Re: [qubes-users] alternative to bloated templates for faster work and minimal boot time/resources used

[qubenix]

> But here's how you could start the loop:
> 
> qvm-ls --running -O name | (read line; while read line; do qvm-run -p
> $line 'your vm command goes here'; done)
> 
> There is an extra 'read line' at the start to get rid of the qvm-ls header.

Adding `--raw-data` should avoid the header (untested).


-- 
qubenix

CODE PGP: FE7454228594B4DDD034CE73A95D4D197E922B20
EMAIL PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
IRC OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/305c855b-7498-a61f-72aa-abef0c10%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] alternative to bloated templates for faster work and minimal boot time/resources used

[Chris Laprise]

On 12/12/2018 04:01 PM, 799 wrote:

Hello,

Am Sa., 1. Dez. 2018, 05:12 hat Chris Laprise > geschrieben:



Linux tends allocate whatever amount of RAM is given to it, even if
that
memory isn't put to use.

The only real negative to reducing VM memory is that it may start to
use
swap space if you open a lot of tabs. [...]


You can check swap use from the VM's terminal with the 'free' command.
[...]


We could write a script which runs in dom0 and runs the 'free' command 
in every AppVM (qvm-run) which is running and if swap space is used send 
a notification.
This script could run via a regular cronjob like every few minutes 
(assuming that swap space will slowly grow and used for a longer time).


I would like to do so, the only missing part is how I can create a 
qvm-run command which runs on every running qube.

Must be something like FOR ...

... Can someone help building this part, then I'll try to do the rest.


Keep in mind this is somewhat _risky_ because its parsing data supplied 
by appVMs.


But here's how you could start the loop:

qvm-ls --running -O name | (read line; while read line; do qvm-run -p 
$line 'your vm command goes here'; done)


There is an extra 'read line' at the start to get rid of the qvm-ls header.

Sanitizing should be done on any results you get back from qvm-run.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/258b529b-0434-3211-7063-972c4c9e13f8%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] alternative to bloated templates for faster work and minimal boot time/resources used

[799]

Hello,

Am Sa., 1. Dez. 2018, 05:12 hat Chris Laprise 
geschrieben:

>
> Linux tends allocate whatever amount of RAM is given to it, even if that
> memory isn't put to use.
>
> The only real negative to reducing VM memory is that it may start to use
> swap space if you open a lot of tabs. [...]


> You can check swap use from the VM's terminal with the 'free' command.
> [...]


We could write a script which runs in dom0 and runs the 'free' command in
every AppVM (qvm-run) which is running and if swap space is used send a
notification.
This script could run via a regular cronjob like every few minutes
(assuming that swap space will slowly grow and used for a longer time).

I would like to do so, the only missing part is how I can create a qvm-run
command which runs on every running qube.
Must be something like FOR ...

... Can someone help building this part, then I'll try to do the rest.

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vv9_kXLZiKmVWBYoT8JiCPUQTjENt5X93g6SF%3DxTVTaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] updating CentOS-7 templates

[Achim Patzner]

I just updated my CentOS templates (with hundreds of packages being
upgraded) which seems to have messed up the X environment sufficiently;
did that only happen to my local generated templates or is that worth
reporting an issue?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8519467e6b306bb3922fd9e460c7a1b2b50ad74.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?

[taii...@gmx.com]

On 12/12/2018 03:56 PM, stefanneuhaus2...@gmail.com wrote:
> New to Qubes with basic Linux knowledge i installed successfully a desktop 
> system with follwing configuration:
> 
> Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon R7 370, 32 GB 
> RAM
> 
> I can update templates and install appvms without issues. Everything works.
> 
> My question is now: On Boot screen i get some error messages (see following 
> screen). Possibly there is a lack of safety i can not estimate. Everything 
> works but under the surface i did not know if it is as safe as it should be. 
> Are there some basic tests which should be made? Or is it enough when the 
> system works?
> 

Well you are stuck with a system that has a very obvious frontdoor
backdoor called AMD PSP platform "security" processor (as in security
from you) that prevents you from doing as you please with the system
firmware hence it is not really your computer.

