date:20180227

Le samedi 24 février 2018 21:49:49 UTC+2, Alex Dubois a écrit :
> On Wednesday, 21 February 2018 09:01:45 UTC, ThierryIT  wrote:
> > Le mercredi 14 février 2018 09:49:37 UTC+2, ThierryIT a écrit :
> > > Le dimanche 11 février 2018 10:08:52 UTC+2, ThierryIT a écrit :
> > > > Le samedi 10 février 2018 22:58:15 UTC+2, Alex Dubois a écrit :
> > > > > > On 10 Feb 2018, at 17:46, ThierryIT  wrote:
> > > > > > 
> > > > > > Le samedi 10 février 2018 01:44:36 UTC+2, Alex Dubois a écrit :
> > > > > >> On Saturday, 3 February 2018 22:42:46 UTC, Alex Dubois  wrote:
> > > > > >>> On Saturday, 3 February 2018 10:12:25 UTC, ThierryIT  wrote:
> > > > >  Le vendredi 19 janvier 2018 13:19:29 UTC+2, Alex Dubois a écrit :
> > > > > >> On Friday, 19 January 2018 05:57:16 UTC, ThierryIT  wrote:
> > > > > >> Not familiar with this ... Will need procediure to follow.
> > > > > >> 
> > > > > >> 
> > > > > >> Le mercredi 17 janvier 2018 23:03:31 UTC+2, Alex Dubois a 
> > > > > >> écrit :
> > > > > >>> On Wednesday, 17 January 2018 15:15:45 UTC, ThierryIT  wrote:
> > > > >  No, I am still under R3.2
> > > > >  
> > > > >  Le mercredi 17 janvier 2018 16:54:58 UTC+2, awokd a écrit :
> > > > > > On Wed, January 17, 2018 2:09 pm, ThierryIT wrote:
> > > > > >> "https://github.com/adubois/qubes-app-linux-yubikey;
> > > > > >> 
> > > > > >> 
> > > > > >> Le mercredi 17 janvier 2018 16:05:52 UTC+2, awokd a écrit :
> > > > > >> 
> > > > > >>> On Wed, January 17, 2018 1:09 pm, ThierryIT wrote:
> > > > > >>> 
> > > > >  Nobody ?
> > > > >  
> > > > >  
> > > > >  
> > > > >  Le mercredi 17 janvier 2018 09:23:34 UTC+2, ThierryIT a 
> > > > >  écrit :
> > > > >  
> > > > >  
> > > > > > Hi,
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > I am going to install a new sys-usb.
> > > > > > I have before to install all what I need to the 
> > > > > > template (fedora-26)
> > > > > > first. When following your procedure:
> > > > > > 
> > > > > > 
> > > > > > ykpers has been installed but: I cannot do the same for
> > > > > > qubes-yubikey-vm and qubes-yubikey-dom0 :
> > > > > > 
> > > > > > no match for argument
> > > > > > 
> > > > > > ideas ?
> > > > > >>> 
> > > > > >>> Not quite sure what you are trying to do here. What 
> > > > > >>> procedure? What
> > > > > >>> command are you entering?
> > > > > > 
> > > > > > Are you trying this on Qubes 4.0? Those Yubikey packages 
> > > > > > might not be in
> > > > > > the Qubes repo yet.
> > > > > >>> 
> > > > > >>> Hi,
> > > > > >>> 
> > > > > >>> I have not maintained this for some time. So long that I 
> > > > > >>> can't remember if the packages had been created/tested, I 
> > > > > >>> don't think they have.
> > > > > >>> 
> > > > > >>> Best is you follow the steps to build it on a new temporary 
> > > > > >>> VM, don't be afraid it should not be too hard:
> > > > > >>> - Execute the yum command in "Build dependancies"
> > > > > >>> - Also install pam-devel
> > > > > >>> - Follow the steps in preparing the build and build
> > > > > >>> - Deploy the code in Dom0 and the USB VM.
> > > > > >>> 
> > > > > >>> I am about to upgrade to Qubes 4.0 rc4 (when released) so 
> > > > > >>> won't probably be able to help until this is done.
> > > > > >>> 
> > > > > >>> Any help from someone who is used to packaging under Fedora 
> > > > > >>> would be nice.
> > > > > >>> 
> > > > > >>> Alex
> > > > > > 
> > > > > > Sure, I'll update the doc and post here. However as I said 
> > > > > > don't want to touch my Qubes set-up before my upgrade to 4.0 
> > > > > > rc4. So might be in 2-3weeks
> > > > >  
> > > > >  Did you upgrade to Q4R4 ?
> > > > > >>> 
> > > > > >>> I'm in the process. Having issues with PCI path-through of my 
> > > > > >>> second NIC that I need to solve. I have to use PV mode for now 
> > > > > >>> and not too happy to have too. I'll open another thread if I 
> > > > > >>> can't find a way...
> > > > > >> 
> > > > > >> Hi Thierry,
> > > > > >> 
> > > > > >> I have recompiled it OK. This was working on R3.2. You can test it 
> > > > > >> on R4 but no idea if it will work. I hope to have a bit of time to 
> > > > > >> look at it this week.
> > > > > >> 
> > > > > >> To compile it if you want to test / debugInR4
> > > > > >> create new VM with network (to get the github) or without network 
> > > > > >> but you'll have to copy the download to the VM by another mean. 
> > > > > >> Then:
> > > > > >> yum install

Re: [qubes-users] how to upgrade qubes-core-agent ?

