[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please reference

[yrebstv]

I did   qvm-start win7 --install-windows-tools
--custom-config=/tmp/win7.conf

then 

qvm-start win7worked fine  , but  .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db05e6236baae988e2f05a09a78601e7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please reference

[yrebstv]

btw,  what behaviour do I expect if windows-tools are probably
installed?  I've no idea,  e.g. how does one increase the screen size 
or is there a plain english version of what windows-tool does ?

probably another newb question

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/194c748075aad35e3c3b137c58e70339%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to deal with Yubikey ?

[ThierryIT]

Le jeudi 1 février 2018 18:01:21 UTC+2, awokd a écrit :
> On Thu, February 1, 2018 3:46 pm, ThierryIT wrote:
> > What am I doing wrong ?
> >
> >
> > I have a Yubikey4 U2F + CCID.
> > Not detected with "qvm-block"
> > Detected as sys-usb:4-2 by dom0 (qvm-usb).
> >
> >
> > I have tried:
> >
> >
> > - qvm-device usb attach vm_name sys-usb:4-2  (device attached failed)
> > - qvm-device block attach vm_name sys-usb:4-2 (backend vm 'sys-usb'
> > doesn't expose device 4-2)
> 
> Another poster said these aren't block devices, so don't try to use those
> commands on it.
> 
> "qvm-device usb attach vm_name sys-usb:4-2" should work. What does
> "qvm-usb attach vm_name sys-usb:4-2" do?
> 
> If it's the same error, did you install qubes-usb-proxy in your templates?
> See https://www.qubes-os.org/doc/usb/.

I have installed "qubes-usb-proxy" on my StandaloneVM.
-> qvm-usb l : sys-usb:4-2 Yubico_Yubikey_4_U2F+CCID

-> qvm-device usb attach vm-name sys-usb:4-2 : Device attach failed: No device 
info received, connection failed, check backend side for details
-> same things

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c68b7b91-d055-4baf-9a0f-0c86f98c5163%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please reference

[yrebstv]

nevermind .

:)

seems to be up and running with cirrus driver
https://support.hidemyass.com/hc/en-us/articles/202723596-How-to-disable-Driver-Signing-check-on-Windows

re:bcedit 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99954a6502842b7ab7dfacd73d2e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes R4.0rc4 - qvm-create's option --root-copy-from -> qubesd protocol error

[brendan . hoar]

Mea culpa and apologies to all: the properties for "--class" or "--c" are case 
sensitive.

Substituting 'StandaloneVM' for 'standalonevm' fixed the problem.

Thanks,
Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82af27d5-44fb-40f2-9e21-dee29b4f320b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes R4.0rc4 - qvm-create's option --root-copy-from -> qubesd protocol error

[brendan . hoar]

Hi folks,

Installed Qubes R4.0rc3, updated dom0/templates. Added the testing repository, 
updated dom0/templates so I am now at R4.0rc4 (qubes manager returns, huzzah!).

The problem is that I am trying to import a raw root.img file (converted from 
vmdk using qemu tools) while creating a new StandaloneVM from microsoft's Edge 
on Win10 OVA file for browser testing.

I am receiving an error in qubesd when calling qvm-create in dom0.

I invoke (with or without the --property kernel='' option):
sudo qvm-create win10 --class standalone --property kernel='' --root-copy-from 
/home/qubes-user/root.img --label green

The error is:
app: Error creating VM: Got empty response from qubesd. See journalctl in dom0 
for details.

