[qubes-users] Unable to install SEH UTN Manager in Win7 hvm

[Jarle Thorsen]

I am unable to install SEH UTN Manager 
(https://www.seh-technology.com/fileadmin/user/downloads/deviceserver/tools/sehutnmanager-win-3.0.21.zip)
 in my win7 hvm.

I have tried both with/without QWT installed.

The problem seems to be related to signing of the driver, see attached 
screenshots.

I never had any problems getting this working outside of QubesOS, so I'm 
guessing this is a QubesOS/XEN limitation?

Feel free to download and install SEH UTN Manager from the link provided.

Hope somebody is able to explain why this is failing in QubesOS, and if there 
is a way forward?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f2328b4-e397-4e84-a566-c06cd3d09f2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: beginner trying to choose a laptop question

[pixel fairy]

On Monday, November 21, 2016 at 11:45:10 AM UTC-5, Warren wrote:
> I'm looking at the "HP Laptop 250 G5 (X9U07UT#ABA) Intel Core i5 6200U (2.30 
> GHz) 8 GB Memory 256 GB SSD Intel HD Graphics 520" at 
> (http://www.newegg.com/Product/Product.aspx?Item=N82E16834266056_re=HP_Laptop_250_G5_%28X9U07UT%23ABA%29-_-34-266-056-_-Product).
>  
> ark.intel.com says that VT-d and VT-x is supported by the processor but I 
> can't find out, so far, whether it's actually enabled or can be enabled. 
> HP site says the chipset is intel SoC. 
> 
> Would anyone care to hazard a guess as to whether or not I could use this 
> laptop to run qubes?
> 
> Thanks

as long as you can get to the bios, that part should work. you might have to do 
this, http://linuxbsdos.com/2016/11/05/disable-secure-boot-on-hp-250-g5-laptop/

8 gigs is pretty tight for qubes, if you get this one, you'll want to upgrade 
to 16.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/44932c61-6bb7-4233-8857-e1c43ac74016%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes OS 3.2 Installation Issues: anaconda 'text mode' Installation Destination autopart failed LUKS

[pixelite25]

Device: Lenovo ThinkPad L450 modified with OCZ Trion 150 (480GB) SSD
Installation Setup: USB Drive with prepared ISO, using Basic Graphics mode 
under Troubleshooting due to system lockup in GUI mode.

Primary Problem: When trying to setup partitioning, and selecting either 
Standard or LVM, this error occurs: "storage configuration failed: autopart 
failed: Encryption requested for LUKS device sda2 but no encryption key 
specified for this device.

Could this have something to do with the fact that the original SSD had OPAL 
2.0 and the replacement SSD does NOT have that feature? Am I unable to use the 
OCZ drive as a result, or is this something entirely different.

Background: I am a first time user of Qubes OS and have only marginal 
experience with installing any type of Linux disto. I'm mostly a Windows guy, 
where things like this 'just work' usually.

Thanks for the support.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/311e16d5-abda-4fae-a28b-fde34d7b45ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Warning when launching applications

[Salmiakki]

On Tuesday, November 22, 2016 at 8:14:04 PM UTC+1, Loren Rogers wrote:
> I'm not sure if this is the expected behavior. When a VM is starting up, 
> if I launch an application from the Applications menu, it gives me this 
> error:
> 
>  > domain '' qrexec not connected
> 
> I also get a warning in the VM Manager. (See attached.)
> 
> I imagined that the applications would queue while the VM started up, 
> then launch when it was ready. Is there a reason it doesn't work this way?

I think there's no technical reason but nobody has added this yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5aeb83cf-4eef-4955-af44-d1dc115ba02b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] RE: 2442, 2412, 1861

[Drew White]

RE: https://github.com/QubesOS/qubes-issues/issues/2442

Will you still allow options to be set so that we can edit the boot config for 
grub to enable and disable features that are annoying and things we do not want?


RE: https://github.com/QubesOS/qubes-issues/issues/2412

Can you make it able to use multi-drive for install rather than combining them 
all into one?


RE: https://github.com/QubesOS/qubes-issues/issues/1861

If the bugs for Seamless Tools that already exist for Windows 7 get fixed, the 
ones that have appeared since 3 versions ago, then I hope that the tools get 
better and the bugs that were reported fixed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12ea792a-7622-4f70-8f37-c74d9342a41a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes not shutting down

[Drew White]