Le mardi 27 février 2018 19:21:40 UTC+2, Unman a écrit :
> On Tue, Feb 27, 2018 at 07:15:22AM -0800, ThierryIT wrote:
> > Hi,
> > 
> > I have installed the fedora-26 template but it is running with version 
> > 4.0.20 and I would like the version 4.0.23 ... How to upgrade ?
> > 
> > Thx
> > 
> 
> Read the docs at :
> https://www.qubes-os.org/doc/software-update-vm
> 
> Enable the current-testing repository.

already done and working. Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/202054b6-d43d-4aeb-bdba-2b703888c2ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Upgrade of my sys-usb ??

Le mardi 27 février 2018 19:22:56 UTC+2, Unman a écrit :
> On Tue, Feb 27, 2018 at 07:35:10AM -0800, ThierryIT wrote:
> > Hello,
> > 
> > I have upgrade the template (fedora-26) who has been used to build my 
> > sys-usb VM.
> > I do not see yet, any propagation of this upgrade to my sys-usb ... Is 
> > there any possibility to force this to be done ?
> > 
> > Thx
> > 
> 
> Have you shutdown the template and then restarted the sys-usb?

yep working :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f2dd38e-28ac-4b76-884d-00ff8931a0a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0 without IOMMU/VT-d/AMD-Vi or Interrupt Remapping

2018-02-27 Thread taii...@gmx.com

On 02/26/2018 10:53 PM, Utility Panel wrote:

Apparently there are some problems with the 63xx series Opterons and
coreboot: https://www.coreboot.org/Board:asus/kgpe-d16#CPUs_recommended_by_users

Man I am so tired of people fuckin with my baby.

I saw that, but the same page mentions Taiidan's solution for providing the
needed microcode updates. Luckily, Taiidan seems to like Qubes, so he's an easy
guy to find. :)

I use series 3 CPU's and for me they are the difference between playing
games smoothly in a VM at max settings and not playing games smoothly in
a VM at max settings, get one.

I added a philosophical section at the bottom about microcode updates.
You gotta get a KGPE-D16 and one or two G34 CPU while you still can as
they have stopped making them.

Also when I get a better job and have money to spend I am going to get
and use for my primary computer a TALOS 2 even though it doesn't support
qubes as it is much faster and has a higher level of firmware/hardware
security.

As always people can bug me for libre hardware/firmware help off list if
they want, but then it isn't on the record and can't help others :D so I
recommend posting on a list either here or the coreboot list.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/865806ad-826f-5098-8fa5-4c9ee25d041c%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] XSA-252, XSA-255, and XSA-256 do not affect the security of Qubes OS

2018-02-27 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

The Xen Project has published Xen Security Advisories 252, 255, and 256
(XSA-252, XSA-255, and XSA-256, respectively). These XSAs do *not*
affect the security of Qubes OS, and no user action is necessary.

These XSAs have been added to the XSA Tracker:

https://www.qubes-os.org/security/xsa/#252
https://www.qubes-os.org/security/xsa/#255
https://www.qubes-os.org/security/xsa/#256

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqWHDkACgkQ203TvDlQ
MDAnARAAlHi2Y2IrahT8kwxrAs4p7uSyKKm6GPFiWyyE4r6X4QxRmrCB82UP2MYo
DsVXj2g6p/Nmk6hmfWoWwrErDy5JaX0VpTVSREfVWn+X763zAaKHE/T7WLCXvo/1
CiQuS1Cmpx7bpkRAq8FxqxiIAz0SA8nFw+EbIifVOmxRsx+cyv+mSJ7s6rFqrkH9
SeEXAunUonrHE76cVaEAFLumf5gLhKScg+jPiAOLGjxECQAWSY6bdB/aENlbTp9S
k6xHpQ+cAY6bUlr6uYkw9WaUl6QIi3Vdv8SrZShUygACAcVZK5jspJ4fwHol2KD6
M/9B/Tkw/1NfBZeOkUC7Bb2FW0c5aYZ78mGJRBCGmRgeMY54Af6ymIWP1TTFJXci
Qn5qJgrUUYZhmQuX+yBTjSx7rGSfzNhmejuM2Evxs++nqT1cNesqIgHO3xbfvauY
eL/QPL5HnFgZPeDCwRqwK0QU6yCTQXYtsXuXbWRd87KPNqQXIkXScux93Xt4m3iG
QCVTpnsUv35QM2gKTktRt005dHw41fuGnCp30Yziq8prxYKyRlht4uQKi5eRakhj
K7C6nwtjKkMLs1B3zB/hGo/uLyh1pzmMGMOteQaPhb4nDZafaYFZoa3FJgjI+NIg
dezoXbV2OT9JT3W0JmOyTHzY0ah8eWGMbaT//ZA7aX3uVm2Y1fA=
=T1hu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b14b61ed-c30d-98ac-ea9d-89db31409707%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Inspiron 5559

2018-02-27 Thread tempqube

* The OS never crashes even with the spectre and meltdown BIOS patches. 
However, I do not know if this introduces problems security-wise.