I ran journalctl -r and this is the head (of the tail, so reverse order, looks 
like the important bit is 'protocol error'):
Feb 02 00:39:45 dom0 kernel: audit: type=1104 audit(1517549985.662:245): 
pid=28073 uid=0 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix 
acct="root" exe="/usr/bin/sudo" hostna
me=? addr=? terminal=/dev/pts/0 res=success'
Feb 02 00:39:45 dom0 kernel: audit: type=1106 audit(1517549985.661:244): 
pid=28073 uid=0 auid=1000 ses=2 msg='op=PAM:session_close 
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam
_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? 
terminal=/dev/pts/0 res=success'
Feb 02 00:39:45 dom0 audit[28073]: CRED_DISP pid=28073 uid=0 auid=1000 ses=2 
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" 
hostname=? addr=? terminal=/dev/pt
s/0 res=success'
Feb 02 00:39:45 dom0 audit[28073]: USER_END pid=28073 uid=0 auid=1000 ses=2 
msg='op=PAM:session_close 
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix 
acct="root"
 exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Feb 02 00:39:45 dom0 sudo[28073]: pam_unix(sudo:session): session closed for 
user root
Feb 02 00:39:45 dom0 qubesd[11075]: protocol error for call 
b'admin.vm.Create.standalonevm'+b'' (b'dom0' → b'dom0') with payload of 22 bytes
Feb 02 00:39:45 dom0 sudo[28073]: pam_unix(sudo:session): session opened for 
user root by (uid=0)
Feb 02 00:39:45 dom0 kernel: audit: type=1105 audit(1517549985.520:243): 
pid=28073 uid=0 auid=1000 ses=2 msg='op=PAM:session_open 
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_
systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? 
terminal=/dev/pts/0 res=success'
Feb 02 00:39:45 dom0 audit[28073]: USER_START pid=28073 uid=0 auid=1000 ses=2 
msg='op=PAM:session_open 
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix 
acct="root
" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Feb 02 00:39:45 dom0 sudo[28073]: pam_systemd(sudo:session): Cannot create 
session: Already running in a session
Feb 02 00:39:45 dom0 audit[28073]: CRED_REFR pid=28073 uid=0 auid=1000 ses=2 
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" 
hostname=? addr=? terminal=/dev/pt
s/0 res=success'
Feb 02 00:39:45 dom0 audit[28073]: USER_CMD pid=28073 uid=1000 auid=1000 ses=2 
msg='cwd="/home/qubes-user" 
cmd=71766D2D6372656174652077696E3130202D2D636C617373207374616E64616C6F6E65766D202D
2D70726F7065727479206B65726E656C3D202D2D726F6F742D636F70792D66726F6D202F686F6D652F71756265732D757365722F726F6F742E696D67202D2D6C6162656C20677265656E
 terminal=pts/0 res=success'
Feb 02 00:39:45 dom0 kernel: audit: type=1110 audit(1517549985.514:242): 
pid=28073 uid=0 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix 
acct="root" exe="/usr/bin/sudo" hostna
me=? addr=? terminal=/dev/pts/0 res=success'
Feb 02 00:39:45 dom0 kernel: audit: type=1123 audit(1517549985.514:241): 
pid=28073 uid=1000 auid=1000 ses=2 msg='cwd="/home/qubes-user" 
cmd=71766D2D6372656174652077696E3130202D2D636C6173732
07374616E64616C6F6E65766D202D2D70726F7065727479206B65726E656C3D202D2D726F6F742D636F70792D66726F6D202F686F6D652F71756265732D757365722F726F6F742E696D67202D2D6C6162656C20677265656E
 terminal=pt
s/0 res=success'
Feb 02 00:39:45 dom0 sudo[28073]: qubes-user : TTY=pts/0 ; PWD=/home/qubes-user 
; USER=root ; COMMAND=/bin/qvm-create win10 --class standalonevm --property 
kernel= --root-copy-from /home/qubes-user/root.img --label green



Thanks,
Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66355c46-e136-4cc9-9914-6230b2487563%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes / Github bugs track ??

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-02-01 02:22, Nope wrote:
> The problem, as Ivan pointed out, is that our issue tracker would 
> be cluttered with open reports in which the issue is probably 
> fixed, but we're waiting for the reporter to confirm that it's 
> fixed.
> 
> -> cluttered with open reports: yes you are right, in this case, 
> can you through Github, to close automatically tickets after "3 
> days" if no answer ?

Possible, but harder to manage. AFAIK, there's no way to automatically
close after three days, so we would have to remember to do this for
every issue, which would be a lot of extra overhead. If we could
automate this, though, it could be a nice system.

> -> not true, my ticket has been closed before my "report".
> 

By "report" I mean the original report when you first open the issue.
In this sense, it's not possible for an issue to be closed before your
report, because the issue doesn't exist before your report (and an
issue that doesn't exist can't be closed).

> Instead, if you find that your issue was closed without being 
> fixed, you should simply say so in a comment on that issue. You 
> could simply say, "This is still happening. Please re-open."
> 
> -> ok for me
> 
> Whatever you do, don't create a new issue when you know it's a 
> duplicate of the old one! That causes confusion and creates extra 
> work, which takes time away from working on the actual problem.
> 
> -> agree
> 
> I don't want to bother the team. Just my two pences.
> 
> Thx
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpz6g8ACgkQ203TvDlQ
MDAPHQ//VdRGk7KsYNdW365UOtJxBWugwemuxZfRV/V0sjungv4iU0ws5PbHDo36
QH1FF3AE0TrLdWODxQxm0D3ckSlPPg1aY2wvPrJqM6Z7+TNIBK+eaLXtDa34HVI7
7o4dCMXKxnHleE1B4KC9hxi6bibV48Wa8piGyODWQbdWGT+dLal6mPPHDSRVywOZ
PL5CgrM9lqX3w7tjbM9Ez5kpzqtRUifYwGJfnlfhXEM75ECuzAnG2heptL9huZAS
3o/yBoCGBOZj9yE3SEXzb5olPK1QRiN1He2EFTcPw94mOj+LTQzShOFGdSB1TTgh
Qglccba9txHn1Oj/fJiH4w3cg7eXCjRhV7CHT7747pnc4lTqIuEzHtscjK4oB2va
FcJ2QRTdtQgpp+JV+EEf/OZm47V9PPsw4jdBCkiQK+yj6smB3TfLznVaATXiAa7a
qXyjb1HK7tGpQioLldEZo2A3IC1wv4y/zdVaPcf7lNduaSsHgmO0a+1StrVgHgS7
GgQS08qRD9RIuTT37V3+Oh5xGSPYIv5kYwHfExhC0HpfVpVo/Tmd1oreHyh44KRP
Dyc32fwYI6062M7AFZ7WsFYPQ/6rq7A8ajYrGPfpwQmVoCvuYAmGN0eE90kvsgGd
rr9tet4PdmFpQQ/ZZ1GQPaqbdV9MCJtKuS+ql8UquyKkaaCYb34=
=f/OK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/778d8609-ac15-60e3-829d-ea787c047783%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install software inside dom0

