date:20170309

Re: [qubes-users] Re: problem with qubes xfce menu

2017-03-09 Thread haaber

On 03/10/2017 05:51 AM, cooloutac wrote:
> On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
>> Hello,
>> I realise with surprise that some items in the "Q"-symbol that gives the
>> xfce menu have disappeared: the settings menu (!), the link to a dom0
>> termnal  & the link to debian-8 template.
>>
>> Is there a way to recreate these items? Bernhard
> 
> what desktop you using? xfce  try alt f3.

Hello cooloutac, that brings indeed the "application finder". But it
won't find the items I miss.  For debian-8 I fear my endless attempts to
install debian-8-dvm as standard template (involving
virsh -c xen:/// undefine debian-8-dvm )
seems to have taken away the debian-8 out of the list. This is not the
most annoying. Qubes-VM-manager still sees it, so I can start & run a
command by hand. The missing dom0-console is more annoying (I can still
do Alt+F2 + xterm), but the missing xfce settings is really annoying.

Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/96101a38-f22f-8bc6-cc12-84bde5b6d78b%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles

2017-03-09 Thread Drew White

Problem is, they don't care.

There are bugs in the tools that I pointed out in version 2 of the tools, and
they still aren't fixed.

The worse the issues got, the more I pressed it, and the more issues they put
in instead of fixing.

Then they fixed one issue, and then started putting more in.

3.2.1.3 is alright and works, as I posted about months ago after I upgraded to
3.2.2.3 and it broke Windows and caused lag in the Qubes Video Driver along
with a major flicker.

The only way to resolve that was to remove QWT and then perform a complete
reinstall of it, without the video driver.
But to do that I had to start in safe mode, and enable the standard display
adapter and disable the Qubes Video.

I've been complaining for so long about things it's not funny, and they have
not resolved the issues. (yet) That was stared in Qubes 2.

Now at Qubes 4, I don't expect there to be any advancement in the Windows
integration for the GPU side of things.

But I stick to Qubes for security, that's one thing that they did get right,
the whole reason behind it.

So all in all, since QWT changed hands a couple of times, things went wrong.
So in essence, I just hope for the future because having multiple people work
on the QWT system and it going wrong mainly after it changed hands, was
expected.

So, in a few years, the bugs in QWT 2* GFX side might be fixed.
Maybe they might do a complete re-write and get it all resolved in a month or 2.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/06bed192-f093-410f-905c-198066dc5263%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

2017-03-09 Thread Drew White

On Friday, 10 March 2017 15:36:49 UTC+11, cooloutac  wrote:
> My problem with Qubes is that i'm still noob.  I don't even know what alot of 
> system processes are or what they do. Qubes is more complicated then a normal 
> os even just to monitor network traffic. I'm mostly in the dark compared to 
> on bare metal os.
> 

I know more about qubes than the developers do by now.
monitoring is easy, just have a proxy that does it after the netvm.
NetVM -> Firewall/Proxy running WireShark or similar -> AppVM/HVM

> I'm basically at mercy of a default setup lol.  But I think thats part of 
> qubes goal.  It has the misnomer of being called for nerds or enthusiasts.  
> But its really for noobs.  The hard part is just taking a step in these 
> waters of a new world, even for most security experts. 
> 

I wrote my own applications for qubes because the developers wouldn't fix 
things and didn't change things to use less RAM.
I wrote my own manager that uses only 200 MB VRAM, instead of the current one 
that uses over 1 GB VRAM. (Approximations)

Qubes is built for end users, not nerds or developers or anything (or so they 
claimed, will post reference later).

> The hard part is just accepting the fact you will be compartmentalizing diff 
> aspects of your daily activity on your pc.  Its a different way of thinking.  
> 

it is a different way for many people. Those of us that are like me, and are 
developers and such, we use virtualisation every day just to do our jobs.

> Its about accepting the fact you are never 100% secure and its just a matter 
> of how persistent your assailant is.  No matter what OS you are using. 
> Everyone gets compromised imo, even most security experts.  The only people 
> that don't are people that use their computers like monks.  All we can do 
> most of the time is mitigate it.

Accept you aren't secure. Accept that you are compromised. Then try your best 
to prevent things from going wrong.

It's always good to prevent what you can.

I have a way of doing things that permits me to protect myself up the wahzoo.

More advanced than the way qubes initially did it.
It involves me doing different things with the iptables rules, but it's 
workable.

