date:20161010

On Sunday, September 18, 2016 at 11:21:47 AM UTC-4, ludwig jaffe wrote:
> On Saturday, September 17, 2016 at 3:55:58 AM UTC-4, Pawel Debski wrote:
> > Folks,
> > 
> > I have Qubes 3.2 up, updated &
> > running like a charm. Now the Microsoft challenge. The doc @
> > https://www.qubes-os.org/doc/windows-appvms/ instructs to use
> > Windows 7. Do you suggest to stick with version 7 or go ahead to
> > 10 / 8?
> > 
> >   
> > 
> > -- 
> > 
> >   
> > 
> > Z powazaniem / Best Regards
> > 
> > Mit freundlichen Gruessen / Meilleures salutations
> > 
> > Pawel Debski
> 
> Hi I run windows10 w/o windows tools and I replace cut and paste with an 
> editor to generate a file and then I ssh to the other machines.
> Also files I can tar.gz and ssh.
> 
> Here it is good to install cygwin on the windows10, and 
> also you want to install classic shell and remove cortana, the spy.
> I did this and it works

how did you remove cortana?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0fbad61d-885a-4c5b-a43a-8f45d67d2a57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: error in Nautilus when detach second drive

On Friday, September 30, 2016 at 3:43:30 AM UTC-4, peter tseng wrote:
> I'm using R3.2. For an fedora-23 appvm, I attach second hard drive and then 
> detach it on VM manager. Suppose it should be not available in Nautilus. 
> But it is still there so I try to open a file or directory but it hangs. 
> After that I can't shutdown the vm. Finally I have to restart whole system.
> 
> Is it a bug? because it got me wrong when I forgot to attach it again.

I have noticed this a couple times happen to me too when attaching more then 
one drive to a vm.  one gets stuck.  not sure if I'm forgetting to unmount and 
detach something in proper order or if its a bug. but I'll post if it happens 
again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8972f5d1-e12c-48e8-af69-ecada08149f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Display problems with VT-D enabled [ T410 (2537P81) ]

On Tuesday, September 13, 2016 at 8:56:23 PM UTC-4, Boris Kourtoukov wrote:
> On Sunday, November 8, 2015 at 4:13:30 PM UTC-5, Marek Marczykowski-Górecki 
> wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Sun, Nov 08, 2015 at 12:57:14PM -0800, Boris Kourtoukov wrote:
> > > Does this just mean that the VT-d implementation is broken on this 
> > > hardware 
> > > and I should grab something else?
> > 
> > This is one possibility (slightly more likely). The other one is buggy 
> > driver.
> > 
> > 
> > > Thanks 
> > > 
> > > On Wednesday, October 28, 2015 at 10:54:03 PM UTC-4, Boris Kourtoukov 
> > > wrote:
> > > >
> > > > This issue was described but not followed up on from this topic: 
> > > > https://groups.google.com/d/topic/qubes-users/WsHQ_GqXdT4/discussion
> > > >
> > > > If VT-d is enabled in the BIOS the display:
> > > >
> > > >Works fine when viewing the boot options for Qubes (start 
> > > > Qubes/start 
> > > > in Advanced mode, etc.) 
> > > >Shows a bunch of jumbled graphics artifacts on the HD encryption 
> > > > view.
> > > >Completely fails after that.
> > > >
> > > > If VT-d is disabled:
> > > >
> > > >All visuals behave correctly. 
> > > >
> > > > Please note that the HCL currently states that VT-d works correctly on 
> > > > both of the T410's listed there. (Which it may be, just this display 
> > > > issue)
> > > >
> > > > Hardware details:
> > > >
> > > > Lenovo Thinkpad T410 (2537P81)
> > > > BIOS: 6IET85WW (1.45)
> > > >
> > > > Qubes: 3.0
> > > > XEN: 4.4.2
> > > > Kernel: 3.19.8-100
> > > >
> > > > VGA: Intel ... (rev 02) (prog-if 00 [VGA controller])
> > > >
> > > > HVM: Active
> > > > I/O MMU: Not Active (while disabled)
> > > > TPM: Device Present
> > > >
> > > > Any help would be greatly appreciated! 
> > > >
> > > 
> > 
> > 
> > - -- 
> > Best Regards,
> > Marek Marczykowski-Górecki
> > Invisible Things Lab
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1
> > 
> > iQEcBAEBCAAGBQJWP7r0AAoJENuP0xzK19csMvoH/1GQvMvk1rJgnzjpWPpWI58p
> > LRCHydMt1EsMWUzeyDV4xY0YoOOamu76Xbh8EPUxBh5sulQ2MUrO17rN0F0tCGzj
> > AJKql/eOsv05JITcTgrOIDVuhGpV3HIV1NWQoOuW7LPeZ+FpM47phP9Hz1zxaPHH
> > oGV0b61v/yK7E+VrKGtYdW/eHdDhr1W7v24bXic0h4SKNrc/an31VOZc9qQfREov
> > CRrjBSYBJLdDAU10gfuThQdHabIDPGhEfR+CEi61SBC6F23msEeup/Q9oNcsVCeN
> > x9boU2X6Wc2nmZIjSOrWzC+kChrFQLJFagjilA1ZiyIhAgmiUhpzSBWJYXtQybw=
> > =5aVw
> > -END PGP SIGNATURE-
> 
> Bumping it for search results on T410, the following Qubes wiki entry fixes 
> this issue for me: https://www.qubes-os.org/doc/thinkpad_x201/
> 
> Thanks to this thread: 
> https://groups.google.com/d/msg/qubes-users/7Q7C81AI3Aw/A7zzU2ajAwAJ
> 
> A year later I have VT-d! :)

hahah sweet!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/162d1f55-8992-4bb8-84d8-092732649522%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: rc.local iptables persistence on reboot

On Thursday, September 22, 2016 at 7:46:45 AM UTC-4, Connor Page wrote:
> world writable script executed as root is the worst advice I've ever seen on 
> this mailing list.
> please don't do that!

I don't even think that'd make it executable, but writeable lol.  just do chmod 
a+x

why not filter outbound instead of inbound?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2829807-918a-4526-9533-c44ef6f42e9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

On Monday, October 10, 2016 at 4:58:29 PM UTC-4, Unman wrote:
> On Mon, Oct 10, 2016 at 01:25:47PM -0700, t.k.t.k.t.k.t.k.1.1@gmail.com 
> wrote:
> > Thank you so much, this fixed it, now everything works perfectly fine, 
> > although I get an error "command recordfail not found
> >  command gfxmode not found
> >  press any key to continue"
> > when booting into Mint. The grub.cfg file contained these commands and I 
> > copied them. The error seems to have no influence, when I hit a key, it 
> > boots normally, so I think I can ignore this?
> > 
> > And are the changes I made persistent if I update-grub? (I'm not planning 
> > to do that but if I do in a year or so I probably won't remember if it is 
> > not persistent)
> > 
> Neither of these are needed, and you can delete those entries, as you
> thought.
> 
> If you have made the change in grub.cfg then it wont be persistent.
> You need to put the same entry in to /etc/grub.d/40_custom, and then it
> will be picked up on a future grub update.

ok well then if he copied the menuentry or pasted from the mint boot 
partition's grub.cfg then its just opposite.  might want to update it if mint 
updates its kernel.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a66ce5b-2fee-4020-8589-78d16475a71a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

on my other machine though i have no problems having just one controller i use 
for mouse and keyboard on dom0,  and other controller for everything else in 
sys-usb.

because i mean,  well one prob i've run into is what happens if sys-usb messes 
up and you have no keyboard lol.  I believe this is mostly a desktop pc 
problem, not a laptop. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c45fe197-3b86-4c6d-b1d7-0e887c295d47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HVM linux creating problem

On Saturday, October 8, 2016 at 10:23:54 AM UTC-4, Maciej Sikora wrote:
> hello, i'm just starting with qubes and wanted to have vm with intellij 
> installed.
> 
> i've choosen hvm to have my working apps only on one vm than via template.
> so i run these command:
> 
> qvm-start test --cdrom=work-net:/home/Downloads/mint.iso
> 
> and got these errors:
> 
> --> Loading the VM (type = HVM)...
> Traceback (most recent call last):
>   File "/usr/bin/qvm-start", line 136, in 
> main()
>   File "/usr/bin/qvm-start", line 120, in main
> xid = vm.start(verbose=options.verbose, 
> preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
> notify_function=tray_notify_generic if options.tray else None)
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 
> 335, in start
> return super(QubesHVm, self).start(*args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 
> 1942, in start
> self._update_libvirt_domain()
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 
> 755, in _update_libvirt_domain
> raise e
> libvirt.libvirtError: XML error: Invalid PCI address :00:00, at least one 
> of domain, bus, or slot must be > 0

you could always clone a template to have another one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56124900-ba99-4264-99a2-e1056280b625%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HVM linux creating problem

2016-10-10 Thread Jeremy Rand

m.j.p@gmail.com:
> hello, i'm just starting with qubes and wanted to have vm with intellij 
> installed.
> 
> i've choosen hvm to have my working apps only on one vm than via template.

Why are you using an HVM for that rather than a PV StandaloneVM?  Am I
missing something?