[cpatterson]

did you try to prepend the command with 'sudo'?
-- 
-

IMPORTANT NOTICE: The information in this email is confidential and may 
also be privileged. 
If you are not the intended recipient, any use or dissemination of the 
information and any disclosure or copying of this email is unauthorised and 
strictly prohibited.  If you have received this email in error, please 
promptly inform us by reply email or telephone.  You should also 
delete this email and destroy any hard copies produced.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e397045-1d30-4df8-9771-165ff30a3e0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install software inside dom0

[cpatterson]

On Tuesday, August 22, 2017 at 3:03:56 PM UTC-6, Gecko wrote:
> It didn't let me do the gparted install. I have since given up. I have 
> decided to wipe the qubes os partition, go back to windows, connect another 
> computer using ethernet, backup my files, then wipe the hard drive, and maybe 
> try to install qubes again.
> 
> There seems to be too many issues with qubes. I'm doubting whether it's worth 
> the effort. Maybe a live CD + Encrypted USB will perform just as good. A lot 
> easier to manage and copy files etc.
> 
> Thank you for trying to help though. Maybe I should look for an OS that 
> doesn't use your graphics card as a paper weight.

did you try to prepend the command with 'sudo'?

-- 
-

IMPORTANT NOTICE: The information in this email is confidential and may 
also be privileged. 
If you are not the intended recipient, any use or dissemination of the 
information and any disclosure or copying of this email is unauthorised and 
strictly prohibited.  If you have received this email in error, please 
promptly inform us by reply email or telephone.  You should also 
delete this email and destroy any hard copies produced.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d54caeb4-5492-4c01-8aa5-2674051b08d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Slow network speed outside netvm

[Ilpo Järvinen]

Can you try if you get better throughput between a proxy vm and an appvm 
using this kind of topology?

sys-net <-> iperf-srv (proxyvm) <-> iperf-cli (appvm)

I could push ~10Gbps with one flow and slightly more with more parallel 
flows between them. But between sys-net and iperf-srv vms I've a lower
cap like you for some reason.

I also tried to use similar parameter for the kernel too but 10Gbps result
was still achievable.


-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1802012359200.6266%40whs-18.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes and Whonix now have next-generation Tor onion services!

['awokd' via qubes-users]

On Thu, February 1, 2018 7:53 pm, alexclay...@gmail.com wrote:
> I see on the Whonix website that's linked to it simply says:
>
>
> "To access the v3 onion address, Whonix users must install the latest Tor
> 3.2.9 client in Whonix-Gateway ( sys-whonix ) via the
> stable-proposed-updates repository."
>
> Any idea the commands to do this from the terminal for the whonix-gw vm?
> I've edited the Torrc file before but that's the extent of anything I've
> ever done with Whonix.

Seems to be out of proposed and in stable now, so all you should have to
do is update your whonix-gw and whonix-ws templates as usual.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37fe19c963ba44264684a822c9501e19.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes and Whonix now have next-generation Tor onion services!

[alexclaytor]

I see on the Whonix website that's linked to it simply says: 

"To access the v3 onion address, Whonix users must install the latest Tor 3.2.9 
client in Whonix-Gateway ( sys-whonix ) via the stable-proposed-updates 
repository."

Any idea the commands to do this from the terminal for the whonix-gw vm? I've 
edited the Torrc file before but that's the extent of anything I've ever done 
with Whonix. 

Thanks! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c850507-d8cb-4f95-908c-705018dc30c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes OS 4.0-rc4 has been released!

[Holger Levsen]

On Thu, Feb 01, 2018 at 09:58:34AM -0800, alexclay...@gmail.com wrote:
> Are there plans for the final 4.0 release to have a direct upgrade path from 
> 3.2? Or do we just backup all of our VMs, fresh install 4.0, then restore our 
> VMs? 

the latter.


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180201182136.l7fapchpgkm6sfaj%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Qubes OS screensharing

[Vít Šesták]

On February 1, 2018 6:42:08 PM GMT+01:00, Dave C  wrote:
>Indeed, I stand corrected.  This point could apply to a restrictive
>firewall, but the VM would need to network with the local VM running
>vncserver.

BTW, you could also pipe the network communication through qrexec. This could 
be more secure than restrictive firewall.