* Video is fine. No glitches.
* Seldomly, I get networking errors with Tor. It's not much of an issue. 
It could just be an OS issue and not my hardware specifically.

* I can't find the option to mount USB devices.
* Sometimes the sound doesn't work. According to the "Volume control" 
window in the "Output Devices" tab, the "HDMI [is] unplugged". Powering 
off the laptop a couple of times fixes this issue momentarily.


Let me know if you need my assistance. Keep in mind, this is a temporary 
email, so it might be a while for a response from me.


Overall, the usability for the machine is decent, aside from the 
occasional loss of sound.


I have attached the .cpio.gz and .yml files. I have tampered with the 
contents of the .cpio.gz by removing serial numbers and the UUID of my 
computer. If this is an issue, I can add them back in.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c7fcc54d0d3cb3b710acc06cd3c7965%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.
---
layout:
  'hcl'
type:
  'notebook
docking station'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
remap:
  'yes'
brand: |
  Dell Inc.
model: |
  Inspiron 5559
bios: |
  1.4.1
cpu: |
  Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Skylake Host Bridge/DRAM Registers [8086:1904] (rev 08)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation HD Graphics 520 [8086:1916] (rev 07) (prog-if 00 [VGA 
controller])
gpu-short: |
  FIXME
network: |
  Realtek Semiconductor Co., Ltd. RTL8101/2/6E PCI Express Fast/Gigabit 
Ethernet controller (rev 07)
memory: |
  7763
scsi: |
  WDC WD10JPVX-75J Rev: 1A02
  DVD+-RW GU90NRev: A1C1
usb: |
  1
versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R3.2
  xen: |
4.6.6
  kernel: |
4.9.56-21
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---



Qubes-HCL-Dell_Inc_-Inspiron_5559-20180225-061711.cpio.gz
Description: GNU Zip compressed data

Re: [qubes-users] High spec laptop for Qubes OS

2018-02-27 Thread Franz

On Sat, Feb 24, 2018 at 10:52 PM, taii...@gmx.com  wrote:

> I suggest a lenovo W520, as it supports coreboot with open source hw init
> and me cleaner (which nerfs but does not disable ME - it is impossible to
> disable ME, dell/purism are lying) you can also use an egpu for additional
> graphics power and install an ivy bridge processor for better power figures.
>
> I would also look in to the TALOS 2 (OpenPOWER9) which is a very high
> performance owner controlled workstation with libre firmware for both the
> board and BMC (even the microcode is owner controlled and has documentation
> supplied, there is absolutely no hardware code signing enforcement).
> POWER is now the worlds only owner controlled performance cpu arch due to
> both intel and AMD adopting black box supervisor processors and hardware
> code signing enforcement.
> https://raptorcs.com
> It also supports CAPI and PCI-e 4.0, which I imagine might interest you.
>
>
But does Talos 2 work with Xen? It seems it does not:
https://www.google.com.br/url?sa=t=j==s=web=1=rja=8=0ahUKEwig_reIlsLZAhXK2VMKHRlvC6cQFggrMAA=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsg%2Fqubes-users%2FbqRSuU3T6MA%2Fn9tFozKsAQAJ=AOvVaw2aUCCm88WSdcxkcCqWhZbe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qATFoUhxNNkH08qiN8tigM7EeGq8%2Bx8gehywH8C6ArToA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] High spec laptop for Qubes OS

2018-02-27 Thread '[799]' via qubes-users

Hello Taiidan,

 Original-Nachricht 
An 26. Feb. 2018, 00:33, taii...@gmx.com schrieb:

> In terms of laptops, the most free is the
> Lenovo G505S which can run
> qubes (no ME/PSP) although it doesn't have
> an eGPU capability and max ram is 16GB so
> the best choice would be the W520 if one
> wants an eGPU capable laptop with 32GB
> max ram.

Depending on the use case I would always also think about battery runtime, 
something where the W520 fails.
I would always always think about a x230 which runs so well under Qubes and can 
be coreboot'ed.

Out of interest, why are you not recommending the W540? I have both (x230 and 
W540) and the biggest benefit of the W540 is the high resolution display.
Unfortunately it doesn't support Coreboot and build quality is not as nice as 
the older x230 series.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bCLo2zbEJzq2g8yi9fFPzDvaRcFATsBImFwnghnOFqmVq-S7dH3uQNGmsYbITkLAwnWOq_wm2SsizInclJpVtpr4uut-eGAMVR25SOdFd0E%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: firewall/proxy VM not working with Qubes 4.0-rc4