Cheers,
-Jeremy


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92badd62-a612-c8e7-1584-5190e4b4e14d%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 10:23:20 PM UTC-4, David Shleifman wrote:
> > go with B1 man.  Like I said you can  get a ps2 adapter for your usb 
> > keyboard and then can have all controllers in the sys-usb if you
> > want. But I don't think there is anything to be worried about having your 
> > keyboard in dom0.  Unless you got a real sketchy kb. (anything > is 
> > possible)
> 
> > As for how to hide all usb controllers except the rear OHCI0, you can't 
> > unless its on a separate controller.  Otherwise just add every
> > other controller to sys-usb except the OHCI0 one.  Again to make sure you 
> > are correctly identifying your controller
> > https://www.qubes-os.org/doc/assigning-devices/   You test with a device 
> > plugged in the port to identify the controller.
> 
> > You can also just go into a vm settings and click on devices to get a list. 
> >  look for what says usb, to see how many controllers
> > you actually have. 
> 
> 
> 
> 
> > Like I said you can  get a ps2 adapter for your usb keyboard and then can 
> > have all controllers in the sys-usb if you want.
> 
> I tried to plug the USB keyboard into a USB-to-PS2 adapter which is plugged 
> into PS2 jack.The keyboard doesn't work this way, probably because it 
> doesn't support I2C protocol.
> 
> 
> 
> 
> > But I don't think there is anything to be worried about having your 
> > keyboard in dom0.  Unless you got a real sketchy kb. (anything is possible)
> 
> I am not worried about having the keyboard (and mouse) in dom0, as they are 
> persistently attached to 2 USB jacks at the rear panel. 
> 
> 
> 
> > As for how to hide all usb controllers except the rear OHCI0, you can't 
> > unless its on a separate controller.
> 
> dom0$ lspci | grep USB
> returns 6 USB controllers:
> Bus:Device.Function
> 00:12.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> 00:12.1 ... SB7x0 USB OHCI1 Controller
> 00:12.2 ... SB7x0/SB8x0/SB9x0 USB EHCI Controller
> 00:13.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> 00:13.1 ... SB7x0 USB OHCI1 Controller
> 00:13.2 ... SB7x0/SB8x0/SB9x0 USB EHCI Controller
> 
> Are they 6 separate controllers?
> 
> How do I hide all controllers except the "00:12.0 ... SB7x0/SB8x0/SB9x0 USB 
> OHCI0 Controller"?
> 
> 
> 
> > Otherwise just add every other controller to sys-usb except the OHCI0 one.
> 
> Yes, that is exactly what I did.
> 
> 
> 
> 
> >  Again to make sure you are correctly identifying your controller 
> > https://www.qubes-os.org/doc/assigning-devices/   You test with a device 
> > plugged in the port to identify the controller.
> 
> Yes, I followed this manual.
> 
> 
> 
> 
> > > I went forward with the plan "B":
> 
> > > B-1) Stay with a single sys-usb qube and remove rear.OHCI0 controller 
> > > from sys-usb (using Qubes VM Manager).  I assume that the controller will 
> > > be returned back to dom0.  Is it correct?
> > > B-2) Remove "sys-usb dom0 ask,user=root" from 
> > > /etc/qubes-rpc/policy/qubes.InputKeyboard.
> > > B-3) Remove "sys-usb dom0 ask,user=root" from 
> > > /etc/qubes-rpc/policy/qubes.InputMouse.
> > > B-4) Remove rd.qubes.hide_all_usb from /etc/default/grub and run 
> > > grub2-mkconfig -o /boot/grub2/grub.cfg in dom. 
> > > With this plan in place, I am able to log in using the USB keyboard. 
> 
> > dont' do B2 you need keyboard,
> The policy was installed by the SALT management to allow dom0 to use 
> rear.OHCI0 controller attached to the sys-usb VM.  Given that
> rear.OHCI0 controller is no longer attached to the sys-usb VM (see B-1), this 
> policy is no longer necessary.
> 
> 
> 
> > not sure why you want B-3
> Same reason.  The policy was installed by the SALT management to allow dom0 
> to use rear.OHCI0 controller attached to
> the sys-usb VM.   Given that rear.OHCI0 controller is no longer attached to 
> the sys-usb VM (see B-1), this policy is
> no longer necessary. 
> 
> Note that the rear.OHCI0 controller handles both, the keyboard and the mouse.
> 
> 
> 
> 
> > With b4 that means the usb ports aint hidden from dom0 during boot like 
> > luks 
> 
> > passphrase I think that would be security risk unless you constantly
> > unplugging every usb device except your keyboard when you reboot.
> The additional USB devices plugged persistently to this system:
> o Web cam 
> 
> o CD-RW drive (powered down)
> o DVD-RW drive (powered down)
> Is there a risk to leave Web cam plugged in?

dunno,  never had a keyboard not work with a ps2 adapter.

wow! i guess you do haev 6 usb controllers.  to hide them just add them all to 
sys-usb except for 12.0what pc/mobo do you have out of curiosity?

I dunno what all that salt stuff means i'm a total noob.  But I do know if you 
want to use a usb keyboard,  you gonna have problems.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 9:46:04 PM UTC-4, raah...@gmail.com wrote:
> On Monday, October 10, 2016 at 9:21:30 PM UTC-4, David Shleifman wrote:
> > - Original Message -
> > From: "raahe...@gmail.com" 
> > To: qubes-users 
> > Cc: dimi...@yahoo.com; raahe...@gmail.com
> > Sent: Monday, October 10, 2016 4:09 PM
> > Subject: Re: How  to manage multiple USB controllers
> > 
> > 
> > 
> > > I don't think you really have 6 controllers do you?
> > dom0$ lspci | grep USB
> > returns 6 PCI devices:
> > Bus:Device.Function
> > 
> > 00:12.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> > 
> > 00:12.1 ... SB7x0 USB OHCI1 Controller
> > 
> > 00:12.2 ... SB7x0/SB8x0/SB9x0 USB EHCI  Controller
> > 00:13.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> > 00:13.1 ... SB7x0 USB OHCI1 Controller
> > 
> > 00:13.2 ... SB7x0/SB8x0/SB9x0 USB EHCI   Controller
> > 
> > 
> > Is it 6 controllers?
> > 
> > 
> > 
> > 
> > > On mine I have only two echi's.
> > > one is for the two low speed ports, next to the ps2 port which i use for 
> > > mouse and keyboard, and is assigned to dom0.  The other 
> > 
> > > controller is for everything else I have in sys-usb.
> > 
> > Thanks for sharing your USB topology and controller assignment.   Have you 
> > been able to hide the USB controllers from dom0 as described in 
> > https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube?  So that 
> > lspci returns an epmty string.
> > 
> > 
> > 
> > 
> > > On another machine with xhvi (usb3.0)  everything gets routed through 
> > > that one controller.  the two ehvi controllers get routed through
> > > the usb 3.0 making a single controller not 3.  
> > 
> > 
> > How did you determine that the 2 EHCI(s) are routed through XHCI?  What 
> > does 
> > 
> > dom0$ lspci | grep USB
> > return?  Does it show 3 controllers or one?
> > 
> > 
> > 
> > > so its either use the two controllers the same way I have on this box 
> > > with xhvi disabled,  
> > 
> > > or enable it then only having a single controller if wanting 3.0 speeds 
> > > (using the qubes input proxy). 
> > 
> > In the later case, XHCI is attached to sys-usb, and 
> > https://www.qubes-os.org/doc/usb/#attaching-a-single-usb-device-to-a-qube-usb-passthrough
> >  is employed to pass it to dom0. Is my understanding correct?   Are you 
> > able to log in (after the boot) using the USB keyboard?
> 
> again,I use a ps2 keyboard.  i have a little green inch long 99cent - 5 
> dollar adapter attached to the usb keyboard and in back of pc.  on the newer 
> computers the ps2 even hot plug n play whatever like a usb.  it will 
> re-initialize when re plugging it just like a usb  as well in case you 
> worried about something like that too.   Its best practice imo for qubes.  
> ps2 keyboard don't use a usb one.

although i'm sure this is some security risk in some way haha, but they all do 
it now.  hey it might wake your pc from bad suspend though, unless disabled in 
bios.  might just re-initialize if not working though when re-plugging.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cdd09f69-3caa-4ffc-a3e9-cb71d65683d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 9:21:30 PM UTC-4, David Shleifman wrote:
> - Original Message -
> From: "raahe...@gmail.com" 
> To: qubes-users 
> Cc: dimi...@yahoo.com; raahe...@gmail.com
> Sent: Monday, October 10, 2016 4:09 PM
> Subject: Re: How  to manage multiple USB controllers
> 
> 
> 
> > I don't think you really have 6 controllers do you?
> dom0$ lspci | grep USB
> returns 6 PCI devices:
> Bus:Device.Function
> 
> 00:12.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> 
> 00:12.1 ... SB7x0 USB OHCI1 Controller
> 
> 00:12.2 ... SB7x0/SB8x0/SB9x0 USB EHCI  Controller
> 00:13.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> 00:13.1 ... SB7x0 USB OHCI1 Controller
> 
> 00:13.2 ... SB7x0/SB8x0/SB9x0 USB EHCI   Controller
> 
> 
> Is it 6 controllers?
> 
> 
> 
> 
> > On mine I have only two echi's.
> > one is for the two low speed ports, next to the ps2 port which i use for 
> > mouse and keyboard, and is assigned to dom0.  The other 
> 
> > controller is for everything else I have in sys-usb.
> 
> Thanks for sharing your USB topology and controller assignment.   Have you 
> been able to hide the USB controllers from dom0 as described in 
> https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube?  So that 
> lspci returns an epmty string.
> 
> 
> 
> 
> > On another machine with xhvi (usb3.0)  everything gets routed through that 
> > one controller.  the two ehvi controllers get routed through
> > the usb 3.0 making a single controller not 3.  
> 
> 
> How did you determine that the 2 EHCI(s) are routed through XHCI?  What does 
> 
> dom0$ lspci | grep USB
> return?  Does it show 3 controllers or one?
> 
> 
> 
> > so its either use the two controllers the same way I have on this box with 
> > xhvi disabled,  
> 
> > or enable it then only having a single controller if wanting 3.0 speeds 
> > (using the qubes input proxy). 
> 
> In the later case, XHCI is attached to sys-usb, and 
> https://www.qubes-os.org/doc/usb/#attaching-a-single-usb-device-to-a-qube-usb-passthrough
>  is employed to pass it to dom0. Is my understanding correct?   Are you able 
> to log in (after the boot) using the USB keyboard?