I've done things and tested things, even the vulnerabilities that they say 
there are that makes qubes super duper easy to break, and mine hasn't broken or 
had that vulnerability.

Default setups, they can cause issues.
SystemD, issues.

Hopefully one day, things will be back to being better, but until then, we just 
have to try to protect ourselves as best as we can. What else can we do when 
people like Google and Microsoft and all those others are trying to steal your 
data and take over your life and your pc and everything about you, then sell 
your data to the everyone

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3d7f916-2422-4d2e-8cc0-e2536a261e54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

2017-03-09 Thread Drew White

On Friday, 10 March 2017 15:25:26 UTC+11, cooloutac  wrote:
> Well I'm just a layman but from my little experience i prefer systemd cause 
> its easier to handle running system processes. but from bootup time 
> standpoint it seems to make no diff.
> 

systemd is bad, things were simpler and easier without it.


> I dunno what it is. I started linux with fedora but itseems it started to get 
> super buggy after fedora19 to the point I switched to debian and ignored the 
> false extra security I thought it gave me.  I felt like a bigger target using 
> it for some reason.
> 

fedora 19, when they started to bring in systemd on a persons choice?
or was it compulsory by then and no choice?

> I thought problems were due to switch to dnf which just made updates 
> unbearable as if some sick joke on fedora users.  but all sorts of baremetal 
> problems with it.  maybe it was the change to systemd? or Kernels keep 
> getting worse? More people using linux but they don't really use it? lol I 
> dunno I started on Fedora 14 ir 15 not sure when it got systemd actually. 
> Debian is stable and quiet. I made the switch debian.  arch can be real 
> lighweight and less buggy but has same kernel probs as fedora. They similar 
> in ways.  fedora 22 was nail in coffin for me.   Its like let me put a target 
> on my forehead with the word dumb and a bullseye.  One good thing it gets 
> updates super fast.  Alot of qubes user complaints areabout poor support for 
> cutting edge hardware.  Think thats reason qubes uses fedora.  I'd rather 
> fedora then ubuntu lmao...
> 

I'd rather slackware because it has no systemd, other than that I use CentOS 5, 
and some early 6 with the less crap that they changed in it. fedora is a day0 
attack heaven. super vulnerable. not to mention systemd makes it even more 
vulnerable.

> I use to use slackopuppy it was great, talk about lightweight. and fully 
> functional. security conscious too.

never tried it. I'll have to take a look.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f3ffb26-6703-4f2a-9fa5-63da6b8ea483%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Non UEFI

2017-03-09 Thread Drew White

On Friday, 10 March 2017 15:47:25 UTC+11, cooloutac  wrote:
> On Thursday, March 9, 2017 at 10:38:36 PM UTC-5, Drew White wrote:
> > Is there any version of all the templates that are NON UEFI?
> > i.e. without EFI?
> 
> what?

The question is straight forward and simple.
What of it do you not comprehend completely and query?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4bdd43fb-7c54-41ea-96f4-fbe21015d1b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Anon-whoix

2017-03-09 Thread cooloutac

https://www.whonix.org/wiki/Comparison_with_Others

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2361122a-4bb3-49d7-9156-a7f5b4f18400%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

2017-03-09 Thread cooloutac

 Just to add you won't get any benefit from the Nvidia card.  Qubes only uses 
it for desktop effects.  the vms don;t have 3d rendering.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f56e69b-efc5-4256-9659-91dd42ee2e27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

2017-03-09 Thread cooloutac

On Thursday, September 15, 2016 at 3:32:35 PM UTC-4, Tom wrote:
> Hi,
> 
> I've been toying with Qubes for the past week and it really struck me when I 
> realized that it's the future of what an OS should be. Since then I've been 
> obsessed trying to make it run anywhere but the only computer running it 
> perfectly is my Lenovo X220 otherwise my other (Macbook Pro Retina, and a 
> gaming PC with a GTX 980 nvidia GPU) are simply not even starting the install 
> nor a completed install on a USB3 SSD drive I did to test. I tried every idea 
> I could find with grub flags (nodemodeset, etc) the closest I got to doing 
> something on my GTX 980 based PC has been starting the anaconda installer in 
> CLI mode.
> 
> It just won't show anything on that GPU. FYI it is hooked via an HDMI cable 
> to a LG television. If I let it go without messing the grub flags my tv shows 
> an "invalid format" error I guess because the resolution is wrong but if I 
> start it and remove the quiet flags to see what goes on I can see some 
> sys-net VM error or something but it just stops and never do anything. I 
> can't switch to console nor try to see more logs.
> 
> So my big question is: why does Qubes OS not have built-in GPU support? why 
> is it working better on integrated graphics?
> 
> It would be KICKASS to have this run on a monster machine. I swear I would 
> install this everywhere. Put it on my toast when I wake up in the morning and 
> even wash myself with it! Qubes OS blows my mind and I really really want to 
> use it.
> 
> Keep up the amazing work, sorry I wish I could provide more details/debug 
> info but don't hesitate to ask for any kind of testing on my end.
> 
> Thanks and have a nice day!

