Re: [qubes-users] rc04

2018-01-08 Thread Roy Bernat
On Tuesday, 9 January 2018 09:11:06 UTC+2, Tim W  wrote:
> On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On 01/09/2018 12:07 AM, Roy Bernat wrote:
> > 
> > > What about release rc04? it should be release at 8/1 that  was 
> > > yesterday .
> > 
> > Delayed until the devs have a good workaround for SP1/SP2/Spectre.
> > 
> > /Sven
> > -BEGIN PGP SIGNATURE-
> > 
> > iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U
> > H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1
> > hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5
> > lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau
> > aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA
> > VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv
> > X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs
> > u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F
> > h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv
> > 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU
> > 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS
> > k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY=
> > =59oT
> > -END PGP SIGNATURE-
> 
> Great time to be using a AMD chipset as they are not effected.Wonder if 
> something like this would have been caught years ago if the microcode was 
> open?
> 
> This is a big one in terms of the effects it has when mitigated at the 
> software level.  I wonder what the performance hit will be from application 
> of whatever patch route Qubes takes?  Projections of 5-30% hit.
> 
> As I said Great day for AMD stock LOL

Dont dance on dead bodies ,

:) 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01ff8061-3353-4f4a-b904-9bd4d167010c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Dell Latitude E6500

2018-01-08 Thread Robert Dunham
I was unable to get the built-in WiFi Dell DW1397 (Broadcom BCM94312HMG)
adapter working. The neither the official broadcom driver nor the
open-source variant would install correctly. I swapped it for an Intel card
that worked out of the box.

I'm unable to create HVM domains despite having virtualization enabled in
BIOS. I receive the following error:

libvirt.libvirtError: invalid argument: could not find capabilities for
arch=x86_64

Sleep works, but the keyboard does not work after waking. The touchpad is
not affected.

Session saving does not work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGstojyxpmyj--D_4%3DQrfBp0qGcbBJo4aF_Ecjn1zG0ihYeydQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Latitude_E6500__-20180109-020259.cpio.gz
Description: GNU Zip compressed data


Qubes-HCL-Dell_Inc_-Latitude_E6500__-20180109-020259.yml
Description: application/yaml


Re: [qubes-users] rc04

2018-01-08 Thread Tim W
On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 01/09/2018 12:07 AM, Roy Bernat wrote:
> 
> > What about release rc04? it should be release at 8/1 that  was 
> > yesterday .
> 
> Delayed until the devs have a good workaround for SP1/SP2/Spectre.
> 
> /Sven
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U
> H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1
> hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5
> lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau
> aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA
> VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv
> X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs
> u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F
> h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv
> 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU
> 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS
> k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY=
> =59oT
> -END PGP SIGNATURE-

Great time to be using a AMD chipset as they are not effected.Wonder if 
something like this would have been caught years ago if the microcode was open?

This is a big one in terms of the effects it has when mitigated at the software 
level.  I wonder what the performance hit will be from application of whatever 
patch route Qubes takes?  Projections of 5-30% hit.

As I said Great day for AMD stock LOL

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cbbf5444-be4a-4f76-b313-8218b6bd765b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] rc04

2018-01-08 Thread Sven Semmler
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/09/2018 12:07 AM, Roy Bernat wrote:

> What about release rc04? it should be release at 8/1 that  was 
> yesterday .

Delayed until the devs have a good workaround for SP1/SP2/Spectre.

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U
H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1
hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5
lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau
aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA
VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv
X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs
u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F
h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv
2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU
54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS
k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY=
=59oT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2499c72a-30da-d969-4fe1-d6c00e08404f%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] rc04

2018-01-08 Thread Roy Bernat
Hi 

What about release rc04? it should be release at 8/1 that  was yesterday .  

Roy 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89632274-71e2-4877-9a96-b225bfa4943e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] i'm playing with settings manager, want to know is there a way to reset settings to default state?

2018-01-08 Thread russlyatoslav
In Dom0 in the setting under Preferred Application, I made few changes for Web 
Browser and Mail Reader and now I don't remember what was the default selection 
for them and if none, how to set it to none, because I've tried and cannot 
set to none... 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08472bb9-2fac-4b4b-a1a8-70c07d899fee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] GPG-Split + KDEWallet in Whonix

2018-01-08 Thread dangmadzyu
Is it possible to force KDEWallet (Whonix) to use GPG Split?


KDEWallet stores system passwords in a GPG protected file. Needs pre-generated 
private keys.




Attempting to save my password for my cloud storage WebDav in Dolphin, but 
would like my password stored as securely as possible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c282c2a-3599-4ad1-8c36-680f53aaa165%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow

2018-01-08 Thread Fabrizio Romano Genovese
Well, I disabled intel speedstep in the bios and things seem to be better. 
Startup time now is around 1.20 mins (still better than 3mins), both in plugged 
and unplugged state (booting in plugged state was around 45 secs before tho). 
I'll use my PC for a bit more, trying another couple of reboots and then I'll 
confirm if and how this helped.

Cheers,
Fab

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17c482cf-9274-4b62-aa94-9a0868465425%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Graphic Tablet Compatibility (basic features)

2018-01-08 Thread Fabrizio Romano Genovese
Hello all,

I'd like to use a wacom bamboo graphic tablet as an alternative pointing 
device, mainly to draw on virtual whiteboards to do maths in conference calls. 
At the moment, this is not possible: Connecting the graphic tablet and passing 
it to the relevant VM produces no effect whatsoever. The tablet is listed among 
the usb devices but, if for instance one is using the standard fedora template, 
nothing is shown clicking on the "wacom tablet" application that can be found 
in /urs/share/applications, nor is it possible to use it to draw stuff.

This looks like an old issue:
https://github.com/QubesOS/qubes-issues/issues/2715

I'd be interested in using only the basic tablet features (essentially moving 
the mouse and clicking around using the tablet would be enough). In the issue 
linked above it is said that 

"this in theory should be easy (a matter adding proper metadata - min/max - to 
the protocol handshake, and filtering events based on this info)"

I'd like to help with this, but I am no coder. I just know a bit of bash 
scripting and trying to check the code in 

https://github.com/QubesOS/qubes-app-linux-input-proxy/blob/master/src/protocol.h#L17-L28

didn't really help. I understand that developers are quite busy with much more 
hardcore problems to solve, but if someone could at least point me to the right 
research direction I could try to investigate this by myself.

Cheers,
Fab

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5aeb07c-25ad-4d71-913d-369f08980fef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread Franz
On Mon, Jan 8, 2018 at 7:41 PM, Vít Šesták <
groups-no-private-mail--contact-me-at--contact.v6ak@v6ak.com> wrote:

> > You could use POWER-KVM and have an assortment of VM's with shared
> > folders, you can replicate all the other stuff via various methods and
> > have a better security level it simply wouldn't look as slick.
>
> Not sure about that. Qubes is not just set of tools. It is also a set of
> careful choices of configuration (e.g., strictly using HVMs with stubdoms).
> I might be wrong, but I don't think you can get a comparable level of
> security easily. You would have to take similar choices and maybe even to
> make a new decisions that affect security.
>
> > Qubes isn't virtualization, it is simply a collection of tools that can
> > theoretically be compiled for POWER although currently the qubes VMM is
> > xen which isn't yet available for POWER (the xen devs are ignoring
> > requests to assist with porting efforts).
>
> It is not just the collection of tools.
>
> You are right that QubesOS can be probably ported to KVM. Even if this is
> a solution (not 100% convinced), it is not there yet. At best, TALOS 2
> might be some solution for future, not something you can buy and use just
> now (for those purposes).
>
> > If T2 is successful (ie: enough people buy it) there are plans for a
> > POWER laptop.
>
> Cool.
>
> But at the moment, it does not make me sense to buy a workstation I don't
> need and hope that some time later, they will release a laptop and someone
> else will port QubesOS for it. I could somewhat support efforts of porting
> QubesOS to POWER9, it makes me more sense.
>
> > > * It is quite expensive for needs of most people.
> > It fills the very high performance sector that previously had no libre
> > hardware, it isn't meant for those like you and me who would be
> > satisfied with the performance of one of the various libre firmware
> > available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...
>
> You are right. It is rather a good special-purpose workstation.
>
> > No one ever found money or success trying to sell to the average yokel.
>
> I could argue that selling to average yokel for low price can bring both
> success and money, because there are plenty of yokels.
>
> I understand this is not for masses in the same scale as Windows. This is
> not necessary for success. But I am also afraid this is not suitable even
> for 1 % of Qubes user base. (Maybe it will be successful elsewhere, but it
> does not matter much in this discussion.)
>
> > That option simply removes the PCI device and the Option ROM menu, it
> > doesn't disable PSP - like ME it is integral to the x86-64 boot process
> > so it simply can't be disabled.
>
> OK, good to know.
>
> > > But it is still matter of trust. Not having PSP/IME does not mean
> there cannot be any backdoor.
> > On an owner controlled system that has libre hardware, firmware and
> > software it is incredibly difficult to add a backdoor function, one
> > truly could trust their computer in that case.
>
> Not 100%. First, you cannot be 100% sure your CPU matches the design.
> Second, some backdoors can look like a regular vulnerability. Those are
> even worse. Good backdoor can be abused by few people, maybe it requires
> digital signature. That's not good, but regular (pseudo-)vulnerabilities
> are even worse, because they can be abused by much broader set of people.
>
> But I agree that having open CPU design can be a good start.
>
>
Very interesting, it may happen that in a couple of years Qubes will be
ported to it and I'll have to change my passwords.  So it may be better to
wait before buying a new laptop.
best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCDO%2BF-BVN12ABFLWiYy4BaDAGO9HqRSAQnnLJiEskjAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread Vít Šesták
> You could use POWER-KVM and have an assortment of VM's with shared 
> folders, you can replicate all the other stuff via various methods and 
> have a better security level it simply wouldn't look as slick.

Not sure about that. Qubes is not just set of tools. It is also a set of 
careful choices of configuration (e.g., strictly using HVMs with stubdoms). I 
might be wrong, but I don't think you can get a comparable level of security 
easily. You would have to take similar choices and maybe even to make a new 
decisions that affect security.

> Qubes isn't virtualization, it is simply a collection of tools that can 
> theoretically be compiled for POWER although currently the qubes VMM is 
> xen which isn't yet available for POWER (the xen devs are ignoring 
> requests to assist with porting efforts).

It is not just the collection of tools.

You are right that QubesOS can be probably ported to KVM. Even if this is a 
solution (not 100% convinced), it is not there yet. At best, TALOS 2 might be 
some solution for future, not something you can buy and use just now (for those 
purposes).

> If T2 is successful (ie: enough people buy it) there are plans for a 
> POWER laptop.

Cool.

But at the moment, it does not make me sense to buy a workstation I don't need 
and hope that some time later, they will release a laptop and someone else will 
port QubesOS for it. I could somewhat support efforts of porting QubesOS to 
POWER9, it makes me more sense.

> > * It is quite expensive for needs of most people.
> It fills the very high performance sector that previously had no libre 
> hardware, it isn't meant for those like you and me who would be 
> satisfied with the performance of one of the various libre firmware 
> available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...

You are right. It is rather a good special-purpose workstation.

> No one ever found money or success trying to sell to the average yokel.

I could argue that selling to average yokel for low price can bring both 
success and money, because there are plenty of yokels.

I understand this is not for masses in the same scale as Windows. This is not 
necessary for success. But I am also afraid this is not suitable even for 1 % 
of Qubes user base. (Maybe it will be successful elsewhere, but it does not 
matter much in this discussion.)

> That option simply removes the PCI device and the Option ROM menu, it 
> doesn't disable PSP - like ME it is integral to the x86-64 boot process 
> so it simply can't be disabled.

OK, good to know.

> > But it is still matter of trust. Not having PSP/IME does not mean there 
> > cannot be any backdoor.
> On an owner controlled system that has libre hardware, firmware and 
> software it is incredibly difficult to add a backdoor function, one 
> truly could trust their computer in that case.

Not 100%. First, you cannot be 100% sure your CPU matches the design. Second, 
some backdoors can look like a regular vulnerability. Those are even worse. 
Good backdoor can be abused by few people, maybe it requires digital signature. 
That's not good, but regular (pseudo-)vulnerabilities are even worse, because 
they can be abused by much broader set of people.

But I agree that having open CPU design can be a good start.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89dc0d5d-6997-4aa5-a107-fe447c15ac02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Q4.0 rc3 (current testing) - power off/ suspend issues.

2018-01-08 Thread cooloutac
On Saturday, January 6, 2018 at 2:45:59 PM UTC-5, Ralph Douglass wrote:
> I’ve seen the same thing.  Perhaps nothing during shutdown is calling 
> qvm-shutdown on the qubes. 
> 
> 
> 
> On Sat, Jan 6, 2018 at 1:41 PM 'Tom Zander' via qubes-users 
>  wrote:
> On Saturday, 6 January 2018 10:56:13 GMT haaber wrote:
> 
> > 2) Reboots hang systematically at "Reached target shutdown" and has to
> 
> > be rebooted via a coldboot.
> 
> 
> 
> I've been seeing this too, although sometimes it goes on after half a minute
> 
> only to hang at some other point (after loads of messages).
> 
> 
> 
> I noticed that if I manually shut down all qubes, INCLUDING, sys-net, before
> 
> logging out then this problem is avoided.
> 
> 
> 
> Next time you reboot, can you try that and let us know if this isn't just
> 
> me?
> 
> That may help with debugging.
> 
> 
> 
> Cheers!
> 
> --
> 
> Tom Zander
> 
> Blog: https://zander.github.io
> 
> Vlog: https://vimeo.com/channels/tomscryptochannel
> 
> 
> 
> 
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/1691880.VtDucUss21%40mail.
> 
> For more options, visit https://groups.google.com/d/optout.

yes Like tom I just shut down all the vms I manually created, before shutting 
down system. There is a script made by members of the community somewhere 
on the forums to shut them all down with one command.  I never have that many 
vms open so I don't bother.

Although I wonder if its any diff shutting down vms in 4.0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0dd5bd8-38c7-4681-900d-ff39604f85ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade

2018-01-08 Thread Yuraeitha
On Sunday, January 7, 2018 at 1:15:29 AM UTC+1, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear Qubes Community,
> 
> Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely
> apologize for our failure to provide timely notice of this event. It
> is strongly recommend that all Qubes users upgrade their Fedora 25
> TemplateVMs and StandaloneVMs to Fedora 26 immediately. We provide
> step-by-step [upgrade instructions] for upgrading your existing
> TemplateVMs and StandaloneVMs in-place on both Qubes 3.2 and Qubes
> 4.0. For a complete list of TemplateVM versions supported for your
> specific version of Qubes, see [Supported TemplateVM Versions].
> 
> We also provide fresh Fedora 26 TemplateVM packages through the
> official Qubes repositories, which you can get with the following
> commands (in dom0).
> 
> Standard Fedora 26 TemplateVM:
> 
> $ sudo qubes-dom0-update qubes-template-fedora-26
> 
> [Minimal] Fedora 26 TemplateVM:
> 
> $ sudo qubes-dom0-update qubes-template-fedora-26-minimal
> 
> After upgrading to a Fedora 26 TemplateVM, please remember to set all
> qubes that were using the old template to use the new one. The
> instructions to do this can be found in the [upgrade instructions]
> for your specific version.
> 
> Please note that no user action is required regarding the OS version
> in dom0. If you're using Qubes 3.2 or 4.0, there is no dom0 OS
> upgrade available, since none is currently required. For details,
> please see our [Note on dom0 and EOL].
> 
> If you're using an older version of Qubes than 3.2, we strongly
> recommend that you upgrade to 3.2, as older versions are no longer
> supported.
> 
> 
> [end-of-life]: 
> https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule
> [upgrade instructions]: /doc/template/fedora/upgrade-25-to-26/
> [Supported TemplateVM Versions]: /doc/supported-versions/#templatevms
> [Minimal]: /doc/templates/fedora-minimal/
> [Note on dom0 and EOL]: /doc/supported-versions/#note-on-dom0-and-eol
> 
> This announcement is also available on the Qubes website:
> https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpRZpEACgkQ203TvDlQ
> MDA30xAAhvx58l16DPzWdjTkCDAu8X/oIJVsidabezigI3x8BFcMWuNvGpfO9wD0
> 4oJVhXvLIrqPvWK6HBz5o8zld8rZd8r+OVB7Aivh34WIdVdxZZY9vwCvbWZifdbU
> jGpAMX+ivfXTB1DM4y3hZ/gq+7kScYzIPw9TRC8CykkCySqwwWJEEMCXvqGJvYxC
> HspnoiCo+LP63ta438yTHPFgk6chnlKlU2rK5KsdUE69tZl3s6t1NoZaxMHUCuMz
> sxmT081xqCh4+DCPZ6WzPKiKNEc8AMVD/5Axdt5mBn2rZqGYntEX0UWh7pak3Dk5
> MZBBdevbOFj0mlQ8/wStkBjNaRSOLT//PyPCeKKNf/wvOYDPI3PfUjxYM0LaKzl9
> X6go9tlbc7e43e9lbtArmvYGY7hXsAi721dvKnpng1vuDUZjKPWOFtSVS+MX/zIl
> yGmYDEK/UhFYRfaaKXP2vf5YRpRPGyl/MkTN/4akEttgnXxJ/ztR8WB3+PY73R4G
> AeT4zhbLSTptIneDH9wsRujBt1l1As/9ApVxt8e0nOtyou4LdVhDlkaO6Qt2FCAs
> Iprz5CYWBFD7qR9qmtDHSR99rldK0uau9Ihzabe5WK+9wtMNp3+6qaIemBUS9293
> m/Wf9H63xfjrdFMsjIiduZHFBw0Q4IQeKOlT7072QFJBvr2WmD4=
> =/ZvF
> -END PGP SIGNATURE-

I'll third that notion from above, definitely highly valuing the amazing work 
put into Qubes by everyone working on it, especially the core staff. I also 
appreciate good communication to the mass-users, therefore this post to me is 
also highly valued and appreciated. Although I feel a little double regarding 
the apology, because I'm both inclined to say it's not needed at all, but also 
at the same time happy about receiving it. Since being open, honest and 
transparent, with good communication, goes a long way, and it makes Qubes more 
likable. 

Qubes is definitely high up on my list of projects that are shaping a better 
tomorrow for all of humanity. Open, transparent, secure and decentralized 
technology is incredible important in order to maintain democracy and avoid new 
dictators grasping for power through highly decentralized nontransparent and 
closed insecure software. Some people apparently believe we will never see 
another Hitler or Stalin, and that democracy is something that cannot crack or 
falter in modern times. However power enabled by centralized and abusive 
technology certainly challenges that naive belief by returning more and more 
power back to the individual leaders as centralized innovation goes on year by 
year. For that, I believe Qubes is really important piece of puzzle to a better 
tomorrow, on the grand scheme of things into the future. 

I'm looking forward to see how Qubes will help shape our world tomorrow!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread taii...@gmx.com

On 01/08/2018 01:36 PM, Vít Šesták wrote:


Or you could just buy POWER 9/TALOS 2, have a libre high performance
system right now and stop waiting for what will never happen (and would
be immediately fixed if it did)

Talos 2 looks nice in theory, but:

* Qubes OS does not support this architecture. So you are going to have 
something  more resistant to backdoors, but it is also less resistant to 
classical exploits. If your typical threat is not like NSA, you probably lose 
security. And even if it is, it is at least not clear win, as NSA could use 
those classical exploits anyway.
You could use POWER-KVM and have an assortment of VM's with shared 
folders, you can replicate all the other stuff via various methods and 
have a better security level it simply wouldn't look as slick.


Qubes isn't virtualization, it is simply a collection of tools that can 
theoretically be compiled for POWER although currently the qubes VMM is 
xen which isn't yet available for POWER (the xen devs are ignoring 
requests to assist with porting efforts).

* Not an option for those who want a laptop.
If T2 is successful (ie: enough people buy it) there are plans for a 
POWER laptop.

* It is quite expensive for needs of most people.
It fills the very high performance sector that previously had no libre 
hardware, it isn't meant for those like you and me who would be 
satisfied with the performance of one of the various libre firmware 
available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...


The target market segment is someone who already spends just as much on 
an equivilant performance x86-64 system every few years but who needs 
and desires better security (ie: they previously have bought one or more 
of intel's high end CPU's that cost thousands on their own).

That's not to say Talos 2 has no merit. It might have some niche, but it is far 
far from a solution for masses.
It isn't intended for the masses, although if it is successful there 
will eventually be lower cost versions intended and priced for the 
average linux power-user - already costs have came down drastically 
since T1.


No one ever found money or success trying to sell to the average yokel.

If you buy new Intel/AMD CPU's you are supporting future anti-feature
development.

Maybe this is not that bad for AMD: 
https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option
That option simply removes the PCI device and the Option ROM menu, it 
doesn't disable PSP - like ME it is integral to the x86-64 boot process 
so it simply can't be disabled.


Yet another journalist that doesn't check the facts before publishing.

But it is still matter of trust. Not having PSP/IME does not mean there cannot 
be any backdoor.
On an owner controlled system that has libre hardware, firmware and 
software it is incredibly difficult to add a backdoor function, one 
truly could trust their computer in that case.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/239b4913-a4d6-ae6a-cb6c-6b38fd420bad%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
On Monday, January 8, 2018 at 1:38:07 PM UTC-5, Wael Nasreddine wrote:
> On Sun, Jan 7, 2018 at 11:23 AM tai...@gmx.com  wrote:
> 
> On 01/07/2018 12:14 PM, Wael M. Nasreddine wrote:
> 
> 
> 
> > On Sat, Jan 6, 2018 at 1:57 PM tai...@gmx.com  wrote:
> 
> > I did build PCs before, but that was literarly a life time ago (early
> 
> > 2000's), and since then, I've been with laptops. I was aware of PCI-e
> 
> > compatibility, but I did not know to what degree the difference in speed
> 
> > might affect the GPU. Would a GTX 1080 work for instance?
> 
> There is no real difference between 3.0 and 2.0 even with 4K, Crossfire
> 
> and the latest cards so having v2.0 is fine.
> 
> As I have stated before nvidia is a bad company and you shouldn't buy
> 
> from them, they do not support owner-control, actively hinder linux
> 
> driver development and VM gaming.
> 
> 
> 
> Good to know, thanks Taiidan. In that case, it's good that I got myself an 
> AMD Radeon HD 6950 
> (https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766),
>  I'll use this one as primary, and I'll wait till the price of the Vega comes 
> down, I have my eye on RX Vega 64.
> 
> 
> 
> 
> Don't forget your board standoffs, and don't confuse the PCI-e power
> 
> cables with EPS12V.
> 
> Since it has been a long time you should brush up and watch some vids
> 
> from reputable places, you gotta be careful considering how much $$$ you
> 
> have spent :]
> 
> 
> 
>  Will do.
> 
> >> Hey when you get this let me know if you need any help setting up VM
> 
> >> gaming it is very difficult but very rewarding.
> 
> >> One gotcha I have noticed is NUMA alignment, each 16 core CPU contains
> 
> >> two NUMA nodes and performance will suffer greatly if things are not
> 
> >> properly aligned (gets tricker in VM's too)
> 
>  
> Are you talking about alignment of RAM? The KGPE-D16 specifies the RAM order 
> in the manual 
> (http://dlcdnet.asus.com/pub/ASUS/mb/SocketG34(1944)/KGPE-D16/Menual_QVL/E8847_KGPE-D16.pdf
>  page 2-17).
> 
>  
> >>
> 
> >>
> 
> >> I will definitely do that.
> 
> I eagerly await your gaming benchmarks, there are several triple A games
> 
> out there that support 16 cores and you must try them.
> 
> >> TPM:
> 
> >> I am not sure about TPM's I would call ASUS and ask for a board
> 
> >> compatible part number.
> 
> >>
> 
> >> I might have to return the one I got then, it's a Gigabyte TPM module.
> 
> Like I said call and ask asus what model number you need for the board.
> 
> 
> 
> Ideally you could simply use whatever same-generation of TPM (board is
> 
> v1.2 not v2.0) as it uses a simple LPC bus for communication but you
> 
> might as well buy whatever asus tells you to so to avoid trouble.
> 
> Coreboot devs tested with asus's infineon brand TPM.
> 
> I assume you have bought a TPM 2.0, if so that definitely won't work.
> 
> 
> 
> I'm aware that Linux does not support TPM 2.0 so I did order a TPM v1.2. I'll 
> give ASUS a call to confirm it works.
>  
> 
> >> Newegg Links:
> 
> >> I can't view newegg links, you would have to find a OEM link to show me.
> 
> >> I would get a 1KW PSU from a reputable company, like I said dual EPS12V,
> 
> >> modular and japanese capacitors is what you want.
> 
> >>
> 
> >>
> 
> > I got this one, https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1
> 
> I usually don't recommend evga as I don't like companies who sell both
> 
> good and bad products (their lower end stuff is crappy) but that seems
> 
> fine, good reviews japanese caps and a nice 10 year warranty.
> >> Case Price - no more than $200 unless it includes nice front HDD hot
> 
> >> swap bays - Don't use the PSU that comes with the case.
> 
> >>
> 
> >> Unfortunately, it ended up closer to 400. I got this one
> 
> > http://www.norcotek.com/product/rpc-4220/ it was difficult finding EEB
> 
> > cases. Depending on the noise it makes, there's a braket that I can switch
> 
> > in it to change the 4 80mm fans with 3 120mm fans. In anycase, I wanted a
> 
> > case that has wide support for boards (CEB, EEB, ATX and mini ATX) so later
> 
> > on I can update the components and not have to reinvenst in the case.
> 
> Nice case, pricey but with an HBA or RAID card you can install all the
> 
> drives you'll ever want.
> 
> It has good reviews that mention the high quality, good choice!
> 
> 
> 
> Thanks. 
> 
> >> I would also get front drive bay HDD enclosures that have a fan
> 
> >> otherwise your drives will get hot inside the case and be a pain to
> 
> >> service.
> 
> >>
> 
> > this one does not have a fan, I'll add a braket if I see a need, but I
> 
> > think it'll be alright with the 6 fans it has.
> 
> Yeah you sure will, since the bays came with the case you won't need
> 
> additional cooling as they have already taken care of that (with the
> 
> assorted case fans)
> 
> 
> 
> Send me links, titles, prices and used/new status for the rest of the
> 
> stuff you 

Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
On Monday, January 8, 2018 at 1:55:05 PM UTC-5, awokd wrote:
> On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote:
> 
> > I would have advised purchasing a lower power single slot fanless model
> > for your primary video - as that is dual slot you will be wasting one of
> > your PCI-e slots. You can still use that 760 and it would work fine, I
> > just wouldn't buy any more nvidia cards.
> 
> I tried a single slot fanless and under 3.2 at least it made everything
> very slow, even booting up VMs for some reason. Might have just been my
> bad luck, but I think it's good to have some speed for primary video.
qubes doesn't really use much of the video card.  It could make the desktop 
smoother though if using alot of effects.

I mean if we really cared about security,  I guess we wouldn't use a gui. 
Especially if we want to type in commands in a terminal anyways. I guess it 
depends on your "security model"  lmao...

@Tai,  being an fsf guy  I use to love the gnome-flashback desktop they used 
with the deblobbed fsf kernel.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f7fda2a-79d6-4d14-86f1-a4391961fbb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-08 Thread Yuraeitha
On Monday, January 8, 2018 at 7:36:05 PM UTC+1, tai...@gmx.com wrote:
> Is there any news on a fix or work-around coming for 3.2?
> 
> Converting all the templates to HVM is doable and would greatly improve 
> security, in light of the severity of these exploits I see no reason not 
> to do it despite it not being in the original requirements.
> 
> I would appreciate advice on how to perform this.

In terms of economics of development time and cost, I wonder where the trade 
off will lay between bringing 3.2. up to speed in security against these 
threats, versus migrating all users to Qubes 4 (hopefully RC-4 will be stable 
enough to be final version).

Questions boggle my mind though, when would Qubes 4 overall be considered just 
as safe (and thereon safer) than Qubes 3.2? I'm sure at some points Qubes 4 is 
already more secure, but as we all know it's not fully finished and polished 
yet.

Does it have a low development cost to implement HVM in Qubes 3.2? or would it 
be more feasible to recommend everyone to migrate to qubes 4 as fast as 
possible? 

Thinking about it, at the very least for the spectre attack from the little 
understanding I have, it seems like it's difficult and resourceful to pull off. 
Maybe most people would be fine on Qubes 3.2. for a while yet, while high 
profile targets may want to move to Qubes 4 sooner rather than later?

I definitely don't have any full pictures here, I'm merely poking to questions 
or different perspectives and see what comes out of it. To me a solution seems 
like high profile targets could move to Qubes 4 soon, while the low profile 
targets (at least when it comes to spectre) can feel somewhat safe for a while 
yet? Or is that a failed logic?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dd1baabb-ee8e-4fbd-bca7-0a1942d77af4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
On Monday, January 8, 2018 at 1:55:05 PM UTC-5, awokd wrote:
> On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote:
> 
> > I would have advised purchasing a lower power single slot fanless model
> > for your primary video - as that is dual slot you will be wasting one of
> > your PCI-e slots. You can still use that 760 and it would work fine, I
> > just wouldn't buy any more nvidia cards.
> 
> I tried a single slot fanless and under 3.2 at least it made everything
> very slow, even booting up VMs for some reason. Might have just been my
> bad luck, but I think it's good to have some speed for primary video.

qubes doesn't really use much of the video card.  It could make the desktop 
smoother though if using alot of effects.

I mean if we really cared about security,  I guess we wouldn't use a gui.  I 
guess it depends on your "security model"  lmao...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5464aba-fecf-40af-aeee-c45c86416259%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread 'awokd' via qubes-users
On Mon, January 8, 2018 6:44 pm, taii...@gmx.com wrote:

> I would have advised purchasing a lower power single slot fanless model
> for your primary video - as that is dual slot you will be wasting one of
> your PCI-e slots. You can still use that 760 and it would work fine, I
> just wouldn't buy any more nvidia cards.

I tried a single slot fanless and under 3.2 at least it made everything
very slow, even booting up VMs for some reason. Might have just been my
bad luck, but I think it's good to have some speed for primary video.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc7f1ac387c59c74c44e2a1c5db44328.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread taii...@gmx.com

On 01/08/2018 01:37 PM, Wael M. Nasreddine wrote:


On Sun, Jan 7, 2018 at 11:23 AM taii...@gmx.com  wrote:


On 01/07/2018 12:14 PM, Wael M. Nasreddine wrote:


On Sat, Jan 6, 2018 at 1:57 PM taii...@gmx.com  wrote:
I did build PCs before, but that was literarly a life time ago (early
2000's), and since then, I've been with laptops. I was aware of PCI-e
compatibility, but I did not know to what degree the difference in speed
might affect the GPU. Would a GTX 1080 work for instance?

There is no real difference between 3.0 and 2.0 even with 4K, Crossfire
and the latest cards so having v2.0 is fine.
As I have stated before nvidia is a bad company and you shouldn't buy
from them, they do not support owner-control, actively hinder linux
driver development and VM gaming.


Good to know, thanks Taiidan. In that case, it's good that I got myself an
AMD Radeon HD 6950 (
https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766),
I'll use this one as primary, and I'll wait till the price of the Vega
comes down, I have my eye on RX Vega 64.
I would have advised purchasing a lower power single slot fanless model 
for your primary video - as that is dual slot you will be wasting one of 
your PCI-e slots.
You can still use that 760 and it would work fine, I just wouldn't buy 
any more nvidia cards.

Are you talking about alignment of RAM?
No. NUMA is software - look up NUMA alignment. This is generally 
automatic if you run numad in your OS - you only have to configure it if 
you are running for instance a gaming VM with libvirt.


Sure, here's the same list with direct OEM links, BTW you can just use curl
to get the 302 location of the links without having to use the browser for
them :)

- Case: http://www.norcotek.com/product/rpc-4220/ new
- PSU: https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1 new
- Motherboard: KGPE-D16 new (opened box though) $270

Open box is definitely worth it for that great price.

- CPU: 2x
https://www.ebay.com/itm/2x-AMD-Opteron-6386-OS6386YETGGHK-16-Core-2-8GHz-Socket-G34-CPU-TQ1488/122885384670
$200 used
- CPU Cooling: 2x https://www.ebay.com/itm/Noctua-NH-U12DO-A3/332385518775
new
- RAM:
https://www.ebay.com/itm/32GB-4X8GB-DDR3-1600MHz-ECC-REG-MEMORY-FOR-ASRock-EP2C602-4L-D16-SSI-EEB-Server/162349088753
$200 for 64Gb
- TPM: Gigabyte GC-TPM (can't find OEM link, but I have a feeling that I'll
be replacing it anyway).
- GPU:
https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766
refurbished $70



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed274b7c-07d5-8bfc-fee2-87b4346d2de5%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread Wael M. Nasreddine
On Sun, Jan 7, 2018 at 11:23 AM taii...@gmx.com  wrote:

> On 01/07/2018 12:14 PM, Wael M. Nasreddine wrote:
>
> > On Sat, Jan 6, 2018 at 1:57 PM taii...@gmx.com  wrote:
> > I did build PCs before, but that was literarly a life time ago (early
> > 2000's), and since then, I've been with laptops. I was aware of PCI-e
> > compatibility, but I did not know to what degree the difference in speed
> > might affect the GPU. Would a GTX 1080 work for instance?
> There is no real difference between 3.0 and 2.0 even with 4K, Crossfire
> and the latest cards so having v2.0 is fine.
> As I have stated before nvidia is a bad company and you shouldn't buy
> from them, they do not support owner-control, actively hinder linux
> driver development and VM gaming.
>

Good to know, thanks Taiidan. In that case, it's good that I got myself an
AMD Radeon HD 6950 (
https://www.ebay.com/itm/AMD-Radeon-HD-6950-2GB-GDDR5-PCIe-Video-Graphics-Card-Dell-PN-1643M/272894243766),
I'll use this one as primary, and I'll wait till the price of the Vega
comes down, I have my eye on RX Vega 64.


> Don't forget your board standoffs, and don't confuse the PCI-e power
> cables with EPS12V.
> Since it has been a long time you should brush up and watch some vids
> from reputable places, you gotta be careful considering how much $$$ you
> have spent :]
>

 Will do.

> >> Hey when you get this let me know if you need any help setting up VM
> >> gaming it is very difficult but very rewarding.
> >> One gotcha I have noticed is NUMA alignment, each 16 core CPU contains
> >> two NUMA nodes and performance will suffer greatly if things are not
> >> properly aligned (gets tricker in VM's too)
>

Are you talking about alignment of RAM? The KGPE-D16 specifies the RAM
order in the manual (
http://dlcdnet.asus.com/pub/ASUS/mb/SocketG34(1944)/KGPE-D16/Menual_QVL/E8847_KGPE-D16.pdf
page 2-17).


> >>
> >>
> >> I will definitely do that.
> I eagerly await your gaming benchmarks, there are several triple A games
> out there that support 16 cores and you must try them.
> >> TPM:
> >> I am not sure about TPM's I would call ASUS and ask for a board
> >> compatible part number.
> >>
> >> I might have to return the one I got then, it's a Gigabyte TPM module.
> Like I said call and ask asus what model number you need for the board.
>
> Ideally you could simply use whatever same-generation of TPM (board is
> v1.2 not v2.0) as it uses a simple LPC bus for communication but you
> might as well buy whatever asus tells you to so to avoid trouble.
> Coreboot devs tested with asus's infineon brand TPM.
> I assume you have bought a TPM 2.0, if so that definitely won't work.
>

I'm aware that Linux does not support TPM 2.0 so I did order a TPM v1.2.
I'll give ASUS a call to confirm it works.

>> Newegg Links:
> >> I can't view newegg links, you would have to find a OEM link to show me.
> >> I would get a 1KW PSU from a reputable company, like I said dual EPS12V,
> >> modular and japanese capacitors is what you want.
> >>
> >>
> > I got this one,
> https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1
> I usually don't recommend evga as I don't like companies who sell both
> good and bad products (their lower end stuff is crappy) but that seems
> fine, good reviews japanese caps and a nice 10 year warranty.

>> Case Price - no more than $200 unless it includes nice front HDD hot
> >> swap bays - Don't use the PSU that comes with the case.
> >>
> >> Unfortunately, it ended up closer to 400. I got this one
> > http://www.norcotek.com/product/rpc-4220/ it was difficult finding EEB
> > cases. Depending on the noise it makes, there's a braket that I can
> switch
> > in it to change the 4 80mm fans with 3 120mm fans. In anycase, I wanted a
> > case that has wide support for boards (CEB, EEB, ATX and mini ATX) so
> later
> > on I can update the components and not have to reinvenst in the case.
> Nice case, pricey but with an HBA or RAID card you can install all the
> drives you'll ever want.
> It has good reviews that mention the high quality, good choice!
>

Thanks.

> >> I would also get front drive bay HDD enclosures that have a fan
> >> otherwise your drives will get hot inside the case and be a pain to
> >> service.
> >>
> > this one does not have a fan, I'll add a braket if I see a need, but I
> > think it'll be alright with the 6 fans it has.
> Yeah you sure will, since the bays came with the case you won't need
> additional cooling as they have already taken care of that (with the
> assorted case fans)
>
> Send me links, titles, prices and used/new status for the rest of the
> stuff you got and I can look it over.
>

Sure, here's the same list with direct OEM links, BTW you can just use curl
to get the 302 location of the links without having to use the browser for
them :)

- Case: http://www.norcotek.com/product/rpc-4220/ new
- PSU: https://www.evga.com/products/product.aspx?pn=220-G3-1000-X1 new
- Motherboard: KGPE-D16 new (opened 

Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread Vít Šesták
> Or you could just buy POWER 9/TALOS 2, have a libre high performance 
> system right now and stop waiting for what will never happen (and would 
> be immediately fixed if it did)

Talos 2 looks nice in theory, but:

* Qubes OS does not support this architecture. So you are going to have 
something  more resistant to backdoors, but it is also less resistant to 
classical exploits. If your typical threat is not like NSA, you probably lose 
security. And even if it is, it is at least not clear win, as NSA could use 
those classical exploits anyway.
* Not an option for those who want a laptop.
* It is quite expensive for needs of most people.

That's not to say Talos 2 has no merit. It might have some niche, but it is far 
far from a solution for masses.

> If you buy new Intel/AMD CPU's you are supporting future anti-feature 
> development.

Maybe this is not that bad for AMD: 
https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option

But it is still matter of trust. Not having PSP/IME does not mean there cannot 
be any backdoor.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/751ae8ce-c183-4d2e-a17d-6637d029221c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-08 Thread taii...@gmx.com

Is there any news on a fix or work-around coming for 3.2?

Converting all the templates to HVM is doable and would greatly improve 
security, in light of the severity of these exploits I see no reason not 
to do it despite it not being in the original requirements.


I would appreciate advice on how to perform this.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b56e709-1101-6a58-dd71-45d629b9773c%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland

2018-01-08 Thread taii...@gmx.com
I am bumping the thread as I greatly appreciate when companies search 
for applicants like this (instead of with the usual DICE posting with 
absurd HR specified qualifications that filter out all the honest 
applicants.)


Also please let me know if you need advice on libre hardware purchasing 
- the various pre-PSP AMD libre firmware available boards are becoming 
harder to obtain so I advise obtaining some sooner rather than later - 
moreso as the G34/C32 Opteron CPU's are not vulnerable to the 
meltdown/spectre trouble (they are only exploitable with spectre part 1 
if an obscure sysctl is enabled, however most distros have it disabled 
by default as no one uses it)

On 01/08/2018 03:58 AM, mba wrote:

Dear Qubes Community,

I am reaching out this way on the advise of Andrew David Wong (Axon), as I am in need of 
finding a part time "jack of all trades" IT person, who has knowledge of Qubes 
to an extent where he/she is able to implement this in a small office environment with a 
handful of users. There will also be other tasks, such as alarm system / video 
monitoring, networking, server etc. etc.

We envision this can be 50 - 100% workload (up to you) for a few weeks, after 
which we expect maybe 25% workload after that. All very flexible, BUT it is 
necessary that you are able to come and work from our office in Sihlbrug/Baar 
in Switzerland (just off the highway ... busstop 200 meters away).

Due to the nature of work, and given that we cannot offer a full time position, 
we would expect a young person who is studying or is an apprentice, who would 
like to have some additional challenges and earn some extra money. However, it 
could also be someone older who's in between jobs.

Important is knowledge/experience with Qubes, general IT/network and the 
ability to handle and solve challenges as well as being flexible, self-starter 
and work independently.

If you are interested, please send me your CV, which also must contain a recent 
photo, email and telephone number.

If you know of someone who could be interested, please let them know (or let me 
know).

I will be looking forward to hearing from you on the following e-mail address:

m...@corpconsult.info

Best regards
Mogens Berg Andersen
MBA Consulting GmbH


On 2018-01-05 01:25, mba wrote:


Hi,

In connection with my clients plan to secure our entire IT infrastructure, we 
are looking for a part-time and/or short term Qubes enthusiast who also have 
good knowledge of networking, as well as the ability to work with various 
hardware. It will be necessary to do all of the work from our office in Baar, 
Zug, Switzerland. We see this as an ideal opportunity for a knowledgeble and 
motivated individual, who maybe now is an apprentice / student / unemployed, 
who have spare time and the wish to earn some extra money. Working times will 
be very flexible and with a high degree of independence in terms of carrying 
out the tasks.

I do realize that this here is not a job-centre, but was wondering if you have 
some inputs as to how to get in contact with such an individual? I am not 
myself at all skilled to the level needed, and Google searching as well as 
various fora's did also not provide any useful pointers, so I'm hoping you will 
be able to help me.

I thank you in advance for any input you'll be able to provide, and please feel 
free to share the entire content of this mail, including the contact details 
below, as you see fit for the purpose.

Best regards
Mogens Berg Andersen
MBA Consulting GmbH



Hello,

I suggest that you ask on our qubes-users mailing list:

https://www.qubes-os.org/mailing-lists/#qubes-users

--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd24c312-e7be-9a60-1dd0-b5d6b0643b5a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow

2018-01-08 Thread Yuraeitha
On Monday, January 8, 2018 at 1:27:45 PM UTC+1, Fabrizio Romano Genovese wrote:
> No, my PC is a Dell XPS13, not a Latitude. But I have some news:
> 
> The booting problem is 100% dependent on being plugged or not. Precisely, I 
> observed the following behaviors:
> 
> Booting plugged: Everything is normal, PC is fast. If I unplug it afterwards 
> nothing really happens and performance stays the same.
> 
> Booting unplugged: FUBAR. Slow, unresponsive, battery draining over 9000. 
> Plugging AC adapter in afterwards doesn't help at all.
> 
> Dunno if my intuition is the right one, but it may be that the booting 
> process, when unplugged, triggers some sort of fucked up setting regarding 
> power management that causes havoc. Note that, in my case, the only important 
> factor to consider is if the AC adapter is plugged/unplugged AT BOOT. 
> Connecting/disconnecting it afterwards has no effect whatsoever on 
> performance.


That extra information you discovered is really insightful I think, where your 
power management stays as desired after unplugging (after boot), based on the 
two scenarios you listed. This should make it possible to narrow it down to 3 
further detailed scenarios.

I'm no expert btw, so listen to Marek who is far, far more knowledge than I. 
But for now, heres a suggestion to narrow down the issue further based on your 
new post.

It probably means either of the three scenarios: 
A) Xen is not changing to its own preferred power-settings over the 
BIOS/UEFI/EFI/Grub boot power settings (Can be changed bottom up from 
BIOS/UEFI/EFI/Grub?).
B) Xen is maybe tricked into believing the preferred power-settings due to 
incorrect BIOS/UEFI/EFI/Grub settings (can be changed top-down from Xen?).
C) No settings available in BIOS/UEFI or executable commands in EFI/Grub 
(Nothing that can be done).

So there is possible a top-down apporach, a bottom-up approach, and a scenario 
where you cannot do anything. I believe the command Marek listed is a top-down 
approach, while changing power-settings in your BIOS/UEFI/EFI/Grub is a 
bottom-up approach. 

Given your relied information in your last post above, you can probably deduce 
that a bottom-up approach can work as well, since as you describe it, the 
power-state you're in during initial boot, decides the overall power-settings 
irregardless if you unplug later on. Question then, would be, what to change in 
BIOS/UEFI/EFI/Grub? And the Xen top-down command Marek mentioned above might 
also work too.

Just be careful with power-settings, it can damage your hardware severely if a 
setting is poorly set, and it's way out of my league to say with any certainty 
which settings are fine to change, and which are not. 

For now though, maybe try take a stroll in your BIOS/UEFI and see if you can 
identify and suspicious power settings?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4047d3f-2c02-455f-a76b-90118d358cd7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread taii...@gmx.com

On 01/08/2018 11:34 AM, cooloutac wrote:


Corsair has crap quality control,  and evil engineers.  EVGA on the other hand, 
 is the best quality in PSU's I've ever seen,  no matter the model.  I've also 
had cheap psu's not work properly with a ups,  but never the case with an evga 
psu.   I hate to sound like a shrill, but noone comes close to them in the psu 
market.  There is no comparison.
So I take it you purchase a large amount of hardware for an institution 
and thus have more than anecdotal evidence?


Or you have removed the PSU cover (DANGEROUS - DO NOT DO THIS) and 
examined the quality of components and quality of the assembly process?


On 01/08/2018 11:44 AM, cooloutac wrote:


I also would never buy corsair ram.  fk that company.  My fav brand is G.Skill.
Neither company makes or assembles RAM or power supplies - they are 
simply re-branders of OEM white label products.


Even companies like PNY with real factories (see their website, it is in 
new jersey america) are not really making "RAM" they are simply a pick 
and place operation that assembles PCB's - there are only a few 
manufacturers of memory chips in the world, those chips are then bought 
by companies who assemble PCB's.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50e5e505-c4a8-2782-5be0-7cf7546866b7%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Dom0 terminal color is blue?

2018-01-08 Thread Alex Dubois
On Monday, 8 January 2018 17:02:15 UTC, Yuraeitha  wrote:
> On Sunday, January 7, 2018 at 9:18:54 PM UTC+1, bow...@gmail.com wrote:
> > Stupid question, I rarely fire dom0 terminal... is the color blue? I 
> > remember it being grey long ago...
> 
> Which Qubes system version are you on, and also the version of the one you 
> refer to into the past, if you remember? 
> 
> Qubes 3.2. dom0 terminal is blue (or was until Qubes 4 RC-2 was released at 
> least, as that was when I moved away from 3.2 and never looked back).
> 
> Qubes 4.0 has a gray dom0 terminal. 
> 
> I never used Qubes previous to version 3.2, maybe it was gray before 3.2, and 
> became gray once more in Qubes 4.0?
> 
> I'm guessing you're using Qubes 3.2. currently, or earlier, if you rarely use 
> the dom0 terminal to the extent you refer to. Because currently Qubes 4 
> requires you to update dom0 through the dom0 terminal, including handling the 
> backup-create and backup-restore in the dom0 terminal. I suspect a GUI might 
> come in the future though, when more developer time can be focused on it, as 
> they're quite busy with Qubes 4. But this is just speculation on my part.


Yes correct I am on 3.2. I thought someone had me swallow the blue pill ;)

I don't mind terminal at all, it is just that after setting all my 18 VMs, I 
did not have a use.

I use it mainly as a personal cloud (Atlassian stack hosting) + firewall, so 
this may explain.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f25f709f-67eb-4176-bd93-2192ec22a7b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Dom0 terminal color is blue?

2018-01-08 Thread cooloutac
On Monday, January 8, 2018 at 12:02:15 PM UTC-5, Yuraeitha wrote:
> On Sunday, January 7, 2018 at 9:18:54 PM UTC+1, bow...@gmail.com wrote:
> > Stupid question, I rarely fire dom0 terminal... is the color blue? I 
> > remember it being grey long ago...
> 
> Which Qubes system version are you on, and also the version of the one you 
> refer to into the past, if you remember? 
> 
> Qubes 3.2. dom0 terminal is blue (or was until Qubes 4 RC-2 was released at 
> least, as that was when I moved away from 3.2 and never looked back).
> 
> Qubes 4.0 has a gray dom0 terminal. 
> 
> I never used Qubes previous to version 3.2, maybe it was gray before 3.2, and 
> became gray once more in Qubes 4.0?
> 
> I'm guessing you're using Qubes 3.2. currently, or earlier, if you rarely use 
> the dom0 terminal to the extent you refer to. Because currently Qubes 4 
> requires you to update dom0 through the dom0 terminal, including handling the 
> backup-create and backup-restore in the dom0 terminal. I suspect a GUI might 
> come in the future though, when more developer time can be focused on it, as 
> they're quite busy with Qubes 4. But this is just speculation on my part.

oh thats good to know.  I preferred the grey.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b1127ca-7058-4303-b1eb-dd0f2cc857d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Dom0 terminal color is blue?

2018-01-08 Thread Yuraeitha
On Sunday, January 7, 2018 at 9:18:54 PM UTC+1, bow...@gmail.com wrote:
> Stupid question, I rarely fire dom0 terminal... is the color blue? I remember 
> it being grey long ago...

Which Qubes system version are you on, and also the version of the one you 
refer to into the past, if you remember? 

Qubes 3.2. dom0 terminal is blue (or was until Qubes 4 RC-2 was released at 
least, as that was when I moved away from 3.2 and never looked back).

Qubes 4.0 has a gray dom0 terminal. 

I never used Qubes previous to version 3.2, maybe it was gray before 3.2, and 
became gray once more in Qubes 4.0?

I'm guessing you're using Qubes 3.2. currently, or earlier, if you rarely use 
the dom0 terminal to the extent you refer to. Because currently Qubes 4 
requires you to update dom0 through the dom0 terminal, including handling the 
backup-create and backup-restore in the dom0 terminal. I suspect a GUI might 
come in the future though, when more developer time can be focused on it, as 
they're quite busy with Qubes 4. But this is just speculation on my part.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c76d-322a-4455-9d28-4182a488a8a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
I also would never buy corsair ram.  fk that company.  My fav brand is G.Skill. 
  

And ram is also backwards compatible when comes to frequencies.   And when 
using a lower frequency you can always lower timings,  and still have it in 
case you upgrade to higher frequency board in future.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b3a9af7-6050-494c-9706-f007c6fd2312%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
I also would never buy corsair ram.  fk that company.  My fav brand is G.Skill.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b01fbdd-b42b-42a0-887b-e579e7be0756%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
Just remembered the snowden documentary,  when he would type the password into 
his laptop covering it and his head with a blanket.   Maybe we should all do 
that?  Then they really would need to catch the electrical or radiation 
frequencies lol.
@Wael, Thats a sweet PSU you picked.  EVGA doesn't make lower end ones.  I 
think Tai was thinking of corsair,  which I would never recommend to anybody.

A Corsair PSU once died on me after a year.  One of the C models. And the hdd 
and gpu got killed.  Whats crazy is for a year I thought i was getting hacked 
and was going nuts,  turns out it the psu must of been failing after 3 months 
and I never suspected it.

 I filed a claim with them.  They said nothing was wrong with the PSU or GPU.   
 I told them thats impossible, because I had to replace the psu to get my board 
to post lol.   and I flipped out.

Long story short,  They paid for my hdd.   But Stole my GPU,  literally,  stole 
the fkn thing and refused to give it back.  They claimed they didn't know where 
it was.  They probably reflashed it and gave it to their kid.  Now that I think 
about it I should of called the police!On top of that they sent me two bad 
PSU's before they sent me a good one.  I swear it.   The first replacement 
immediately started smoking on me as if they sent me a bad psu on purpose just 
to fk with me!!!  Because when they told me nothing was wrong with the psu,  I 
told the guy his engineers are frauds.   And The only reason they paid for the 
HDD is after I complained they stole my GPU and I was out a hdd.

   The last GPU they sent me  only lasted 2 years and stopped working out of 
nowhere with no warning signs.  

Corsair has crap quality control,  and evil engineers.  EVGA on the other hand, 
 is the best quality in PSU's I've ever seen,  no matter the model.  I've also 
had cheap psu's not work properly with a ups,  but never the case with an evga 
psu.   I hate to sound like a shrill, but noone comes close to them in the psu 
market.  There is no comparison.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d07a4ac8-e972-4619-a40a-9f819a901d51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
Just remembered the snowden documentary,  when he would type the password into 
his laptop covering it and his head with a blanket.   Maybe we should all do 
that?  Then they really would need to catch the electrical or radiation 
frequencies lol.
@Wael, Thats a sweet PSU you picked.  EVGA doesn't make lower end ones.  I 
think Tai was thinking of corsair,  which I would never recommend to anybody.

A Corsair PSU once died on me after a year.  One of the C models. And the hdd 
and gpu got killed.  Whats crazy is for a year I thought i was getting hacked,  
turns out it the psu must of been failing after 3 months and I never suspected 
it.

 I filed a claim with them.  They said nothing was wrong with the PSU or GPU.   
 I told them thats impossible, because I had to replace the psu to get my board 
to post lol.   and I flipped out.

Long story short,  They paid for my hdd.   But Stole my GPU,  literally,  stole 
the fkn thing and refused to give it back.  They claimed they didn't know where 
it was.  They probably reflashed it and gave it to their kid.  Now that I think 
about it I should of called the police!On top of that they sent me two bad 
PSU's before they sent me a good one.  I swear it.   The first replacement 
immediately started smoking on me as if they sent me a bad psu on purpose just 
to fk with me!!!  Because when they told me nothing was wrong with the psu,  I 
told the guy his engineers are frauds.   And The only reason they paid for the 
HDD is after I complained they stole my GPU and I was out a hdd.

   The last GPU they sent me  only lasted 2 years and stopped working out of 
nowhere with no warning signs.  

Corsair has crap quality control,  and evil engineers.  EVGA on the other hand, 
 is the best quality in PSU's I've ever seen,  no matter the model.  I've also 
had cheap psu's not work properly with a ups,  but never the case with an evga 
psu.   I hate to sound like a shrill, but noone comes close to them in the psu 
market.  There is no comparison.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68ac2359-efc2-4376-9859-04f9e3bf0350%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: new Desktop build recommendation

2018-01-08 Thread cooloutac
Just remembered the snowden documentary,  when he would type the password into 
his laptop covering it and his head with a blanket.   Maybe we should all do 
that?  Then they really would need to catch the electrical or radiation 
frequencies lol.

@Wael, Thats a sweet PSU you picked.  EVGA doesn't make lower end ones.  I 
think Tai was thinking of corsair,  which I would never recommend to anybody.

A Corsair PSU once died on me after a year.  One of the C models. And the hdd 
and gpu got killed.  Whats crazy is for a year I thought i was getting hacked,  
turns out it the gpu must of been failing after 3 months and I never suspected 
it.

 I filed a claim with them.  They said nothing was wrong with the PSU or GPU.   
 I told them thats impossible, because I had to replace the psu to get my board 
to post lol.   and I flipped out.

Long story short,  They paid for my hdd.   But Stole my GPU,  literally,  stole 
the fkn thing and refused to give it back.  They claimed they didn't know where 
it was.  They probably reflashed it and gave it to their kid.  Now that I think 
about it I should of called the police!On top of that they sent me two bad 
PSU's before they sent me a good one.  I swear it.   The first replacement 
immediately started smoking on me as if they sent me a bad psu on purpose just 
to fk with me!!!  Because when they told me nothing was wrong with the psu,  I 
told the guy his engineers are frauds.   And The only reason they paid for the 
HDD is after I complained they stole my GPU and I was out a hdd.

   The last GPU they sent me  only lasted 2 years and stopped working out of 
nowhere with no warning signs.  

Corsair has crap quality control,  and evil engineers.  EVGA on the other hand, 
 is the best quality in PSU's I've ever seen,  no matter the model.  I've also 
had cheap psu's not work properly with a ups,  but never the case with an evga 
psu.   I hate to sound like a shrill, but noone comes close to them in the psu 
market.  There is no comparison.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27b84105-f3d8-4771-b6ea-ab716c4ebbea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Multiple usability issues Qubes 4RC3

2018-01-08 Thread Yuraeitha
On Monday, January 8, 2018 at 3:28:26 PM UTC+1, a...@it-minds.dk wrote:
> Den mandag den 8. januar 2018 kl. 14.29.06 UTC+1 skrev Ahmed Al Aqtash:
> > Hello all!
> > 
> > 
> > I apologise for the vague subject, but I have been trying all kinds of 
> > things, and I simply can't understand half of the issues, and the other 
> > half I can't seem to find a solution to.
> > 
> > 
> > First of all I have all the respect in the world for the entire Qubes team, 
> > and I sincerely believe that you are making the world a better place.
> > 
> > 
> > The machine: ThinkPad X270 (full specs: 
> > https://www.uk.insight.com/en-gb/productinfo/portatili-e-notebook/0007017591).
> >  It has 8 GB RAM.
> > 
> > 
> > So.. to the issues..
> > 1) A more general gripe with not having enough documentation to actually 
> > get through a setup process. I used Qubes 3.2 before, and I simply went 
> > about Qubes 4 the same way. I know that there have been multiple changes, 
> > and I honestly believe the changes are for the better.
> > 
> > 
> > But issues like moving a templates home directory to /etc/skel (meaning 
> > that appvm's inherit /etc/skel as home dir from the template) left me 
> > baffled with my first install.. I setup my template exactly as I wanted, 
> > created an appvm, and nothing was initialised. I had no idea what was going 
> > on, and the only way I could get some information was through a GitHub 
> > issue. Even after moving everything over to /etc/skel, I still have 
> > issues.. not everything is being carried over, not everything is being read 
> > correctly, and /etc/skel is not being synchronised either. If I add 
> > something new to /etc/skel AFTER creating a appvm, the appvm's homedir 
> > won't be updated.
> > 
> > 
> > I like the idea with moving all the GUI functionality to the shell. I 
> > prefer using the shell anyway. But for instance, in 3.2, you could allow 
> > access to through the firewall for a templatevm. Now it has to be done 
> > through qvm-prefs. This is not documented anywhere, and this was also an 
> > infuriating issue for me.
> > 
> > 
> > 2) I have reinstalled qubes multiple times over the weekend (friday through 
> > sunday) to get my install at a state that I am actually satisfied with.
> > 
> > 
> > Most griping issues: sys-net and sys-firewall do not start on boot. 
> > Journalctl claims that there isn't enough memory to start sys-net on boot 
> > (I don't have anything more descriptive for sys-firewall).
> > I can easily start them after boot and login. If I need more memory, then I 
> > will happily upgrade. I intended to do so anyway, but I cannot understand 
> > why it worked fine in 3.2 with 8 GB RAM.
> > 
> > 
> > 3) The issue mentioned under documentation with setting up a template 
> > exactly the way I want it.
> > To understand the issue in depth, I think it's in place to describe my 
> > setup:
> > Having 2 base templates (based on the debian 9 template):
> > 
> > 
> >   * One I call 'trusted' which is based on debian sid (unstable) that I 
> > install everything I use for daily usage (firefox, libreoffice, mpv, emacs, 
> > other open source tools). Primarily AppVM's will be based out of this 
> > template.
> > 
> > 
> > * One I call 'untrusted' that is going to be a clone of 'trusted', and that 
> > I install proprietary software in, that I also use on a daily basis (e.g. 
> > spotify). Also AppVM's out of this, but probably only 1 to start with.
> > 
> > 
> > * I will probably create a standalone VM based off of 'trusted' that I use 
> > for development. So I will install stuff like docker, golang, and all other 
> > stuff I would otherwise use for developing.
> > 
> > 
> > I have not been able to create my 'trusted' template in a proper manner, 
> > since I can't get /etc/skel to work properly.
> > 
> > 
> > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos 
> > that are cloned to the homedir of the user (meaning they are git repos 
> > cloned to /etc/skel)
> > If this is improper usage, then please guide me to how I should go about 
> > doing this instead, as I have no idea what the smartest solution would 
> > otherwise be.
> > 
> > 
> > Sorry for the long email, and thanks in advance for clarifying answers.
> > 
> > 
> > Best regards and all the best.
> 
> Another issue actually:
> What is the best/recommended way of updating software in TemplateVMs?
> Firing up a shell in the TemplateVM and running a standard 'sudo dnf 
> update'/'sudo apt-get upgrade', or should we throw flags at it?
> 
> In 3.2 the GUI would happily say 'you have updates', but now (with my very 
> limited knowledge) we have to check this manually?
> 
> Cheers

I believe the current solution is to check manually yes, but I also think it's 
a temporary issue. Maybe it'll be resolved in Qubes 4.1. or Qubes 5 even? There 
was so much to do in Qubes 4, that many things like these likely had to be put 
into lower priorities. But now that Qubes 4 is getting more stable 

Re: [qubes-users] qubes 4 qvm-trim not exist

2018-01-08 Thread 'awokd' via qubes-users
On Mon, January 8, 2018 4:14 pm, Yuraeitha wrote:

> [user@fedora-26 ~]$ sudo fstrim -v /
> fstrim: /: the discard operation is not supported

Not entirely sure it will propagate upwards but try setting dom0
/etc/lvm/lvm.conf issue_discards = 1 and reboot.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25f29689781e3f864d8f68681b580f2b.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Dom0 terminal color is blue?

2018-01-08 Thread cooloutac
On Sunday, January 7, 2018 at 3:18:54 PM UTC-5, bow...@gmail.com wrote:
> Stupid question, I rarely fire dom0 terminal... is the color blue? I remember 
> it being grey long ago...

ya,  it changed...   not sure why.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1feda4f7-cb6e-400c-8edc-f7f051fcacef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] do i need to configure usb printer in disposalVM? to print from there

2018-01-08 Thread cooloutac
also make sure to install the drivers in the dispvm's template.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3546c251-b321-48c5-a5b3-0988fa4aaddb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes 4 qvm-trim not exist

2018-01-08 Thread Yuraeitha
On Sunday, January 7, 2018 at 11:36:41 PM UTC+1, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Sun, Jan 07, 2018 at 12:45:58PM -0800, Roy Bernat wrote:
> > On Sunday, 7 January 2018 22:30:39 UTC+2, Andrew David Wong  wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA512
> > > 
> > > On 2018-01-07 12:48, Roy Bernat wrote:
> > > > Hi All ,
> > > > 
> > > > What is the best practice to trim disk inside qubes 4 .
> > > > 
> > > > the qvm-trim-template dont exist anymore .
> > > > 
> > > > R
> > > > 
> > > 
> > > You can use the `fstrim` command in the TemplateVM:
> > > 
> > > $ sudo fstrim -v /
> > 
> > Hi 
> > 
> > fstrim: /: the discard operation is not supported
> 
> Strange, it should work. And on my system it works...
> 
> Anything special in your configuration? Have you chosen non standard
> partitioning or such?
> Maybe you don't have LVM thin based storage? You can check that for the
> template using (adjust template name):
> 
> qvm-volume ls fedora-26
> 
> The storage pool used will be in the first column, for example:
> 
> POOL:VOLUME   VMNAME VOLUME_NAME  
> REVERT_POSSIBLE
> linux-kernel:4.9.56-21fedora-26  kernel   No
> lvm:qubes_dom0/vm-fedora-26-private   fedora-26  private  No
> lvm:qubes_dom0/vm-fedora-26-root  fedora-26  root No
> lvm:qubes_dom0/vm-fedora-26-volatile  fedora-26  volatile No
> 
> Here you see "lvm" pool.
> 
> If you want, you can dig further: qvm-pool -i lvm 
> 
> name  lvm
> driverlvm_thin
> size  486585401344
> thin_pool pool00
> usage 347665269260
> volume_group  qubes_dom0
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> 
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlpSoNgACgkQ24/THMrX
> 1yzwzgf/Wl7+PDptZ0i9HN5viuSmQk0W5EeBawQ9CIJHseCGAqPLLvRToSRPBF9f
> vRPZv7HHAf0xoY7TPnBygjUAgb+u30rbGdpFafBwDugyzy8ojDLZvOZXgxaOiegn
> M27tjwX6i6Wpc83gh+HwIB4ARJua2gBOS0ULDXJBZZ4y1WoVN0fvr3RiDRGWhpYH
> 1QutmKGR4Cwz0D1KoEP1qhCiew9BQ2NS1SSCk4dgncZcAnnSCrLR+9WDmirZRl2U
> 2AbxMdFXMvFfsmXCiTyq/dw3H0N9c6Litq0KPcowkXxhXx24vQo7fjLJGKpFrOEv
> KuN+RRcMchphkF87AoVASm+G0rTzLA==
> =DGsq
> -END PGP SIGNATURE-

Out of curiosity I checked my own system too (I'm running LVM, not LVM Thin).

"
[user@fedora-26 ~]$ sudo fstrim -v /
fstrim: /: the discard operation is not supported
[user@fedora-26 ~]$
"

"
user@debian-8:~$ sudo fstrim -v /
fstrim: /: the discard operation is not supported
user@debian-8:~$
"

Dom0 was pretty much identical as the two examples above too.

Is LVM Thin the preferred FS-format on Qubes 4 over regular LVM?
Also, possibly this might be because I'm using LVM and not LVM Thin, but I get 
python errors when I execute "qvm-pool -i lvm" in dom0. The command does not 
exist in fedora-26 or debian-8 template. But I guess it must be a dom0 specific 
command. Below is the python error from dom0.

[user@dom0 ~]$ qvm-pool -i lvm
Traceback (most recent call last):
  File "/usr/bin/qvm-pool", line 5, in 
sys.exit(main())
  File "/usr/lib/python3.5/site-packages/qubesadmin/tools/qvm_pool.py", line 
146, in main
args = parser.parse_args(args, app=app)
  File "/usr/lib/python3.5/site-packages/qubesadmin/tools/__init__.py", line 
387, in parse_args
action.parse_qubes_app(self, namespace)
  File "/usr/lib/python3.5/site-packages/qubesadmin/tools/__init__.py", line 
312, in parse_qubes_app
pools = [app.pools[name] for name in pool_names]
  File "/usr/lib/python3.5/site-packages/qubesadmin/tools/__init__.py", line 
312, in 
pools = [app.pools[name] for name in pool_names]
  File "/usr/lib/python3.5/site-packages/qubesadmin/base.py", line 309, in 
__getitem__
raise KeyError(item)
KeyError: 'lvm'
[aki@dom0 ~]$


So I'm guessing the solution would possibly be to re-install it all, but 
instead pick LVM-Thin as the FS-format? I'll gladly sign up to be up for being 
a guinea-pig and re-install Qubes 4 on LVM-Thin instead of LVM, (additional 
difference would be Qubes RC-2 fully updated to Qubes RC-4), to test it out if 
it makes a difference. Or maybe use Qubes RC-2 again for accuracy if it 
matters? Albeit I'm unsure if there is any value in such a test, and or whether 
systemdata is needed from before/after re-install.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d093e9a-c5b4-4107-a695-e9a6d2eada09%40googlegroups.com.
For more options, visit 

Re: [qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade

2018-01-08 Thread Tom Hutchinson
> please don't apologize for your incognizable hard and important work. ;)

I second the motion. I am so thankful for the Qubes team's work to
protect us users.

On Mon, Jan 8, 2018 at 5:37 AM, rob_66  wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Sat, 6 Jan 2018 18:15:21 -0600
> Andrew David Wong  wrote:
>
> >
> > Dear Qubes Community,
> >
> > Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely
> > apologize for our failure to provide timely notice of this event.
>
>
> Dear Qubes team and developers,
>
> please don't apologize for your incognizable hard and
> important work. ;)
>
> Cheers,
>
> rob
> -BEGIN PGP SIGNATURE-
>
> iQJ8BAEBCgBmBQJaU0npXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RDk5RjYwMjVBMjMwQTc0NjExNkJCOERD
> NEZDQzQwQjUwMTY1NDg1AAoJEMT8xAtQFlSF9pIQAJcFYJlhDRulHcz+YGyFL5Kg
> 7gnOnsGcdSTjVJZ2pk1of+WhQHcx0xrdqxU5cnqxTyikXkeL4HPVL1wYtsCRpsZV
> jX9IETx75AXulMMCgEvRKGnB78AacVpuagzq7co/O/BthstW1vnxunNgRMBYLVmM
> XAYgf/JH+lfN7cARp6uW9OinXlHQg0MiU9MO+UboxZ5cpS8V5D6IWyLIxFG7sHO+
> o+AHWg6Kk94ul/HawkvqPquEaC6FKdIjcoKIncqdpAzCEuMMwsowcEGx+ppvOeWJ
> oywccLydz/Zsl3seZODws8wchl06BYgSusAuPGWQt7jn4w66GX+XRmm9y5VpSicy
> vDa6JD+U0ski2Q1T5i7c7IuVCwQoiNwiRkDGqb1sSQTi5gPM3rj0U27h/G9nrD3S
> SryOuTDbwZRXyLeJMqydldBbjSygAMj+durBbGLg99JoqIfYUqxAmwfPdy4csnjR
> qVT2E9SA/11pDIUzWAIBe7wi75XFVxlKMa56eblMOPS1g1MQ/b+Q+OGeJKrI3N5s
> rRdqvDBQMVDyX3Ko/vp3CDH92hCSCL1L8x9DNYiuK8OleC43HYCfmL92Svy6EDL4
> wj1AFz9y35KJpQdyP+Cnd03b9EsF+ThnCRAS4z6j0sd2h1YNGET2faltm6DBes+l
> 317JxVdFj64VGKAyvsdH
> =ZumN
> -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/p2vhhl%24kae%241%40blaine.gmane.org.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CALvEeyied-wq3U16Y8dddGbJuQNefH%2BkytTMOcUt%2B90zdoHVqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Multiple usability issues Qubes 4RC3

2018-01-08 Thread aaq via qubes-users
Den mandag den 8. januar 2018 kl. 14.29.06 UTC+1 skrev Ahmed Al Aqtash:
> Hello all!
> 
> 
> I apologise for the vague subject, but I have been trying all kinds of 
> things, and I simply can't understand half of the issues, and the other half 
> I can't seem to find a solution to.
> 
> 
> First of all I have all the respect in the world for the entire Qubes team, 
> and I sincerely believe that you are making the world a better place.
> 
> 
> The machine: ThinkPad X270 (full specs: 
> https://www.uk.insight.com/en-gb/productinfo/portatili-e-notebook/0007017591).
>  It has 8 GB RAM.
> 
> 
> So.. to the issues..
> 1) A more general gripe with not having enough documentation to actually get 
> through a setup process. I used Qubes 3.2 before, and I simply went about 
> Qubes 4 the same way. I know that there have been multiple changes, and I 
> honestly believe the changes are for the better.
> 
> 
> But issues like moving a templates home directory to /etc/skel (meaning that 
> appvm's inherit /etc/skel as home dir from the template) left me baffled with 
> my first install.. I setup my template exactly as I wanted, created an appvm, 
> and nothing was initialised. I had no idea what was going on, and the only 
> way I could get some information was through a GitHub issue. Even after 
> moving everything over to /etc/skel, I still have issues.. not everything is 
> being carried over, not everything is being read correctly, and /etc/skel is 
> not being synchronised either. If I add something new to /etc/skel AFTER 
> creating a appvm, the appvm's homedir won't be updated.
> 
> 
> I like the idea with moving all the GUI functionality to the shell. I prefer 
> using the shell anyway. But for instance, in 3.2, you could allow access to 
> through the firewall for a templatevm. Now it has to be done through 
> qvm-prefs. This is not documented anywhere, and this was also an infuriating 
> issue for me.
> 
> 
> 2) I have reinstalled qubes multiple times over the weekend (friday through 
> sunday) to get my install at a state that I am actually satisfied with.
> 
> 
> Most griping issues: sys-net and sys-firewall do not start on boot. 
> Journalctl claims that there isn't enough memory to start sys-net on boot (I 
> don't have anything more descriptive for sys-firewall).
> I can easily start them after boot and login. If I need more memory, then I 
> will happily upgrade. I intended to do so anyway, but I cannot understand why 
> it worked fine in 3.2 with 8 GB RAM.
> 
> 
> 3) The issue mentioned under documentation with setting up a template exactly 
> the way I want it.
> To understand the issue in depth, I think it's in place to describe my setup:
> Having 2 base templates (based on the debian 9 template):
> 
> 
>   * One I call 'trusted' which is based on debian sid (unstable) that I 
> install everything I use for daily usage (firefox, libreoffice, mpv, emacs, 
> other open source tools). Primarily AppVM's will be based out of this 
> template.
> 
> 
> * One I call 'untrusted' that is going to be a clone of 'trusted', and that I 
> install proprietary software in, that I also use on a daily basis (e.g. 
> spotify). Also AppVM's out of this, but probably only 1 to start with.
> 
> 
> * I will probably create a standalone VM based off of 'trusted' that I use 
> for development. So I will install stuff like docker, golang, and all other 
> stuff I would otherwise use for developing.
> 
> 
> I have not been able to create my 'trusted' template in a proper manner, 
> since I can't get /etc/skel to work properly.
> 
> 
> NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos 
> that are cloned to the homedir of the user (meaning they are git repos cloned 
> to /etc/skel)
> If this is improper usage, then please guide me to how I should go about 
> doing this instead, as I have no idea what the smartest solution would 
> otherwise be.
> 
> 
> Sorry for the long email, and thanks in advance for clarifying answers.
> 
> 
> Best regards and all the best.

Another issue actually:
What is the best/recommended way of updating software in TemplateVMs?
Firing up a shell in the TemplateVM and running a standard 'sudo dnf 
update'/'sudo apt-get upgrade', or should we throw flags at it?

In 3.2 the GUI would happily say 'you have updates', but now (with my very 
limited knowledge) we have to check this manually?

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/706226d9-5e3b-4145-a042-3866f7aa192a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Multiple usability issues Qubes 4RC3

2018-01-08 Thread aaq via qubes-users
> >   * One I call 'trusted' which is based on debian sid (unstable) that I
> > install everything I use for daily usage (firefox, libreoffice, mpv,
> > emacs, other open source tools). Primarily AppVM's will be based out of
> > this template.
> > 
> > * One I call 'untrusted' that is going to be a clone of 'trusted', and
> > that I install proprietary software in, that I also use on a daily basis
> > (e.g. spotify). Also AppVM's out of this, but probably only 1 to start
> > with.
> 
> An alternative solution is to make your "untrusted" VM an AppVM and you 
> install the software in there using bind-dirs.
> Then you *only* use that VM for running that software and you likely store 
> no personal data there (other than maybe your spotify cridentials).
> 
> Additional bonus would be to open any webpages in disposable VMs, should you 
> click on a link in any of those apps.

This approach is actually quite nice. I have never used bind-dirs though. How 
would I go about this? Symlink from /usr/bin to the homedir of the VM, or how?

I actually already open all links in disposable VMs, unless of course it is 
something that I use/trust. So that part of the equation is solved :)

> > * I will probably create a standalone VM based off of 'trusted' that I use
> > for development. So I will install stuff like docker, golang, and all
> > other
> > stuff I would otherwise use for developing.
> 
> I may be wrong, but all those development tools are open source and likely 
> shipped by your distro. In which case I wonder what the benefit is to putting 
> them into its own VM?

I may use libs that I haven't neccessarily looked through, or have no idea 
where originate from. Also, this VM will need to communicate more extensively 
with the Internet, as I make web utils or other stuff. I would prefer having 
this VM isolated at any rate :)

> In short, maybe the simplest way is to create;
> 
> * TemplateVM: debian9
> * Work AppVM based on debian9
> * Untrusted AppVM based on debian9, adds untrusted apps using binds
> * any other AppVMs you need... All based on the same debian9 template.
> 
> > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos
> > that are cloned to the homedir of the user (meaning they are git repos
> > cloned to /etc/skel)
> 
> Using /etc/skel just causes the data to be copied to the appvm homedir on 
> first start.
> You end up duplicating the data anyway, maybe you can use a different way to 
> copy everthing between VM homedirs.
> Notice that you can just do a qvm-copy [dir] which copies recursively.

But it's fine by me if it only happens once. That means I just need to setup 
the template exactly the way I want, before I create AppVMs. I'd rather clone 
the repos and copy my settings files, .ssh, and other config/setup stuff in my 
template once, than doing it for all AppVMs.

Thanks again for your help Tom :)

I still need assistance with the initial start up of sys-net and sys-firewall 
though :(

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ecf4340-34ea-4a2c-847b-2cfb2aa59893%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Multiple usability issues Qubes 4RC3

2018-01-08 Thread 'Tom Zander' via qubes-users
On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users 
wrote:
>   * One I call 'trusted' which is based on debian sid (unstable) that I
> install everything I use for daily usage (firefox, libreoffice, mpv,
> emacs, other open source tools). Primarily AppVM's will be based out of
> this template.
> 
> * One I call 'untrusted' that is going to be a clone of 'trusted', and
> that I install proprietary software in, that I also use on a daily basis
> (e.g. spotify). Also AppVM's out of this, but probably only 1 to start
> with.

An alternative solution is to make your "untrusted" VM an AppVM and you 
install the software in there using bind-dirs.
Then you *only* use that VM for running that software and you likely store 
no personal data there (other than maybe your spotify cridentials).

Additional bonus would be to open any webpages in disposable VMs, should you 
click on a link in any of those apps.

> * I will probably create a standalone VM based off of 'trusted' that I use
> for development. So I will install stuff like docker, golang, and all
> other
> stuff I would otherwise use for developing.

I may be wrong, but all those development tools are open source and likely 
shipped by your distro. In which case I wonder what the benefit is to putting 
them into its own VM?

In short, maybe the simplest way is to create;

* TemplateVM: debian9
* Work AppVM based on debian9
* Untrusted AppVM based on debian9, adds untrusted apps using binds
* any other AppVMs you need... All based on the same debian9 template.

> NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos
> that are cloned to the homedir of the user (meaning they are git repos
> cloned to /etc/skel)

Using /etc/skel just causes the data to be copied to the appvm homedir on 
first start.
You end up duplicating the data anyway, maybe you can use a different way to 
copy everthing between VM homedirs.
Notice that you can just do a qvm-copy [dir] which copies recursively.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2937565.vjQbnCdrbL%40mail.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Multiple usability issues Qubes 4RC3

2018-01-08 Thread 'Tom Zander' via qubes-users
On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users 
wrote:
> But issues like moving a templates home directory to /etc/skel (meaning
> that appvm's inherit /etc/skel as home dir from the template) left me
> baffled with my first install..

Homedirs are completely separated from your template homedir.

I personally ended up setting up things like chrome and konsole, bashrc etc.
Making a tar off my setup and uncompressing it on other qubes.
Usage of /etc/skel is not something I suggest, that is *only* for first 
initialisation of an AppVM and never gets updated again.

Bottom line; your homedir is unique and different in each and every VM.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1587531.ENQz9nrnvL%40mail.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Multiple usability issues Qubes 4RC3

2018-01-08 Thread 'Ahmed Al Aqtash' via qubes-users
Hello all!

I apologise for the vague subject, but I have been trying all kinds of
things, and I simply can't understand half of the issues, and the other
half I can't seem to find a solution to.

First of all I have all the respect in the world for the entire Qubes team,
and I sincerely believe that you are making the world a better place.

The machine: ThinkPad X270 (full specs:
https://www.uk.insight.com/en-gb/productinfo/portatili-e-notebook/0007017591).
It has 8 GB RAM.

So.. to the issues..
1) A more general gripe with not having enough documentation to actually
get through a setup process. I used Qubes 3.2 before, and I simply went
about Qubes 4 the same way. I know that there have been multiple changes,
and I honestly believe the changes are for the better.

But issues like moving a templates home directory to /etc/skel (meaning
that appvm's inherit /etc/skel as home dir from the template) left me
baffled with my first install.. I setup my template exactly as I wanted,
created an appvm, and nothing was initialised. I had no idea what was going
on, and the only way I could get some information was through a GitHub
issue. Even after moving everything over to /etc/skel, I still have
issues.. not everything is being carried over, not everything is being read
correctly, and /etc/skel is not being synchronised either. If I add
something new to /etc/skel AFTER creating a appvm, the appvm's homedir
won't be updated.

I like the idea with moving all the GUI functionality to the shell. I
prefer using the shell anyway. But for instance, in 3.2, you could allow
access to through the firewall for a templatevm. Now it has to be done
through qvm-prefs. This is not documented anywhere, and this was also an
infuriating issue for me.

2) I have reinstalled qubes multiple times over the weekend (friday through
sunday) to get my install at a state that I am actually satisfied with.

Most griping issues: sys-net and sys-firewall do not start on boot.
Journalctl claims that there isn't enough memory to start sys-net on boot
(I don't have anything more descriptive for sys-firewall).
I can easily start them after boot and login. If I need more memory, then I
will happily upgrade. I intended to do so anyway, but I cannot understand
why it worked fine in 3.2 with 8 GB RAM.

3) The issue mentioned under documentation with setting up a template
exactly the way I want it.
To understand the issue in depth, I think it's in place to describe my
setup:
Having 2 base templates (based on the debian 9 template):

  * One I call 'trusted' which is based on debian sid (unstable) that I
install everything I use for daily usage (firefox, libreoffice, mpv, emacs,
other open source tools). Primarily AppVM's will be based out of this
template.

* One I call 'untrusted' that is going to be a clone of 'trusted', and that
I install proprietary software in, that I also use on a daily basis (e.g.
spotify). Also AppVM's out of this, but probably only 1 to start with.

* I will probably create a standalone VM based off of 'trusted' that I use
for development. So I will install stuff like docker, golang, and all other
stuff I would otherwise use for developing.

I have not been able to create my 'trusted' template in a proper manner,
since I can't get /etc/skel to work properly.

NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos
that are cloned to the homedir of the user (meaning they are git repos
cloned to /etc/skel)
If this is improper usage, then please guide me to how I should go about
doing this instead, as I have no idea what the smartest solution would
otherwise be.

Sorry for the long email, and thanks in advance for clarifying answers.

Best regards and all the best.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2B3%2BOvhLbx4ufgnJDgJPto6LztqACHbOQaFB7wYLh%3Df7RXEgeg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] What is my Core m7-6Y75 CPU Missing that prevents qubes 4 from installing?

2018-01-08 Thread 'awokd' via qubes-users
On Mon, January 8, 2018 4:01 am, cryptoph...@gmail.com wrote:


> I'm running an ORWL m7-480 ( https://orwl.org/ ) and the install reported
> that my CPU is not compatible (I forget the exact wording/reason).  My
> CPU info is below, and it does appear to have all the VTX-* etc tech
> needed?

Right after you boot 3.2, try running in dom0 "qubes-hcl-report". It will
give a bit more readable output.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ff49c64accd0772c35d95ef3d0c4e50.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow

2018-01-08 Thread Fabrizio Romano Genovese
No, my PC is a Dell XPS13, not a Latitude. But I have some news:

The booting problem is 100% dependent on being plugged or not. Precisely, I 
observed the following behaviors:

Booting plugged: Everything is normal, PC is fast. If I unplug it afterwards 
nothing really happens and performance stays the same.

Booting unplugged: FUBAR. Slow, unresponsive, battery draining over 9000. 
Plugging AC adapter in afterwards doesn't help at all.

Dunno if my intuition is the right one, but it may be that the booting process, 
when unplugged, triggers some sort of fucked up setting regarding power 
management that causes havoc. Note that, in my case, the only important factor 
to consider is if the AC adapter is plugged/unplugged AT BOOT. 
Connecting/disconnecting it afterwards has no effect whatsoever on performance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a089f789-47ea-493e-be0a-dc8630ed8897%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Buy laptop

2018-01-08 Thread leonardo . porpora2000
Sorry man, 
would you be so nice to tell me with which of these components is that laptop 
compatible HVMIOMMUSLATTPMXenKernel 
And could you let me know if it’s compatible with Qubes R 4.0
Thanks very much  
Leonardo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/76252cd0-444b-4fa6-805b-5d39af77723b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread taii...@gmx.com

On 01/07/2018 03:27 PM, Ivan Ivanov wrote:

Yes, hopefully one day we would see more leaks, that could help us to
truly get rid of ME ;)
Meanwhile, perhaps the only thing we could do is to stockpile those
few computer models
that are both coreboot (or libreboot) supported and without Intel ME / AMD PSP
Or you could just buy POWER 9/TALOS 2, have a libre high performance 
system right now and stop waiting for what will never happen (and would 
be immediately fixed if it did)


If you buy new Intel/AMD CPU's you are supporting future anti-feature 
development.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5136d332-4c56-cb68-9dd7-8ec5760fb192%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Buy laptop

2018-01-08 Thread taii...@gmx.com

Get the lenovo g505s, it supports coreboot with open source silicon init.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e8b1472-cf5a-a855-f760-2033fbd5d13f%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)

2018-01-08 Thread taii...@gmx.com

No it does not, this is simply disabling the option ROM and the PCI device.

PSP can't be disabled without massive AMD intervention as it is integral 
to the boot process and it inits the main CPU.


If you want a modern performance CPU without black box supervisor 
processors your choice is POWER/TALOS 2.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12d8c1fa-8f37-d5d0-b846-01a0c84452e0%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)

2018-01-08 Thread rysiek
Dnia Saturday, January 6, 2018 9:32:20 PM CET Sven Semmler pisze:
> On 12/15/2017 03:20 AM, kotot...@gmail.com wrote:
> > It does boot but the X server cannot start. Text installation did
> > not work.
> 
> Based on swami's post from 9/15/17 I suspect you need kernel 4.9 in
> dom0 ...
> 
> https://groups.google.com/d/msg/qubes-users/ZFZT7mQNeWY/xZ1AiCYOAwAJ

I can confirm that T470 won't work with stock R3.2 kernel. Just go for R4.0, 
works pretty well.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1585569.CqqnvMDoyJ%40lapuntu.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: This is a digitally signed message part.


Re: [qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)

2018-01-08 Thread 'Tom Zander' via qubes-users
On Monday, 8 January 2018 10:10:17 GMT qubestheb...@tutanota.com wrote:
> Hi.
> 
> https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option
> It's still yet not known whether this disabling is effective and whether
> it disables the PSP in its entirety.
> 
> But if it does, then that would make the most recent AMD processors one of
> the best choices for Qubes 4.x usage.

In context;

https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-2018-Vulnerability

https://www.phoronix.com/scan.php?page=news_item=Linux-Tip-Git-Disable-x86-PTI

So its an  up / down :)
* AMD is faster (no PTI)
* AMD has a remote code execution issue, at least until you can turn off PSA 
using a bios update.
* Bios updates are not much seen in the wild.

Time will tell.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3608826.gtipCf02p4%40mail.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade

2018-01-08 Thread rob_66
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Sat, 6 Jan 2018 18:15:21 -0600
Andrew David Wong  wrote:

> 
> Dear Qubes Community,
> 
> Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely
> apologize for our failure to provide timely notice of this event. 


Dear Qubes team and developers,

please don't apologize for your incognizable hard and
important work. ;)

Cheers,

rob
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJaU0npXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RDk5RjYwMjVBMjMwQTc0NjExNkJCOERD
NEZDQzQwQjUwMTY1NDg1AAoJEMT8xAtQFlSF9pIQAJcFYJlhDRulHcz+YGyFL5Kg
7gnOnsGcdSTjVJZ2pk1of+WhQHcx0xrdqxU5cnqxTyikXkeL4HPVL1wYtsCRpsZV
jX9IETx75AXulMMCgEvRKGnB78AacVpuagzq7co/O/BthstW1vnxunNgRMBYLVmM
XAYgf/JH+lfN7cARp6uW9OinXlHQg0MiU9MO+UboxZ5cpS8V5D6IWyLIxFG7sHO+
o+AHWg6Kk94ul/HawkvqPquEaC6FKdIjcoKIncqdpAzCEuMMwsowcEGx+ppvOeWJ
oywccLydz/Zsl3seZODws8wchl06BYgSusAuPGWQt7jn4w66GX+XRmm9y5VpSicy
vDa6JD+U0ski2Q1T5i7c7IuVCwQoiNwiRkDGqb1sSQTi5gPM3rj0U27h/G9nrD3S
SryOuTDbwZRXyLeJMqydldBbjSygAMj+durBbGLg99JoqIfYUqxAmwfPdy4csnjR
qVT2E9SA/11pDIUzWAIBe7wi75XFVxlKMa56eblMOPS1g1MQ/b+Q+OGeJKrI3N5s
rRdqvDBQMVDyX3Ko/vp3CDH92hCSCL1L8x9DNYiuK8OleC43HYCfmL92Svy6EDL4
wj1AFz9y35KJpQdyP+Cnd03b9EsF+ThnCRAS4z6j0sd2h1YNGET2faltm6DBes+l
317JxVdFj64VGKAyvsdH
=ZumN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p2vhhl%24kae%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread Ivan Ivanov
>
> > perhaps the only thing we could do is to stockpile those
> > few computer models that are both coreboot (or libreboot)
> > supported and without Intel ME / AMD PSP
>
> Any hints on which models come into consideration?
>

=== Already existing computers ===

Supported by coreboot or libreboot and preferably based on AMD cpu:
AMD added PSP backdoor later than the Intel added ME backdoor, so the
latest AMD without PSP is more powerful than the latest Intel without ME

LAPTOP - Lenovo G505S with A10-5750M quad core CPU

Also, maybe HP Pavilion M6 1035DX if you have a chance - but it is a rare model,
a bit worse than G505S both in hardware and freedom aspects ( for
G505S there is a
leaked schematics for its' LA-A091P motherboard, which improves the
repairability
as well as slightly raises its' "freedom" ; haven't heard about M6
1035DX schematics )
And nobody tried it for ages, so for the latest coreboot additional
work may be needed

WORKSTATION - something AMD based from libreboot list:
https://libreboot.org/docs/hardware/
ASUS KCMA-D8 , ASUS KFSN4-DRE , ASUS KGPE-D16
some of these boards could have issues with certain CPUs or memory modules,
you need to read the libreboot website and look through the mailing
list archives
to ensure the best hardware compatibility while building a PC on such a mobo

=== New modern computers ===

If we need a powerful modern computer that at least tries to be
free-as-in-freedom in software/hardware , and doesn't have Intel ME / AMD PSP ,
it must be POWER cpu based

WORKSTATION - TALOS II - https://raptorcs.com/TALOSII/
very powerful hardware from a great company, available for pre orders

LAPTOP - probably this one
https://www.powerpc-notebook.org/en/
Currently they are doing a crowdfunding for schematics:
https://www.powerpc-notebook.org/campaigns/electrical-schematics-notebook-powerpc-motherboard-donation-campaign/

TALOS II progress is more significant that laptop guys, but at least
they are trying

Best regards,
Ivan Ivanov

2018-01-08 5:54 GMT+03:00  :
>
>
> On 01/08/2018 03:27 AM, Ivan Ivanov wrote:
>>
>> perhaps the only thing we could do is to stockpile those
>> few computer models that are both coreboot (or libreboot)
>> supported and without Intel ME / AMD PSP
>>
> Any hints on which models come into consideration?
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/bqRSuU3T6MA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/a17865f5-f98a-6638-5787-66b897424e8b%40rbox.co.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAaskFBFXRHw18Q0zRvL-j5UR7249UaZw%2BoSj2Y_Zoz37dK97w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)

2018-01-08 Thread qubesthebest
Hi.

https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option
It's still yet not known whether this disabling is effective and whether it 
disables the PSP in its entirety.

But if it does, then that would make the most recent AMD processors one of the 
best choices for Qubes 4.x usage.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L2KEwEN--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: 4.0 rc3: fedora 26 minimal firewall issues

2018-01-08 Thread Kevin Martinsen
Resolved:
For what ever reason my template did not have the feature qubes-firewall set to 
1. Running the following command fixed it:

qvm-features "NETVM" qubes-firewall 1

Is this a bug?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9ee323a-4885-4e62-b8a4-acce27cfec7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: how to get the update proxy working again

2018-01-08 Thread 'Tom Zander' via qubes-users
On Monday, 8 January 2018 06:53:46 GMT khmartin...@gmail.com wrote:
> Is your new net vm different than "sys-net"? This caused me problems too.
> One solution is to rename the new net vm to "sys-net" or you can edit
> this file in dom0:
> 
> /etc/qubes-rpc/policy/qubes.UpdatesProxy
> 
> In that file there is a line that says target=sys-net.
> I changed it to the same name as my net vm.

That did the trick!
Thanks, I would never have found that...
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5511262.ciHnklDXiN%40mail.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes app menu keeps old templatevm entries.

2018-01-08 Thread bowabos
On Sunday, 7 January 2018 12:32:43 UTC, Tom Zander  wrote:
> On Saturday, 6 January 2018 23:19:54 GMT pixel fairy wrote:
> > The app menu, top left, keeps entries for old template VMs. is there a way
> > to get rid of them?
> 
> You find the data backing this in
> $HOME/.local/share/qubes-appmenus/
> 
> -- 
> Tom Zander
> Blog: https://zander.github.io
> Vlog: https://vimeo.com/channels/tomscryptochannel

On Qubes xfce 3.2 I had the entries in ~/.local/share/applications
and the directories in ~/.local/share/desktop-directories

not sure if it is the right place to clean up however...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bd8989a-41c6-4c65-8dcd-351980c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] bluetooth support in dom0

2018-01-08 Thread Rune Philosof
On Wednesday, March 12, 2014 at 4:40:16 PM UTC-6, danf...@gmail.com wrote:
> Any update regarding this?

I have chosen to do this, it is a terrible downgrade of security from a normal 
Qubes system, but I think it is better than the alternative of using Ubuntu.
In my case I am also not using the usb cube. Also, this is on a Qubes 4.0rc3 
system.

In a dom0 terminal:
```
qubes-dom0-update blueman
systemctl enable bluetooth
```

Then reboot the computer.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1d64dc0-6127-45f9-b6e7-00cac5db7261%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland

2018-01-08 Thread mba
Dear Qubes Community,

I am reaching out this way on the advise of Andrew David Wong (Axon), as I am 
in need of finding a part time "jack of all trades" IT person, who has 
knowledge of Qubes to an extent where he/she is able to implement this in a 
small office environment with a handful of users. There will also be other 
tasks, such as alarm system / video monitoring, networking, server etc. etc.

We envision this can be 50 - 100% workload (up to you) for a few weeks, after 
which we expect maybe 25% workload after that. All very flexible, BUT it is 
necessary that you are able to come and work from our office in Sihlbrug/Baar 
in Switzerland (just off the highway ... busstop 200 meters away).

Due to the nature of work, and given that we cannot offer a full time position, 
we would expect a young person who is studying or is an apprentice, who would 
like to have some additional challenges and earn some extra money. However, it 
could also be someone older who's in between jobs.

Important is knowledge/experience with Qubes, general IT/network and the 
ability to handle and solve challenges as well as being flexible, self-starter 
and work independently.

If you are interested, please send me your CV, which also must contain a recent 
photo, email and telephone number.

If you know of someone who could be interested, please let them know (or let me 
know).

I will be looking forward to hearing from you on the following e-mail address:

m...@corpconsult.info

Best regards
Mogens Berg Andersen
MBA Consulting GmbH

> On 2018-01-05 01:25, mba wrote:
>
>> Hi,
>>
>> In connection with my clients plan to secure our entire IT infrastructure, 
>> we are looking for a part-time and/or short term Qubes enthusiast who also 
>> have good knowledge of networking, as well as the ability to work with 
>> various hardware. It will be necessary to do all of the work from our office 
>> in Baar, Zug, Switzerland. We see this as an ideal opportunity for a 
>> knowledgeble and motivated individual, who maybe now is an apprentice / 
>> student / unemployed, who have spare time and the wish to earn some extra 
>> money. Working times will be very flexible and with a high degree of 
>> independence in terms of carrying out the tasks.
>>
>> I do realize that this here is not a job-centre, but was wondering if you 
>> have some inputs as to how to get in contact with such an individual? I am 
>> not myself at all skilled to the level needed, and Google searching as well 
>> as various fora's did also not provide any useful pointers, so I'm hoping 
>> you will be able to help me.
>>
>> I thank you in advance for any input you'll be able to provide, and please 
>> feel free to share the entire content of this mail, including the contact 
>> details below, as you see fit for the purpose.
>>
>> Best regards
>> Mogens Berg Andersen
>> MBA Consulting GmbH
>>
>>
>
> Hello,
>
> I suggest that you ask on our qubes-users mailing list:
>
> https://www.qubes-os.org/mailing-lists/#qubes-users
>
> -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L2JzaO0--3-0%40corpconsult.info.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Qubes freezing (hangs) always in less than 1 hour

2018-01-08 Thread bowabos
On Monday, 8 January 2018 00:59:29 UTC, Sameer Vao  wrote:
> >> If you haven't already, try running "sudo qubes-dom0-update" as soon as
> >> you get in to Qubes.
> 
> >Thank you awokd. I did but haven't solved it.
> >I'm thinking something limiting memory or CPU may be the way to solve it, 
> >but may be something else.
> >Any other ideas anybody?
> 
> After much search and trials last 5 days, still found nothing online to solve 
> this problem. Another notebook not an option for me at this time 
> unfortunately.
> 
> If I can't fix it I will have to install another linux distribution - but 
> that would be sad.  Anybody else have other ideas so I can keep qubes?  Thank 
> you  
>  

How many VM are you running? I suspect with your limitation sys-net, 
sys-firewall and one or two other VM is all you can reasonably do.

Is the system still unstable if you have only sys-net and sys-firewall up?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3daa2bd5-852b-4526-94f9-430cdf4d188b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.