>I can imagine opening a terminal in the VM running vncserver and the
>window manager.  Could attacker open a terminal in other vm that has
>opened some application in that display?  (Application that is not a
>terminal, I mean.  I do see how an attacker could use any application
>shown in the display.)

It depends on what application you mean. I can see how a webbrowser can be used 
as a gadget to open terminal and some other applications (e.g., Libreoffice) 
can be used to open webbrowser. (And maybe LibreOffice supports macros or 
something similar, so attacker does not need to browser/terminal. Also, a text 
editor like Geany can be abused for editing files like .bashrc.

I am not sure about generic applications with no such option of saving files 
and opening them in some apps. I remember statements that X11 is not designed 
for isolation and some those statements look like this is possible generally by 
design. I was able to neither confirm nor deny it in a short time.

Regards,
Vít Šesták 'v6ak'

Maybe top-posting is bad. However, quoting whole message (including quotes of 
quotes and quotes of quotes of quotes etc.) before your message is even worse. 
Please don't let others scroll extensively.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0254EE1B-EC02-453F-BC96-A9D7218CFBA9%40v6ak.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] after update no VM 'starts' apps anymore.

['awokd' via qubes-users]

On Tue, January 30, 2018 1:51 am, awokd wrote:
> On Tue, January 30, 2018 12:05 am, 'Tom Zander' via qubes-users wrote:
>
>> Is this a known issue?
>>
>>
>>
>> I can start a VM using qvm-start, but when I use qvm-run nothing
>> happens, it hangs forever. Even commands that don't need a X server. For
>> any qube of the various OSs I run.
>
> qvm-run works on both powered on and off VMs on my 4.0 on testing repo.
> qvm-run works on powered on (only) VMs on my 3.2 stable.

I ran into an odd issue trying to update today when dom0 was on testing
but whonix-gw was on current. $releasever wasn't getting replaced with the
version number so qubes-dom0-update was trying to pull from
"%36releasever" subdirectory. Switching whonix-gw to testing and updating
first resolved it. Were your templates and dom0 using the same repository
or mixed?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9179a3664026a7d2bfa6958537c29b61.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 4.0-rc4 has been released!

[alexclaytor]

Are there plans for the final 4.0 release to have a direct upgrade path from 
3.2? Or do we just backup all of our VMs, fresh install 4.0, then restore our 
VMs? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/baf66cf3-35fc-43fa-bc12-d9ceef09c9c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes OS screensharing

[Dave C]

On Sunday, January 28, 2018 at 12:24:08 PM UTC-8, Vít Šesták wrote:
> On January 27, 2018 7:57:02 AM GMT+01:00, Dave C wrote:
> >* VMs that can't access the conference site (i.e. bluejeans.com) or
> >can't access the net at all
> 
> How can a VM without network access open a window in the X11 accessible from 
> network?

Indeed, I stand corrected.  This point could apply to a restrictive firewall, 
but the VM would need to network with the local VM running vncserver.

[snip]
> 
> >My approach lowers security while screensharing.  But the rest of the
> >time, not screensharing, the VMs are running with normal firewall
> >settings.
> 
> It is likely that a VM can infect any other of the VMs (or the screensharing 
> VM). There are multiple potential ways to do so:
> 
> a. Exploit some vulnerability in X11 protocol implementation.
> b. Open a terminal (if not already opened) and type a command. This is 
> possible, because any client can inject any input events to other client.

I can imagine opening a terminal in the VM running vncserver and the window 
manager.  Could attacker open a terminal in other vm that has opened some 
application in that display?  (Application that is not a terminal, I mean.  I 
do see how an attacker could use any application shown in the display.)

> c. Download some file using webbrowser and run/install it (e.g., using some 
> packaging system).
> d. I remember I have read that X11 effectively provides no isolation between 
> apps and I had an impression that any app can by design even run some code in 
> another client. However, don't take this point as verified unless you verify 
> it from some other source.

You make some great points.  Thanks.  I'm re-thinking my approach.

-Dave

> 
> Regards,
> Vít Šesták 'v6ak'
> 
> General note: Maybe top-posting is bad. However, quoting whole message 
> (including quotes of quotes and quotes of quotes of quotes etc.) before your 
> message is even worse. Please don't let others scroll extensively.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/777001bc-545b-419f-ab74-c1b160e1b48a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

[velcro]

Is legacy BIOs still preferred and likely compatible with 4.0 when final? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40f6953b-3c11-42a7-914b-ac46970de69c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes update to fedora 26 but dnf still using fedora 23 repo

[velcro]

When you say upgraded did you install a fresh fedora 26 template?

https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/

I think the advice is not to "upgrade" from fedora 23 but to install a fresh 
template.

Not sure thats your issue...if not I am not sure how to correct.

Qubes rocks! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19548009-a582-49d6-9838-eb35fdcebeac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] noscript xss warning on qubes os site

[velcro]

I got it in Fedora 26 appVM as well but the website was fedora.org. I am using 
3.2...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab192c78-be63-4109-9187-47af9c5a0eee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to deal with Yubikey ?

