[qubes-users] installing nvidia
https://www.qubes-os.org/doc/install-nvidia-driver/ here we have: "Build kernel package You will need at least kernel-devel (matching your Qubes dom0 kernel), rpmbuild tool and kmodtool, and then you can use it to build package:" What it means? I should on the fedora 18 with rpmfusion-repo download kernel-devel, which matching with my Qubes dom0 kernel? How is that? I should find "4.1.13-9.pvops.qubes.x86_64" in rpmfusion? How is that? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a2220e26-2c6f-46fd-a709-cc3ab5a12b4a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Just Broke Debian-8 Template
So i wanted to uninstall that rubbish image editor "imagemagick" Ran: sudo apt-get remove imagemagick VM crashed. Error in VM manager says "qrexec not connected" Tried to restart, VM manager Error says "can not start qubes-guid" Would prefer not to replace entire template if possible? Cheers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61b34100-9754-448e-994c-6a63f5ab5358%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On Tuesday, November 15, 2016 at 10:45:06 PM UTC-5, raah...@gmail.com wrote: > On Tuesday, November 15, 2016 at 7:44:53 PM UTC-5, pixel fairy wrote: > > On Tuesday, November 15, 2016 at 8:46:51 AM UTC-5, Andrew David Wong wrote: > > > > > > As far as I'm aware, any laptop with VT-x should be able to handle a > > > Windows VMs, and in general, most laptops comes with Windows. So, you're > > > basically just looking for a laptop that has good Qubes compatibility. > > > Take a look at the following: > > > > a sad trend now is laptops that are bios locked to only run windows. > > > > id also like to find a vendor that will still give us support and coverage > > on hardware issues, like ibm did before lenovo took over. > > what I always suggest is to buy one that has a manual to view all the > specifications. Preferably where you can see bios pictures in the manual. > And for Qubes I always suggest one where you can see VT-d is enabled in the > picture. or if it says its enabled by default then you are good to go for > sure. TO get the full security benefits. do see how it performs, you can search the model on linux forums, see if linux users use it, then you are good to go. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd6b02ea-24ee-43cc-9075-73b804a13d68%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On Tuesday, November 15, 2016 at 7:44:53 PM UTC-5, pixel fairy wrote: > On Tuesday, November 15, 2016 at 8:46:51 AM UTC-5, Andrew David Wong wrote: > > > > As far as I'm aware, any laptop with VT-x should be able to handle a > > Windows VMs, and in general, most laptops comes with Windows. So, you're > > basically just looking for a laptop that has good Qubes compatibility. Take > > a look at the following: > > a sad trend now is laptops that are bios locked to only run windows. > > id also like to find a vendor that will still give us support and coverage on > hardware issues, like ibm did before lenovo took over. what I always suggest is to buy one that has a manual to view all the specifications. Preferably where you can see bios pictures in the manual. And for Qubes I always suggest one where you can see VT-d is enabled in the picture. or if it says its enabled by default then you are good to go for sure. TO get the full security benefits. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d27e840c-a922-4580-818b-0ed56d4d5658%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On Tuesday, November 15, 2016 at 8:46:51 AM UTC-5, Andrew David Wong wrote: > > As far as I'm aware, any laptop with VT-x should be able to handle a Windows > VMs, and in general, most laptops comes with Windows. So, you're basically > just looking for a laptop that has good Qubes compatibility. Take a look at > the following: a sad trend now is laptops that are bios locked to only run windows. id also like to find a vendor that will still give us support and coverage on hardware issues, like ibm did before lenovo took over. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e98ab87-ba5f-4e1b-9530-2e25c1ab390d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On Tuesday, November 15, 2016 at 10:17:59 AM UTC-5, Unman wrote: > > ... > > Conclusion: > > Windows is not designed to be run as a template based VM. > > > > -- > > Zrubi > > This is true for oem licenses. It would be possible to acquire an add-on > under Software Assurance and run up to 4VMs, and that is probably the best > route to follow for template based Windows qubes. > > In a business environment this might already be available. N.B, if you > want to connect to MS server products from multiple VMs that could open > a separate can of worms. Microsoft cant make anything easy! maybe it would be easier to just remote those apps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ebc7820-25aa-4165-b344-114e9439ea38%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes
On Tuesday, 15 November 2016 18:14:00 UTC+11, Jean-Philippe Ouellet wrote: > On Tue, Nov 15, 2016 at 12:17 AM, dumbcyber <> wrote: > > On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki > > wrote: > >> you need to remove 'rd.qubes.hide_all_usb' from kernel parameters. > > > > Thanks for the info. For me a noob, how do I remove that parameter from > > kernel? Thank you. > > From the installer, use your favorite editor on > /boot/efi/EFI/qubes/xen.cfg to remove just the rd.qubes.hide_all_usb > parameter from the kernel= line. It will probably be at the end of the > line. > > Note that your EFI partition might be mounted somewhere other than > /boot/efi (I don't remember). The `mount` command should tell you > where. Look for something like: > /dev/nvme0n1p1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=... Thanks for the guide. My boot64x.cfg does not contain this parameter. Here is the full CFG file [global] default=4.4.14-11.pvops.qubes.x86_64 [4.4.14-11.pvops.qubes.x86_64] options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M kernel=vmlinuz-4.4.14-11.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-9b163fd2-93d9-4498-a83d-712baae8432e rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet ramdisk=initramfs-4.4.14-11.pvops.qubes.x86_64.img [4.4.14-11.pvops.qubes.x86_64] options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M kernel=vmlinuz-4.4.14-11.