[qubes-users] Re: Can't get WiFi driver to work in Debian 8

[neilhardley]

Obviously restart the Template VM and Net VM afterwards.

All solved.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4fb56b1-52c2-4c46-a883-76e19be13746%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can't get WiFi driver to work in Debian 8

[neilhardley]

OK. I solved it. The solution is to get the jessie-backports .deb file and 
install it in the "debian-8" template VM:

Go here

https://packages.debian.org/jessie-backports/firmware-iwlwifi

Then here

https://packages.debian.org/jessie-backports/all/firmware-iwlwifi/download

Copy the file to debian-8

run

dpkg -i firmware-iwlwifi_20160110-1-bpo8+1_all.deb

Solved

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07a73682-4b96-4d45-9532-f4d523aea9c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't get WiFi driver to work in Debian 8

[neilhardley]

I am on Qubes 3.2 rc2.

I have an Intel 3165 WiFi driver.

It simply does not work.

It works fine in Fedora, but not Debian.

According to this:

https://github.com/QubesOS/qubes-issues/issues/1526

There is something where Debian no longer recognises WiFi in Qubes Net VMs..?

Is this true..? 

If so, it says to downgrade to 3.18 kernel.

So I follow these instructions:

https://www.qubes-os.org/doc/managing-vm-kernel/

But then I try going to dom0, and running:

"sudo qubes-dom0-update grub2-xen"

and it returns:

"Cannot download rpm/grub2-xen-2.02beta2-3.fc23.x86_64.rpm: All mirrors were 
tried"

So I just don't get it.

Do I need to downgrade the kernel or not..? Does anyone have WiFi drivers 
working in a Debian8 Net VM..??

And if I do, why is this failing in dom0..? 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86779166-8c7b-4f76-b87b-554c5a34dbb8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] BTRFS?

[Franz]

On Thu, Sep 22, 2016 at 9:59 PM,  wrote:

> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On Thu, Sep 22, 2016 at 03:56:57PM -0700, Connor Page wrote:
> >> In fact, I think the right question is "Will Qubes 4 be compatible with
> >> btrfs root if vm storage is expected to reside on a LVM thin pool?"
> >
> > This is a good question. The new storage handling is flexible enough to
> > allow writing a module to handle btrfs even better than in Qubes 3.x.
> > But it is unlikely that we'll manage to write such module for 4.0. If
> > someone would contribute such module, then yes - it will be supported.
> > Otherwise, probably somehow around 4.1 or later.
>
> 4.0 will be less flexible in this respect?
>
> LVM thin volumes sound interesting (just read up on them today) and handy
> for allocation, but they'll be mandatory for VM storage??
>
> (Again, as mentioned in my earlier post, btrfs seems like it would meet
> the same needs and then some.)
>
> Why is it that so many things I hear about 4.0 are concerning to me?
>
> I realize one must make sacrifices and architectural choices in the name
> of progress.
>
> But so far what I know of 4.0 is that it won't run on any of my PCs, it
> won't (initially at least) support btrfs root, and the "decomposition"
> sounds like it's going to spread configuration stuff in various places
> rather than in one spot, the Qubes Manager (well, and the menu), where
> they're generally very easy to find.
>
> (There was something else that didn't sit well with me, but it escapes my
> feeble mind at the moment.  Might have been something to do with hardware
> or processor requirements.)
>
> I know there are some incredibly talented people working on Qubes, and a
> great community surrounding it, so my fears are probably largely
> unfounded; but I'm a bit afraid to invest in fully settling into and
> committing to a system (which has been great so far), if the next major
> release won't work for me.
>
> Once 4.0 comes out, what happens to 3.2?  Will it be supported for awhile,
> moved forward at all, or just marked as deprecated/EOL'd and more or less
> abandoned?
>

Once 4.0 comes out it will be beta for some time and people will be
discouraged of using it for production, as happened for past releases. But
look here for an idea of support of previous releases:
https://www.qubes-os.org/doc/supported-versions/
Best
Fran

>
> JJ
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/429588c1db7fa0d2df95a73160c305e5.webmail%40localhost.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCH2duRxvzUio4Dd7XRaexVnF0GAx5xnUf0N%2Bcv_H%2B%2B1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?

[neilhardley]

Yeah, what actually happened to me, is that Ethernet DOES work just fine.

But WiFi doesn't.

So this is actually I think related to this issue:

https://github.com/QubesOS/qubes-issues/issues/1526

Wifi no longer recognised in Debian-based sys-net VM after 3.0 -> 3.1 upgrade

I have an Intel 3165 WiFi chip.

There is something where Debian in Qubes no longer works with WiFi or 
something. They say to downgrade to a lower kernel.. Errgh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccb14b4a-149c-4f72-92ba-1119f9fb04a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?

[Franz]

On Thu, Sep 22, 2016 at 9:56 PM,  wrote:

> OK, now, I had real problems trying to switch to debian8.
>
> I shut down sys-net and sys-firewall
>
> Switched them both over to debian8
>
> First thing, it said "Internet disconnected" in network manager, and
> simply wouldn't show any WiFi networks at all.
>
> Second thing, it wouldn't even open the terminal for "sys-net".
>
> So, this really did not work for me.
>
> Chris Laprise, what did you do, other than shutting down VMs and changing
> to debian..?
>
> Did you have to shut down sys-usb as well..?
>
> Or do I have to do a bunch of other VMs or other stuff..?
>
> This certainly didn't work smoothly for me at all. I've switched back over
> to Fedora just to type this.
>
>
for me it worked with no problem at all. Well I rebooted the computer
immediately after the change because I always had problems restarting these
sys VM without rebooting, independently from the distribution of the
template.
Best
Fran

> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/7bacb435-a9d7-466e-a4f3-30c21f7ee570%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qDd%2BtdSGjQYJjD%3D22Ki8%3DTPz4_VS5xorx7Xg_pj9KbcSQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] System still freezes, still no resolution.

