Re: [qubes-users] F2 stoped working after last kernel update

[dimi]

>
> It wasn't the boot sequence itself I thought might be unsafe, but the 
> process of converting a functioning UEFI Qubes install over to it could 
> pretty easily end up with a non-booting system. That could be painful to 
> recover from, depending on one's comfort level. Let's call it a sliding 
> scale of safety. :) 
>   
>
Probably going to happen. Going to postpone this switch and thanks for 
clarifying.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc65b44c-9480-41a4-8d04-053ab2770111%40googlegroups.com.

[qubes-users] Re: Raid 5 failure

['Whenow' via qubes-users]

What are (or how do I find on my system in /boot) the internal commands qubes 
uses to assemble a raid, open a luks container in the raid and then recognize 
and open an lvm? I'm working on recovering my system after a raid disk died, 
forcing my raid to fall apart. I was able to reassemble raid, I think, and was 
able to command open the encrypted container (which leads me to believe the 
stuff inside my raid is good and consistent) but things like vgscan and the 
like always return no volume groups, logical volumes, physical volumes. Is 
there an exact, proper structure to getting my lvm stuff working or am I 
probably screwed? Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nDBXy3SStowfi5R4cMbaydYWJpEq68fWT4sN_r9nkoCguyGuoloIMlhp-Bk3N-vtNZKJ-o5JVOsGxjFvWqPcoZfayU7rrVLQaL1xzXhQqIA%3D%40protonmail.com.

Re: [qubes-users] F2 stoped working after last kernel update

[Claudia]

'awokd' via qubes-users:

Claudia:


So I'm not sure why it would be unsafe. In fact I'm thinking about
manually enabling grub (in UEFI mode) just to ease troubleshooting in
the future should I ever run into any boot issues. Just my take, but I
could be wrong.


It wasn't the boot sequence itself I thought might be unsafe, but the
process of converting a functioning UEFI Qubes install over to it could
pretty easily end up with a non-booting system. That could be painful to
recover from, depending on one's comfort level. Let's call it a sliding
scale of safety. :)



Oh, I thought you were saying grub in general on UEFI systems was 
unsafe. Makes sense now.


-
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/003e6c7d-485b-da9c-7d2d-72657bcfaf95%40vfemail.net.

[qubes-users] Re: Qubes won't install on legacy BIOS (non-UEFI supported pc)

[tjarrell8]

I don't see that option to set USB 3.0 to legacy mode, I believe all my USB 
ports are 3.0

On Wednesday, September 18, 2019 at 1:11:43 PM UTC-5, Lorenzo Lamas wrote:
>
> Some of my USB thumb drives are not detected when trying to boot from 
> them, others work fine though.
> Also, one of my machine doesn't detect a USB thumb when trying to boot 
> from it in a USB 3.0 port, unless I go to Bios and set the USB 3.0 ports to 
> Legacy mode.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32827536-c14a-44b4-87dd-56144a6237fe%40googlegroups.com.

[qubes-users] Downsizing private partition of a Linux VM failed

[kototama kototama]

I have followed the instructions 
(https://www.qubes-os.org/doc/resize-disk-image/) to down size the private 
partition of Linux VM (after typing 4M instead of 4000M in the GUI, 
gosh!).

However, now I can start the VM but I cannot start any application within. 
"qvm-run personal-email xterm" does not work for example.

/var/log/qubes/vm-name.log does not show anything special.

Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69752e90-1ef8-496a-b13f-7751f47e8f4c%40googlegroups.com.

Re: [qubes-users] F2 stoped working after last kernel update

['awokd' via qubes-users]

Claudia:

> So I'm not sure why it would be unsafe. In fact I'm thinking about
> manually enabling grub (in UEFI mode) just to ease troubleshooting in
> the future should I ever run into any boot issues. Just my take, but I
> could be wrong.

It wasn't the boot sequence itself I thought might be unsafe, but the
process of converting a functioning UEFI Qubes install over to it could
pretty easily end up with a non-booting system. That could be painful to
recover from, depending on one's comfort level. Let's call it a sliding
scale of safety. :)

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c6209d9-7eb2-0daf-0b69-8223b3a44938%40danwin1210.me.

