AW: Re: [qubes-users] X230 Webcam

2017-12-20 Thread '[799]' via qubes-users
 Original-Nachricht 
An 21. Dez. 2017, 03:11, Franz schrieb:

> I have a x230 and the default position
> of the webcam is in sys-usb where it appears
> as follows: Bus 002 Device 003: ID 04f2:b2eb
> Chicony Electronics Co., Ltd

I'd like to change the name so that it says "Internal Webcam" instead of 
"Chicony Electronics Co., LTD"
I know that there are some files which contains all USB device IDs and the 
description.
I also changed it there but the name wasn't changed.

https://askubuntu.com/questions/227881/lsusb-where-device-description-comes-from

Any idea how to get this done?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/UYmOSUzZXq3YCX5CqgNPpPFy77UbJ-kkf2jsnNIsSWG6LmnXtx1nk0YXi_eoCb-zDsPOFygp2M85A0D_eQLgZ0LQ7kHpPaNZGGNnVQG63y4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - ASUS ZenBook UX305UA

2017-12-20 Thread 'Jason Dreyzehner' via qubes-users

Qubes 4.0-rc3

Everything seems to be working well. Only hiccup: I've previously been 
able to boot on this machine without needing to disable secure boot 
(worked "right out of the box"), but after R3.2 it hangs after the 
penguins without CSM enabled.


Remark:
Enable legacy CSM and disable secure boot in BIOS

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5e7712c-a650-1fd2-d239-801735e929ec%40dreyzehner.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASUSTeK_COMPUTER_INC_-UX305UA-20171220-224945.cpio.gz
Description: application/gzip


Qubes-HCL-ASUSTeK_COMPUTER_INC_-UX305UA-20171220-224945.yml
Description: application/yaml


Re: [qubes-users] Verifying Install Files: Confused About How to Verify R3 ISO file

2017-12-20 Thread Chris Laprise

On 12/20/2017 10:44 PM, Kyle Breneman wrote:
I'm new to verifying keys and signatures.  I downloaded the Qubes R3 ISO 
file and accompanying signature file, as well as the Qubes Master 
Signing Key.  I verified and trusted the Qubes Master Signing Key.  I am 
stuck on how to verify the ISO file using the accompanying key.  GPG 
tells me that it cannot check the signature as there is no public key.  
See attached screenshots.  What am I doing wrong?  Please help!


Kyle

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To post to this group, send email to qubes-users@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmvoHHME5YpeTJQ%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


The Master key just verifies the release keys (one for each Qubes 
version). You need to import the v3 release key also.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c3b9a26-9532-e411-20f6-01b055d4065f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Verifying Install Files: Confused About How to Verify R3 ISO file

2017-12-20 Thread Kyle Breneman
I'm new to verifying keys and signatures.  I downloaded the Qubes R3 ISO
file and accompanying signature file, as well as the Qubes Master Signing
Key.  I verified and trusted the Qubes Master Signing Key.  I am stuck on
how to verify the ISO file using the accompanying key.  GPG tells me that
it cannot check the signature as there is no public key.  See attached
screenshots.  What am I doing wrong?  Please help!

Kyle

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmvoHHME5YpeTJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] X230 Webcam

2017-12-20 Thread Franz
On Mon, Dec 18, 2017 at 11:40 AM, Jo  wrote:

> Hello Folks,
>
>
> im trying to pass trough to a VM my build-in Webcam (x230 with
> coreboot). However, im unable to find it in the devicelist.Ive never
> used a Webcam before in Qubes.Is there anything im missing?
>
> The template is Fedora 25, the webcam works just fine in Linux Mint
> live.I couldnt find any coreboot - xen issues related to Webcams.
>
>
>
I have a x230 and the default position of the webcam is in sys-usb where it
appears as follows:
Bus 002 Device 003: ID 04f2:b2eb Chicony Electronics Co., Ltd



> cheers
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/72ea2967-e44c-efca-94d0-58c6d826942f%40seefelder-web.de.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qBo1_MmoBy64Q8qaz9j738%2BgtYc9U88VOc5hhOFuDrWQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2017-12-20 Thread Wael Nasreddine
On Friday, December 8, 2017 at 5:28:12 PM UTC-8, tai...@gmx.com wrote:
> On 12/08/2017 04:54 PM, Wael Nasreddine wrote:
> 
> > On Friday, December 8, 2017 at 12:07:56 AM UTC-8, tai...@gmx.com wrote:
> >> On 12/08/2017 02:43 AM, Yethal wrote:
> >>
> >>> W dniu czwartek, 7 grudnia 2017 21:23:18 UTC+1 użytkownik Wael Nasreddine 
> >>> napisał:
>  Hello,
> 
>  I'm looking to build a new Desktop specifically for Qubes OS, so my most 
>  important requirement is compatibility. I currently have 64GB (4 x 16GB) 
>  288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and 
>  I'm looking for a recommendation for the motherboard and CPU. Preferably 
>  a 6+ cores CPU. What do you guys use?
> 
>  I'm aware of the HCL page, but I'm mostly interested in knowing your 
>  personal experience with your current hardware.
> 
>  [0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264
> >>> Zero issues with i7-6800K on an AsRock X99 board. Has PS/2 port, 
> >>> disabling Management Engine is possible via built in flashing tool, all 
> >>> hardware sensors were detected and it supports PCI-E bifurcation 
> >>> alongside SR-IOV. I'm running Mini-itx version which may be unsuitable 
> >>> for your needs as it only takes 32GB of ram but it would be pretty safe 
> >>> to assume that full-size AsRock X99 motherboards would also be fully 
> >>> compatible with Qubes.
> >> That isn't disabling ME, nor ME cleaner - you can NOT disable ME - it is
> >> impossible even the HAP tool doesn't do so.
> > What's the ME and why disable it?
> >
> >> Your only hope is to buy hardware without it such as the new enough to
> >> be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and
> >> KCMA-D8 have libre firmware available and can play video games in a VM
> >> via IOMMU-GFX, they also have dual onboard separate USB controllers (you
> >> can use the second via a breakout bracket)
> > So I looked at both of these boards[0], they take a DDR3 board, but I found 
> > this one[1] that takes DDR4, does it still have opensource firmware?
> >
> > [0]: 
> > https://www.newegg.com/Product/Productcompare.aspx?CompareItemList=%2D1%7C13%2D131%2D670%5E13%2D131%2D670%2C13%2D131%2D643%5E13%2D131%2D643
> > [1]: https://www.newegg.com/Product/Product.aspx?Item=N82E16813132257
> >
> That is an entirely unrelated motherboard, the only thing in common is 
> that they re-used the model suffix "D16" other than that is is 
> completely different and as it is intel no it can't and it doesn't.
> 
> Just get a KGPE-D16 or KCMA-D8 - they're great boards - not only do they 
> have libre firmware but they also have a secure libre OpenBMC firmware 
> for remote management.
> https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php
> 
> The D16 comes with the required BMC module (ASMB4-iKVM or ASMB5-iKVM) 
> but the D8 doesn't.
> 
> Sell your DDR4 RAM, the only thing with open source firmware that 
> accepts DDR4 is the TALOS 2 for $4K - while that is an average price for 
> server hardware in its performance class (actually a good deal compared 
> with intel where a single xeon CPU alone costs thousands and only has 
> one thread per core vs POWER9 8 SMT threads per core) it is still a lot 
> of money unless you have a need for incredible speed and or incredible 
> security (POWER9 is open source hardware and entirely owner owner 
> controlled with no hardware code signing enforcement one can even modify 
> the microcode)

What do you think of this build 
https://screenshots.firefox.com/fHb14uahx7lEeAGe/secure.newegg.com ? I'm still 
missing cooler, power supply and possibly a TPM, I'd love your recommendation 
for these.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/171938a2-9f55-4409-be23-42a3216d7633%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] 3.2.1 / An updated 3.2 iso?

2017-12-20 Thread 'awokd' via qubes-users
On Wed, December 20, 2017 10:22 pm, Marek Marczykowski-Górecki wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> On Wed, Dec 20, 2017 at 12:38:47PM -, 'awokd' via qubes-users wrote:
>
>> On Wed, December 20, 2017 5:55 am, Andrew David Wong wrote:
>>
>>
>>> We do still plan to have a 3.2.1 release, but I'm afraid we have no
>>> estimated release date for it yet. We'll make an announcement as soon
>>> as we know more.
>>
>> I have some free time and have done a full 3.2 build before. If I know
>> what kernel version to target and what build of 3.2 to git I think I
>> could pull a fully reproducible list of steps and code together. Might
>> need access to a developer if I hit any code issues. Would that help?
>
> Yes, that would definitely help.
>
>
> Try building ISO based on example-configs/qubes-os-3.2.conf, with
> changed:
>
>
> DISTS_VM = fc26 stretch
> BRANCH_linux_kernel = stable-4.9
>
>
> And adjusted qubes-src/installer-qubes-os/conf/comps-qubes.xml for
> qubes-template-fedora-26 and qubes-template-debian-9 (simply modify
> existing entries to updated versions).

On it. Would be nice to upgrade dom0 from fc23 while I'm at it but I know
that's a lot harder than it appears...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa2ac3bac2f5b36317432f231a8814e2.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Ethernet port in an USB-C dock - failure to attach to sys-net

2017-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Dec 17, 2017 at 09:08:29PM +0100, Kristian Elof Sørensen wrote:
> 
> > You shouldn't have to do that, sys-usb is a NetVM by default.
> > 
> 
> Interesting.
> 
> the sys-usb is indeed listes as "Type: NetVM"
> 
> However the ethernet device does not show up when running ifconfig or the 
> "Network Connections" gui program.

By default network manager is disabled in sys-usb, to avoid confusion
(two identical icons). You can enable it in "services" tab of sys-usb
settings.

> When plugging in the USB-C dock, I see this:
> 
> [user@sys-usb ~]$ sudo dmesg -w
> ...
> [22271.385720] usb 3-1.2.4: new SuperSpeed USB device number 9 using xhci_hcd
> [22271.404341] usb 3-1.2.4: New USB device found, idVendor=0b95, 
> idProduct=1790
> [22271.404371] usb 3-1.2.4: New USB device strings: Mfr=1, Product=2, 
> SerialNumber=3
> [22271.404389] usb 3-1.2.4: Product: AX88179
> [22271.404401] usb 3-1.2.4: Manufacturer: ASIX Elec. Corp.
> [22271.404412] usb 3-1.2.4: SerialNumber: 01
> [22271.739817] ax88179_178a 3-1.2.4:1.0 eth0: register 'ax88179_178a' at 
> usb-:00:00.0-1.2.4, ASIX AX88179 USB 3.0 Gigabit Ethernet, 
> 60:45:cb:bd:16:c8
> [22271.803545] ax88179_178a 3-1.2.4:1.0 enp0s0f0u1u2u4: renamed from eth0
> 
> [user@sys-usb ~]$ /sbin/ifconfig 
> lo: flags=73  mtu 65536
> inet 127.0.0.1  netmask 255.0.0.0
> inet6 ::1  prefixlen 128  scopeid 0x10
> loop  txqueuelen 1  (Local Loopback)
> RX packets 36  bytes 2016 (1.9 KiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 36  bytes 2016 (1.9 KiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> 
> No other network device than "lo" is listed? I would have expected either 
> eth0 or enp0s0f0u1u2u4 ?

Check ifconfig -a

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo66Q4ACgkQ24/THMrX
1yxOOgf/fEeHmZcvzBBph/QMKt5TE/eEgbY4xlteXS62GQw3ib3pRqpQRpkjFZxF
kNh2l+990y20Jptc+swpgyDdQyNUPzLbuwNMXPm78YhbrVuaDT6x2/lz/zSSusj+
PyC5R6+vQgmK9y0yJpO1If24IAI0aELykEbeSUXgWIRSRyX/lQlmkNOjtYlHGT2S
nA+5vFk3rhOd4oQhPGKI90o4pWG40sGtB8CuFSiRYF1YNr9LVYCMi8nGyamJl63U
z9gbYM5Tbp6RGWmiRzyU+EuZULiYPEAHl5xIJp3vEbHF0lIsH828Gk1q1SwCmVZ8
VcjMkaOXB5D490Q4f/maeMhgSCBIgw==
=i34j
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171220224950.GC1923%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] 3.2.1 / An updated 3.2 iso?

2017-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Dec 20, 2017 at 12:38:47PM -, 'awokd' via qubes-users wrote:
> On Wed, December 20, 2017 5:55 am, Andrew David Wong wrote:
> 
> > We do still plan to have a 3.2.1 release, but I'm afraid we have no
> > estimated release date for it yet. We'll make an announcement as soon as we
> > know more.
> 
> I have some free time and have done a full 3.2 build before. If I know
> what kernel version to target and what build of 3.2 to git I think I could
> pull a fully reproducible list of steps and code together. Might need
> access to a developer if I hit any code issues. Would that help?

Yes, that would definitely help.

Try building ISO based on example-configs/qubes-os-3.2.conf, with
changed:

DISTS_VM = fc26 stretch
BRANCH_linux_kernel = stable-4.9

And adjusted qubes-src/installer-qubes-os/conf/comps-qubes.xml for
qubes-template-fedora-26 and qubes-template-debian-9 (simply modify
existing entries to updated versions).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo64pAACgkQ24/THMrX
1yxp7Af9Egelz8Qu8L1Gv2g58WsxSJTJpdq6+znz3F++vesjqo2pyEcox4V13OdG
XzSAryPAilC/Djbf2zLSmTol4hjec/iZf8q8nAThyh2VgpBn5d7OzqWW1p7HJ3GR
rIf+uB82Al2bbf0kvOlhJ43G9mF9dLWWMfSXdlck90ZzYDS+av9ONtqBNhXkuk+1
tpBR8pNzVqoLMn8799I/LlHfWt1B3EYvOhUIeSf/8L76RwYgtjk0rP7Z9OV23WtV
2y+s+aSyUiE0IE02xFXla+qF/0CUDnY/A/AWb66GMjfFnViNyiCoFhyZJ024HudU
apHWnwjGeU1oocegkJDXpO8LCUC2eA==
=XssL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2017122008.GB1923%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] template /home/user is not copied when creating appvm

2017-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Dec 20, 2017 at 08:55:49PM +0100, 'Tom Zander' via qubes-users wrote:
> On Tuesday, 19 December 2017 20:22:02 CET Dave C wrote:
> > Whenever a TemplateBasedVM is created, the contents of the /home
> > directory of its parent TemplateVM are copied to the child
> > TemplateBasedVM’s /home...
> > 
> > Is this true in Qubes 4.0 rc3?
> > 
> > In my experience, changes made to /home/user in the template are not
> > copied to the appvm when it is created.
> 
> This mirrors my experience, AppVMs don’t inherit the homedir.
> 
> I believe that the design has changed (i.e. the docs are outdated). Template 
> VMs are means to be used purely for its operating system and the software 
> going with it, the homedir should have no personal data or app-configs 
> because you should not use the template for anything other than updating 
> packages.

Yes, exactly. If you want some initial configuration for new AppVMs, use
/etc/skel there, just like on normal Linux for new user's home.

> Notice that disposable VMs no longer use templateVMs, they are based on an 
> AppVM instead. You will likely end up creating an AppVM which will be a 
> template for disposable VMs launched by the system.

Yes, this is the reason why DispVMs are based on AppVM (which was also
the case in 3.2 - there were fedora-xx-dvm VMs).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo64TIACgkQ24/THMrX
1yw7PQf+PUEHnNO0ZmkrDPBOSRjjO81jZsklKTiLyNBCzCvZM2jqPV63ZhXYtYFC
Cw8sk6/aPeYm72tSKU71FCZIk2PE96e9WEGKT7oZPTKqnbqHUOIGczwsoR3tEwVw
APqsWrTNKN3Kdwursgz+sNDG0uEga6NvrO/DnmI92VftDsP329GUYZPeVWj80f7u
vyTlq6eITX8HY7OXO2gKnB+mjn8jVpRKqAN8C+bJtGFxmWhDit6J4286PaAypc3t
1G90zspMsdccEbLd1s09YoenbH1iD1OB6+osRXZ4vgW83sHI239LgiWV4kmrLcs9
nfHHDigN0onbFcv/6JF5Quqjs+k/eg==
=X41g
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171220221618.GA1923%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] X230 Webcam

2017-12-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Jo:
> im trying to pass trough to a VM my build-in Webcam (x230 with
> coreboot). However, im unable to find it in the devicelist.

It's a USB device (not PCI), so you'd forward it using qvm-usb:
https://www.qubes-os.org/doc/usb/#usage-of-qubes-usb-proxy

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJaOt3HXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfrocP/j/x0EK5MpNFvTjJxsqg9q7H
aGF6vgJATTsFnhkpfIgyAGymFv+ZKSww4H+Azz/3RrfwGfWirw+BsMeiLHNXT35z
ZqVixCumDxLSVwdxPMRJEmHZE1JIhhSZOiiItjVdF3qY3OYy0JTMNSzoY5c3pUSG
oNpVsGooMZbGYZsxpunE5XyjnP5jepLcxuNlfvM/xcmD5+0Hir8aG3gnW9Hv8YA8
HEUhvqp9WMdBYhOAMHbNfHb3XfcnH45kOpBak0IXGgZ1d34KfwjGyYFv6iH2cRxW
xpDVsgla5iz6mtBQV7uVc072ovLwlYVDbXY/AGauFEN8Yh4IHByyPkmFF5+LLe4M
OBFEnRXsIK+3pF/7fU96fDx2aNpoCseVAqRXThcpwq99IzLE+Ac/Iqy9h/J+TGSl
SrmmHeR8uFvRFldPIsPn6wwEosA75P3IhPduZUslpEbXBdgKSzs5lpWgYHlqPK13
sxnArnpaBy3IsdBeZmuKxdtlbSuT4RGWXlM3UZyMM/JrlDVIWQtr/GKAtfAMd3RU
uFaOlz2u2qEnq0UYLDcTnM0Ca/tWsXPFwIOkUtLsHxDUZbdFmUGIU+jezlShLD73
oGWLIN9JANj6RLKr5yDCV8i4/PhIhkQM0MoWydnwIRb4Wx4b9p9bbU/DiHj+38z9
X5rzcbk2UPqbc/7lcdLz
=tqCb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171220220144.GA1365%40mutt.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes-mirage-firewall 0.4

2017-12-20 Thread donoban
>From https://github.com/talex5/qubes-mirage-firewall

"You can use any template, and make it standalone or not. It doesn’t
matter, since we don’t use the hard disk."

Well, in fact it matters, if you select standalone the template will be
copied wasting some space...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99b8b315-bd98-85a9-e080-b622887cf0c0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] qubes-mirage-firewall 0.4

2017-12-20 Thread donoban
On 12/19/2017 08:05 PM, Thomas Leonard wrote:
> I'd like to announce the release of qubes-mirage-firewall 0.4:
> 
>   https://github.com/talex5/qubes-mirage-firewall/releases/tag/v0.4
> 
> This is a unikernel that can run as a QubesOS ProxyVM, replacing 
> sys-firewall. It may be useful if you want something smaller or 
> faster-to-start than the Linux-based sys-firewall, are worried about possible 
> attacks against Linux's C net-front code, or just like playing with 
> unikernels.
> 

Hi,

I am thinking on testing it but I have no idea about unikernels and OCaml.

If I'm not wrong you have to configure the rules for the firewall before
building the kernel image? Once you start it you have no way for change
rules?

I don't know if I will have success with it and use it but thanks for
your effort.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a03cdce7-8651-d662-c2a0-fb26e1b95f59%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] vms fail to return memory after pc idle for a long time.

2017-12-20 Thread Chris Laprise

On 12/20/2017 01:32 PM, cooloutac wrote:

On Wednesday, December 20, 2017 at 1:31:25 PM UTC-5, cooloutac wrote:

On Wednesday, December 20, 2017 at 8:22:08 AM UTC-5, awokd wrote:

On Tue, December 19, 2017 7:18 pm, cooloutac wrote:

didn't realize I left my pc on overnight.  Came back to it to see almost
all the vms had yellow triangles.

Computer doesn't go to sleep or anything, and alL i woke was the monitor
and possibly hdd.   System has 16gb of memory,  was only a couple appvms
and sys-vms and not much open in them.

should I be worried? lol.


Maybe check your dom0 logs to see if qmemman is reporting any problems?
Might have to enable loglvl=all in the hypervisor command line.


ok tks I'll try.


I might just upgrade to 4 and backup w/e data I have (pictures) .  And see how 
it is.



This is a known issue:

https://github.com/QubesOS/qubes-issues/issues/3265

A workaround is to do 'sudo systemctl qubes-qmemman.service' in dom0. It 
will stop working again, so you may need to repeat it or put it in a 
timed loop.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab60b3a9-6303-47a4-56f6-fdb2c2c63713%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] template /home/user is not copied when creating appvm

2017-12-20 Thread 'Tom Zander' via qubes-users
On Tuesday, 19 December 2017 20:22:02 CET Dave C wrote:
> Whenever a TemplateBasedVM is created, the contents of the /home
> directory of its parent TemplateVM are copied to the child
> TemplateBasedVM’s /home...
> 
> Is this true in Qubes 4.0 rc3?
> 
> In my experience, changes made to /home/user in the template are not
> copied to the appvm when it is created.

This mirrors my experience, AppVMs don’t inherit the homedir.

I believe that the design has changed (i.e. the docs are outdated). Template 
VMs are means to be used purely for its operating system and the software 
going with it, the homedir should have no personal data or app-configs 
because you should not use the template for anything other than updating 
packages.

Notice that disposable VMs no longer use templateVMs, they are based on an 
AppVM instead. You will likely end up creating an AppVM which will be a 
template for disposable VMs launched by the system.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3068604.OtRxxK0urg%40strawberry.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: 3.2.1 / An updated 3.2 iso?

2017-12-20 Thread cooloutac
On Wednesday, December 20, 2017 at 1:50:43 PM UTC-5, cooloutac wrote:
> Ya I'm not sure I would want the bleeding edge kernel to be replace default 
> on the iso though.  I'd rather be using the most "secure" one.

I would even be in favor of replacing fedora 25 with debian stable for 
"security" reasons haha, but then more people would probably have hardware 
problems.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb9916c1-bbe9-4a56-8f75-2ec1ac169472%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: 3.2.1 / An updated 3.2 iso?

2017-12-20 Thread cooloutac
Ya I'm not sure I would want the bleeding edge kernel to be replace default on 
the iso though.  I'd rather be using the most "secure" one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/000451c1-6ae9-44fc-9106-8df62527aa66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: 3.2.1 / An updated 3.2 iso?

2017-12-20 Thread cooloutac
On Tuesday, December 19, 2017 at 11:41:15 PM UTC-5, Mike Freemon wrote:
> On 12/19/2017 01:04 PM, cooloutac wrote:
> > On Tuesday, December 19, 2017 at 10:05:49 AM UTC-5, Vincent Adultman wrote:
> >> Hi all
> >>
> >>
> >>
> >> We were chatting today in IRC about current user expectations and 
> >> experiences with the 4 release candidates. While many are happily testing 
> >> there are indeed some visitors who drop by with the requirement of a daily 
> >> driver stable system, but have some newer hardware than the kernel on the 
> >> current 3.2 iso will support. These users seem to be in a somewhat painful 
> >> position, the bravest are attempting to build their own isos or perform 
> >> some cross install using a machine that will work. Some fail / give up.
> >>
> >>
> >>
> >> https://www.qubes-os.org/doc/supported-versions/ suggests that at some 
> >> point a 3.2.1 release was/is planned, h01ger suggested to me all focus is 
> >> currently on 4, but can I ask:
> >>
> >>
> >>
> >> 1. What are the current plans for 3.2.1? (if it was planned to be anything 
> >> other than an updated iso)
> >>
> >> 2. Regardless of 1. is there a possibility of getting an updated 3.2 iso 
> >> for Christmas, given that some will undoubtedly use the holiday time to 
> >> try Qubes, quite possibly on shiny new hardware :)
> >>
> >>
> >>
> >> Thanks for your time.
> >>
> >>
> >>
> >> V
> > 
> > sounds like an inherent linux problem,  not much qubes can do about that.
> 
> A number of the problems encountered by people trying to install R3.2 on
> newer hardware would be avoided if the installation ISO contained a more
> recent version of the linux kernel.
> 
> For example, see:
> https://groups.google.com/forum/#!msg/qubes-users/fE2HCAdF-U0/eLovum3xAgAJ
> 
> That's what the OP was asking about, if I'm reading it correctly.
> 
> I completely support and appreciate the work of the Qubes team.  I can
> imagine that updating R3.2 at the same time as finalizing R4 would be
> asking a lot.  But with the extended support for R3.2[1] driven by the
> new minimum hardware requirements, and also considering the lack of a
> management GUI, I suspect that the value of a newer R3.2 ISO will become
> clear.
> 
> Yes, count me as a technically-savvy person who uses the Qubes Manager
> GUI continuously.  However, the Qubes team should not take this as a
> criticism.  I understand the need to prioritize, and I don't disagree
> with the decisions that were made.  But I do wonder to what extent the
> lack of a GUI will slow the adoption of R4.
> 
> [1]
> https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/

Well if its included in the stable eol release of fedora I don't see why it 
shouldn't be default for Qubes.

People already complain iso is big though.  isn't linux kernel like over 100mb? 

There is a thread on here about how to boot into text mode and then from there 
maybe you can compile newer kernel for dom0 using reg tianghas instructions.

Also buying that newer hardware doesn't shout someone who truly cares about 
security to me.   Sounds like More for gaming imo.

I have a 7700k on a less then a year old board but I use windows on it for 
gaming.  want anything sensitive on that hardware.   Not even worth the space 
for Qubes and gaming machine with ssd drives popular now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0056c65-de35-4788-9a36-d98fe10fb808%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Yubikey challenge-response in Qubes 3.2., Xscreensaver etc

2017-12-20 Thread rob_66
Hi,

I'm not able to answer (technical issues) to the already existing
corresponding emails here, so I'm trying to send this seperately.

There's a quite new Qubes discussion/set-up here – not finished yet?:

https://github.com/QubesOS/qubes-issues/issues/3307
https://github.com/QubesOS/qubes-doc/pull/478

I've also been following/studying mig5's proposals here:

https://mig5.net/content/yubikey-challenge-response-mode-qubes
https://mig5.net/content/yubikey-2fa-qubes-redux-adding-backup-key

*Test it with Xscreensaver first in order to not lock you out of the
system.*

It looks like you have to play around with 'variable input' and 'fixed
64 bytes' in Yubikey personalization tool and sending 63 or 64 bytes
in the yubikey-auth script.

For me, Qubes 3.2., Fedora 25 sys-usbVM, it may differ for your set-up,
mig5's version  for now, not mixing up anything from the Qubes proposals
 worked perfectly, i.e., sending 63 bytes in the auth script, no spaces
in the auth script for AES key, 'variable input' in Yubikey programming.

*Adjust your new Yubikey settings at the right time for other apps, e.g.
KeePassXC where challenge-response is working well.*

Best regards.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p1eaiu%241l5%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] can I use paranoid mode from a 3.2 backup?

2017-12-20 Thread cooloutac
Thinking of upgrading to 4.0.
if I want to restore vms from 3.2, possibly compromised, system.  Can I use the 
paranoid restore mode in 4.0,  or would that only work from 4.0 backup.

Tks in advance.

rich.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d30253a-cc66-44b5-b513-ee72cd681b67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] vms fail to return memory after pc idle for a long time.

2017-12-20 Thread cooloutac
On Wednesday, December 20, 2017 at 1:31:25 PM UTC-5, cooloutac wrote:
> On Wednesday, December 20, 2017 at 8:22:08 AM UTC-5, awokd wrote:
> > On Tue, December 19, 2017 7:18 pm, cooloutac wrote:
> > > didn't realize I left my pc on overnight.  Came back to it to see almost
> > > all the vms had yellow triangles.
> > >
> > > Computer doesn't go to sleep or anything, and alL i woke was the monitor
> > > and possibly hdd.   System has 16gb of memory,  was only a couple appvms
> > > and sys-vms and not much open in them.
> > >
> > > should I be worried? lol.
> > 
> > Maybe check your dom0 logs to see if qmemman is reporting any problems?
> > Might have to enable loglvl=all in the hypervisor command line.
> 
> ok tks I'll try.

I might just upgrade to 4 and backup w/e data I have (pictures) .  And see how 
it is.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6710380d-155f-44f1-ab9e-8921c1a8c5a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] vms fail to return memory after pc idle for a long time.

2017-12-20 Thread cooloutac
On Wednesday, December 20, 2017 at 8:22:08 AM UTC-5, awokd wrote:
> On Tue, December 19, 2017 7:18 pm, cooloutac wrote:
> > didn't realize I left my pc on overnight.  Came back to it to see almost
> > all the vms had yellow triangles.
> >
> > Computer doesn't go to sleep or anything, and alL i woke was the monitor
> > and possibly hdd.   System has 16gb of memory,  was only a couple appvms
> > and sys-vms and not much open in them.
> >
> > should I be worried? lol.
> 
> Maybe check your dom0 logs to see if qmemman is reporting any problems?
> Might have to enable loglvl=all in the hypervisor command line.

ok tks I'll try.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef674e94-82bf-466b-9424-9a3469c23302%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes won't install from usb

2017-12-20 Thread Matteo
> Hey, I've tried all sorts of methods to get qubes to install after
> booting from a usb, but it freezes no matter what option I choose. I
> believe it has something to do with my NVIDIA graphics card but I can't
> disable it from my BIOS. Please help!

seems the same issue that you can find here:
https://github.com/QubesOS/qubes-issues/issues/3340

have you tried both uefi and legacy bios?

also take a look here:
https://www.qubes-os.org/doc/nvidia-troubleshooting/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6764613-fbbe-f345-4eaa-a0521eb92a96%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Fresh installation, no network Q4.0-rc3

2017-12-20 Thread 'awokd' via qubes-users
On Wed, December 20, 2017 1:34 pm, X4lldux wrote:
> Hi,
>
>
> I've installed Qubes4 rc3 but it has no network. Dmesg from sys-net had
> this in it:

> [1.626169] igb :00:05.0: Using MSI interrupts. 1 rx queue(s), 1 tx
>  queue(s) [1.626642] xen: --> pirq=18 -> irq=40 (gsi=40)

I've been troubleshooting a similar issue. Try qvm-prefs sys-net. Note the
kernelopts line, then:
qvm-prefs sys-net kernelopts "[original kernelopts] pci=nomsi"

It didn't work for me but might help yours, but not sure what performance
impact there will be. You could also try changing virt_mode to pv if it
still doesn't work.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a88af004b8cc45457c88068ce763ad6.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Fresh installation, no network Q4.0-rc3

2017-12-20 Thread X4lldux
Hi,

I've installed Qubes4 rc3 but it has no network. Dmesg from sys-net had
this in it:

[1.582681] igb: Intel(R) Gigabit Ethernet Network Driver - version
5.4.0-k
[1.582699] igb: Copyright (c) 2007-2014 Intel Corporation.
[1.583211] xen: --> pirq=19 -> irq=36 (gsi=36)
[1.625999] pps pps0: new PPS source ptp0
[1.626028] igb :00:05.0: added PHC on eth0
[1.626042] igb :00:05.0: Intel(R) Gigabit Ethernet Network
Connection
[1.626060] igb :00:05.0: eth0: (PCIe:2.5Gb/s:Width x1)
38:d5:47:c8:36:44
[1.626130] igb :00:05.0: eth0: PBA No: 001300-000
[1.626169] igb :00:05.0: Using MSI interrupts. 1 rx queue(s), 1 tx
queue(s)
[1.626642] xen: --> pirq=18 -> irq=40 (gsi=40)
[1.670206] pps pps1: new PPS source ptp1
[1.670228] igb :00:06.0: added PHC on eth1
[1.670241] igb :00:06.0: Intel(R) Gigabit Ethernet Network
Connection
[1.670294] igb :00:06.0: eth1: (PCIe:2.5Gb/s:Width x1)
38:d5:47:c8:36:43
[1.670377] igb :00:06.0: eth1: PBA No: 001300-000
[1.670391] igb :00:06.0: Using MSI interrupts. 1 rx queue(s), 1 tx
queue(s)
[1.671296] [drm] Found bochs VGA, ID 0xb0c0.
[1.671311] [drm] Framebuffer size 16384 kB @ 0xf100, mmio @
0xf212c000.
[1.674040] [TTM] Zone  kernel: Available graphics memory: 177706 kiB
[1.674058] [TTM] Initializing pool allocator
[1.674075] [TTM] Initializing DMA pool allocator
[2.001344] fbcon: bochsdrmfb (fb0) is primary device
[2.114742] FUJITSU Extended Socket Network Device Driver - version 1.1
- Copyright (c) 2015 FUJITSU LIMITED
[2.139750] Console: switching to colour frame buffer device 128x48
[2.229478] usb 1-1: new full-speed USB device number 2 using uhci_hcd
[2.229918] bochs-drm :00:03.0: fb0: bochsdrmfb frame buffer device
[2.239059] [drm] Initialized bochs-drm 1.0.0 20130925 for :00:03.0
on minor 0
[2.249398] input: PC Speaker as /devices/platform/pcspkr/input/input4
[2.272884] FDC 0 is a S82078B
[2.328660] ppdev: user-space parallel port driver
[2.335301] EDAC MC: Ver: 3.0.0
[2.337936] EDAC sbridge: Seeking for: PCI ID 8086:2fa0
[2.337938] EDAC sbridge:  Ver: 1.1.1
[2.342721] intel_rapl: Found RAPL domain package
[2.342770] intel_rapl: Found RAPL domain dram
[2.342783] intel_rapl: DRAM domain energy unit 15300pj
[2.343823] igb :00:05.0 ens5: renamed from eth0
[2.407765] usb 1-1: New USB device found, idVendor=0627, idProduct=0001
[2.407803] usb 1-1: New USB device strings: Mfr=1, Product=3,
SerialNumber=5
[2.407837] usb 1-1: Product: QEMU USB Tablet
[2.407860] usb 1-1: Manufacturer: QEMU
[2.407879] usb 1-1: SerialNumber: 42
[2.439230] input: QEMU QEMU USB Tablet as
/devices/pci:00/:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input6
[2.439337] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID
v0.01 Mouse [QEMU QEMU USB Tablet] on usb-:00:01.2-1/input0
[2.440585] igb :00:06.0 ens6: renamed from eth1
[2.466065] random: crng init done
[3.325431] input: ImExPS/2 Generic Explorer Mouse as
/devices/platform/i8042/serio1/input/input5
[5.457290] Adding 1048572k swap on /dev/xvdc1.  Priority:-1 extents:1
across:1048572k SSFS
[7.385054] EXT4-fs (xvdb): mounting with "discard" option, but the
device does not support discard
[7.385100] EXT4-fs (xvdb): mounted filesystem with ordered data mode.
Opts: discard
[7.513431] audit_printk_skb: 21 callbacks suppressed
[7.513433] audit: type=1130 audit(1513761540.368:17): pid=1 uid=0
auid=4294967295 ses=4294967295 msg='unit=qubes-mount-dirs comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[7.524341] audit: type=1130 audit(1513761540.379:18): pid=1 uid=0
auid=4294967295 ses=4294967295 msg='unit=dracut-shutdown comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[7.548407] audit: type=1130 audit(1513761540.403:19): pid=1 uid=0
auid=4294967295 ses=4294967295 msg='unit=systemd-tmpfiles-setup
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
[7.555396] audit: type=1130 audit(1513761540.410:20): pid=1 uid=0
auid=4294967295 ses=4294967295 msg='unit=qubes-early-vm-config
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
[7.561587] audit: type=1305 audit(1513761540.416:21): audit_enabled=1
old=1 auid=4294967295 ses=4294967295 res=1
[7.561633] audit: type=1305 audit(1513761540.416:22): audit_pid=456
old=0 auid=4294967295 ses=4294967295 res=1
[7.720622] nf_conntrack version 0.5.0 (3072 buckets, 12288 max)
[7.749614] ip6_tables: (C) 2000-2006 Netfilter Core Team
[8.090420] IPv6: ADDRCONF(NETDEV_UP): ens5: link is not ready
[8.126660] IPv6: ADDRCONF(NETDEV_UP): ens5: link is not ready
[8.137224] IPv6: ADDRCONF(NETDEV_UP): ens6: link is not ready
[8.175197] IPv6: ADDRCONF(NETDEV_UP): ens6: 

Re: [qubes-users] how do i use usb device?

2017-12-20 Thread 'awokd' via qubes-users
On Tue, December 19, 2017 2:56 am, jerry wrote:
> after sudo command (sudo qubesctl state.highstate) to enable and configure
> sys-sub the operation system has stopping working or something like
> that...

Sounds like you are following the first two steps from
https://www.qubes-os.org/doc/usb. If you are using a USB keyboard, you
shouldn't do it that way. See the warning in the very first sentence on
that page.

If you are using a USB keyboard and still want to create a USB qube,
follow the steps "to create a USB qube manually".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c670f1afbdf013ccfe8765ebd9b354ab.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] vms fail to return memory after pc idle for a long time.

2017-12-20 Thread 'awokd' via qubes-users
On Tue, December 19, 2017 7:18 pm, cooloutac wrote:
> didn't realize I left my pc on overnight.  Came back to it to see almost
> all the vms had yellow triangles.
>
> Computer doesn't go to sleep or anything, and alL i woke was the monitor
> and possibly hdd.   System has 16gb of memory,  was only a couple appvms
> and sys-vms and not much open in them.
>
> should I be worried? lol.

Maybe check your dom0 logs to see if qmemman is reporting any problems?
Might have to enable loglvl=all in the hypervisor command line.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/007a2f34e55de4cbd0fb41d088b47c21.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes won't install from usb

2017-12-20 Thread 'awokd' via qubes-users
On Wed, December 20, 2017 6:52 am, Adanfo Ehatlea wrote:
> Hey, I've tried all sorts of methods to get qubes to install after
> booting from a usb, but it freezes no matter what option I choose. I
> believe it has something to do with my NVIDIA graphics card but I can't
> disable it from my BIOS. Please help!

Do you have onboard Intel video you can use instead? If so, you could pull
the Nvidia card out entirely. Otherwise, check out
https://www.qubes-os.org/doc/nvidia-troubleshooting/.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5cc7a72be00c8c4a3120abbac2224b83.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.

2017-12-20 Thread Holger Levsen
On Wed, Dec 20, 2017 at 01:15:23PM +0100, 'Tom Zander' via qubes-users wrote:
> On Wednesday, 20 December 2017 11:59:26 CET Holger Levsen wrote:
> > oh, and if you want to securly erase data, use /dev/random, not
> > /dev/urandom.
> 
> This is not good advice, your /dev/random device creates true randomness, 
> but it only generates a very small amount of data, bytes per minute.

yet, wipe uses it by default. it's slow, but doesnt take *years*, merely
hours. (wipe's default is also to overwrite 4 times…)

and then, haveged can be used to fill the randomness pool. as in apt
install haveged. 


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171220125906.hnae6pleohwhlsay%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Attempting to securely wipe drives, running into issue.

2017-12-20 Thread 'awokd' via qubes-users
On Wed, December 20, 2017 11:04 am, 'Tom Zander' via qubes-users wrote:
> On Tuesday, 19 December 2017 22:09:31 CET David wrote:
>
>> I'm attempting to wield a command from the archlinux wiki and getting
>> access denied, even with sudo in front, and even when on dom0 (against my
>> better judgment). Any thoughts?
>
> A complex series like this is best just to run as root in a shell.
>
>
> First run something like;
> # sudo su
> which should give you a shell that is owned by root. Type  who ami to
> confirm. Then you can copy/paste the line from the archlinux wiki to do
> the work.

This, attach the block device to an appVM and wipe from there instead of
having to mess with pass through commands.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64be021af0925872d90c38cda751d37a.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Qubes in a corporate network behind HTTP proxy

2017-12-20 Thread 'awokd' via qubes-users
On Tue, December 19, 2017 7:03 pm, cooloutac wrote:

> or just do it in sys-net like Uman said, which is suspect anyways.

That tinyproxy option further upthread seemed the most straight-forward
way to accomplish it, if it works!



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c20da028017cf9f53dc62fd30cfec24d.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] 3.2.1 / An updated 3.2 iso?

2017-12-20 Thread 'awokd' via qubes-users
On Wed, December 20, 2017 5:55 am, Andrew David Wong wrote:

> We do still plan to have a 3.2.1 release, but I'm afraid we have no
> estimated release date for it yet. We'll make an announcement as soon as we
> know more.

I have some free time and have done a full 3.2 build before. If I know
what kernel version to target and what build of 3.2 to git I think I could
pull a fully reproducible list of steps and code together. Might need
access to a developer if I hit any code issues. Would that help?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5419d3b819c6d27cb18e5ee88792cfaf.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.

2017-12-20 Thread 'Tom Zander' via qubes-users
On Wednesday, 20 December 2017 11:59:26 CET Holger Levsen wrote:
> oh, and if you want to securly erase data, use /dev/random, not
> /dev/urandom.

This is not good advice, your /dev/random device creates true randomness, 
but it only generates a very small amount of data.
Bytes per minute.

Creating enough to write to a many gigabytes data would take centuries.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/79673397.0iQst3c43i%40strawberry.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Attempting to securely wipe drives, running into issue.

2017-12-20 Thread 'Tom Zander' via qubes-users
On Tuesday, 19 December 2017 22:09:31 CET David wrote:
> I'm attempting to wield a command from the archlinux wiki and getting
> access denied, even with sudo in front, and even when on dom0 (against
> my better judgment). Any thoughts?

A complex series like this is best just to run as root in a shell.

First run something like;
# sudo su 
which should give you a shell that is owned by root. Type  who ami to 
confirm.
Then you can copy/paste the line from the archlinux wiki to do the work.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3256594.W4lDGWArza%40strawberry.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.

2017-12-20 Thread Holger Levsen
On Wed, Dec 20, 2017 at 12:50:38AM +0100, Ángel wrote:
> openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1
> 2>/dev/null | base64)" -nosalt   | pv -bartpes  | sudo dd bs=64K of=/dev/sd"X"

on Debian this is much easier done with 

sudo apt install wipe
sudo wipe /dev/sda

I'm sure Fedora has a similar tool, probably even the same.

https://manpages.debian.org/stretch/wipe/wipe.1.en.html is also worth a
read.

oh, and if you want to securly erase data, use /dev/random, not
/dev/urandom.


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171220105926.eqp3k5dox7zcb6s7%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Qubes GUI for v4

2017-12-20 Thread 'Tom Zander' via qubes-users
On Wednesday, 20 December 2017 08:25:44 CET Matteo wrote:
> but before you code it you should talk to joanna to be sure it will be
> accepted and used.

I sent an email to the dev mailinglist at the same time I sent one here (no 
reply so far) so at minimum she knows about it.

But I have to say that I’m programming this for myself and for people that 
have indicated they want a similar solution.
It would be nice if it were packaged in Qubes, but I’m not depending on it.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12525626.MbyXGMKWBx%40strawberry.
For more options, visit https://groups.google.com/d/optout.