I determined its only two by plugging in a usb stick in all of them and seeing 
which controller its attached to,  by following those directions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f68319f3-c9b6-406f-97f9-ec488e7b1cfc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 9:46:04 PM UTC-4, raah...@gmail.com wrote:
> On Monday, October 10, 2016 at 9:21:30 PM UTC-4, David Shleifman wrote:
> > - Original Message -
> > From: "raahe...@gmail.com" 
> > To: qubes-users 
> > Cc: dimi...@yahoo.com; raahe...@gmail.com
> > Sent: Monday, October 10, 2016 4:09 PM
> > Subject: Re: How  to manage multiple USB controllers
> > 
> > 
> > 
> > > I don't think you really have 6 controllers do you?
> > dom0$ lspci | grep USB
> > returns 6 PCI devices:
> > Bus:Device.Function
> > 
> > 00:12.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> > 
> > 00:12.1 ... SB7x0 USB OHCI1 Controller
> > 
> > 00:12.2 ... SB7x0/SB8x0/SB9x0 USB EHCI  Controller
> > 00:13.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
> > 00:13.1 ... SB7x0 USB OHCI1 Controller
> > 
> > 00:13.2 ... SB7x0/SB8x0/SB9x0 USB EHCI   Controller
> > 
> > 
> > Is it 6 controllers?
> > 
> > 
> > 
> > 
> > > On mine I have only two echi's.
> > > one is for the two low speed ports, next to the ps2 port which i use for 
> > > mouse and keyboard, and is assigned to dom0.  The other 
> > 
> > > controller is for everything else I have in sys-usb.
> > 
> > Thanks for sharing your USB topology and controller assignment.   Have you 
> > been able to hide the USB controllers from dom0 as described in 
> > https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube?  So that 
> > lspci returns an epmty string.
> > 
> > 
> > 
> > 
> > > On another machine with xhvi (usb3.0)  everything gets routed through 
> > > that one controller.  the two ehvi controllers get routed through
> > > the usb 3.0 making a single controller not 3.  
> > 
> > 
> > How did you determine that the 2 EHCI(s) are routed through XHCI?  What 
> > does 
> > 
> > dom0$ lspci | grep USB
> > return?  Does it show 3 controllers or one?
> > 
> > 
> > 
> > > so its either use the two controllers the same way I have on this box 
> > > with xhvi disabled,  
> > 
> > > or enable it then only having a single controller if wanting 3.0 speeds 
> > > (using the qubes input proxy). 
> > 
> > In the later case, XHCI is attached to sys-usb, and 
> > https://www.qubes-os.org/doc/usb/#attaching-a-single-usb-device-to-a-qube-usb-passthrough
> >  is employed to pass it to dom0. Is my understanding correct?   Are you 
> > able to log in (after the boot) using the USB keyboard?
> 
> again,I use a ps2 keyboard.  i have a little green inch long 99cent - 5 
> dollar adapter attached to the usb keyboard and in back of pc.  on the newer 
> computers the ps2 even hot plug n play whatever like a usb.  it will 
> re-initialize when re plugging it just like a usb  as well in case you 
> worried about something like that too.   Its best practice imo for qubes.  
> ps2 keyboard don't use a usb one.

yes more people should share their whole environment.  Why be scared?  I 
basically want qubes to be more popular.   best way to learn is still word of 
mouth.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5253d02a-72e6-4903-8030-7388d8a7ffc2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Problems with USB Pass through / iGPU drivers

2016-10-10 Thread jidar


On 10/05/2016 10:10 PM, Jeremy Rand wrote:

You can setup a USB VM that's not a NetVM.  Create a new AppVM and
assign the USB controller to it in the Devices tab.  You might also have
to do the pci_strictreset thingy that the documentation mentions.

Cheers,
-Jeremy

I've been trying to do this but for some reason it seems my USB keyboard 
gets attached to sys-usb and never get's passed through to 
"qubes.InputKeyboard" which means I get locked out as soon as sys-usb 
powers up. I'm currently trying to read the instructions and github page 
to determine how / why this happens.


Thanks,
--jidar

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a45a29ce-1954-1364-9c58-1906b2232f0d%40faptastic.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Documentation Update?

2016-10-10 Thread jidar


https://www.qubes-os.org/doc/usb/ states:

	(Note: Beginning with R3.2, rd.qubes.hide_all_usb is set automatically 
if you opt to create a USB qube during installation.)


This also happens if you elect to follow the instructions titled, 
"Creating and Using a USB Qube" by running the commands, "qubesctl 
top.enable qvm.sys-usb" and "qubesctl state.highstate"


It might not hurt to point that out somehow.

--jidar

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ntheq0%242bg%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

2016-10-10 Thread 'David Shleifman' via qubes-users





- Original Message -
From: "raahe...@gmail.com" 
To: qubes-users 
Cc: dimi...@yahoo.com; raahe...@gmail.com
Sent: Monday, October 10, 2016 4:09 PM
Subject: Re: How  to manage multiple USB controllers



> I don't think you really have 6 controllers do you?
dom0$ lspci | grep USB
returns 6 PCI devices:
Bus:Device.Function

00:12.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller

00:12.1 ... SB7x0 USB OHCI1 Controller

00:12.2 ... SB7x0/SB8x0/SB9x0 USB EHCI  Controller
00:13.0 ... SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.1 ... SB7x0 USB OHCI1 Controller

00:13.2 ... SB7x0/SB8x0/SB9x0 USB EHCI   Controller


Is it 6 controllers?




> On mine I have only two echi's.
> one is for the two low speed ports, next to the ps2 port which i use for 
> mouse and keyboard, and is assigned to dom0.  The other 

> controller is for everything else I have in sys-usb.

Thanks for sharing your USB topology and controller assignment.   Have you been 
able to hide the USB controllers from dom0 as described in 
https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube?  So that lspci 
returns an epmty string.




> On another machine with xhvi (usb3.0)  everything gets routed through that 
> one controller.  the two ehvi controllers get routed through
> the usb 3.0 making a single controller not 3.  


How did you determine that the 2 EHCI(s) are routed through XHCI?  What does 

dom0$ lspci | grep USB
return?  Does it show 3 controllers or one?



> so its either use the two controllers the same way I have on this box with 
> xhvi disabled,  

> or enable it then only having a single controller if wanting 3.0 speeds 
> (using the qubes input proxy). 

In the later case, XHCI is attached to sys-usb, and 
https://www.qubes-os.org/doc/usb/#attaching-a-single-usb-device-to-a-qube-usb-passthrough
 is employed to pass it to dom0. Is my understanding correct?   Are you able to 
log in (after the boot) using the USB keyboard? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/376712193.2679434.147614725%40mail.yahoo.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 9:05:14 PM UTC-4, raah...@gmail.com wrote:
> On Monday, October 10, 2016 at 8:34:19 PM UTC-4, David Shleifman wrote:
> > On Oct. 10, 2016 at 9:27 AM, Unman  wrote
> > 
> > > I wouldn't assign back to dom0.
> > > There's no reason why you shouldn't adopt some variation on A, and have
> > > different qubes handling different controllers. Of course, you'd have to
> > > make sure that you follow a consistent pattern with use of sockets.
> > > You could enforce this with configuration in the policy file, and by
> > > some udev rules to block anything except storage devices in the relevant
> > > ports.
> > 
> > > unman
> > 
> > -
> > 
> > 
> > 
> > Before trying either "A" or "B" direction, I've stumbled upon the following 
> > difficulty:- after booting, Xfce popes up a dialog box which invites user 
> > to log in.  At this time, sys-usb hasn't started yet.  That is why, the USB 
> > keyboard is not operational.  In essence, it is a chicken and egg problem: 
> > in order to enter a password, the sys-usb VM shall be started; in order to 
> > start the sys-usb VM, a valid password shall be entered.  
> > 
> > 
> > 
> > Unman> There's no reason why you shouldn't adopt some variation on AI was 
> > leaning to adopt some variation of the plan "A".  Unfortunately, the 
> > experience (see previous paragraph) demonstrates that it is not possible :(
> > 
> > 
> > 
> > I went forward with the plan "B":
> > B-1) Stay with a single sys-usb qube and remove rear.OHCI0 controller from 
> > sys-usb (using Qubes VM Manager).  I assume that the controller will be 
> > returned back to dom0.  Is it correct?B-2) Remove "sys-usb dom0 
> > ask,user=root" from /etc/qubes-rpc/policy/qubes.InputKeyboard.
> > B-3) Remove "sys-usb dom0 ask,user=root" from 
> > /etc/qubes-rpc/policy/qubes.InputMouse.
> > 
> > B-4) Remove rd.qubes.hide_all_usb from /etc/default/grub and run
> > grub2-mkconfig -o /boot/grub2/grub.cfg in dom.  
> > 
> >  
> > With this plan in place, I am able to log in using the USB keyboard.  
> > 
> > 
> > 
> > Further enhancements
> > 
> > * In the step B-4, it would be nice to hide all USB controllers from dom0 
> > except rear.OHCI0.  How to achieve this?
> > 
> > Unman> Of course, you'd have to make sure that you follow a consistent 
> > pattern with use of sockets.  You could enforce this with configuration in 
> > the policy file, and by some udev rules to block anything except storage 
> > devices in the relevant ports. 
> > * How to achieve this?  Is there some manual?  Do you mind to share an 
> > example?
> > 
> > 
> > * Correct the policy in 
> > https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard manual.  It 
> > should be:
> > 
> > sys-usb dom0 ask,user=root
> 
> go with B1 man.  Like I said you can  get a ps2 adapter for your usb keyboard 
> and then can have all controllers in the sys-usb if you want. But I don't 
> think there is anything to be worried about having your keyboard in dom0.  
> Unless you got a real sketchy kb. (anything is possible)
> 
> As for how to hide all usb controllers except the rear OHCI0, you can't 
> unless its on a separate controller.  Otherwise just add every other 
> controller to sys-usb except the OHCI0 one.  Again to make sure you are 
> correctly identifying your controller 
> https://www.qubes-os.org/doc/assigning-devices/   You test with a device 
> plugged in the port to identify the controller.
> 
> You can also just go into a vm settings and click on devices to get a list.  
> look for what says usb, to see how many controllers you actually have.