If you want one that is owner controlled and has free (as in freedom)
open source firmware I have written many walls of text on this subject
so just use a non-google search engine to find my previous posts.

You also are using gmail which is really bad if you care about not being
put of of work or murdered by a robot - your emails and re-captcha
solves are fed in to a massive database that helps googles AI research
including killer robots like project maven and also of course sold to
advertisers and anyone else who can pay.

I do not load images from random people if you want help you have to
send text only.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2e9400b-89b3-3aa4-62f7-a7935081bd2a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R4.0: sys-net, sys-firewall and other network VM(s) forced to always be on

[reby]

On 12/12/18 9:04 PM, Nick wrote:

Hello,
I'm experiencing the same issue ... sometimes. I am most of the time
able to shutdown my sys-net vm. Sometimes I have to try multiple times.

Thanks,
Niav

reby:

On 12/11/18 1:31 AM, mike wrote:

Hi All,

I cannot stop sys-net, sys-firewall and my other network VM.
Even though I unset "Start qube automatically on boot", they all start
during boot.
Also, when I shutdown any of them, it immediately boots up again after
shutdown.
This is happening with no other VM running.

This is on R4.0.

Could you please help?

Thanks,
Mike



what does qvm-prefs say for the VMs ?  post it here out of dom0






IIRC sys-net sometimes can be stubborn if one is not patient enough so 
use qvm-kill if in a hurry . personally I don't see a downside of it 
autostarting, though I guess one might have reasons to not want that, 
any way



remember to   NOT top post. .. and provide qvm-prefs sys-net 
information IMO




https://www.qubes-os.org/doc/copy-from-dom0/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9268550-773b-01d6-d503-67a3af87ade8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?

[Sphere]

On Thursday, December 13, 2018 at 9:59:27 AM UTC+8, tai...@gmx.com wrote:
> On 12/12/2018 03:56 PM wrote:
> > New to Qubes with basic Linux knowledge i installed successfully a desktop 
> > system with follwing configuration:
> > 
> > Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon R7 370, 32 GB 
> > RAM
> > 
> > I can update templates and install appvms without issues. Everything works.
> > 
> > My question is now: On Boot screen i get some error messages (see following 
> > screen). Possibly there is a lack of safety i can not estimate. Everything 
> > works but under the surface i did not know if it is as safe as it should 
> > be. Are there some basic tests which should be made? Or is it enough when 
> > the system works?
> > 
> 
> Well you are stuck with a system that has a very obvious frontdoor
> backdoor called AMD PSP platform "security" processor (as in security
> from you) that prevents you from doing as you please with the system
> firmware hence it is not really your computer.
> 
> If you want one that is owner controlled and has free (as in freedom)
> open source firmware I have written many walls of text on this subject
> so just use a non-google search engine to find my previous posts.
> 
> You also are using gmail which is really bad if you care about not being
> put of of work or murdered by a robot - your emails and re-captcha
> solves are fed in to a massive database that helps googles AI research
> including killer robots like project maven and also of course sold to
> advertisers and anyone else who can pay.
> 
> I do not load images from random people if you want help you have to
> send text only.

How about give us keywords to help us search this and have it at the first 
search result?

As for stefanne's inquiry, here are my thoughts:
It's usually normal to see error messages on start of a linux system cause 
consumer motherboards production processes still have no proper arrangement to 
fully support Linux operating systems much to our dismay.
To check the level of your safety, I recommend you produce one of these and see 
the results:
https://www.qubes-os.org/doc/hcl/#generating-and-submitting-new-reports

If it's a yes on HVM, IOMMU, and SLAT then that means your hardware works very 
well on Qubes. To further increase security, I recommend you to turn off SMT 
(Simultaneous Multi-threading) as recently there's been a high surge of 
vulnerabilities involving multi-threading/hyperthreading and will probably 
haunt us for years to come.