On Tuesday, 27 February 2018 23:48:27 UTC, thorsten...@gmail.com  wrote:
> A friend was using my PC and forgot to logout, so I accidently posted with 
> his account. So here it goes again:
> 
> > This is probably just because it tries to resolve the IPs and DNS times 
> > out. if you use netstat -nr, it should be fast.
> 
> Yes, using "netstat -nr" I get a result immediately in sys-firewall:
> 
> Destination Gateway Genmask Flags MSS Window irtt 
> Iface
> 0.0.0.0 10.137.0.5 0.0.0.0 UG 0 0 0 eth0
> 10.137.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> 
> 
> > could you please do the arp -an after the ping 8.8.8.8
> 
> "arp -an" in sys-net displays:
> ? (192.168.0.2) at xx:xx:xx:xx:xx:xx [ether] on enp0s0
> 
> (xx:xx:xx:xx:xx:xx is a valid mac address, I just replaced the actual values 
> with X's)
> 
> 
> "arp -an" in sys-firewall displays:
> 
> ? (10.137.0.5) at  on eth0

Yes, so the problem is that you don't have connectivity between the 2 VMs.
Could you try this:
qvm-prefs sys-firewall | grep netvm
it should say sys-net? Y/N

Based on the info in the Qubes Firewall doc page
Even if it states sys-net, let's try to force it again
qvm-prefs sys-firewall -s netvm sys-net

and try the arp -an in sys-firewall again

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38962d3b-4f42-4c6b-9759-7bfb974b4362%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Re: Windows on R4 (rc4) - Install crash on splash screen: Starting Windows

2018-02-27 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 27. Feb. 2018, 23:58, Alex Dubois schrieb:

> Would you know have to validate the rpm
> signature by any chance?

Haven't tried it out, but you're asking to verify the rpm package prior to 
installing it?

Something like this?
Verifying the signatures of packages
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-check-rpm-sig.html

[799]

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/631e9154-8387-4c78-a803-6f42a4adb315%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/xY9ORfM1zuHxZ4fiWbw696dRx2VFtnJ0QBtV7j-NGVQ4fFgVxUS60DCsbQfNr1An_nvJ5W3mj8--IPbBplno3K9khCNY5hBJtiq3gE0PMRw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tue, Feb 27, 2018 at 06:59:18PM -0500, Steve Coleman wrote:
> On 02/27/18 10:24, Unman wrote:
> 
> > 
> > For 3.2 I have a Qubes Live that can be run from DVD/USB and generate HCL 
> > from
> > that.
> > http://www.qubes-3isec.org
> 
> Is that perhaps:
> 
>  http://qubes.3isec.org/Live/
>  http://qubes.3isec.org/Live/Qubes.iso
>  http://qubes.3isec.org/Live/QubesTor.iso
> 
> With a '.' rather than a '-' in the name? I'm just mentioning the correction
> in case others may try to find it. I know it took a lot of work to make that
> ISO so its a good resource.
> 
> Its a shame the 4.x was not cooperating. Was it a matter of time or a
> specific technical issue? In any case thanks for working on it as long as
> you did. One day I hope to figure out how to make one, with specific options
> compiled in.
> 
> > A major issue is that programs like HCL will report on the current 
> > capabilities,
> > not necessarily what the machine is capable of. For that you really need
> > to look in BIOS (to see what can be enabled) and check the documentation
> > for your mb/processor combo.
> > To work efficiently,a program as you envisage it would need to hold a
> > database of board/processors to provide accurate report, I think.
> > 
> > unman
> > 

Yes, it is Steve.
Thanks.

I actually do have a bare rc4 iso, which needs some more testing before I
post it. But it isn't a priority for me right now.

cheers

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180228005401.wqzseuuux34ag5ts%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Steve Coleman

On 02/27/18 10:24, Unman wrote:

For 3.2 I have a Qubes Live that can be run from DVD/USB and generate HCL from
that.
http://www.qubes-3isec.org

Is that perhaps:

http://qubes.3isec.org/Live/
http://qubes.3isec.org/Live/Qubes.iso
http://qubes.3isec.org/Live/QubesTor.iso

With a '.' rather than a '-' in the name? I'm just mentioning the
correction in case others may try to find it. I know it took a lot of
work to make that ISO so its a good resource.

Its a shame the 4.x was not cooperating. Was it a matter of time or a
specific technical issue? In any case thanks for working on it as long
as you did. One day I hope to figure out how to make one, with specific
options compiled in.

A major issue is that programs like HCL will report on the current capabilities,
not necessarily what the machine is capable of. For that you really need
to look in BIOS (to see what can be enabled) and check the documentation
for your mb/processor combo.
To work efficiently,a program as you envisage it would need to hold a
database of board/processors to provide accurate report, I think.

unman

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6efc0c21-b48d-9fa4-7500-b79a05f7b2ec%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: firewall/proxy VM not working with Qubes 4.0-rc4

2018-02-27 Thread thorsten . schierer

A friend was using my PC and forgot to logout, so I accidently posted with his 
account. So here it goes again:

> This is probably just because it tries to resolve the IPs and DNS times out. 
> if you use netstat -nr, it should be fast.

Yes, using "netstat -nr" I get a result immediately in sys-firewall:

Destination Gateway Genmask Flags MSS Window irtt 
Iface
0.0.0.0 10.137.0.5 0.0.0.0 UG 0 0 0 eth0
10.137.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 eth0


> could you please do the arp -an after the ping 8.8.8.8

"arp -an" in sys-net displays:
? (192.168.0.2) at xx:xx:xx:xx:xx:xx [ether] on enp0s0

(xx:xx:xx:xx:xx:xx is a valid mac address, I just replaced the actual values 
with X's)


"arp -an" in sys-firewall displays:

? (10.137.0.5) at  on eth0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/837b117e-630b-46bf-9094-aff730d15a6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: firewall/proxy VM not working with Qubes 4.0-rc4

2018-02-27 Thread frankf1983 via qubes-users

> This is probably just because it tries to resolve the IPs and DNS times out. 
> if you use netstat -nr, it should be fast.

