Re: [qubes-users] Re: disable seamless mode Windows 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-30 22:38, Andrew David Wong wrote: > On 2016-06-30 18:12, raahe...@gmail.com wrote: >> you run a windows template? I've only run win 7 in hvm. > > > There's actually a newish category of VMs in Qubes called HVM > Templates, and that's what Windows templates are. So, they're > still HVMs. But instead of being standalone, they're templates. :) > Take a look at the documentation here, if you're interested: https://www.qubes-os.org/doc/windows-appvms/#tocAnchor-1-1-5 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXdgJOAAoJENtN07w5UDAwau8P/1JM0hTyiuZ35wEH+bAnbDMZ zwGgIi4oDY6T1zCyijKkLbH5emfmL7uis2ZTGfyLUt6LeVCEezD3wmujQtZ/lUDM EdFmoKK8HW8sRgD/zg6XLrpwryeqOxrHg6reCbkmF5HGpwsi1PskhrDcsYpIoPsP P7Stv/800ASpV+DUSslHV8JrIuuLpstezamgYBegaJKH39LFvGVJWyBNOcur7YEd WuFzo1ThjVwKNMfxNVf0osre/xFk/4klQoqFSGorgr19sJ+F8k2hMAAVYJ037n1V EcyjuMsybspMboollMW5cW5D/F+whz6C8QHJvxb65DzGr7UlpZi5sfLF+7Ba+H9+ IszlBq4XReMts8+RV3VKmHCPYyXJrpMeTdkio+28Qo4OTg/v38qhzZjNrOK1isme HQyzszORUSpuJyI1dXSm4BoXs3dodDTxubBv6/KGctt+9k4T1NKjsIW+tan8ATOe yTAygdy2BfjDp0RRU1QMvItqQlOh/TXL+SuPnqXHLIgmm+Zt8jVp9HCws7hCCEhX AuM1hHHEd4sQQpogtHAvZPqV9pTo6yLRNT4KEbDKR6jXjFVCfB0EuB0/4dzef2FO awBJ9EyjOGukQn8ADeoR+eY1tVfVl4S0eKOeEgm9JvSPTYWG96id568pPnPQV/dq 2TDm9LR9W7iXFkJ9Qu+d =iJeB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83e87ca9-b2a1-18c2-e024-50686ef81e27%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Split GPG and ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-30 01:10, Eva Star wrote: > I do not know what is under the hood at split gpg, but seems it's > simple gpg-agent. If it so, that seems it's very easy to add > support for ssh keys. All what is need is already developed: > http://superuser.com/questions/360507/are-gpg-and-ssh-keys- > interchangable > > Need only do add this to SplitGPG :) > But the answers to that question indicate that GPG and SSH keys are *not* easily interchangeable. Am I missing something? P.S. - Please avoid top posting. > >> No, Split GPG does not support SSH keys. However, we have a >> ticket to track a "Split SSH" feature: >> >> https://github.com/QubesOS/qubes-issues/issues/1962 >> >> We're hoping a developer from the community will pursue this. >> - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXdfXvAAoJENtN07w5UDAw2RkQAJUo/N6cpB/DQ2inLo39zI1b ahxR4+Nt9Vo/KFzw+bdnGfDB0Fj4Rjn5pelBlSH08giH9twYnj6ptPi3WfF8vXut 5t+X4mdml5Z43ymNAUmfmCGn8JfZyKnBpk3iKHGK4SdVl5LBO4ft0Ct2YcoD9hPT ZHHUi2lGg2UP7qe1rwR+c5ZixYs7YS15JooCB6cGHlq19w67Ibc/5tQGLE6x9vIY xrFgZrRbi5x5Gwy+h7CnmQw++OwknjOE3ofSnNuWyC1PyIWcWeV2y05Qr757O1cm H8VnAo29lKKhLc9qmI6BsVSDyX1fXvirQiqHYy5Az4/L0HQVR4NJYiZUfIbIRI0i XiTwE2ORnjO8icWzhBF1ZRiIsckApO9Ula771AZlxqcd0cFOnqFiFBON86kDbBq1 K4cekzfRK2fqT3amEX+IqeYqG6w8Vgxj35q5U19RmyHU75o6tgqSucOf8lg/fKG2 /OcjCYYtWnHz16tkRn9HKE90rVOPik3IWx3UmmRGkFRp+oaBPpCvgQUzz1YyFOFY 6Pu8QYmT9Ni7vguK7kFpKhOh71R+3NAQ8RMDZTS6CJ626cRclJuwIFptStpCPOPf 6Fz50WLB3ljOFN083KI4iPx8JB/9SvKV+WpHjiclEFy6BPje6GPGVCz40sllwpS0 jd2nqxaaS0TlRYvDd8sI =77J9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ec7fb9f-10a7-2fc1-2c39-790e196b2106%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: disable seamless mode Windows 7
On Friday, 1 July 2016 11:55:47 UTC+10, raah...@gmail.com wrote: > > didn't even know you could do that with win 7. Once you install the tools, it's got the user directory on the private.img drive. So you have the base system, and then the portable apps on each private.img. If you don't move the profiles, then that's fine too, but it will be a little more difficult with a few issues arising. This is why I recommended a sandboxing thing added into the tools, for installing of new applications to be sandboxed installations into the private.img. Thus no drive C files are changed, everything remains on private.img so it isn't lost on shutdown/reboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b160facc-dc0a-43cc-acfa-c3ad91231361%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [3.2rc1] Bug: Windows disappear, VMs go from green to yellow