On Tuesday, 22 November 2016 13:41:30 UTC+11, Loren Rogers  wrote:
> On 11/21/2016 06:24 PM, Drew White wrote:
> > On Tuesday, 22 November 2016 06:04:43 UTC+11, Loren Rogers  wrote:
> >> On 11/21/2016 11:04 AM, Loren Rogers wrote:
> >>> On 11/21/2016 12:42 AM, Drew White wrote:
>  On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers  wrote:
> > Another correlation I've noticed is that my machine randomly shuts
> > itself down without warning when I'm browsing in the Anon-Whonix VM. It
> > seems that simply having the Whonix browser open causes the problem.
> > I've not been able to pin down an exact cause, but it seems to happen
> > after about 5-20min. When this happens, the machine sometimes ends
> > up in
> > a hung state (black screen) at the end of the shutdown process.
> >
> > I've also noticed that the fan speeds up right at it starts to
> > shutdown.
> > (The screen turns to the Qubes logo with the progress bar, then the fan
> > cranks up.) Sometimes the bar makes it all the way to the end, other
> > times it seems to simply crash to a hault. As I mentioned elsewhere,
> > the
> > Thinkpad X201t is known to have overheating issues, but I'm not sure if
> > this is related. I'm not working the machine particularly hard (just
> > browsing articles on the web), and the hardware is not particularly hot
> > to the touch.
>  When it gets to the qubes logo screen, press ESC to see what it's
>  actually doing.
> 
>  If you wish to always know what it's doing, turn off rhgb and quiet
>  in the boot config.
> 
>  Then you will see where the issue is.
> >>> Thanks, I'll give that a shot next time it happens. I feel like it'll
> >>> go by too quickly for me to see what's happening; does it also write
> >>> its activity to a log somewhere?
> >> I can now confirm that it's an over heating issue. When it went into the
> >> automatic shutdown sequence, I pressed escape and managed to take note
> >> of a few of the messages. One of the very first ones was something about
> >> "thermal_zone_0 critical temperature reached: 128C", which I assume is
> >> the cause. (This isn't an exact quote, since I noted it from memory.)
> >>
> >> This raises some questions:
> >> - What could be causing this overheating issue in Whonix?
> >> - Is 128C a normal temperature for the safety shutdown to kick in?
> >> - Does Qubes have a warning / alert system for potential overheat? (Like
> >> low battery)
> > It is a high temperature, but does it ONLY happen in Whonix?
> > Or if you push the PC does it happen also?
> > Have you tried limiting the threads Whonix can use?
> >
> > Sometimes CPUs have shutdown at 99 degrees.
> > So 128 degrees is a bit high in my own opinion.
> >
> > I recommend you check the CPU Fan and heatsinks (if it has them).
> 
> Thanks for the input - I just dusted out the fan, and we'll see if it 
> helps. It wasn't too bad, but we'll see if there's an improvement.
> 
> No, it also randomly goes into auto-shutdown when backing up VMs. 
> However, that happens about 20% of the time. Whonix seems to do it about 
> 80% of the time, the other 20% I figure I shut it down before it does so 
> on its own. I figure there may be something in the Whonix VM that's 
> causing my processor to over work itself. The auto-shutdowns may be 
> ultimately linked to dust in the fan or something like that, but if 
> there's something processor intensive in Whonix, it may be worth looking 
> into.
> 
> Also, a heat warning message would be nice. I assume the thresholds are 
> set via the bios - is there a standard way of monitoring this? (I'm not 
> particularly well versed in this sort of thing.)



I recommend you get your HDD checked, and your RAM.

Test both thoroughly.
Could be some bad sectors.
Also run a smartd check.

Some PCs have system diagnostics built in for RAM in the startup sequence.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46ae5b6e-79bd-4e09-a7f8-0bbf6478659e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Warning when launching applications

[Drew White]

On Wednesday, 23 November 2016 06:14:04 UTC+11, Loren Rogers  wrote:
> I'm not sure if this is the expected behavior. When a VM is starting up, 
> if I launch an application from the Applications menu, it gives me this 
> error:
> 
>  > domain '' qrexec not connected
> 
> I also get a warning in the VM Manager. (See attached.)
> 
> I imagined that the applications would queue while the VM started up, 
> then launch when it was ready. Is there a reason it doesn't work this way?

Try increasing the timeout for qrexec.
The typical wait time isn't very long, and if your PC is slow or doesn't have 
much power available for booting the guest, then it's possible that inside the 
guest things have not fully started when dom0 tries to communicate to the guest.

(at least, that's what I found)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2c29550-3f75-4e3d-ba08-84b3d13156ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Any chance the freezing could be resolved?

[Drew White]

On Tuesday, 22 November 2016 11:34:22 UTC+11, Marek Marczykowski-Górecki  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Mon, Nov 21, 2016 at 03:36:05PM -0800, Drew White wrote:
> > did not work...
> > $ qubes-dom0-update xen*
> 
> Another quirk of yum->dnf transformation...
> 
> > did work...
> > $ qubes-dom0-update xen* --action=update
> 
> Did it changed anything?
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJYM5KJAAoJENuP0xzK19csV4UH/2bldPEzU8rgqZp4WdpcKz2b
> 7XnrclfsiCwPHQYfetZHP/oZmjYDm9/wazKeW7UeP6bAvC3TxoB5/2oiGJT7pnL5
> AStMt06ETdYeDAXC3EsJTyHthD7RpTEtPzbgZQ/CGNFoLhp9Gympv9tqUl3zsuZv
> qaPdL5jZ1cLoisnNYPs6W/LnzuQBcoHIxwDukRzQN42SkMCXH5yj4AdF6TR078fM
> 6ln3aHJQsV8cXc9relDWJ/uWx1BvYTCdgBnNKdDwJVDcICetYTElCLOaEE6MrDvU
> 3cQ01XLH6TPnHLBRWSWLA5wub9P4MkgYGBbOAjiFdX9bJqHjPLyCV5LtK0Oz9ko=
> =yGcH
> -END PGP SIGNATURE-

It doesn't matter with yum or dnf.

yum install xen*   installs all xen.
dnf install xen*   installs all xen.

Both do the same thing, update what is needed to be updated and also install 
new things that are xen, including dependancies. (or so I have found every time 
I do a yum or dnf)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ac44aa1-c3be-46d1-90e1-8889e090e686%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #27

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Nov 22, 2016 at 01:30:31PM -0500, Steve Coleman wrote:
> I know the developers at ITL have their hands busy with this right issue
> right now, but I have a (long winded) curiosity question in hope to gain
> some context when you get a chance to think about it.
> 
> I can see that in this particular potential exploit one might use a client
> vm's PCI device to exploit an emulated instruction, then used to generate a
> memory offset that potentially could be used as a pointer to break out of
> the Xen hypervisor jail. Correct?
> 
> My question here would be whether the Xen FLASK subsystem might have given
> some level of protections against this kind of "emulated" instruction
> exploit, given that labeling of virtual devices and memory is supported
> (e.g. flask-label-pci). I realize you may need to give client VMs access to
> pci devices in general, and this particular pci label does not protect
> against use of pointers to memory, but could the client call then be
> restricted to just the necessary IO memory in this case, and thus forcing an
> AVC denial fault when that generated pointer is actually used outside that
> range? Or are these emulated instructions running in a hypervisor context
> that would ignore its own FLASK policy?