dont' do B2 you need keyboard,  not sure why you want b3,   with b4 that means 
the usb ports aint hidden from dom0 during boot like luks passphrase I think 
that would be security risk unless you constantly unplugging every usb device 
except your keyboard when you reboot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc43686e-4e42-45cf-943a-2022355cf5f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 8:34:19 PM UTC-4, David Shleifman wrote:
> On Oct. 10, 2016 at 9:27 AM, Unman  wrote
> 
> > I wouldn't assign back to dom0.
> > There's no reason why you shouldn't adopt some variation on A, and have
> > different qubes handling different controllers. Of course, you'd have to
> > make sure that you follow a consistent pattern with use of sockets.
> > You could enforce this with configuration in the policy file, and by
> > some udev rules to block anything except storage devices in the relevant
> > ports.
> 
> > unman
> 
> -
> 
> 
> 
> Before trying either "A" or "B" direction, I've stumbled upon the following 
> difficulty:- after booting, Xfce popes up a dialog box which invites user to 
> log in.  At this time, sys-usb hasn't started yet.  That is why, the USB 
> keyboard is not operational.  In essence, it is a chicken and egg problem: in 
> order to enter a password, the sys-usb VM shall be started; in order to start 
> the sys-usb VM, a valid password shall be entered.  
> 
> 
> 
> Unman> There's no reason why you shouldn't adopt some variation on AI was 
> leaning to adopt some variation of the plan "A".  Unfortunately, the 
> experience (see previous paragraph) demonstrates that it is not possible :(
> 
> 
> 
> I went forward with the plan "B":
> B-1) Stay with a single sys-usb qube and remove rear.OHCI0 controller from 
> sys-usb (using Qubes VM Manager).  I assume that the controller will be 
> returned back to dom0.  Is it correct?B-2) Remove "sys-usb dom0 
> ask,user=root" from /etc/qubes-rpc/policy/qubes.InputKeyboard.
> B-3) Remove "sys-usb dom0 ask,user=root" from 
> /etc/qubes-rpc/policy/qubes.InputMouse.
> 
> B-4) Remove rd.qubes.hide_all_usb from /etc/default/grub and run
> grub2-mkconfig -o /boot/grub2/grub.cfg in dom.  
> 
>  
> With this plan in place, I am able to log in using the USB keyboard.  
> 
> 
> 
> Further enhancements
> 
> * In the step B-4, it would be nice to hide all USB controllers from dom0 
> except rear.OHCI0.  How to achieve this?
> 
> Unman> Of course, you'd have to make sure that you follow a consistent 
> pattern with use of sockets.  You could enforce this with configuration in 
> the policy file, and by some udev rules to block anything except storage 
> devices in the relevant ports. 
> * How to achieve this?  Is there some manual?  Do you mind to share an 
> example?
> 
> 
> * Correct the policy in 
> https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard manual.  It 
> should be:
> 
> sys-usb dom0 ask,user=root

go with B1 man.  Like I said you can  get a ps2 adapter for your usb keyboard 
and then can have all controllers in the sys-usb if you want. But I don't think 
there is anything to be worried about having your keyboard in dom0.  Unless you 
got a real sketchy kb. (anything is possible)

As for how to hide all usb controllers except the rear OHCI0, you can't unless 
its on a separate controller.  Otherwise just add every other controller to 
sys-usb except the OHCI0 one.  Again to make sure you are correctly identifying 
your controller https://www.qubes-os.org/doc/assigning-devices/   You test with 
a device plugged in the port to identify the controller.

You can also just go into a vm settings and click on devices to get a list.  
look for what says usb, to see how many controllers you actually have.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8edf0d77-78b2-4be7-b365-e8c88df19cd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to manage multiple USB controllers

2016-10-10 Thread 'David Shleifman' via qubes-users

On Oct. 10, 2016 at 9:27 AM, Unman  wrote

> I wouldn't assign back to dom0.
> There's no reason why you shouldn't adopt some variation on A, and have
> different qubes handling different controllers. Of course, you'd have to
> make sure that you follow a consistent pattern with use of sockets.
> You could enforce this with configuration in the policy file, and by
> some udev rules to block anything except storage devices in the relevant
> ports.

> unman

-



Before trying either "A" or "B" direction, I've stumbled upon the following 
difficulty:- after booting, Xfce popes up a dialog box which invites user to 
log in.  At this time, sys-usb hasn't started yet.  That is why, the USB 
keyboard is not operational.  In essence, it is a chicken and egg problem: in 
order to enter a password, the sys-usb VM shall be started; in order to start 
the sys-usb VM, a valid password shall be entered.  



Unman> There's no reason why you shouldn't adopt some variation on AI was 
leaning to adopt some variation of the plan "A".  Unfortunately, the experience 
(see previous paragraph) demonstrates that it is not possible :(



I went forward with the plan "B":
B-1) Stay with a single sys-usb qube and remove rear.OHCI0 controller from 
sys-usb (using Qubes VM Manager).  I assume that the controller will be 
returned back to dom0.  Is it correct?B-2) Remove "sys-usb dom0 ask,user=root" 
from /etc/qubes-rpc/policy/qubes.InputKeyboard.
B-3) Remove "sys-usb dom0 ask,user=root" from 
/etc/qubes-rpc/policy/qubes.InputMouse.

B-4) Remove rd.qubes.hide_all_usb from /etc/default/grub and run
grub2-mkconfig -o /boot/grub2/grub.cfg in dom.  

 
With this plan in place, I am able to log in using the USB keyboard.  



Further enhancements

* In the step B-4, it would be nice to hide all USB controllers from dom0 
except rear.OHCI0.  How to achieve this?

Unman> Of course, you'd have to make sure that you follow a consistent pattern 
with use of sockets.  You could enforce this with configuration in the policy 
file, and by some udev rules to block anything except storage devices in the 
relevant ports. 
* How to achieve this?  Is there some manual?  Do you mind to share an example?


* Correct the policy in 
https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard manual.  It should 
be:

sys-usb dom0 ask,user=root

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1946887460.2653244.1476146051505%40mail.yahoo.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Suspend Problems

2016-10-10 Thread Torsten Grote

On 10/08/2016 02:46 PM, jo...@mailbox.org wrote:
> 1. the network-connection symbol says the network is broken. I have to
> reboot the sys-net (kill and restart), then the network comes online
> again and I have network connection from within the sys-net.

This problem I have as well after waking up from each suspend, but I
found out that it is sufficient to disable the networking via the
network manager icon and then re-enable it.

Kind Regards,
Torsten

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c3b9098-d557-7a84-e472-dfa08e9ab920%40grobox.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Suspend Problems

2016-10-10 Thread Drew White

In regards to the logging... here was a day of my logs before I added in a 
couple of things, just so you can see why I archive them.

9.5M20160928
160K20160928.7za

The compression ratio is large.
So I can store them all and look back on the effect of things over time to see 
where things are good and bad.

On Tuesday, 11 October 2016 10:46:29 UTC+11, Drew White  wrote:
> On Monday, 10 October 2016 18:07:15 UTC+11, jo...@mailbox.org  wrote:
> > Interesting.
> > So actually with no VMs involved I already can reproduce the problem. 
> > Will investigate during the week.
> 
> There are things I have issue with as well. Personally, I have a script 
> running almost all the time just so that I can know what happens when my PC 
> locks up...
> 
> in crontab...
> "*/5 * * * * root sh /path/to/monitorstats.sh"
> 
> This way it runs every 5 minutes.
> So no matter what, I can always see what's going on in Dom0.
> I was thinking about adding xentop to it too, I might do that now...
> 
> Added it...
> 
> But yes, it has told me many things ever since I started the logging.
> Every day the logs are archived.
> 
> It's only a few Mb of logs a day. Archived it's about 100k. I use 7za for 
> archiving them, because of it's better compression algorithm.
> 
> Might help provide you some answers too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24aff0b4-5ab4-4546-91e5-132c9791525b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Suspend Problems

2016-10-10 Thread Drew White

On Monday, 10 October 2016 18:07:15 UTC+11, jo...@mailbox.org  wrote:
> On Sun, 9 Oct 2016 21:02:33 -0700 (PDT)
> Drew White  wrote:
> 
> > On Sunday, 9 October 2016 04:46:12 UTC+11, jo...@mailbox.org  wrote:
> > > Dear Qubes Users,
> > > 
> > > first of all I would thank the developers for this great peace of
> > > software! It (3.2) works on two Laptops and now I made the step to
> > > install it on the "main"-PC. Very unfortunate suspend-to-ram does
> > > not work ... really. Maybe someone has a cure for this unfortunate
> > > behaviour.  
> >  
> > Are you saying it HAS a "Suspend to RAM" functionality?
> > If so, where is it you saw this functionality?
> 
> Hi Drew,
> 
> thanks for replying. Yes, definetly SuspendToRam works. (with any other
> linux distribution). It works even half for Qubes-Os. _But_ when woken
> up you cannot actually _do_ anything. (as described)
 
Ahh, you are talking about suspending the Dom0 AdminVM?