you might have to wait till a kernel come out to support the gpu.  If you get 
Qubes intalled with integrated you can maybe check testing repo for a newer 
kernel. I guess noveau is lagging more then 2 years behind.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c413b13b-586c-45d4-84b1-c0987ddc4544%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: problem with qubes xfce menu

2017-03-09 Thread cooloutac

On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
> Hello,
> I realise with surprise that some items in the "Q"-symbol that gives the
> xfce menu have disappeared: the settings menu (!), the link to a dom0
> termnal  & the link to debian-8 template.
> 
> Is there a way to recreate these items? Bernhard

what desktop you using? xfce  try alt f3.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a9dbc49-58de-4808-8855-6d7e77bf152f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: problem with qubes xfce menu

2017-03-09 Thread cooloutac

On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
> Hello,
> I realise with surprise that some items in the "Q"-symbol that gives the
> xfce menu have disappeared: the settings menu (!), the link to a dom0
> termnal  & the link to debian-8 template.
> 
> Is there a way to recreate these items? Bernhard

oh my... I;m not really sure hope someone replies.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/005491b5-3b84-43e7-9d9a-cc0a4286bfda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can not start terminal on debian

2017-03-09 Thread cooloutac

On Thursday, March 9, 2017 at 5:01:17 PM UTC-5, evo wrote:
> Hello again!
> 
> I have a strange problem, i dont understand.
> 
> After i tried to install another language on debian (with no success) by
> dpkg-reconfigure,
> 
> now i can not start terminal ... not on template-VM and not on
> debian-VM.. Xterm can be started, but not terminal, which is more
> comfortable.
> 
> Is it about language??

yes I think so happened to me once.  switch back to that default english one 
and see, I forget exactly which off top my head.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/18baf221-4578-4e37-b2bd-33e84389a50e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Non UEFI

2017-03-09 Thread cooloutac

On Thursday, March 9, 2017 at 10:38:36 PM UTC-5, Drew White wrote:
> Is there any version of all the templates that are NON UEFI?
> i.e. without EFI?

what?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac2b65a3-fad3-48da-a5a4-6c747ecc3b41%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

2017-03-09 Thread cooloutac

On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> > Hello!
> > 
> > i have problems with the most streams on the net.
> > Youtube is ok, but i suppose rather slow.
> > 
> > I think, this is the thing with flash, HTML5 and openH264.
> > H264 is deactivated and if i want to activate it, it seems to be not
> > possible.
> > 
> > Is it so, that HTML5 needs H264?
> > Or is it so, that i need flash for every other stream.
> > I tried also some links, that should be HTML5, but they were not
> > possible... maby they were not really in HTML5 or HTML5 does't work good.
> > 
> > Do somebody has an idea?
> 
> whats the templatevm its based on fedora or debian?  If fedora you have to 
> enable rpmfusion and install gstreamer package to get that format.  I forget 
> exactly which one though man.  I think i posted about it here once i;ll t ry 
> tolook.

gstreamer1-libav

https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/198b717d-a424-48ce-87a7-723ee203bd78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

2017-03-09 Thread cooloutac

On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> Hello!
> 
> i have problems with the most streams on the net.
> Youtube is ok, but i suppose rather slow.
> 
> I think, this is the thing with flash, HTML5 and openH264.
> H264 is deactivated and if i want to activate it, it seems to be not
> possible.
> 
> Is it so, that HTML5 needs H264?
> Or is it so, that i need flash for every other stream.
> I tried also some links, that should be HTML5, but they were not
> possible... maby they were not really in HTML5 or HTML5 does't work good.
> 
> Do somebody has an idea?

whats the templatevm its based on fedora or debian?  If fedora you have to 
enable rpmfusion and install gstreamer package to get that format.  I forget 
exactly which one though man.  I think i posted about it here once i;ll t ry 
tolook.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62551b43-780b-4828-8c87-ef753eadd1fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

2017-03-09 Thread cooloutac

My problem with Qubes is that i'm still noob. I don't even know what alot of
system processes are or what they do. Qubes is more complicated then a normal
os even just to monitor network traffic. I'm mostly in the dark compared to on
bare metal os.