The later case. Additionally I don't think XSM is plugged in x86_emulate
anywhere. If domain is given permission to access some resource (and
the policy allow it at this stage), it isn't re-checked later. At least
this is my understanding of quick grep results.


Generally XSM/FLASK policy can be used only to limit what operations can
be triggered by a VM. If implementation of particular operation is
buggy, and the operation itself is allowed by XSM, that's over.  None of
last Xen critical bugs affecting Qubes OS could be stopped by proper
XSM/FLASK policy. Exactly for the same reason. On the other hand, our
architecture (for example having qemu sandboxed in stub domain, not
using pygrub, etc) make most of Xen vulnerabilities harmless for Qubes
OS.

XSM could help if the buggy operation would not be needed at all - in
this case it could be blocked by the policy, so would be out of reach
for the attacker. But if the operation isn't needed, maybe it shouldn't
be in the hypervisor at all? This is why we're advocating for having as
much as (reasonably) possible code disabled compile time using Kconfig.

Not supporting non-SLAT/EPT hardware in Qubes 4.0 is one of those things
- - we do not include shadow page table code at all there. It isn't
possible to compile-time disable all the PV handling code, at least
not yet. But work towards PVHv2 might make it possible (in Xen 4.9
perhaps...). But still - instruction emulation in some cases still would
be needed...

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYNM1zAAoJENuP0xzK19csOIEH/jE05gE1u7BaqZLoQ7RX0iWt
KSHKoyWV4xR0pWSMxob4bhGBj2Ktyh5m9CARg36XiwDLaDNgrD1NmH8ouIak6yqW
1MFL2FM4MaNDukYdUbPdR5I1jSFynAS+dD4wD6WH5IzKSiWWh3avreMEXn173pyr
lKPu5VevjoXkIYAhW2Q8QVKePKHYiXO25HaaeQ4urOqk3e9VgV4mqcW/c/rgZJfs
mkIfn1O3hXo5aZmFYVMnCJcIYggh6bGqZy6GO/Btlg8VTacB5eoriAXKi8zghFBy
lGRdswSXCaSPnR8QFdxj2HYH1mOfoZdntOTT6X3CKM4Gntvil7at/XwDU3dUrYE=
=hTm6
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2016115754.GH1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fwd: Us congress hearing of maan alsaan Money laundry قضية الكونغجرس لغسيل الأموال للمليادير معن الصانع

[sady assad]

*موقع اليوتيوب الذي عرض فيديوهات جلسة استماع الكونجرس الأمريكي *

* لمتابعة نشاطات غسل الأموال ونشاطات*



*السعودي معن عبدالواحد الصانع*

*مالك مستشفى  وشركة سعد  ومدارس سعد بالمنطقة الشرقية** بالسعودية * * ورئيس
مجلس ادارة بنك اوال البحريني*



 *وتعليق محطة سي ان بي سي التلفزيونية*



*مترجم باللغة العربية*



US Congressional Hearing of

 Saudi billionaire" maan  Al Sanea "

 and Money Laundering

with bank of America



With Arabic Subtitles





http://www.youtube.com/watch?v=mIBNnQvhU8s

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEfki2-qUiPf18LK3-%3DcteXRxNRF0jt5waYedVNAc8Paa9hNEQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] ssh/proxy VM ( direct traffic to AppVM)

[al . anufrienko]

*by this method

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e9c254f-69ee-4921-9348-242d7b0e6bee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] ssh/proxy VM ( direct traffic to AppVM)

[al . anufrienko]

*by this method

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b6fef9e-a453-4d81-868b-8b65d537df85%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] ssh/proxy VM ( direct traffic to AppVM)

[al . anufrienko]

*by this method

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3802c436-77bb-4ec1-924f-bf1b471229be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Setup Fails to Install netvm, firewallvm, work, personal, etc - Fedora 23 Error

[lmayeur06]

That was the problem, thank you!

I re-burned the ISO on to my USB drive and problem solved. It must have been an 
issue with dd the first time.

Issue closed/solved.

Thanks again!



