fri, March 2, 2018 7:10 pm, Holger Levsen wrote: > On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote: > >> to have the shell behave nicer. If I have some free time, I might >> customize this stub to suggest available options to all qvm-* and >> qubes-* commands. I am surprised that I might be the first one to >> discuss this subject (?!) Bernhard Don't think the first, but this is the first functioning example I've seen. > i'm definitly interested in this, this is super useful. Ditto! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7051b46e3dab7996de06b73f1e8a233.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bash autocomplete
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Mar 02, 2018 at 07:13:56PM -, 'awokd' via qubes-users wrote: > On Fri, March 2, 2018 7:10 pm, Holger Levsen wrote: > > On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote: > > > >> to have the shell behave nicer. If I have some free time, I might > >> customize this stub to suggest available options to all qvm-* and > >> qubes-* commands. I am surprised that I might be the first one to > >> discuss this subject (?!) Bernhard > > Don't think the first, but this is the first functioning example I've seen. There were multiple attempts for zsh, for Qubes 3.2: https://gist.github.com/kalkin/133feb85ad63712dc859 https://github.com/woju/qubes-core-admin/commit/501fb736282741e90bb323f818026d9c8bc0863c > > i'm definitly interested in this, this is super useful. > > Ditto! ! - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqZploACgkQ24/THMrX 1yxIcgf/bGmsjrWg7jtfma61PIRzl7s7UxS1oz62rWrFoyhbHBepQmalq8KZSeFa MDn23u4P0eCBzYrEIckF3cOIjV0qVT3+5c35FVhaa2F1kRLKt6jkpLeBExLqDREr ppPTY9Oy4jXVoO7LWt8GUmfKwCViQBaZrEr4nKhJtPy6WISxIwYX/7KuOvC8V7j5 T5BK21U1DaepTGNF7V/atnJuOMdhc701puWRTaLRFViwIKqm7FlHAmr80xEOx+8W 8WVn5HhZ4wlN4LvR40Pbk6VkcW4LEwIE+DTPuef4wmuXrS0AyAkn0uL9dubzX5gq VhNPhxhcg6dntNM+fZ9aPS6r/0to2Q== =BQl5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302193009.GB8712%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems with qvm-run --pass-io
On 03/02/2018 05:56 AM, Unman wrote: On Fri, Mar 02, 2018 at 05:38:11AM -0500, Chris Laprise wrote: On 03/02/2018 04:04 AM, donoban wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/02/2018 08:38 AM, Robert Walz wrote: [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command with Ctrl+C, because the root.img became bigger than the original file's size. Then I got the following error messages. Could you post: [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh "/home/user/meta.raw"' Maybe your raw file is an sparse file. I'm not sure if cat would handle it fine. If source is sparse, you can also save it as sparse by piping through dd: qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' | dd conv=sparse of=/var/lib/qubes/appvms/metasploitable/root.img But that way you still cat the WHOLE file and then only resparse it after the transfer. It will take significantly longer. Yes, but there's no risk to dom0 with dd, as there is with parsing a guest-created tar file. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e2a7c45a-92bc-4164-2510-c0134cfdda7f%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fw for network printer setup
On 2018-03-01 18:47, awokd wrote: > On Fri, March 2, 2018 4:20 am, yreb...@riseup.net wrote: >> On 2018-03-01 18:16, awokd wrote: >> >>> On Fri, March 2, 2018 4:10 am, yreb...@riseup.net wrote: >>> >>> When you see the message "Will you specify the DeviceURI ?", For USB Users: Choose N(No) For Network Users: Choose Y(Yes) and DeviceURI number. --- So, I chose "yes" then it wanted something like the IPP:// address ; >>> >>> You have to put your printer's IP address in here. >>> >>> I may have put in the gateway address and got nowhere I guess your saying it doesn't matter if it didn't work in the Template , >>> >>> Right, doesn't matter it doesn't work, but put in the right IP address. >>> >>> >>> And for the IP address of the printer in the AppVM use the gateway of the AppVM ? in system-config-printer there are various options in settings-> device URI: usb://dev/usblp0 is filled in , and in printer state it say "waiting for printer to become available" >>> >>> Change this to IPP:// and your printer's address. >>> >>> >>> perhaps I DONT need to tweak the fw settings in the VM Manager, but how or do I need to input the IP of the printer (I have a DDWRT router fwiw, if I'm supposed to assign a static IP somehow, and if that is not going to mess up the other computers using the network printer) >>> >>> Check what IP address they are printing to. >>> >>> As a final option, I don't use sys-usb qubes, so maybe I could connect the USB cable and try it that way instead ... sigh >> >> >> thanks for responding , as you can see the common theme, is I've no clue, >> how to find my printer IP , and apparently it may change if it's not >> static? > > Look in system-config-printer on one of your working systems. Yes, it > might change if it's not static. How did you set up the other system? > >> I had been told that the gateway address Was the printer IP , but I've >> really no idea > > That's usually incorrect, unless the printer is connected directly to your > router by USB. The working Linux Mint system says : dnssd://Brother%20HL-L2360D%20series._ipp._tcp.local/ I pasted that into the AppVM as root with system-printer-config -> settings-> change -> IPP (ipp) and IPP (ipps) with no luck I did notice when I launched system-printer-config in terminal I see: Error creating proxy: The connection is closed (g-io-error-quark, 18) doing a web search on it but not hopeful 1) does it matter is system-printer-config runs as root or user in AppVM 2) will re running the driver setup /cups etc tarball package conflict with what I already did in the fedora-26-cloneprinter Template VM ? 3) I'm afraid static IPs are going to be a nonstarter for chronic newb as myself https://dd-wrt.com/phpBB2/viewtopic.php?t=263998 4) so much for qubes printing is so easy posts I've seen .. even without a sys-usb :P -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9098b02a093c155c3d1a238ef9226de4%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bash autocomplete
On 03/02/2018 10:22 AM, Unman wrote: > > Try this: > > _qvm() > { local cur > COMPREPLY=() > cur="${COMP_WORDS[COMP_CWORD]}" > VMS=`qvm-ls --raw-list` > COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) ) > } works perfectly, thank you. Should be completed (haha) by complete -F _qvm qvm-appmenus complete -F _qvm qvm-clone complete -F _qvm qvm-firewall complete -F _qvm qvm-move-to-vm complete -F _qvm qvm-remove complete -F _qvm qvm-start-gui complete -F _qvm qvm-unpause complete -F _qvm qvm-backup complete -F _qvm qvm-copy-to-vm complete -F _qvm qvm-pause complete -F _qvm qvm-run complete -F _qvm qvm-usb complete -F _qvm qvm-backup-restore complete -F _qvm qvm-service complete -F _qvm qvm-kill complete -F _qvm qvm-shutdown complete -F _qvm qvm-tags complete -F _qvm qvm-check complete -F _qvm qvm-features complete -F _qvm qvm-prefs complete -F _qvm qvm-start to have the shell behave nicer. If I have some free time, I might customize this stub to suggest available options to all qvm-* and qubes-* commands. I am surprised that I might be the first one to discuss this subject (?!) Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98d68951-4ac3-4a5c-9d96-073e39352c7a%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