[Drew White]

Hi folks,

The system still freezes after it's been on for a couple of days.
Sometimes only 1 day.
I leave it on, then in the morning I come in, and it's locked up.
I have started a logging system so that when I find it's dead in the morning, I 
can check the logs to find out the resource usage of things.
Hopefully this will help the devs resolve this issue that has been a plague 
since early on.

If anyone already knows a resolution to this bug, please let me know so that I 
can get it resolved. I'm tired of having to re-do the work that gets lost if 
files get corrupted or not saved properly, and also browsing information from 
things I'm doing.

Sincerely,
Drew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a10f1287-626f-4fe9-be1f-8ca4e0377105%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] BTRFS?

[johnyjukya]

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Thu, Sep 22, 2016 at 03:56:57PM -0700, Connor Page wrote:
>> In fact, I think the right question is "Will Qubes 4 be compatible with
>> btrfs root if vm storage is expected to reside on a LVM thin pool?"
>
> This is a good question. The new storage handling is flexible enough to
> allow writing a module to handle btrfs even better than in Qubes 3.x.
> But it is unlikely that we'll manage to write such module for 4.0. If
> someone would contribute such module, then yes - it will be supported.
> Otherwise, probably somehow around 4.1 or later.

4.0 will be less flexible in this respect?

LVM thin volumes sound interesting (just read up on them today) and handy
for allocation, but they'll be mandatory for VM storage??

(Again, as mentioned in my earlier post, btrfs seems like it would meet
the same needs and then some.)

Why is it that so many things I hear about 4.0 are concerning to me?

I realize one must make sacrifices and architectural choices in the name
of progress.

But so far what I know of 4.0 is that it won't run on any of my PCs, it
won't (initially at least) support btrfs root, and the "decomposition"
sounds like it's going to spread configuration stuff in various places
rather than in one spot, the Qubes Manager (well, and the menu), where
they're generally very easy to find.

(There was something else that didn't sit well with me, but it escapes my
feeble mind at the moment.  Might have been something to do with hardware
or processor requirements.)

I know there are some incredibly talented people working on Qubes, and a
great community surrounding it, so my fears are probably largely
unfounded; but I'm a bit afraid to invest in fully settling into and
committing to a system (which has been great so far), if the next major
release won't work for me.

Once 4.0 comes out, what happens to 3.2?  Will it be supported for awhile,
moved forward at all, or just marked as deprecated/EOL'd and more or less
abandoned?

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/429588c1db7fa0d2df95a73160c305e5.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?

[neilhardley]

OK, now, I had real problems trying to switch to debian8.

I shut down sys-net and sys-firewall

Switched them both over to debian8

First thing, it said "Internet disconnected" in network manager, and simply 
wouldn't show any WiFi networks at all.

Second thing, it wouldn't even open the terminal for "sys-net".

So, this really did not work for me.

Chris Laprise, what did you do, other than shutting down VMs and changing to 
debian..?

Did you have to shut down sys-usb as well..? 

Or do I have to do a bunch of other VMs or other stuff..?

This certainly didn't work smoothly for me at all. I've switched back over to 
Fedora just to type this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bacb435-a9d7-466e-a4f3-30c21f7ee570%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: hosts file.

[Drew White]

On Thursday, 22 September 2016 19:20:56 UTC+10, jkitt  wrote:
> you can always set the immutable attribute with: chattr +i.
> 
> This will be a guest distro specific issue and not one with Qubes.

You are a Qubes dev?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8aef3c8-4e1f-495d-9282-29daf66fad88%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] i3

[jd . schroeder]

Regarding 4. When this happens, I launch "network connections" in sys-net to 
bring the icon back. I usually need to do this on starting a new session.

Other than that, I just use dmenu. You can set applications in the VM manager, 
and they show up in dmenu with the VM name prefixed. This way i can, for 
example, launch keepassx on vault by typing something equivalent to "vaul kee"

I rarely start/stop VMs manually. The VM manager seems to handle it 
automatically well enough.

Jonathan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58617063-fb41-4de5-8041-78dfb27c527c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?

[jd . schroeder]

Those interface names come from systemd, which renames interfaces during boot 
based on their bus and location on that bus (which USB port, for example) from 
"eth0" to what you're seeing. You can think of them as effectively equivalent.