I'm basically at mercy of a default setup lol. But I think thats part of qubes
goal. It has the misnomer of being called for nerds or enthusiasts. But its
really for noobs. The hard part is just taking a step in these waters of a new
world, even for most security experts.

The hard part is just accepting the fact you will be compartmentalizing diff
aspects of your daily activity on your pc. Its a different way of thinking.

Its about accepting the fact you are never 100% secure and its just a matter of
how persistent your assailant is. No matter what OS you are using. Everyone
gets compromised imo, even most security experts. The only people that don't
are people that use their computers like monks. All we can do most of the time
is mitigate it.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e0382a19-52bf-418e-a4cb-645e2319a138%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

2017-03-09 Thread cooloutac

Well I'm just a layman but from my little experience i prefer systemd cause its
easier to handle running system processes. but from bootup time standpoint it
seems to make no diff.

I dunno what it is. I started linux with fedora but itseems it started to get
super buggy after fedora19 to the point I switched to debian and ignored the
false extra security I thought it gave me. I felt like a bigger target using
it for some reason.

I thought problems were due to switch to dnf which just made updates unbearable
as if some sick joke on fedora users. but all sorts of baremetal problems with
it. maybe it was the change to systemd? or Kernels keep getting worse? More
people using linux but they don't really use it? lol I dunno I started on
Fedora 14 ir 15 not sure when it got systemd actually. Debian is stable and
quiet. I made the switch debian. arch can be real lighweight and less buggy
but has same kernel probs as fedora. They similar in ways. fedora 22 was nail
in coffin for me. Its like let me put a target on my forehead with the word
dumb and a bullseye. One good thing it gets updates super fast. Alot of qubes
user complaints areabout poor support for cutting edge hardware. Think thats
reason qubes uses fedora. I'd rather fedora then ubuntu lmao...

I use to use slackopuppy it was great, talk about lightweight. and fully
functional. security conscious too.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fe62f407-f6f1-4ef0-afaf-c30c1d3648ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is it possible to make *bsd hvm template as base of sys-net and sys-firewall domains?

2017-03-09 Thread Ted Brenner

On Thu, Mar 9, 2017 at 4:53 PM, Unman  wrote:

> On Thu, Mar 09, 2017 at 12:37:53PM -0800, enq123...@gmail.com wrote:
> > Subj.
> >
>
> sys-net yes, of course.
> As firewall you would have to configure the interfaces and ipfilter
> yourself, as the Qubes tools wont simply work for you there - but the
> firewall service is quite straightforward and should be relatively easy
> to implement if you really wanted to.
>
> Also, if your qubes are relatively static you can simply build the
> firewall rules and load them at boot, not worrying about changing them
> as you connect qubes to the firewall. I expect that for most users this
> approach would work perfectly well.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/20170309225351.GC11868%40thirdeyesecurity.org.
> For more options, visit https://groups.google.com/d/optout.
>

Just out of curiosity, why do you want to use a BSD OS as your
sys-net/firewall? I had been thinking about using OpenBSD in such a manner
but wasn't sure if it was worth the effort.

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutybDyibODOM1D8AUVUvcRUFV5C--%2B4-Dz0tm%2B9fZGtajA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I make a second hard disk available to an app-vm's fstab

2017-03-09 Thread Ted Brenner

On Thu, Mar 9, 2017 at 8:47 PM, Unman  wrote:

> On Thu, Mar 09, 2017 at 02:57:30PM -0800, decuser wrote:
> > Hi,
> >
> > I'm a qubes newbie, but I am learning a lot about security, firewalls,
> and networking in general through my exploration with the os. I have
> created an rsyncd server as a standalone, debian app-vm and appropriately
> configured the firewall in sys-net, sys-firewall and my-rsyncd. I am able
> to connect and use rsync to store files on the server from a machine other
> than the qubes machine. Yay. However, I did notice that I had to connect
> the storage (it's an internal sata drive) as a block device after I booted
> the server in order to have the data disk available for mounting. I looked
> around for help and didn't see anything that seemed to really fit with my
> problem (just want to tell qubes to attach the block device to the app-vm
> at startup). I searched google and found a really popular message with some
> pretty arcane instructions about allowing the app-vm to run scripts on
> qubes dom0 and that just sounds wrong on so many levels that I thought I
> would ask it here in the hopes of finding some simple instructions, advice,
> and or rationale.
> >
> > Is is possible to make a second hard disk available to an app-vm's fstab
> so that it can be mounted when the vm starts up? If it's a security
> no-brainer why this is an ill conceived idea, I would appreciate hearing
> about that as well, but really, I just want my rsyncd app-vm to have access
> to that honking big drive when it starts up without my having to manually
> mount stuff every time I restart.
> >
> > Thanks for being patient with the newbs,
> >
> > Will
> >
>
> Hi Will
>
> Strangely enough I've just addressed exactly this issue in another post
> - look at the thread on "storage occupancy on qubes os" for one approach
> to take. It's not hard to do and you should be able to adapt that to
> your circumstances quite easily: if not, post your problem, and we'll
> try to help.
>
> unman
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/20170310024738.GB13357%40thirdeyesecurity.org.
> For more options, visit https://groups.google.com/d/optout.
>

Did you find this thread?

https://groups.google.com/forum/#!searchin/qubes-users/fstab$20startup%7Csort:relevance/qubes-users/RogG5rXG_Pw/8-AsBuH2QAAJ


-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutx04xcsJLJzMYX2ddioMPsUgM9dQEudOU4FnnrA0%2BT8%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Non UEFI

2017-03-09 Thread Drew White

Is there any version of all the templates that are NON UEFI?
i.e. without EFI?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/39bad800-0765-48a9-a4f3-598ee9d861d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - T5500

2017-03-09 Thread Drew White

On Thursday, 23 February 2017 04:19:25 UTC+11, Steffen Hartmann  wrote:
> QUBES 3.2
> 
> Standard grafic driver causes regular crash after a few hours of use (NVIDIA 
> GF108). Also sometimes artefacts on screen redraw
> 
> Solution: 
> create /etc/X11/xorg.conf.d/50-video.conf
> 
> Section "Device"
> Identifier "Card0"
> Driver "nouveau"
> EndSection
> 
> solved the problem for me.

What about the other devices and GFX cards?
I have multiple cards and devices.
I run multiple monitors.
The card can handle 6 monitors per card.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1f576830-3429-4315-8376-4312e93f574c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] No network connection

2017-03-09 Thread Drew White

On Tuesday, 8 March 2016 06:35:07 UTC+11, Lance Meredith  wrote:
> Could someone outline, in layman's terms (explicit commands, numbered steps), 
> what the fix was? I'm having a hard time following what was done in this 
> thread. I have determined that I have the same Ethernet controller.
> 
> Is this a driver issue? Why does Qubes require CLI magic just to get an 
> internet connection out-of-box? It's a huge turn off, I've been trying to 
> figure this out for 3 days.

AGREED, but noone ever thinks about that, because the system is designed for 
end-users, not coders, and yet they don't make allowances for the end-users 
that aren't coders.

I was told that the solution was here, all I see is a bunch of stuff that 
doesn't make sense to me. and I'm a programmer.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77a884c3-1d40-4e7b-9bf5-421a15a2195e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

2017-03-09 Thread Drew White

On Thursday, 9 March 2017 00:51:06 UTC+11, tai...@gmx.com  wrote:
> I realize that it is an integral part of fedora and debian (gross), but 
> it is a serious security hole and qubes should consider migrating away 
> from it by maybe choosing another orgin distro.
> http://without-systemd.org/wiki/index.php/Arguments_against_systemd
> 
> https://muchweb.me/systemd-nsa-attempt
> "The Linux kernel, I believe, is clean. As long as Linus lives, you're 
> not going to subvert the kernel. Let's just assume that is true for the 
> sake of argument. If you can't get into the kernel, what is your next 
> option? You need something low level (PID 1?), ubiquitous, and vast in 
> scope and complexity.
> 
> This describes systemd perfectly. It was almost like it was designed to 
> touch as much of a Linux system as possible. It has hooks into some many 
> different subsystems and APIs that it's almost impossible to build a 
> modern distro with current software without pulling in systemd as a 
> dependency. This happened almost overnight, and I think there are 
> malicious forces at work here."
> 
> Assuming that it is the NSA is unimaginative, it could be literally be 
> any combination of interests that are doing this - who wouldn't desire 
> absolute control and absolute power over 99% of linux systems?
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
> I am tired of the "virtualization will protect you!" excuse, it only 
> goes so far and some systemD issues such as using google DNS by default 
> are simply inexcusable from a qubes perspective (designed to be a secure 
> OS, but phoning home like that without asking isn't secure at all)
> 
> Linux is about choice, but now the incompetent lennart and red hat are 
> choosing for you - they are more qualified to make that decision and are 
> doing it for your own good.