I will try it out and take a look once I've finished this post.


> > 
> > > I can suspend, and the machine wakes up from sleep, but is more or
> > > less unusable afterwards. The symptoms are:
> > > 1. the network-connection symbol says the network is broken. I have
> > > to reboot the sys-net (kill and restart), then the network comes
> > > online again and I have network connection from within the
> > > sys-net.  
> > 
> > This is an issue because of the device attachment. That is what I
> > found. This issue has been there for a very long time. It is not
> > something that can easily be fixed, but can only be fixed by user
> > doing things particular ways. (Depending on what you want to do)
> 
> Hmh, but what device? I start the machine, go to suspend, wake it up
> again and it "hangs". There is no USB-Device attached, no wlan,
> bluethooth and such. 

Interesting. I have many thoughts on the possibilities of why this can and 
could happen. I'll check it here on a few PCs and Laptops and see what happens.


> > 
> > > 2. Most of the other VMs are offline and stopped. Restarting these
> > > VMs does not work or takes ages. You cannot start any other VMs
> > > (well somethimes after several minutes something works, i.e. a
> > > shell is startet, but no net.)  
> > 
> > This functionality I don't use, I never suspend my machine.
> > IF you have this issue, you need to check the system itself, not just
> > the Qubes Manager. OR, you can restart the Qubes Manager so that it
> > can completely refresh itself. This has been an issue with the
> > Manager from Qubes-OS for a while now, sometimes it loses what's
> > happening in the system. So restarting the front-end NORMALLY fix's
> > the situation. Other than that you can check the system by running
> > "xl list" That will show you all the running VMs as well as their
> > current utilisation specs.
> > 
> 
> Thanks for the hints, but I (think I did) tried everything, (BIOS,
> Manager, different VMSs etc) but no change. ...
> xl list and xentop show that dom0 is taking 100%, all the VMs don't do
> anything.

Dom0 has access to all threads. Personally, I reduce my Dom0 to 4 threads, that 
way the back end can still do things. I'll have to post how to do that because 
that may avoid this lockup situation.

I would advise you to run 'htop' to see what is going on and the actual CPU 
usage and activity on each thread when it's doing the 100% bit. Just to know 
what is actually going on.

Do you have ECC RAM?




> > 
> > > 3. in Dom0 you can see that some process like (awk, cut, sed and
> > > such are taking 100% of one CPU core for hours.)   
> > 
> > I have noticed this too. This is one thing I do not know about and
> > have never been able to find out why they do this.
> > 
> > 
> > > 4. the VM-Manager marks some/most VMs with "VM didn't give back
> > > memory". I can restart (kill) them, but they are
> > > unresposive/unusable. Sometimes I can get a shell, sometimes not
> > > (or I haven't waited long enough.)  
> > 
> > I've had this happen before. Not in 3.2R1+ though.
> > Restart the manager, as I stated in last response. It can sometimes
> > let you see what you need to see so that you can fix the problem.
> > 
> 
> Hmh, no effekt, I disabled "memory balancing" with the effekt that the
> "didn't return requsted memory" error disapears. But still hanging.




> > 
> > > 5. I cannot shut down properly. (_maybe_ I could wait some hours,
> > > and it would work.) Have to do a cold reset.  
> >  
> > This is caused if you have guests that aren't shut down properly, or
> > have not returned things and can't be cleared out. There are many
> > things that it could be.
> > 
> > If you weren't using graphical mode on boot/shutdown then you could
> > see what was going on.
> 
> It seems to hang at some stopjobs, or "watchdog did not stop" etc
> 
> In any case. Even if I switch off all VMs,  Dom0 is taking 100% at the
> moment ("logger -p damon.debug -- /etc/xen/scripts/block-snapshot:
> remving /dev/loop" )

That's

[qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

2016-10-10 Thread pleomati

command recordfail not found
command gfxmode not found
press any key to continue

This variables 

recordfail
gfxmode

are not needed,coment it or delete.Then boot should be clean with no errors.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bc52c99-bd40-47a6-8ca6-30a6bcb8863b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

On Mon, Oct 10, 2016 at 01:25:47PM -0700, t.k.t.k.t.k.t.k.1.1@gmail.com 
wrote:
> Thank you so much, this fixed it, now everything works perfectly fine, 
> although I get an error "command recordfail not found
>  command gfxmode not found
>  press any key to continue"
> when booting into Mint. The grub.cfg file contained these commands and I 
> copied them. The error seems to have no influence, when I hit a key, it boots 
> normally, so I think I can ignore this?
> 
> And are the changes I made persistent if I update-grub? (I'm not planning to 
> do that but if I do in a year or so I probably won't remember if it is not 
> persistent)
> 
Neither of these are needed, and you can delete those entries, as you
thought.

If you have made the change in grub.cfg then it wont be persistent.
You need to put the same entry in to /etc/grub.d/40_custom, and then it
will be picked up on a future grub update.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161010205827.GB21696%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] customizing dispVM not working

2016-10-10 Thread cubit

10. Oct 2016 20:50 by un...@thirdeyesecurity.org:

> I remember a thread about this some time back - what you're doing is
> exactly right. 




Well that's good to know :o)

 


> All I can suggest is that you make sure that the change
> has "taken" in the template, and ensure that it has stopped running
> before you run qvm-create-default-dvm.
>




starting firefox from the template shows the changes as I want and `qvm-ls`  
before I run `qvm-create-default-dvm` shows that the template is not running.




All quite strange.









-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KTkNYuy--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] customizing dispVM not working

On Mon, Oct 10, 2016 at 10:10:38PM +0200, cubit wrote:
> Hello,
> 
> I am trying to customize a dispVM on qubes 3.2 but I can not get the 
> customization to take. I am doing the following
> 
> dom0:
> `qvm-run -a fedora-23-test gnome-terminal`
> 
> In the resultant gnome-terminal I am doing
> `firefox`
> 
> When firefox launches I am setting duckduckgo as my homepage
> 
> I quit firefox
> 
> I `touch /home/user/.qubes-dispvm-customized`
> 
> I `poweroff` fedora-23-test from the gnome-terminal I opened.
>  
> I set the template to default dvm
> `qvm-create-default-dvm fedora-23-test`
> 
> I then start the disposable firefox from XFCE application menu.
> 
> Firefox starts but does not have the custom start page but the standard 
> http://start.fedoraproject.org.
> 
> I tried similar with nautilus changing from icon to list view but it also 
> does not take.
> 
> This was working OK in 3.1. Am I doing something wrong in 3.2?
> 
No, that's exactly the same in 3.2.
I remember a thread about this some time back - what you're doing is
exactly right. All I can suggest is that you make sure that the change
has "taken" in the template, and ensure that it has stopped running
before you run qvm-create-default-dvm.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161010205056.GA21696%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

2016-10-10 Thread t . k . t . k . t . k . t . k . 1 . 1 . 1 . 0

On Monday, October 10, 2016 at 4:25:47 PM UTC-4, t.k.t.k.t.k...@gmail.com wrote:
> Thank you so much, this fixed it, now everything works perfectly fine, 
> although I get an error "command recordfail not found
>  command gfxmode not found
>  press any key to continue"
> when booting into Mint. The grub.cfg file contained these commands and I 
> copied them. The error seems to have no influence, when I hit a key, it boots 
> normally, so I think I can ignore this?
> 
> And are the changes I made persistent if I update-grub? (I'm not planning to 
> do that but if I do in a year or so I probably won't remember if it is not 
> persistent)

what fixed it?  What commands?   Are you booting qubes from a mint grub?  If 
you doint the /etc/grub.d/40_custom method.  make sure to paste in ther 
eeverything in the qubes grub.cfg between where it starts ### BEGIN 
/etc/grub.d/20_linux_xen ###  

Its persistent but when qubes upgrade a kernel or initrd or something you will 
want to repeat this step and do update-grub again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ec3c068-8cf5-4367-8484-902556ebfcad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

Thank you so much, this fixed it, now everything works perfectly fine, although 
I get an error "command recordfail not found
 command gfxmode not found
 press any key to continue"
when booting into Mint. The grub.cfg file contained these commands and I copied 
them. The error seems to have no influence, when I hit a key, it boots 
normally, so I think I can ignore this?