Jonathan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b392428b-7d27-475d-acef-ece9936f5f52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-22 07:45, Otto Kratik wrote:
> On Wednesday, September 21, 2016 at 9:03:30 PM UTC-4, Andrew David Wong wrote:
>> Since your question is about the functional or behavior differences
>> between TemplateVMs and HVMs, I take it that what you're really
>> interested in is the practical difference between using TemplateVMs and
>> StandaloneVMs as VMs which do not depend on any other VM for their root
>> filesystems.
>>
>> The only significant difference I'm aware of is that using a TemplateVM
>> allows you to retain the option of creating TemplateBasedVMs based on
>> this TemplateVM in the future, whereas a StandaloneVM does not. If you
>> one day decide that you'd like to have a TemplateBasedVMs based on your
>> StandaloneVM, you'll have to re-create it as a TemplateVM. There's no
>> (easy) way to turn a StandaloneVM into a TemplateVM.
> 
> 
> Your interpretation is correct, I am mainly interested in the practical 
> differences between running either a TemplateVM or a StandaloneHVM as a 
> self-contained VM that doesn't depend on another VM's root filesystem.
> 
> As in my example, if I want a self-contained, non-dependent Debian VM it's 
> far easier to just clone a Debian TemplateVM and use it independently as 
> such, and thus get the single mouse-pointer desired, as opposed to creating 
> an HVM and installing Debian there, and getting dual mouse pointers instead. 
> If the two solutions are functionally the same, the first is more optimal.
> 
> However one reason I ask is that I seem to have in fact noticed some 
> behavioral differences I wouldn't have expected, based on the descriptions 
> above. The example case is unfortunately too unique to be likely duplicable 
> by others for testing, but here it is nonetheless.
> 
> I purchased a Linux game that needs no installation, you just download it 
> from the vendor website, unpack the tar.gz archive and run it from shell. At 
> first run it asks you to input the license code received at the time of 
> purchase, which is easy to do. After that, all future launches don't ask you 
> to input the code again, as it's already saved and stored by the game.
> 
> On normal standalone Linux systems (whether an HVM within Qubes or a truly 
> separate bare-metal installation on another computer/drive) this works as 
> expected. Enter the code once, game works smoothly forevermore.
> 
> But on a TemplateVM, the code works for that session, but doesn't seem to 
> "stick" or get saved next time around, and it has to be entered again each 
> time the game is launched. While I'd understand and perhaps expect this if 
> running from a TemplateBasedAppVM, since maybe the location where the game 
> records the registration is on the rootFS and isn't remembered next time, I'm 
> perplexed to see it occurring on a TemplateVM, which shouldn't have this 
> issue saving data to rootFS if necessary - which isn't of course even the 
> logical place for game data to be stored, as it should use a local directory 
> like Home I would think.
> 
> I've even made sure to run the game's launch command as sudo in case elevated 
> permissions are needed to write the registration data permanently, but 
> without any luck.
> 
> As I said, this specific game issue is outside the scope of Qubes or its dev 
> team to attempt to solve, but it does illustrate at least one behavioral 
> difference between the two VM types. On a StandaloneHVM, the game 
> registration is saved successfully as expected. On a TemplateVM, the 
> registration is forgotten each time. To make things even more confusing, the 
> registration is forgotten each and every time even within the *same session* 
> of the TemplateVM being run. Shutdown and restart isn't necessary to trigger 
> the problem. Launch game, enter code, proceed with game. Exit game, launch it 
> again, and code is requested again, even though TemplateVM is still running 
> continuously without interruption or restart. Thus, anything saved during 
> session should still be preserved, and yet isn't.
> 
> Again, not asking for a solution here, just describing the scenario that 
> precipitated the issue. Could just be some odd quirk of the game itself. Who 
> knows.
> 

There are certainly Qubes-specific customizations that will cause a Debian
TemplateVM (or StandaloneVM created from the Qubes Debian TemplateVM) to
be different from a Debian HVM. (Some differences are beneficial, like
fixing the double-cursor issue.) You may want to try running the game in a
StandaloneVM rather than a TemplateVM, just to see if there's any
difference. I afraid I don't know the solution to your issue, but it
sounds like it might be some kind of file permission issue.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX5G8WAAoJENtN07w5UDAwiakQAJ/csEo/MAqdRAXf+Q29lkS1
SG28LJJpvCfUiY07wwR8bu57CWCFIvMuR5l8QrnJOCWy0xLhMOeqR5H2LdIjp56W

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-21 19:36, Drew White wrote:
> On Thursday, 22 September 2016 12:23:31 UTC+10, Andrew David Wong  wrote:
>> Then your TemplateBasedHVM is an AppVM. But it doesn't follow from that
>> fact that TemplateBasedHVMs should be called "AppVMs" rather than
>> "TemplateBasedHVMs." The reason is simple: Some TemplateBasedHVMs are
>> AppVMs, but not all AppVMs are TemplateBasedHVMs.
>>
> 
> So they should then be AppHVM?
> 

No, because not every HVM used for running applications is based
on a template. Some are standalone.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX5GsjAAoJENtN07w5UDAwHX4P/3aRDgRFrZWdJ0c/ephpF97j
h/GR9IlzY/QGRO4azSn2+dNCMgz93pXCb08qyDTmzLtWYBj/um1Sxid8MYUQDOJs
Tle1gNgo0CTkirlLhEe8pS32/uYU8VF2SWVtQtUC9kEoveR9SMYMud3cyoHqLEaH
wV4DPmZ4Kx8hWdorLwT+wMziDACz/Zw8QT0jNn3EzTD3fbZZ5Uq2Dc5NFtuhIGEZ
y5+6GPv7HaGhTL56rdU8UmPs+uCaNgcah+t+T1Gwd5p/6/jb7kSHw2Fy70J5ljPT
JnaZw2d2p+aZo6jQVO92LHI2Q1LiPE0as8bAKF2kPEk4NR/HGUzsE7IZjkZ8acFc
WhjQM3pnDnSmbVGbolaSDgzCbFPIsZr8125ZO/Ekto0QeavuSuaue223d+S1ijd2
b6/73+eTGJFpjFfcllIb90q7S8A6YOTXkOH+IT7bbZcct9dAhsqZFA8AGnIg+ir0
j5WoP/54weknQP8H2HK3vtml5Z2pvlebdrjc4LvZi/Cfwj4QN5lKNqhh5WknnA64
JrzIfHDLTS/4Kqlh1xsVKisl8/qw1ja9a3G9Mqs0k7dvClq09rYqlo6dP8kxnnSM
COCIg65jIwe/VbNFi1cXIcHYgZYeBh9LutCPPr1KlGzqAgdChWyAoVaedN0KIGcI
Ns8t4kLuIPws5QysnM46
=4Ijl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f4519a4-6f74-1343-3fb4-7997a59ed874%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] BTRFS?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Sep 22, 2016 at 03:56:57PM -0700, Connor Page wrote:
> In fact, I think the right question is "Will Qubes 4 be compatible with btrfs 
> root if vm storage is expected to reside on a LVM thin pool?"