Re: [qubes-users] F2 stoped working after last kernel update

[Claudia]

'awokd' via qubes-users:

dimi:


Could not find a solution how, if even possible to pick which kernel to
boot or/and modify kernel parameters before booting like i am used from
grub by pressing 'e'.
Does UEFI Boot support this or/and how can i safely switch my setup to grub
boot? I would like to see what happens when i remove the plymouth option (:


UEFI boot doesn't support on-the-fly modifications like grub. You can
edit that xen.cfg and change the default= to a different entry, but it
won't take effect until next boot. It might be possible to switch boot
to grub, but I wouldn't call it "safe". Some of the new systems only
support UEFI booting, for example, so switching to grub might break boot.


Doesn't grub support UEFI? That is, can't the firmware's UEFI loader 
load grub in UEFI mode (grub.efi), which can then boot other OSes just 
like it does in legacy mode (with menu, command line, config editor 
etc)? So grub should work fine on a UEFI-only machine, shouldn't it?


Actually, I found that if you install qubes on another partition on a 
machine that already has qubes (or maybe any OS), (perhaps only if they 
share a /boot), the qubes installer will enable grub (the UEFI entry 
becomes grub.efi instead of xen.efi). And I'm pretty sure legacy boot 
was disabled when I did it.


So I'm not sure why it would be unsafe. In fact I'm thinking about 
manually enabling grub (in UEFI mode) just to ease troubleshooting in 
the future should I ever run into any boot issues. Just my take, but I 
could be wrong.


-
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00844dc4-87c7-fd6a-6a14-59f1fd1e3627%40vfemail.net.

Re: [qubes-users] Ghost in menu

['awokd' via qubes-users]

'Andrzej Andrzej' via qubes-users:
> Recently, I created a virtual machine called sys-firewall-raspberrypi-2 
> through the graphical wizard of virtual machines, then removed it with the 
> qvm-remove sys-firewall-raspberrypi-2  command in the terminal. After 
> deleting, there is something like this in the menu despite the fact that the 
> qvm-ls command no longer displays this virtual machine.
> 
> https://imgur.com/a/VKEoUqm
> 
> Any idea why it is here?
> 
If you close and re-open Qube Manager, does it go away?

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2890b5d9-ab85-dc2a-8ce9-d83b0a49c19f%40danwin1210.me.

Re: [qubes-users] sys-net

[Steve Coleman]

On 2019-09-18 08:43, unman wrote:

On Wed, Sep 18, 2019 at 02:04:53PM +0200, haaber wrote:

today I had a look in logs of my router, and discovered that it logs my
qubes machine as "sys-net". I did not change anything in my
"out-of-the-box" sys-net, so I presume that the observed behaviour is
common to all standard qubes installs.
Q: is it a wanted feature that all wireless networks immediately know
that I use qubes? I think that this is a bad idea, and that some "dummy
name" suggesting a standard linux system would be a better choice. That
keeps an epsilon more anonymity and reduces attack surface about
epsilon^2 (since target system unclear). Some comments? Hints how to
change that?

Cheers, Bernhard



It's a long standing bug in NetworkManager.
You *should* be able to disable this globally - you cant.
What you can do is set "ipv4.dhcp-send-hostname no" for EACH connection.
You would, of course, have to do this before connecting for the first
time to avoid leaving trace.

Some Alternatives :
Dont use NM - its' horrible anyway.
Dont use Qubes default names for system qubes - good practice in any
case.
Use a throwaway random name (like Windows-PC-2456) for whatever you use
for sys-net. You can set up a simple script to do this each time you
start your Qubes box,providing you have disabled relevant autostarts. I
think this is best practice.



How about just adding:

sudo nmci general hostname 

to the /rw/config/rc.local script in the sys-net vm. Then that script 
should kick off before the network interface comes up, and so nm should 
use that setting as the system hostname.


If needed/desired you can also add some randomizing function to create a 
different hostname each time you boot.


NUMBER=$(cat /dev/urandom | tr -dc '0-9' | fold -w 8 | head -n 1 )
sudo nmci general hostname PC-${NUMBER}

e.g.
PC-88815209

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c784ead3-7ddf-8a9f-4721-1d85cae633f8%40jhuapl.edu.

Re: [qubes-users] "Root File out of memory warning"?

