Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?

[cooloutac]

On Sunday, March 26, 2017 at 8:22:46 PM UTC-4, Andres MRM wrote:
> [2017-03-26 21:14] cooloutac:
> > what about using the internal kb, no good?
> 
> No... I'm using an ergonomic one. It wasn't cheap, it's very different from a
> common one and it took me months to get used to it. =P

so I guess just take your chances with it on the usb qube. I do it with mouse 
never seen anything weird happen.  a wireless mouse too. although I probably 
should put lock screen on I just realized I don't even have it on.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a097d330-9914-4fd2-b139-3adf08df3903%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HP EliteBook 820 G4

[xet7]

Hi,
I'm trying to install Qubes 3.2 iso from USB 2.0 stick to HP EliteBook G4 that 
has NVME harddisk. It's in usb boot menu loop.

I tried this:
chainloader /EFI/BOOT/xen.efi placeholder qubes-verbose /mapbs /noexitboot

And somehow got to this this error:
/EndEntire
file path: 
/ACPI(a0341d0)/PCI(0,14)/USB(1,0)/File(\EFI\BOOT)/File(xen.efi)/EndEntire

How can I continue install from USB stick ?

BR,
xet7

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1177286-e2c3-43f4-97a0-aed1c9fd1630%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Running VMs without xorg to trim down RAM ?

[Reg Tiangha]

On 03/27/2017 07:10 AM, Jane Jok wrote:
> Okay, so here's the gist:
>
> I have a configured netvm and firewallvm
>
> I don't need to be able to properly run a terminal there most of the time 
> because everything I wanted to do, is already done there (scripts, firewall 
> rules, etc etc etc etc)
>
> I am running this qubes install on a laptop so RAM is like, in great demand.
>
> Wanted to trim off a few more MB RAM from each of my firewallvms and some 
> other servicevms I have (USB, etc).
>
> Seems like running VM at equivalent of init 3 should be possible, however, 
> trying to run init3 command or any flavor of systemctl isolate 
> multi-user.target does not produce desired result (Xorg still runs, it seems)
>
> So the questions are
>
> 1) is it possible to configure a VM to run a "minimum" set of services a-la 
> init 3 without all the fancy GUI stuff?
>
> 2) how to return it to "normal" operation (by using the "run a command in vm" 
> functionality perhaps) if I temporarily need the GUI again?
>
That is an interesting question. I don't know the answer myself (though
I would like to know too, just for curiosity's sake), but here are some
RAM saving tips instead:

- For your service VMs, make sure to limit the upper RAM amounts. For
example, by default, sys-firewall's upper limit for RAM will be like
4GB; you can cut that down to 300-400 MB, and you might be able to bump
down the lower limit to 250 MB (if it doesn't start up properly from
cold boot, then bump that lower limit up until it does).

- In fact, take a look at all of your Template and App VMs and adjust
those upper RAM limits accordingly. For my Template VMs, I usually have
their upper limits at 2GB or less, since they rarely need more than
1-1.5 GB when updating.

- If you don't use the advanced features of the Qubes firewall (for
example, to restrict an Email VM or Banking VM to only allow traffic to
certain websites and not others using Qubes Manager to configure those
rules), you can switch to using Qubes Mirage Firewall which uses a
Mirage unikernel rather than a full-blown Linux distribution. I have
mine running on 64MB of RAM, but you could probably go down to as low as
30 or 32MB and still have it be reliable. If you *do* use those advanced
firewall features, you could still use Mirage Firewall for most VMs, and
only turn on sys-firewall for those VMs that need it on demand, rather
than having it run all the time:

https://github.com/talex5/qubes-mirage-firewall/

- Finally, if for whatever reason you need a shell into a VM (for
example, the machine is on but it has the yellow indicator in Qubes
Manager and it won't launch any programs), you can use virsh in dom0:

virsh -c xen:/// console 



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/obb5mo%24stu%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Running VMs without xorg to trim down RAM ?

[Jane Jok]

Okay, so here's the gist:

I have a configured netvm and firewallvm

I don't need to be able to properly run a terminal there most of the time 
because everything I wanted to do, is already done there (scripts, firewall 
rules, etc etc etc etc)

I am running this qubes install on a laptop so RAM is like, in great demand.

Wanted to trim off a few more MB RAM from each of my firewallvms and some other 
servicevms I have (USB, etc).

Seems like running VM at equivalent of init 3 should be possible, however, 
trying to run init3 command or any flavor of systemctl isolate 
multi-user.target does not produce desired result (Xorg still runs, it seems)

So the questions are

1) is it possible to configure a VM to run a "minimum" set of services a-la 
init 3 without all the fancy GUI stuff?