This is a good question. The new storage handling is flexible enough to
allow writing a module to handle btrfs even better than in Qubes 3.x.
But it is unlikely that we'll manage to write such module for 4.0. If
someone would contribute such module, then yes - it will be supported.
Otherwise, probably somehow around 4.1 or later.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJX5GVwAAoJENuP0xzK19csk+8H/iTHdf8HHg1hdegkOomh4Mip
yX65o+td3tDgpaODsZSjmAYPO/tIHkFPqheuHb6Hm+KvUvmplbh6b49T3A+ZYZS0
Fvsq29znmxqV7Xx/AZ/hmmIXjVEqs4ZYfmBWEzC8Oke91PLjMoMfcxvfCEbbDn0S
z5jYqiK0Ld3qligwzWTqj7Na/tAUeXZC4vAEZfyq5XtPsMEIpMniG4CGptLUBcht
x82ZbKBtl2oYA25gb2g+mK/KE5z2yQMVbeuxisMYUGsnmU0Tu7tfFa87TaDuBwgD
1qC8x8YCCJxAo9pkGQ/atjNDyV7N/HJYDfKCcursooti1F0td7vKzDw3aqi++mI=
=oY6G
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160922231248.GR31510%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] BTRFS?

[Connor Page]

In fact, I think the right question is "Will Qubes 4 be compatible with btrfs 
root if vm storage is expected to reside on a LVM thin pool?"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/faba39bf-b1fb-4071-a361-a99a0dcf0366%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: BTRFS?

[Connor Page]

I have root, home and var as subvolumes on a btrfs volume. I intended to create 
snapshots before updates. The tricky bit was to put it on a LUKS partition as 
somehow the installer encrypted only the swap partition. Maybe it was my fault, 
not sure now. Anyway, if you do it check that it is on top of an encrypted 
partition. If not, you're in for some practice in manipulating btrfs volumes 
and manual setup of dm-crypt ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c1ca2764-84f6-4a9f-92f9-7dc35840b1d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: i3

[Jon Solworth]

Apparently, the configuration at the bottom of https://www.qubes-os.org/doc/i3/ 
are unnecessary if you install i3-settings-qubes.  You should do that before 
running i3, if you haven't remove .config/i3 in dom0 and then rerun.  In 
addition to customizing terminal generation, and fixing up the scripts, it also 
provides a qubes specific status bar.

I'm not a big fan of dmenu.  I did build a mode switch ($mod+p) for starting 
programs in various VMs; probably build another mode switch for starting a 
terminal in various VMs.

I used an external monitor in addition to notebook screen so I created an extra 
10 workspace (using the function keys).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed14a9ac-2a5b-4307-ae57-286f592517d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: installing Signal on Qubes mini-HOWTO

[dlmetcalf]

On Friday, 23 September 2016 04:11:33 UTC+10, se...@redhat.com  wrote:
> On Thursday, September 22, 2016 at 3:57:01 AM UTC-4, dlme...@gmail.com wrote:
> > On Monday, 15 August 2016 20:43:18 UTC+10, pixel fairy  wrote:
> > > On Sunday, August 14, 2016 at 3:22:30 PM UTC-7, Alex wrote:
> > > ...
> > > > 1. Install the Chromium browser in your appvm template - skip if you 
> > > > were already using it. Shut down the template VM.
> > > 
> > > I keep wondering how safe chromium browser is. do redhat or debian track 
> > > updates in time with google-chrome?
> > 
> > 
> > Chromium in the supported Fedora template for Qubes (FC23) contains High 
> > severity security bugs:
> > 
> > FC23 = 52.0.2743.116-10.fc23.
> > FC24 = 53.0.2785.113-1.fc24.
> > 
> > See: https://apps.fedoraproject.org/packages/chromium  (for builds)
> > 
> > Numerous security vulnerabilities, including High severity CVE's here:
> > https://googlechromereleases.blogspot.com.au/2016/09/stable-channel-update-for-desktop_13.html
> > 
> > Newer RPMs available here, but haven't been tagged to either updates or 
> > updates-testing for FC23:
> > 
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=802754
> 
> 
> So what you're saying is we should move to Fedora 24.

Sure.  However, FC23 is still listed as a supported release: 
https://fedoraproject.org/wiki/Releases#Current_Supported_Releases.  Maybe only 
"Critical" security fixes would make it to FC23 though, not "High" 
(https://www.chromium.org/developers/severity-guidelines), but people likely 
assume otherwise.  Note also that Chromium is not listed as a Critical Path 
package, unlike Firefox.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6be8b0f0-1330-4e9c-b5a0-03fa3b9befd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R3.2-rc2: random reboots on Lenovo T520 (workaround)

[yaqu]

After upgrade from R3.0 to R3.2-rc2, my T520 started rebooting randomly
a few times a day. Sometimes after 10 minutes of running, sometimes
after 12 hours, but always with nothing in logs.

After a long and boring investigation I have found out it was triggered
by connecting external monitor and it can be fixed by disabling the
Intel i915 RC6 feature (some power saving stuff).

Since I've added i915.enable_rc6=0 as a kernel parameter
(GRUB_CMDLINE_LINUX in /etc/default/grub) I have a 50 hours of uptime
and counting :-)

Affected hardware:
Lenovo ThinkPad T520
cpu: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
chipset: Mobile Intel QM67 Express
gpu: Intel HD Graphics 3000

Relevant results from lspci:
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor
Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation
Core Processor Family Integrated Graphics Controller (rev 09)

Qubes 3.2-rc2, kernel 4.4.14-11

Does anyone else have similar issue with i915?

-- 
yaqu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160922213719.41769103DFC%40mail2.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - System76 Lemur

[Clark Venable]

HCL for System76 Lemur attached as yml file.  Text of fiile pasted below.


See 
https://www.clarkvenable.me/qubes-os-on-my-system76-lemur-working-out-the-kinks/ 
for details, please.