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-9b163fd2-93d9-4498-a83d-712baae8432e rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet ramdisk=initramfs-4.4.14-11.pvops.qubes.x86_64.img Thanks for your help. PS I'm building another Qubes install where I'll uncheck "use sys-usb" later today -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ef9850e-d1aa-4aef-98ff-a9a2267c736c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using distribution kernel in Template VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 07, 2016 at 08:46:24PM +, Fred wrote: > > I followed the instructions here > https://www.qubes-os.org/doc/managing-vm-kernel/ for using the VM kernel. > > So in short: > > in dom0: sudo qubes-dom0-update grub2-xen > in fedora-23 template vm: sudo yum install qubes-kernel-vm-support > grub2-tools > in fedora-23 template vm: installed a distro kernel and matching > kernel-devel from fedora repo. > in fedora-23 template vm: sudo grub2-mkconfig -o /boot/grub2/grub.cfg to > create grub config. > > I can then set pvgrub2 as kernel for fedora-23 template and start it. > > fedora-23 boots without error, booting the VM kernel. Troubleshooting with > sudo xl console fedora-23 shows no obvious problems and it finishes the boot > sequence with a login prompt. The virt manager in dom0 shows for its status > an amber dot. It momentarily goes green, but then changes back to amber. > > Is there any way to debug this further? Have any steps been missed? Check if u2mfn module was built automatically. Simply login on the template console and check `modinfo u2mfn`. If it's not there, build it using `dkms autoinstall` command (see its manual page for exact parameters). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK6jZAAoJENuP0xzK19cs0/kH/3XG4J8atKnd0FsWBzF4mNgs 1KXVRFHQssR3n0Xe5/eqSHkjfBBJPK+zCH3AG/9zixSijwDYoLO0tidqDNZaJi8n 1Ozwnev1sugVGH/gQ7ewiCalqC96kCiCm23ro/4Jm4Ss9xcY/z52ahPtsBqz3kxD wSdDEAuB5TM89wyvdaJsVMJp2vaJPv2Q8riE6QJq1ZDnxbwkDA3M4DfiJO3i4Fj4 /kzmjTddyhFEZYB16dfXGkr1vEQ2T3wNarCuu+YxKK4Pqt5s+PNEXRq+obCM74dZ vF6lelrdIKuLwWs+GgyN4byzk14xF7VZgffcPupojwAM9OBVO/2bIBJYj0feaVQ= =VpgR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161116003120.GP17458%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 16, 2016 at 12:28:17AM +0100, yaqu wrote: > On Tue, 15 Nov 2016 23:06:48 +0100, yaqu > wrote: > > > You have tried to remove fedora-23 using dnf, while some appVMs still > > were using it as a template. Dnf has displayed an error, but also it > > has removed package, leaving it in qubes config (and not cleaning > > template's directory). > > Anyway, I think it should be considered as a bug. > > Steps to reproduce (assuming fedora-23-minimal is not installed): > > $ sudo qubes-dom0-update qubes-template-fedora-23-minimal > $ qvm-create -t fedora-23-minimal -l red test-vm > $ sudo dnf remove qubes-template-fedora-23-minimal Yes, you're right. Previously (before Fedora introduced DNF), failure in %preun script aborted the operation, now it results just in a message. Not sure if this is a bug of a feature of DNF... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK6ThAAoJENuP0xzK19csJe0IAJbIvs+gev4bIw8KhuRwLZY0 8UiCjHsBtqtcIdANlK7wmrSFVaz2CmOTofWSC5+8NrbQDmH5zdTWdF2EDUl/qfgQ SDgK42ZTz7D0yUwXu70GyZwHUh8Sd9frXakgGwWWRxmk2jyAm78mllnReIWsGgmD C9OJrdpxbw2mrTdoDR0YGXd3VOA8vWLvNshquQnyGgxwX05AMg36vBYtcmeB1FUR np0BEY4l0pCPUvzmoYGA3OzoTdTl6ueMQasVb7FOU0sPviekgCElM3puTY3Ii3gh 8demX6zl8KWDkaaz4RqTZpw5iGru37Qm+IkNkw1eh568CFXOhfCCuXucolKcYpg= =S/Lk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161116001424.GO17458%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2
On Tue, 15 Nov 2016 23:06:48 +0100, yaqu wrote: > You have tried to remove fedora-23 using dnf, while some appVMs still > were using it as a template. Dnf has displayed an error, but also it > has removed package, leaving it in qubes config (and not cleaning > template's directory). Anyway, I think it should be considered as a bug. Steps to reproduce (assuming fedora-23-minimal is not installed): $ sudo qubes-dom0-update qubes-template-fedora-23-minimal $ qvm-create -t fedora-23-minimal -l red test-vm $ sudo dnf remove qubes-template-fedora-23-minimal -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115232831.1615C2052A4%40mail.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 02:47:29AM -0500, Jean-Philippe Ouellet wrote: > On Mon, Nov 14, 2016 at 4:16 PM, Marek Marczykowski-Górecki > wrote: > > You can temporarily set sys-firewall netvm to none. This will allow you > > to shutdown/restart sys-net without consequences. Remember to change > > sys-firewall netvm back to sys-net afterwards. > > Good to know! I wish I'd thought of that earlier :) > > >> Curiously, the wireless didn't hang while i had the 4.4 kernel in > >> dom0, and now it hangs with 4.8 in dom0 and either 4.4 OR 4.8 in > >> sys-net. This does not make sense to me, but it is indeed what I have > >> observed. Perhaps it was also failing before and I just never noticed > >> because the whole machine would hang so often. > > > > I'd guess the later... When it hangs, does the suspend before takes > > usual not-so-long time, or is significantly longer? > > Assuming you mean "when the wireless card attached to sys-net appears > to hang, does immediately prior overall system resume appear to take > longer?" then I have not noticed that to be the case. I will try to be > more aware of that in the future. > > What do you suspect that makes you ask this? When suspending the system, dom0 ask each VM having any PCI device to suspend itself (properly suspending the device etc). But there is a timeout (AFAIR 30s) after which VM is simply paused. In that case, the device/driver after resume most likely will be confused... In some cases it reset the device and work just fine, in other cases driver reload is needed, or even VM restart. - - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? - -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK5PbAAoJENuP0xzK19csk2UH/AyXaXCdIRa8a9y0so5ZQjkB KijrMe6gn0zEZcQ3eFBLsSsHEl1wvN3tzY3uV/TA8iAzG3PhZ76Edcp6p7Nrifzp Cg+AtDGUk1oPJIQDLUIbEtyDAQztfy8HfYMHviS+HmqH6zL3DGUYO2D/10zaXrhu TTImi9EpSMMC2Z+LZGEtLf0fyFGZwvK3g5bN+Dzesav6EWNnku4uvw9PJgNtJFKb TVqcGh7Aqn7gyC1/ZpMHO9bevXsQ7A8Y5X05B4k5ptnghUWq3U/Z5qTHBAxsEILP XVp8x9SGRTMwib2Fi2HT4i8P26Y0M5bo/wGKrvZXKP5P/UPcsB+zf3tm5o2npqY= =pGQ0 - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK5R8AAoJENuP0xzK19csuaIH/0Wxb0SyDtOsw/IzE57vbAeA eKEBZcmK3i62iziHzLVX/Jnx72orPLH2rzFl9mQkeGmV+iqgmeQTcQSe5XHhJrjX xVfr5RqbFHEDK9pED22BvQI2biFt+L0HGyWQuTcDsQneXUMNBZldFKcrIJ/sPZ+Z e4FF42WLLwmXSa8aS8DMlcRQWLjoH3pgnhiSzNAYyTDCDeB9xWwzmsFClfP4RgAR 0pR4OW28439F/9EjUJR3fYymbi5CV/c8MLqUiniOTEr9FW1mn3Nr/rPaVXlzhnMJ y1hk97dl9wQRalTJEBwoXF+Wo1jqovIx9IaiGU2B3y8ao332yCAVa+qP+FPIUss= =wNCY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115230147.GM17458%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disposable VMs are not disposed of