['awokd' via qubes-users]

brendan.h...@gmail.com:

> What I think you are seeing is this: Linux keeps tracks of discards in the 
> current session and won't re-issue discards if it hasn't subsequently 
> written to the already-discarded area. Reboot and try again. The first time 
> after reboot, it should issue discards to the non-allocated portion of the 
> volume.

That was it; thank you. I have a daily job that runs trim and must have
checked afterwards.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ff9426eb-cd9a-50f7-f8a0-9243ae7743fb%40danwin1210.me.

[qubes-users] Re: Qubes won't install on legacy BIOS (non-UEFI supported pc)

[Lorenzo Lamas]

Some of my USB thumb drives are not detected when trying to boot from them, 
others work fine though.
Also, one of my machine doesn't detect a USB thumb when trying to boot from 
it in a USB 3.0 port, unless I go to Bios and set the USB 3.0 ports to 
Legacy mode.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c86dbca-b870-4a81-b731-f2a226b3641f%40googlegroups.com.

Re: [qubes-users] qvm-open-in-vm behavior with URLs

['Oli Sturm' via qubes-users]

> On Wednesday, September 18, 2019 2:14 PM, unman un...@thirdeyesecurity.org 
> wrote:
> 

> > 2.  Cant help you with brave.
> > There's obviously something wrong with your browser/firefox
> > configuration in "untrusted"."x-www-browser: command not found" is
> > obviously wrong. 


I looked into this. It's complicated. At the core of it however is Brave - you 
were right about that. Turns out Brave has a segfault bug that comes up when a 
window is already open: https://github.com/brave/brave-browser/issues/4142

In a nutshell, the RPC process ends up in xdg-open, which has a million 
fallbacks - and the segfault results in a non-zero exit code, so xdg-open keeps 
looking. 


Here are steps to work around the issue, until they fix that bug:

1. x-www-browser isn't really needed, but I thought it couldn't hurt to have 
it. So I created one in /usr/local/bin/x-www-browser:

#!/bin/sh
/usr/bin/brave-browser-stable $@ || true

As you can see, this ignores the error result from the segfault bug.

2. I created a copy of the Brave .desktop file:

sudo cp /usr/share/applications/brave-browser.desktop 
/usr/local/share/applications

3. I edited that clone and replaced calls to 
/usr/local/bin/brave-browser-stable with calls to /usr/local/bin/x-www-browser

Now everything works. Since all my changes are in /usr/local, they can be 
applied in VMs or TemplateVMs.

Cheers
Oli

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EM7hMLraPgcFcGFpV0Wu4Nl-e8mo7zsUAE-VetqJ8oHEerFFggXr6xBLqb_Dc6xb1BtvI8BAuEGTnX7gZ4__cVcFBGW6JGwpNQ3m-JJQ0rw%3D%40oliversturm.com.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Qubes compability with HP Elitebook 820 G2 i5

[Stumpy]

On 9/16/19 8:24 PM, Franz wrote:



On Mon, Sep 16, 2019 at 6:34 PM 'awokd' via qubes-users 
mailto:qubes-users@googlegroups.com>> wrote:


'minttu.hopeasuo' via qubes-users:
 > Hej...
 >
 > Any chance to get Q4 to work with this hardware?
 > (HP Elitebook 820 G2 i5 / 16GB RAM / 512 GB SSD)
 >
 > I understood that it should meet the listed hardware
requirements, but both 4.0.1 and 4.0.2-rc1 installer complains about
missing VT-x / Immuo support.

Did you see

https://www.qubes-os.org/faq/#can-i-install-qubes-4x-on-a-system-without-vt-x-or-vt-d
(especially about checking UEFI config.)?

 > Found some info in the forums that some hardware is identified
wrong and some people have circumvented this via editing some
parameters on the installer and recompiling it to get the installer
working properly?

That's sometimes needed with UEFI boots, but sounds like you're getting
past that point already.


The CPU of some machine supports vt-d, but the default BIOS does not. 
You may need to check if your BIOS requests to check a flag to allow 
vitualization.

best

-- 
- don't top post

Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google

Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/df864db5-f23f-813a-232f-561f4e7f1249%40danwin1210.me.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCZmuA_EK12hWnQg%2BT2B3mRbrGW-jD2Ty9uLHOuTRZVVg%40mail.gmail.com 
.