Those are interesting points [799] & Ivan, I agree with both of your views. I also like the concept of moving guides/scripts over to the official Qubes doc's for final review if it reaches a certain minimum of quality. Keeping it separate in some sense to differentiate quality, seems like a good call as well. Some of the issues/questions addressed seems like they could be solved quite effectively and efficiently on a highly customize-able forum? For example we'd be able to segment things cleanly, like moving work/posts between forums as they develop and gain quality, until the final stage where it's polished and published to Qubes doc page for official review, once it meets Qubes minimum quality standards, but preferably higher than minimum of course, so we don't risk spam the Qubes doc page. Maybe some things, despite being good quality, might not belong on the Qubes doc page, what belongs there? Should everything with high quality be added? or should there be a category limitations in addition to quality limitation? As you suggested, I indeed don't mind to help doing something like that either, if we're going with forum approach (or something else), can I help move the work topics (like a single topic for a project-work-place) between the forum quality segments as the various scripts and guides evolve. It's also interesting that project activity can be traced back inside that topic, even after it has been moved to higher quality, so that it retains its history. Also Ivan, even if you're less active due to busy real life schedule, it'd make sense if you have similar capabilities if find something that needs moderation and got spare-time to do it, which adds flexibility. I'm not sure who else might be interested in helping out with this either? For example we won't be around 24/7, even if you're more busy than me I can't be around 24/7 either, so it might be a good idea to have a team of moderators, though of course we can start small and scale up as needed with new moderators as we learn to trust new people over time. It shouldn't matter if some moderators are less active either. When getting new moderators, then we can also for example segment moderators and global moderators. While the global moderators can moderate all the content segments, and segment moderators is kind of self-explanatory at this point, which are those who have less responsibility, for example new moderators when the script community grows. I think it also becomes more clear if we have different stages of development. For example if different stages have different kind of nature of qualities (See below). The first stage being a convincing useful concept. The second state practical solutions being developed. Then in order to reach the late polishing quality stage, it must have a united concept and roughly finished development. Then in the late stage, if it can't reach the final touch of subjective judgment, it'll remain there until it can surpass quality judgements. Then we could for example post all finished guides/scripts to the front page, which allows everyone to quickly see something is finished, without having to dig through all the otther topics, as well as people who only visit the website, only to keep check on the blog. For example the blog front page allows people to quickly visit, to check if something new is out, and then maybe have a look at the details, perhaps find some weaknesses and give feedback in the comment section. This way it gives a last opportunity to bring it to focus and review otherwise finished work, even if people don't read all the topics in the forums. Once everything checks out, for example let it be 14 or 30 days on the blog page for additional review? before posting it to the Qubes docs. - Early conception stage forum (concepts to be discussed, can also act as a spam filter). - Middle stage development forum (work has started and its starting to take shape. One can start out alone, maybe others will join to help). - Late stage polishing forum (testing, finding errors, security and reliability issues). - Pre-review on front-page's blog (for i.e. 14/30 days). - Published to Qubes doc page if it passes (or Qubes sub-doc page if needed). Where appropriate, we can ask the question if it's fitting for a Qubes doc page. For example those 5 quality checkers you put forward Ivan. Then, by looking into these different forums, one will know every topic is in concept phase, or if looking into the development forum and all topics are in their development phase and anyone can drop in to help in different topics. Yet another forum for the late stages, and all topics here require reviews, hunts for errors and polishing. So we have a 2D axis here, one dimension is the segmentation of forum boards, forums, and sub-forums, while the other dimension is a layer of segment-users/moderator/global-moderator/admin capability. It adds a flexible work-place
Re: [qubes-users] Re: Can I hope to run Qubes OS on Macbook Air 2013
On 03/02/2018 06:12 PM, andrewashbac...@gmail.com wrote: > On Wednesday, January 13, 2016 at 5:15:06 AM UTC-8, mariusz...@gmail.com > wrote: >> Same as topic name. I am currently running mac os with heavy virtual >> machines usage to get more security/privacy. I will probably switch to linux >> soon but since i plan on using a lot of one time use VMs or even whonix i >> would rather get as secure host as possible. So i figured why not use Qubes >> OS since i already do everything manually. >> >> If not mba what high end ultrabook would you recommend ? > Have you seen the Purism Libre laptops? https://puri.sm/products/librem-13/ Having a Lenovo X1 Carbon 16GB and 256SSD, a macbook air 8GB 256SSD, a purism 13v2 with 512nvme and 16gb memory and a Lenovo Yoga 2 pro 8GB adn 256GB SSD, I must say, that the purism is bought with kill switches in mind. It's more expensive, heavier and thicker. If Open Source BIOS and kill switches is secondary, then The Lenovo's are both hard rocking Qubes machines(and the qubes developer team uses the X1 Carbon). I've had a few issues with the Librem(bios, fan's ,etc), so be clear about your needs before purchase. If the Purism concept appeals to you, go for it. If not, don't. I even bought the Librem5 phone and await its arrival in a year or so, but I guess I'm just a fanboy. Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ecd543b3-fb11-008a-1bce-fd94e88e4f6a%40militant.dk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anonymizing your MAC Address with macchanger and scripts