On 06/30/2016 09:56 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 30, 2016 at 09:35:59PM -0400, Chris Laprise wrote: The gui daemon connection for debian 8 VMs is disappearing in two different scenarios: 1. When starting the VM, the status goes from yellow to green then back to yellow within about 3 seconds. 2. When exiting the vlc player, all windows for that vm will disappear. I can recover from this state by using qvm-run or QM to run something in the vm. Then the gui connection is restored and the vm's windows reappear. This guid.log error is found after the state changes to yellow: invalid PMaxSize for 0x54001ce (0/0) invalid PResizeInc for 0x54001ce (0/0) invalid PBaseSize for 0x54001ce (0/0) ErrorHandler: BadWindow (invalid Window parameter) Major opcode: 4 (X_DestroyWindow) ResourceID: 0x54001cf Failed serial number: 105463 Current serial number: 105465 I can always reproduce the error with vlc. When starting vms, the error occurs about 40% of the time. Already fixed in testing repo. https://github.com/QubesOS/qubes-issues/issues/2085 Thank you :)) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4ac4744-c86f-78ed-c6e1-01c27662bbb0%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Networking
On Friday, 1 July 2016 12:03:24 UTC+10, Chris Laprise wrote: > > HVM drivers do have throughput issues... > https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/ > Do you have anything that is remotely current? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7946652b-5f07-44a9-97ac-498ebee8283f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Networking
On 06/30/2016 09:50 PM, Drew White wrote: On Friday, 1 July 2016 11:42:05 UTC+10, Chris Laprise wrote: That's just a description of the emulated adapter. No, it's the physical speed of throughput of data actually. I'm not talking about a descriptor, I'm talking about the actual speed. HVM drivers do have throughput issues... https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/ Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dcdc6701-26c1-2393-1e25-138eaa4fe502%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: disable seamless mode Windows 7
On Thursday, June 30, 2016 at 9:27:15 PM UTC-4, Drew White wrote: > On Friday, 1 July 2016 11:12:23 UTC+10, raah...@gmail.com wrote:you run a > windows template? I've only run win 7 in hvm. > > if you read what I said... > > "I have 4 virtuals that run off the 1 Windows template, and all work fine." > > That means I have 4 virtuals, and they alll run using the one parent > template, just like using Fedora or Debian AppVM that is NOT standalone. didn't even know you could do that with win 7. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a595bd09-2d2e-4838-a1db-461c92a64e99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Networking
On 06/30/2016 09:37 PM, Drew White wrote: Hi folks, Just wondering why my Win7 has only 100 Mbit networking instead of Gigabit? Is there any way to make it gigabit in the vm? When I only have 1 or 2 VMs running, to use only 100 Mbit out of a 1000 Mbit NIC is just wasteful. Please help. Thanks in advance. -- That's just a description of the emulated adapter. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed53eee5-8b01-da95-33b5-b71165b7eaa0%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] [3.2rc1] Bug: Windows disappear, VMs go from green to yellow
The gui daemon connection for debian 8 VMs is disappearing in two different scenarios: 1. When starting the VM, the status goes from yellow to green then back to yellow within about 3 seconds. 2. When exiting the vlc player, all windows for that vm will disappear. I can recover from this state by using qvm-run or QM to run something in the vm. Then the gui connection is restored and the vm's windows reappear. This guid.log error is found after the state changes to yellow: invalid PMaxSize for 0x54001ce (0/0) invalid PResizeInc for 0x54001ce (0/0) invalid PBaseSize for 0x54001ce (0/0) ErrorHandler: BadWindow (invalid Window parameter) Major opcode: 4 (X_DestroyWindow) ResourceID: 0x54001cf Failed serial number: 105463 Current serial number: 105465 I can always reproduce the error with vlc. When starting vms, the error occurs about 40% of the time. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d82c223b-bcd7-b1a7-adcb-8448377f089f%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] p70 rebrand $2k+ cheeper
for those holding out for a p70 the ws72 is well worth a long look https://www.msi.com/Workstation/WS72-6QJ.html i think its the same laptop ecept max 32gb ram, has tpm vt-x, vt-d (hard to find but aparently yes), im not sure what to google for further to find out for qubes comatability -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9217d13-8be3-48f3-9cc8-289557b10cb5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about Xen sandbox escape from Oct 2015