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 02:37:14PM +, IX4 Svs wrote: > On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki < > marma...@invisiblethingslab.com> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Tue, Nov 15, 2016 at 12:34:19AM +, Alex wrote: > > > This is the second time I encounter this freaky issue on R3.1: > > > > > > Start a DispVM Firefox, login to a website, close Firefox, observe the > > disposable VM is gone from the VM manager. Fine so far. > > > > > > Launch a new disposable Firefox which creates a new VM with a different > > name (dispN) - notice with horror that you are already logged on to the > > website you had logged on to from the terminated VM. > > > > > > Surely this is not supposed to happen. How to troubleshoot? > > > > I believe you've hit this issue: > > https://github.com/QubesOS/qubes-issues/issues/2200 > > > > The issue is fixed in R3.2, but it hasn't been yet backported to R3.1... > > For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or > > other - depending on what template you use for DispVM) are owned by your > > user. Then recreate DispVM savefile with qvm-create-default-dvm. > > > > > All files in /var/lib/qubes/appvms/fedora-23-dvm are owned by my user, > group qubes - but volatile.img is -rw-r--r-- while all other files are > -rw-rw-r-- (so, group can't write to it). I changed this with chmod 664 > volatile.img but on running qvm-create-default-vm the permissions are reset > to their earlier state - and volatile.img is not group-writeable. > > Should people on R3.1 just chmod 664 volatile.img right after recreating > the DVM? Above permissions looks ok - if the file is owned by your user, being group writable does not matter. Maybe it was owned by root during previous qvm-create-default-dvm call, but now is ok? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK5IvAAoJENuP0xzK19csYscH/RskSBghAdBbvwZm/UMc69RP Raz6H3WRRRGCytN0Jfri+QiGWhQdugclWH2tyn9uUlzKFeNA4AE3GD7oT/bUc5Zf 8XJYV4JTWOEQN4TnfprDwksRQGyuPyfLAUUuiOyRqE2e2AaexXg7ZDTKNrQGG8qq X0+pV3nE1U7Fw4WclGIohFb6PCtUR8ILvJ4fzODnH97V2K65qP3+/LqmryeEMTMu 2rr1VsI+y2CDjp3b6vOQQdyeWbaMa/OrkK7rXG+TS2SCV2g6C8UhCWBCMZ8OSWZZ GEVrSH8yI0LgWSahbkN0biai68N+GDoGEFfKH/WkNhXBAUGr18Su6/R4FcIy0Ec= =yyJR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115225439.GL17458%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2
On Tue, 15 Nov 2016 09:14:46 -0800 (PST), Grzesiek Chodzicki wrote: > qvm-prefs does return true for installed_by_rpm, moreover using > qvm-remove causes the "this package was installed by rpm" message to > appear. In that case I think I know what has happened. You have tried to remove fedora-23 using dnf, while some appVMs still were using it as a template. Dnf has displayed an error, but also it has removed package, leaving it in qubes config (and not cleaning template's directory). The easiest (but not fastest, as it's time and network consuming) way to fix it is to reinstall template and then remove it: $ sudo qubes-dom0-update qubes-template-fedora-23 $ sudo dnf remove qubes-template-fedora-23 The hard, quick, and not sure if safe way is to edit /var/lib/qubes/qubes.xml file, find fedora-23 entry, and change its installed_by_rpm property to "False" (it cannot be done by qvm-prefs). Then remove it using qvm-remove: $ qvm-remove fedora-23 Good luck, -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115220701.C488D2055ED%40mail.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Does Qubes log login attempts?
On Tue, Nov 15, 2016 at 12:16:10PM -0800, RJ P wrote: > Also just learned the 'last' command - https://linux.die.net/man/1/last > Yeah I'm still sort of a nubie you can say. :-/ > try journalctl - you want the xscreensaver and audit units. e.g journalctl -t xscreensaver -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115212644.GB24354%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Intel TXT advice
So you know AFIAK OPOWER8+ systems have a emulation layer for x86 that works quite well, on the TALOS page you can see them playing a modern 3d game with it via pass thru video although obvious you wouldn't want to emulate a VMM. Xen isn't the be all-end all of virtualization, there are many other solutions and some of them work better. (I could never get pass thru video to work with xen, only qemu-kvm and I used libvirt for the management layer) There are plenty of non ME systems out there that are new enough to be useful for gaming, only AM4/FM2 have PSP but all the other AMD procs don't have PSP. The KGPE-d16 for instance is an opteron blob free coreboot/libreboot board that is quite nice for a performance workstation. For a laptop there is always the novena and a few other blob free ones, and if you don't want ME you can buy a non PSP AMD laptop. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/410acebe-d934-b6b3-6656-f24461c13ae6%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fresh R3.2 install, no /etc/default/grub
On Tue, Nov 15, 2016 at 3:48 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > I guess you have installed the system in UEFI mode. In that case, kernel > parameters are in /boot/efi/EFI/qubes/xen.cfg. Hi Marek, Thank you for the quick response. That hint and a bit more searching helped me find this earlier discussion on the mailing list: https://groups.google.com/forum/#!msg/qubes-users/KTRlrc9vC1U/ajxXQtBPBAAJ Editing xen.cfg and then relocating the initramfs produced by dracut solved the problem. Perhaps someone with permission could add a link to that discussion to the wiki page. Thanks! Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPSgt5n7GNcAC7-1LDWaJGVwtyhOL_zYxzNntvXmTFP%3D4Goxpg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] PAM errors after disabling password-less root
On Tue, Nov 15, 2016 at 02:26:12PM -0500, Chris Laprise wrote: > On 11/15/2016 07:20 AM, Unman wrote: > >On Tue, Nov 15, 2016 at 11:55:13AM +, Unman wrote: > >>On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: > >>>Following the instructions for the 'vm-sudo' doc, I get the following error > >>>in Debian 9: > >>> > >>>/usr/lib/qubes/qrexec-client-vm failed: exit code 1 > >>>sudo: PAM authentication error: System error > >>> > >>> > >>>Also, in the Debian 8 template the instructions don't match, as there > >>>appears to be no file '/etc/pam.d/common-auth'. > >>> > >>>Chris > >>> > >>Where did you get that template? The file is present in the default 3.2, > >>and even in a minimal-no-recommends template for Debian-8. > >> > >>I'll look at the Debian-9 issue now. > >> > >I'm afraid I don't see this issue in a Debian-9 template. > >Can you check your editing? > > > >Also, try manually running the qrexec-client-vm dom0 qubes.VMAuth > >command, and making sure you get the expected output. > >You should see the prompt(from the policy) and then output from dom0. > > > >unman > > > > Thanks for checking. However, I triple-checked my editing in Debian 9 and > Debian 8 template is 'stock' basically nothing added to it. > > The qubes.VMAuth request said 'Request refused'. The doc appears to have a > typo for the second command in Step 1. "Adding Dom0 “VMAuth” service" that > causes '$anyvm' to disappear from the output. This line should use single > quotes instead. > > Chris You're right about that typo. Once you fixed it what happened? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115210433.GA24354%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fresh R3.2 install, no /etc/default/grub
