Re: [qubes-users] Re: Question(s) regarding Qubes minimal templates

[Vít Šesták]

Fedora 23 has EOLed, Fedora 24 should EOL in about two months. When Fedora is 
EOLed, it receives no security updates. So, looking to near future, I'd upgrade 
to Fedora 25 rather than to Fedora 24.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a03aaed0-c8ab-418f-b779-5d4393e77f43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Question(s) regarding Qubes minimal templates

[Qubed One]

'Tomei Ningen' via qubes-users:
>> I'm a strong advocate of using minimal (or smaller) templates,
>> customised for specific use cases. Some people HATE this approach.
>> 
>> unman
> 
> Really? Coming from the sort of people with the patience for an OS
> like Qubes? I'd think anyone who's involved enough to have an opinion
> would be in favor of that -- that's kind of the idea here, isn't it?
> One thing I wish I could change would be the visual clutter it
> produces; anybody know of a means to flag these VMs as internal so I
> can hide the ones I'm not interested in seeing regularly?

In dom0, type this from the command line:

 qvm-prefs -s  internal True

> That being
> said, I'm definitely in agreement with you, unman. Would you
> recommend any particular setup for a more granular approach? My
> current arrangement of VMs [work in progress; suggestions welcome!]
> is structured like this as of now:
> 
> - dom0 - fedora-24
> 
> - dispVM(s) - fedora-24-minimal ( ... > derivative templates > appVM
> > packages*)
> 
> - fedora-24-min-net
> 
> - sys-net**
> 
> - General-purpose: gnome-keyring, less, man, pciutils, psmisc, sudo,
> vim-minimal, xterm - Template-specific: dbus-x11, dejavu-sans-fonts,
> NetworkManager, NetworkManager-wifi, network-manager-applet,
> notification-daemon, tinyproxy - fedora-24-min-frwll
> 
> - sys-firewall
> 
> - No additional packages; effectively a clone of the
> Fedora-24-minimal template. - fedora-24-min-vpn
> 
> - sys-vpn
> 
> - G.P.: sudo, xterm - T.S.: [TBD; trying out some different VPNs
> atm] - fedora-24-min-usb
> 
> - sys-usb
> 
> - G.P.: sudo, xterm - T.S.: qubes-input-proxy-sender -
> fedora-24-min-pen
> 
> - pentest
> 
> - G.P.: sudo, xterm - T.S.: aircrack-ng, ettercap, kismet, nmap,
> nmap-telcat, tcpdump, wireshark***, [remaining packages TBD]
> 
> * The concomitant dependencies aren't included in these lists (n.b.
> packages are installed in the respective templateVM) ** Can't quite
> get this one to run properly yet; I presume I need to install a
> proprietary driver in the template to make this work for my
> machine(?) *** Very interested in trying out v6ak's split-wireshark"
> idea but haven't found the time yet. Thanks for sharing that idea,
> v6ak!
> 
> - TN
> 
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a32d0613-2e00-33db-33f3-7740ed820949%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Window VM disappear when dont use

[Qubed One]

phongxuan1...@gmail.com:
> hi every one, i'm using Win7 64 bit in Quebe, I have a case that when i dont 
> use the VM in 15-20 min, window VM disappear and i cant find this vm anymore, 
> i have to restart vm or kill it to reuse it. Any one have solution for my 
> problem? Thank you
> 

IIRC, that happens when win7 goes to sleep (by default). Changing that
setting should solve your problem. I think its under power management or
something similiar.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6de9f251-43ff-aa03-a436-0ac37f9cd9e9%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - CF-31 Mk1

[m1eleftw]