Yes, using "netstat -nr" I get a result immediately in sys-firewall:

Destination Gateway Genmask Flags MSS Window irtt 
Iface
0.0.0.0 10.137.0.5 0.0.0.0 UG 0 0 0 eth0
10.137.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 eth0


> could you please do the arp -an after the ping 8.8.8.8

"arp -an" in sys-net displays:
? (192.168.0.2) at xx:xx:xx:xx:xx:xx [ether] on enp0s0

(xx:xx:xx:xx:xx:xx is a valid mac address, I just replaced the actual values 
with X's)


"arp -an" in sys-firewall displays:

? (10.137.0.5) at  on eth0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dddeea8c-df61-45c7-8c6e-64b34a1a302c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Windows on R4 (rc4) - Install crash on splash screen: Starting Windows

On Friday, 9 February 2018 19:02:13 UTC, Ivan Mitev  wrote:
> On 02/09/18 20:56, Alex Dubois wrote:
> > On Friday, 9 February 2018 18:43:06 UTC, Ivan Mitev  wrote:
> >> On 02/09/18 20:23, Alex Dubois wrote:
> >>> On Friday, 9 February 2018 18:01:08 UTC, Ivan Mitev  wrote:
>  On 02/09/18 19:37, Alex Dubois wrote:
> > On Friday, 9 February 2018 13:17:19 UTC, Alex Dubois  wrote:
> >> On Friday, 9 February 2018 13:07:27 UTC, Alex Dubois  wrote:
> >>> On Friday, 9 February 2018 12:31:10 UTC, Alex Dubois  wrote:
>  Hi,
> 
>  After booting the win7 VM, the DVD get recognized.
>  Windows is loading file progress bar is going smoothly
>  But the win7 VM goes into halted or transient state just after 
>  displaying the graphical splash screen Starting Windows
> 
>  At the moment I am exploring how to resolve this issue in R4 
>  https://github.com/QubesOS/qubes-issues/issues/2488
> 
>  I've tried
>  qvm-features win7 video-model cirrus
>  but same problem
> >>>
> >>> Fixed.
> >>> The minimum specs from Microsoft for Windows 7 64bits is 2GB of RAM.
> >>> qvm-prefs win7 memory 2048
> >>>
> >>> I'll update the doc.
> >>
> >> I have also tested that
> >> qvm-features win7 video-model cirrus
> >> is NOT required (in my case).
> >
> > I should test fully before saying things. It was required after the 
> > first reboot.
> >
> > This thread provide a comprehensive view 
> > https://groups.google.com/forum/#!topic/qubes-devel/tBqwJmOAJ94
> >
> 
>  FYI once the second part of the installation is complete and you have a
>  working windows VM, you can revert the display adapter to standard vga
>  (qvm-features --unset win7 video-model).
> 
>  Happy that the qubes-devel thread was useful :)
> >>>
> >>> Yes thanks a lot. I have now a working win7. Starting Windows-Tools 
> >>> install.
> >>
> >> I just did that :) - it works well... (but don't try to install the pv
> >> storage driver otherwise you'll get a BSOD).
> > 
> > Thanks for the warning ;-)
> > 
> > I can't find qubes-windows-tools
> > is it in testing branch?
> 
> Yes (in R3.2):
> 
> https://yum.qubes-os.org/r3.2/current-testing/dom0/fc23/rpm/qubes-windows-tools-3.2.2-3.x86_64.rpm
> 
> Extract with:
> 
> rpm2cpio qubes-windows-tools-3.2.2-3.x86_64.rpm | cpio -idmv
> 
> And start the VM (assuming the iso is in the 'untrusted' VM):
> 
> qvm-start --cdrom=untrusted:/home/user/qubes-windows-tools.iso win7

Would you know have to validate the rpm signature by any chance?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/631e9154-8387-4c78-a803-6f42a4adb315%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: AW: Re: [qubes-users] Installing Chrome