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 12:30:44PM -0800, dmoer...@gmail.com wrote: > Hi, > > I just completed a fresh R3.2 install on a Lenovo X1 Carbon 3rd generation > (20BSCT01WW). Thanks to all the devs for their amazing work on this release. > So far as I can tell, everything works out of the box. (One of my favorite > features is the ease of implementing VM-by-VM VPNs.) > > I want to enable TRIM for the SSD, following > https://www.qubes-os.org/doc/disk-trim/. However, there is no > /etc/default/grub in dom0. I realized that grub2-tools is supposed to provide > /etc/default/grub and grub2-mkconfig. So I installed that in dom0. But there > is still nothing in /etc/default/grub. Where can I find the default > /etc/default/grub file? > > Thanks for any help you might be able to provide, I hope to pass it on in the > future to other users. I guess you have installed the system in UEFI mode. In that case, kernel parameters are in /boot/efi/EFI/qubes/xen.cfg. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK3SPAAoJENuP0xzK19csnegH/iEE/W0XJMQEi5WgFQFVzHKM 1xWxGpdHgRKbTWWTHxoTm7yN6GHCDLoVOVtK4jlVjo+PMGOqUDZ5gKYhIiZhWnAs zoS1B/1v4hAHJrzbhXt9akQ2WcifTqBdU+czsP4+mUOJiiZrbATnnJrdRtEPdeLt NnoIGA9+pHtZjQfFGyeYAVO3d8n47+z0TSD1TGH9pGYzWU+8XhY+ryOs5cOUv3XJ qfLAd1RK6NfIMlNNK9fuUC7KOTDfK1ePLiwQFkQkdusUyyS8FJn/oTHyAAV0d6N1 hFTOLPS6LuckDJsLOZYLtUlzgdBuF9dN4GY7lslB4AIL5cy5i3R2AufmHQ7hIQw= =U9KN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115204815.GD3417%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fresh R3.2 install, no /etc/default/grub
Hi, I just completed a fresh R3.2 install on a Lenovo X1 Carbon 3rd generation (20BSCT01WW). Thanks to all the devs for their amazing work on this release. So far as I can tell, everything works out of the box. (One of my favorite features is the ease of implementing VM-by-VM VPNs.) I want to enable TRIM for the SSD, following https://www.qubes-os.org/doc/disk-trim/. However, there is no /etc/default/grub in dom0. I realized that grub2-tools is supposed to provide /etc/default/grub and grub2-mkconfig. So I installed that in dom0. But there is still nothing in /etc/default/grub. Where can I find the default /etc/default/grub file? Thanks for any help you might be able to provide, I hope to pass it on in the future to other users. Best, Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/558124b9-f75b-46df-bbe0-564fe560c83e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Does Qubes log login attempts?
Also just learned the 'last' command - https://linux.die.net/man/1/last Yeah I'm still sort of a nubie you can say. :-/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88553fde-4781-4371-aa83-89d35f543f7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Does Qubes log login attempts?
OK, never mind about the login attempts I found them. They are in /var/log/lightdm/lightdm.log But I still need the xscreensaver login attempts log. Also the lightdm.log only displays [+69.22s] and not the time and date. Is there a way to change that? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d4fb429-c6dd-4b3e-9735-76b0663b86f9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Does Qubes log login attempts?
I can't find in dom0 /var/log where my login attempts are (failed or successful) or xscreesaver login/unlocks logs are stored. Is Qubes setup to do this automatically or do I have to configure something in order for it to log those. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da4af4ea-d6e1-449b-b262-92da89e8166b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] PAM errors after disabling password-less root
On 11/15/2016 07:20 AM, Unman wrote: On Tue, Nov 15, 2016 at 11:55:13AM +, Unman wrote: On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: Following the instructions for the 'vm-sudo' doc, I get the following error in Debian 9: /usr/lib/qubes/qrexec-client-vm failed: exit code 1 sudo: PAM authentication error: System error Also, in the Debian 8 template the instructions don't match, as there appears to be no file '/etc/pam.d/common-auth'. Chris Where did you get that template? The file is present in the default 3.2, and even in a minimal-no-recommends template for Debian-8. I'll look at the Debian-9 issue now. I'm afraid I don't see this issue in a Debian-9 template. Can you check your editing? Also, try manually running the qrexec-client-vm dom0 qubes.VMAuth command, and making sure you get the expected output. You should see the prompt(from the policy) and then output from dom0. unman Thanks for checking. However, I triple-checked my editing in Debian 9 and Debian 8 template is 'stock' basically nothing added to it. The qubes.VMAuth request said 'Request refused'. The doc appears to have a typo for the second command in Step 1. "Adding Dom0 “VMAuth” service" that causes '$anyvm' to disappear from the output. This line should use single quotes instead. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/33faf03d-b963-7136-2b73-6badc75f9efb%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)
I found it hung again today with pulsing power button and no 100% fans this time to alert me to suspend problem (just a hot backpack). The old failure symptoms appear still present, but nowhere near as frequent. I'm honestly surprised I still haven't noticed any problems due to file-system corruption. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_DYW8msmeZjUGnuoNbLqLZ6vxowDi3bFaTY4U0sociktw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installing VPN in Qubes Versus VPN on a Router
On Tuesday, November 15, 2016 at 1:54:24 PM UTC, amadaus wrote: > amad...