And are the changes I made persistent if I update-grub? (I'm not planning to do 
that but if I do in a year or so I probably won't remember if it is not 
persistent)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4d41587-1bf9-4d39-b8f7-51f3c20f10e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Suspend Problems

On Monday, October 10, 2016 at 12:06:17 AM UTC-4, Drew White wrote:
> On Monday, 10 October 2016 13:09:30 UTC+11, pleo...@gmail.com  wrote:
> > > ---
> > and this thing with boot look at the boot screen prev instaled Qubes and 
> > Post instaled Qubes.I my comp usualy boot screen took few sec say 3 but 
> > after install Qubes it took 20 sec or even more.So the must be some kind 
> > blue pill backdor.
> 
> So with other operating system it took 3 or so seconds to boot, and now with 
> Qubes it takes 20?
> 
> Did you know that Qubes starts the sys-net and sys-firewall (whatever VMs you 
> set to start on boot) before you actually get to the GUI?
> Not to mention, IF there are issues, it will check the HDD.
> If you don't run RedHat Graphical Boot (RHGB) then you can actually see what 
> is happenning and you can see what it does that takes a long time. Do this, 
> and you will see. :}
> So on booting, press ESC to get rid of RHGB temporarily.
> 
> If there is something that is taking a long time, and it shouldn't, message 
> it back here and let people know.

or you can just hit the esc key when prompted for encryption password.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ebae03a-e7d0-4fd3-a3c3-d79e2229ee34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: debian templates for sys vms?

On Monday, October 10, 2016 at 5:02:35 AM UTC-4, pixel fairy wrote:
> given debians longer release cycle and the trouble with getting a current / 
> supported version of fedora working for appvms, any reason not to use debian 
> for the sys- vms?

you might want to harden it a little more, although sys-net is considered 
untrusted anyways.  another user freaked out recently when seeing listening 
processes not present using fedora.  I noticed the same thing a while back but 
its easy to disable what you want yourself.   Its also why I use fedora as my 
sys-net and firewall still,  cause I feel the qubes team prolly hardened it 
better.   But I could be wrong...

I would love to see a openbsd template just for the sys-net or firewall.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a924887a-0dac-468c-820f-5dc7c27466fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 4:09:04 PM UTC-4, raah...@gmail.com wrote:
> On Monday, October 10, 2016 at 3:26:16 PM UTC-4, raah...@gmail.com wrote:
> > On Monday, October 10, 2016 at 1:08:10 AM UTC-4, David Shleifman wrote:
> > > The PC system has 2 USB hubs: the first one is used for USB jacks on the 
> > > front panel, the second one is used for USB jacks on the rear panel. Each 
> > > hub has 3 controllers:
> > > front.OHCI0 handles first 3 USB 1.1 devices that are plugged in (nothing 
> > > at the moment)
> > > front.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing 
> > > at the moment)
> > > front.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (DVD-RW 
> > > drive and flash stick at the moment)
> > > rear.OHCI0 handles first 3 USB 1.1 devices that are plugged in (USB 
> > > keyboard and USB mouse are plugged in persistently)
> > > 
> > > rear.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at 
> > > the moment)
> > > 
> > > rear.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (Web 
> > > camera, and CD-RW drive are plugged in persistently)
> > > I followed the recommendation at 
> > > https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube.  After 
> > > running 
> > > [dom0]$   qubesctl top.enable qvm.sys-usb
> > > 
> > > [dom0]$   qubesctl state.highstate 
> > > 
> > > all 6 controllers have been assigned to sys-usb qube.  It looks like a 
> > > very bad idea to mix security sensitive devices such as keyboard/mouse 
> > > with other devices.  Where do I go from this point?
> > > 
> > > A) Split controllers into two groups and assign each group to a different 
> > > sys-usb qube? Keyboard/mouse shall end up in a first group, while other 
> > > devices shall end up in the second group.  Is this break down in line 
> > > with the security guidelines (see https://www.qubes-os.org/doc/usb/)?
> > > 
> > > 
> > > B) Stay with a single sys-usb qube and assign rear.OHCI0 controller back 
> > > to dom0?  Do 
> > > I need to remove "sys-usb dom0 ask" from 
> > > /etc/qubes-rpc/policy/qubes.InputKeyboard? Do I need to remove 
> > > GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb from /etc/default/grub ?  How to 
> > > instruct GRUB to hide all controllers except rear.OHCI0 ?
> > 
> > look at finding right usb controller.  
> > https://www.qubes-os.org/doc/assigning-devices/
> > 
> > If really worried about using a usb keyboard you can use a ps2 one, or get 
> > a usb to ps2 adapter.
> 
> I don't think you really have 6 controllers do you? its probably only three.  
> ohci0, ohci1, and ehci0On mine I have only two echi's.   one is for the 
> two low speed ports, next to the ps2 port which i use for mouse and keyboard, 
> and is assigned to dom0.  The other controller is for everything else I have 
> in sys-usb.
> 
> On another machine with xhvi (usb3.0)  everything gets routed through that 
> one controller.  the two ehvi controllers get routed through the usb 3.0 
> making a single controller not 3.  so its either use the two controllers the 
> same way I have on this box with xhvi disabled,  or enable it then only 
> having a single controller if wanting 3.0 speeds (using the qubes input 
> proxy).To get 3 controllers to have seperates usb 2.0 and usb 3.0 you 
> need to find a lga 2011 socket mobo, like an x99, and make sure the bios 
> supports the manual routing feature.
> 
> But I haven't tested the new ability to assign separate pci devices now in 
> the new qubes 3.2. Maybe this changes things?

again though on my one machine i opted to have a single controller so I can 
have 3.0 speeds,  and use a usb to pci adapter for the keyboard.  I'm not as 
concerned about the mouse, at least I hope I don't have to be lol.  I use the 
lockscreen.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb7a6a04-b13a-4d9e-a602-72910f712ba0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] customizing dispVM not working

2016-10-10 Thread cubit

Hello,

I am trying to customize a dispVM on qubes 3.2 but I can not get the 
customization to take. I am doing the following

dom0:
`qvm-run -a fedora-23-test gnome-terminal`

In the resultant gnome-terminal I am doing
`firefox`

When firefox launches I am setting duckduckgo as my homepage

I quit firefox

I `touch /home/user/.qubes-dispvm-customized`

I `poweroff` fedora-23-test from the gnome-terminal I opened.
 
I set the template to default dvm
`qvm-create-default-dvm fedora-23-test`

I then start the disposable firefox from XFCE application menu.

Firefox starts but does not have the custom start page but the standard 
http://start.fedoraproject.org.

I tried similar with nautilus changing from icon to list view but it also does 
not take.

This was working OK in 3.1. Am I doing something wrong in 3.2?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KTkCyfB--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

On Monday, October 10, 2016 at 3:26:16 PM UTC-4, raah...@gmail.com wrote:
> On Monday, October 10, 2016 at 1:08:10 AM UTC-4, David Shleifman wrote:
> > The PC system has 2 USB hubs: the first one is used for USB jacks on the 
> > front panel, the second one is used for USB jacks on the rear panel. Each 
> > hub has 3 controllers:
> > front.OHCI0 handles first 3 USB 1.1 devices that are plugged in (nothing at 
> > the moment)
> > front.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at 
> > the moment)
> > front.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (DVD-RW 
> > drive and flash stick at the moment)
> > rear.OHCI0 handles first 3 USB 1.1 devices that are plugged in (USB 
> > keyboard and USB mouse are plugged in persistently)
> > 
> > rear.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at 
> > the moment)
> > 
> > rear.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (Web camera, 
> > and CD-RW drive are plugged in persistently)
> > I followed the recommendation at 
> > https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube.  After 
> > running 
> > [dom0]$   qubesctl top.enable qvm.sys-usb
> > 
> > [dom0]$   qubesctl state.highstate 
> > 
> > all 6 controllers have been assigned to sys-usb qube.  It looks like a very 
> > bad idea to mix security sensitive devices such as keyboard/mouse with 
> > other devices.  Where do I go from this point?
> > 
> > A) Split controllers into two groups and assign each group to a different 
> > sys-usb qube? Keyboard/mouse shall end up in a first group, while other 
> > devices shall end up in the second group.  Is this break down in line with 
> > the security guidelines (see https://www.qubes-os.org/doc/usb/)?
> > 
> > 
> > B) Stay with a single sys-usb qube and assign rear.OHCI0 controller back to 
> > dom0?  Do 
> > I need to remove "sys-usb dom0 ask" from 
> > /etc/qubes-rpc/policy/qubes.InputKeyboard? Do I need to remove 
> > GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb from /etc/default/grub ?  How to 
> > instruct GRUB to hide all controllers except rear.OHCI0 ?
> 
> look at finding right usb controller.  
> https://www.qubes-os.org/doc/assigning-devices/
> 
> If really worried about using a usb keyboard you can use a ps2 one, or get a 
> usb to ps2 adapter.

I don't think you really have 6 controllers do you? its probably only three.  
ohci0, ohci1, and ehci0On mine I have only two echi's.   one is for the two 
low speed ports, next to the ps2 port which i use for mouse and keyboard, and 
is assigned to dom0.  The other controller is for everything else I have in 
sys-usb.

On another machine with xhvi (usb3.0)  everything gets routed through that one 
controller.  the two ehvi controllers get routed through the usb 3.0 making a 
single controller not 3.  so its either use the two controllers the same way I 
have on this box with xhvi disabled,  or enable it then only having a single 
controller if wanting 3.0 speeds (using the qubes input proxy).To get 3 
controllers to have seperates usb 2.0 and usb 3.0 you need to find a lga 2011 
socket mobo, like an x99, and make sure the bios supports the manual routing 
feature.