On Tuesday, 27 February 2018 11:39:03 UTC, Yuraeitha  wrote:
> On Tuesday, February 27, 2018 at 3:06:36 AM UTC+1, brenda...@gmail.com wrote:
> > On Monday, February 26, 2018 at 7:21:11 PM UTC-5, [799] wrote:
> > > An 27. Feb. 2018, 00:59, Yuraeitha schrieb:
> > > > It is by no means a complete guide as you
> > > > make it sound though, it's relying overly much
> > > > on closed code, and Chromium is no good
> > > > here to look into Google Chrome. I wouldn't
> > > > call it the "go to" guide to get everything
> > > > working. 
> > > 
> > > Seriously? Do you know how much time it takes to write a how-to? To test 
> > > all
> > > steps and to use the feedback from other committed users to make it 
> > > better?
> > > And as mentioned the guide is written for a special use case, playing
> > > multimedia on Qubes as I wanted an OS which I can use for everything I'm 
> > > using
> > > a laptop for.
> > 
> > Hey, just wanted to say: thanks for the guide, it's great. :)
> > 
> > One of the strengths of Qubes is that you *can* divide your usage into 
> > compartments which have different compromises (both security-wise and 
> > philosophy-wise). A full-out "yes, we can Netflix and ... well, popcorn in 
> > this case" Qube and separately have a "open source intelligence research 
> > behind VPN and/or TOR" Qube or "develop sensitive open source application" 
> > Qube on the same machine, *and* worry less about cross contamination 
> > (security, software development ethics, identities, etc.) is just a big win.
> > 
> > Again: thanks! I am already using your guide and I appreciate all the work 
> > you and others put into it.
> > 
> > ...
> > > > The fact that Firefox isn't even mentioned in
> > > > that "between the lines self-proclaimed all
> > > > solution page guide", makes me a bit sad and
> > > > disappointed in Qubes. I hope this is a
> > > > mistake. 
> > > 
> > > Honestly it was me writing this "self-proclaimed all solution page guide"
> > > which took me lots of hours starting from the first version and following 
> > > the
> > > excellent feedback from other users to improve it.
> > > Maybe you should provide content instead of being sad that others try to
> > > contribute to the Qubes project?
> > 
> > Great idea! Maybe Yuraeitha can write up a "multimedia, most of it, with 
> > firefox" guide? I have seen Yuraeitha add useful information on other 
> > threads in this forum, appears to be very engaged and generally appears to 
> > mean well.
> > 
> > > Do you know how motivating it feels if people comment on your work like 
> > > you're
> > > doing?
> > 
> > I hope I have at least added some positive balance. :)
> > 
> > > If my how-to will convince one user to try out Qubes because he can even 
> > > do 
> > > the "evil closed source" stuff, I am happy.
> > 
> > :)
> > 
> > Brendan
> 
> I think you add positive balance Brendan, I like that you try to see both 
> parties views and seek to make peace. Although I did overstep and caused a 
> provocation, when I could have criticized without it becoming emotional. Even 
> if I did not do it intentionally, it's still something I need to take 
> responsibility for.
> 
> To which I really apologize for [799], I hope we can still see eye to eye. By 
> the way, even if I criticized your how-to doc here, there are two things that 
> soften the perceived written criticism (quite a lot actually), which I want 
> to underline. First the work you did is really good, I like what you did. 
> What I criticized is only a lack of work into open alternatives, and not the 
> work you did, which is good (which the criticism here takes a whole different 
> character when criticizing an institution/culture rather than a single 
> person). Adding a section to the how-to with minimum a brief mention of 
> privacy/open-source concerns could be a good quick solution as a disclaimer, 
> which would fend off this criticism even if you don't add open source 
> solutions. Second, I want to admit that I make mistakes too (which is 
> obvious, but the point here is that I'm admitting to it, in fact I make a lot 
> of mistakes). I'm not trying to belittle, be arrogant or feel superior (I 
> don't). It's just that my writing style can be very straight forward and it 
> can risk sounding harsh. Adding on-top of that, I can be pretty darned 
> merciless when it comes to challenging authority, which is not how I act 
> towards individual people. I believed in the moment of the writing that what 
> I challenged, did not have a face or emotions, but instead was a system, an 
> authority through institutionalization/culture. But it turned out the wrath I 
> put forward actually hit a person, which was not my intention at all. Shaking 
> things up can sometimes fix issues in institutions, but it's not a good 
> approach for individual people. I hope you will forgive me for being rude 
> towards you, I do feel bad about it... Especially when as a person a mistake 
> like this is very minor,

Re: [qubes-users] Re: firewall/proxy VM not working with Qubes 4.0-rc4

On Tuesday, 27 February 2018 18:46:52 UTC, thorsten...@gmail.com  wrote:
> > Can you also try doing this against the template you're using for your 
> > sys-firewall?
> > 
> > qvm-features fedora-26-minimal qubes-firewall 1 
> 
> I did this and restarted everything, no difference.
> 
> 
> > Yes probably. For reference, to check (or enable):
> > - go to start menu/System Tools/Qube Manager
> > - right click sys-net/Qube Settings/Services tab
> > - clocksync should be in the list and ticked if not type clocksync and 
> > click on +
> > - I think a full reboot is required. There are probably ways to avoid it... 
> 
> clocksync is checked.
> 
> 
> > I am confused, did you do this in sys-net or sys-firewall. Because sys-net 
> > would have a default route and a route for your Lan. You may have tripped 
> > the info which is fine.
> 
> In fact I left the default routes away and just focused on the missing one.
> When I start sys-firewall a new network interface is added (vifx.0) where x 
> is a number.
> "ifconfig -a" displays:
> 
> vif3.0: flags=4098  mtu 1500
> (and also 2 default interfaces: enp0s0 and lo, which are both UP and RUNNING)
> 
> 
> I noticed here that "UP" / "RUNNING" is missing for the vif, therefore I have 
> to "up" it myself.
> This might be part of the problem, since it has to be running in order to add 
> a new route (which should be done automatically).
> So "route" in sys-net displays only the default routes:
> 
> Destination Gateway Genmask Flags Metric Ref Use 
> Iface
> default gateway 0.0.0.0 UG 100 0 0 enp0s0
> 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0enp0s0
> 
> So if I add the route myself it additionally displays:
> 
> 10.137.0.6 0.0.0.0 255.255.255.255 U 100 0 0vif3.0
> 
> So far so good, the values in sys-net are looking "ok" to me now. Or am I 
> missing something?