On 03/02/2018 05:43 AM, Unman wrote: On Thu, Mar 01, 2018 at 05:52:48AM -0800, billol...@gmail.com wrote: On Thursday, March 1, 2018 at 12:08:19 AM UTC-5, Chris Laprise wrote: On 02/28/2018 08:23 PM, 'awokd' via qubes-users wrote: BTW, as an example of Qubes-specifics in this issue, on sleep/wake networkVMs don't process the normal array of events and system states that bare-metal Linux distros do. At least this was the case for 3.x. The result was that advocates of the macchanger script method (which relied on such events and related hooks) recommended that users keep a watch on the current MAC address and restart sys-net whenever it reverted (waking from sleep was the most common/blatant example). They didn't care to address the fact that the waking system was already broadcasting the original address before the user had a chance to restart sys-net (and not to mention the unmitigated headache of restarting/reassigning all the dependant VMs). Well, to be honest, I haven't kept up with it once I decided it wasn't going to work. As I remember (and this is back before systemd, and you could still control everything from the /etc/rc.d files very easily), I put a little script in /etc/init.d and did the macchanger thing before I allowed the network to connect to anything. If the network turned off, then it would randomize when it turned on. I don't remember it reverting, but I may have just not been paying attention (or have forgotten in the haze of time -- it's amazing to me how quickly one forgets little sysadmin tricks when one stops doing it all the time). I never dealt with VMs except for running Windows in Virtualbox, so I am clueless there...... though I am getting interested again playing with qubes. The problem with NM method is that it gives you a fully random MAC which makes you stand out like a sore thumb. Also, with some NICs, it's easier to drop NM and use something like wicd, so the macchanger instructions remain useful. I could be wrong, but I thought the NM default behaved similar to the randomization range on Android and Windows. But if its an issue, NM allows you to specify a bitmask to limit the range. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff4b63ee-e2fc-d6b6-ac3b-aa7cd36496e0%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-02 23:16, Andrew David Wong wrote: > On 2018-03-02 15:05, Yuraeitha wrote: >> Some of the issues/questions addressed seems like they could be >> solved quite effectively and efficiently on a highly >> customize-able forum? > >> [...] > >> Thoughts about using a forum? > > FYI, in case you haven't seen this thread: > > https://groups.google.com/d/topic/qubes-users/2rqas38ncFA/discussion > While at it, here are some other old threads where similar ideas have been suggested: https://groups.google.com/d/topic/qubes-users/D0YuoXMe_vE/discussion https://groups.google.com/d/topic/qubes-users/es4q40dt1EE/discussion Approximately every 6-12 months since the beginning of the project, a new person (including me, at one point, IIRC) suggests that there should be a Qubes wiki or forum, so you'll find many more threads like these if you search through the archives. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqaMZcACgkQ203TvDlQ MDDD4xAAwbajnwJ/PZxzrVnmzKECGkYVQQDs90LieN1s/ewuqilNx9Cdxk8Fy9La jokevIemgSB/QjqRD1zl2L0ksn/XhsOgQyWyK+RCSNWdKsvDhJtsVvh0B5SA5t4N FrMzig0uUHLodl9ZOT9ltvy/nOnMBj8YcfQ2i+3yEaOFSN6hc7DkyXnPRhLbEdrK pwJJxbdAkvocSu6tEL1xE86cZ1CZrBIHvrVt1oCy1QPCr5EBNUukg4JMGOygZNi2 62TF+/vv1Fe9IeJ7tu+WaZLIJQ1guLesYMISMHAvsUaAwB+vbMFUFuRhHqhiB7Ir qEyrf5S24aulX/F9w8043088Wd+RA/lWG2lyXZk3w9H+Gqn2UOKnKnJRCFxBmkbE O+TS3/U4pB5t/4K9oezKc9dSODEt4RZO4LSN9U0i5Ksp4q1WDJyJC7eyRnQTpDc6 sQHHCi3d0kFTxDozcjCJPFTLhE3OYqBfCClMmCXlLhL1j2/N0XS9nOYWRL2foA1R FLaE4lOBuoNcAQO/XTXMEd3F2XUlCKOiLCLdNCVIYyhZJSFwHqpwt8pRLRk6n2hs EdiyVGQh4uyOt1rWEniPEyyb2Bx/MLSYT4iafU/3ltY7uKbzDpmaUSP+oVZd6+gj 6eEpVFlDzp4kfTCFRj3a/Gx8Ail4P9/KmHp+tBVfxrWQrFi+bWs= =I6G3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e7e33f5-ff89-fee2-b3f0-86403079adac%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-02 15:05, Yuraeitha wrote: > Some of the issues/questions addressed seems like they could be > solved quite effectively and efficiently on a highly > customize-able forum? > > [...] > > Thoughts about using a forum? > FYI, in case you haven't seen this thread: https://groups.google.com/d/topic/qubes-users/2rqas38ncFA/discussion - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqaL5YACgkQ203TvDlQ MDAB1xAAzWFSpxUdskyMekUg/K3oeH5umI7m2XMdlRw9AKYUtqKhxNgOOQv6DHTO 4uhFt5MMtmcae6XmfoRPMPGhLVMN7qUY7OeEz8EXzFUYa4DtSGdnf84ysRHYGD+k U44j0Zb36sbH6ZuQfGoBf3Rydfb+rlHgZFH1iTQ+rMM8TUsn04KVD58E9UoMRKRm ndKLlntPa+tUgD3LfKpTai2/pYvD4JDqBPpmL1OMVnQ7Fdi/H55EGV2B/aCW2O44 uyxHJX6BgnwvAeaMZtdE3NkpEIbbiMjSODLpma335j23wDn1r+FyI+xsdE8h9M9L WJZjrKs5gfGHfvxef13xYScujjjEQGDBfZz5Os5IrLMJ12Riq+S79ARuJAxQeGop SGXcQR+Qk4OnI3tPIX+zkVDKFXXmtJltQlDh7rfrP15d+/Il5ENoo2+RA+WlgQxS /vcHmbXcytR6GwpS406umeGcYk4H95vFjvb+KJbJWHpltSQHJRCSGkxM3xVFFuLH 8oFIlfP/f9Huh0aI36jKzyScEESvdvUa0pHPJ279OqSjPZ8FsxpbaDUYKj+saXUU gRLTXnDsOytJb/U/+gqcUF048R2KtK8YcLeH6bS1NFvkHEsG1TLs3ihdEndZXz6Y TyzVe83QX1e+5g29CTUYd5B3yYMv8nOLmkWciqPExBZebLEYJ+c= =oKGu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b87eb37-a69c-2d26-6c28-8b8dc4fc5861%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Adding AppMenus in Qubes 4
Hi, I'm trying to follow the instructions here for adding app menus: https://www.qubes-os.org/doc/managing-appvm-shortcuts/ But I can't get it to work. I noticed that only templateVMs have an "apps.templates" directory so I added a new vuescan.desktop file to my template's dir from Dom0 (~/.local/share/qubes-appmenus/fedora-26/apps.templates/vuescan.desktop) with the contents: ``` [Desktop Entry] Version=1.0 Type=Application Terminal=false X-Qubes-VmName=%VMNAME% Icon=%VMDIR%/apps.icons/vuescan.png Name=%VMNAME%: VueScan GenericName=%VMNAME%: Scanner Comment=Scan Documents Categories=Office;Scanning;X-Qubes-VM; Exec=qvm-run -q -a --service -- %VMNAME% qubes.StartApp+vuescan X-Qubes-DispvmExec=qvm-run -q -a --service --dispvm=%VMNAME% -- qubes.StartApp+vuescan ``` Then I run `qvm-sync-appmenus --verbose fedora-26` from Dom0 and it removes my appmenu: ``` (snip) 2018-03-03 00:51:02,911 [MainProcess receive.process_appmenus_templates:303] fedora-26: Updating eog 2018-03-03 00:51:03,108 [MainProcess receive.process_appmenus_templates:342] fedora-26: Removing vuescan.desktop 2018-03-03 00:51:03,114 [MainProcess __init__.appmenus_create:177] fedora-26: Creating appmenus (snip) ``` See the second line. Does anyone know how to add AppMenus in Qubes 4 (with recent update)? Thanks, Glen -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d59149cb-77c5-4405-b861-253a3ce49519%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
AW: [qubes-users] Connect to MS Exchange under Qubes with Davmail (Was: For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up)
Hello, I know that this might be slightly Offtopic, but I am sure that I am not the only one working with davmail. QUESTION: Who else is using Davmail to connect Exchange to their favorite Linux Outlook replacement? And are you able to delete an appointment from Evolution or maybe khal? I am trying to replace OWA (Outlook Web Access) with native Linux apps. I got Email, Contacts and Calendar entries synced from our corporate Exchange server to my "mail qube" using offlineimap and vdirsyncer. There is only one annoying last topic: I can't delete calendar entries, I can create them, sync them and if calendar entries get deleted on my phone or my exchange server they will also disappear from Evolution/Thunderbird/khal. But under all three apps I have problems deleting an calendar entry, as such I think it might be a Davmail issue, but I am unsure. Just for the info about my setup: Caldav connects to our corporate Exchange Server and provides local imap/SMTP/caldav/carddav interface to the AppVM. Currently I am still using various apps to finds what works best for me Evolution Connects to Davmail Email and Contacts are working Calendar entries can be created, synced, viewed but not deleted Thunderbird Connects to Davmail Email and Contacts are working Calendar entries can be created and synced, but not viewed and not deleted Neomutt Connects to maildirs, which are downloaded via offlineimap, which connects to Davmail Email is working