But I haven't tested the new ability to assign separate pci devices now in the 
new qubes 3.2. Maybe this changes things?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82ae5915-cf20-4ddd-9986-059dfb1d8845%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to manage multiple USB controllers

2016-10-10 Thread t . k . t . k . t . k . t . k . 1 . 1 . 1 . 0

On Monday, October 10, 2016 at 1:08:10 AM UTC-4, David Shleifman wrote:
> The PC system has 2 USB hubs: the first one is used for USB jacks on the 
> front panel, the second one is used for USB jacks on the rear panel. Each hub 
> has 3 controllers:
> front.OHCI0 handles first 3 USB 1.1 devices that are plugged in (nothing at 
> the moment)
> front.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at 
> the moment)
> front.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (DVD-RW drive 
> and flash stick at the moment)
> rear.OHCI0 handles first 3 USB 1.1 devices that are plugged in (USB keyboard 
> and USB mouse are plugged in persistently)
> 
> rear.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at the 
> moment)
> 
> rear.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (Web camera, 
> and CD-RW drive are plugged in persistently)
> I followed the recommendation at 
> https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube.  After 
> running 
> [dom0]$   qubesctl top.enable qvm.sys-usb
> 
> [dom0]$   qubesctl state.highstate 
> 
> all 6 controllers have been assigned to sys-usb qube.  It looks like a very 
> bad idea to mix security sensitive devices such as keyboard/mouse with other 
> devices.  Where do I go from this point?
> 
> A) Split controllers into two groups and assign each group to a different 
> sys-usb qube? Keyboard/mouse shall end up in a first group, while other 
> devices shall end up in the second group.  Is this break down in line with 
> the security guidelines (see https://www.qubes-os.org/doc/usb/)?
> 
> 
> B) Stay with a single sys-usb qube and assign rear.OHCI0 controller back to 
> dom0?  Do 
> I need to remove "sys-usb dom0 ask" from 
> /etc/qubes-rpc/policy/qubes.InputKeyboard? Do I need to remove 
> GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb from /etc/default/grub ?  How to 
> instruct GRUB to hide all controllers except rear.OHCI0 ?

look at finding right usb controller.  
https://www.qubes-os.org/doc/assigning-devices/

If really worried about using a usb keyboard you can use a ps2 one, or get a 
usb to ps2 adapter.

 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b9fb715-9762-4a82-8f4e-5e5a844b11bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to install 3.2-rc1 on Thinkpad T450s

2016-10-10 Thread Robert Mittendorf

I think I found the solution to your problem - at least my issues with 
booting Kernel 4.4 and Qubes 3.2 are solved now. I increased the total 
graphics memory from 256 MB to 512 MB - and boom, here you go!



Am 10/04/2016 um 06:02 PM schrieb habib.bhatti...@gmail.com:

I have a T450s and I followed instructions exactly
I am using a USB device which I used Rufus to instal the ISO image in DD mode 
and then I went into xen.cfg and did exactly as instructions stated but it 
keeps herring stuck in boot loop

Someone please help
Thanks



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71e1f8ec-455b-4515-87ae-3446c50f88e6%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to trim AppVm's data to match the correct size inside?

2016-10-10 Thread Chris Laprise

On 10/09/2016 12:20 PM, 8c36b1b85a745a25508d01ced9335bef7a1e4ed1 wrote:

On Sunday, October 9, 2016 at 2:54:11 PM UTC, yaqu wrote:

On Sun, 9 Oct 2016 06:19:47 -0700 (PDT),
8c36b1b85a745a25508d01ced9335bef7a1e4ed1 wrote:

I have delete a lot of big datas on one of my appvm, but the problem
is the size doesn't change eventhough 'df -h' in the appvm shows that
the user's data already decreased. Qubes-Manager and dom0 still
recognised its size with the old values. How can i proceed to
decrease it?

Procedure should be similar to compacting templates:
https://www.qubes-os.org/doc/fedora-template-upgrade-21/#compacting-the-upgraded-template

Inside VM fill unused space on private.img with zeros:

[user@untrusted ~]$ dd if=/dev/zero of=/home/user/zero
[user@untrusted ~]$ rm /home/user/zero

And then copy image in dom0:

[user@dom0 ~]$ qvm-shutdown --wait untrusted
[user@dom0 ~]$ cd /var/lib/qubes/appvms/untrusted/
[user@dom0 ~]$ cp --sparse=always private.img private.img.new
[user@dom0 ~]$ mv private.img.new private.img

But I have just noticed, that after removing big files in appvm, its
private.img has been automagically compacted, without using this
procedure. Tested on R3.2 and fedora23-based appvm.

--
yaqu

Excellent, it's working. Thanks for your answer. I skipped the dd part since I
already delete big files before that and its still works.

Space should be recovered automatically if your template is set to mount
/rw with the 'discard' option. That is the Qubes default.

You can do a one-time recovery simply with 'sudo fstrim -v /rw' . There
should be no need to resort to long brute force methods like using dd
and cp.

Chris

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/26ac032e-dc3e-aab5-e99d-95ca6060adee%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

Thank you for you answers.

As I tried to point out, I have already tried all possible partitions for 
root=(hdx,y), including hd0,6 and none of them worked.

I'd prefer fixing it without a life distro by mounting the mint partition on 
qubes. Which files do I have to get and paste to the /boot partition? And how 
do I paste them there? Is the /boot partition the folder /boot in the dom0 
filesystem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/454e9df5-bf79-4da7-a6c3-35656ac887a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to manage multiple USB controllers

2016-10-10 Thread Franz

On Mon, Oct 10, 2016 at 10:27 AM, Unman  wrote:

> On Mon, Oct 10, 2016 at 05:04:26AM +, 'David Shleifman' via
> qubes-users wrote:
> > The PC system has 2 USB hubs: the first one is used for USB jacks on the
> front panel, the second one is used for USB jacks on the rear panel. Each
> hub has 3 controllers:
> > front.OHCI0 handles first 3 USB 1.1 devices that are plugged in (nothing
> at the moment)
> > front.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing
> at the moment)
> > front.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (DVD-RW
> drive and flash stick at the moment)
> > rear.OHCI0 handles first 3 USB 1.1 devices that are plugged in (USB
> keyboard and USB mouse are plugged in persistently)
> >
> > rear.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing
> at the moment)
> >
> > rear.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (Web
> camera, and CD-RW drive are plugged in persistently)
> > I followed the recommendation at https://www.qubes-os.org/doc/
> usb/#creating-and-using-a-usb-qube.  After running
> > [dom0]$   qubesctl top.enable qvm.sys-usb
> >
> > [dom0]$   qubesctl state.highstate
> >
> > all 6 controllers have been assigned to sys-usb qube.  It looks like a
> very bad idea to mix security sensitive devices such as keyboard/mouse with
> other devices.  Where do I go from this point?
> >
> > A) Split controllers into two groups and assign each group to a
> different sys-usb qube? Keyboard/mouse shall end up in a first group, while
> other devices shall end up in the second group.  Is this break down in line
> with the security guidelines (see https://www.qubes-os.org/doc/usb/)?
> >
> >
> > B) Stay with a single sys-usb qube and assign rear.OHCI0 controller back
> to dom0?  Do
> > I need to remove "sys-usb dom0 ask" from 
> > /etc/qubes-rpc/policy/qubes.InputKeyboard?
> Do I need to remove
> > GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb from /etc/default/grub ?  How
> to instruct GRUB to hide all controllers except rear.OHCI0 ?
>
> I wouldn't assign back to dom0.
> There's no reason why you shouldn't adopt some variation on A, and have
> different qubes handling different controllers. Of course, you'd have to
> make sure that you follow a consistent pattern with use of sockets.
> You could enforce this with configuration in the policy file, and by
> some udev rules to block anything except storage devices in the relevant
> ports.
>
>
I am planning to do something like them with my Lenovo x230  that has a
docking station with some USB ports. There should be an independent
controller in the docking station.

When I detach the laptop from the docking station the second sys-usb will
be unable to find its assigned controller and will give some error, but
should be no problem.

Then I may use the USB controller on laptop for more dirty stuff and the
controller on the docking station for connecting Trezor for bitcoin
transactions and similar more delicate tasks.

Best
Fran


> unman
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/20161010132724.GC18661%40thirdeyesecurity.org.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qD9GhWDXxe2L_qQsXt9bXFvkzdK9c-HVKYfeMMpx6d3bg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to manage multiple USB controllers

On Mon, Oct 10, 2016 at 05:04:26AM +, 'David Shleifman' via qubes-users 
wrote:
> The PC system has 2 USB hubs: the first one is used for USB jacks on the 
> front panel, the second one is used for USB jacks on the rear panel. Each hub 
> has 3 controllers:
> front.OHCI0 handles first 3 USB 1.1 devices that are plugged in (nothing at 
> the moment)
> front.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at 
> the moment)
> front.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (DVD-RW drive 
> and flash stick at the moment)
> rear.OHCI0 handles first 3 USB 1.1 devices that are plugged in (USB keyboard 
> and USB mouse are plugged in persistently)
> 
> rear.OHCI1 handles next 3 USB 1.1 devices that are plugged in (nothing at the 
> moment)
> 
> rear.EHCI0 handles up to 6 USB 2.0 devices that are plugged in (Web camera, 
> and CD-RW drive are plugged in persistently)
> I followed the recommendation at 
> https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube.  After 
> running 
> [dom0]$   qubesctl top.enable qvm.sys-usb
> 
> [dom0]$   qubesctl state.highstate 
> 
> all 6 controllers have been assigned to sys-usb qube.  It looks like a very 
> bad idea to mix security sensitive devices such as keyboard/mouse with other 
> devices.  Where do I go from this point?
> 
> A) Split controllers into two groups and assign each group to a different 
> sys-usb qube? Keyboard/mouse shall end up in a first group, while other 
> devices shall end up in the second group.  Is this break down in line with 
> the security guidelines (see https://www.qubes-os.org/doc/usb/)?
> 
> 
> B) Stay with a single sys-usb qube and assign rear.OHCI0 controller back to 
> dom0?  Do 
> I need to remove "sys-usb dom0 ask" from 
> /etc/qubes-rpc/policy/qubes.InputKeyboard? Do I need to remove 
> GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb from /etc/default/grub ?  How to 
> instruct GRUB to hide all controllers except rear.OHCI0 ?

