Re: [qubes-users] Qubes 4.0 Hardware Requirements

2016-08-29 Thread Drew White
On Saturday, 20 August 2016 04:28:16 UTC+10, Andrew David Wong  wrote:
> I don't know enough about the AMD platform to answer definitively, but if I'm
> interpreting this Twitter exchange correctly, it sounds like you might be 
> right:
> 
> https://twitter.com/QubesOS/status/756041961203785728
> 

So what are the actual requirements for Qubes 4?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c6b1399-a354-4f38-9a8d-545541e392eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Salt InterVM Configuration explorations and pitfalls in 3.2-rc2

2016-08-29 Thread Jeremy Rand
Marek Marczykowski-Górecki:
> On Wed, Aug 17, 2016 at 01:42:36AM -0700, nekroze.law...@gmail.com wrote:
> 
>>> In any case, if you put Fedora-based VM behind sys-whonix, and set it as 
>>> UpdateVM, it should work. 
> 
>> That does indeed seem to fix the problem. Is there a reason why the whonix 
>> setup choice that uses whonix for dom0 updates not also build an update vm 
>> that uses sys-whonix and is based off of fedora?
> 
> Basic actions (install updates, new packages) should work in this setup
> and it save some RAM (no need for additional VM in addition to
> sys-whonix).

Seems to me that an attack could be constructed where the Tor exit used
for update downloads feeds sys-whonix an exploit, and from there is able
to either break out of Tor, or compromise Tor in some way that may
affect other VM's' anonymity.

Granted, this is a fairly lousy attack as attacks go, but isn't the
entire point of Whonix that nothing is supposed to run inside the Whonix
gateway except Tor?

Cheers,
-Jeremy Rand

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d9feec4-a205-dc21-9158-bad70538f8ee%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Re: Unable to install 3.2-rc1 on Thinkpad T450s

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Aug 26, 2016 at 01:27:08PM -0700, pfrenc...@gmail.com wrote:
> On Friday, August 26, 2016 at 11:42:53 AM UTC-7, pfre...@gmail.com wrote:
> > On Sunday, June 26, 2016 at 11:08:35 AM UTC-7, 
> > 41wycb+5v6...@guerrillamail.com wrote:
> > > Hello,
> > > 
> > > I've disabled all support for UEFI in the BIOS, having enabled only 
> > > support to Legacy mode. I've also disabled the secure boot having enabled 
> > > the 'USB UEFI BIOS Support'. 
> > > At this stage I'm able to get the grub splash screen and when I try to 
> > > boot Qubes I get:
> > > 
> > > 'Loading xen.gz ok'
> > > 'Loading vmlinuz ok'
> > > 'Loading initrd.img ...ok'
> > > 
> > > After this the laptop simply reboots and I'm back to square one again.
> > > 
> > > I've even tried to upgrade my BIOS to the latest stable version (1.24) 
> > > but this has produced no improvements.
> > > 
> > > 
> > > Any idea what may cause this? What I'm missing?
> > 
> > Thanks, I was getting this on the thinkpad x260 as well.
> > I'll let you know my results.
> > 
> > PS.  I was very happy with 3.1 on my x260 except for the inability to 
> > suspend, so I tried the upgrade and it wouldn't even boot off USB.
> > 
> > So I pulled the drive, put it in another laptop (Samsung ATIV book 9 plus) 
> > and 3.2 installed and worked.  I updated everything, put the drive back in 
> > the x260 and boot borked.
> 
> Adding:
> mapbs=1
> noexitboot=1
> 
> to xen.cfg
> did not fix the issue.  Suggestions?

Did you put that into the right section - describing the kernel chosen
in `[global]` section?

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXxO1LAAoJENuP0xzK19cs5u0IAJZgGlr+p7mNS9Ri3g/0ePTt
fPMAa1XeJ3m/ES3ZSjDERswvScwDoxKQmV6XjVdzrpp6hDuXg87xegAwYHlxRLWB
ILW0YafdRpaVYTsfnaPvSDC3nVredFjTSzWXISBaiyGDWeWLtzk7TAKyMEAjQf9D
OiMHF/78hvLHeWB0tZ+86fRUEbZKtaqcOXLOwXZdBL+U9OxN2Www25Lqzv9YG+lc
TMryTBCuZaS6T0o/qbNidLjGG1HZlGB21q1cydNpi2EN+paf63eU2P320N21yieM
4Z2f+g+WBCw+D/igGAB/T1xoXJsT5SnLs0bR6csRzg9+XjAMcj/IZvnmEIGSpHg=
=A49D
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160830021955.GS21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Isn't it bad, that compromized vm can create any number of dispVMs?

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Aug 25, 2016 at 12:56:15PM +0200, Alex wrote:
> On 08/25/2016 12:53 PM, Arqwer wrote:
> > Command qvm-run '$dispvm' xterm if called from an appVM will run
> > xterm in a new dispVM. If attacker gained access to an appvm, he
> > possibly can run script, that will create thousands of new dispVMs
> > and freeze my computer. I don't like this. May be it's better to
> > disable this functionality by default?
> > 
> I see your point, but I'd rather appreciate a limit on the number of
> dispVM that can be launched (e.g. per hour/appvm?) before some
> confirmation from dom0 is needed to open any more. This way actual
> functionality is not broken nor reverted, and the denial of service
> scenario is prevented.