For what its worth Qubes 4 runs like a (fairly slow even with 16gb mem) 
champ on my HP 8640p elitebook.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/faf8b0fc-dff4-2b3b-dcca-c7b28ddce164%40posteo.net.

Re: [qubes-users] qvm-open-in-vm behavior with URLs

['Oli Sturm' via qubes-users]

On Wednesday, September 18, 2019 2:14 PM, unman  
wrote:

> 1.  It's a security feature, asking for confirmation.
> If you dont want it -
> Set in /etc/qubes-rpc/policy/qubes.OpenURL:
> whatever $anyvm allow,target=untrusted
> 

> This will set untrusted as default handler for URLs with no prompt at
> all.

Right, thanks. I would personally prefer it if the argument passed to 
qvm-open-in-vm was used to pre-select. Not a big thing though.

> 2.  Cant help you with brave.
> There's obviously something wrong with your browser/firefox
> configuration in "untrusted"."x-www-browser: command not found" is
> obviously wrong. Try fixing that and setting to brave.
> It works as intended in Debian-10 with chromium, with no spurious
> firefox entries. Give it a try.

Fair enough. I wasn't assuming that the issue was specific to Brave, but who 
knows. 


Thanks
Oli

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/rVcOkF2Xz_gV9--c3ruBjqHiCyZg-440k-GyaHpWJsQfGD9NUhzAh_bn_fBqkWeBdAnV1Ss9S6EpWC7RlIJLNiUTf32N-MuUTl3mYVRSXWw%3D%40oliversturm.com.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Qubes won't install on legacy BIOS (non-UEFI supported pc)

[unman]

On Tue, Sep 17, 2019 at 11:48:02PM -0700, cxrv...@gmail.com wrote:
> My system doesn't support UEFI Firmware, The USB works fine on Rufus but 
> whenever I try to boot from the USB via boot menu it's almost like it 
> doesn't even detect my USB since every single boot device I've tried on the 
> boot menu I see that damn Windows logo every time. I already tried making 
> the USB device the boot priority and that doesn't seem to work. I even 
> tried on a different computer with UEFI settings and guess what? It worked 
> perfectly. It's crazy how my computer is custom built but doesn't have UEFI 
> lol...
> 
Obviouslyt Qubes does install on legacy systems.
Try any live image burnt to USB, and another USB device.
You may be right that it is not detecting the USB at all.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190918131811.GB32293%40thirdeyesecurity.org.

Re: [qubes-users] qvm-open-in-vm behavior with URLs

[unman]

On Wed, Sep 18, 2019 at 11:46:20AM +, 'Oli Sturm' via qubes-users wrote:
> Hi,
> 
> I'm trying to set up URL handling along the lines 
> of??https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/??for
>  my email vm. However, the qvm-open-in-vm command behaves strangely in two 
> different ways.
> 
> 1. Much less important than (2) but still irritating: I execute 
> "qvm-open-in-vm untrusted http://example.com;, where "untrusted" is of course 
> the name of my VM. The confirmation dialog pops up and requires me to select 
> or type "untrusted" a second time before I can open the URL. I found that if 
> I pass a string that is not the name of a VM, the command doesn't even 
> execute - so is this an additional security feature? Or rather a bug? 
> Shouldn't "untrusted" by preselected in the confirmation dialog?
> 
> 2. In the "untrusted" VM, the default browser is Brave:
> 
> [user@untrusted]~% xdg-settings get default-web-browser
> brave-browser.desktop
> 
> When I execute the command qvm-open-in-vm untrusted http://example.com??in my 
> email VM and confirm the operation, three things happen:
> 
> a. The running Brave browser in "untrusted" shows a new tab for 
> http://example.com??- excellent, that's the idea.
> b. A new window opens for Firefox running in "untrusted", also showing 
> http://example.com??- this is rather unexpected and inexplicable to me.
> c. The console shows various warnings, errors and crashes:
> 
> [user@sensitive]~% qvm-open-in-vm untrusted http://example.com
> 
> [3800:3800:0918/122055.414677:ERROR:sandbox_linux.cc(369)] 
> InitializeSandbox() called with multiple threads in process gpu-process.
> 
> /usr/bin/xdg-open: line 756:?? 3769 Segmentation fault?? (core 
> dumped) "$command_exec" "$@"
> 
> /usr/bin/xdg-open: line 881: x-www-browser: command not found
> 
> [Parent 3923, Gecko_IOThread] WARNING: pipe error (45): Connection reset by 
> peer: file 
> /builddir/build/BUILD/firefox-68.0.2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc,
>  line 358
> 
> Any ideas what's going wrong here? My setup is R4.0 with all updates 
> installed today. Both VMs used in my tests are based on Fedora 29.
> 
> Thanks
> Oli
> 