Op maandag 14 november 2016 02:45:48 UTC+1 schreef Andrew Callahan:
> Notations:
> 
> VT-d- Chipset has this capability according to intel 
> (http://ark.intel.com/products/43544/Intel-Core-i5-540M-Processor-3M-Cache-2_53-GHz).
>  Examination of BIOS shows no chipset option; assumption- motherboard does 
> not support.
> 
> GPU- Unit features discreet ATI Radeon HD7750 card on board. Current testing 
> has not shown it to work yet with a variety of Linux flavors; testing was 
> minimal and should not be considered even slightly investigatory. To 
> overcome, force economy mode in BIOS; this forces onboard chipset
> 
> TPM- Fitted. Chipset v1.2 default for CF-31 early Mk series units where 
> equipped. (Not enabled)
> 
> TXT- Fitted on early Mk series units where equipped. (Not enabled)
> 
> Touchpad is a P/S2 unit. Requires i8042.nopnp notification added to 
> /boot/grub2/grub.cfg file. Insert i8042.nopnp under 20_linux_xen at end of 
> first module line
> 
> Notes- Unit will fully realize two VMs (browser, email client, file browser, 
> and text editor for each) simultaneously in addition to net/firewall/whonix 
> VMs. No more than two with default RAM mem settings.
> 
> Touchscreen not calibrated correctly. I have used xinput_calibrator in other 
> Linux platforms to perform permanent calibration but have not tried yet for 
> Qubes.
> 
> Occasional issues with wifi if discreet switch not set to 'on' prior to 
> system startup. Initial setups of VPN configuration and wifi performance show 
> slow/spotty performance. After setup and reboot, system performs well. 
> 
> Worked with 3.1 for a while, getting comfortable. Attempt to wipe and install 
> 3.2 met with issues. VMs would show booting in manager but no window for 
> requested browser/file mgr/etc would ever show. System felt slightly more 
> sluggish. Also, attempts to import VM backups abject failure. Did not explore 
> situation in further depth but instead returned to 3.1.
> 
> Additional personal notes:
> If the CF-31 is your first toughbook of the series, F2 to BIOS and set screen 
> brightness to half power setting. At full brightness (under 1/2 pwr setting) 
> in strong sunlight, a clean screen is still easily visible. Indoors, 20-40% 
> power much more comfortable.
> 
> Buttons- following Function/FN buttons known working: Screen brightness (20% 
> increments) controls [F1 F2], Mute [F3], Sound (5% increments) [F4 F5], and 
> emissive keyboard brightness [F12]. Never use other FN key combos.
> 
> Multi-Purpose Drive bay (DVD), PCMCIA, SD card, etc all function fine. 
> LUKS-encrypted systems give a post-removal error but no evident issues.
> 
> CANNOT BOOT from SD card or USB. Requires hi-cap DVD for install.
> 
> Battery packs are a default 87wh- sufficient for 3 hours straight use w/ wifi 
> on, screen 80% brightness, constant use (no breaks). Example- second seat in 
> car running continuous web surf/mail client. Battery actual capacity used in 
> test 80wh (my oldest battery). CF-30 batteries and harddrive caddies are 
> interchangeable.
> 
> SSD compatible. No special PAE flags required.
> 
> Many BIOS settings possible but no settings changed from use with other 
> common with other Linux flavors like Ubuntu, Mint, Arch, etc.
> 
> Additional help w/ CF-31 and other toughbook models can be found at 
> toughbooktalk forums.
> 
> Welcome information for installing xinput_calibrator or similar software 
> package for calibration of touchscreen. Will answer all questions to best of 
> ability.

A 31 Mk1 does not have the 7750M GPU, that'll be the Mk4 Performance Model. The 
Mk1 had a iGPU or ATI HD5650M dGPU.

That said, might aswell try Qubes on my 31 Mk3 Standard (i5 3320M, HD 4000 
iGPU, 16GB RAM, GPS)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f6b80d5-3d8a-4040-a534-936964ea7c7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] nf_conntrack_saned module not working

[cooloutac]

This might be a raspberry pi specific issue.

But I could no longer scan over the network to my raspi print server from qubes 
I believe after recent updates.  the appvm,  and my printer.  would lock 
up/hard freeze  till I kill the vm and unplug the printer..


 will also post the question on the raspi forums maybe its due to their latest 
kernel updates.  I was seeing too many incoming connection error messages from 
saned in syslog.  So I assumed the module not working and manually added a port 
range to the saned config file and sure enough now I can scan ove rnetwork.