In fact the number of DispVMs is already limited - by available RAM.
Further attempts will simply fail.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXxO00AAoJENuP0xzK19csQDQH/i+NEnY4EATTYbqZ7dijrrrV
jyQ/QqOBZtKyhJ24TuLJC6UYyNri5DEvlu6S50O4ubvwzGmA4lsgJl6fDCiwX+VK
4j13CXw21xI5eZfagZZ1ZIHn8Nior2N/K2s+CGZUwhee1urmYlvAAuFSHYMePoFg
akvZgonKCyshTATePglRhkTG0WFS91FZHMAbpZs6DGUZ+jB/ZVgQbTfAJg0A25ya
RiLgoFA3mAPeUFZuCtSgUNXeR/NazmpW7wGx4SY4cUUAmrcB30sq4a/jVXOi9os0
42wJGnomQIS1b2cmnjSYpXNQhkAlrYdegcRmcwMgcSnG2Zs6iDpLppYidP+Li8E=
=f2KL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160830021932.GQ21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anonymizing MAC adress through dvm ?

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Aug 25, 2016 at 02:15:54PM -0700, nishiwak...@gmail.com wrote:
> Hello everyone,
> 
> I was just wondering if you can apply this documentation 
> https://www.qubes-os.org/doc/anonymizing-your-mac-address/ to your disposable 
> VM (like if you like to browse the internet being safe, not saving any data 
> but also preserving your anonymity, in a way like Tails do).
> 
> I tried to apply this on the AppVM-dvm, stopped it, then entered 
> "qvm-create-default-dvm nameoftheTemplateVM-on-which-is-based-the-AppVM" in 
> dom0, so eventually it would save the configuration on the img on which is 
> based the new Disposable VM, but it don't seem to work, my interface ID don't 
> change when I type "/sbin/ifconfig" into the new DispVM.
> 
> I guess the problem comes from the fact the TemplateVM creates a symlink to 
> /etc/systemd/ to load the service, but as you don't have persistence in 
> dispVM, the process fails, but I'm not sure.
> 
> If you have an idea on one could eventually do this, I think it would be a 
> great feature (even if it is already really nice to be able to do so on 
> standard VMs, problem is when you're paranoid you have to trade off in a way 
> between a non anonymous but full secured non persistent model for a more 
> anonymous but less secured one, lol)

In theory it can be probably applied there (apply the instruction in the
template - the same way as for sys-net). But in practice it doesn't give
you much more anonymity. First of all, MAC address of the VM network
interface have no relation to your real hardware. It is always
00:16:3e:5e:6c:XX, where XX is ID of the VM. So it gives information
that you use Qubes OS. And if one can read that MAC address, can also
read a dozen other indicators that you use Qubes OS - like running on
Xen, or /var/lib/qubes directory presence, or simply a hostname
("dispXX").

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXxO0/AAoJENuP0xzK19csBKMH/2EvL7/LNwvSM0peXlNpBTZF
NbfYvZzJcqG2KZoI4NM323CeJxINPCh6aXLo4oN4666VJOY8yGsyYyUAes9dYJwy
EWA6phcPd7D9+yEnOul1ELY5/O4xzmtEKsUo+e9fAcRQddi8Pqhflt2slmBMl4eZ
1Taqb7jVMWf/iGYsLRV7B0WAcoHxRrBmkXvQWn2eyEAg7Al1skFgqp89LMLdd+As
n6301yuL6hVadfgcyuJAt7AjOj+pBLGRe+TAHno2327dvYaWOkNTF0b9pEWC+ti3
KOIJmzF0uFCATyAvpWVwgl5MPOsbeyvLe64sgJ+2zP94EigKCByUXKfTvrdHZYA=
=nT2K
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160830021943.GR21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes OS installation freezes at installing bootloader?!

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Aug 18, 2016 at 11:22:55PM -0700, Darko Vuković wrote:
> Hi there,
> 
> does anyone have any idea on how to continue after thin problem?
> 
> somewhere in the middle of the installation process screen freezes exactly at 
> the moment where installer says "installing bootloader". Every time!
> 
> If anyone have some solution to this, please share!

UEFI or legacy mode? In any case, try the other one.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXxO0MAAoJENuP0xzK19csjacH/3IAsq0yw+aQ3rQklvETiBmP
yNFSumxg7Ivxqd+OTkt6atsnIEIkSrPqnQ6TZETHzTtj2ZrV+b7+/lBAY5UKO4Y+
nHurYAnrTfcCdikVyNDOWcj5YnIuxKwxxlPazwOHheaFBJIYSDK6LpF/CDNl4zfE
vEj425pl3nl2GZ7DrGsepYhNMEw48G7USAqYnshtudSk7Nu5M4hzcuRhMXVK93uS
c4ynVZcQ4PTE/001+ki6EVziC+tb58Q6XHLEiAjWL6w94K7qWMNGQqfwTQHTzkdc
fhCqFd25JteC51iLCAHvXWwsuSDxcVwztf9V+RvRMTsQnuqkiRFfmc6AozuTGbg=
=/1w1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160830021852.GM21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] grub2-mkconfig not found