1. It's a security feature, asking for confirmation.
If you dont want it -
Set in /etc/qubes-rpc/policy/qubes.OpenURL:
whatever $anyvm allow,target=untrusted

This will set untrusted as default handler for URLs with no prompt at
all.


2. Cant help you with brave.
There's obviously something wrong with your browser/firefox
configuration in "untrusted"."x-www-browser: command not found" is
obviously wrong. Try fixing that and setting to brave.
It works as intended in Debian-10 with chromium, with no spurious
firefox entries. Give it a try.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190918131418.GA32293%40thirdeyesecurity.org.

Re: [qubes-users] F2 stoped working after last kernel update

['awokd' via qubes-users]

dimi:

> Could not find a solution how, if even possible to pick which kernel to 
> boot or/and modify kernel parameters before booting like i am used from 
> grub by pressing 'e'.
> Does UEFI Boot support this or/and how can i safely switch my setup to grub 
> boot? I would like to see what happens when i remove the plymouth option (:
> 
UEFI boot doesn't support on-the-fly modifications like grub. You can
edit that xen.cfg and change the default= to a different entry, but it
won't take effect until next boot. It might be possible to switch boot
to grub, but I wouldn't call it "safe". Some of the new systems only
support UEFI booting, for example, so switching to grub might break boot.

However, as long as you have a Live boot image of some type nearby, you
can try edits in your xen.cfg. If it breaks something, boot the Live
image, mount your drive, and edit xen.cfg back. Looks like
https://github.com/QubesOS/qubes-issues/issues/3849 is why it got added,
so doesn't seem like it would hurt to try removing (but don't think it
would gain you anything either).

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1aca1f45-b77c-786d-78bd-8ee75be0dc71%40danwin1210.me.

Re: [qubes-users] sys-net

[unman]

On Wed, Sep 18, 2019 at 02:04:53PM +0200, haaber wrote:
> today I had a look in logs of my router, and discovered that it logs my
> qubes machine as "sys-net". I did not change anything in my
> "out-of-the-box" sys-net, so I presume that the observed behaviour is
> common to all standard qubes installs.
> Q: is it a wanted feature that all wireless networks immediately know
> that I use qubes? I think that this is a bad idea, and that some "dummy
> name" suggesting a standard linux system would be a better choice. That
> keeps an epsilon more anonymity and reduces attack surface about
> epsilon^2 (since target system unclear). Some comments? Hints how to
> change that?
> 
> Cheers, Bernhard
> 

It's a long standing bug in NetworkManager.
You *should* be able to disable this globally - you cant.
What you can do is set "ipv4.dhcp-send-hostname no" for EACH connection.
You would, of course, have to do this before connecting for the first
time to avoid leaving trace.

Some Alternatives : 
Dont use NM - its' horrible anyway.
Dont use Qubes default names for system qubes - good practice in any
case.
Use a throwaway random name (like Windows-PC-2456) for whatever you use
for sys-net. You can set up a simple script to do this each time you
start your Qubes box,providing you have disabled relevant autostarts. I
think this is best practice.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190918124338.GA31821%40thirdeyesecurity.org.

[qubes-users] sys-net

[haaber]

today I had a look in logs of my router, and discovered that it logs my
qubes machine as "sys-net". I did not change anything in my
"out-of-the-box" sys-net, so I presume that the observed behaviour is
common to all standard qubes installs.
Q: is it a wanted feature that all wireless networks immediately know
that I use qubes? I think that this is a bad idea, and that some "dummy
name" suggesting a standard linux system would be a better choice. That
keeps an epsilon more anonymity and reduces attack surface about
epsilon^2 (since target system unclear). Some comments? Hints how to
change that?

Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e88cfeaa-5339-96e9-f3b3-a7ed33329ea1%40web.de.