My thanks to J. Eppler and Micah F Lee for early help.

Clark Venable


---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'yes'
tpm:
  'unknown'
brand: |
  System76, Inc.
model: |
  Lemur
bios: |
  5.11
cpu: |
  Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Sky Lake Host Bridge/DRAM Registers [8086:1904] 
(rev 08)

chipset-short: |
  FIXME
gpu: |
  Intel Corporation Sky Lake Integrated Graphics [8086:1916] (rev 07) 
(prog-if 00 [VGA controller])

gpu-short: |

network: |
  Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit 
Ethernet Controller (rev 12)

  Intel Corporation Wireless 3165 (rev 81)
memory: |
  16302
scsi: |
  Samsung SSD 850  Rev: 1B6Q

versions:

- works:
'yes'
  qubes: |
R3.1
  xen: |
4.6.0
  kernel: |
4.1.24-10
  remark: |
Realtek PCI Express Ethernet caused problems. When inactivated, 
Intel WiFi worked fine. Screen problem after wake from sleep solved by 
telling laptop never to sleep.


  credit: |
Clark Venable
  link: |
https://www.clarkvenable.me/qubes-os-on-my-system76-lemur-working-out-the-kinks/

---

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13f45f24-0e9f-ce42-ea18-f0584768f835%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-System76__Inc_-Lemur___-20160922-171340.yml
Description: application/yaml

[qubes-users] HCL - ASUSTeK Crosshair V Formula

[Randy Rowland]

QubesOS will only pick up the HDMI Audio out on the R700 Radeon HD 4870x2.
QubesOS does not let audio come out the onboard sound of the motherboard.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJfBYdJn6pObeW%2BiRVCRHXznMFWvnyhMc8Uv-hEK3PcJ_DHNRg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASUSTeK_COMPUTER_INC_-Crosshair_V_Formula-20160922-163245.cpio.gz
Description: application/gzip


Qubes-HCL-ASUSTeK_COMPUTER_INC_-Crosshair_V_Formula-20160922-163245.yml
Description: application/yaml

[qubes-users] How to install DHCP in "sys-net"

[neilhardley]

I am doing a project with someone.

I need to install DHCP in "sys-net".

I did:

sudo dnf install dhcp

and

sudo dnf install dhcpcd

---

After this, I was asked to look for this file:

/usr/lib/dhcpcd/dhcpcd-hooks/70-ipv4-nat

---

But it just hadn't been created.

I don't understand how to install DHCP in sys-net

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/927f22bd-e0f2-4246-a478-7e2143c68e59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL report

['K.Hutten' via qubes-users]

Hi,

Please find my HCL report attached.



Regards,
Kurt Hutten

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/G9i8McXpxkdlw-XwQVIODPWT-MxqvAj5dCZSX4_YM-B01yPKIeINrz5iJgSVY5F07UrqYHU72JQDzlaDfiNV-U_SnXdmE3LoeHWopVzfcmA%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASRock-Z68_Extreme3_Gen3-20160923-053958.yml
Description: application/yaml

Re: [qubes-users] BTRFS?

[Chris Laprise]

On 09/22/2016 02:08 PM, se...@redhat.com wrote:

On Thursday, September 22, 2016 at 1:39:20 PM UTC-4, Chris Laprise wrote:

On 09/22/2016 01:05 PM, johnyju...@sigaint.org wrote:

Has the Qubes team ever considered the use of btrfs?


Qubes tools will even utilize btrfs reflinks where possible, so hardly
any extra space is used when you clone a template or other vm.

Chris

Now that's cool, how do you enable that? Just install Qubes with btrfs root vol?


Qubes uses a variation on the copy command that causes Linux to do it 
whenever possible. It's not a condition of installation or a setting or 
anything like that.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abe9a791-1a01-87cb-28b0-92b932caad46%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can TeamViewer or similar work with Qubes..?

[neilhardley]

OK, that's pretty useless, because I want someone to connect to my PV, not to a 
win7 HVM.

Are there any other options at all..? I guess I could let someone SSH into my 
VM..?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e58efa9-0465-4811-8e34-bf914db566ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can TeamViewer or similar work with Qubes..?

[yaqu]

On Thu, 22 Sep 2016 11:05:10 -0700 (PDT), neilhard...@gmail.com wrote:

> I am working on a project with someone.
> 
> And they want to remote into Qubes with TeamViewer.
> 
> Will this work at all... or is there any alternative software..?

TeamViewer installed in AppVM can be used only as a client - you can
connect to someone's desktop. It works, I use it very often.

If you want someone to connect to your desktop, try to install it in
HVM. You should be able to share VM's desktop (but not the whole
Qubes). I've tested it in Windows 7 HVM once and it worked.

-- 
yaqu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160922183837.AD9452037E5%40mail.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: i3

[sejug]

On Monday, September 19, 2016 at 4:31:38 PM UTC-4, Jon Solworth wrote:
> I'm using i3, and I like it so far better than
> kde or xfce, but its definitely not the window
> manager to start using qubes with.
> 
> I have some questions
> 
> 1. https://www.qubes-os.org/doc/i3/ is very helpful,
>but I'm a bit confused by the configuration instructions
>at the bottom.  It says to install a script qubes_autostart_xdg.sh
>but it doesn't say 
>  (a) in which domain
>  (b) in which directory
>  (c) what filename should be used
>(It would also be helpful to know what the script is needed for)
> 
> 2. What should I use to launch individual applications from the status
>bar (e.g., keypassx or firefox)?  I'll make key bindings for some,
>but I'll want others on the bar.  These are security sensitive,
>aren't they, since they run in dom0?
> 
> 3. Is there a recommended way of bringing up VMs?  I'm using qvm-start
>for the VM, and .config/autostart for applications I always want to
>started in the VM.  Any better suggestions?
> 
> 4. nm_applet seems to sometimes go away.  Any suggestions?
> 
> 5. I would be pleased to see other peoples config files.
> 
> thanks,
> Jon

Not sure where all the i3 users are...