ikhal / khal Connects via vdirsyncer to Davmail. Calendar entries can be viewed and created but not deleted khard via vdirsyncer to Davmail Contacts can be created, changed, synced and viewed The only missing part in all calendar apps: Deletion is not possible and results in an error message of Davmail. [799] Original-Nachricht An 2. März 2018, 01:40, '[799]' via qubes-users schrieb: Hello, As my company is using Microsoft Exchange without enabling remote access per IMAP I had to work with the Outlook Web Access (OWA) Interface. But this is only a workarround as I can't access offline emails etc. I found a solution which provides an Gateway between exchange and your favorite Linux apps for mail/calendar: Davmail. I got email and also calendar running and wrote a "quick'n dirty" how-to which I would like to see improved. https://github.com/QubesOS/qubes-doc/pull/608 Currently it covers only mailpart (reading Exchange emails with Thunderbird and/or neomutt). Reading my exchange mails with neomutt is fun. Of course it will also work with Evolution. Regarding calendar entries which is also very important as all my colleagues are using Exchange: I was able to sync evolution with the exchange calendar. I can create new entries in evolution which are synced back to the exchange calendar. Great! But I can't delete calendar entries from evolution. If I delete an calendar entry on my phone or my corporate Outlook it will also be removed in the evolution. In Thunderbirds Lightning I was able also able to sync my Exchange calendar, but as soon as I open a calendar entry I get an error message. Thereof I have to troubleshoot this, having email AND calendar (connected to Microsoft Exchange) working natively in Qubes would be a major Improvement to productivity. @yuaeitha: This quick'n dirty how-to is a good example why your idea sharing scripts and howtos is great. It is far away from being a qualified how-to, still it might be of use for someone who is trying to connect to their exchange server from within Qubes. Thereof I have created a new document on the qubes-docs, so that other can see it. Still, I think a newbie user will not find this, as they will look in the Qubes docs pages on the Qubes website and not within GitHub. At least I wasn't doing it since a few weeks ago... [799] . -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9tK2AG4uMIWn4B9YmRKgF8YG_wic1vIFlgGzy7ThFyyo9AFIHl21P8yiBldb0NPXrdWise4lF6wUCVFNU67AlbngpEeT5VYe3A6uQnPhlf0%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] Qubes 4 and coreboot
On 03/01/2018 11:09 AM, '[799]' via qubes-users wrote: Hello, Original-Nachricht An 1. März 2018, 14:46, Jo schrieb: If you strip down ME, you should blacklist me / ime, to speed up boot. I've read this within this thread sometimes, what exactly needs to be done here? I have run ME_cleaner and when booting up there is a delay, can this be resolved by blacklisting something? If so where? What? You gotta blacklist the intel_ips module -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21411828-3a17-6a49-a9b4-e6ffec14bd26%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] High spec laptop for Qubes OS
On 03/02/2018 01:27 AM, Tim W wrote: No it does not yet it gets repeatedly mentioned to where it makes people think its viable option which it is not. The op wants a high end laptop which also eliminates all the old coreboot laptops. as he wants a laptop it also removes the asusu amd server board desktop builds. Best bet is lenovo thinkpad with the highest ram and processor combo and ssd drive/s. It will likely give the best compatibility I guarantee no one can tell the difference between a quad core ivy bridge W520 and whatever the latest crap lenovo is selling. Secure laptop. Slightly faster laptop. Pick one. I am tired of people like you who recommend choices that are literally dangerous - lenovo adds backdoors and virii to their modern hardware, and they have done so again and again even after getting caught multiple times. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61490af6-ddf7-9873-96c1-a3d5e9d1975c%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: High spec laptop for Qubes OS
On Saturday, February 24, 2018 at 8:11:21 PM UTC-5, ad...@adammccarthy.co.uk wrote: > Hello, > > I currently run Qubes OS on an XPS 13 from 2015 with an i5-6200U, 8GB > RAM, slow NVMe. It can't really handle Qubes OS - it's quite laggy and > struggles to play video on the 4K screen. The CPU and RAM are normally > maxed with a couple of VMs running, even without video. > > I'm going to buy a new laptop with a higher spec which should hopefully > handle things well. The following laptops are my final five contenders. > They all have a discrete GPU, which I'm hoping to passthrough to a VM > for playing streaming video (h264/h265/vp9 codecs). Do I have this right > that it would be most efficient to use the Intel GPU in dom0 and the > discrete GPU in the VM? I also do a lot of scientific computing, so it's > useful to offload some computation to a GPU via CUDA. > > I get the impression from the HCL that they should all work fine as long > as I replace any non-Intel wifi m.2 sticks with an Intel 8265. Do you > have any thoughts on whether one would be more appropriate than another? > > Dell XPS 15 9560 (2017) > Intel i7-7700HQ Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + NVIDIA GTX 1050 > > Dell XPS 15 2018 > Intel i7-8705G Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + Radeon RX Vega M GL > > Dell Precision 5520 > Intel Xeon E3-1505M v6 Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + Nvidia Quadro M1200 > > Lenovo P51 > Intel Xeon E3-1505M v6 Quad Core > 32GB RAM > 512GB M.2 NVMe > Intel + NVIDIA Quadro M2200 > > Razer Blade > Intel i7-7700HQ Quad Core > 16GB RAM > 512GB M.2 NVMe > Intel + NVIDIA GTX 1060 > > Thanks, > Adam The Razer Blade and the XPS/Precision both have hellish thermal throttling issues. I can't imagine putting a hotter CPU in the 15 with the same cooling will end well. I have the P51 and the issues around it are regarding the thermal paste, if you do a repaste with kryonaut or similar you'll keep a lower avg temp. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6697ecd-191d-42c4-9c40-2d9d1022cb1b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: High spec laptop for Qubes OS
Everyone knows those issues on this board and its understood. Point being he asked for present day high end laptop but at the same time I will agree with you that for most basic use models its not so much the processor as it is ram amount but one thing for sure is you can not recommend a PC that one is not a laptop and two has no xen or qubes support i.e talon/powerpc. I think its rather moot talking about intel backdoors when its 100% plausible that countless firmwares are backdoored. Its been mentioned numerous times by Joanna Marek and others that at some point at this current point in consumer computing ayou must accept trust. Whatever that point is may be different for different people but unless you are going to make a computer from silicon up and every line of code to include a compiler etc you must trust at some level. Thus the whole idea of picking and choosing which of the possible violation is unacceptable is rather moot -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2baa7894-839f-4bed-89d8-fd427eb0152f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Building Centos template conflict error?