[qubes-users] qvm-open-in-vm behavior with URLs

['Oli Sturm' via qubes-users]

Hi,

I'm trying to set up URL handling along the lines of 
https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/ 
for my email vm. However, the qvm-open-in-vm command behaves strangely in two 
different ways.

1. Much less important than (2) but still irritating: I execute "qvm-open-in-vm 
untrusted http://example.com;, where "untrusted" is of course the name of my 
VM. The confirmation dialog pops up and requires me to select or type 
"untrusted" a second time before I can open the URL. I found that if I pass a 
string that is not the name of a VM, the command doesn't even execute - so is 
this an additional security feature? Or rather a bug? Shouldn't "untrusted" by 
preselected in the confirmation dialog?

2. In the "untrusted" VM, the default browser is Brave:

[user@untrusted]~% xdg-settings get default-web-browser
brave-browser.desktop

When I execute the command qvm-open-in-vm untrusted http://example.com in my 
email VM and confirm the operation, three things happen:

a. The running Brave browser in "untrusted" shows a new tab for 
http://example.com - excellent, that's the idea.
b. A new window opens for Firefox running in "untrusted", also showing 
http://example.com - this is rather unexpected and inexplicable to me.
c. The console shows various warnings, errors and crashes:

[user@sensitive]~% qvm-open-in-vm untrusted http://example.com

[3800:3800:0918/122055.414677:ERROR:sandbox_linux.cc(369)] InitializeSandbox() 
called with multiple threads in process gpu-process.

/usr/bin/xdg-open: line 756:  3769 Segmentation fault  (core dumped) 
"$command_exec" "$@"

/usr/bin/xdg-open: line 881: x-www-browser: command not found

[Parent 3923, Gecko_IOThread] WARNING: pipe error (45): Connection reset by 
peer: file 
/builddir/build/BUILD/firefox-68.0.2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc,
 line 358

Any ideas what's going wrong here? My setup is R4.0 with all updates installed 
today. Both VMs used in my tests are based on Fedora 29.

Thanks
Oli

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/qa6f1zqGI8OL-oGXtBLUDKpY2dTr0cTOaLZLtv8sH_ffvsvgy_A6BxwaZFOG1HB3mqzhnwjANPkah8V801Jca-Z4hzd8eMWOBn3oJhw6ZTk%3D%40oliversturm.com.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] "Root File out of memory warning"?

[brendan . hoar]

On Tuesday, September 17, 2019 at 6:15:12 PM UTC-4, awokd wrote:
>
> On a side note, anyone know why "sudo fstrim -av" in dom0 now says 0 
> bytes trimmed for root? I double-checked and have discard specified 
> everywhere it should be. Only thing I don't remember seeing before is 
> stripe=64 in the mount, but I searched issues and qubes-src for "stripe" 
> and didn't find anything related. 
>
> /dev/mapper/qubes_dom0-root on / type ext4 (rw,relatime,discard,stripe=64) 
>

You have discards enabled at all layers (fs and crypt)?

What I think you are seeing is this: Linux keeps tracks of discards in the 
current session and won't re-issue discards if it hasn't subsequently 
written to the already-discarded area. Reboot and try again. The first time 
after reboot, it should issue discards to the non-allocated portion of the 
volume.

This performance-oriented kernel behavior is one reason I am a proponent of 
activating/issuing discards in all the layers. Another is that SSDs consume 
the actual discards very quickly: hundreds of GBs can be discarded in 
seconds utilizing range discard requests supported by the internal queuing 
of the range discard requests.

Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8d0d123-f5c7-440c-92b0-2651350a543a%40googlegroups.com.

Re: [qubes-users] F2 stoped working after last kernel update

[dimi]

> Looks like you're using UEFI boot instead of grub, so kernel options are 
> right next door to the Xen options in xen.cfg- look one line down for 
> "kernel=". :) This is where I see rhgb quiet. 
> Plymouth.ignore-serial-consoles is new; you might also try removing, but 
> it could be there for a reason. 
>
Contrary to my believe i did had not searched for rhgb and just assumed it 
would be in the "options=" line.
You were right, after deleting it from the kernel i see dmesg messages and 
slight different UI for password. ESC key switches back and forth. 
Also adding pci=noaer in the kernel line finally removed the messages. 
Thanks.