Additionally, if you have an entry of IOMMU=no
Go search around your BIOS setup for an option like AMD-Vi or IOMMU and set 
that to enabled.
Product another report to check and see if the entry changes to IOMMU=yes
IOMMU is essential because it protects you from alot of complex attacks like 
Direct Memory Access (DMA) attacks.

Lastly, check for updates everyday and never neglect them for maximum security!
After all this, you may want to configure a VPN.

As for the Platform Security Processor, well it's an option for people whether 
or not they would go with it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6f243b3-d1db-4ed5-9e77-b8f7bf5ae37b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes with newer hardware and error messages still safe enough?

[Tseng Wynn]

stefanne...@gmail.com於 2018年12月13日星期四 UTC+8上午4時56分35秒寫道：
> New to Qubes with basic Linux knowledge i installed successfully a desktop 
> system with follwing configuration:
> 
> Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon R7 370, 32 GB 
> RAM
> 
> I can update templates and install appvms without issues. Everything works.
> 
> My question is now: On Boot screen i get some error messages (see following 
> screen). Possibly there is a lack of safety i can not estimate. Everything 
> works but under the surface i did not know if it is as safe as it should be. 
> Are there some basic tests which should be made? Or is it enough when the 
> system works?

Try installing kernel-latest and kernel-latest-qubes-vm on dom0 to see if the 
error messages disappeared?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5d40a4b-49be-4ea9-b490-f44f8f77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] updating CentOS-7 templates

[Wynn Tseng]

Yes, mine happened too.
Post error log about /var/log/Xorg.0.log in centos-7 template.
In dom0, use sudo xl console (insert centos vmname here)to access centos7 vm

From: qubes-users@googlegroups.com  on behalf of 
Achim Patzner 
Sent: Thursday, December 13, 2018 9:49:21 AM
To: qubes-users
Subject: [qubes-users] updating CentOS-7 templates

I just updated my CentOS templates (with hundreds of packages being upgraded) 
which seems to have messed up the X environment sufficiently; did that only 
happen to my local generated templates or is that worth reporting an issue?


Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to 
qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8519467e6b306bb3922fd9e460c7a1b2b50ad74.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/MA1PR01MB0566D7DFC5D52B579827D3F4FFA00%40MA1PR01MB0566.INDPRD01.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R4.0: sys-net, sys-firewall and other network VM(s) forced to always be on

[reby]

On 12/11/18 1:31 AM, mike wrote:

Hi All,

I cannot stop sys-net, sys-firewall and my other network VM.
Even though I unset "Start qube automatically on boot", they all start during 
boot.
Also, when I shutdown any of them, it immediately boots up again after shutdown.
This is happening with no other VM running.

This is on R4.0.

Could you please help?

Thanks,
Mike



what does qvm-prefs say for the VMs ?  post it here out of dom0

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9604e0d-9440-6adb-2832-8efff039286e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: R4.0: sys-net, sys-firewall and other network VM(s) forced to always be on

[Nick]

Hello,
I'm experiencing the same issue ... sometimes. I am most of the time
able to shutdown my sys-net vm. Sometimes I have to try multiple times.

Thanks,
Niav

reby:
> On 12/11/18 1:31 AM, mike wrote:
>> Hi All,
>>
>> I cannot stop sys-net, sys-firewall and my other network VM.
>> Even though I unset "Start qube automatically on boot", they all start
>> during boot.
>> Also, when I shutdown any of them, it immediately boots up again after
>> shutdown.
>> This is happening with no other VM running.
>>
>> This is on R4.0.
>>
>> Could you please help?
>>
>> Thanks,
>> Mike
>>
> 
> what does qvm-prefs say for the VMs ?  post it here out of dom0
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f520fc1-de4f-3db8-0bd6-51e03affc539%40web.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] error device attach failed. no device info received, connection failed.

[haaber]

This happens when I connect my mobile via usb. I have qubes-input-proxy 
installed on sys-usb and untreusted (say), and I can mount other usb 
devices (my backup HD  for example). Did you encouter this problem 
already? Thank you for hints. Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90213f12-d613-0ecd-027d-1ddf8df416ef%40web.de.
For more options, visit https://groups.google.com/d/optout.