On Thursday, June 30, 2016 at 5:48:17 PM UTC-4, danmich...@gmail.com wrote: > Wow... so the ISO doesn't get patched...? Wow... > > Surely there should be a BIG warning on the Qubes downloads page... saying, > WARNING! Xen in QUBES 3.0 allows full sandbox escape..! Update your software > IMMEDIATELY after downloading, before doing anything else...!! > > It really surprises me that there isn't such a big warning, given the > severity of this Xen bug... Wow... I think people concerned about their security know to update before doing anything else. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/78f0edee-4d90-4f43-a897-c0ca1a1d37ea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Linux-libre in dom0
On Thursday, June 30, 2016 at 8:49:16 PM UTC-4, Duncan Guthrie wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 01/07/16 00:03, Marek Marczykowski-Górecki wrote: > > On Thu, Jun 30, 2016 at 10:57:42PM +0100, Duncan Guthrie wrote: > >> Dear Qubes Users, I have been using Qubes OS for a couple of days > >> now. I own a Lenovo Thinkpad X200 and everything works fine, > >> including WiFi. However, I am concerned about this, because my > >> X200 has an Intel WiFi chipset, which I know uses proprietary > >> firmware. I am concerned about this because the firmware could be > >> malicious, so I think this is quite bad from a security > >> perspective. The more proprietary software, the worse security > >> you have, as has been shown many times. Since the hardware is > >> secret, it is possible that the WiFi chipset could be used to do > >> malicious actions without any way to tell. I am especially > >> concerned about the firmware being in dom0, which has access to > >> the hardware. > > > > WiFi card is assigned to NetVM and have no access to dom0. So even > > if its firmware is malicious, it shouldn't be a big problem. It may > > at most mess with your network traffic - which should be encrypted > > anyway for anything sensitive. > > > > In practice the only firmware still needed in dom0, is the one for > > GPU (if applicable). > > > I think this is a good idea in general, whether the firmware is free > software or proprietary software. However, there are certain wireless > chipsets (made by Atheros corporation) which work without a > proprietary firmware blob for WiFi, but don't for Bluetooth, so even > if they largely work without the proprietary program, the operating > system still loads some proprietary program not needed (most people > don't use Bluetooth at any rate). I own such a chipset on my desktop > computer; Debian works without any proprietary software at all, while > Tails loads firmware for the Bluetooth. What is the answer to this, do > you make exceptions for firmware only for wireless cards and GPUs? Or > do you just allow them all through. > > Another thing I have read is that Linux-libre's deblob scripts don't > just get rid of firmware that is proprietary, it removes all binary > files disguised as source files (e.g. some binary file named > "something.h") and "obfuscated" driver sources (I believe that the 2D > nv driver has been accused of this). Would you consider at least > adapting the deblob scripts from Linux-libre to work for your kernel > to only allow select firmware through, for the most common computers? > Another option, like Debian (and, if I recall, Ubuntu to some extent, > although I have never installed Ubuntu), which I think would be even > better is to have a completely free kernel by default, then a separate > repository for firmware, which can be enabled in the installation > process. It would probably be considerably simpler than adapting the > deblob scripts to be quite selective, too. It wouldn't make Qubes > compliant with the Free Software Foundation's "Free Software > Distribution Guidelines", but I think that from a security perspective > it is better than including the proprietary 'blobs' by default, and is > a balance between usability of obscure hardware and security of dom0 > (it never hurts). What do you think of this proposal? > > - > Thanks for your reply, it was really helpful for allowing me to > understand more about your security policies. > > D. > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJXdb3qAAoJEPs8tiiQ8FTAf4wQALdWB123VGv9OdisLfI2OQda > 6r6IyVWPny+shAuoxfiui+0HmkHZB8CMaAleLGmyOo+iWT8jBiTbqV8qMTfWO9kL > My1TUuvEB12s7RGecqKxRlz5ij1cmnpbCg2yXM1qfEpFLYtw9d9agw4fEiSOCokY > aF7nuPeLXZjp91mSaTRRV/U4JXd09XFU1/dULNUv+0Pmr7uT+8ZhlLdGHaRoN2SV > +AmgVQdtnRoIsJWRrEeT9CG6KS5Z7+JmGNcOfVIW9CSa2WFG+JFbiJEyfo26IciP > ofAMzqapBWZwzlxJ6pNriGgacYeyHKMJwBK34RCebuyrpreLU5QutxZ3avO9yoHh > JUqNdffcwlL43noZ89i9SIV+wYcB9Nj9PvUjPzCuxXMfFHkaNJ4cI17N/mLZzKXc > 0SCKn5DAFjOz2wBQ/M4KTYoBfPbj0HWkBlbNdHNYzIutfMWG5NbMkIbph46tjWkF > yThTSZZoCLChhZ0OAnEc7vNLCcwCVArXo6P0L+FDdAMDTVLxk8CaFOuhIWFQXnG1 > Q20K3sTlTh2pPjf2bvEXNlFOBQ2H7tHV4YVyyoqsEsFyr3aq4KiEUcffhWma6Y8H > 5XT405xg80/17L2sHYJciE+k6U9C1tpJe2BYYnOWrId3E72gL+AGpnB3h9J/6s/g > tvxD9xDk5VSpnb13dnJb > =WZ6b > -END PGP SIGNATURE- I think what Marek is saying is that from a security standpoint it doesn't really matter because the netcard is isolated even at the hardware level with iommu supported system. And if it messes with your network traffic you should be using encryption, https or tor etc.. I think the reason they are not adopting such kernel is cause qubes is trying to get more users and hardware compatibility is the biggest hurdle and turn off to people. Its still new type of os and people are hesitant. Also most people use laptops and wouldn't be as willing to buy an external usb network card for qubes.Which might also be troublesome in
Re: [qubes-users] Linux-libre in dom0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 30, 2016 at 10:57:42PM +0100, Duncan Guthrie wrote: > Dear Qubes Users, > I have been using Qubes OS for a couple of days now. I own a Lenovo > Thinkpad X200 and everything works fine, including WiFi. > However, I am concerned about this, because my X200 has an Intel WiFi > chipset, which I know uses proprietary firmware. I am concerned about > this because the firmware could be malicious, so I think this is quite > bad from a security perspective. The more proprietary software, the > worse security you have, as has been shown many times. Since the > hardware is secret, it is possible that the WiFi chipset could be used > to do malicious actions without any way to tell. I am especially > concerned about the firmware being in dom0, which has access to the > hardware. WiFi card is assigned to NetVM and have no access to dom0. So even if its firmware is malicious, it shouldn't be a big problem. It may at most mess with your network traffic - which should be encrypted anyway for anything sensitive. In practice the only firmware still needed in dom0, is the one for GPU (if applicable). > For many months I used Trisquel GNU/Linux, which 'deblobs' the kernel > with the scripts from the Linux-libre project, endorsed by the Free > Software Foundation. WiFi does not work but I have an external dongle > and at any rate ethernet is often faster. Other than that, everything > else works flawlessly. > Therefore my question is, for a security-orientated OS, what is the > position on the proprietary firmware software? > At the very least, I would like to install Linux-libre in Qubes dom0. > The Free Software Foundation of Latin America (FSFLA) offer the > freed-ora repositories for Fedora, which removes proprietary firmware > packages and installs the upstream kernel (as far as I can tell; I used > it in normal Fedora and it works fine) and free firmware programs. > As a more permanent workaround, will Qubes offer Linux-libre by default? > I think it is best not to include the firmwares at all but maybe that > will be for further in the future. Generally your are right. But in practice it would mean even more constrained hardware requirements for running Qubes OS. So, until we implement GUI domain (which will remove the last firmware-needing devices from dom0), moving to proprietary firmware-free linux distro in dom0 isn't an option. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXdaVZAAoJENuP0xzK19cs8sYH/i0iSLXPCVWWu9pVOmh/CMwe YT60yKKQ6mBEl1ENT+5iP52XTgHlSYJd4ocAnMpYnT4+n1bNS+lhM0upg6chgc8M QWsVHC3E/V41banBIwn0JBUriKLT6LgnYqCXaAT8LNF+bPWlk7lsRkOxpH3UzQWH ofY8HoWv6MDoNfvEjrge9j0d5nKxRwkF7g0EpHu46czAg72M1jTDMU1jdrtztJGo cxplHCn9ZunO6I5jgArsdWvsQA0/1ilzZRkIyjXODvSmRhTv1GjcQVnXmZLt11a9 knCI6PXU5WVYcIRtVruHchrr7Z0/DovgcpHZK4FG7yzX8jAThw/8U6wo8vxqo6o= =3jtI -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160630230351.GN1323%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Linux-libre in dom0