Could not find a solution how, if even possible to pick which kernel to 
boot or/and modify kernel parameters before booting like i am used from 
grub by pressing 'e'.
Does UEFI Boot support this or/and how can i safely switch my setup to grub 
boot? I would like to see what happens when i remove the plymouth option (:

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ef1cc91-0f54-416c-95a0-f50dde01194c%40googlegroups.com.

[qubes-users] Qubes won't install on legacy BIOS (non-UEFI supported pc)

[cxrvus8]

My system doesn't support UEFI Firmware, The USB works fine on Rufus but 
whenever I try to boot from the USB via boot menu it's almost like it 
doesn't even detect my USB since every single boot device I've tried on the 
boot menu I see that damn Windows logo every time. I already tried making 
the USB device the boot priority and that doesn't seem to work. I even 
tried on a different computer with UEFI settings and guess what? It worked 
perfectly. It's crazy how my computer is custom built but doesn't have UEFI 
lol...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06ed32de-185d-481f-87ec-d8f5e24d2aa9%40googlegroups.com.

Re: [qubes-users] Qubes sys-net-private missing

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2019-09-16 12:34 PM, Private Name wrote:
> One last error Ive bern seeing is no matter the Qube or domain, in
> the settings, under the firewall-rules tab, the same error always
> pops up no matter what I do, which isand which pops up if I simply
> click on the firewall-rules tab:
> 
> “This Qube has networking disabled, (Basic—> Networking) - network
> will be disabled. If you want to use firewall, enable networking.”
> 
> However, as you can see, in the “Basic Tab” under Networking,
> unless I click none (which disables any network, even in the
> sus-net domain) the error is not only the same “ERROR: basic tab:
> Loops in network are unsupported.” but precludes the modification
> of any firewall rules under the same Tab.
> 

Please send these sorts of questions to the qubes-users mailing list
rather than qubes-devel. (I'm moving this thread there now.)

You can read more about the different mailing lists here:

https://www.qubes-os.org/support/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl2ByT8ACgkQ203TvDlQ
MDDagw//VSRxJpa3JfckoyCllKUQzjlYIphskU7bYdomV8jO4gTg9z9JQ+xEmT1Z
vk+KwoyssBVvwMtx8TLbh31OAM3VQDPLjW49Tn2OofriYKn70GUThFhjUyQxBZQu
rTuWPyFZhmHYgkXe/Sygr1awO/O+6m6NE0VISQ8t4D3sVhHvi5OIdItW31j/RD9c
tAuOsDSOooJ6P7xE6XzlLzUAxCoYUgUIfIfqdWkdOhn3TrNuXjugStEjZJiRfxux
wLmmgj4ahY072DUBECMBinsnad06zx7e5ugZtDl8caxAloOCI3qyzaYonJEhDDgv
yplaZJfRTv2V738JZ6f+tQLw2jXIXgY/+QYQrj79ISL4wfjQIZHuFGjC7BNb5HW2
uRdGnCqXKWYKC10AYSX8c8vYyvy38K5j/pn148tw4uavbufNpS1ICK2nJYmzxSBZ
7p+oym+D1Z8Cyyiga9SQYG9rdwcSohywxLsSyEkQ8ZaQdPDiU/LW2BDhpGbB9MMt
PY4wuXZeUSaKkr8EK37vePsSwAaeZ/7zJH5t31/xjUOzi0TuGaTjI3AcjjWKmd8I
qOODddZ1PfjPgXiz/WKvXjKx0Sni+AIm0o2dbdIEdlDkw0+a5O1XkIQzESRrYnlZ
oFCHxxMRgd3thXKgcFjAZU0mRoIuc8T6TYC5vzPGmNF7ddsSwbk=
=zXlX
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55f29eb3-5086-3db9-8f4c-a4220b0cc628%40qubes-os.org.

[qubes-users] Ghost in menu

['Andrzej Andrzej' via qubes-users]

Recently, I created a virtual machine called sys-firewall-raspberrypi-2 through 
the graphical wizard of virtual machines, then removed it with the qvm-remove 
sys-firewall-raspberrypi-2  command in the terminal. After deleting, there is 
something like this in the menu despite the fact that the qvm-ls command no 
longer displays this virtual machine.

https://imgur.com/a/VKEoUqm

Any idea why it is here?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1791865303.304810.1568715945575%40ichabod.co-bxl.