I'm currently in the middle of getting Qubes to work on Slackware, i.e. no 
systemd.

It's taking a bit of time to get everything right though, but I believe that in 
the end, it will be fully functional.

The only reason it's taking so long is because the Qubes Developers don't know 
the answers to the questions that I asked regarding Qubes. It's either that or 
they just refuse to answer to protect something that's open-source.

As far as I know, slackware will never be using systemd. This is the reason why 
I am doing it.

Someone ages ago said they would be building a template for slackware 
integrated, but that didn't go anywhere beyond that as far as they had posted. 
So, I started doing it myself.

Soon, there will be a MORE SECURE version of Qubes available, and all updates 
still coming from qubes-developers themselves, or else it may have to be an 
off-branch version if their coding doesn't allow for non-systemd in the future.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0de248d0-5b24-4b63-a3dd-109883552751%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] postfix

2017-03-09 Thread Ted Brenner

On Thu, Mar 9, 2017 at 6:57 AM, Unman  wrote:

> On Wed, Mar 08, 2017 at 08:36:11PM -0600, Ted Brenner wrote:
> > On Wed, Mar 8, 2017 at 9:32 AM, Ted Brenner  wrote:
> >
> > > On Wed, Mar 8, 2017 at 9:15 AM, Unman 
> wrote:
> > >
> > >> On Tue, Mar 07, 2017 at 09:56:02PM -0600, Ted Brenner wrote:
> > >> > Hi all,
> > >> >
> > >> > I'm trying to setup postfix following this guide
> > >> > . But I'm not able to get a
> few
> > >> > things to work.
> > >> >
> > >> > First, the commands I added to /rw/config/rc.local don't seem to
> run.
> > >> > Namely, it doesn't appear to be mounting the /usr/local/etc/postfix
> > >> > directory in /etc/postfix. Also postfix doesn't appear to be
> running on
> > >> > startup. How do we tell if that gets run correctly?
> > >> >
> > >> > Thanks!
> > >> > Ted
> > >> >
> > >>
> > >> Other have pointed out that you need to set the executable bit on
> > >> rc.local.
> > >> You might want to cnsider instead the use of bind-dirs :
> > >> www.qubes-os.org/doc/bind-dirs which provides similar functionality.
> > >>
> > >
> > > Thanks all. Yes, this was the issue. Still can't get postfix to work
> but
> > > that now appears to be due to missing the aliases.db.
> > >
> > > Is there a reason rc.local isn't executable by default?
> > >
> > > --
> > > Sent from my Desktop
> > >
> >
> > Quick follow up. What user is running rc.local? Is it root or user? I
> > assume it is user since I'm seeing a permission denied when the call to
> run
> > postfix tries to access the aliases.db file. So should I throw a sudo in
> > front of the command to start postfix in the rc.local file? Or should I
> > change the permissions on aliases.db? Per the instructions I'm also
> doing a
> > mount command but that succeeds. Which is odd since if I try it as user,
> it
> > fails saying only root can do it. Which is why I ask which user is
> running
> > rc.local.
> >
> It's root - you could see this by appending:
> echo `whoami` >> /home/user/rc_perms
> But I suspect you already know this.
>
> What are the permissions on aliases.db?
> What template are you using and do you have selinux enabled?
>
>
>
Thanks Unman. I'm using Fedora-24 and selinux is not enabled. aliases.db is
owned by root:root with rw-r--r--.