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Aug 14, 2016 at 06:14:12PM -0700, zackp...@gmail.com wrote:
> On Saturday, August 13, 2016 at 5:45:58 PM UTC-4, Marek Marczykowski-Górecki 
> wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Sat, Aug 13, 2016 at 06:53:20AM -0700, zackp...@gmail.com wrote:
> > > On Saturday, August 13, 2016 at 6:14:44 AM UTC-4, Marek 
> > > Marczykowski-Górecki wrote:
> > > > -BEGIN PGP SIGNED MESSAGE-
> > > > Hash: SHA256
> > > > 
> > > > On Sat, Aug 13, 2016 at 03:11:57AM -0700, Andrew David Wong wrote:
> > > > > On 2016-08-12 20:57, zackp...@gmail.com wrote:
> > > > > > Hi all, I'm a new qubes user and have been following the guides to 
> > > > > > get
> > > > > > trim enabled for the dom0. Everything seems to have gone smoothly 
> > > > > > until the
> > > > > > grub steps. I can't find a grub.cfg file anywhere. The only 
> > > > > > abnormality to
> > > > > > my installation is that it's UEFI. So the closest thing I did find 
> > > > > > to this
> > > > > > was /boot/efi/EFI/qubes/xen.cfg which had the kernel line 
> > > > > > referenced in the
> > > > > > trim guide. However, when I attempt to run grub2-mkconfig -o 
> > > > > > /boot/efi/EFI/qubes/xen.cfg I get "grub2-mkconfig: command not 
> > > > > > found" All 
> > > > > > that is present in the /boot/grub2 folder is a themes folder. I am 
> > > > > > using
> > > > > > the main dom0 terminal for all of this.
> > > > > > 
> > > > > > Considering that everything boots fine, I'm hesitant to reinstall 
> > > > > > grub2 (I 
> > > > > > assume it would need to be grub2-efi in this case). Any clue as to 
> > > > > > what's 
> > > > > > going on? Thanks
> > > > > > 
> > > > > 
> > > > > I think grub2-mkconfig is not found because you're using UEFI rather 
> > > > > than
> > > > > legacy boot. Are you getting your instructions from here?
> > > > > 
> > > > > https://www.qubes-os.org/doc/disk-trim/
> > > > > 
> > > > > I think these instructions were written with legacy boot in mind. I'm 
> > > > > not sure
> > > > > how to enable TRIM on UEFI (CCing Marek).
> > > > 
> > > > Yes, on UEFI install /boot/efi/EFI/qubes/xen.cfg is the right file - you
> > > > need to edit it directly.
> > > > 
> > > > - -- 
> > > > Best Regards,
> > > > Marek Marczykowski-Górecki
> > > > Invisible Things Lab
> > > > A: Because it messes up the order in which people normally read text.
> > > > Q: Why is top-posting such a bad thing?
> > > > -BEGIN PGP SIGNATURE-
> > > > Version: GnuPG v2
> > > > 
> > > > iQEcBAEBCAAGBQJXrvMNAAoJENuP0xzK19csfqQH/0/P4FV8W2/pZhWaCeXfseqj
> > > > fw79GDTa5/ExjxSg4eehHDhHHVgG3kaeb0HafPvVnHS/DJuHzCG1Xrs1vyZJlPID
> > > > oCrH4FaaYQ2Che4L4D/Koh5lNEdEakKOrF7ILbTRN5u8Q4xvdM9KQ/paacCYkCDJ
> > > > YlYKELzyOZ1wkUvwttPynTANdrMlY797BHkHYHv2TbaMBTjw4EYmIs+VM9MRIWIv
> > > > Lis1hZn97y1z3ZIQglrQRCDLAmoNJPBsXRdMHjNyA5EeKQPX+fNxsE3/HIoqrIi3
> > > > 3DHYzKIS/UBDFHOJXj7I3pK311fS1IcUlrbRCXJYCM0gF5A5EkWKxIj0ghV0YTI=
> > > > =uhvX
> > > > -END PGP SIGNATURE-
> > > 
> > > So I'm editing the right file, that's all and good. Here's what I've done 
> > > so far: 
> > > 
> > > #Find UUID of ssd
> > > ls /dev/mapper/luks-*
> > > #Set trim in crypttab
> > > sudo nano /etc/crypttab
> > > #Add "allow-discards" at end of entry for ssd with matching UUID
> > > #Set trim in fstab
> > > sudo nano /etc/fstab
> > > #Add "discard" after other flags (like "default") for everything but swap
> > > sudo nano /etc/lvm/lvm.conf
> > > #Change "issue_discards" from "0" to "1"
> > > #Add discard to grub
> > > sudo nano /boot/efi/EFI/qubes/xen.cfg
> > > #At the end of the kernel line, add "rd.luks.allow-discards=1"
> > > #Rebuild initramfs
> > > sudo dracut -H -f
> > > ##Check if discard (trim) is enabled:
> > > lsblk -D
> > > #OR
> > > sudo dmsetup table
> > > 
> > > Everything above works except that lsblk still shows no trim support so I 
> > > guess that the rebuilding of grub is an important step in this.
> > 
> > I think dracut by default place output file in
> > /boot/initramfs-(kernel version), while on UEFI system bootloader loads
> > it from /boot/efi/EFI/qubes/. Try to copy it there.
> 
> I checked the date and time of creation of the initramfs file in the 
> directories you specified and you are correct in that dracut created it in 
> /boot. However, after copying it to /boot/efi/EFI/qubes and replacing the one 
> there, there's still no trim support. Here's my output:
> 
> sudo dmsetup table
> snapshot-fb01:3278378-fb01:3279033: 0 20971520 snapshot 7:7 7:8 P 256
> qubes_dom0-swap: 0 15990784 linear 251:0 2048
> qubes_dom0-root: 0 451420160 linear 251:0 15992832
> luks-07201718-857d-4108-a722-a5956c443e1e: 0 467421184 crypt aes-xts-plain64 
> 
>  0 8:19 4096 1 allow_discards

The "allow_discards" is here, so it worked.