On Monday, November 21, 2016 at 10:17:00 PM UTC-5, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Mon, Nov 21, 2016 at 06:17:53PM -0800, wrote:
> > Trying to install Qubes 3.2
> > 
> > -Lenovo P70 with nvidia graphic card
> > -Followed recommended settings for Lenovo bios: 
> > https://www.qubes-os.org/doc/thinkpad-troubleshooting/
> > -Intel SSD (not NVME)
> > -Followed instructions here to get qubes to boot 
> > https://www.qubes-os.org/doc/uefi-troubleshooting/
> > 
> > -After install but before reboot I add the Xen flags as recommended on that 
> > page:
> > Edit /mnt/sysimage/boot/efi/EFI/qubes/xen.cfg and add to every kernel 
> > section:
> > mapbs=1
> > noexitboot=1
> > 
> > Then I reboot and qubes setup continues normally until it gets to setting 
> > up the TemplateVMs
> > 
> > I get the following error:
> > 
> > ['/usr/bin/qubes/pref','--set','default-template','fedora-23'] failed:
> > stdout:""
> > stderr: "A VM with the name 'fedora-23' does not exist in the system"
> > 
> > Here is the error: http://imgur.com/a/zgE6Q
> > 
> > 
> > When I click OK, the setup says that it has completed and boots to the 
> > desktop but I have none of the VMs that were supposed to be setup (none 
> > that are based on Fedora). 
> > 
> > Resulting Qubes VM Manager: http://imgur.com/a/sxkVM
> > 
> > I cannot get online to do any updates because there is no way to set up a 
> > NetVM
> > 
> > I have
> > -dom0
> > -debian-8 Template
> > -whonix-gw Template
> > -whonix-ws Template
> > 
> > Do NOT have
> > -NetVM
> > -FirewallVM
> > -Fedora 23 Template
> > -Work
> > -Personal
> > -Untrusted
> > -Vault
> > 
> > Is there any way to fix this and get all the defaults? (I'm happy to 
> > reinstall rather than trying to set it all up manually)
> 
> Are you sure about installation media integrity? Having some of
> templates, but not others suggests broken installation media (namely:
> broken/missing Packages/q/qubes-template-fedora-23-rpm file).
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJYM7inAAoJENuP0xzK19csVjEH/in/Igq4vChFn9no2hSWqH0j
> k0WkPAQwFPAo258ZfdJWxZIPCLLK44X+VM3RFMrAXvsypboXBUQA6/rK9GAA+HWc
> OcrTyrcGfk5qkAOWPLk8SdzZX9bIUhmJYrXGUwuYAmMcv3SqWkPLjz8JDaNawUoi
> TvY7jIL0hCm6b4BszBNB9BjXSH0h5bcPlg1wM879SRZKqYH1/8eEt68kY0FhIuwc
> TSXV8uWB0ha2+oLnY28xahGmvdm458BbGJ+lZIlYpFSQYrbDgIyltC0BPaiZTFO6
> 54k5tfkzsWJpziw+FGEK69QjVQSTNQasv6srh7wKmw/0qRXRDloK7TX/OwGI2V4=
> =I5Go
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8424e17-c6d4-442e-bd04-791d94623158%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

[Ronald Duncan]

Will this be using the latest linux kernel since grsecurity only provide the 
latest version free.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0808903a-585b-4e2d-84ea-9f138033e62f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Warning when launching applications

[Loren Rogers]

I'm not sure if this is the expected behavior. When a VM is starting up, 
if I launch an application from the Applications menu, it gives me this 
error:


> domain '' qrexec not connected

I also get a warning in the VM Manager. (See attached.)

I imagined that the applications would queue while the VM started up, 
then launch when it was ready. Is there a reason it doesn't work this way?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41e15372-e25d-65a7-a7a6-9a433654ecf5%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: installing nvidia

[Grzesiek Chodzicki]

W dniu wtorek, 22 listopada 2016 19:23:15 UTC+1 użytkownik nezn...@xy9ce.tk 
napisał:
> > Did you enable fullscreen for the machine you use to watch youtube videos?
> 
> No, but even when i click "fullscreen" in the youtube in the window of 
> firefox - i getting "stuck" video.
> Also some video-services like Vimeo, Coub, Hitbox stream - i can't watch even 
> without fullscreen

try adding the allow_fullscreen parameter in either qvm-prefs or in 
/etc/qubes/guid.conf file

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c55e50f9-8ca3-4e6f-8b81-3ae1c39dfbd2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

[kev27]

On Tuesday, November 22, 2016 at 8:57:56 PM UTC+2, kev27 wrote:
> I saw this being retweeted by the Qubes account on Twitter. Can Grsec support 
> still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc?
> 
> I think if Grsec would be enabled by default in Qubes, it would be no 
> question that Qubes is the most secure operating system out there.

Forgot to add the link:

https://twitter.com/coldhakca/status/801107979126784000

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a42439da-ce7a-4909-9439-94929aef9f50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4 with Grsec could make a big splash

[kev27]

I saw this being retweeted by the Qubes account on Twitter. Can Grsec support 
still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc?

I think if Grsec would be enabled by default in Qubes, it would be no question 
that Qubes is the most secure operating system out there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fda0358a-0bbc-4d69-a607-1cf03c4f3289%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Stuck during boot with processor stuck

[Ronald Duncan]