I wouldn't assign back to dom0.
There's no reason why you shouldn't adopt some variation on A, and have
different qubes handling different controllers. Of course, you'd have to
make sure that you follow a consistent pattern with use of sockets.
You could enforce this with configuration in the policy file, and by
some udev rules to block anything except storage devices in the relevant
ports.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161010132724.GC18661%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Multibooting fails: Windows won't start and other Linux can't be found

On Sun, Oct 09, 2016 at 09:13:22PM -0700, raahe...@gmail.com wrote:
> On Sunday, October 9, 2016 at 11:04:18 AM UTC-4, Tobias Kah wrote:
> > I did what the Documentation for Multibooting said and added Stanzas for 
> > Windows and Linux Mint to Grub 2 to /etc/grub.d/40_custom after installing 
> > Qubes.
> > 
> > My Partitions are the following:
> > 
> > 
> > sda1 "DellUtility" vfat
> > 
> > sda2 "RECOVERY" ntfs
> > 
> > sda3 "OS" ntfs
> > 
> > sda4 extended
> > 
> > 
> > sda7 Qubes ext4
> > 
> > 
> > sda8 Qubes crypto_LUKS
> > 
> > 
> > sda5 Linux Mint Swap 
> > 
> > 
> > sda6 Linux Mint ext4
> > 
> > 
> > My /etc/grub.d/40_custom looks like this after adding the stanzas:
> > 
> > 
> > #!/bin/sh
> > 
> > exec tail -n +3 $0
> > #
> > #
> > #
> > #
> > 
> > menuentry "Linux Mint 18" {
> > 
> > set root=(hd0,5)
> > 
> > chainloader +1
> > 
> > }
> > 
> > 
> > menuentry "Winodws 7" {
> > 
> > insmod part_msdos
> > 
> > insmod ntldr
> > 
> > insmod ntfs
> > 
> > ntldr (hd0,2)/bootmgr
> > 
> > }
> > 
> > I've tried out all possible partitions for root=() and ntldr () but the 
> > Linux always gives me "error: Invalid Signature. Press any key to continue."
> > 
> > Did I do any mistake while editing the 40_custom file?
> > 
> > For Windows I get something like 
> > 
> > 
> > "Windows failed to start. A recent hardware or software change might be the 
> > cause. To fix this problem:
> > 
> > 1. Insert your Windows installation disk
> > 
> > 2. Choose language
> > 
> > 3. Click repair your computer
> > 
> > 
> > file: \boot\BCD
> > 
> > Status: 0xc225
> > 
> > Info: An error occurred while attempting to read the boot configuration 
> > data."
> > 
> > Is that really necessary (I don't have such a disk)? There should not have 
> > been made any changes to the Windows Partition so I do not understand why 
> > it won't boot...
> > 
> > 
> > I really appreciate any ideas on how to fix this issue.
> 
> load a live mint disk.  follow these instructions to reinstall grub  
> https://community.linuxmint.com/tutorial/view/245
> 
> Then boot into mint.  then go to /etc/grub.d/40_custom file.   in there you 
> will paste everything from the qubes /boot partition.  from 
> /boot/grub/grub2/grub.cfg file (or something like that)  the whole section 
> between where it says xen.   then update grub and reboot and qubes and 
> windows should be in the mint grub.

I don't understand these suggestions to reinstall grub, when there
is a working grub.It's the configuration that is wrong as I pointed
out.

Also, there's no need to run a live distro of any sort, assuming Qubes
boots fine. It would be simpler to mount the mint partition, grab the
files from there and paste directly in to the /boot partition.

But I'd suggest trying to fig the partition references in grub.cfg first.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161010130438.GA18661%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: 3.2 installation crash on a ThinkPad

On Monday, October 10, 2016 at 3:07:06 AM UTC-7, yaqu wrote:
> On Mon, 10 Oct 2016 01:49:07 -0700 (PDT), pixel fairy
>  wrote:
> 
> > On Thursday, October 6, 2016 at 1:47:02 AM UTC-7, jkitt wrote:
> > > I'm trying to install 3.2 on a ThinkPad T420S but the installation
> > > seems to crash while booting. The kernel boot log display is
> > > distorted (see pic) and the system seems to hang.
> > > 
> > > Does 3.2 work on the T420? Is it a graphical thing - can I disable
> > > it with a kernel parameter?
> > 
> > this seems to work on a lot of thinkpads.
> > 
> > https://www.qubes-os.org/doc/thinkpad_x201/
> 
> It looks like T420s has the same graphics as T520 (Intel HD 3000). I had
> a problem with this GPU and R3.2 (random reboots) and I have solved it
> by adding i915.enable_rc6=0 to kernel parameters:
> https://groups.google.com/forum/#!msg/qubes-users/DSFcUer3C7M/Rbno0VdfBQAJ
> 
> BTW with iommu=no-igfx my T520 didn't boot at all.
> 
> -- 
> yaqu

Andrew David Wong, can you add this to the thinkpad notes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d32165cd-ac1c-4417-aadd-d966eb98e570%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: 3.2 installation crash on a ThinkPad

2016-10-10 Thread yaqu

On Mon, 10 Oct 2016 01:49:07 -0700 (PDT), pixel fairy
 wrote:

> On Thursday, October 6, 2016 at 1:47:02 AM UTC-7, jkitt wrote:
> > I'm trying to install 3.2 on a ThinkPad T420S but the installation
> > seems to crash while booting. The kernel boot log display is
> > distorted (see pic) and the system seems to hang.
> > 
> > Does 3.2 work on the T420? Is it a graphical thing - can I disable
> > it with a kernel parameter?
> 
> this seems to work on a lot of thinkpads.
> 
> https://www.qubes-os.org/doc/thinkpad_x201/

It looks like T420s has the same graphics as T520 (Intel HD 3000). I had
a problem with this GPU and R3.2 (random reboots) and I have solved it
by adding i915.enable_rc6=0 to kernel parameters:
https://groups.google.com/forum/#!msg/qubes-users/DSFcUer3C7M/Rbno0VdfBQAJ

BTW with iommu=no-igfx my T520 didn't boot at all.

-- 
yaqu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161010100704.C6F84102138%40mail2.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] debian templates for sys vms?

given debians longer release cycle and the trouble with getting a current / 
supported version of fedora working for appvms, any reason not to use debian 
for the sys- vms? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bfd75c3-e234-4025-84cf-69c1ac480896%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Negative test result for fedora 24... Was: Re: Request for test: Re: [qubes-users] Fedora 24?

On Saturday, September 24, 2016 at 8:04:54 PM UTC-7, Sebastian Jug wrote:
> On Friday, September 16, 2016 at 4:37:17 AM UTC-4, Marek Marczykowski-Górecki 
> wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Thu, Sep 15, 2016 at 09:41:37PM -0700, J. Eppler wrote:
> > > Is it a good idea to spend time on fedora 24? Fedora 25 should be 
> > > released in November/December and will use Wayland per default. Would it 
> > > not be better to skip Fedora 24 and focus on resources and efforts on 
> > > Fedora 25?
> > 
> > Most likely problems found on F24 will also affect F25, so those will
> > need to be fixed anyway. On the other hand, since it mostly works, it
> > isn't much effort.
> > 
> > - -- 
> > Best Regards,
> > Marek Marczykowski-Górecki
> > Invisible Things Lab
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v2
> > 
> > iQEcBAEBCAAGBQJX2684AAoJENuP0xzK19csEGYH/1mZK2nJH7bU9WwVP8pHFNJL
> > yT3VApyDAC/h4p9WVCS/3Jaj0ZTkNsPUzXLh85Ico5L++rz7Cg0HxhjnNSkh7gSK
> > cQOWbVq4Eeo4iRybCgkR7d1oKG+ar4mkvyXzE4psWFDb95WV3m/zZsNFgw4YhM9/
> > IN5ZbsOSE6DVF32lOh9Qbv2MkhSeyi7eI8KB1DIWoqEJUt+5CA3pXDVRsPvbIxIe
> > w3uTZWnPn3tA4aZCEh2/dnkULiVpZTM+iHNgUKQHpr0WRMtXPj1oAxx9O1SaZr7m
> > 9pB6RfGGFZDZ0uEHeJfrei3hd0LHU4OXx5+CAsGmhIBIDxKw6D4FS2r59AORnh0=
> > =meEW
> > -END PGP SIGNATURE-
> 
> Split GPG does not work with Fedora 24. I upgraded my fedora-23 minimal gpg 
> template to Fedora 24 and I just get:
> 
> [user@personal ~]$ qubes-gpg-client -K
> /bin/sh: /etc/qubes-rpc/qubes.Gpg: No such file or directory
> EOF
> 
> It doesn't do the second prompt to allow access for the 300 seconds at all. 
> What would cause this?

does the new fedora24 template exist, or should we just update as your earlier 
message?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ad5ffcf-a31e-4f5b-8c95-b59231eb316b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 3.2 installation crash on a ThinkPad