['awokd' via qubes-users]

On Thu, February 1, 2018 3:46 pm, ThierryIT wrote:
> What am I doing wrong ?
>
>
> I have a Yubikey4 U2F + CCID.
> Not detected with "qvm-block"
> Detected as sys-usb:4-2 by dom0 (qvm-usb).
>
>
> I have tried:
>
>
> - qvm-device usb attach vm_name sys-usb:4-2  (device attached failed)
> - qvm-device block attach vm_name sys-usb:4-2 (backend vm 'sys-usb'
> doesn't expose device 4-2)

Another poster said these aren't block devices, so don't try to use those
commands on it.

"qvm-device usb attach vm_name sys-usb:4-2" should work. What does
"qvm-usb attach vm_name sys-usb:4-2" do?

If it's the same error, did you install qubes-usb-proxy in your templates?
See https://www.qubes-os.org/doc/usb/.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c1c03258b0d8c328fff7a3550edb84fe.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to deal with Yubikey ?

[ThierryIT]

What am I doing wrong ?

I have a Yubikey4 U2F + CCID.
Not detected with "qvm-block"
Detected as sys-usb:4-2 by dom0 (qvm-usb).

I have tried: 

- qvm-device usb attach vm_name sys-usb:4-2  (device attached failed)
- qvm-device block attach vm_name sys-usb:4-2 (backend vm 'sys-usb' doesn't 
expose device 4-2)

...
Lost I am :)


Le jeudi 1 février 2018 13:28:59 UTC+2, awokd a écrit :
> On Thu, February 1, 2018 8:58 am, ThierryIT wrote:
> > If I did understood well, when using Qubes 4.0r3, there is no sys-usb ...
> 
> If you chose not to set one up on install there wouldn't be, but usually
> you should unless using a usb keyboard maybe. You can still add one now;
> check the docs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3023cda-4c12-4c74-9e2b-88c55e7d6bad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Running Windows from Qubes VM ?

[Vít Šesták]

On Saturday, January 13, 2018 at 9:24:49 AM UTC+1, msg...@gmail.com wrote:
> Maybe there is no bootloader on /dev/sdc1? Try to boot from livecd and fix 
> bootloader.

This is very likely. Bootloader is usually installed on whole drive (e.g., 
/dev/sdc) rather than on its partition (e.g., /dev/sdc1). I am not even sure if 
BIOS could boot from bootloader installed on a partition. Maybe also Windows do 
not like the fact they have just a partition and not a partition table.

Moreover, I do not recommend booting Windows this way. If they are on a 
partition accessible to dom0, the dom0 might try to parse its filesystem etc., 
which might expose some vulnerabilities. It seems to be more wise to convert 
the /dev/sdc1 to some image file (or a LVM volume, provided that you have 
carefully configured LVM, like Q4 has).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ba05d29-c9b2-43c4-8598-06e3798748f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] noscript xss warning on qubes os site

[pixel fairy]

On Thursday, February 1, 2018 at 3:31:45 AM UTC-8, awokd wrote:

> Not seeing this in Tor Browser 7.5 with Noscript 5.1.8.4 when I browse to
> https://www.qubes-os.org. Where are you seeing it?

firefox on fedora-26. install noscript, look at the qubes site. go to other 
sites. maybe restart the browser, and you get that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cce8b631-04df-4560-bb62-301ae04df78a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing in UEFI (Ryzen 1800X, ASRock Fatal1ty X370 Professional Gaming)

[Willem D]

On Thursday, 1 February 2018 13:40:24 UTC+2, awokd  wrote:
> On Thu, February 1, 2018 10:21 am, Willem D wrote:
> 
> To workaround the problem, try using Refind. To actually debug it, I think
> Qubes is using a modified version of Fedora 25's installer. Does that one
> work on your system? Not aware of any log files that get generated that
> early (especially if it can't find a file system interface).

I just tried Fedora 25 Live x86_64 (workstation), to my surprise it worked. I 
had to add "nomodeset" to boot parameter. It turns out the GeForce GT 1030 does 
not have modesetting support yet. I will remove that card in future Qubes tests.

Going to read up on Refind and leaving this here for reference: 
https://www.qubes-os.org/doc/uefi-troubleshooting/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4128473c-3112-4f46-a917-8dbebb817085%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sudden reboot?!

['awokd' via qubes-users]

On Thu, February 1, 2018 6:47 am, evo wrote:
> Hi all!
>
>
> I have sometimes big problem with Qubes 3.2.
> Just now, by writing an email... suddenly my laptop rebooted. Without
> any errors. Blackscreen and reboot.
>
> This was the second time, but after rather large period.
>
>
> how can i manage it??

You can check journalctl to see if it had a chance to log anything before
the reboot but if Xen is crashing you might need a serial console
connection to debug it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5ae47021dd443510449b70171a8f321.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing in UEFI (Ryzen 1800X, ASRock Fatal1ty X370 Professional Gaming)

['awokd' via qubes-users]

On Thu, February 1, 2018 10:21 am, Willem D wrote:

> I found the report on Github:
> https://github.com/QubesOS/qubes-issues/issues/2838 which describes the
> same issue as I have. I would like to debug the problem, but I require
> assistance with that.