> snapshot-fb01:3278350-fb01:3278346: 0 20971520 

Re: [qubes-users] Routing network traffic in sys-usb using multiple devices

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Aug 18, 2016 at 10:34:55AM -0700, Adrian Rocha wrote:
> El jueves, 18 de agosto de 2016, 10:50:14 (UTC-6), Marek Marczykowski-Górecki 
> escribió:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Thu, Aug 18, 2016 at 09:12:35AM -0700, Adrian Rocha wrote:
> > > El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek 
> > > Marczykowski-Górecki escribió:
> > > > -BEGIN PGP SIGNED MESSAGE-
> > > > Hash: SHA256
> > > > 
> > > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote:
> > > > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek 
> > > > > Marczykowski-Górecki escribió:
> > > > > > -BEGIN PGP SIGNED MESSAGE-
> > > > > > Hash: SHA256
> > > > > > 
> > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote:
> > > > > > > Hi,
> > > > > > > 
> > > > > > > I have two network devices and one only USB controller, so both 
> > > > > > > devices are in the same VM (sys-usb). I want to route some 
> > > > > > > app-VMs by one network and the rest by the other network, for 
> > > > > > > that I have created two firewall VMs but both are connected to 
> > > > > > > the same network VMs because, as I commented, I can not divide 
> > > > > > > the network devices in different VMs.
> > > > > > > By default all the traffic is going by only one network device. 
> > > > > > > This is the configuration in my sys-usb:
> > > > > > > 
> > > > > > > [user@sys-usb ~]$ ip route list 
> > > > > > > default via 172.20.1.1 dev enp0s0u2  proto static  metric 100 
> > > > > > > default via 192.168.8.1 dev enp0s0u3  proto static  metric 101 
> > > > > > > 10.137.4.8 dev vif2.0  scope link  metric 32750 
> > > > > > > 10.137.4.29 dev vif9.0  scope link  metric 32743 
> > > > > > > 172.20.0.0/21 dev enp0s0u2  proto kernel  scope link  src 
> > > > > > > 172.20.2.255  metric 100 
> > > > > > > 192.168.8.0/24 dev enp0s0u3  proto kernel  scope link  src 
> > > > > > > 192.168.8.100  metric 100 
> > > > > > > 
> > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29
> > > > > > > 
> > > > > > > I know how to route a traffic to an specific IP using "ip route 
> > > > > > > add" to a determined device network, but How can I route the 
> > > > > > > complete traffic from one firewall VM by one device network and 
> > > > > > > the traffic from other firewall VM by the other device network?
> > > > > > 
> > > > > > Source based-routing is tricky in Linux in general. You can search 
> > > > > > for
> > > > > > some guides on the internet.
> > > > > > 
> > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB
> > > > > > devices to different VM - some separate netvm, or even one of those
> > > > > > firewallvms directly (and do not attach this firewallvm to any 
> > > > > > netvm).
> > > > > > It may work slightly slower, but should be much easier.
> > > > > 
> > > > > Thanks for your tip Marek, but I am having an error with the USB 
> > > > > assign:
> > > > > 
> > > > > The ethernet adapter in the sys-usb VM:
> > > > > [user@sys-usb ~]$ lsusb
> > > > > ...
> > > > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 
> > > > > Gigabit Ethernet
> > > > > ...
> > > > > 
> > > > > And when I try to assing them to the sys-net VM in dom0:
> > > > > [user@dom0 ~]$ qvm-usb 
> > > > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen
> > > > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_:9
> > > > > sys-usb:4-9 8087:07dc 8087_07dc
> > > > > sys-usb:4-110bda:573c 
> > > > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001
> > > > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2
> > > > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: 
> > > > > printf: write error: Invalid argument
> > > > > 
> > > > > Any idea or a detailed reference about this functionality?
> > > > 
> > > > Check kernel messages in sys-net. It looks like kernel driver rejects
> > > > this device for some reason.
> > > > 
> > > 
> > > This is the message in sys-net:
> > > [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: 
> > > super-speed
> > > 
> > > And I see this in sys-usb:
> > > [ 3095.918081] usbip-host 5-2: stub up
> > > [ 3095.920893] usbip-host 5-2: recv a header, 0
> > > [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using 
> > > xhci_hcd
> > > [ 3096.038562] usbip-host 5-2: device reset
> > 
> > Ok, so the reason is the device being USB3.0, which isn't supported by
> > the driver, unfortunately. Try plugging it into USB2.0 port.
> > 
> 
> Ahh ok, I tried in the USB 2.0 port, and now I can assign it. But I see in 
> the sys-net that it is recognized for a while but never connects to the 
> network. After a few seconds the device returns to the sys-usb VM. This are 
> de messages in sys-net VM:
> 
> [ 7277.118612] vhci_hcd vhci_hcd: rhport(0) sockfd(0) devid(262154) speed(3) 
> speed_str(high-speed)
> [ 

[qubes-users] Re: Qubes and freeBSD

2016-08-29 Thread Roberto Fock
El martes, 30 de agosto de 2016, 0:47:24 (UTC), Roberto Fock  escribió:
> Install OpenBSD as HVM in my notebook. Anyone know what I need to install 
> ports. Because the mouse does not move but I can click.(Instalé en mi 
> notebook Qubes y le agregué OpenBSD como maquina virtual. Alguien sabe qué 
> ports instalar para que funcione el mouse, porque no se mueve pero sí puedo 
> hacer click.)