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutz90J_xd7m5HhTqT2QJ1eDd-WnnRH%3DA_RJroA2H3fWxtQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I make a second hard disk available to an app-vm's fstab

2017-03-09 Thread Unman

On Thu, Mar 09, 2017 at 02:57:30PM -0800, decuser wrote:
> Hi,
> 
> I'm a qubes newbie, but I am learning a lot about security, firewalls, and 
> networking in general through my exploration with the os. I have created an 
> rsyncd server as a standalone, debian app-vm and appropriately configured the 
> firewall in sys-net, sys-firewall and my-rsyncd. I am able to connect and use 
> rsync to store files on the server from a machine other than the qubes 
> machine. Yay. However, I did notice that I had to connect the storage (it's 
> an internal sata drive) as a block device after I booted the server in order 
> to have the data disk available for mounting. I looked around for help and 
> didn't see anything that seemed to really fit with my problem (just want to 
> tell qubes to attach the block device to the app-vm at startup). I searched 
> google and found a really popular message with some pretty arcane 
> instructions about allowing the app-vm to run scripts on qubes dom0 and that 
> just sounds wrong on so many levels that I thought I would ask it here in the 
> hopes of finding some simple instructions, advice, and or rationale.
> 
> Is is possible to make a second hard disk available to an app-vm's fstab so 
> that it can be mounted when the vm starts up? If it's a security no-brainer 
> why this is an ill conceived idea, I would appreciate hearing about that as 
> well, but really, I just want my rsyncd app-vm to have access to that honking 
> big drive when it starts up without my having to manually mount stuff every 
> time I restart.
> 
> Thanks for being patient with the newbs,
> 
> Will  
> 

Hi Will

Strangely enough I've just addressed exactly this issue in another post
- look at the thread on "storage occupancy on qubes os" for one approach
to take. It's not hard to do and you should be able to adapt that to
your circumstances quite easily: if not, post your problem, and we'll
try to help.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170310024738.GB13357%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storage occupancy on qubes os

2017-03-09 Thread Unman

On Thu, Mar 09, 2017 at 06:40:15PM -0500, Chris Laprise wrote:
> On 03/09/2017 05:57 PM, evo wrote:
> >Hey!
> >
> >the last question for today! :D
> >qubes is really great, but i want to understand some things, that are
> >new for me.
> >
> >i don't understand the storage occupancy in Qubes OS.
> >
> >I can give the home-folder more space, but where can i understand how
> >much space i have already used? where can i see the whole storage usage?
> >
> >and how can i add new SSD to the special VM (for example "work")?
> >
> >thanks for help!
> >
> 
> When you expand an appVM's storage, you're really changing the maximum
> limit. The space isn't allocated from dom0 storage until its used (and
> deletions will cause the space to be returned to dom0).
> 
> Normal space reporting tools for Linux will show you the overall space and
> usage in dom0. For instance, I use the KDE disk space widget on my desktop.
> 
> You can attach additional storage to a VM by right-clicking on it in Qubes
> Manager and using the attach/detach menu. Or you can use 'qvm-block' command
> in dom0. Unfortunately, Qubes doesn't have a way to permanently attach
> additional volumes to template-based VMs, so this always has to be done
> manually or via a udev script, etc.
> 

This isn't true - it's pretty straightforward to add volumes at boot, and
it can be done automatically.

Let's say you want to add /dev/sda4 to work, and mount it at
/home/user/sda4. (It's ext4)

In dom0 look at the config files in /var/lib/qubes/appvms/work.
copy work.conf to work2.conf
edit work2.conf and add a stanza in the "devices" section

That's enough to attach the device to the qube.
If you also want to have it mounted automatically you have to do some
configuration in the qube.
Start up the work qube, and create a file /rw/config/fstab
containing:
/dev/xvde   /home/user/disk ext4 defaults,noatime   0 0

And then in /rw/config/rc.local add line:
cat /rw/config/fstab >> /etc/fstab
mount -a

Remember to chmod +x /rw/config/rc.local

Shutdown work

Now start work with the custom config -
qvm-start work --custom-config=/var/lib/qubes/appvms/work/work2.conf

work will start up with the drive attached and it will be mounted
automatically.

This is somewhat clunky - Qubes 4 will have better support for loading
custom configs. But configure a keyboard shortcut to that "qvm-start"
command and it's easy to work with.

Note that if you start work without the custom config it will start as
normal without the volume attached. This may be desirable at times.
If you want the menu items to start with the custom configs you'll have
to do some editing of the relevant files: again, that's fairly
standard stuff.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170310023819.GA13357%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Videostream with Qubes??