To workaround the problem, try using Refind. To actually debug it, I think
Qubes is using a modified version of Fedora 25's installer. Does that one
work on your system? Not aware of any log files that get generated that
early (especially if it can't find a file system interface).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71bc6b64211aa9ce08655d4496263dce.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] noscript xss warning on qubes os site

['awokd' via qubes-users]

On Thu, February 1, 2018 9:54 am, pixel fairy wrote:
> noscript, the firefox extention, pops up the following about the qubes
> site,
>
> NoScript detected a potential Cross-Site Scripting attack
>
>
> from [...] to https://www.qubes-os.org.
>
> Suspicious data:
>
>
> window.name

Not seeing this in Tor Browser 7.5 with Noscript 5.1.8.4 when I browse to
https://www.qubes-os.org. Where are you seeing it?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d8d9781fd5379f7339482fb070d316f.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to deal with Yubikey ?

['awokd' via qubes-users]

On Thu, February 1, 2018 8:58 am, ThierryIT wrote:
> If I did understood well, when using Qubes 4.0r3, there is no sys-usb ...

If you chose not to set one up on install there wouldn't be, but usually
you should unless using a usb keyboard maybe. You can still add one now;
check the docs.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1faa309e2e2704c82fbabcacb489fad.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installing in UEFI (Ryzen 1800X, ASRock Fatal1ty X370 Professional Gaming)

[Willem D]

Hi All,

I tried installing Qubes 4.0-rc3 in UEFI mode using a USB drive. After POST I 
see 4 options* regardless of what option I choose the message "Couldn't obtain 
the File System Protocol Interface" flashes very quickly on my screen and the 4 
options are displayed on the screen again.

I found the report on Github: 
https://github.com/QubesOS/qubes-issues/issues/2838 which describes the same 
issue as I have. I would like to debug the problem, but I require assistance 
with that.

I was able to test media and install Qubes when booting in legacy mode. I do 
however require my system to run in UEFI mode. It might be possible to force 
the OS to boot in UEFI mode after installing in legacy, however I would rather 
try to find the cause of the problem and improve the experience for others with 
the same issue.

I am able to start Fedora 27's anaconda installer in UEFI mode using the same 
hardware.

*options:
"Test media and install Qubes R4.0-rc3"
"Install Qubes R4.0-rc3"
"Troubleshooting - verbose boot and Install Qubes R4.0-rc"
"Rescue a Qubes system"

Hardware:
CPU: AMD Ryzen 7 1800X
M/B: ASRock Fatal1ty X370 Professional Gaming
RAM: 32GB G.SKill F4-3200C14D-32GTZ TridentZ Series
GPU: 2GB GeForce GT 1030
GPU: 8GB Radeon RX 480 GDDR5 256bit PCI-E 3.0 
SSD: 500GB Samsung 960 EVO NVMe M.2 PCI-E 3.0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae34f348-7f86-4fb3-a043-27f67b378e14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Slow network speed outside netvm

[Jarle Thorsen]

Ilpo Järvinen:
> I found this:
> https://wiki.xenproject.org/wiki/Xen-netback_and_xen-netfront_multi-queue_performance_testing

Thanks, I'll have a look.

> It might be that roughly 4Gbps might be what you can get for cross-vm with 
> one flow (but those results are quite old).
> 
> I guess that there are by default two queues per vif (based on the kernel
> thread naming) which would explain why going beyond 2 VCPUs didn't help 
> any. ...Now we only just need to figure out how to configure the number of 
> queues to see if that has some impact on performance (ethtool seems to be 
> unable to do that).
> 
> ...And of course you'll need to use more than one flow to utilize all 
> those queues anyway but I guess you tested also the inter-vm test with 
> more than one flow?

Yes, using 2,4 or 6 flows gives the same result.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89569c3c-70e4-41cf-9a1c-746333f16df0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] noscript xss warning on qubes os site

[pixel fairy]

noscript, the firefox extention, pops up the following about the qubes site,

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://www.qubes-os.org.

Suspicious data:

window.name

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/799216a9-386d-45e2-a05f-17b045a4645d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

[Vít Šesták]

I have installed the patch from security-testing. On system resume, I sometimes 
notice effects like:

* Time synced noticeably late. For example, when my laptop wakes up on morning, 
Thunderbird considers today's e-mails as e-mails from future day (so it 
displays date, not only time).
* Some VMs don't get the time synced at all (or at least after a huge delay 
that looks like forever). I've repeatedly seen this at some VM with a 
background bot.
* The same applies to Wi-Fi. It sometimes seems to be attached even after I 
type the password (which is not short).