@riseup.net: > > We see much correspondence in these forums about installing a VPN within > > Qubes. Surely, the most secure place for VPN is to install on a Router? > > I say these things after reading the following paper [ > > https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of > > hackers demonstrate that the majority of routers (in-particular those > > provided by ISP's] have backdoors to government agencies. These > > adversary's are able attack our LAN and its devices; including the > > ability to intercept VPN and Tor traffic. > > The solution they say is to isolate these rogue routers in the > > Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by > > installing a 2nd router [flashed with open source firmware such as > > OPenWRT]. It is here, on the router, that we should enable and run OpenVPN. > > Thoughts on this paper and it's conclusions are welcomed > > > Thanks everyone for your contributions. > Implicit in most of your replies is a distinct distrust of the > modems/routers provided to us. > If anyone is interested, the solution we adopted to securing our LAN is > copied from this blog; > https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/ > This guy uses a couple of cheap routers loaded with OpenWRT which sit > behind his infected Modem. His 2nd routed utilises OpenVPN Client and is > configured to protect "high value" devices. > We've successfully copied this configuration and it seems!! to work. - > unless you know better?? Sorry, I took your thread for a bit of a detour. Going back to your original post: > Surely, the most secure place for VPN is to install on a Router? Joanna might disagree with that for the same reason she posits that VMs connected via Qubes networking may be more secure than physical machines separated by a potentially vulnerable TCP/IP stack. (http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) Generally speaking, it seems to be a good idea to isolate your public-facing network adapter from your firewall and proxies (vpn). Whether it's best to use Qubes, other hypervisor, physical devices, or driver domains as taiidan suggested; I don't know. As with all things security-related, the solution that works for you will depend on your threat model, which you haven't described. Certainly, I would question the credibility of a blog that claims to have a setup that is "NSA-proof". Most of the changes recommended in the blog are simply shifting trust from your ISP to other 3rd-parties: OpenDNS, VPN provider, etc. Make sure that's what you want since everyone involved is only guaranteeing "privacy by policy." * Using OpenDNS does not protect your kids from inappropriate content. That's just bizarre. * If you distrust your ISP enough to require a VPN, why allow the ISP to see any unencrypted traffic at all? Blogger only uses VPN for some "sensitive" traffic because he doesn't want the rest subjected to geographic blocking. Why not just use a VPN that exits in the country where it's needed? If your activity is so sensitive that you can't exit, for example, in a 5-Eyes country, then you should be using Tor - because again, a VPN is just "privacy by policy". * You may want to confirm that the VPN is set to fail-closed (ie not allow traffic when VPN goes down.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/998af77c-92a6-4e90-8be8-ab3c9e822d6e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2
W dniu niedziela, 13 listopada 2016 23:26:10 UTC+1 użytkownik yaqu napisał: > On Sun, 13 Nov 2016 12:30:25 -0800 (PST), Grzesiek Chodzicki > wrote: > > > W dniu niedziela, 13 listopada 2016 20:54:06 UTC+1 użytkownik yaqu > > napisał: > > > > > > It looks like you do not have this package installed (or you have > > > executed this command in VM instead of dom0). > > > > > > To get a list of templates installed from rpm in dom0, you can use > > > this command: > > > [user@dom0 ~]$ rpm -qa | grep template > > > > I did execute it in dom0, fedora-23 was installed by default when I > > installed Qubes on my PC. > > Please, check if your fedora-23 template was really installed from rpm > (and it wasn't cloned from previous version and upgraded to f23): > > [user@dom0 ~]$ qvm-prefs fedora-23 | grep rpm > installed_by_rpm : True > > You can also check this using Qubes VM Manager (in VM settings, tab > Basic, under "General"). > > If your fedora-23 template was not installed from rpm, you can remove > it using Qubes VM Manager or using command: > > [user@dom0 ~]$ qvm-remove fedora-23 > > -- > yaqu qvm-prefs does return true for installed_by_rpm, moreover using qvm-remove causes the "this package was installed by rpm" message to appear. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f34cec9e-bbaa-419c-b612-e1d583dfe051%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] isolated workflows - image converter - trusted jpg
Hello, thanks for the feedback, now I can understand the behavior. I would appreciate very much the same isolated work low for pictures / graphics like the PDF and the overwriting helps to keep the disk size tiny and the appendix secured really help to organize the files from the first step. Now I deleted manual the unsecured files and proceed with my work-flow and so I don't know, which files are now processed and which one are still waiting... Very nice is, that I can select more than one file and run this task in the background: Select & forget Many times photos get compressed better via JPG and grafics via PNG, I have seen also in other tasks very oversize huge files, if the format is not fitting to the content - I think this would be good to keep it in mind, so the quality should be ok and the size tiny - if possible. Thanks and Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dda700db-488b-4e01-b3a5-6c4599fd0a1b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On Tue, Nov 15, 2016 at 03:39:15PM +0100, Zrubi wrote: > On 11/15/2016 02:46 PM, Andrew David Wong wrote: > > > Licensing is a tricky issue. I'm not sure whether the Windows license > > allows you to clone Windows VMs or to run multiple Windows AppVMs from a > > single Windows TemplateHVM. That's a question for the lawyers. Maybe others > > around here have information about it. > > If we are talking about a normal (OEM) desktop license you are allowed > to RUN a SINGLE instance of windows VM. > > This means you are fine with running a single HVM instance. > > > Because of windows OS licencing is bound to the hardware. In case of > qubes, the hardware is a virtual one. Moreover if you are try to run a > template based windows you will face a technical issue You can't > activate your windows permanently, because: > > - activate the template itself > One may think that this should be ok. and it is. Your template will be > activated - but You only use the template for OS updates. Once you start > an AppVM based on this template, that's gonna be a NEW virtual hardware > which will break the activation. > > - activate the AppVM > You can do it for sure. However you have to do it on EVERY startup. Not > sure how many activation will be tolerated by Microsoft. > > > Conclusion: > Windows is not designed to be run as a template based VM. > > > > -- > Zrubi This is true for oem licenses. It would be possible to acquire an add-on under Software Assurance and run up to 4VMs, and that is probably the best route to follow for template based Windows qubes. In a business environment this might already be available. N.B, if you want to connect to MS server products from multiple VMs that could open a separate can of worms. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115151758.GB21534%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] isolated workflows - image converter - trusted jpg