1.   I'm not sure of the official answer needless to say, but there's a few 
ways in which it could be done. 
   a) presumably in dom0 as that's where i3 is
   b) depends how you want to run it, systemd unit or profile script?
   c) same as b

2. You use demenu to launch apps? It's typically bound to $mod+d by default.

3. By starting an application from dmenu, it will start the vm. Alternatively 
you can use the qubes manager to do it with clicking.

4. It went away on first few runs, but it seems to be fine now. Perhaps start a 
bug ticket if this is an issue you're having?

5. I can post up my config but it's very stock other than removing anything 
using the arrow keys. (vim keybindings are fine thanks)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c6c8a13-6c54-452f-b0a2-1eb54281b27b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?

[neilhardley]

Can I also ask

Is it true to say

"enp0s1" is the sys-net equivalent of "eth0"

and "wlp0s0" is the sys-net equivalent of "wlan0"

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec853dd6-b6fa-4d6d-8b8f-b06134cbb8b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: installing Signal on Qubes mini-HOWTO

[sejug]

On Thursday, September 22, 2016 at 3:57:01 AM UTC-4, dlme...@gmail.com wrote:
> On Monday, 15 August 2016 20:43:18 UTC+10, pixel fairy  wrote:
> > On Sunday, August 14, 2016 at 3:22:30 PM UTC-7, Alex wrote:
> > ...
> > > 1. Install the Chromium browser in your appvm template - skip if you were 
> > > already using it. Shut down the template VM.
> > 
> > I keep wondering how safe chromium browser is. do redhat or debian track 
> > updates in time with google-chrome?
> 
> 
> Chromium in the supported Fedora template for Qubes (FC23) contains High 
> severity security bugs:
> 
> FC23 = 52.0.2743.116-10.fc23.
> FC24 = 53.0.2785.113-1.fc24.
> 
> See: https://apps.fedoraproject.org/packages/chromium  (for builds)
> 
> Numerous security vulnerabilities, including High severity CVE's here:
> https://googlechromereleases.blogspot.com.au/2016/09/stable-channel-update-for-desktop_13.html
> 
> Newer RPMs available here, but haven't been tagged to either updates or 
> updates-testing for FC23:
> 
> http://koji.fedoraproject.org/koji/buildinfo?buildID=802754


So what you're saying is we should move to Fedora 24.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c467d08a-3b18-40fc-b507-46c25ce98c6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] BTRFS?

[sejug]

On Thursday, September 22, 2016 at 1:39:20 PM UTC-4, Chris Laprise wrote:
> On 09/22/2016 01:05 PM, johnyju...@sigaint.org wrote:
> > Has the Qubes team ever considered the use of btrfs?
> >
> 
> Qubes tools will even utilize btrfs reflinks where possible, so hardly 
> any extra space is used when you clone a template or other vm.
> 
> Chris

Now that's cool, how do you enable that? Just install Qubes with btrfs root vol?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8030aad2-e53f-43b5-8b7a-c0ff744e4686%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can TeamViewer or similar work with Qubes..?

[neilhardley]

I am working on a project with someone.

And they want to remote into Qubes with TeamViewer.

Will this work at all... or is there any alternative software..? Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ebd7725-5155-48b2-8539-9ae40f5e4986%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] BTRFS?

[Chris Laprise]

On 09/22/2016 01:05 PM, johnyju...@sigaint.org wrote:

Has the Qubes team ever considered the use of btrfs?



Qubes tools will even utilize btrfs reflinks where possible, so hardly 
any extra space is used when you clone a template or other vm.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5650a036-675e-a335-10d8-bab71a6c1d15%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?

[neilhardley]

I may need to change "sys-net" from the Fedora template VM, to the Debian 
template VM.

If I did this, would it break anything..? Or does it simply have to be Fedora..?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a2414f8-a548-419d-92bf-2a7c4bcdcc39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] BTRFS?

[johnyjukya]

Has the Qubes team ever considered the use of btrfs?

https://en.wikipedia.org/wiki/Btrfs

It's been the default root FS for Suse since 2012:

https://www.linux.com/news/suse-linux-says-btrfs-ready-rock

While reading about its features (and using it) it seems like it would be
especially well-suited as a base for Qubes, giving unlimited snapshots,
nested overlays/unions (seeds), rollbacks, subvolumes, sparse files, plus
easy adding/removing of disks, raid, space balancing, and greater
reliability (with the raid and checksum of metadata/data).  A win/win
situation.

It would make the template implementation a lot simpler, faster, and more
flexible.  Instead of .img files, you'd just have subvolumes (and use of
seeds/unions).  It seems like a more elegant, flexible, and extensible
solution.

Even doing things like multi-level templates would be possible (although
for root, I think package management would be problematic with more than
one level).

Cloning a given template or an appvm would be instant and require zero
disk space (due to the innate copy-on-write nature of btrfs) rather than
taking many minutes and doubling the disk usage.  The only space used by a
cloned template/vm would be what was eventually modified.  Booyeah.

If used as a rootfs, even without any further template integration, the
deduplication feature should automatically bring the same disk savings.

It also offers self-healing, online checking/shrinking/growth,
"deduplication" of blocks with the same content, ..., the list goes on.

The related btrfs support utility "Snapper" also seems like it would fit
in very nicely with Qubes:

https://wiki.archlinux.org/index.php/Snapper

Suse automatically creates a snapshot whenever packages are installed, so
it's easy to rollback any undesired changes.  Again, that would be a great
feature for templates.