logs till crash
rjd@rjd-GL752VW:~$ journalctl -D 
/media/rjd/5ce4e7fe-aa0d-42d1-97f0-5c9197677697/var/log/journal/219d2a92843f491aaf97807aa063449c
-- Logs begin at Fri 2016-11-18 19:08:26 GMT, end at Sun 2016-11-20 10:30:15 GMT
Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max al
Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max al
Nov 18 19:08:26 dom0 kernel: x86/PAT: Configuration [0-7]: WB  WT  UC- UC  WC  W
Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuset
Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpu
Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuacct
Nov 18 19:08:26 dom0 kernel: Linux version 4.4.14-11.pvops.qubes.x86_64 (user@re
Nov 18 19:08:26 dom0 kernel: Command line: root=/dev/mapper/qubes_dom0-root rd.l
Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  
Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[3]:  960, xstate_sizes[3]:  
Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[4]: 1024, xstate_sizes[4]:  
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 floati
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE regist
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x04: 'AVX regist
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x08: 'MPX bounds
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x10: 'MPX CSR'
Nov 18 19:08:26 dom0 kernel: x86/fpu: Enabled xstate features 0x1f, context size
Nov 18 19:08:26 dom0 kernel: x86/fpu: Using 'eager' FPU context switches.
Nov 18 19:08:26 dom0 kernel: Released 0 page(s)
Nov 18 19:08:26 dom0 kernel: e820: BIOS-provided physical RAM map:
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x-0x00057fff] us
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x00058000-0x00058fff] re
lines 1-23...skipping...
-- Logs begin at Fri 2016-11-18 19:08:26 GMT, end at Sun 2016-11-20 10:30:15 
GMT. --
Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max 
allowed 196.7M, trying to leave 295.0M free of 1.9G available → current limit 
196.7M).
Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max 
allowed 196.7M, trying to leave 295.0M free of 1.9G available → current limit 
196.7M).
Nov 18 19:08:26 dom0 kernel: x86/PAT: Configuration [0-7]: WB  WT  UC- UC  WC  
WP  UC  UC  
Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuset
Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpu
Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuacct
Nov 18 19:08:26 dom0 kernel: Linux version 4.4.14-11.pvops.qubes.x86_64 
(user@release) (gcc version 5.3.1 20160406 (Red Hat 5.3.1-6) (GCC) ) #1 SMP Tue 
Jul 19 01:14:58 UTC 2016
Nov 18 19:08:26 dom0 kernel: Command line: root=/dev/mapper/qubes_dom0-root 
rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap 
i915.preliminary_hw_support=1 rhgb quiet
Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  
256
Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[3]:  960, xstate_sizes[3]:  
 64
Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[4]: 1024, xstate_sizes[4]:  
 64
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 
floating point registers'
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE 
registers'
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x04: 'AVX 
registers'
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x08: 'MPX 
bounds registers'
Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x10: 'MPX CSR'
Nov 18 19:08:26 dom0 kernel: x86/fpu: Enabled xstate features 0x1f, context 
size is 1088 bytes, using 'standard' format.
Nov 18 19:08:26 dom0 kernel: x86/fpu: Using 'eager' FPU context switches.
Nov 18 19:08:26 dom0 kernel: Released 0 page(s)
Nov 18 19:08:26 dom0 kernel: e820: BIOS-provided physical RAM map:
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x-0x00057fff] 
usable
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x00058000-0x00058fff] 
reserved
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x00059000-0x0009dfff] 
usable
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x0009e000-0x000f] 
reserved
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x0010-0x72693fff] 
usable
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72694000-0x72694fff] 
ACPI NVS
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72695000-0x726defff] 
reserved
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x726df000-0x72730fff] 
usable
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72731000-0x72b71fff] 
reserved
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72b72000-0x758d9fff] 
usable
Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x758da000-0x76368fff] 
reserved
Nov 18 19:08:26 dom0 kernel: Xen: [mem 

Re: [qubes-users] Qubes Security Bulletin #27

[Steve Coleman]

I know the developers at ITL have their hands busy with this right issue 
right now, but I have a (long winded) curiosity question in hope to gain 
some context when you get a chance to think about it.


I can see that in this particular potential exploit one might use a 
client vm's PCI device to exploit an emulated instruction, then used to 
generate a memory offset that potentially could be used as a pointer to 
break out of the Xen hypervisor jail. Correct?


My question here would be whether the Xen FLASK subsystem might have 
given some level of protections against this kind of "emulated" 
instruction exploit, given that labeling of virtual devices and memory 
is supported (e.g. flask-label-pci). I realize you may need to give 
client VMs access to pci devices in general, and this particular pci 
label does not protect against use of pointers to memory, but could the 
client call then be restricted to just the necessary IO memory in this 
case, and thus forcing an AVC denial fault when that generated pointer 
is actually used outside that range? Or are these emulated instructions 
running in a hypervisor context that would ignore its own FLASK policy?


I am merely asking the above because when it comes to security I am 
definitely a belt and suspenders kind of person. My way of thinking 
would be to instrument the system such that the FLASK subsystem, in both 
the client VM's and in Xen itself, would feed back into an active 
intrusion detection mechanism, so that any fault could instantly freeze 
a client VM for forensic analysis purposes.


An intruder is going to try certain things, like jiggling door knobs so 
to speak, and in this particular case just trying to access any pci 
device that has not explicit permissions set, the system would trap the 
intruders process, caught right in the very act of trying to take 
ownership of the hypervisor. Exploit code still loaded in memory, source 
code possibly still available, network context still in tack. Game over. 
You loose. Please try again!



From the Xen FLASK docs:

"Device Labeling in Policy
-

FLASK is capable of labeling devices and enforcing policies associated 
with them. There are two methods to label devices: dynamic labeling 
using flask-label-pci or similar tools run in dom0, or static labeling 
defined in policy. Static labeling will make security policy 
machine-specific and may prevent the system from booting after any 
hardware changes (adding PCI cards, memory, or even changing certain 
BIOS settings). Dynamic labeling requires that the domain performing the 
labeling be trusted to label all the devices in the system properly."


and...

"The AVC denials for IRQs, memory, ports, and PCI devices will normally 
contain the ranges being denied to more easily determine what resources 
are required. When running in permissive mode, only the first denial of 
a given source/destination is printed to the log, so labeling devices 
using this method may require multiple passes to find all required ranges."



My thoughts. In the default permissive mode (in XSM:FLASK & SELinux) all 
avc's generated could be collected and used to auto-generate a security 
policy file (e.g audit2allow) specifically for that particular system 
and installed software. When installing a new subsystem a user would 
place the system/clientVM in this special collection mode, run and 
exercise the system for a period of time to allow all the proper avc's 
to be identified, then run the avc's it collected back through a policy 
generator. Last of all they install that new security policy and 
activate it. This way the system knows all features that user/system 
needs explicit permissions for, and anything outside of that set would 
by default create avc events that either centrally warn the owner of a 
potential intrusion or for just certain faults, immediately freeze the 
intruders client VM process in place. Carbonite the exploit toolkit 
right in place.


The absolute worst possible situation to be in is being hacked _and_ not 
knowing it. A good mechanism for detection is paramount if you want to 
prevent that. You may not be able to prevent software bugs from being 
exploited, but you don't need to give the intruder the chance to clean 
you out and take it all. Active policy could simply slam the lid on the 
cookie jar and limit the damage done.