2) how to return it to "normal" operation (by using the "run a command in vm" 
functionality perhaps) if I temporarily need the GUI again?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab98c2f3-c959-437e-b11f-1b1e93b92c5b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Question to Mirage OS firewall users

[Thomas Leonard]

On Sunday, March 19, 2017 at 10:11:04 AM UTC, Foppe de Haan wrote:
> Stable so far. (Current uptime 12h, it crashed well before that when it 
> wasn't.)

Thanks for testing!

I've made a new release of that version now (identical binary):

https://github.com/talex5/qubes-mirage-firewall/releases/tag/v0.3

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8431f68e-7f19-4e5b-9fca-79bf1205d394%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Building Qubes from source, strange error.

[Elias Mårtenson]

On 27 March 2017 at 18:19, Andrew David Wong  wrote:

They won't be identical until we achieve reproducible builds:
>
> https://github.com/QubesOS/qubes-issues/issues/816


The builds are significantly different. The main difference that I noted
was that while the image I can download from the Qubes site is
approximately 4 GB in size, the one I built from source is 2.3 GB.

Also, using the home-built image, the graphics is incredibly slow, taking
several seconds to repaint the screen on the laptop on which I am doing my
tests. The official image doesn't have that issue. These two facts alone
suggests to me that there are some major components missing from the image
that I built.

Finally, I have to report that I can't get the network running on the Dell
Latitude 7480 even with a home-built image. Thus, I have to conclude that
until a new release (3.2.1 or 4.0), this machine can't be used with Qubes.
This is sad, since hardware-wise it'd be a perfect machine for the purpose.

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADtN0W%2Bfs96-2uv62R2axNwaxCVt_wVYncms-Q2bWJCpk3MWXQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] update process question

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-26 16:21, Unman wrote:
> On Mon, Mar 27, 2017 at 12:07:32AM +0100, Unman wrote:
>> On Mon, Mar 20, 2017 at 11:01:12PM +0100, haaber wrote:
>>> Hello,
>>> I have some understanding pb with updates. All my templates connect via
>>> TOR (sys-whonix) to the Internet. But normal repos. When I  sudo apt-get
>>> update, say in a debain-8 template, I have a certain number of lines like
>>>
>>> Ignhttp://http.debian.net jessie InRelease
>>> Ignhttp://deb.qubes-os.org jessie/main Translation-en_US
>>> Ignhttp://deb.qubes-os.org jessie/main Translation-en
>>>
>>> Is this "normal" ?  May I ignore it?  Thank you, Bernhard
>>
>> It's fine - it means that there are no changes in these files, so they wont
>> be downloaded this time.
> ..or the file couldnt be found but this isnt considered a critical error.
> 
> Either way you can ignore.
> 

In case you were wondering about seeing clearnet URIs despite using Tor,
that part is normal too. There are still security and privacy benefits
to downloading updates from non-onion-services. However, we do also have
onion services for Qubes update repos now:

https://github.com/QubesOS/qubes-issues/issues/2576

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJY2OgyAAoJENtN07w5UDAwzKIQAMNXWU43Gmt3MaLmN7HjcytF
nR5lPVjMmm6qjxc2U8UDnXmT2GHNYhYYjoBOH8Rs+U8AswVvrvOYtgIl+uPhfDr1
zNWWS30xc/CBFPVk0bowRo/0sgdQtunoWRv+4LaQI5aae3Yt8UQUFZLPWPOUWDuQ
vW0uTg2B12hJMvblwyDjHe8Zw3lyb95N4C8/voUx4Tk8UCDJpJ4uUUYVnLfaV4vy
JDPpHzPwSt9ZCW3pzWMJaPJiRalMZjzazwBx/6Bb3yqRoLubD2iNml6PGOZlEtgh
/jNMCYPzT9GtBR1b8w/Uc1n5rGC8ddIYzQ7+t5NwPdq6JlsX8jSc5Kk46XNoMT1v
DOd/rOGzILETsRGURcOdh2ica9qTDF+r7jn8SH8vkhXO+m0Wh4WVfDGLefEzcn10
RSEgObW/TZUwBXxZ7NktX42LnQl6AcuWR0kFvey1uCcHOZcIWgFyZAPmrdlcm4OS
87Nd4zClNgiVwfLCd++W/MGQBvx8RX/iU9vlJb++u6emHFgxpNbYTP1zbycvH2NR
gl+lEXiZPDYk4Y0Hqkq51gJhyb+ahhAFPT+mLmXjx56cqepzgdKnPH31//I/pAnS
lWIXms4Xs8kg0vPJhWi5SO0AiVvSWwJa5tePaeu29IqlN7EgeNrb++2jqd3Eoz5K
LQQphKDSxS52q2NN3ceH
=mbua
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33800022-43e8-ab7a-4a5a-073ebeccd27b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] assigning complete usb controller to vm. scanner device works but very, very slow