On Tue, Nov 15, 2016 at 06:00:21AM -0800, '091823'04918'032948'1093248018243 wrote: > Hello, > > wow cool, I found out that now QR32 also can convert pictures into a trusted > image. > > Only I got confused, because after the conversion, I got two files: > > i) xy.jpg > ii) xy_untrusted.jpg > > In the PDF work flow it was the opposite: > > i) xy.pdf > ii) xy_trusted.pdf > > I liked the last work flow much better, because after the conversion, I can > see it, that this conversion took really place! > (especially after the copying around from files, so it will be easy to lost > the overview...) > > I don't found some docu for the untrusted.jpg, this means I must wipe the > xy_untrusted.jpg and keep the xy.jpg, which is now the 100% dead jpg picture, > right? > > Merci for this very nice new feature and Kind Regards > > > > > P.S. Do I need also some Safty Linux Converter fro MP3 and MP4, or are this > files always 100% dead, without any kind of embedded objects by default? > Yes, you're right - they are handled and named inconsistently. Perhaps this should be changed. Also, if I remember correctly, the pdf converter will arbitrarily overwrite another PDF with the same name. It's up to you if you keep the original "untrusted" image. There might be value in that. As to mp3/mp4, absolutely NOT dead, and can easily carry embedded objects. Definitely not to be trusted. If you are concerned always open them in a dispVM. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115143553.GA21534%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
On 11/15/2016 02:46 PM, Andrew David Wong wrote: > Licensing is a tricky issue. I'm not sure whether the Windows license allows > you to clone Windows VMs or to run multiple Windows AppVMs from a single > Windows TemplateHVM. That's a question for the lawyers. Maybe others around > here have information about it. If we are talking about a normal (OEM) desktop license you are allowed to RUN a SINGLE instance of windows VM. This means you are fine with running a single HVM instance. Because of windows OS licencing is bound to the hardware. In case of qubes, the hardware is a virtual one. Moreover if you are try to run a template based windows you will face a technical issue You can't activate your windows permanently, because: - activate the template itself One may think that this should be ok. and it is. Your template will be activated - but You only use the template for OS updates. Once you start an AppVM based on this template, that's gonna be a NEW virtual hardware which will break the activation. - activate the AppVM You can do it for sure. However you have to do it on EVERY startup. Not sure how many activation will be tolerated by Microsoft. Conclusion: Windows is not designed to be run as a template based VM. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd40817b-6a1b-06dd-4ea8-4939b13616c9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Disposable VMs are not disposed of
On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Nov 15, 2016 at 12:34:19AM +, Alex wrote: > > This is the second time I encounter this freaky issue on R3.1: > > > > Start a DispVM Firefox, login to a website, close Firefox, observe the > disposable VM is gone from the VM manager. Fine so far. > > > > Launch a new disposable Firefox which creates a new VM with a different > name (dispN) - notice with horror that you are already logged on to the > website you had logged on to from the terminated VM. > > > > Surely this is not supposed to happen. How to troubleshoot? > > I believe you've hit this issue: > https://github.com/QubesOS/qubes-issues/issues/2200 > > The issue is fixed in R3.2, but it hasn't been yet backported to R3.1... > For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or > other - depending on what template you use for DispVM) are owned by your > user. Then recreate DispVM savefile with qvm-create-default-dvm. > > All files in /var/lib/qubes/appvms/fedora-23-dvm are owned by my user, group qubes - but volatile.img is -rw-r--r-- while all other files are -rw-rw-r-- (so, group can't write to it). I changed this with chmod 664 volatile.img but on running qvm-create-default-vm the permissions are reset to their earlier state - and volatile.img is not group-writeable. Should people on R3.1 just chmod 664 volatile.img right after recreating the DVM? Thanks Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTcfU6%2B4L5KZOjCpaB5UQfo%2BjhoD-%2Bu5SgPoWHVqA-caiQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] isolated workflows - image converter - trusted jpg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-15 06:00, '091823'04918'032948'1093248018243 wrote: > Hello, > > wow cool, I found out that now QR32 also can convert pictures into a trusted > image. > > Only I got confused, because after the conversion, I got two files: > > i) xy.jpg > ii) xy_untrusted.jpg > > In the PDF work flow it was the opposite: > > i) xy.pdf > ii) xy_trusted.pdf > > I liked the last work flow much better, because after the conversion, I can > see it, that this conversion took really place! > (especially after the copying around from files, so it will be easy to lost > the overview...) > > I don't found some docu for the untrusted.jpg, this means I must wipe the > xy_untrusted.jpg and keep the xy.jpg, which is now the 100% dead jpg picture, > right? > > Merci for this very nice new feature and Kind Regards > That does indeed appear to be an oversight. Tracking here: https://github.com/QubesOS/qubes-issues/issues/2437 > P.S. Do I need also some Safty Linux Converter fro MP3 and MP4, or are this > files always 100% dead, without any kind of embedded objects by default? > I think it's fair to say that *any* time complex input is being parsed, there's the potential for malicious input to be crafted to exploit a bug in whatever program is doing the parsing. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYKxxXAAoJENtN07w5UDAwAJIQAItCCYhGa7ry9GOEZRdXE9ps cfSov4ghYnNFA1K1aZATxJa6h9h2v5GbdYhZGPIFE1Bp5kqghZ2Rfhl/S5koIY4I XaWypv1gWAX95I3eG7WGX03sBp2tfSufe8yqJjevzXlttgS/Lg2fOnFmPPGGbS99 WV0KIXd+SFkG4NZ2EfN/dTA6ST0NlszaR680ZAa36ii9GVGMdWL3DqhjEslYYhWi alYrqdD9odKq92uGNRFw8jA0+iSwYIICzCfDbLr0HKBy/8bCmYzGBLCCsa/HixN7 ek6PdZP9d6ZrcbeYt50hkar+RrC617Xj7k696XXiArkfD97NIweMYb4ksC8rcntm zytsnLj72mXq1RJoxQFsOn73jmCfSbSktuQzFhDXarhh9nXDwgPtAfJLFKPs4fX+ U3odhxPuVPjKGtcXvUE3oxkePBSYUAW4tn1wVmjUgwpuYXh/dLKWuc2RgoPiCVWC JsL/jzPY/ze8P2nHkBF/4Kj5nvJQEYLjtoueYCAJVPOdYUqGuZ2xP84vrpoNM/CN YVQsminN6jOUOrP+nrmtffzupkCJ6gIig4kY/cdBRcxTgNlrQsnsSG4Ot1iUeQ6w CIONUm4rq3BbwvUCujO2wetaPY+k0eqyFSkwSHOKOJLI9YdfTBoi3Jxr2jkRfcBI DKVSjVCjqskcykYAuoPB =nsan -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cac380f-0b2d-d7df-249b-64de24b985d9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] isolated workflows - image converter - trusted jpg