On Friday, March 2, 2018 at 4:05:30 AM UTC-5, Unman wrote: > On Fri, Mar 02, 2018 at 12:41:29AM -0800, Tim W wrote: > > On Tuesday, February 27, 2018 at 2:37:46 AM UTC-5, Frédéric Pierret > > (fepitre) wrote: > > > Le mardi 27 février 2018 00:30:10 UTC+1, Tim W a écrit : > > > > Great that was failing basically on all non standard templates i.e. not > > > > fedora, debain, or whonix. They would all fail but it seems each had > > > > issues ubuntu, centos, arch. Seems they are each getting fixed for 3.2 > > > > and getting updated for 4.0 now. I was just testing to ensure things > > > > were still working for building as I know many prefer to build their > > > > own iso and templates vs binary. I am one. Figured if docs had to be > > > > updated I would do that but it seems at most just a tweak or two in > > > > docs is all thats needed. > > > > > > Indeed, it was just an adjustment with respect to the rpm spec of the > > > conflicting package. CentOS is shipping a file in their own dconf but not > > > Fedora. Recently a file /etc/dconf/profile/user has been used and > > > provided by Qubes and that is why there was a recent conflict. The > > > template for R4.0 is on the road! I finished last week to do all the > > > necessary and Marek is currently implementing it. > > > > > > > Thanks again for you and Marek getting it working > > > > > > You're welcome. > > > > Just tried to build the standard template only under 3.2 and got this > > conflict > > > > Transaction check error: > > file /etc/dconf/profile/user from install of > > qubes-core-vm-3.2.25-1.el7.centos.x86_64 conflicts with file from package > > dconf-0.26.0-2.el7.x86_64 > > > > It fails on $make template > > > > It's the same conflict - I guess you need to wait for the change to be > merged to 3.2 Yes sorry about that it was very late and I was a bit punchy. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6906ac1c-4e53-4d0b-81ac-f33ef108bab3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Mac Spoofing preinstalled? - Qubes 4 rc4
Has mac spoofing been preinstalled in Q4 rc4? I cant find any documentation on it, but the cmd: ip link show wls1 changes every 10 minutes or so. I actually want to stop it and I cant seem to make it static. Lil help!! Ive tried everything I can think of. Im not entirely understanding the network topology. I have figured out that Macchanger is installed on the Debian Template. Im otherwise at a loss. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/517b55f5-0457-454c-9e1a-ffb9f3e6c264%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bash autocomplete
On Tue, Feb 27, 2018 at 11:48:41AM +0100, haaber wrote: > > Since Q4 much admin work is done on the command line. So it makes sense > > to learn bash to autocomplete nicely. I tried this in dom0: > > > > _qvm() > > { local cur VMS > > COMPREPLY=() > > cur="${COMP_WORDS[COMP_CWORD]}" > > VMS=`qvm-ls | cut -f1 -d" "| grep -v NAME` > > COMPREPLY=( $(compgen -W "${VMS}" ${cur}) ) > > return 0 > > } > > complete -F _qvm qvm-start > > > > there was a small type (APPVMS <-> VMS) that is not the real problem > here. I corrected it above inside the quote. Bernhard > Try this: _qvm() { local cur COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" VMS=`qvm-ls --raw-list` COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) ) } -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302092202.xnj6axgizlzautow%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Cannot assign USB controller to App VM anymore (Qubes 3.2)
Dear Qubes community, after using 3.1 and 3.2 in production on my primary laptop (Lenovo X220), and having used that machine to test Qubes since R2, I now have the need to make my built in camera available in an App VM (I choose untrusted, but may a dedicated one later on). However, I am failing to pass through the USB controller to the App VM. This may never have worked with Qubes 3.x (didn't need it so far), but I definitely tested this in the 2.x days. Since it was experimental(?) at the time, I chose not to install a dedicated USB VM, so by default both USB controllers are assigned to Dom0. This is what my system/hardware looks like Please note that this is Qubes R3.2!! lspci (in Dom0): 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 04) 00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 04) lsusb (in Dom0): Bus 002 Device 003: ID 0bdb:1911 Ericsson Business Mobile Networks BV Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 04f2:b217 Chicony Electronics Co., Ltd Lenovo Integrated Camera (0.3MP) Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Output of 'readlink /sys/bus/usb/devices/usb1' ../../../devices/pci:00/:00:1a.0/usb1 I assumed that the path of least resistance would be to attach the USB controller with pci ID 00:1a.0 to my AppVM (untrusted). So, qvm-pci -a untrusted 00:1a.0 qvm-pci -l untrusted ['00:1a.0'] However, as apparently often seen (mailing list, FAQ), at that point I fail to start the AppVM: [user@dom0 ~]$ qvm-start untrusted --> Creating volatile image: /var/lib/qubes/appvms/untrusted/volatile.img... --> Loading the VM (type = AppVM)... Traceback (most recent call last): File "/usr/bin/qvm-start", line 136, in main() File "/usr/bin/qvm-start", line 120, in main xid = vm.start(verbose=options.verbose, preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, notify_function=tray_notify_generic if options.tray else None) File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 1979, in start self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in createWithFlags if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self) libvirt.libvirtError: internal error: libxenlight failed to create new domain 'untrusted' And xl dmesg shows: XEN) [VT-D] It's disallowed to assign :00:1a.0 with shared RMRR at da8d5000 for Dom5. (XEN) XEN_DOMCTL_assign_device: assign :00:1a.0 to dom5 failed (-1) Further, pci ID 00:1a.0 still shows up in dom0. In the context of dedicated USB VMs there is a FAQ pertaining to this, and clearly there are several github issues related to this. However, e.g., after qvm-prefs untrusted -s pci_strictreset false I get exactly the same error (AppVM untrusted fails to start). I tried the trick resetting USB to 2.0 (though given the age of the machine I am not even sure that this is a 3.0 hub/device); again no effect -- as far as I can tell identical error. Yesterday too late I found some discussions from 2015 in a Xen mailing list, where someone eventually succeeded using several options, but I don't know how to set these in Qubes (via qvm-prefs??). I should add that i tried again after rebooting as well, but no change. So, I am puzzled as I know that this worked in Qubes 2.x. Am I missing some small print in my attempts and/or in what order should I try the tricks that might remedy this? I guess I could try setting up a USB VM, but I assume I would run into exactly the same issue. And aside from the need to assign the camera, I don't exactly have a use scenario for a dedicated USB VM on that machine. Help appreciated, thanks in advance! Stefan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5bdaaeb8-4de3-4895-8a37-3027d1ba418b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Building Centos template conflict error?