I use Xfce Desktop Environment

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56057add-0f54-4425-be29-068151718303%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes and freeBSD

2016-08-29 Thread Roberto Fock
Install OpenBSD as HVM in my notebook. Anyone know what I need to install 
ports. Because the mouse does not move but I can click.(Instalé en mi notebook 
Qubes y le agregué OpenBSD como maquina virtual. Alguien sabe qué ports 
instalar para que funcione el mouse, porque no se mueve pero sí puedo hacer 
click.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2c4425e-968f-4d39-968f-18fc18dcec20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Windows update

2016-08-29 Thread Jan Betlach
On Monday, August 29, 2016 at 12:55:54 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-08-29 07:49, Foppe de Haan wrote:
> > On Monday, August 29, 2016 at 4:31:37 PM UTC+2, Jan Betlach wrote:
> >> I have installed standalone HVM with Windows 7 Pro. The 
> >> installation went smooth along with the windows tools from 
> >> testing repo. I do have however a problem - the windows update 
> >> initiated from within the VM is not working. It is "Checking for
> >>  updates" for hours and never ends. Networking (internet) inside
> >>  the VM works without problems. Any ideas?
> > 
> > I had the same experience. WSUS provides a (suboptimal) solution. 
> > Not a clue what causes it, though.
> > 
> 
> That's just how Windows Update works (blame Microsoft):
> 
> https://superuser.com/questions/951960/windows-7-sp1-windows-update-
> stuck-checking-for-updates
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXxGkKAAoJENtN07w5UDAwtH4P/1HMgqg5jjB2SVOBIYHJJCA+
> m5ZkYEf1Kv9vZhdhAdfvlT7bvDZEQJfmZ6Eyg02KMAqRaPB0Kb1Lj0KI/rj3u+30
> 4jdKnTPv1GhHbChcOCS7DAiRw1X/ap3Lx1GJaYX+FrXuHreewivJLYLfJgBIxHF5
> FoaY7VmiQfRxiqcy1uHm8vZcs0miT1rzcCJ7wdAvNG9J8mnvGNRb1W4gE39lnZcM
> 4uhqVCEstwm5vhIyoYL/PjBALxaXfTcutyC9mVC0QvGHA6flKTKvgxGEvzLH3nSX
> HZDC7dhiptrgBcAbaxpVcQ1ahZ35rQDI7e0doB+NRuq5QlamSkRkRp50wRyK76WZ
> 3zbV763YYfHVCA3SnCkux/jYvy6KltWa5AxNVJX18REUdQFS7Xyq5QF7wmv18xVw
> YJVj+KEEP+N3ogAeQYwH+ukembW3TmTc2xtl9qmqc70eSoS40LtlM4n5TrrAunbt
> +KjTriT1pHgSQOkvLJ8Dnw4C5+/50SnsdKf7CmJDN1iG9OvsljULBHaosvcsb76K
> Y3qQBiT0Qmok0zBeQOyJaBUfr5mtq7YnDHyeBZBeke/QgGqyPfTx92PXM/vu/7qn
> DzslZHWhlO1r5Eo7PZllQX5mfB0Mr7zuaEkwJnR3wBetotzNssw8W/wMski5nZ0I
> K0RU7jpVjWhRR0fDLyCw
> =wOjR
> -END PGP SIGNATURE-

Thank you Andrew, looks like the first fix helped. Downloading updates now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa6063a8-c393-4e0a-a878-4e0844895ddf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] sys-firewall

2016-08-29 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-29 10:10, Jan Betlach wrote:
> I've created minimal Fedora 23 template for sys-net, sys-usb and 
> sys-firewall. Obvious benefit is RAM usage. Works perfectly so
> far. During that process I've thougt whether it is a good idea to
> use Fedora 23 as a template for sys-firewall. Would not be
> possible and better to use something like MirageOS or ven pfSense
> for firewall in Qubes?
> 

This has come up on the lists several times in the past. You may find
the past discussions interesting:

https://groups.google.com/forum/#!searchin/qubes-
users/firewall$20(pfsense$20OR$20mirage)

https://groups.google.com/forum/#!searchin/qubes-
devel/firewall$20(pfsense$20OR$20mirage)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXxHYOAAoJENtN07w5UDAwT58P/jvnxEqqugRuRhM7mOd7X8pO
DgfqsdhimHhpKCtmHrg0souPseIbZ/cy38Fc1+wLDkO3wuWoKLyV9MZykHpRSJsl
rWeBI0Y71etrf7Q2gMt2ygB/G7RqGml7yc7sR3jXg6gHDwGuZtnTjksZdA+sRNNZ
eYqlQOlKTgQ1GxJEip15/98n+AShI2ldZmH5VqlbNOiMSo9S0YVUV0nUT329ghzS
oUr8VJMgrsk3UTqcyzTCZV9CBOCFtNW1tI27eT38LkzbmzWOSSiJ1CCd4KWwrNk4
3EZfA4J8auskeUbVoaRBF6bewRpoihMb5JpBB0PJRvFpylRRav59OtljDUvflBMD
FriIaDeUGf+vaFn3honEI/aCNy7O4ImdYGteDSmYH2PEK3IE8/jO/J4VBoESJJR3
tEczU5I7KJn0jeuqqgqpWEbHPqWmPzPp+89ZL0ZJLgv2hpkf5B2Y/aDBkK7Z5TKY
ZyKmyXhsuVM0d6lR0iMVAJYEDIztwKZcInTWVnz/E5R8hRUz0GL0II87kz0QnaJf
X68/kUfGOxoXSpXdk2IPsjm3EH9/JyUrR7Hzhb2cqodxwcow1N3zHkXfjoiPWTgy
+Zu+6EM/yK/rxtppMomxjCbYUCryEI8vGNw9TAa71nE05zBajXglILHunCfq94kp
URbjmVIzG+87qrW70/Ld
=FGgz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbc8e5aa-9e3b-930b-77a7-511b6d8fe743%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] sys-firewall

2016-08-29 Thread Jan Betlach
I've created minimal Fedora 23 template for sys-net, sys-usb and sys-firewall. 
Obvious benefit is RAM usage. Works perfectly so far.
During that process I've thougt whether it is a good idea to use Fedora 23 as a 
template for sys-firewall. Would not be possible and better to use something 
like MirageOS or ven pfSense for firewall in Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f9b870e-5ff9-4c5c-b2f1-dd7808043068%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Windows update