Hello, wow cool, I found out that now QR32 also can convert pictures into a trusted image. Only I got confused, because after the conversion, I got two files: i) xy.jpg ii) xy_untrusted.jpg In the PDF work flow it was the opposite: i) xy.pdf ii) xy_trusted.pdf I liked the last work flow much better, because after the conversion, I can see it, that this conversion took really place! (especially after the copying around from files, so it will be easy to lost the overview...) I don't found some docu for the untrusted.jpg, this means I must wipe the xy_untrusted.jpg and keep the xy.jpg, which is now the 100% dead jpg picture, right? Merci for this very nice new feature and Kind Regards P.S. Do I need also some Safty Linux Converter fro MP3 and MP4, or are this files always 100% dead, without any kind of embedded objects by default? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b5d7c23-3499-4f2e-adda-de6277d1d2d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installing VPN in Qubes Versus VPN on a Router
amad...@riseup.net: > We see much correspondence in these forums about installing a VPN within > Qubes. Surely, the most secure place for VPN is to install on a Router? > I say these things after reading the following paper [ > https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of > hackers demonstrate that the majority of routers (in-particular those > provided by ISP's] have backdoors to government agencies. These > adversary's are able attack our LAN and its devices; including the > ability to intercept VPN and Tor traffic. > The solution they say is to isolate these rogue routers in the > Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by > installing a 2nd router [flashed with open source firmware such as > OPenWRT]. It is here, on the router, that we should enable and run OpenVPN. > Thoughts on this paper and it's conclusions are welcomed > Thanks everyone for your contributions. Implicit in most of your replies is a distinct distrust of the modems/routers provided to us. If anyone is interested, the solution we adopted to securing our LAN is copied from this blog; https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/ This guy uses a couple of cheap routers loaded with OpenWRT which sit behind his infected Modem. His 2nd routed utilises OpenVPN Client and is configured to protect "high value" devices. We've successfully copied this configuration and it seems!! to work. - unless you know better?? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/015a80f8-3cf1-1efc-54fb-e42a3ef3d47e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] CVE-2016-4484: Cryptsetup Initrd root Shell
Is it possible attack scenario with Qubes OS? http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html#impact -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50fad1de-35b5-4fc0-b75c-695943ee5d9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] recommendation for a laptop to use windows in qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-15 03:52, pixel fairy wrote: > management is interested in qubes, but still need windows for some tasks. > this means buying a laptop that comes with windows, but still can run qubes > well. any recommendations? any license issues to be aware of? > As far as I'm aware, any laptop with VT-x should be able to handle a Windows VMs, and in general, most laptops comes with Windows. So, you're basically just looking for a laptop that has good Qubes compatibility. Take a look at the following: System Requirements: https://www.qubes-os.org/doc/system-requirements/ Hardware Compatibility List (HCL): https://www.qubes-os.org/hcl/ If you plan to be using the same machines for Qubes 4.x, you should also take into consideration the updated requirements for Qubes-certified hardware, which will go into effect for 4.x: https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ Licensing is a tricky issue. I'm not sure whether the Windows license allows you to clone Windows VMs or to run multiple Windows AppVMs from a single Windows TemplateHVM. That's a question for the lawyers. Maybe others around here have information about it. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYKxG1AAoJENtN07w5UDAw0K8QAL6Be8uc70CalsVbMGR1A49y rbf12cEp9kcaQdJl0zaGJhoD+UEGA3PbiSWDb2BwryMOyHPHdNLPysmVPDiE4NSh gtFJbxxeXI9EoR1gm2TQewrkEMSYhQWPkGoRLZ5otWQuAmCLEtBcT7nrKKQXkENP ZmmnjIjtYHXNAPL9Pcs5UMwBkuipQFEYQluXyn/cW7248qKupq4fgcNnU7R1kaKi vIWHBHlZUvYtZwjM+dYrcn5tSAN56iioIcdFngl6UtzHIObKXX3olENtVQHPSEvu cjkOic9EyHs+n9RiKLqyRzGH5E++OJBvW+doju1oURGbqSCugXWOa7ApdwqTZqeO Z4E/FCLExuL+sUEWBDIvAAH2fT7IclOoXPtEoTiLbi76isKO38F7YiC+RyoraJZM RaHTSPsZzYoEOwkzS1gqiw83kSFiKsRJO6ko/H7feGshDmHht1fW/D7JfJ9qrZ7a /oc63EmcqIYr5dAl3LIEebcJaG+QZsbVKNB+oVqAwN1uq2BKHRfVnNmEzbUyByCV AYv65IoPYYV5N3RcTKfLCc8/wPWXZw445K4kPg5SXUNjTr2UGp6WX7bYhnQpWJre vvs8jn9UNDtOEXwiK/5B0gx6PKpGoW8Q75n771Ti5yOMPbPzvCK7mWB/nr4lMp20 VhLBMNEItM8JRIC9taq+ =lTFN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4cdc9b09-77c3-a924-8c3d-fe26e28a71e8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] PAM errors after disabling password-less root
On Tue, Nov 15, 2016 at 11:55:13AM +, Unman wrote: > On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: > > Following the instructions for the 'vm-sudo' doc, I get the following error > > in Debian 9: > > > > /usr/lib/qubes/qrexec-client-vm failed: exit code 1 > > sudo: PAM authentication error: System error > > > > > > Also, in the Debian 8 template the instructions don't match, as there > > appears to be no file '/etc/pam.d/common-auth'. > > > > Chris > > > > Where did you get that template? The file is present in the default 3.2, > and even in a minimal-no-recommends template for Debian-8. > > I'll look at the Debian-9 issue now. > I'm afraid I don't see this issue in a Debian-9 template. Can you check your editing? Also, try manually running the qrexec-client-vm dom0 qubes.VMAuth command, and making sure you get the expected output. You should see the prompt(from the policy) and then output from dom0. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115122028.GA20798%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] PAM errors after disabling password-less root
On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: > Following the instructions for the 'vm-sudo' doc, I get the following error > in Debian 9: > > /usr/lib/qubes/qrexec-client-vm failed: exit code 1 > sudo: PAM authentication error: System error > > > Also, in the Debian 8 template the instructions don't match, as there > appears to be no file '/etc/pam.d/common-auth'. > > Chris > Where did you get that template? The file is present in the default 3.2, and even in a minimal-no-recommends template for Debian-8. I'll look at the Debian-9 issue now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115115513.GA20562%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] recommendation for a laptop to use windows in qubes?