On Tuesday, February 27, 2018 at 2:37:46 AM UTC-5, Frédéric Pierret (fepitre) wrote: > Le mardi 27 février 2018 00:30:10 UTC+1, Tim W a écrit : > > Great that was failing basically on all non standard templates i.e. not > > fedora, debain, or whonix. They would all fail but it seems each had > > issues ubuntu, centos, arch. Seems they are each getting fixed for 3.2 and > > getting updated for 4.0 now. I was just testing to ensure things were > > still working for building as I know many prefer to build their own iso and > > templates vs binary. I am one. Figured if docs had to be updated I would > > do that but it seems at most just a tweak or two in docs is all thats > > needed. > > Indeed, it was just an adjustment with respect to the rpm spec of the > conflicting package. CentOS is shipping a file in their own dconf but not > Fedora. Recently a file /etc/dconf/profile/user has been used and provided by > Qubes and that is why there was a recent conflict. The template for R4.0 is > on the road! I finished last week to do all the necessary and Marek is > currently implementing it. > > > Thanks again for you and Marek getting it working > > You're welcome. Just tried to build the standard template only under 3.2 and got this conflict Transaction check error: file /etc/dconf/profile/user from install of qubes-core-vm-3.2.25-1.el7.centos.x86_64 conflicts with file from package dconf-0.26.0-2.el7.x86_64 It fails on $make template -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc0793b9-8b9d-4e36-84a5-919e002edfcd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: non qubes
On Friday, March 2, 2018 at 7:07:17 AM UTC+1, Tim W wrote: > On Thursday, March 1, 2018 at 3:30:52 AM UTC-5, jer...@disroot.org wrote: > > where do i find support for security, privacy? (some place where i can post > > with anonimity too, reddit privacy requires java script i think, doesn't it > > compromise anonimity? also i would like to ask how things are recommended > > in doing, like a guide, etc... > > > > for example i need to know if enabling java script to watch youtube in tor > > will compromise anonimity or anything like that, or enabling java script in > > other websites, if it's a risk.. and how i should tell where i can enable > > java script, etc.. also if it's recommended to buy stuff through tor, and > > how, etc and what its benefits, etc... > > Javascript itself will not reveal your IP over Tor ie break tor. But > javascriptt has always had security issues that could be used to run code > that could itself reveal ip etc. This is more an issue with emails and small > or spoofed sites etc not a large offical site like youtube. > > Honestly I do not understand people using gmail etc if privacy is critical. > Even using pgp for all text etc so much can be learned from your habits email > accounts contacted time of use etc... Its sad they own so much of the > Internet data and portal activity these days such as youtube. I wish this > list was not hosted but its so hard to avoid the carrot when its a opensource > project. > > Use tor to setup a protonmail etc if you need a webmail account. While I in general agree, some e-mails are created specifically for a specific purpose. People who use gmail on these websites for example, may not specifically use that e-mail for anything else. Since we're already posting on gmail mailing lists, it shouldn't make any difference anyway, google will know irregardless of which mail is used here. Though perhaps there is a legal difference, maybe? But as long it isn't used outside google systems, then having a gmail here shouldn't make much difference. Unless I overlooked something? legal element maybe? It won't be long before A.I. can just scan and analyze the way how people write to profile people and identify them. It's essentially the same tech as face-recognition software, which many laughed off just a few years back, but today is very real. So too is happening to A.I.'s that can identify people by how they write. Google is likely no exception here, and irregardless of which mail you use, they would probably be able to identify you one way or another if you only once slip up and publicize your writing style. It's like a fingerprint. The future is scary. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de799c21-3725-4ea0-9325-3cc37013093d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Netvm reassignment blocks network traffic - 4.0rc4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/02/2018 06:19 AM, 'awokd' via qubes-users wrote: > On Fri, March 2, 2018 5:04 am, Chris Laprise wrote: >> Whenever I try to assign a running appVM to a different (running) >> netVM, networking always becomes blocked. I have to restart the >> appVM in order for networking to work with the new netVM and >> to do that I have to kill the appVM first because it won't >> shutdown after reassignment. >> >> I think this may be a bug. Specifics don't seem to matter, the >> VMs can be plain firewall or vpn, debian or fedora on either >> side. > > Sure it's not a feature? I could see opportunities for leaks to > happen if the firewall ruleset gets swapped out live, depending on > ifdown/up etc. sequence. No it is a Xen related bug in the kernel version newer than 4.14.12 As I reported here: https://groups.google.com/d/msgid/qubes-devel/05031ade-b019-986e-e378-32 cc8fff916e%40zrubi.hu - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZG1UACgkQGjNaC1SP N2RvbRAAsq5QPJe6U35nmxKvMkQGxEYVN9r3Kl9kncO5y8Btsa9kTFeiYNd7IxcQ Nocas9RKMSkyqRQHlvz1UC5NbqJkDe1GZFwND8MW+oh85iCSm70jNvED6slgoRSR H8f0vFf/OvGaS19/xPFfnKWVVZll1Iq3W5fFXz6/DR8FHQfOKKMLXd481YGdB4UO LT5f67cttc+2biJxUZQMlJy2DLcZtVXhHi7+FjMPSuTkDH2ID5kMwe7E85fGyw2j E5yeAc3UnLlPqu8UV2nHkkBLmXA6NDkHs1qz6IpS1MBztYPk4hacGKm45+mSmgN7 g86bLKVK4ntMMiofCV3EVHFNwYZzM91rAdqQqL4orA+CfxoEGqK+1XTKeVo+gjkD EQFnpa5HbCQPzX6lzn5l98uxolRa3L6H1MriEmbXuoL2qrOoO3YbssIJPSCnZe/o lpQ8gupEqr7XH24t7k81Mkgx4tUi8+M07iVljXVDWYy60a92W8l8wxp9ypH+Yogf RlBAYIPOzVSndhMkfkINWNfAGj0Iujwb2ocF1KDUN6pwIm0DgwxVtoNNUYSxOZTS j6fw2TNYMTW40AxoVn5+uS9+ZiLYrEY19XyZOZvnd+gR0iO6SCFR7Eo6qPQpRsic V+vdwE0eUwrRPoas26J+je9xL1lLIeL2niPsuWXrN1YLgkoORs4= =NDyY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f787690a-67fc-2d6f-ac14-9a0f19866767%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Will there be a gentoo template in the plans?
On Tuesday, February 27, 2018 at 2:47:37 AM UTC-5, Frédéric Pierret (fepitre) wrote: > Le mardi 27 février 2018 00:23:32 UTC+1, Tim W a écrit : > > If you get it working I am happy 5o write up a hpw to doc for qubes doc. > > Thank you! Yesterday I was thinking about releasing a first pre-version of > the builder-gentoo I've made to eventually be helped. If I remember I was > ending on packaging linux-utils. So maybe I could ask to Andrew to open a > project on qubes-issues or something like it to track the progress. That would be GREAT!! Its one if not my favorite distro. I also while I love the ease of management systemd has brought I do not like the virus like growth of it and bu buggy coding practices and nonunix mentaility. OpenRC to me is better example of what systemd should be. Anyways great to see this move forward and happy to help with testing and doc work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d2d24ea-c03e-4af6-82ff-f42717e3a461%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Building Centos template conflict error?