2016-08-29 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-29 07:49, Foppe de Haan wrote:
> On Monday, August 29, 2016 at 4:31:37 PM UTC+2, Jan Betlach wrote:
>> I have installed standalone HVM with Windows 7 Pro. The 
>> installation went smooth along with the windows tools from 
>> testing repo. I do have however a problem - the windows update 
>> initiated from within the VM is not working. It is "Checking for
>>  updates" for hours and never ends. Networking (internet) inside
>>  the VM works without problems. Any ideas?
> 
> I had the same experience. WSUS provides a (suboptimal) solution. 
> Not a clue what causes it, though.
> 

That's just how Windows Update works (blame Microsoft):

https://superuser.com/questions/951960/windows-7-sp1-windows-update-
stuck-checking-for-updates

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXxGkKAAoJENtN07w5UDAwtH4P/1HMgqg5jjB2SVOBIYHJJCA+
m5ZkYEf1Kv9vZhdhAdfvlT7bvDZEQJfmZ6Eyg02KMAqRaPB0Kb1Lj0KI/rj3u+30
4jdKnTPv1GhHbChcOCS7DAiRw1X/ap3Lx1GJaYX+FrXuHreewivJLYLfJgBIxHF5
FoaY7VmiQfRxiqcy1uHm8vZcs0miT1rzcCJ7wdAvNG9J8mnvGNRb1W4gE39lnZcM
4uhqVCEstwm5vhIyoYL/PjBALxaXfTcutyC9mVC0QvGHA6flKTKvgxGEvzLH3nSX
HZDC7dhiptrgBcAbaxpVcQ1ahZ35rQDI7e0doB+NRuq5QlamSkRkRp50wRyK76WZ
3zbV763YYfHVCA3SnCkux/jYvy6KltWa5AxNVJX18REUdQFS7Xyq5QF7wmv18xVw
YJVj+KEEP+N3ogAeQYwH+ukembW3TmTc2xtl9qmqc70eSoS40LtlM4n5TrrAunbt
+KjTriT1pHgSQOkvLJ8Dnw4C5+/50SnsdKf7CmJDN1iG9OvsljULBHaosvcsb76K
Y3qQBiT0Qmok0zBeQOyJaBUfr5mtq7YnDHyeBZBeke/QgGqyPfTx92PXM/vu/7qn
DzslZHWhlO1r5Eo7PZllQX5mfB0Mr7zuaEkwJnR3wBetotzNssw8W/wMski5nZ0I
K0RU7jpVjWhRR0fDLyCw
=wOjR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c02c868-f3c0-8bee-1768-165775bf8905%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Why does Qubes default to 2 VCPUs..?

2016-08-29 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-29 09:45, neilhard...@gmail.com wrote:
> According to VM Settings, I have a maximum of 4 VCPUs that I can
> use on any VM.
> 
> When I installed Qubes though, it put 2 VCPUs on each VM.
> 
> Is there any particular reason why I shouldn't be using all 4
> VCPUs..?
> 

Using 4 VCPUs may decrease performance compared to using just 2 due to
the scheduling overhead, and increasing from 2 to 4 doesn't seem to
improve performance. See this discussion:

https://groups.google.com/d/topic/qubes-users/IIFM9zLgXOA/discussion

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXxGhIAAoJENtN07w5UDAwcz0P/imDs69MYJLMZlgPZVbr/DJ2
cNlr9Bvp/X+LRdbis+8DCNXE9HL2KZRj3jqN66zoZQ4KFo6L/idKZ1YF+0cep80J
jOFbMjr8Ruf8Lvj5iL4MsTY0KfR4GHjBEcZtqwYfMLG6t2dz20aiD7ox15bcwUw0
MZfgPl+DYVVJxG0qUMOsycjCDwl5UnWh/EGHxs4ZFUqADQES7/ouM5deczK/uIoC
l0GfOJsm3iyP6riqmiahe8bl6Njee14ZauwENCoS+kAmSQe8gikz8DVOAYkAMaEI
BG4urxYOE7rshVIQrzYG4jRzuLdLBUCn0rEEBTx2M/mRQfrvXgEfGZSFO0m9mg6n
hT/g674Rh8S369XlpqwMiMYtf/rVx4B7qj8Lb9qiHkv5sWLDuaOHpJuNNGFMmuIW
VbwMNhkdjCXygIAK7kX37Aw3ni4bLfJxhCTK6tF58x48jD1vTqxtIzW2h7cYDeBt
M5EvpUJBSZ4dQqLKg6cMZSc2KMvxyniLkW7JUgAurPkYQ4uNZZJXRENMX6ORInf/
KqTnpCXcQozbh4/UBjgTaf8rCH0Mc6o7cgcV81PgIHOaNXs39FXp1P++X6v0jnmJ
6oZIkBHYdDffNG5xilmcMZkZN1DCmwSE5Tn4DKx7yRgjtKoFstH2rwnEKFYYnr8H
KtcIEcaQqEvQ7xVEu8ru
=SmmL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/509b2d28-951c-23ca-8af2-bf0ffd889fb3%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Windows update

2016-08-29 Thread Jan Betlach

I have installed standalone HVM with Windows 7 Pro. The installation went 
smooth along with the windows tools from testing repo.
I do have however a problem - the windows update initiated from within the VM 
is not working. It is "Checking for updates" for hours and never ends. 
Networking (internet) inside the VM works without problems.
Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0eef3161-192b-4e67-a821-e889188ae717%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qvm-run only available from dom0?