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-24 09:34, Steffen Hartmann wrote:
> Hello,
> 
> I've assigned my scanner (and the complete usb controller) via
> this description https://www.qubes-os.org/doc/assigning-devices/
> into a virtual machine.
> 
> I can use scanimage to use the scanner but it takes about 5
> minutes to scan a page. Everything works however.
> 
> Using Scanimage -L also works but also a long delay (30 sec). This 
> is true for debian 8 and also for fedora 23 and fedora 24 
> templates.
> 
> I also updated to kernel 4.8.12-12 (insde VM) but no change.
> 
> OS is Qubes 3.2 running the above kernel in DOM0 PC: Dell 5500 
> precision
> 
> Steffen
> 

This is probably a compatibility issue with that particular scanner
model. I've used a couple of different scanners in Qubes VMs and
haven't noticed any significant difference in scan times.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJY2ORZAAoJENtN07w5UDAw6kUQAMVxBB+bxzAaNohiOZXoTGzK
uaDxXqEOQex+l6rbApkpRvWs45PuE/czAuavvji1ZRkG4ha4SiVOfNp/3YIGcMUN
0Renr4mJn0/yrlpdi1d1FvpxdfyMY41A+i3kZ9zkdUNJNENp3T4xfjIFosG9s9UD
llM02EdvgqGtPHSkD2z6DGfP3Kz6DbTjeQLKUuKBKT6+4qmwj9BrZ2ja2xflQ9Vw
BnwTTz+hcdAEEHRlMsEWHWpTtZcYcTx83S3IG4ZRz5eYvotR7gqdpRvDy7E3g42e
u7vwKa9OA7+l3BqhuauYNAYR3Tv79fw6zTz5PoiN1GeFDgE56gxrcYXQUEq/K4BH
S0eLuTM89lEug7IPxuHQGSm2vJF5KAlVW8GdvJkdul5es4dDuuwPoc+95VcRWznK
lqjM0DkHeeMi+T+/IowV0+UfbD+Ub3zWXl7Op6JVpnZigLz01/+pvMOcFAnoug6C
9Tavr/aOK9afcE9YsM3DvLtc8AZ469zApXPy5XExqTVPOiOvLreu/yq7lMhKoUA4
nEDj6r7vofyjHQmp/DQzUsGR2LABNLNVp5v2+sJisyPTl66bNZHosvdGClsiZyBv
BgwdSH+Js1yvx8KOe76ZuxSUANjUbtkQ8VBTDP89GIIbx/mo33aN0mq/H7S44ebn
smwyjjtcc9p9qHvZsGfx
=ghAW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b7b8ee2-6b60-a97b-3c05-f103dd2a065a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] again usb problems

[haaber]

> On Mon, Mar 20, 2017 at 10:45:26PM +0100, haaber wrote:
>> Hello,
>> I need some help with USB. I cant mount them apart in sys-usb.
>> Concretely, I have the following contradicting informations:
>>
>> On one hand:
>>
>> [ me@dom0 ~]$ qvm-usb -l
>> sys-usb:3-2  13fe:4100 _USB_DISK_2.0_070A273523959238
>> [ me@dom0 ~]$ qvm-usb -a private sys-usb:3-2
>> ERROR: qubes-usb-proxy not installed in the VM
>>
>> Although
>>
>> [user @ private ]
>> sudo apt-get install qubes-usb-proxy
>> Reading package lists... Done
>> Building dependency tree
>> Reading state information... Done
>> qubes-usb-proxy is already the newest version.
>>
>> The AppVM "private" runs on a up-to-date  debian8 template. How can I
>> narow down the problem? Thank you!  Bernhard
> 
> What template are you using for sys-usb?
> Have you checked that you have qubes-usb-proxy installed there?

Hi Unman, thank you for helping.
the template for sys-usb is a fedora-24-minimal clone, that I called
fedora-24-usb. It has  qubes-usb-proxy-1.5.0-1 installed.

Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3fc3a9a1-bb08-3247-e644-c37430e7f127%40web.de.
For more options, visit https://groups.google.com/d/optout.