But I feel this is less secure then using the nf module? anyone else run into 
this problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c24e1a98-a855-46ab-bb84-aef690d7de91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Ubdate Electrum offline-wallet

[Finsh]

in fact, they dont do anything at all anymore, exept starting the appvm

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aeb1fc0e-4787-4fe4-a7a3-ec021c9e8665%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to hide template VMs or other in Qubes Manager

[Unman]

On Wed, Jun 14, 2017 at 09:22:52AM +0200, 'P R' via qubes-users wrote:
> Hello,
> 
> I'd like to keep my Qubes Manager Interface lean so that I can see what is
> going on.
> 
> Is there any way to hide not running template VMs from Qubes Manager?
> I would like to see this as an additional option in the Qubes "View" menu
> (Show/Hide template VMs).
> 
> As the dvm-AppVM can be hide via "Show/Hide Internal VMs" I tried to edit
> /var/lib/qubes/qubes.xml and set the Internal flag vom false to true, but
> this doesn't hide the VM in Qubes Manager, even after closing and
> restarting Qubes Manager.
> 
> Question:
> Can the hide Template VM feature be added in further versions of Qubes
> Manager
> 
> And:
> 
> How can I mark a VM as internal?
> 

use qvm-prefs in dom0:
qvm-prefs -s  Internal True

Hides any entry from QubesManager AND the Menu.
Ideal if you are preparing a Qubes box for someone else.

I think this has been requested before but as a combination from the
"View" menu provides the running/internal combo it wasn't felt to be
necessary.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170614092056.GA7292%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to hide template VMs or other in Qubes Manager

['P R' via qubes-users]

Hello,

I'd like to keep my Qubes Manager Interface lean so that I can see what is
going on.

Is there any way to hide not running template VMs from Qubes Manager?
I would like to see this as an additional option in the Qubes "View" menu
(Show/Hide template VMs).

As the dvm-AppVM can be hide via "Show/Hide Internal VMs" I tried to edit
/var/lib/qubes/qubes.xml and set the Internal flag vom false to true, but
this doesn't hide the VM in Qubes Manager, even after closing and
restarting Qubes Manager.

Question:
Can the hide Template VM feature be added in further versions of Qubes
Manager

And:

How can I mark a VM as internal?


- P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAM8xnvJyCogDPwVvt18AUFaH0tN6Xx_--ekL_7ze1PQvdiiMOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Question(s) regarding Qubes minimal templates

['P R' via qubes-users]

Hello,

Are there any reasons to migrate from fedora-23 to fedora-24 regarding:

- features
- security
(...)

Regards

- P

Am 14.06.2017 12:30 vorm. schrieb "'Tomei Ningen' via qubes-users" <
qubes-users@googlegroups.com>:

> > I'm a strong advocate of using minimal (or smaller) templates,
> customised for specific use cases. Some people HATE this approach.
> >
> > unman
>
>  Really? Coming from the sort of people with the patience for an OS
> like Qubes? I'd think anyone who's involved enough to have an opinion would
> be in favor of that -- that's kind of the idea here, isn't it?  One thing I
> wish I could change would be the visual clutter it produces; anybody know
> of a means to flag these VMs as internal so I can hide the ones I'm not
> interested in seeing regularly?
>  That being said, I'm definitely in agreement with you, unman. Would
> you recommend any particular setup for a more granular approach? My current
> arrangement of VMs [work in progress; suggestions welcome!] is structured
> like this as of now:
>
>
>- dom0
>- fedora-24
>- dispVM(s)
>   - fedora-24-minimal *( ... > derivative templates > appVM >
>packages*)*
>- fedora-24-min-net
>   - sys-net**
>  - *General-purpose: *gnome-keyring, less, man, pciutils, psmisc,
> sudo, vim-minimal, xterm
> - *Template-specific: *dbus-x11, dejavu-sans-fonts,
> NetworkManager, NetworkManager-wifi, network-manager-applet,
> notification-daemon, tinyproxy
> - fedora-24-min-frwll
>   - sys-firewall
>  - *No additional packages; effectively a clone of the
> Fedora-24-minimal template.*
> - fedora-24-min-vpn
>   - sys-vpn
>  - *G.P.*: sudo, xterm
> - *T.S.*: [TBD; trying out some different VPNs atm]
> - fedora-24-min-usb
>   - sys-usb
>  - *G.P.*: sudo, xterm
> - *T.S.*: qubes-input-proxy-sender
> - fedora-24-min-pen
>   - pentest
>  - *G.P.*: sudo, xterm
> - *T.S.*: aircrack-ng, ettercap, kismet, nmap, nmap-telcat,
> tcpdump, wireshark***, [remaining packages TBD]
>
> * The concomitant dependencies aren't included in these lists (n.b.
> packages are installed in the respective templateVM)
> ** Can't quite get this one to run properly yet; I presume I need to
> install a proprietary driver in the template to make this work for my
> machine(?)
> *** Very interested in trying out v6ak's split-wireshark" idea but haven't
> found the time yet. Thanks for sharing that idea, v6ak!
>
> - TN
>
>
>
> Sent with ProtonMail  Secure Email.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/QOUCXs5Owf4_vFzLV8tj0-YlBHu981vPYZYllxyjhEEUARUYol1x
> XRAHwNTExkDU0O9iMVo0_fWuy4AlV4-AlAT_GSEpbXPcDbfw6jw_GYw%3D%40protonmail.ch
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAM8xnvKr7us%2BF2SAgM2RCka%2Bm5yDGPmtTtVS3D0zTbLQM5jidw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] certified laptop delivery to Russia

[Alex]

On 06/13/2017 10:00 PM, Oleg Artemiev wrote:
> Hello.
> 
> Has anyone sent the Qubes certified laptop to Russia?
> 
> Are there any delivery or customs issues that Russian citizen should 
> be aware of?
> 
> How do I check that US vendor hasn't passed implant into device?
It's long been a bad idea in general buying computers that are meant to
have any appreciable level of security and have them shipped by mail
delivery...

And you are planning to buy something from the United States of America
(known for the very problem you are asking about), have it delivered to
the Russian Federation (not a very believable defender of citizen
privacy), and believe it will arrive safe and secure? Mmmm... I would
not try that :/

And I'm sorry, but apart from suspicion I can't really give you any
actual advice :( best of luck for your next laptop

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/349ed879-4078-f6a0-7b82-26f571263070%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] T470 - High temp/short battery life despite low/no CPU load

[wordswithnemo]

I'm running the 4.9.29-17 testing kernel on dom0, because my display requires 
it.

At idle, my CPU runs around 40-45C. This is when I'm not using the laptop and 
Qubes VM Manager, as well as dom0 system tools, show ~0% CPU usage.

Under load it can spike as high as 75C. Load in this case might be browsing an 
SAAS tool or viewing a YouTube video.

I have an internal battery plus the largest external battery available, 94 Wh 
in total. Normally, on Windows, this would translate into 12 to 17 hours of 
battery life, but on Qubes I'm looking at 6 or less.

I'm assuming this has something to do with power management, so here is what 
I'm seeing in xenpm while the system is under light to moderate load and the 
system is hovering around 50C:

-

dom0: xenpm start 60

Timeout set to 60 seconds
Start sampling, waiting for CTRL-C or SIGINT or SIGALARM signal ...
Elapsed time (ms): 6

CPU0:   Residency(ms)   Avg Res(ms)
  C017208   (28.58%)0.08
  C142991   (71.40%)0.20
  C29   ( 0.02%)0.30
  C30   ( 0.00%)0.00

  P00   ( 0.00%)
  P1868 ( 5.53%)
  P213  ( 0.09%)
  P30   ( 0.00%)
  P47   ( 0.05%)
  P567  ( 0.43%)
  P685  ( 0.54%)
  P769  ( 0.44%)
  P820  ( 0.13%)
  P994  ( 0.60%)
  P10   61  ( 0.39%)
  P11   137 ( 0.87%)
  P12   92  ( 0.59%)
  P13   64  ( 0.41%)
  P14   406 ( 2.59%)
  P15   13719   (87.33%)
  Avg freq  1036370 KHz

CPU1:   Residency(ms)   Avg Res(ms)
  C017209   (28.58%)0.08
  C142992   (71.41%)0.20
  C27   ( 0.01%)0.36
  C30   ( 0.00%)0.00

  P00   ( 0.00%)
  P1925 ( 5.89%)
  P218  ( 0.12%)
  P333  ( 0.21%)
  P438  ( 0.25%)
  P550  ( 0.32%)
  P638  ( 0.25%)
  P767  ( 0.43%)
  P837  ( 0.24%)
  P9104 ( 0.66%)
  P10   91  ( 0.58%)
  P11   156 ( 1.00%)
  P12   73  ( 0.47%)
  P13   59  ( 0.38%)
  P14   444 ( 2.83%)
  P15   13580   (86.39%)
  Avg freq  1036370 KHz

CPU2:   Residency(ms)   Avg Res(ms)
  C017408   (28.91%)0.07
  C142792   (71.07%)0.17
  C27   ( 0.01%)0.40
  C30   ( 0.00%)0.00

  P00   ( 0.00%)
  P1895 ( 5.67%)
  P217  ( 0.11%)
  P320  ( 0.13%)
  P460  ( 0.38%)
  P517  ( 0.11%)
  P646  ( 0.30%)
  P7104 ( 0.66%)
  P821  ( 0.13%)
  P994  ( 0.60%)
  P10   50  ( 0.32%)
  P11   175 ( 1.11%)
  P12   85  ( 0.54%)
  P13   43  ( 0.28%)
  P14   494 ( 3.13%)
  P15   13685   (86.54%)
  Avg freq  1036370 KHz

CPU3:   Residency(ms)   Avg Res(ms)
  C017389   (28.88%)0.06
  C142814   (71.11%)0.15
  C24   ( 0.01%)0.27
  C30   ( 0.00%)0.00

  P00   ( 0.00%)
  P1888 ( 5.63%)
  P211  ( 0.07%)
  P30   ( 0.00%)
  P434  ( 0.22%)
  P559  ( 0.38%)
  P637  ( 0.24%)
  P765  ( 0.41%)
  P840  ( 0.26%)
  P988  ( 0.56%)
  P10   60  ( 0.39%)
  P11   143 ( 0.91%)
  P12   53  ( 0.34%)
  P13   100 ( 0.63%)
  P14   523 ( 3.32%)
  P15   13660   (86.64%)
  Avg freq  1036370 KHz

Socket 0
 Core 0 CPU 0
 Core 1 CPU 2

---

And what xenpm is showing for frequency parameters

---

cpu id   : 0
affected_cpus: 0
cpuinfo frequency: max [2801000] min [40] cur [80]
scaling_driver   : acpi-cpufreq
scaling_avail_gov: userspace performance powersave ondemand
current_governor : ondemand
  ondemand specific  :
sampling_rate: max [1000] min [1] cur [2]
up_threshold : 80
scaling_avail_freq   : 2801000 280 270 250 240 220 200 
180 160 150 130 110 80 70 60 *40
scaling frequency: max [280] min [40] cur [40]
turbo mode   : enabled

cpu id   : 1
affected_cpus: 1
cpuinfo frequency: max [2801000] min [40] cur [80]
scaling_driver   : acpi-cpufreq
scaling_avail_gov: userspace performance powersave ondemand
current_governor : ondemand
  ondemand specific  :
sampling_rate: max [1000] min [1] cur [2]
up_threshold : 80
scaling_avail_freq   : 2801000 280 270 250 240 220 200 
180 160 150 130 110 80 70 60 *40
scaling frequency: max [280] min [40] cur [40]
turbo mode   : enabled

cpu id   : 2
affected_cpus: 2
cpuinfo frequency: max [2801000] min [40] cur [80]
scaling_driver   : acpi-cpufreq
scaling_avail_gov: userspace