On Fri, Mar 02, 2018 at 12:41:29AM -0800, Tim W wrote: > On Tuesday, February 27, 2018 at 2:37:46 AM UTC-5, Frédéric Pierret (fepitre) > wrote: > > Le mardi 27 février 2018 00:30:10 UTC+1, Tim W a écrit : > > > Great that was failing basically on all non standard templates i.e. not > > > fedora, debain, or whonix. They would all fail but it seems each had > > > issues ubuntu, centos, arch. Seems they are each getting fixed for 3.2 > > > and getting updated for 4.0 now. I was just testing to ensure things > > > were still working for building as I know many prefer to build their own > > > iso and templates vs binary. I am one. Figured if docs had to be > > > updated I would do that but it seems at most just a tweak or two in docs > > > is all thats needed. > > > > Indeed, it was just an adjustment with respect to the rpm spec of the > > conflicting package. CentOS is shipping a file in their own dconf but not > > Fedora. Recently a file /etc/dconf/profile/user has been used and provided > > by Qubes and that is why there was a recent conflict. The template for R4.0 > > is on the road! I finished last week to do all the necessary and Marek is > > currently implementing it. > > > > > Thanks again for you and Marek getting it working > > > > You're welcome. > > Just tried to build the standard template only under 3.2 and got this conflict > > Transaction check error: > file /etc/dconf/profile/user from install of > qubes-core-vm-3.2.25-1.el7.centos.x86_64 conflicts with file from package > dconf-0.26.0-2.el7.x86_64 > > It fails on $make template > It's the same conflict - I guess you need to wait for the change to be merged to 3.2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302090527.hzdlgrxi2cf3judo%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems with qvm-run --pass-io
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/02/2018 08:38 AM, Robert Walz wrote: > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat > "/home/user/meta.raw"' > > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command > with Ctrl+C, because the root.img became bigger than the original > file's size. Then I got the following error messages. Could you post: [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh "/home/user/meta.raw"' Maybe your raw file is an sparse file. I'm not sure if cat would handle it fine. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqZE7MACgkQFBMQ2OPt CKV38g/8CLzOQ1j/mA5SclMy8u4XiOiB8WFTN+SID7dJl2P3PvX8hUQ7gv9vHjS6 SyuBsKRBIOgG6G102oizvc/5qYTU0u97iJ6j0b1uJKDJhadJbhbuDt2rx+d5X3CI AfFarelpiGjZHPIUZqYAmZeezvwV7wAvm3lwIBJm08Am3NYjIUhDQ/Tm1G2siN0B PgLjh3+FZEJjJ58cb0x9r08Y+xOFF1pOXYxiGmvRu1hC/kK+s3QRq/jlm7tbdiXE 2EDjVVxX7eNScMfmjs4w9QGa9Ez+Bfp/F0Yt7p6Gqvs3ELhgIL6g/udraZijUQlO X7NuON20bodrzfKtARYY6EMoi+zKp2Hv5x5v9gtnUgLUOtJkZVm+nuhGgyXbWDDq UJAb23GGfMh+vXmtgl7zFxrgeX5gV90+C0WzwL6hyKMRMPyoA1prmkJM4DVfgIWX NjdPCupxgspq9QIIIs9yTwzVZLeswm1CPu2XA4aFCUh5/l5gppahjkmaWO5PECj5 MHmTLh+pVBveMd6VDEa88zAY0qiIvfEyGhOS4y9dps8foYucQC3ojDJ/iXH4KWVq uzibhzMOtLtgvet9xCifciERtghArITkNvdlYLTC5tisqtrHA0byqgo1sKUkDqrK YbeSLyp8GTQ3mN+lcYXJ5HsEdJZtzxdYqve1IfopQsU7Z1LNurk= =oLBE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f34e13f-1a60-670a-8105-e8b930a446bd%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: Re: [qubes-users] Howto: Enable WWAN (LTE Sierra EM7345) in Qubes OS (Howto install ModemManager in Qubes)
Hi 799, > have you tried this: > qvm-prefs usbVM -s pci_strictreset false > See also: > https://www.qubes-os.org/doc/assigning-devices/ no, I didn't, and yes, that did the trick. Thanks! Best, Akira -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e08c95cc-9149-4a87-b8a3-d871d26f25e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Migrating to second hard drive
On Fri, Mar 02, 2018 at 04:10:24AM -, 'awokd' via qubes-users wrote: > On Fri, March 2, 2018 3:38 am, Glen H wrote: > > On Thursday, March 1, 2018 at 10:37:26 PM UTC-5, Glen H wrote: > > > >> Hi, > >> > >> > >> My primary SSD is out of space and I have a second hard drive. I've > >> formatted it but not sure how to migrate my cubes to it. Does anyone > >> have any instructions for doing this? > >> > >> Ideally, I'd boot from my new hard drive and use original one to store > >> my backups of my qubes. > >> > >> Thanks, > >> > >> > >> Glen > >> > > > > I forgot to mention that I'm on Qubes 4 and I'm pretty knowledgeable > > about Linux. > > Make sure you do a backup first. You might be able to "cheat" and DD the > small drive to the larger then expand, as long as you're comfortable with > LVM. On the other hand, pulling the small drive, installing Qubes on the > new, and restoring from backup wouldn't take that much longer. If you cheat you'll have to fix grub if you're using it. I suspect it'll be cleaner to take the second option and install 4.0 on the new drive when it comes out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302092600.4dywr6zfonh4idrt%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/24/2018 01:26 PM, 'awokd' via qubes-users wrote: > I'm attempting to convert the above into a Qubes doc > (https://github.com/awokd/qubes-doc/blob/transproxy/configuration/tran sparent-proxy.md) > > but don't have a Squid proxy to test against. > > For anyone who does (or is familiar with how they work): A) Does it > look right? B) In step 3, adding apt/dnf proxy settings to all > AppVMs based on the same template as the UpdateVM's seems a bit > broad. Is there a way to fine-tune it? C) Any special R4.0 > considerations? Well the biggest issue that if you have a transparent proxy that means you do not need any configuration about the proxy. That why it is TRANSPARENT. So it seems your corporate have normal proxies, not transparent ones. So the title (and the usage of the term: "transparent proxy") is misleading. Beside from that it is a good collection of all the possible proxy settings locations. - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZGWQACgkQGjNaC1SP N2QDHA/+KDsuGTavjimlA3nd6W0Wh7zmV7G8E7SFrF/NaY4ntftREKew8wPART6b Jq+nIkTBLGadVsjs0vyZA/6e442wT8fQ++yr+1oBcwlPK7fwUJ06n0qpS7ZPsrKG SXorr/oORb3O04Ru1fMAruxx3NvB+lOkJVnCFyG6KVaPx6sAfhvjVI6D43dm9xIl zBL9N537cU0o6EMw6JSMxVXu9+MvjD+vS4P/NOQC8rJj9I/t7j9GkbNI29RF+rAf UAtOFzvFD/4kYiym4pf68O/SSi2BNOw/Y7X7MYC2MPo6W+jsgMmcaZOUzVdvxvcW EaBj+floNKOxce/dwwMNLxEfRV+D8sQKzw4L0l/m9YcK8FdD0+gd5bby4xMY9f5e 0dTcDZ9dvbQ/64zv5KWyGLQ+/n48S19T/X2oOGMIKR8jTmnBhrd3Ft48Olhwe3Pn 8wDjxtbIK6B8Wdxl5rDYhjBGpsRlINzZr/e+hH+8H0bjWOJev6dgIwRzCKBaXLwM 8PVLxEQgweQWULX/be5LI3LILC10gqm6jXXpscvc6ZykjXiOHAsU5FfZ/bs120HP N2sHPE7K/mbgElbqZ8WhT+UrmIcaTacKmD35P6fRrLSggrgOrZKG7XsrbUQdRwH4 tauugFJmi99/QiuodJSfrn0Nrqb7uZHWEvng6iHlGEjP7FgEyBc= =4Qhq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89477a12-a979-a273-a369-83ba2c8336d4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] kernel panic after upgrade