In Qubes we deliberately give sudo/root capability by default to the 
general user, which is great for the user, but not so great if an 
intruder knows how to become persistent and invisible within a VM. That 
is rather easy once you have used Qubes and understand its file system 
design. If they are editing /rw/usr/local, and it were labeled as off 
limits for write by root, and the system actively trapped an intruders 
attempt to hook into it, then we would all be much better off not 
needing to do useless tripwire on everything, and wasting valuable CPU 
time while still missing the files the 

[qubes-users] Re: Problem creating Win7 HVM

[jarlethorsen]

As a new QubesOS user I recently found my self stuck at the same windows logo 
when installing win7 for the second time, after removing the first win7 hvm.

I ended up reinstalling QubesOS from scratch and then the same win7 media 
booted flawlessly...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9feaf2b6-71e0-4ac4-b130-c804985203c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: installing nvidia

[neznaika]

> Did you enable fullscreen for the machine you use to watch youtube videos?

No, but even when i click "fullscreen" in the youtube in the window of firefox 
- i getting "stuck" video.
Also some video-services like Vimeo, Coub, Hitbox stream - i can't watch even 
without fullscreen

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2fa5e04-8542-4880-9ff8-7c521b5509ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: installing nvidia

[neznaika]

> Did you enable fullscreen for the machine you use to watch youtube videos?

No, but even when i click "fullscreen" in the youtube in the window of firefox 
- i getting "stuck" video.
Also some video-services like Vimeo - i can't watch even without fullscreen.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1125de31-e65d-4060-9784-c97ec9a62623%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Dell Inspiron 5423

[Amilton Justino]

Video ok
Networking ok
Energy Management ok
Second Monitor Dell ok
HDMI ok
Mouse USB ok
UEFI and Legacy boot ok
Crypt ok
bluetooth Mic webcam not working (great ;-) I don't need this )


Thanks a lot Qubes Team.
-- 
Amilton Justino
https://br.linkedin.com/in/amiltonjustino

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAH_11fDCk%3D%2BBNDWmK8h%3Dgs0K%2Bef%3DSHc5Bucbf_wYqrHw_oNa%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Inspiron_5423-20161122-115500.yml
Description: application/yaml

Re: "What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?

[Steve Coleman]

I tried to upgrade a Qubes 3.1 system to use FC24 a while back, and dnf 
itself broke badly, stating something about not having a python "Goal", 
having something to do with the python module missing some feature or 
module. The template was therefor unusable, since it could not be 
maintained. I don't have access to that machine right now so I can't 
give you the exact error message.


Because of this the upgrade broke and the system was unable to install 
or upgrade anything after that, except by using other software 
installers from KDE/Gnome, but could never get dnf reinstalled/upgraded 
and happy. Without having access from there to a 3.2 system I was unable 
to determine what packages needed fixing within dnf to get past that.


I tried this several times, and even did some local RPM installs to try 
and fix dnf, and all attempts failed the same way. I also tried backing 
up a 3.2 FC24 template and restoring it to that 3.1  machine but 3.1 
failed to even start the vm. Obviously I needed to replace the Qubes 3.2 
components for it to start as a 3.1 template. That also went nowhere.


At this point, upgrading all existing systems to at least FC24 is 
important since today FC25 just was announced, and therefor FC23 support 
is ending. If I get time I will be looking at upgrading a Qubes 3.2 
template to FC25, unless anyone knows a reason that will not fly? I 
figure it could not hurt to try.


Steve

On 11/21/2016 10:25 PM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Nov 21, 2016 at 04:45:33PM +0100, Achim Patzner wrote:



Am 20.11.2016 um 21:16 schrieb Joonas Lehtonen 
:

Hi,

since Qubes 3.1 is supported until 2017-03-29


This is a question I always wanted to ask: What does “support” mean in relation 
to Qubes? Security fixes? Plus bug fixes? Plus feature upgrades?


That's a good question. Surely not major changes in behaviour (new
features etc). But for the other two categories I'd say yes.

AFAIR there was some major incompatibility in qubes-core-vm package in
R3.1 preventing it being fully compatible with Fedora 24 (and requiring
a change falling far outside of "bug fixes" category). But after brief
test, it looks like my memory fails me (maybe that was about R3.0?) and
the only needed thing was replacing tabs with spaces in one file:
https://github.com/QubesOS/qubes-gui-agent-linux/commit/16c98bc7ebebc0c4025ab02ec2e5bbf4dc9a77d2

So, expect Fedora 24 template being supported in R3.1 soon too :)

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYM7qrAAoJENuP0xzK19csMZgH/RryNKJq9wsrnJ9T4djHvSRh
HbHvWe+CEfLGnbbO7DIKMrSJr2iJAVcTTuevu4JrI6wSeN48IK5/OzFYqgM6RJiG
UFfDCYwM6VnfA5dSIko6XdpZOqFGURJ/ZGDHb+UOMP/CImz6r/COQ4e18kzrLEMZ
SeV3SlKpQ6yJgmzTp37Q0LtwmjdTlJ04NTYAPLdaig/gbu2O2prsj8coxP5+d8Ll
osWaPTAP8sD4C6JObQawBWJyH1OQnG3eb2bweXHtBWltUP2dCU5m88xDISDr8ZOt
jc+ZshW1sKoQEJWrW+WyJgkf1zqfJRxNEj6GUiRUGkZkAVNk5XZAm51CzE5pVQA=
=OJdh
-END PGP SIGNATURE-



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8832f60f-5e0a-df0d-439c-5490578aee21%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Qubes R3.1] Installation problem: "NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s!"