Dear Qubes Users, I have been using Qubes OS for a couple of days now. I own a Lenovo Thinkpad X200 and everything works fine, including WiFi. However, I am concerned about this, because my X200 has an Intel WiFi chipset, which I know uses proprietary firmware. I am concerned about this because the firmware could be malicious, so I think this is quite bad from a security perspective. The more proprietary software, the worse security you have, as has been shown many times. Since the hardware is secret, it is possible that the WiFi chipset could be used to do malicious actions without any way to tell. I am especially concerned about the firmware being in dom0, which has access to the hardware. For many months I used Trisquel GNU/Linux, which 'deblobs' the kernel with the scripts from the Linux-libre project, endorsed by the Free Software Foundation. WiFi does not work but I have an external dongle and at any rate ethernet is often faster. Other than that, everything else works flawlessly. Therefore my question is, for a security-orientated OS, what is the position on the proprietary firmware software? At the very least, I would like to install Linux-libre in Qubes dom0. The Free Software Foundation of Latin America (FSFLA) offer the freed-ora repositories for Fedora, which removes proprietary firmware packages and installs the upstream kernel (as far as I can tell; I used it in normal Fedora and it works fine) and free firmware programs. As a more permanent workaround, will Qubes offer Linux-libre by default? I think it is best not to include the firmwares at all but maybe that will be for further in the future. Thanks, D. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8496515-e58f-4219-b42e-b4ef9ea4e43a%40posteo.net. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once
Preamble Qubes OS offers an option to restrict network traffic within a VM to a specific address/domain/website which is a very useful feature as it allows the user to control networking within VMs. Issue However if the user wants to be 100% sure only the dedicated VM can access a specific web resource, they need not only to allow the dedicated VM access to a said resource, they also need to deny access to said resource for every other VM they use. As the number of VMs grow larger this task will get more and more mundane. Suggestion Allow users to apply firewall rules to several VMs at once. This mechanism could be implemented either in Qubes Manager GUI or as a separate GUI application. Sample options Make exclusive - allowing access to a specific resource automatically denies access to said resource for all other VMs except for the system VMs Apply to all - allowing access to a specific resource grants all other VMs access to said resource Apply to selected - additional checkbox would appear in QM allowing the user to select VMs to which the rule would apply Apply to all from the same TemplateVM - self-explanatory I believe such a feature would greatly improve the efficiency as well as minimize the risk of user error. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82e6a0cd-598a-40b2-9120-134dc680564d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Q wipe files
Hello, Q security policy don't protect against app-exploits, but give the tools to protect your data. Protect data, but not apps! It's very clever! If, I move a file from VM1_green to VM2_green, the the filemanger and the move-to-VM command. https://www.qubes-os.org/doc/copying-files/ Than later VM1 gets compromised in some way. So I must be sure that the old file(copy) was wiped. How Qubes wipes files, so that the secure copy and paste security mechanism will work, if the security-sensitive user will take this manual action, to protect his/her data? I assume, if I delete a file, it will work in the same safe way... Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/34fe1ac8-17a6-41c8-bcca-d8719d0c808b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Manager issues
> > I have the problem that the Manager "vanishes" when I switch sessions > (i.e. from KDE to i3) and I cannot start it or recently I tried to close > and reopen it and it wouldn't reopen. > > A ps aux in dom0 showed that the process was still running, so killing it > let me restart the Manager. > > > Yes, I know you said that the "ps aux" said it was running, I'm just asking in the way I asked to find out if it was doable in your position when it is actually running but changing WM to see if it can be brought to the current screen or not, and thus used because it's running. Because mine, when I kill it, I then can't start it unless I run it from command line. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/266caef9-e9ab-4db8-aade-f17b80869497%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Manager issues