I have also seen one strange change (not sure about the timing, but it might be 
related to the update) that might affect security of those who use some 
pseudo-DVM for sys-usb. When I remove USB „mouse“* and attach it back, the 
mouse is automatically allowed. Maybe the connection has not been closed. The 
strange part is that this does not apply for USB keyboard, although the input 
proxy works virtually the same.

So, before adding an untrusted device, it is not enough to disconnect USB 
keyboard/touchpad. I also have to reboot the sys-usb VM.

Regards,
Vít Šesták 'v6ak'

*) I have two USB „mice“, none of them is actual traditional mouse. One of them 
is a touchpad that uses mouse USB protocol. The other one is a keyboard that 
has capability of clicking and looks like multiple input devices on the USB 
protocol.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bec4ff9-5ca5-4951-bf88-8478138b1fec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Slow network speed outside netvm

[Ilpo Järvinen]

On Thu, 1 Feb 2018, Jarle Thorsen wrote:

> Ilpo Järvinen:
> > I'd next try to tweak the txqueuelen (at the netvm side):
> >   sudo ifconfig vifxx.0 txqueuelen 
> > 
> > Appvm side (eth0) seems to have 1000 but the other side (vifxx.0) has 
> > only 64 by default that seems a bit small for high-performance transfers.
> 
> Thanks a lot for your help so far!
> 
> Unfortunately setting txqueuelen to 1000 did not make any difference...

I found this:
https://wiki.xenproject.org/wiki/Xen-netback_and_xen-netfront_multi-queue_performance_testing

It might be that roughly 4Gbps might be what you can get for cross-vm with 
one flow (but those results are quite old).

I guess that there are by default two queues per vif (based on the kernel
thread naming) which would explain why going beyond 2 VCPUs didn't help 
any. ...Now we only just need to figure out how to configure the number of 
queues to see if that has some impact on performance (ethtool seems to be 
unable to do that).

...And of course you'll need to use more than one flow to utilize all 
those queues anyway but I guess you tested also the inter-vm test with 
more than one flow?


-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1802011102270.18034%40whs-18.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to deal with Yubikey ?

[ThierryIT]

If I did understood well, when using Qubes 4.0r3, there is no sys-usb ...


Le jeudi 1 février 2018 02:31:50 UTC+2, joev...@gmail.com a écrit :
> qvm-usb command shows you how to attach USB devices to VMs.  There is no GUI 
> method like there is for block devices.  
> 
> Remember, Yubikey is not a storage/block device.  It is a USB that acts more 
> like a HID keyboard.  
> 
> Mine works on 3.2 just fine using sys-usb, then attaching to whatever VM 
> needs it.
> 
> On Wednesday, 31 January 2018 09:14:36 UTC-5, ThierryIT  wrote:
> > How did you attached it ? I am trying without success ... I can attached it 
> > from dom0 using: qvm-block a vm_name dom0:sdd 
> > Is it correct under Qubes4.0r3 ?
> > 
> > 
> > Le mardi 23 janvier 2018 09:51:17 UTC+2, Kushal Das a écrit :
> > > On Tue, Jan 23, 2018 at 12:17 PM, ThierryIT  wrote:
> > > > Hello,
> > > >
> > > > I have today to deal with two problems:
> > > >
> > > > 1) I am using Yubikey to be authentified on some web site like Github 
> > > > ...
> > > > 2) I am using Yubikey to stock my PGP keys and to use them with mainly 
> > > > my emails (Thinderbird+Enigmail)
> > > >
> > > > What to do under Qubes to make this possible ?
> > > > I have already sys-usb running.
> > > 
> > > On Qubes 4.0rc3, I just attach it to the vm as required, and use it.
> > > No configuratino is required.
> > > 
> > > Kushal
> > > -- 
> > > Staff, Freedom of the Press Foundation
> > > CPython Core Developer
> > > Director, Python Software Foundation
> > > https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e3c705d-361d-495f-8f3c-5b2785dc10b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Slow network speed outside netvm

[Jarle Thorsen]

Ilpo Järvinen:
> I'd next try to tweak the txqueuelen (at the netvm side):
>   sudo ifconfig vifxx.0 txqueuelen 
> 
> Appvm side (eth0) seems to have 1000 but the other side (vifxx.0) has 
> only 64 by default that seems a bit small for high-performance transfers.

Thanks a lot for your help so far!

Unfortunately setting txqueuelen to 1000 did not make any difference...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e413de61-d4b7-4714-86e7-0dee1672b379%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Slow network speed outside netvm

[Ilpo Järvinen]

On Wed, 31 Jan 2018, Jarle Thorsen wrote:

> Mike Keehan:
> 
> > It sounds a bit ambitious to run 10gb per sec from one VM through 
> > another and onto the wire.  I suspect you are memory speed limited
> > if you are using a straightforward desktop pc.
> 
> I'm not sure what is the limiting factor (memory speed, xen overhead?), 
> but I just did an iperf test between netvm and appvm only, and I still 
> maxed out at 4 Gbit/s. This test takes the network card out of the 
> equation and only tests the speed between the vms. Maybe somebody can do 
> similar tests on their system?
>
> > Do you know if anyone has achieved this?
> 
> I don't know.