[kev27]

On Saturday, May 14, 2016 at 1:48:37 PM UTC+3, Danny Eagle wrote:
> Full error message:
> [5578494253.737246] NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s! 
> [NetworkManager: 1057]
> 
> After choosing "Install Qubes" option this message pops up.
> I'm installing it on desktop not laptop.
> 
> If i take "Check hardware and install Qubes" I get to second window and it 
> freezes.

Same bug here. Sometimes it says CPU#2, sometimes CPU #5. I algo get [Xorg 
1224] at the end.

It's a more recent Asus laptop with Core i7 6700HQ (Skylake) CPU. I should also 
mention that when I get the installation menu it says "processing" for 
installation source, and when I select it, it only gives me options for DVD, 
local iso, an network install - but I'm trying to install from a USB. What's up 
with that? The installation did boot from the USB and I chose DD mode in Rufus.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc13c28b-98b8-4095-8e53-248bdeba35db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #27

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/22/16 06:13, Chris Laprise wrote:
> On 11/22/2016 08:41 AM, Andrew David Wong wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 11/22/16 05:37, Chris Laprise wrote:
>>> On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote:
 Dear Qubes users,

 We have just released a new Qubes Security Bulletin (QSB #27):

 https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt

>>> Updates not visible yet...
>>>
>>> I'm assuming if I have Xen 4.6.3-21 from testing, the update from standard 
>>> repo should go OK.
>>>
>>>
>> Did you make sure to enable the qubes-dom0-security-testing repo? I was able
>> to download the updates just a few minutes ago.
>>
> 
> No, I didn't. Although the QSB mentions the upload to security-testing it 
> also says:
> "The packages are to be installed in Dom0 via qubes-dom0-update command or 
> via the Qubes graphical manager."
> 
> ...which somehow didn't suggest I use --enablerepo on the command line.
> 
> Anyway, its downloading now.
> 

I'm not quite sure what you're getting at, but I think it's worded that way 
intentionally. You're not required to download the updates as soon as they 
become available. There's a reason the standard procedure is for them to sit in 
security-testing for a while before they move to the stable repo. Only users 
who are willing to test the packages should download and install them at this 
point. Once they move to the stable repo, no one will have to use --enablerepo 
to get them.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYNFigAAoJENtN07w5UDAwC2MQAKTyLMecuWuQ/wUqi6wGzX62
n6jvV8sUzBrObDhpm9pSslHW83A/tTtMA+MT7K10J8R6rrL+nRC0I74z0n8Kkw7w
70wdw6Fe9YYwOx0CqhRY+TIt1RGiYldg0YCSn+pKp7uCX5jese16xP5i3ORf3U41
XqNjG15BbZK0LqAYiznAk5JSyEL7Et3TUbeEFXTar/FjpsYXxFcUk3OL23/4cCvY
naveHT6HpdAODDu6T+qTwI4M6RIFh1CLZhlaW+tAXSZgQ4gWk2NvIX7k213hN/GL
1vrrleFAtFpRjR/yXTUeYRcAKQ/v8yDMDSaZnJWyjMMgrpt1HyhwzgtoEsveFPiK
w7DJO86HihuhvvXg4YVFxmgCMZCJkBhma98hW/rVfYIx6qvlGRKq4lZLjpiXplgq
hhgag32GqNrEA+cSHB3fURrIgTEw+5e90BULZcSDzc+BWg02QQBNcnIYjF00gcGd
z88r5MjqdqqTfeYZgANfdhehZCZrEVhoxYiO45QkUiYJoh4hVO3cKNmjJsMty23s
Uqbh0sIrPmV9v3awT6cSjFL3mMEknazEqZgBdPbeD8PTuZHLDp3hKd4XpewhHGsx
kvXiB+4q1svh4/HwTYMPy//84ldoodFmA+NVR/GyMAVp4UjQGhC+jrSMO+erNac3
cIfyDm9VCmG4XcJc61Pc
=WJm4
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/93528179-44b7-92e3-66d9-9d9b720cef16%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #27

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/22/16 05:37, Chris Laprise wrote:
> On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote:
>> Dear Qubes users,
>>
>> We have just released a new Qubes Security Bulletin (QSB #27):
>>
>> https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt
>>
>> - -- 
> 
> Updates not visible yet...
> 
> I'm assuming if I have Xen 4.6.3-21 from testing, the update from standard 
> repo should go OK.
> 
> Chris
> 

Did you make sure to enable the qubes-dom0-security-testing repo? I was able
to download the updates just a few minutes ago.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYNEsdAAoJENtN07w5UDAwvcAP/RYlA4ZKz4d/7atCTnGZV7tI
cCYYaUYoL91Q0VfLYIWGkcJbXvs0cpodGDdKapYEFztESMRLZ7fR0+L3zAcftA9k
gEAc12qt2KtcJW2TrYOzcg0lI1OZp7a54VWLjuiRgTfYJutpcZIl77rnbm+qGDzg
MDH+4jgIelWIDL/oLCgmQ4mxR3lxGCpROC4XTcG/GTdV1YgWUnuMWp92FHcfkuwM
1eilKs3MXsy/0Yyo09eEq6AaX2oa9xje/9Qf2DLACzhPiJJ3VTMSbbz6yYVyFlLz
yj/PU5b1PPJYWBW5YKGWZFFQ3azYffHNlxXLXJ+zAb7+wusI67aDZAbxqr8fCTMN
pBI3yYg3QH2m66nsEOBwSmAChLo5hbkEWpun7OpQ4MBRDZ212Xi0WlEpCzBAQb90
SyjSnCNe3OpMWSOu9NWw3W0w7wbofEZXajAwV7v2bjTr2BjNCn09g3/yNZu4qq1i
Dd0wvDdJGrNcSZCMMP1Imhg3aWQt/QcXpxmT1oGYoBET78hO9K31VzQG2hi8/i/d
zN0x07Bdi+ueFViQFDf7YtpH4rFRvXzxwCz1elG6TyV785e1XHK5i8DKFKG9+Uq6
zDVh6U2W7OxCUYCIcqHC/LD8fPDva1+om2Q21E8RwVVBYeuQxdsUMlouPgpaA0op
q/jhRTlQr6cTCNW5uKfA
=NLON
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ac9f367-0e2e-e5d1-b857-716dd990fa79%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #27