You can even convert an ext4 system to btrfs, and keep both available,
since btrfs keeps the data blocks in a compatible way and puts it metadata
in other unused space.  It makes the existing ext4 metadata a separate
btrfs subvolume, you can later delete if you choose--very slick.  (Or
similarly, you can revert to ext4-only as easily.)

I'm starting to use BTRFS for all my non-root/non-user devices, and I'm
loving it.  The private.img/volatile.img structure seems primitive by
comparison.  :)

I realize the ext* code is probably considered more mature, stable, and
safe for dom0, but btrfs seems to have been put through its paces quite
well over the years (and I'm sure ext4 itself has been having a lot of
code changes over the years, possibly making it no more secure than
btrfs?)

(I haven't checked if the Qubes install allows it as an option for root. 
Even if it does allow its basic use, going further and leveraging the
seed/subvolume/snapshot for templates/appvms is the more exciting part to
me.)

I realize such a change would be non-trivial, but it does seem like a
natural way for Qubes to evolve.

Thoughts?

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a7878e26a6480acbc6add8e18a73c303.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Otto Kratik]

On Wednesday, September 21, 2016 at 9:03:30 PM UTC-4, Andrew David Wong wrote:
> Since your question is about the functional or behavior differences
> between TemplateVMs and HVMs, I take it that what you're really
> interested in is the practical difference between using TemplateVMs and
> StandaloneVMs as VMs which do not depend on any other VM for their root
> filesystems.
> 
> The only significant difference I'm aware of is that using a TemplateVM
> allows you to retain the option of creating TemplateBasedVMs based on
> this TemplateVM in the future, whereas a StandaloneVM does not. If you
> one day decide that you'd like to have a TemplateBasedVMs based on your
> StandaloneVM, you'll have to re-create it as a TemplateVM. There's no
> (easy) way to turn a StandaloneVM into a TemplateVM.


Your interpretation is correct, I am mainly interested in the practical 
differences between running either a TemplateVM or a StandaloneHVM as a 
self-contained VM that doesn't depend on another VM's root filesystem.

As in my example, if I want a self-contained, non-dependent Debian VM it's far 
easier to just clone a Debian TemplateVM and use it independently as such, and 
thus get the single mouse-pointer desired, as opposed to creating an HVM and 
installing Debian there, and getting dual mouse pointers instead. If the two 
solutions are functionally the same, the first is more optimal.

However one reason I ask is that I seem to have in fact noticed some behavioral 
differences I wouldn't have expected, based on the descriptions above. The 
example case is unfortunately too unique to be likely duplicable by others for 
testing, but here it is nonetheless.

I purchased a Linux game that needs no installation, you just download it from 
the vendor website, unpack the tar.gz archive and run it from shell. At first 
run it asks you to input the license code received at the time of purchase, 
which is easy to do. After that, all future launches don't ask you to input the 
code again, as it's already saved and stored by the game.

On normal standalone Linux systems (whether an HVM within Qubes or a truly 
separate bare-metal installation on another computer/drive) this works as 
expected. Enter the code once, game works smoothly forevermore.

But on a TemplateVM, the code works for that session, but doesn't seem to 
"stick" or get saved next time around, and it has to be entered again each time 
the game is launched. While I'd understand and perhaps expect this if running 
from a TemplateBasedAppVM, since maybe the location where the game records the 
registration is on the rootFS and isn't remembered next time, I'm perplexed to 
see it occurring on a TemplateVM, which shouldn't have this issue saving data 
to rootFS if necessary - which isn't of course even the logical place for game 
data to be stored, as it should use a local directory like Home I would think.

I've even made sure to run the game's launch command as sudo in case elevated 
permissions are needed to write the registration data permanently, but without 
any luck.

As I said, this specific game issue is outside the scope of Qubes or its dev 
team to attempt to solve, but it does illustrate at least one behavioral 
difference between the two VM types. On a StandaloneHVM, the game registration 
is saved successfully as expected. On a TemplateVM, the registration is 
forgotten each time. To make things even more confusing, the registration is 
forgotten each and every time even within the *same session* of the TemplateVM 
being run. Shutdown and restart isn't necessary to trigger the problem. Launch 
game, enter code, proceed with game. Exit game, launch it again, and code is 
requested again, even though TemplateVM is still running continuously without 
interruption or restart. Thus, anything saved during session should still be 
preserved, and yet isn't.

Again, not asking for a solution here, just describing the scenario that 
precipitated the issue. Could just be some odd quirk of the game itself. Who 
knows.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20acc1ae-ee6a-4cf1-9431-eb72e37dfe01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: rc.local iptables persistence on reboot

[Connor Page]

world writable script executed as root is the worst advice I've ever seen on 
this mailing list.
please don't do that!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7e78db5-7bcb-43f0-9464-518747a10d37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often

[Chris Laprise]

On 09/21/2016 06:24 AM, Robert Mittendorf wrote:

Am 09/20/2016 um 10:29 PM schrieb Chris Laprise:


This is a good candidate for filing an issue, but mainly for this 
situation -- "A warning if an upstream VM does not implement the 
firewall rules", which should include connecting to netvms.


IIRC, Qubes Manager used to grey-out the firewall tab for any vm that 
was connected to a netvm. That doesn't appear to be the case now in 
R3.2.


As for idea 'b', I'd disagree with that. Chained proxyvms are 
probably more common than you think.


Chris


Hey Chris,

sorry for my first answer directly to you - I expected a mailing list 
to set/replace the "answer to" field


I still use 3.1! firewall rules are disabled for NetVMs, but not 
dynamically for VMs that are not connected to a proxy VM.


I'm curious - do you have an example for a usefull local proxy(VM) chain?


Yes. For example you can connect a Whonix Tor gateway to a VPN tunnel 
(or vice-versa). Some people will even add a dedicated firewall to that 
chain.