Yes looks good.

> 
> 
> > on sys-firewall, you are probably going to need to ifconfig eth0 up and you 
> > should have something like this:
> > -bash-4.4# netstat -nr
> > Kernel IP routing table
> > Destination Gateway Genmask Flags   MSS Window  irtt 
> > Iface
> > 0.0.0.0 10.137.0.14  0.0.0.0 UG0 0  0 
> > eth0
> > 10.137.0.14  0.0.0.0 255.255.255.255 UH0 0  0 
> > eth0 
> 
> On sys-firewall eth0 and lo are UP and RUNNING, but "route" takes around 20 
> seconds to finish and displays:
> 
> Destination Gateway Genmask Flags Metric Ref Use 
> Iface
> default gateway 0.0.0.0 UG 0 0 0 eth0
> gateway 0.0.0.0 255.255.255.255 UH 0 0 0eth0
> 
> The long waiting time before "route" finishes makes me wonder...

This is probably just because it tries to resolve the IPs and DNS times out. if 
you use netstat -nr, it should be fast.

> 
> I deleted the default routes and recreated them. I also restarted the eth0 
> interface.
> 
> When I try to ping 8.8.8.8 from sys-firewall I get:
> 
> From 10.137.0.6 icmp_seq=1 Destination Host Unreachable
> From 10.137.0.6 icmp_seq=2 Destination Host Unreachable
> ...
> 
> 
> I also switched the templates of sys-net and sys-firewall to debian-9, but 
> the result is the same (vif down in sys-net, no route for vif).
> 
> The more I try to fix this, I get a feeling that the root of the problem lies 
> inside sys-net.

Or the "physical" link between sys-net and sys-firewall. I believe there is a 
doc page (or maybe a thread here) on how to reconnect after a disconnection.

could you please do the arp -an after the ping 8.8.8.8
If you have a MAC address for sys-net, then you have "wire" connectivity, 
otherwise, it is where the pb is.

> It seems like the vif in sys-net does not get "up", which breaks the 
> setup/initialization script (or maybe it breaks earlier, I don't know).
> 
> If I knew, which steps have to be done to set up network between a VM, 
> sys-firewall and sys-net correctly, I could try to pinpoint the problem 
> better.
> What happens exactly behind the scenes when sys-firewall starts and uses 
> sys-net as netVM?
> Also I was thinking if iptables might be involved here?!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23340a00-ae9a-4886-84e3-8906be13e949%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 and coreboot

2018-02-27 Thread 'MirrorWay' via qubes-users

coreboot+seabiospayload - I can use to install, boot Qubes 4.
coreboot+grubpayload - I can't get the installer to run, but it boots an 
already-installed Qubes 4.

if you run MECleaner, you might want to blacklist mei and mei_me to get rid of 
some error messages / speed up boot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/rIPm2QRZ07AkWD-fmCkNJdRCgB2LUhHguGNCgxR8dabU77MnurKM6SJKAiOqiL93etYclCJVx7YoYxs6p4gK3p4DMeNYVEA6lWCFtNBkwZ0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 and coreboot

2018-02-27 Thread qubes-os


I'm using Qubes OS as the sole OS on the system.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f346b5c-72fe-5393-82ec-f8d1c02176a8%40go-bailey.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Qubes 4 and coreboot

2018-02-27 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 27. Feb. 2018, 22:41, schrieb:

> Do the Qubes devs recommend a specific
> payload to use with coreboot and
> Qubes 4?
> For those who are using coreboot with the
> Qubes 4 release candidates,
> what payload are you using?

Are you running Qubes in a Dual Boot configuration or as the single Operating 
System (which would be the better option regarding security)?

I was running Qubes OS and Windows in a dual boot setup as I needed Windows 10 
ony corporate laptop (unfortunately).
Thereof I was using Coreboot with SeaBIOS in order to be able to boot Qubes and 
Windows.
Unfortunately I had issues with standby/resume and decided to run Qubes as 
primary OS removing windows.
To access Windows I am now using a "my-work" Qube which has Cisco AnyConnect 
and VMware Horizon View Client installed to access my windows 10 virtual 
desktop or network shares.

Thereof I think I don't need SeaBIOS anymore and will reflash with a Coreboot 
without SeaBIOS.

I am also interested in some recommendations for an optimized Coreboot Config, 
maybe also some shared config files.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aQovtbmOgsPvXRzLdUe5V18kQLf2hWjzT5KiaswX8na1SlrfcqAWg5ZmFQ2DreHb7u3j5IlZ0aMOru4lxR8i8OWbQH_8la1uGtiisq12sXg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4 and coreboot

2018-02-27 Thread qubes-os

Do the Qubes devs recommend a specific payload to use with coreboot and 
Qubes 4?