On Thursday, 30 June 2016 20:57:22 UTC+10, Chris Laprise wrote: > > About how long had it been running when you saw it at 597 MB? > Hi chris, Well, not very long at all. Maybe 48 hours. Normally I don't turn my machine off ever, and I never normally have to reboot it unless I'm making a huge change, that's the power of linux. I know I'll have my manager finished shortly, since I saw what was happening and was told about the memory leak, I figured I'd make a replacement tonight, just a temporary one until the current manager is fixed. At the moment, my temporary one does only 70% of the things. But sits at 7 MB RAM and 21 MB shared RAM. and I've had it running on the laptop here, normally after running a backup OR restore of a guest, the qubes-manager is at 59 MB RAM and 29+ Shared RAM. So there is definitely a leak somewhere in the coding, and I believe it's in the scripting. There are still all the image errors too. every time a form loads or displays or the image is loaded or displayed, it has the error. In Fedora I'm getting Gs-WARNING **: ... errors, so I need to go investigate that now. Guess I won't have the temporary replacement finished tonight after all.. What a shame... Anywho... Niels, You switch sessions, do you stop the manager and exit it before you switch? Or do you log out and then back in to a different WM? When you are in i3 WM can you do CTRL+ESC / System Activity, and see if it's running? If it is, right click and "Show Application Window". See if it appears. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2bd54a34-8df2-49f2-9277-dfa83ce185a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Swiching Japanese input
Thank you very much. Now I can type Japanese^^ i appreciate. 2016年6月30日木曜日 17時36分06秒 UTC+9 yoo inn: > > hello. > > I have question about using Japanese input. > I'm beginner and my English is poor. I'm sorry about this. > Could somebody help me out please. > > I'm Japanese I would like to use Japanese input such as > personal , work, and when I'm connecting tor network. I mean everywhere. > > I installed "ibus" which is Japanese input at fedora 23 template and > devian8 template. > I read YouTube tutorial so I understand. to install "personal" or "work" > that next time it gone. > so I installed fedora 23 template and devian8 template. > after that I start "personal" and "work". but I couldn't switch Japanese > input. > > I can Japanese input and switch English to Japanese in fedora23 terminal > window. > > Will you please teach me how to manage this. > Thank you. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab0e474d-bda2-4bff-8148-75eac118f5c9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Manager issues
> > On June 30, 2016 at 6:50 AM Andrew David Wongwrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-06-29 19:12, Drew White wrote: > > > > > > Hi folks, > > > > I've just had Qubes Manager go haywire on me. Freezes up because > > it's using 597 MB RAM with 38 MB shared. That's just rhediculous. > > > > I had to kill the process to get out of it. And as usual, it won't > > start again and I have to reboot the system. > > > > I don't see how it could be nearly 600 MB RAM just for one > > application like that. > > > > Just thought I should let you know the issue. If it used less RAM, > > then Dom0 would not require more than 1 GB RAM. But one would give > > it 2GB just to be on the safe side. > > > > If anyone else is having this issue, or knows how to resolve this > > bug, please let me know. I've complained about Qubes Manager not > > starting before, but got no resolution then, so now I'm putting it > > here where it's the issue, not something else that caused it, > > because it's not something else that caused it to be almost 600 MB > > in RAM. > > > > > > Qubes Manager leaks memory, which is a known issue: > > https://github.com/QubesOS/qubes-issues/issues/860 > > The current workaround is to restart it occasionally. > > Now, if you cannot restart Qubes Manager, then that workaround > obviously will not work for you. However, in order to create an issue > for Qubes Manager not restarting, we need more information. > I have the problem that the Manager "vanishes" when I switch sessions (i.e. from KDE to i3) and I cannot start it or recently I tried to close and reopen it and it wouldn't reopen. A ps aux in dom0 showed that the process was still running, so killing it let me restart the Manager. Niels -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/891482407.6680.1467285327416%40office.mailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: BUG. Qubes Windows Tool Win7 under XFCE and Seamless mode window freeze