2017-03-09 Thread sm8ax1

Grzesiek Chodzicki:
> W dniu czwartek, 9 marca 2017 23:28:24 UTC+1 użytkownik evo napisał:
>> Am 03/09/2017 um 11:26 PM schrieb Grzesiek Chodzicki:
>>> W dniu czwartek, 9 marca 2017 23:19:23 UTC+1 użytkownik evo napisał:
 Am 03/09/2017 um 11:12 PM schrieb Grzesiek Chodzicki:
> W dniu czwartek, 9 marca 2017 21:41:02 UTC+1 użytkownik evo napisał:
>> On 03/09/2017 09:11 PM, Grzesiek Chodzicki wrote:
>>> W dniu czwartek, 9 marca 2017 21:01:12 UTC+1 użytkownik evo napisał:
 On 03/09/2017 08:37 PM, Grzesiek Chodzicki wrote:
> W dniu czwartek, 9 marca 2017 20:34:17 UTC+1 użytkownik evo napisał:
>> On 03/09/2017 08:27 PM, Grzegorz Chodzicki wrote:
>>>
>>>
>>> On 03/09/2017 08:23 PM, evo wrote:

 On 03/09/2017 08:10 PM, Grzesiek Chodzicki wrote:
> W dniu czwartek, 9 marca 2017 20:08:37 UTC+1 użytkownik evo 
> napisał:
>> On 03/09/2017 08:02 PM, Grzesiek Chodzicki wrote:
>>> W dniu czwartek, 9 marca 2017 19:44:38 UTC+1 użytkownik evo 
>>> napisał:
 Hello!

 i have problems with the most streams on the net.
 Youtube is ok, but i suppose rather slow.

 I think, this is the thing with flash, HTML5 and openH264.
 H264 is deactivated and if i want to activate it, it seems to 
 be not
 possible.

 Is it so, that HTML5 needs H264?
 Or is it so, that i need flash for every other stream.
 I tried also some links, that should be HTML5, but they were 
 not
 possible... maby they were not really in HTML5 or HTML5 does't 
 work good.

 Do somebody has an idea?
>>> try sudo nano /etc/qubes.guid.conf and add audio_low_latency = 
>>> true; parameter to the VM used for movie watching (or add it to 
>>> global variables).
>>> Alternatively, install Google Chrome (Not Chromium) and use 
>>> that.
>>>
>>
>> hmm... i don't have qubes.guid.conf in etc, not in dom0 and not 
>> in the VM
> Sorry, I meant /etc/qubes/guid.conf
>
 ah, ok, thanks!
 so i did add the new line under allow_fullscreen = true; by the 
 VM, that
 restarted the VM, but i think... nothing happens.
 if i want to stream MP4, it comes the download, which i don't want 
 at
 all. So firefox wants to download it instead of streaming.

 what i don't understand, what does audio have to do with stream?

 i will try it with chrome (i don't like)
>>> Video may stutter because video players and browsers automatically 
>>> try
>>> to synchronize video with audio (to avoid desyncs) so if audio 
>>> stutters,
>>> video will stutter as well. You may also want to try enable vertical
>>> blank synchronization in WIndow Manager tweaks.
>>>
>>> How does the formatting of the file look like? It should look like 
>>> this:
>>> VM: {
>>> work: {
>>> audio_low_latency = true;
>>> };
>>> };
>>> Additionally, You need to restart the VM after changing its 
>>> settings in
>>> the guid.conf file
>>>
>>
>> are ok, so low latancy is usefull also on youtube... is there any
>> security problems with it?
>
> IIRC this setting was used because having it on caused a CPU spike on 
> older kernels. It shouldn't matter now
>
>>
>> what do you mean with "window manager tweaks"?
>> where can i find vertical blank synchronization?
>
> Go to System Tools > Window Manager Tweaks > Compositor > Synchronize 
> drawing to vertical blank
>>
>> the formating is like
>>
>> VM: {
>>work: {
>> allow_fullscreen = true;
>> audio_low_latency = true;
>>
>> };
>> };
>>
>> i restarted the VM after change in quid.conf
>
> Formatting looks good, You may want to try restarting the physical 
> machine just in case.
>

 restarted the PM... firefox wants still to download the MP4-stream...
 i suppose that youtube runs better, quicker.. maby just my feeling and
 not fact.

 fedora don't have chrom in the sources, strange... i will try to 
 install
 it from google source or smth like that.

 but is there no possibility to play stream on firefox??
>>>
>>> You'll probably need

94 matches

Mail list logo