Hello, Unfortunately after the last update of Qubes 4.0 I have a kernel panic: "unable to mount root fa on unknown block" and would appreciate if somebody here could give me a tip. I installed Qubes 4.0-RC1 and since then been only updating. After the next-to-last update I was not able to boot xen 4.8.3 and linux 4.14.13-3. With the following configuration: xen 4.8 and linux 4.9.56-21 there is no problem. My machine is Lenovo T470S. Does anyone have an idea? m -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302092214.Horde.FjwmsmuxwtpyuRAHnW4jwA1%40webmail.df.eu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
On Fri, March 2, 2018 9:29 am, Zrubi wrote: > > So it seems your corporate have normal proxies, not transparent ones. > So the title (and the usage of the term: "transparent proxy") is > misleading. I caught that too after the email, the PR I submitted doesn't talk about "transparent" any more. > Beside from that it is a good collection of all the possible proxy > settings locations. Thanks for looking it over! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/511af2b5ee832180559f43874df5c545.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems with qvm-run --pass-io
On Fri, Mar 02, 2018 at 10:04:53AM +0100, donoban wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 03/02/2018 08:38 AM, Robert Walz wrote: > > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat > > "/home/user/meta.raw"' > > > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command > > with Ctrl+C, because the root.img became bigger than the original > > file's size. Then I got the following error messages. > > Could you post: > > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh > "/home/user/meta.raw"' > > Maybe your raw file is an sparse file. I'm not sure if cat would > handle it fine. I think you're right. cat will churn the whole file, you need some alternative that is sparse aware. The best approach would be: qvm-run --pass-io tempDebian 'tar -Scf - /home/user/meta.raw' > meta.tar and then untar the resulting file Almost anything else (dd, rsync etc) will have some overhead in my experience. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302101438.6iin6nqv6oq46gmw%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems with qvm-run --pass-io
On 03/02/2018 04:04 AM, donoban wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/02/2018 08:38 AM, Robert Walz wrote: [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command with Ctrl+C, because the root.img became bigger than the original file's size. Then I got the following error messages. Could you post: [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh "/home/user/meta.raw"' Maybe your raw file is an sparse file. I'm not sure if cat would handle it fine. If source is sparse, you can also save it as sparse by piping through dd: qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' | dd conv=sparse of=/var/lib/qubes/appvms/metasploitable/root.img -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a92dc2f-a37c-6544-75e7-97f8e35795a4%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems with qvm-run --pass-io
On Fri, Mar 02, 2018 at 05:38:11AM -0500, Chris Laprise wrote: > On 03/02/2018 04:04 AM, donoban wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On 03/02/2018 08:38 AM, Robert Walz wrote: > > > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat > > > "/home/user/meta.raw"' > > > > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command > > > with Ctrl+C, because the root.img became bigger than the original > > > file's size. Then I got the following error messages. > > > > Could you post: > > > > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh > > "/home/user/meta.raw"' > > > > Maybe your raw file is an sparse file. I'm not sure if cat would > > handle it fine. > > > If source is sparse, you can also save it as sparse by piping through dd: > > qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' | dd conv=sparse > of=/var/lib/qubes/appvms/metasploitable/root.img > > But that way you still cat the WHOLE file and then only resparse it after the transfer. It will take significantly longer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180302105643.eqhk2rbgyoqqizbq%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Solved/Progress [Re: Cannot assign USB controller to App VM anymore (Qubes 3.2)]
I seem to have it working; I'll outline the steps in case others run into this. Nevertheless, I'd appreciate an 'authoritative answer' since I was 'fishing blindly'. [More see inline] Am Freitag, 2. März 2018 09:34:18 UTC+1 schrieb sbor...@gmail.com: > Dear Qubes community, > > after using 3.1 and 3.2 in production on my primary laptop > (Lenovo X220), and having used that machine to test Qubes since R2, > I now have the need to make my built in camera available in an App VM (I > choose untrusted, but may a dedicated one later on). > > However, I am failing to pass through the > USB controller to the App VM. [snip] I reread https://www.qubes-os.org/doc/assigning-devices/ and tried enabling 'permissive' mode as described for R3.2 in the above documentation. However, this per se doesn't work, as the target file (/sys/bus/pci/drivers/pciback/permissive) is not writeable, even for root and even when triggered through systemd. However, I then compared the 'kernelopts' of 'sys-net' to those of 'untrusted', and noted that 'iommu=soft swiotlb=8192' where missing in the latter. So I added those, together with forcing 'pci_strictreset False'. After rebooting the whole machine, untrusted has grabbed the usb hub and sees the camera. The expected loss of a USB port due to the strange 'wiring' of the Lenovo X220 is acceptable to me; furthermore, I do plan to attach the pci device only when I know that I'll need the camera. [snip] > > And xl dmesg shows: > > XEN) [VT-D] It's disallowed to assign :00:1a.0 with shared RMRR at > da8d5000 for Dom5. > (XEN) XEN_DOMCTL_assign_device: assign :00:1a.0 to dom5 failed (-1) > For the record, xl dmesg is now telling me that [VT-D] It's risky to assign .. with shared RMRR at .. for Dom4 what ever that means. I don't know which of the options / changes did the trick, but one or more of the above seems to enable the camera in 'untrusted'. Best regards, Stefan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d5f0ff0-e25a-4cdd-81f3-d8e98db7525a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] how to use email securely in qubes? thunderbird doesn't send messages
1 email or multiple emails. says sending message when clicking send (stuck) in thunderbird. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e97aa357730b798de37e6c9882c7cae%40disroot.org. For more options, visit https://groups.google.com/d/optout.