I'd next try to tweak the txqueuelen (at the netvm side):
  sudo ifconfig vifxx.0 txqueuelen 

Appvm side (eth0) seems to have 1000 but the other side (vifxx.0) has 
only 64 by default that seems a bit small for high-performance transfers.



-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1802011018110.18034%40whs-18.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes / Github bugs track ??

[Nope]

The problem, as Ivan pointed out, is that our issue tracker would be
cluttered with open reports in which the issue is probably fixed, but
we're waiting for the reporter to confirm that it's fixed.

-> cluttered with open reports: yes you are right, in this case, can you
through Github, to close automatically tickets after "3 days" if no answer ?
-> not true, my ticket has been closed before my "report".

Instead, if you find that your issue was closed without being fixed, you
should simply say so in a comment on that issue. You could simply say,
"This is still happening. Please re-open."

-> ok for me

Whatever you do, don't create a new issue when you know it's a duplicate
of the old one! That causes confusion and creates extra work, which
takes time away from working on the actual problem.

-> agree

I don't want to bother the team.
Just my two pences.

Thx

2018-02-01 6:38 GMT+02:00 Andrew David Wong :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2018-01-31 08:25, ThierryIT wrote:
> > Le mardi 30 janvier 2018 10:05:57 UTC+2, Ivan Mitev a écrit :
> >> On 01/30/18 09:36, ThierryIT wrote:
> >>> Hi,
> >>>
> >>> Why are you closing a ticket before knowing if the modification you
> have made, to correct the bug, is working ? I mean, why can't you wait for
> the user to add the modification and see if it is working or not ?
> >>
> >> Once a dev or contributor provides a fix that he/she thinks solves an
> >> issue there is usually no reason to keep the issue open, or else the
> >> issue tracker would be cluttered with fixed but open issues waiting to
> >> be confirmed/closed by their reporter.
> >
> > Do not agree at all with this ...
> > If taking as example my ticket, what happen:
> >
> > 1) I open a ticket for a problem
> > 2) The ticket is taken into account by the dev
> > 3) Work on it, push the patch
> > 4) close the ticket
> > 5) I do the update as requested
> > 6) result: not fully working
> > 7) Cannot re-open my ticket, open a new ticket
> > 8) The dev close my second ticket because it is duplicated ticket
> > 9) re-open the first ticket
> >
> > And what about:
> >
> > 1) I open a ticket for a problem
> > 2) The ticket is taken into account by the dev
> > 3) Work on it, push the patch
> > 4) Ask the user to update and give feedback
> > 5) if working then close the ticket, if not then go ahead ...
> >
> > What do you think ?
> >
>
> The problem, as Ivan pointed out, is that our issue tracker would be
> cluttered with open reports in which the issue is probably fixed, but
> we're waiting for the reporter to confirm that it's fixed. Many
> reporters wouldn't respond at all. That would make our issue tracker
> much less efficient for our developers, which would in turn make them
> less efficient at fixing bugs and adding features.
>
> Instead, if you find that your issue was closed without being fixed, you
> should simply say so in a comment on that issue. You could simply say,
> "This is still happening. Please re-open." (However, it would be more
> helpful if you could provide more detail than that. We understand that
> it's not always possible, though.)
>
> Whatever you do, don't create a new issue when you know it's a duplicate
> of the old one! That causes confusion and creates extra work, which
> takes time away from working on the actual problem.
>
> >>
> >>> As exemple: ticket #3501 is closed, but even if I have followed the
> instruction, the problem is not solved, but the ticket is closed ...
> >> Either you're now hitting a bug that has nothing to do with your
> >> original issue or Marek thought he fixed the bug but made a mistake. If
> >> it's the former simply open another issue. If it's the latter, I'd send
> >> Marek a friendly email, or I would create a new issue pointing to the
> >> wrongly solved older one.
> >>
>
> Please don't send emails to individual developers or create issues you
> know are duplicates! Both are distracting and actually make it harder
> for them to help you with your problem. Instead, please just add a
> comment on the existing closed issue, as I explained above. We'll
> receive a notification when you do.
>
> I've updated the Reporting Bugs page to try to clarify all of this:
>
> https://www.qubes-os.org/doc/reporting-bugs/
>
> >>> How to re-open it ?
> >>
> >> You can't, it looks like it's a github shortcoming. Had you taken 2 secs
> >> to websearch it, you'd have found:
> >>
> >> https://stackoverflow.com/questions/21333654/how-to-re-
> open-an-issue-in-github#21333938
> >>
> >> first hit, no need to even click the link, the answer is at the top of
> >> the search page: "you cannot re-open your own issues if a repo
> >> collaborator closed them".
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpymZoACgkQ203TvDlQ
> MDDgIxAAjtzKW1QtkK6HtYR+XcFpVR+sWAsT0xWzhk6eyTi5ob1yersq74h2sgzt
>