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Aug 19, 2016 at 08:56:38PM -, johnyju...@sigaint.org wrote:
> > On 2016-08-19 05:11, johnyju...@sigaint.org wrote:
> >> When I try to run qvm-run from within an AppVM, I get "Request refused."
> >>
> >> Is this by design, for security reasons?  If so, I guess that's
> >> perfectly
> >> reasonable.  I just don't see that fact documented anywhere.
> >>
> >
> > Yes, but it's completely user-configurable. You can read all about this
> > system
> > here:
> >
> > https://www.qubes-os.org/doc/qrexec3/
> 
> Sweet!
> 
> Mainly looking to have Keepass, running in an offline AppVM, to be able to
> fire up specifically-allowed URL's in a browser in another AppVM, and
> stuff a password into its clipboard.

Getting anything to/from qubes clipboard can be triggered only by an
explicit user action (ctrl-shift-c/v). This is to prevent many types of
clipboard-based attacks.

> (So it sounds like I could restrict the qrexec to a custom script in the
> AppVM that only opens that specific site; and stuffing the clipboard
> should be pretty benign, too.)

You can create new qrexec service for that (which is also described on
that linked page), but it may be tricky to do it securely.

Anyway, if you're talking about normal AppVM (not DispVM), and you want
to paste that password there from time to time, what about simply
storing that password inside the browser? It has access to this password
anyway, the only difference is when. But if it is compromised, it
doesn't matter, so you don't really get anything from not storing it
there.

This of course doesn't apply to Disposable VM (DispVM in short), which
by design should start from clean state.

> If I'm very careful about the permissions, I should be able to keep any
> risk under control.  The qrexec design looks pretty flexible.
> 
> Thanks!
> 

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXxEUfAAoJENuP0xzK19csYugH/0uNjnrHicHyCvMSpS2CCPyj
c/SrAN3bnx7dOovAqzNV3Pz5cCrXEBevwwjnSermp4li9CGH1CCEq8Zx0XyGNCdB
MNjBq+mN8NzZIR3Lj0h8Hebp8rEtC5SY0oey9Rux3iM0RVjBjk6qTGse1jz5qS9K
B07vIVRAL+dX2fzvv3H8fqTUJICgVQl2H13rQbykUMm2DGvCQs3R/uldZ00V6kGn
qmLqCf3DQz1tljhkcodP0hRipWRroikdmyxre62gNddQy2e7iR0dDnF00+lzKfpl
+UakaaBfZtBE05bMWehDEWSxBALofrhcnIVQLtyZQf3akkTGToip658JLa3lvcs=
=2KFv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160829142224.GF21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Boot problems on Lenovo T420 thinkpad

2016-08-29 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Aug 18, 2016 at 11:58:58AM -0700, cedarrab...@resist.ca wrote:
> Hi everyone,
> 
> Would-be new user of Qubes here, but a longtime Linux user. I'm trying to
> install Qubes-R3.1-x86_64 on a Lenovo Thinkpad T420. I encountered the
> "hangs on penguins" problem described here:
> 
> https://www.qubes-os.org/doc/uefi-troubleshooting/
> 
> I followed the steps there and they all worked well, until the very last
> section where it asks for " /boot/efi partition number". I don't know what
> that is and I don't think it came from the previous steps. I tried it with
> the entry number and with a similar number that came up during a different
> step, but neither worked.
> 
> One time it gave me an error reading "segmentation fault" and something
> about needing a unique instance. When I rebooted, I couldn't boot to
> anything. Another time it created two instances of Qubes in the boot menu
> but trying to boot to either got stuck at penguins.
> 
> I think all I really need is to know what a partition number is and where
> to find it. Googling hasn't helped me so far, and I'd really appreciate
> any help you all could provide.
> 
> Thanks so much for all your work!! Looking forward to getting Qubes going.

One of easiest way is `df /boot/efi` command - you'll see something like
/dev/sda1 at the beginning. That "1" (or other number) is the partition
number.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXxEUSAAoJENuP0xzK19cswPAH/iHacUwOvwB0mkxl7oGlyvwd
ihV8hmPghoWvY3md5DIV49H44QyyoyUjKR56Sv6tcZWGf2O1ooXAqHyOyMQkcrU0
cahvFVgfcOK595xvU1KyGScd9bzMN73uDOSH7oA2LPwhHbj1gFwC9awlLXYyrQgh
/mnbG35oKinrs7PvgfhS1UsWi3xCS5o/cC4EYjG/gkokTcFb3+rC4FWk79ZkXKLr
b6LN8w6kdHhmbXJtFjbEHAOjJzTfgiB0vyCUZHm9Lr6OF4Uf8KGQRRhCZ1FYk2lA
sZxofw1FBJPp+RTIO3fIgM3V+AvzR0onaJekEJC58Ts/t/TA2e0i54AmehnQOuQ=
=a8wM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160829142210.GE21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Weird network access issues

2016-08-29 Thread bisam
On 08/26/2016 11:23 PM, angelo "angico" costa wrote:
> Hi, all!
> 
> I'm experiencing some weird network access issues. I'm using Qubes 3.1.
> 
> After logging in to the system, sys-net, sys-firewall and sys-whonix start as 
> expected, and network access is normally available. I can use apps such as 
> OwnCloud, qBittorrent, Firefox and others to connect to several internet 
> services and they all work fine. But suddenly, and I just cannot specify 
> when, the apps start to fail connecting. One such app that most catches my 
> attention with respect to the problem is OwnCloud, which reports connection 
> failure -- though other devices such as an Android tablet or even another 
> notebook running Debian, tell me Internet access is absolutely normal, 
> including access to my OwnCloud server.
> 
> I've already tried restarting the VMs related to network connection -- 
> sys-net and sys-firewall -- but the problem persists, and it's happening with 
> two different notebooks -- an Acer Aspire with Intel Core i7, 10GB RAM, 1TB 
> HD and an unbranded one with equal CPU. 8GB RAM, and 640GB HD.
> 
> Does anybody have experienced such issues? Does anybody have any hint on what 
> may be the cause of those issues and on how I can solve them?
> 
> TIA and best regards to you all,
> 
> Angico.
> 

Perhaps I experienced the same issue. It happened to me a few times,
seemingly random. Suddenly my AppVMs are not connecting to anything
outside Qubes anymore. the only VM that was connecting was sys-firewall.
The next time it happens I will write down what exactly I am
experiencing and if the connection between the VMs are working properly.