[Chris Laprise]

On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Qubes users,

We have just released a new Qubes Security Bulletin (QSB #27):

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt

- -- 


Updates not visible yet...

I'm assuming if I have Xen 4.6.3-21 from testing, the update from 
standard repo should go OK.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74ebd3e1-7171-df87-0e11-5933d9c5913b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes Security Bulletin #27

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Qubes users,

We have just released a new Qubes Security Bulletin (QSB #27):

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYND2gAAoJENuP0xzK19csZDEH/3khwJcaCdDCLuueMOxQD41D
pA0/uTck63+SvwcUTaCDldWD4RznX4H4F/JQvZz4xjv/xHDkPkeWC9PlGU+g9k+m
yr9U7ae33tLmSrYS/rinVtu0dJp4ttY3iisr2S+3/ZjU7ZFM46fPhMkXQnUcMrI/
ezSfyLVDWHC/LdmYoKZ6mNHZUN3ioILPmb6NsS1cIOA6aEB6XuFdgdq0DvnoIusb
Shb7h6eGiX4K2WhmToem5g2zg5DsVarUq+TLtZG0aPae8iywf7fHGtGT6KGhPHBL
swyGvR/V2+kFOPaG+1c2C7+2t2wE1DrNvz7rWnX6uMG84R0x89MqqJzcH5ZwM10=
=mkFF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161122124415.GA8194%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)

[Fabrizio Romano Genovese]

Thank you very much, your solution worked (actually I had to give  
virsh -c xen:/// undefine trim-fedora-23 
and not
virsh -c xen:/// undefine fedora-23-fstrim
and then I had to manually remove the trim-fedora-23 files in 
/var/lib/qubes/appvm).

The problem started when I decided to make a little script to automatize the 
trim process for all my templates at once, but it is evident that I must have 
made some mistake while doing it :D

Anyway, a "global trim function", as well as a "global update function" would 
be very helpful, updating/trimming of templates can be quite time consuming!

Cheers,
Fab.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53fffefd-49a7-4422-82d1-1e2eacc144a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Nov 22, 2016 at 01:47:52AM -0800, Fabrizio Romano Genovese wrote:
> Hello all, I'm basically having the same error described here:
> https://github.com/QubesOS/qubes-issues/issues/1910
> 
> When I try to perform qvm-trim-template on any template, the error 
> 
> 'libvirterror operation failed: domain 'fedora-23-fstrim' already exists with 
> uuid ' 
> pops up. As in the linked thread, rebooting doesn't help. I don't understand 
> the proposed solution. I tried to remove the temporary vm (that in my case it 
> has name trim-template-name) giving 
> 
> 'qvm-remove trim-template-name'
> 
> but I get the error
> 
> 'A VM with the name 'trim-template-name' does not exist in the system.'
> 
> Can you help me? My Template VM are becoming a bit too big now...

When you started to have this problem? Was previous trim operation
interrupted?

Anyway, try this:

virsh -c xen:/// undefine fedora-23-fstrim



- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYNBerAAoJENuP0xzK19cs7+QH/AlIugr9MjRTSRrG0TuD4HUv
D/7GgKZXd82VjrFPCn/HSCXFGORD/AUJMQuqdq/D0Wt1BmbOPaEbYOmllOHlPggP
FOmoEsGvAB0eV2boF8z9eVxyDT/FfWJx2OG4ioNR9wqRXv6mMER/Hn+GiRh2v9+b
9a88ZSHaINRJfGz6FSjY4tLgZSUCJrsoPAh5JkTJEu+ndAt7EcJVcyjDSSgR3NNX
ErWMwjurAuEspAnATuUNJGU5tPI5aX8+mAKO0tl9PF6B/H4o5eMu11eELX8+Hbn4
hYv+af+0hSi2hDWvbMqjOQcrJEvwlANggywq97uJD4NgDvOirqiBjAxgQ+++cNE=
=053l
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161122100218.GW1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qvm-trim-template fails (Qubes 3.2)

[Fabrizio Romano Genovese]

Hello all, I'm basically having the same error described here:
https://github.com/QubesOS/qubes-issues/issues/1910

When I try to perform qvm-trim-template on any template, the error 

'libvirterror operation failed: domain 'fedora-23-fstrim' already exists with 
uuid ' 
pops up. As in the linked thread, rebooting doesn't help. I don't understand 
the proposed solution. I tried to remove the temporary vm (that in my case it 
has name trim-template-name) giving 

'qvm-remove trim-template-name'

but I get the error

'A VM with the name 'trim-template-name' does not exist in the system.'

Can you help me? My Template VM are becoming a bit too big now...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26eeb42b-9e46-410c-aee2-42a616e63307%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: "What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?

[Joonas Lehtonen]

Marek Marczykowski-Górecki:
> So, expect Fedora 24 template being supported in R3.1 soon too :)

Thank you!
Looking forward to the announcement.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc4ed7bf-7a05-ee23-6730-5bbe9094c584%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature