Re: [qubes-users] How to deal with Yubikey ?

2018-01-22 Thread Kushal Das 
On Tue, Jan 23, 2018 at 12:17 PM, ThierryIT  wrote:
> Hello,
>
> I have today to deal with two problems:
>
> 1) I am using Yubikey to be authentified on some web site like Github ...
> 2) I am using Yubikey to stock my PGP keys and to use them with mainly my 
> emails (Thinderbird+Enigmail)
>
> What to do under Qubes to make this possible ?
> I have already sys-usb running.

On Qubes 4.0rc3, I just attach it to the vm as required, and use it.
No configuratino is required.

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzxJ%2B_c-gGf-cXgzXQB41qnKfQOV5b88CyEF8GYAVRYCA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes and Whonix now have next-generation Tor onion services!

2018-01-22 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

The Qubes and Whonix projects now have next-generation Tor onion
services [1] (a.k.a. "v3 onion services"), which provide several
security improvements [2] over v2 onion services:

Qubes:
http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion

Whonix:
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion

These services run alongside our existing ("v2") onion services:

Qubes:
http://qubesos4z6n4.onion

Whonix:
http://kk63ava6.onion

For instructions on accessing the new addresses and further details,
please see the Whonix announcement [3]. Our sincere thanks go to the
Whonix team, and especially fortasse, the Whonix server
administrator, for doing this.


[1] https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services
[2] https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions
[3] https://www.whonix.org/blog/whonix-new-v3-onion-address

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2018/01/23/qubes-whonix-next-gen-tor-onion-services/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpm44UACgkQ203TvDlQ
MDBlMg//T7lj6NCoy8YNNKDSjtkoe6WIcfdvoLFxQrIy+fmEJMQKTgKBb18kFxH4
Q67+iyL+hvhFOCb3ss98Xj2ogrRvv4VkPypPRmmMRx7dJChpCdBylRNtx0rPslw9
OUNHw3mj3frXjAbw4cOb2Tlsd8ANKDrQoFMaADKfenLCQnMzPpqMx4rt0Rw912Jn
+wShCF6RM0gyUFTiqxYrPgJn0RHvSUVKlWwFCUXWVnGmvdwRy7G5bqb6/a6RrV8p
CO3zXHM+/pclfK4ls61FyseYY2iIOLCqVid7Oez/BWqVS4ckmQWknK1juo2/Qzwm
exNCSF2+nzGfg9v15LiOKDP/35hiqvh04y1JPUf2WbivWGUfkOpNt1rvdSHa/wjH
f6y42Dqq5GYfcz9XGmehazKCI4/usXOpa+eH3Uar3hJD5AIe0f/3URe9LrdUgp68
bN0WLcu9ctpAXtufhbgf2KcPwhrsB9uBqG4fBgHl9YLRgppv8tiuteKosFuhDOGE
CpskV3izqmyLYIQ1P9u3wvM4/MZ652fBZKUD/4PNrEQuW8g6Nmv0dFD/KE2V/72G
TME+YKVSB8Rs8Q3dfgVLw5gnF5Z3p/0i0EfM0m5LuBF4ScFGAMAVnZ+Ax61ESNkD
1Bv0+xS3lpTHs05Qw/MY8ecSbcZTHPqF9a8jTUmc1CMJNm5EceI=
=cwtv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa0830d3-ee76-ae93-7cc8-83d920639078%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to deal with Yubikey ?

2018-01-22 Thread ThierryIT 
Hello,

I have today to deal with two problems:

1) I am using Yubikey to be authentified on some web site like Github ...
2) I am using Yubikey to stock my PGP keys and to use them with mainly my 
emails (Thinderbird+Enigmail)

What to do under Qubes to make this possible ?
I have already sys-usb running.

Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b46f0959-5bd4-46ce-8ef7-8e290d99c69b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.4 custom install

2018-01-22 Thread 'Xaver' via qubes-users 
I'm going to be switching over to Qubes 4.4 from 3.2 once its released and I 
have 2 questions about custom installation using thin pools.

1) First question is about creating a Swap partition. Would I create Swap as a 
thin pool?

sudo lvcreate -L 4G --thinpool -n swap qubes_dom0

Or a standard logical volume without thin provisioning

sudo lvcreate -L 4G -n swap qubes_dom0

2) Second question is about registering the thin pools. Do I do this during 
installation right after I create the thin pool? Or is registering the thin 
pool done after first boot?

qvm-pool --add pool_name lvm_thin -o 
volume_group=vg_name,thin_pool=thin_pool_name

Thanks in advance

Xaver

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/AjClQ80qRckWEHl8fXNvIoxVtuEKzLQoIJp4EvpgFWU5PuTi4wQALQ_PapmzmnsOBx4J5Rm-0gWEwBJdbxhahx_CmiNORPu2VmN7F9Elw8w%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recovery questions

2018-01-22 Thread donoban 
On 01/22/2018 05:54 PM, Brian LoBue wrote:
> Hi All,
> 
> I recently upgraded my Qubes machine to run fedora-25 from fedora-24 as
> the main template vm.  I switched all my application vms to use
> fedora-25 from fedora-24 in the VM manager. 
> 
> All was fine at this point. Then I decided to delete fedora-23 to
> reclaim some disk space. I followed the manual vm deletion instructions.
> Then things stopped working. Sys-net uses fedora-23 and the application
> vms give the error:
> 
> Error starting VM work: VM root image doesn't exist
> /var/lib/qubes/vm-templates/fedora-23/root.img
> 

Can't you set fedora-25 template?

Try: "qvm-prefs -s sys-net template fedora-25" on dom0 terminal


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f5a3fc8-a4aa-6467-974c-c1ec5af3d920%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Recovery questions

2018-01-22 Thread donoban 
On 01/22/2018 05:54 PM, Brian LoBue wrote:
> Hi All,
> 
> I recently upgraded my Qubes machine to run fedora-25 from fedora-24 as
> the main template vm.  I switched all my application vms to use
> fedora-25 from fedora-24 in the VM manager. 
> 
> All was fine at this point. Then I decided to delete fedora-23 to
> reclaim some disk space. I followed the manual vm deletion instructions.
> Then things stopped working. Sys-net uses fedora-23 and the application
> vms give the error:
> 
> Error starting VM work: VM root image doesn't exist
> /var/lib/qubes/vm-templates/fedora-23/root.img
> 

Can't you set fedora-25 template?

Try: "qvm-prefs -s sys-net template fedora-25" on dom0 terminal


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26c9ec13-2314-e414-6e3e-ac058c78b2fc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] qubes 4.0, fedora-26 template, intermittent trouble opening an appvms file manager

2018-01-22 Thread donoban 
On 01/22/2018 03:15 AM, pixel fairy wrote:
> qubes 4.0 rc3 fedora-26 template
> 
> running the file manager from a menu will always start an appvm if its not 
> running. but it wont always run the file manager. running terminal, or any 
> other apps always works. running nautilus from terminal always works too. 
> just not the file manager. but, sometimes, the file manager will work from 
> the menu. 
> 

Hi,

probably is this issue
https://github.com/QubesOS/qubes-issues/issues/2449

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/956f0633-bb12-47cc-fbcf-e269961ae2df%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: help, trying to make custom launchers

2018-01-22 Thread Yuraeitha 
On Monday, January 22, 2018 at 8:28:04 AM UTC+1, pixel fairy wrote:
> qubes 4.0rc3
> 
> Id like to make custom launchers for two purposes
> 
> 1. easily run apps from custom dispvms. using shell scripts for now.
> 
> 2. make alternate launchers with different icons. for example, the twitter 
> bird icon in a twitter app-vm. 
> 
> tried making desktop files in ~/.local/share/applications, but they dont show 
> up in menus. what else does one need to do?

Not sure if you know any of this already, but you might need to transfer some 
icons to dom0, like twitter icons that you mentioned. I don't think these can 
be found in dom0 by default, so you'll likely need to transfer them yourself. 
It's pretty straight forward to do, especially with tools like the whiskermenu, 
so you only need to transfer and then pick the icons in the whiskermenu 
settings. 

However just be mindful that images and icons carries security threat, though, 
the risk might be remote? I can't speak with certainty, but I believe exploits 
through icons are not too likely in this day and age, unless you got it from 
some dodgy website or something. But as said, I have no means to judge how big 
a security threat it really is, but my belief is right now, if the source is 
somewhat trustworthy, then the odds of risk are probably low.

Just don't transfer too much to dom0, the more you do it, the more you increase 
the risk of getting something bad into dom0. Even low odds for risk can build 
up over time if you compile them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a824029b-12fd-4f44-90bb-1a86b0271020%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: help, trying to make custom launchers

2018-01-22 Thread Yuraeitha 
On Monday, January 22, 2018 at 8:28:04 AM UTC+1, pixel fairy wrote:
> qubes 4.0rc3
> 
> Id like to make custom launchers for two purposes
> 
> 1. easily run apps from custom dispvms. using shell scripts for now.
> 
> 2. make alternate launchers with different icons. for example, the twitter 
> bird icon in a twitter app-vm. 
> 
> tried making desktop files in ~/.local/share/applications, but they dont show 
> up in menus. what else does one need to do?

There are many ways you can play with this, but a simple suggestion to pick 
from in addition to what [799] suggested, would be to use the hidden 
pre-installed XFCE4-Whiskermenu plugin, instead of the default menu that comes 
out of the box. Qubes 4 has the Whiskermenu installed by default, so you don't 
even need to install anything in dom0. Simply right click on the panel, go to 
add items, and find the Whiskermenu. You can add favourites to show in your 
main menu right by simple right clicking any menu icons, change size, change 
icons, change text, and so on. You can also change the Whiskermenu's own icon, 
which is pretty ugly with its default icon, but looks much better once you find 
a better icon for it. There are plenty of pre-installed icons to pick from too.

It's pretty awesome for a quick and dirty solution, although it's not perfect, 
but it solves many user desires. See further below regarding making specific 
entries. I'll mention keybinds first here.

You probably know this, but keybind your scripts is pretty useful too. It's 
even really easy to keybind scripts that are located inside VM's. Which will 
not only start the VM if its shutdown, it will also just execute normally if 
it's already running. 

Basic logic, keybind: 
1) qvm-run 'AppVM-name' app-name-to-execute-from-VM-/bin
2) qvm-run 'AppVM-name' specific 
/path-to-file-to-execute-like-for-example-AppImages-or-bin-executeables.
3) qvm-run 'AppVM-name' bash terminal-command-to-execute-in-AppVM
4) qvm-run 'AppVM-name' bash path-to-script-to-execute-in-AppVM.

You can keybind it with Systems Tools --> Keyboard --> Application Shortcuts 
tap --> "Add". 

For example I run all my most frequent used AppVM scripts, apps, virtual 
AppImages, and so on, this way. I use Ctrl+Shift+Alt + any fitting letter on 
keyboard, to minimize key conflicts, but same time making it easy to memorize. 
For example I use Ctrl+Shift+Alt to all my keybinds, so I never need to 
memorize otherwise, and M goes for music-player, while N goes to my note taking 
app, while E goes to e-mail, A is used to one of my frequent used scripts, and 
so on.
I also further keybinded System-Tools --> Screenshot, because it's different 
from the typical screenshot tool, allowing for region capturing, rather than 
just screenshot everything that the default one does. Like everything else 
here, both are already pre-installed in Qubes 4. (i.e. Ctrl+Shift+Alt+Z to the 
cmd xfce4-screenshooter).

Whatever the imagination allow for, I find the above approach highly useful.

You could also alternatively pick a menu entry which you will with certainty 
never use, and then just modify it by right clicking on it (you can do this in 
the Whiskermenu's), and then change not only the icon and icon-text to whatever 
you desire, but also the working path too. For example, the above keybind 
commands, you can put in here too. Like for example "qvm-run appVM-name 
path-or-app". If you want to run scripts this way, then use 'qvm-run appVM-name 
bash terminal-cmd". 

I never fully investigated how Qubes modifies XFCE in fedora to fit in the 
Qubes entries. But if I recall correctly, nothing you do in your home folder 
will work. You need to dig deeper into the system files for that.

Either way, hopefully you can use any of this to something.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca3a40f1-2c33-4b8f-8913-f3f8f1da08ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes 4.0, fedora-26 template, intermittent trouble opening an appvms file manager

2018-01-22 Thread cooloutac 
On Sunday, January 21, 2018 at 9:15:49 PM UTC-5, pixel fairy wrote:
> qubes 4.0 rc3 fedora-26 template
> 
> running the file manager from a menu will always start an appvm if its not 
> running. but it wont always run the file manager. running terminal, or any 
> other apps always works. running nautilus from terminal always works too. 
> just not the file manager. but, sometimes, the file manager will work from 
> the menu.

been a common problem for a while now on 3.2 as well.  have to click file 
manager again to get it to open.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb4580d5-2551-47ca-ba14-8ccb05b03c27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Looking for an approach to change the borderline between /dev/xvda and /dev/xvdb

2018-01-22 Thread Chris Laprise 

On 01/22/2018 04:36 PM, Yuraeitha wrote:

The purpose is to narrow down access to an AppVM based on /dev/xvdb, keeping 
more of the AppVM in the read-only /dev/xvda template partition.

For example, to make an AppVM which only preserves bookmarks in /dev/xvdb that 
normally keeps /rw /home and /usr files, where everything else is swept away 
upon restarting the AppVM. There are other use-cases than for bookmarks, 
whatever project one may have in mind.

For those who may need the reference, the Qubes partition read-only and 
write-access scheme is explained here 
https://www.qubes-os.org/doc/template-implementation/ Essentially the /dev/xvda 
is like the template, and /dev/xvdb is like the AppVM.

It may possibly be a bit difficult to split up the path to the firefox files, 
away from the remaining /home files, and further splitting up the firefox files 
to only preserve the bookmarks and not the remaining firefox files. This 
presumably complicates everything, however similar approaches can be seen with 
/dev/xvdc which holds any modified read-only /dev/xvda files, which are then 
discarded upon shutting down the AppVM. The other example is how the Whonix 
AppVM is handled, which only preserves a few things, like bookmarks, and erases 
everything else. However the Whonix approach while similar, is fundamentally 
different too, since this process is being handled inside the VM, and not 
outside the VM.

So the question is, can the borderline between which Linux paths are saved in 
the read-only partition /dev/xvda and the write-access to /dev/xvdb, be changed 
in any specific pre-installed template? And further, can everything be moved 
back to /dev/xvda, without removing firefox folder from the /dev/xvdb, or 
better yet, only allowing edits to the bookmarks directory only while keeping 
the remaining firefox folder in /dev/xvda?

Whould splitting of files here require using a similar approach like the one 
used with /dev/xvda and /dev/xvdc for system-files? Can this be done with 
current means in Qubes?

Ideas or suggestions on if this is feasible or maybe even undesirable for any 
unseen reason?



I have two ideas:

1. Change the mountpoint handling for xvdb in 
/usr/lib/qubes/init/setup-rw.sh. Obviously, this would be a custom patch 
for your own installation.


2. Use a private-filesystem guard like the one I made at
https://github.com/tasket/Qubes-VM-hardening/tree/systemd

The latter gives you the ability to have everything in /rw wiped with 
the exception of a whitelist that you specify. This is handled at boot 
time just before the normal /rw mount process. It is tested with 
debian-9 template on R3.2, current state is beta.



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc3ee414-bcaa-191e-2a9a-93ccab11d275%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R4.0 on T470, Suspend-to-RAM issues

2018-01-22 Thread Chris Laprise 

On 01/22/2018 04:42 PM, rysiek wrote:

Hey all,

R4.0 rc3 used to work pretty well, but with recent updates (yes, I have
testing repos enabled), I started having some serious issues around Suspend-
to-RAM:


1. Suspend-to-RAM does not work reliably

When trying to suspend for the first time after a full reboot, the screen goes
blank for a few seconds and then immediately I am greeted with the lock
screen. The system does not suspend at all.

After unlocking the screen and trying again, system suspends to RAM, but after
wake-up the screen is *not* locked.


This happens on other systems with R4, too. But I think the reliability 
has gone up since rc1, especially if you switch to kernel 4.14.13.


Also, try adding your wifi drivers to 
/rw/config/suspend-module-blacklist. In my case the drivers are 
'iwlwifi' and 'iwldvm'.





2. No networking after suspend

After suspend-to-RAM (even unsuccessful, like the first scenario described
above), the system completely loses networking; sys-net becomes unresponsive
(and with it, the NetworkManager applet), restarting it does not seem to work,
it is also impossible to start a terminal in sys-net.


See above, especially the blacklist tip.



3. USB mouse becomes unusable

After suspend-to-RAM (again, including the first scenario from the top of this
e-mail), the USB mouse becomes unusable, as if the system was not aware it is
plugged in. Unplugging it and plugging it back in does not solve the issue.


If you're using sys-usb, the same issues that apply to network cards 
(above) may apply to USB.





The only way to fix these is to reboot the machine.


That used to be the case for me. Since updating dom0 and templates with 
the Qubes testing repositories, I am at least able to kill sys-net and 
restart it in a working state. Of course, its wise to backup before 
trying out updates from 'testing' in case your system doesn't work with 
them.



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15b1b1f4-d61b-834a-fce7-2049afdc630b%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R4.0 on T470, Suspend-to-RAM issues

2018-01-22 Thread Yuraeitha 
On Monday, January 22, 2018 at 10:43:13 PM UTC+1, rysiek wrote:
> Hey all,
> 
> R4.0 rc3 used to work pretty well, but with recent updates (yes, I have 
> testing repos enabled), I started having some serious issues around Suspend-
> to-RAM:
> 
> 
> 1. Suspend-to-RAM does not work reliably
> 
> When trying to suspend for the first time after a full reboot, the screen 
> goes 
> blank for a few seconds and then immediately I am greeted with the lock 
> screen. The system does not suspend at all.
> 
> After unlocking the screen and trying again, system suspends to RAM, but 
> after 
> wake-up the screen is *not* locked.
> 
> 
> 2. No networking after suspend
> 
> After suspend-to-RAM (even unsuccessful, like the first scenario described 
> above), the system completely loses networking; sys-net becomes unresponsive 
> (and with it, the NetworkManager applet), restarting it does not seem to 
> work, 
> it is also impossible to start a terminal in sys-net.
> 
> 
> 3. USB mouse becomes unusable
> 
> After suspend-to-RAM (again, including the first scenario from the top of 
> this 
> e-mail), the USB mouse becomes unusable, as if the system was not aware it is 
> plugged in. Unplugging it and plugging it back in does not solve the issue.
> 
> 
> The only way to fix these is to reboot the machine.
> 
> 
> I am happy waiting for rc4 and I assume these are some temporary issues 
> related to the current state of R4.0 pre-rc4, but thought it might be useful 
> to put them out there.
> 
> Perhaps someone else has seen such issues? Perhaps there is something I could 
> do to debug them?
> 
> -- 
> Pozdrawiam,
> Michał "rysiek" Woźniak
> 
> Zmieniam klucz GPG :: http://rys.io/pl/147
> GPG Key Transition :: http://rys.io/en/147

I used to have this issue, but in all black-irony recent updates some weeks ago 
fixed it for me, I no longer have this issue. However my issue started multiple 
of months ago (also Qubes 4). Your issue description sounds like a downright 
exact copy of the experience I had, I'm pretty sure it's the same thing you 
have now, that I used to have.

I don't think re-installing with RC-3 or RC-4 will work if you don't know 
exactly which update is messing up your system and thereby which update to 
avoid, you might end up just getting the issue again on your new install. Also 
current updated RC-3 is almost identical to RC-4, but it remains to be seen 
whether the Qubes staff recommends us to re-install or just update existing 
systems. 

But the good news (I think) is because it's likely a driver fault, or 
semi-driver fault, then it's likely just the kernel itself that is messing with 
your system. Since you update fully to current-testing, you must have installed 
the newly released 4.14.13 kernel, up from the previous 4.9.x kernel. As to my 
limited knowledge on this area, kernels should hold essential drivers that most 
systems require to function, while the kernel-module holds additional drivers 
which you can opt-in or opt-out from by installing or not installing this 
package. Dom0 doesn't install kernel-modules by default (my understanding is 
that VM's have kernel-modules, since the intention is to have VM's handle extra 
unique hardware). In other words, your issue is likely with just the kernel 
itself, since your dom0 doesn't have a kernel-module.

Do you have experience with how to change which kernel is being booted? If you 
do, then this should be pretty straight forward to test a different kernel.

It may sound redundant, but I recommend you make a backup of all your Qubes, 
just in case something goes wrong. As the saying goes, whatever can go wrong, 
will eventually go wrong.

It's also possible that its instead a fault in how a system talks to the kernel 
drivers, rather than the driver itself (details here is definitely outside my 
area of knowledge). But I think it's pretty safe to assume, that the 
driver-fault is at least partly the reason, if not the full reason. But that's 
just me postulating, and someone more knowledgeable than I may drop by with a 
better answer too.

Either way, perhaps try switch to the previous dom0 kernel and see if it helps? 
If it does not help, then you narrowed down the possible issue. If it helps, 
then I recommend that you change how many kernels are being saved, before the 
system deletes the oldest kernels during update. By default the system keeps 
the last 3 installed kernels, including the current kernel. You can expand it 
to 5 or even 10 kernels, for as long as you have free disk space. If you use a 
specific partition for /boot, then you may want to check if it has enough disk 
space too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit

[qubes-users] R4.0 on T470, Suspend-to-RAM issues

2018-01-22 Thread rysiek 
Hey all,

R4.0 rc3 used to work pretty well, but with recent updates (yes, I have 
testing repos enabled), I started having some serious issues around Suspend-
to-RAM:


1. Suspend-to-RAM does not work reliably

When trying to suspend for the first time after a full reboot, the screen goes 
blank for a few seconds and then immediately I am greeted with the lock 
screen. The system does not suspend at all.

After unlocking the screen and trying again, system suspends to RAM, but after 
wake-up the screen is *not* locked.


2. No networking after suspend

After suspend-to-RAM (even unsuccessful, like the first scenario described 
above), the system completely loses networking; sys-net becomes unresponsive 
(and with it, the NetworkManager applet), restarting it does not seem to work, 
it is also impossible to start a terminal in sys-net.


3. USB mouse becomes unusable

After suspend-to-RAM (again, including the first scenario from the top of this 
e-mail), the USB mouse becomes unusable, as if the system was not aware it is 
plugged in. Unplugging it and plugging it back in does not solve the issue.


The only way to fix these is to reboot the machine.


I am happy waiting for rc4 and I assume these are some temporary issues 
related to the current state of R4.0 pre-rc4, but thought it might be useful 
to put them out there.

Perhaps someone else has seen such issues? Perhaps there is something I could 
do to debug them?

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5814775.Jzv2KBC6MB%40lapuntu.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: This is a digitally signed message part.

[qubes-users] Looking for an approach to change the borderline between /dev/xvda and /dev/xvdb

2018-01-22 Thread Yuraeitha 
The purpose is to narrow down access to an AppVM based on /dev/xvdb, keeping 
more of the AppVM in the read-only /dev/xvda template partition. 

For example, to make an AppVM which only preserves bookmarks in /dev/xvdb that 
normally keeps /rw /home and /usr files, where everything else is swept away 
upon restarting the AppVM. There are other use-cases than for bookmarks, 
whatever project one may have in mind.

For those who may need the reference, the Qubes partition read-only and 
write-access scheme is explained here 
https://www.qubes-os.org/doc/template-implementation/ Essentially the /dev/xvda 
is like the template, and /dev/xvdb is like the AppVM.

It may possibly be a bit difficult to split up the path to the firefox files, 
away from the remaining /home files, and further splitting up the firefox files 
to only preserve the bookmarks and not the remaining firefox files. This 
presumably complicates everything, however similar approaches can be seen with 
/dev/xvdc which holds any modified read-only /dev/xvda files, which are then 
discarded upon shutting down the AppVM. The other example is how the Whonix 
AppVM is handled, which only preserves a few things, like bookmarks, and erases 
everything else. However the Whonix approach while similar, is fundamentally 
different too, since this process is being handled inside the VM, and not 
outside the VM.

So the question is, can the borderline between which Linux paths are saved in 
the read-only partition /dev/xvda and the write-access to /dev/xvdb, be changed 
in any specific pre-installed template? And further, can everything be moved 
back to /dev/xvda, without removing firefox folder from the /dev/xvdb, or 
better yet, only allowing edits to the bookmarks directory only while keeping 
the remaining firefox folder in /dev/xvda?

Whould splitting of files here require using a similar approach like the one 
used with /dev/xvda and /dev/xvdc for system-files? Can this be done with 
current means in Qubes?

Ideas or suggestions on if this is feasible or maybe even undesirable for any 
unseen reason?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d1cd503-364a-4658-87cd-a4872b7dbed6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how to install new template and appvm?

2018-01-22 Thread Chris Laprise 

On 01/22/2018 02:01 PM, 'awokd' via qubes-users wrote:

On Mon, January 22, 2018 5:17 pm, jerr...@disroot.org wrote:

what is the command to install whonix-ws and anon-whonix? the full
specific command


"sudo qubes-dom0-update qubes-template-whonix-ws" for the ws template. Not
sure there's a documented process for creating anon-whonix under 4.0 but
check their website. You'd want to create a disposable VM based on the
whonix-ws template.



It used to be that you used --enablerepo=templates-community with that 
command to install Whonix. Now the procedure uses 'qubesctl' as seen here:


https://www.qubes-os.org/doc/whonix/install/


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c766b6f-a11f-9024-eedd-b1db7f4db53e%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] blanking screen with dpms off induces locking - how to disable?

2018-01-22 Thread 'awokd' via qubes-users 
On Mon, January 22, 2018 2:56 pm, 'Guillaume Bertin' via qubes-users wrote:
> Hi,
>
>
> I'd like to blank my screen (with dpms off) without having to enter a
> password if I want to use it shortly after.
>
> After several tries with xscreensaver configuration on qubes and Debian
> without qubes, I discovered that whatever the configuration of
> xscreensaver is, a dpms off locks the screen on qubes.
>
> A simple "xset dpms force off" demonstrates it.
>
>
> How can I disable it?
>
>
> My ideal configuration for my standalone home computer would be "dpms
> after 10 minutes" and "lock after 120 minutes".

I'd like to know this too. Even if I try to interrupt it while it's still
doing the screen fade, it ignores me and continues to lock. Kind of
annoying.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa1823851d1887b22c93655387e1fef5.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how to install new template and appvm?

2018-01-22 Thread 'awokd' via qubes-users 
On Mon, January 22, 2018 5:17 pm, jerr...@disroot.org wrote:
> what is the command to install whonix-ws and anon-whonix? the full
> specific command

"sudo qubes-dom0-update qubes-template-whonix-ws" for the ws template. Not
sure there's a documented process for creating anon-whonix under 4.0 but
check their website. You'd want to create a disposable VM based on the
whonix-ws template.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92cfc0849f45403ab12d64d352cccec3.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recovery questions

2018-01-22 Thread 'awokd' via qubes-users 
On Mon, January 22, 2018 4:54 pm, Brian LoBue wrote:

> Error starting VM work: VM root image doesn't exist
> /var/lib/qubes/vm-templates/fedora-23/root.img


> Is there a way to reinstall fedora-23 and get sys-net and my app vms to
> work again?

I'm not aware of a way to reinstall just the fedora-23 template from the
install image.

> If not and I need to reinstall that's fine. I just need a few files from
> some app vms.
>
> I found this method to copy from vms to dom0 so I could backup files
>
>
> https://www.qubes-os.org/doc/copy-from-dom0/

Unfortunately, you'd need to be able to start the appvms to use this method.

> Where are the app vm files stored? Are the files available from dom0 with
>  the VM not running?

If possible, suggest you run a backup of the VMs with the GUI interface
instead of trying to access the files directly. You'd need to attach
another drive accessible to dom0 temporarily to backup to. If you go this
route, make sure to disconnect it prior to the reinstall so the installer
doesn't mess with it, then reconnect when done and restore.

The actual VM .img files are under /var/lib/qubes/appvms. You could copy
out those appvms' .img files directly to your backup drive, then mount
them from within a VM after a reinstall but again, make sure to disconnect
your backup drive for the install. Might not be a bad idea to copy these
over directly in addition to the backup, in case the backup/restore
process gets confused by missing templates.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74761911a80dff5705f064f561ea75e5.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: "Qubes Air: Generalizing the Qubes Architecture" by Joanna Rutkowska

2018-01-22 Thread Alex Dubois 
On Monday, 22 January 2018 15:35:47 UTC, Andrew David Wong  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear Qubes Community,
> 
> Joanna Rutkowska has just published a new article titled "Qubes Air:
> Generalizing the Qubes Architecture." The article is available both on
> Joanna's blog:
> 
> https://blog.invisiblethings.org/2018/01/22/qubes-air.html
> 
> And on the Qubes website:
> 
> https://www.qubes-os.org/news/2018/01/22/qubes-air/
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpmBMEACgkQ203TvDlQ
> MDC02A//Qjy5eAxiUSY6ZOlTQ6zDlilXtBTbSH4ig3Wa1DL9Jg3vHnR955LP9snP
> 40ZEIIc+cACis25g61SySbzkZUHXKW1cqfQCv/mjQAApWlFxQexIhX5WpS/u8RKB
> PhNdgQVH+JYPOQZCidFAdkeSnBM+XFyxflPaCE1j1zisnTliH/Lwdl6xxEVht4nb
> XglIZZz6D6PEQIouvM3qdsqi9DUY7Nc6AC5cLsI5NbVAcYtIVILxiSlxAM2OM/SL
> k7rIoLnFGmgdmMJl5pInzy/b/SJvNmy70HjKRfg5y+EP9Wm024WaZQStacWmSfWa
> x//plXVY/AuRWycyEtWLEdIhWNw4ZBV2CGkw72IxIN2SmJ+IfDA4N0fO81WZBJxo
> gdH4Y/fkKZyUJ1/cKfttwt6jU8AOx8MZwmoh1tMjZbXuVPOoGgqBR0aXPAzAUcE2
> 5IpviczQZ0Ng9ZHyITZthiUO08nyqqJS8AH9UU4e2uDDq53TCXQa8pNzqgWtipY7
> BkGwNY+PZaf3dAfYgEyAh+IFnHRI6e38Ej0pysHSGM386B4n19tmhEf9zLjXc+oU
> 2KUQJjOTp4ISfqNDYe3HpYsMR3RrqMWyMt3h4zG1gKPLhxAjAfdzVRq+Z0sBtJya
> 2begkIa7u91kJlta2/T4N6E2bqpe9tdAzsy/StqRBnnjIsRjYlE=
> =y84I
> -END PGP SIGNATURE-

As always fantastic article and work by your team.

One point about the RDP security concerns... You could have (if 2 zones and 4 
VM in each):
2x4x AppVM --> 2x4x CouldGUI+RDPd > 2x4x RDPc+DesktopGUI --> 1 QubesGUI

--> local fast secure UI
---> compressed stream (RDP or other)

You could possible have 2x RDPc+DesktopGUI (one per zone if this is your 
security/performance model).

One point about Application as a service: I agree about browser isolation not 
being able to secure users (and certainly not able to manage privacy).
Let's just ignore user isolation in Office265 ;-)

Looking forward to what will come out. Devil is in the details.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77558918-6b13-4c73-ad70-867511df8699%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] fedora 26 minimal template questions + request for R3.2 info/testing

2018-01-22 Thread mossy-nw 
Hello,

I noticed for Qubes R4.0 the package `qubes-usb-proxy` must be installed
in the fedora-26-minimal to serve as template for sys-usb (and in any
destination usb proxy domain, e.g. sys-net if using a usb ethernet
adapter).  I've added the relevant pull request to Qubes 4.0 section of
the minimal template docs --
https://www.qubes-os.org/doc/templates/fedora-minimal/

but the question is, is this true for fedora-26-minimal template in
Qubes 3.2 as well?  If so, is the package `qubes-input-proxy-sender`
also no longer relevant for Qubes 3.2?  I'll amend the docs accordingly.

Thanks!

-m0ssy



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9fce4b6d-b0f3-bf66-69bf-e713078a0946%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to install new template and appvm?

2018-01-22 Thread jerry57 
what is the command to install whonix-ws and anon-whonix?
the full specific command

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf48073e9ece87b4b45dbeed5283bb50%40disroot.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Recovery questions

2018-01-22 Thread Brian LoBue 
Hi All,

I recently upgraded my Qubes machine to run fedora-25 from fedora-24 as the
main template vm.  I switched all my application vms to use fedora-25 from
fedora-24 in the VM manager.

All was fine at this point. Then I decided to delete fedora-23 to reclaim
some disk space. I followed the manual vm deletion instructions. Then
things stopped working. Sys-net uses fedora-23 and the application vms give
the error:

Error starting VM work: VM root image doesn't exist
/var/lib/qubes/vm-templates/fedora-23/root.img

So I realize this is a user screw up by me. So if you can get over that I
have some questions.

Is there a way to reinstall fedora-23 and get sys-net and my app vms to
work again?

If not and I need to reinstall that's fine. I just need a few files from
some app vms.

I found this method to copy from vms to dom0 so I could backup files

https://www.qubes-os.org/doc/copy-from-dom0/

Where are the app vm files stored? Are the files available from dom0 with
the VM not running?

Thanks in Advance,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACvEiADGF6U%3DW%2BxhnZPYhE0LPbLkx3Atnim-RneORanqqT8W8Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] "Qubes Air: Generalizing the Qubes Architecture" by Joanna Rutkowska

2018-01-22 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

Joanna Rutkowska has just published a new article titled "Qubes Air:
Generalizing the Qubes Architecture." The article is available both on
Joanna's blog:

https://blog.invisiblethings.org/2018/01/22/qubes-air.html

And on the Qubes website:

https://www.qubes-os.org/news/2018/01/22/qubes-air/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpmBMEACgkQ203TvDlQ
MDC02A//Qjy5eAxiUSY6ZOlTQ6zDlilXtBTbSH4ig3Wa1DL9Jg3vHnR955LP9snP
40ZEIIc+cACis25g61SySbzkZUHXKW1cqfQCv/mjQAApWlFxQexIhX5WpS/u8RKB
PhNdgQVH+JYPOQZCidFAdkeSnBM+XFyxflPaCE1j1zisnTliH/Lwdl6xxEVht4nb
XglIZZz6D6PEQIouvM3qdsqi9DUY7Nc6AC5cLsI5NbVAcYtIVILxiSlxAM2OM/SL
k7rIoLnFGmgdmMJl5pInzy/b/SJvNmy70HjKRfg5y+EP9Wm024WaZQStacWmSfWa
x//plXVY/AuRWycyEtWLEdIhWNw4ZBV2CGkw72IxIN2SmJ+IfDA4N0fO81WZBJxo
gdH4Y/fkKZyUJ1/cKfttwt6jU8AOx8MZwmoh1tMjZbXuVPOoGgqBR0aXPAzAUcE2
5IpviczQZ0Ng9ZHyITZthiUO08nyqqJS8AH9UU4e2uDDq53TCXQa8pNzqgWtipY7
BkGwNY+PZaf3dAfYgEyAh+IFnHRI6e38Ej0pysHSGM386B4n19tmhEf9zLjXc+oU
2KUQJjOTp4ISfqNDYe3HpYsMR3RrqMWyMt3h4zG1gKPLhxAjAfdzVRq+Z0sBtJya
2begkIa7u91kJlta2/T4N6E2bqpe9tdAzsy/StqRBnnjIsRjYlE=
=y84I
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ae96597-e8a1-b07d-96c2-610d4cf57a55%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] blanking screen with dpms off induces locking - how to disable?

2018-01-22 Thread 'Guillaume Bertin' via qubes-users 
Hi,

I'd like to blank my screen (with dpms off) without having to enter a password 
if I want to use it shortly after.

After several tries with xscreensaver configuration on qubes and Debian without 
qubes, I discovered that whatever the configuration of xscreensaver is, a dpms 
off locks the screen on qubes.

A simple "xset dpms force off" demonstrates it.

How can I disable it?

My ideal configuration for my standalone home computer would be "dpms after 10 
minutes" and "lock after 120 minutes".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/wHcEjQAUpcb7AgEiNhLJHYW_045HVgP5z2Q0-Z_tfVNY_v4bXAWW6I7Z3AaHBWMfbREg98DSwOmgiB2j2Cz1QzgL5FIuZS1kQVGKFj2jo2g%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes 4.0, fedora-26 template, intermittent trouble opening an appvms file manager

2018-01-22 Thread Krišjānis Gross 
On Monday, 22 January 2018 02:15:49 UTC, pixel fairy  wrote:
> qubes 4.0 rc3 fedora-26 template
> 
> running the file manager from a menu will always start an appvm if its not 
> running. but it wont always run the file manager. running terminal, or any 
> other apps always works. running nautilus from terminal always works too. 
> just not the file manager. but, sometimes, the file manager will work from 
> the menu.

I have noticed the same behavior on 3.2.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b36dcbaf-3ddd-4278-821e-620a500673e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] Qubes Controller as the new Qubes-Manager

2018-01-22 Thread aaq via qubes-users 
Den lørdag den 6. januar 2018 kl. 12.27.18 UTC+1 skrev Tom Zander:
> On Saturday, 6 January 2018 00:11:43 GMT Franz wrote:
> > I would add some way to make some order in the
> > applVM list, so that a standard view may show only the most commonly used
> > VMs, while rarely used VMs are hidden and shown only clicking a button. To
> > do that, there should be a flag to differentiate the visibility of VMs.
> 
> I made a start with this based on my own usage; See the attached 
> screenshots.
> Going from screenshot1 (showing all my qubes) to 5 by removing ones based 
> on;
> * being templates for disposable VMs. (you likely never want to start them 
> after initial configuration).
> * being a "network" VM.
> * Being a template.
> * Being halted.
> 
> Naturally you can combine those settings in any way you want to show the 
> subsection of qubes you use.
> I expect that I''l end up using the settings as "snapshot4" shows it most of 
> the time.
>  
> > This may be helpful also in a corporate environment when an administrator
> > can decide which VMs should be shown and which should be hidden.
> 
> This is a great idea, I recall that root added tags in 4.0. I have not tried 
> them yet, but it sounds like a good fit.
> 
> Thanks for the ideas!
> 
> -- 
> Tom Zander
> Blog: https://zander.github.io
> Vlog: https://vimeo.com/channels/tomscryptochannel

This is amazing though, good job Tom!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3945ab58-c37a-47ec-afb5-066137bccca6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] No network (HELP)

2018-01-22 Thread aaq via qubes-users 
Den fredag den 19. januar 2018 kl. 16.39.31 UTC+1 skrev Marek 
Marczykowski-Górecki:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Fri, Jan 19, 2018 at 06:53:55AM -0800, aaq via qubes-users wrote:
> > Den fredag den 19. januar 2018 kl. 15.48.08 UTC+1 skrev a...@it-minds.dk:
> > > Which setting exactly disables dynamic memory allocation, because I can't 
> > > seem to figure it out. If I set maxmem to 0, will it disable it?
> > > 
> > > The GUI is broken. It comes up with an error if I try to start it, no 
> > > matter how I try to start it. It complains about a bug, but that isn't 
> > > really important right now.
> 
> It's a bit obscure, see qvm-service. "meminfo-writer" service is
> responsible for memory balancing. But it should be already in "off"
> state for sys-net.
> 
> > I set the maxmem to 1 (cannot set it to 0) and initial mem to 800.
> 
> This is maximum memory size in MB. Setting it to 1 doesn't sounds like a
> good idea, but... for VMs with PCI devices it is ignored and "memory"
> property is used instead (because of Xen limitation, namely
> populate-on-demand being incompatible with PCI-passthrough).
> 
> 400MB should be enough for sys-net, in some cases even lower number
> should suffice.
> 
> > sys-net starts now.
> > 
> > I am updating my system now, hopefully this will disappear on its own.
> 
> There were a bunch of fixes yesterday (late) evening, including one for
> qmemman, and GUI stuff. Make sure you have:
> 
> qubes-core-dom0 4.0.18
> qubes-core-admin-client 4.0.13
> qubes-manager 4.0.11
> qubes-dbus 1.0.4
> 
> Specifically qmemman was broken in qubes-core-dom0 in 4.0.16 and 4.0.17.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> 
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlpiEQ4ACgkQ24/THMrX
> 1ywPywf/Tl8SsGq0NQ5zQC2uiMIWrkEipbRj0hMkeeqIIQQpgzn101bDlLgoud+w
> JzbBUfRqA1tO2KUWhOG0XRcuUiRQszOhR95p13hMsoEm4Nnxu0chFietPe7aOQZx
> sMQqr3BjHkJxtYh780F6reke9Ec0fvkxANnKC4J53YocEQSIGtqX7GSUuxdEYM0K
> T02DpNJJseocFO6s2G8aTqQpTiorl+mWVvdL8PjzlJ7XOduLVtHna3sZL5LrbP18
> 3SsTWZQ5bhRfk/3Elt0t26UYe+Aeyeyxric/HCbe7nmWqxrNqqnZkjpNXkFZi+9F
> oDHvHUm5N834oxlidhG2gGwr0u2bCw==
> =w6SK
> -END PGP SIGNATURE-

Thanks again!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82a29f20-68c9-4ee8-b942-f0c1ecc1fd0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.