It's Windows7 that installeted as TemplateHVM -> HWM that share template. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85a62895-2fb0-4226-b0c4-088904bdf4c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Manager issues
On 06/29/2016 10:12 PM, Drew White wrote: Hi folks, I've just had Qubes Manager go haywire on me. Freezes up because it's using 597 MB RAM with 38 MB shared. That's just rhediculous. I had to kill the process to get out of it. And as usual, it won't start again and I have to reboot the system. I don't see how it could be nearly 600 MB RAM just for one application like that. Just thought I should let you know the issue. If it used less RAM, then Dom0 would not require more than 1 GB RAM. But one would give it 2GB just to be on the safe side. If anyone else is having this issue, or knows how to resolve this bug, please let me know. I've complained about Qubes Manager not starting before, but got no resolution then, so now I'm putting it here where it's the issue, not something else that caused it, because it's not something else that caused it to be almost 600 MB in RAM. -- Drew, About how long had it been running when you saw it at 597 MB? Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5f19b28-7218-00a5-da08-6b262fe9d1d4%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: BUG. Qubes Windows Tool Win7 under XFCE and Seamless mode window freeze
On Thursday, 30 June 2016 18:48:12 UTC+10, Eva Star wrote: > > Mouse "back" button 100% freeze open window of Window Explorer (file > explorer). Does not tested on other apps. > Does it work in Qubes 2 and NOT freeze? What about 3.0 and 3.1? Just asking, because I noticed issues in certain versions with certain things. things that I know are bugs with the mouse and actions. there are so many, it's easier if you just let me know those details and I can reply with resolution if there is one that I already found. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee23b719-cb7c-4fc9-a9c0-622bbcee5d31%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Swiching Japanese input
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jun 30, 2016 at 01:36:06AM -0700, yoo inn wrote: > hello. > > I have question about using Japanese input. > I'm beginner and my English is poor. I'm sorry about this. > Could somebody help me out please. > > I'm Japanese I would like to use Japanese input such as > personal , work, and when I'm connecting tor network. I mean everywhere. > > I installed "ibus" which is Japanese input at fedora 23 template and > devian8 template. > I read YouTube tutorial so I understand. to install "personal" or "work" > that next time it gone. > so I installed fedora 23 template and devian8 template. > after that I start "personal" and "work". but I couldn't switch Japanese > input. > > I can Japanese input and switch English to Japanese in fedora23 terminal > window. Take a look here: https://www.qubes-os.org/doc/language-localization/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXdOT9AAoJENuP0xzK19cspeQH/3JyiaiV53bClsIwWn5J57e9 9NaOx22IDniqRGpkspXjiqljrm+AsXfCeu2JtdtCu+y/ONTFRweLlsiaVvBW02sO 2/tSlMHBnyTylXPezEe5zm6HZJ9wO5auY4v8TYoLBKlyBki+t76TVbs0QODIYkVf QIeqzBSjdlNKv9PV1SG7tTNOihY9VScxyqjgfyXNGSwIcwojEQqMDRy4741QVArg UIrO/3McJx1Dgf42Eicax6FScIy5D60oAwucU4aVHapFdYM6GHYD9LylaQ4CYrwM ep4kypQ0XRk+VqMAbt3vl7wEh7KIDruhJo/FwUAD4tPESPHYgOf4z77zwJxKf6I= =YH44 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160630092309.GH1323%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about Xen sandbox escape from Oct 2015