Also, if you want to apply some firewall rules easily to many vms which 
are using your regular firewall vm, you can put another proxy vm 
upstream from the firewall then add the rules to the firewall.






Am 09/21/2016 um 12:07 PM schrieb Andrew David Wong

Normally, it wouldn't make sense to try to enforce
firewall rules for a FirewallVM. That's why the default
sys-firewall and sys-net work the way they do. However,
if you have a need for this, you're free to create your own
FirewallVMs and chain them together.
I agree - that is why my idea was to disable firewall rules for proxy 
VMs.

2) I can configure firewall rules for a AppVM, which will not be active if that 
VM is connected

Assuming you meant "unconnected," that's right.

Actually I meant connected to a NetVM and thereby the internet. Sorry.

And: What happens if a ProxyVM does not implement the firewall service, or if 
the firewall service crashes in the ProxyVM ?
I cannot find more information about the firewall mechanism than "centrally managed 
in Dom0 and exposed to each Proxy VM through Xen store" 
fromhttp://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html

Take a look at these pages:

https://www.qubes-os.org/doc/qubes-firewall/

https://www.qubes-os.org/doc/networking/
I looked at the firewall page. The networking pages seems to miss 
exactly the information I'm looking for in the "Firewall and Proxy 
VMs" section - like how the information from xen store is loaded 
within the proxyVM and what happens, if something failes (e.g. Is 
there a risk that proxying works, but firewall rules are ignored ?)


There's no reliable & safe way to verify the internal proxyvm state like 
this. Usually, proxyvms are assigned roles of trust, and trust pertains 
not only to it being free of malware... but also its ability to function 
correctly in general. Also, proxyvms such as sys-firewall are relatively 
simple so there is little that can break.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c0ee243-8701-3a54-8930-27e52f389e98%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: hosts file.

[jkitt]

On Thursday, 22 September 2016 02:57:39 UTC+1, Drew White  wrote:
> Hi Qubes devs,
> 
> Can you please point out how I can make the system STOP overwriting the HOSTS 
> FILE?
> 
> I have different domains targeted to 127.0.0.1
> then when I boot, you automatically overwrite anything that is...
> 127.0.0.1 mynewdomain.name
> 
> to
> 
> 127.0.0.1 thismachinehostname
> 
> This is really frustrating.
> I'm having to now alter the entire system config to target a hosts file on my 
> RW directory.
> 
> This is a STANDALONE guest, and thus shouldn't have anything like that 
> happening.

you can always set the immutable attribute with: chattr +i.

This will be a guest distro specific issue and not one with Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c81c07bc-d9fe-41f6-81d9-08891e35e070%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2 rc3 Install app crashing

[Philo Phineas Frederiksen]

On 2016-09-21 03:25, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-20 19:32, Philo Phineas Frederiksen wrote:

I'm trying to install into a preexisting encrypted btrfs partition.

One:  The installer won't create /boot on encrypted btrfs.  What's up with 
that?  My Manjaro /boot lives there, and works just fine.


I wonder if this is somehow related:

https://github.com/QubesOS/qubes-issues/issues/2294

Are any of the comments on that issue helpful to you?


Yes this seems to be related.

I should have noted that the crash happens during the install process 
itself.

Two:  I put /boot on a USB key.  Create /, /var, and /home subvolumes on the 
btrfs partition, plus the use the preexisting /boot/efi partition.  Plus I 
unlock the swap partition... there doesn't seem to be a way to tell the install 
app to use it... will it do so automatically?


No, you'd have to specify those partitions in the
installer. Normally, there should be a point in the
installation process at which you can do that, but it
sounds like the previous issue is preventing you from
reaching that point.


Then the installer crashes.

I saw something about 4.0 coming soon.  Should I just wait for that?


No, it's 3.2 that's coming out soon. 4.0 is on the
horizon, but probably not soon enough that you'd
want to wait.

- -- 
Andrew David Wong (Axon)

Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX4mANAAoJENtN07w5UDAwGdoQAJaC4CoVXcpAEnQ5JIAyxDeA
ql7/V6Gbyirt8Mk3ABkkUqjdXjGP4lTvuFYreZ1sZUzZ0xLcwAiNISfBqxL6oD9h
z/iUgY8c4qaSNFvXcRsliYhD0jGRgrAHWDPPfAGL4jYpaJxSuSdOgxTLu8bW4wJA
iqeHmX5naFji1o7czmU4whiueTnQxjCGnwtRWPIbuiMu01ABfzGHy8FPKg04A6uE
yxAb+He9FXVVpHaVC8xAuDd/+Pquls9SZztcEdtA24lb0sblDM2pSle3KfhGjOtb
BbhJMFABjJ5C2mzOE2MBIay/I0hLKMoBi+o0f8eNamFh5lFAiCUnpjLrpgHdwxd9
Z+ehmEp4rZt618PvmgHjIRvG7jFUT1kmhlyFCBDAIdLBU6r+TtkoAyEXi1IU0y1d
55RBw5f8rKEpA/dMiTFt1gZ/mwG1nOPsEQw4g+kvHawwDhjLTfqFzsPOHsJvr3/w
k8jp4R4vD9YBmTKepXe5pMFpyDdsaO7cw0nZ87uGvrtKhfG6+UldBtGvVuiXXKOe
zJQQ8Lp9gMS5fi19dZhn2VfgkS2o7Gp/VZ32k6qSozUsfc92ztgU3t/GVWnTGvGL
wiHhNQHtlJB92GF6VH2ko3kT7IRVKX9uUpq8wDHXVVue0gctV63jAtcn4M+vWWUY
GOAY0Y+vlfQy4CoetaV2
=TcVG
-END PGP SIGNATURE-



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67432e83-a61a-230e-850d-d2a2b556bf1c%40gmail.com.
For more options, visit https://groups.google.com/d/optout.