I also use a skylake i7 cpu, perhaps there is some connection? *shrug*

regards
bisam

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a802f81e-8da0-b416-f5f6-2606b1e4456e%40fucked-up.net.
For more options, visit https://groups.google.com/d/optout.


Re: SOLVED --- Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes

2016-08-29 Thread Foppe de Haan
On Monday, August 29, 2016 at 11:05:17 AM UTC+2, Foppe de Haan wrote:
> On Monday, August 29, 2016 at 10:53:00 AM UTC+2, Raphael Susewind wrote:
> > > It may be due to my not having had sufficient coffee yet, but what 
> > > special character are you referring to? I don't see any. :o
> > > 
> > > Anyway, relevant output for mine:
> > > 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
> > > 5-2/usb-ver = 2
> > > 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
> > > 7-2/usb-ver = 2
> > > 
> > 
> > the \xc2\xae. Run qubesdb-multiread with the '-r' switch and see ;-)
> > 
> > Looks like the problem is kind-of-known - see
> > /usr/lib/qubes/udev-usb-add-change - and can be changed by adding (in
> > the template on which your USB VM is based, so that it becomes persistent)
> > 
> > ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`
> > 
> > immediately before
> > 
> > DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"
> > 
> > Perhaps the Qubes developers could make this change permanent?
> > 
> > Best,
> > Raphael
> 
> Ah yes, that did the trick. Thanks for fixing it. :)

Only 'issue' left for me, and from a usability perspective is that the qvm-usb 
output is rather useless, because all it displays is Microsoft_Microsoft -- 
which is what's shown when I enter the qubesdb-multiread command, rather than 
lsusb. Any idea why they are requesting (human-readable) identification 
information using different commands?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28db4ccc-e2f3-427c-a209-4db75a8f657e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: SOLVED --- Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes

2016-08-29 Thread Foppe de Haan
On Monday, August 29, 2016 at 10:53:00 AM UTC+2, Raphael Susewind wrote:
> > It may be due to my not having had sufficient coffee yet, but what special 
> > character are you referring to? I don't see any. :o
> > 
> > Anyway, relevant output for mine:
> > 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
> > 5-2/usb-ver = 2
> > 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
> > 7-2/usb-ver = 2
> > 
> 
> the \xc2\xae. Run qubesdb-multiread with the '-r' switch and see ;-)
> 
> Looks like the problem is kind-of-known - see
> /usr/lib/qubes/udev-usb-add-change - and can be changed by adding (in
> the template on which your USB VM is based, so that it becomes persistent)
> 
> ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`
> 
> immediately before
> 
> DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"
> 
> Perhaps the Qubes developers could make this change permanent?
> 
> Best,
> Raphael

Ah yes, that did the trick. Thanks for fixing it. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/70c38120-7af8-4a5e-b1ed-86d819c44a03%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


SOLVED --- Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes

2016-08-29 Thread Raphael Susewind
> It may be due to my not having had sufficient coffee yet, but what special 
> character are you referring to? I don't see any. :o
> 
> Anyway, relevant output for mine:
> 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
> 5-2/usb-ver = 2
> 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
> 7-2/usb-ver = 2
> 

the \xc2\xae. Run qubesdb-multiread with the '-r' switch and see ;-)

Looks like the problem is kind-of-known - see
/usr/lib/qubes/udev-usb-add-change - and can be changed by adding (in
the template on which your USB VM is based, so that it becomes persistent)

ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`

immediately before

DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"

Perhaps the Qubes developers could make this change permanent?

Best,
Raphael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ea17296-b954-a2b2-05e6-a3a686be53b9%40raphael-susewind.de.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes

2016-08-29 Thread Foppe de Haan
On Monday, August 29, 2016 at 9:33:39 AM UTC+2, Raphael Susewind wrote:
> > I am having more or less the same issue with my usb 2.00 devices (although 
> > I'm not seeing issues with buses having 2 digits); one is my keyboard, 
> > which, although it errors, works fine (permanently passed through to dom0).
> > The other is my webcam (lifecam hd3000), which I cannot pass through to 
> > another qube because qvm-usb throws the error described above:
> > Invalid 7-2 device desc in VM 'sys-usb'
> > Invalid 5-2 device desc in VM 'sys-usb'
> 
> Digging deeper, I ran qubesdb-multiread /qubes-usb-devices/ in my
> sys-net-usb VM, and it looks like the device description for the
> crashing device contains a special character:
> 
> ...
> 2-1_6/desc = 2232:1024 Namuga\xc3\xbf_Webcam_SC-13HDL11624N_SN0001
> ...
> 
> Can you confirm that your two offending devices also have special
> characters in the description?
> 
> Meanwhile, I try to figure out how one can change the iManufacturer part
> of the device descriptor manually (unfortunately, this is not covered in
> /usr/share/hwdata/usb.ids)
> 
> Raphael

It may be due to my not having had sufficient coffee yet, but what special 
character are you referring to? I don't see any. :o

Anyway, relevant output for mine:
5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
5-2/usb-ver = 2
7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
7-2/usb-ver = 2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adf351c8-7c47-4051-95c2-7e9f2ffa392d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.