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 29, 2016 at 10:29:31PM -0700, danmichaels8...@gmail.com wrote: > OK > > Version: 4.4.3 > Release: 11.fc20 > > So I am OK. > > Does QUBES 3.0 come with the patched version though... Have the devs updated > the ISO so that it comes patched..? No, the ISO stays as is from the time of the release. It is always a good idea to install updates just after installation. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXdOKqAAoJENuP0xzK19csKxsH/1m9I5wfs3AcpynrzY7Mlez0 XtOw833+wqeYnXIDOq0B/7cwlyq6CpLYTGmfSq5xF1H+p5PctwuKL7tlBY/Bskga Zt98EuWF58+TnWJg6POJZQBQ/SlnWf98xB4PPz9XQ9tGvom7SFxlO5jKJkDQwzgT Cn/ipnl0yv9u39/CCZKmzCAq4wlNnebbX3tDMoL4ZorKmkUUKIWFtFBuTqwjhGl/ FXE6U+jOxj7QpFXIePlMo6TuRaWaadbSTJt1r2MXZsRkm0GcqARWUygRay0YIJWf nMIFBhXRh2T4InPUZr9dg4q74xlzeHVQ2U/3BRJPz+APW++5PuNkg2WOEHWlsQw= =heue -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160630091314.GF1323%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: BUG. Qubes Windows Tool Win7 under XFCE and Seamless mode window freeze
Mouse "back" button 100% freeze open window of Window Explorer (file explorer). Does not tested on other apps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07e03d1e-373a-4a42-bc54-4c3408913603%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Swiching Japanese input
hello. I have question about using Japanese input. I'm beginner and my English is poor. I'm sorry about this. Could somebody help me out please. I'm Japanese I would like to use Japanese input such as personal , work, and when I'm connecting tor network. I mean everywhere. I installed "ibus" which is Japanese input at fedora 23 template and devian8 template. I read YouTube tutorial so I understand. to install "personal" or "work" that next time it gone. so I installed fedora 23 template and devian8 template. after that I start "personal" and "work". but I couldn't switch Japanese input. I can Japanese input and switch English to Japanese in fedora23 terminal window. Will you please teach me how to manage this. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0030a6b-9153-4e3b-af06-014bd27ba01f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2 DVD fails.
On 06/30/2016 02:29 AM, Drew White wrote: > Recently I downloaded the 3.2 DVD again as I thought it was a bad > download in the first place, but it seems that it isn't. > > On boot, it fails to Switch Root. there is no > /run/initramfs/rdsosreport.txt to show/upload > > It says "Exit the shell to continue." > > So I "exit", it says "logout", and nothing more happens. Since I used the 3.2-rc1 iso to successfully install the RC, could you please provide more details? I remember you used to actually burn a DVD out of the ISO; are you having problems with that? Could you try with an USB drive (I had success with that)? When in the boot process does it fail? Does the install/test media (grub) menu appear? Is is the EFI one (white text on black screen) or the BIOS one (blue background)? Which installation option did you choose? -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b393cd13-c0bd-09e2-97e1-38f7c6cd9c3d%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Qubes Manager issues
Another issue I can see... When I started the backup, it replicated itself to use ANOTHER X amount of RAM, and then add on the backup processing... This is really confusing from a programming perspective. I can understand the fork, but to fork like that is just... not good... If I had it running at 200 MB RAM, and tried backing up, and it consumed another 200 MB RAM It puts the parent process to sleep even, and just replicates.. I can understand it in regards to the backup, to consume more RAM and then when it's done it destroys itself and frees up that RAM, but when it's only using an extra 1 MB of RAM, and an extra 20 MB shared RAM from the parent process, it isn't really needed. The backup just finished, the Backup VM window is still open, the child process has become the parent. And is now using more RAM that it was before it started, and the Shared RAM is also higher, because the child became the only remaining entity, since it has killed off the old parent. Thus, I think the way it is is back to front. The child should die after notifying the parent of completion, not the other way around. So currently BEFORE the backup, it was using (approximately) 79 Mb, but AFTER the backup, it's using (approximately) 84 Mb. Because the child process became the parent. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dad38071-3f82-4234-81f4-24ff8069a61d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.