management is interested in qubes, but still need windows for some tasks. this means buying a laptop that comes with windows, but still can run qubes well. any recommendations? any license issues to be aware of? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87cd4812-5707-473a-89e6-adfbeb9fd33a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] PAM errors after disabling password-less root
Following the instructions for the 'vm-sudo' doc, I get the following error in Debian 9: /usr/lib/qubes/qrexec-client-vm failed: exit code 1 sudo: PAM authentication error: System error Also, in the Debian 8 template the instructions don't match, as there appears to be no file '/etc/pam.d/common-auth'. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c39f545-b517-3c16-3312-6a3cf39976ba%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] EFI / UEFI guest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 07:22:15PM -0800, TheGrandQubes wrote: > Hi, > > I was wondering what the status is for allowing for EFI / UEFI guest VM (ie > an appvm or HVM being able to use EFI rather than bios). > This feature seems to have been implemented in Xen 4.4, "but not build in by > default" whatever that means. Here is the reference: > https://wiki.xen.org/wiki/OVMF > > Is there currently a way to make OVMF work in Qubes? Or another way to use > EFI for an HVM instead of Bios? Currently it isn't possible, because the only qemu version supported in stubdomain is the old qemu-traditional. We're working on getting new version there in Qubes 4.0. If we manage to do that, it will be simpler to have OVMF working, but will still require some work - currently not on the roadmap for Qubes 4.0... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYKtJ5AAoJENuP0xzK19cscasH/0O4TRk07t0o7CodEs1PL1I6 S63BPssWC9YrNC5XHGS/4DmPseoEA1oeWiDW3sFSd5oaPAVrUh0dHIaEKh+8pKmY RMGWVNa+CAW/bAl7a6241DBdnIQKXE03lOXLQ5oN0gUS0RF/zZOW3FDfPJEGmNS1 cDI3NZSvBDcb13Ufpi4gjzQEjR5Phv7nmKmBiAlQ477AsZ34hQf1VniOBPMM+pYj Hn3XtQrFBtVGCeyRt7AtI7lAaiDMOO4NnP6S7anx4cW1R/s8r4uvLzELUvgNWaOs 7Phm/aruCeEiJGudDT2g+FTjvTAbTsXP0kHyGlmreDPsQQmgr9r7SECJ2d1EhGQ= =WTJS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115091641.GD17458%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Attaching a block to a DVM in dom0 script
Thank you, it seems to do exactly what I was looking for. (I will probably use trap in order to ensure the DVM is destroyed.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/369f094a-fb07-4163-960e-de62f8c26f05%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disguising Qubes VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-14 17:02, Sec Tester wrote: > A thought on security through obfuscation. > > Right now in terminal is you type: "uname -r" we get the kernel version, > which has "qubes" in the name. > > Straight away the attacker, knows he's dealing with a qubes VM. Could we not > name the kernels to match their original OS? > > And following that same concept, disguise any other tell tale signs this is a > VM on Qubes. QubesIncoming, could just be called received. Use non qubes > unique process or packet names. This would also include renaming Xen stuff. > Hiding any obvious qubes unique directories deeper into the file system. > > Of course if an attacker specifically tries to tell if they are in a VM its > impossible to 100% hide it, but if an attacker does a quick check and thinks > they're on a standard debian desktop, memory attacks & dom0 are never a > target. > > Just an idea. > In addition to what Marek and Unman have said, I'd just like to point out that, currently, there's no guarantee of privacy (in the sense of a concerted effort to achieve non-fingerprintability) in any VM that is not a Whonix VM. When you require privacy, use a Whonix VM. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYKs//AAoJENtN07w5UDAwhEEP/3pzpBhQVSSmPlkVtSLngNb5 zF1jk2pSEuxkdm1pmguc9MnCERqqyjpaE9xWZAASE1l2+d1ra4CeL4hi0gdN4RC2 AFp2CPOLT6QcAVzmJX6g+GS/nmv0eseeSPxKAwYdfEWgbC0dNXAya+45lalSX07R 1nBonpZKaKqq2nXVuCt3DoDbiCv7g8ko3BeC59loJreizGLpqDaxv63O8nsQBEfR ylKYUkarVWHKFjv59gRyc7BI5LFa9uc09CW7AkIODsVWAeVUkPvu+54wZKjuChIf kfaz+PsMrhTeCqUftl9ldsXKoUltDfWOoZX/nTlGR4pkLmwOEm4bZuWHFD4fEnUW uX/5ou/xs0ZEeHbnd51/4i0yQeIeb1cnskuEMnKHL8aSRwLvdOCYbYuwcEis124v TCRRwY9j1F6MDdO/owvJaBIwM9UbXWszLWDe/lELRt5C4AdUNyWPzL3jyH3o8aqi SAk6gd3PM0Q0uVkKARpDIK95KiGvI/fY3MbQYDEKu84aORysPBUdCANW1jZTl4rD Lln5xrDZHVPSIOFWmh8fk+8xKrDMb7R16BWvK8i2QGNbKs60DFxkl+yOgwAk9u8Z dy6pNI8LompgzctlMastFGs0KObx+k00w6qWQQ2Z3JcafTnVXkxL8EedOUikEcwH h0xhozZvhDreRPSYPydJ =4exQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdd34ebe-7dcc-794a-3814-1000fff77482%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] macbookpro 11,3 installer keeps returning to grub menu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-14 11:25, pixel fairy wrote: > just what the subject line says. there is an error message, but it flashes by > too fast to read. all four choices have the same result. > > hardware is late 2013 15" retina, 11,3 > Does this thread help at all? https://groups.google.com/forum/#!topic/qubes-devel/uLDYGdKk_Dk/discussion (Also worth noting: https://www.qubes-os.org/doc/macbook-troubleshooting/) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYKs5kAAoJENtN07w5UDAweXAP/3zQvD4wZpIDPGB6Pr+urxKn 0RB5CG6npOzFCa3gDsSiA7f7OgSRE6PaWLQZN2pWZz7ur3X79zDBr4d/2tscHstb YbNm+PkHMImxJo+BcPZfyX+F8Wfe8emzRvHL5OpqTSIU570al7VMmzFTgTR8V3jH YvHrQZILM/oFuQ/BwZZ7r4p3ygTP+5MM+HruqVAoOXy31BLLx3BGXIhqj1trXLJ9 lzM8H75y+fSx/6PWjN3TD6/qDibV04UfsV+BlggCOwHRhi1h0yYFAobMRq508OQl XjIZcfIblw6ocS1jk2Hfoim4s22RvMkqHDri6J2AAjM9CmYBCKvn5o4xmOpS5f7h ZAZAaYqo8xC5OZS4apI3aK8geh+tHxfZ9e/qC67n5Z1I38/qqciSDVgS23th539m ISnEFt/m0PnfPoKhgA4eYAQiF58z+XoWt+h/n3GWnrGmPy2Z5zSOfUzb7kEENmjI iMCeWuYlvCCWV0e8kC1ixBXeX1BBbxJV0620SEPlago1EdYCX4SAjwVNNHYkRHhC Pw3oSWORlVf3gxljr9msI82GQq359Lg+TIEuw3vCJm4arpCULj0/WXVpLUIHk9JI MvtkNe0WkuTLqIG5Z20Ln8czHty257Cn/5MWcWNEZkwiPQLNdbN6a8jsuDBBRgnS hrGNcfw+og08MKzJhW9m =UABK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cccac690-7e3c-c5f6-f053-1a6ee3457b7a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.