For those who are using coreboot with the Qubes 4 release candidates, 
what payload are you using?


Have you run into any oddities with said payload detecting the install 
DVD or USB stick as well as with the subsequent installation?


I haven't been able to get coreboot with a petitboot payload working 
well with Qubes 4 thus far so am thinking of trying a different payload.


Thanks in advance.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa000ccd-dc02-b9a6-b745-d89615c0b7b3%40go-bailey.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB VM based on fedora-26 doesn't pass block devices

2018-02-27 Thread Tim W

On Friday, February 23, 2018 at 11:32:17 AM UTC-5, Kelly Dean wrote:
> awokd writes:
> > I wonder if this might be related to a recent patch in testing. Are both
> > your dom0 and templates on the same repository (current vs. testing) and
> > updated? A recent patch also required a reboot once both were updated.
> 
> Both on current, and both updated, and rebooted since last update.
> 
> Anyway, problem solved. I plugged the USB device into a different port, and 
> it worked (I got xvdi in the appVM). Then I detached and moved it back to the 
> port where I was having the problem, and this time it worked there too. 
> Aargh, heisenbug.


That almost sounds like a bug with the usb controller reset device or something 
to that effect.  I assume both usb ports are on the same controller.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d14c9e1-cd69-4612-8577-061fe98ebf4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qrexec demon fails to load any VM when I attach any device

2018-02-27 Thread Allen Larocque

Thanks for the help.

The intel audio pci device is indeed listed in the qvm-pci list, and the 
pulseaudio manager is 'connected', However, under 'devices' there's nothing 
about the intel device - just 'combined monitor' as the source


On Tuesday, 27 February 2018 10:09:37 UTC-8, Yuraeitha  wrote:
> On Tuesday, February 27, 2018 at 6:58:11 PM UTC+1, Allen Larocque wrote:
> > Thanks Yuraeitha for the thoughtful reply!
> > 
> > Hm. It doesn't seem to work in the other templates. I think it is a driver 
> > issue. I've tried volume etc.; and switching through the pulseaudio menus 
> > shows only 'simultaneous output' devices (which DO have actively 
> > fluctuating 'volume bars' when playback is happening!). Under 'config' 
> > there is 'no sound cards available for configuration'. 
> > I've been trying some things and let me try to clarify:
> > 
> > 'lspci' lists '00:1b:0 Audio device: Intel Corporation 7 Serices/c210 
> > Series Chipset Family High Definition Audio Controller (rev04)'
> > I interpret that as the audio card being on the chipset (hence 'plugged in' 
> > automatically).
> > 
> > 'aplay -l' however lists "no soundcards found". So alsa doesn't see it?
> > 
> > Alsa is a deeper level than pulseaudio generally, right? So if alsa doesn't 
> > see it then it makes sense that pulseaudio doesn't either.
> > 
> > So: how to get alsa/pulseaudio to see it?
> > 
> > Thanks again for the gracious help!
> > - Allen
> > 
> > On Tuesday, 27 February 2018 04:16:15 UTC-8, Yuraeitha  wrote:
> > > On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque wrote:
> > > > Hi Qubes,
> > > > First time installer here, trying to get my sound to work. Strangely, 
> > > > speakers are broken, but headphones work fine.
> > > > 
> > > > Anytime I move my sound device from 'available' to 'selected' in a 
> > > > given VM, the VM won't load and I get the 'qeexec demon' error. Same 
> > > > thing when I move various other devices over (tested with USB ones). I 
> > > > should need the audio device moved over in order for it to work in a 
> > > > given VM, right?
> > > > 
> > > > Any thoughts? Running 3.2 on a Zenbook UX31A.
> > > > 
> > > > Thanks,
> > > > Allen
> > > 
> > > Also if you moved the soundcard to a direct pass-through, and the 
> > > soundcard hardware does not support the PCI pass-through feature. Then 
> > > you need to make a full restart of Qubes OS (fully power down power in 
> > > order to clean hardware memory). This is due to security reasons. If this 
> > > is hitting you, then you may want to first undo the pass-through you made 
> > > of your soundcard, and then make a full restart before trying the above 
> > > suggestions.
> 
> np's :)
> 
> Try compare "qvm-pci list" with lspci, it's the same list, but it'll show you 
> if the Qubes tools register the sound card. Also try look in the Qubes menu 
> --> Systems Tools --> Pulseaudio Manager. See if the sound server is 
> connected or disconnected here.
> 
> I can't write much more right now as I'm on the road and need to close the 
> lid and move now, but checking these might get us a little closer with more 
> information.
> 
> I can confirm I see my own soundcards with "aplay -l", so this command should 
> indeed be working in Qubes it seems?
> 
> It sounds like a problem that is out of my league though, but I'll try to 
> help where I can.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2e3120e-34a5-4c0e-981b-6e5a71121930%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: firewall/proxy VM not working with Qubes 4.0-rc4

2018-02-27 Thread thorsten . schierer

> Can you also try doing this against the template you're using for your 
> sys-firewall?
> 
> qvm-features fedora-26-minimal qubes-firewall 1 

I did this and restarted everything, no difference.


> Yes probably. For reference, to check (or enable):
> - go to start menu/System Tools/Qube Manager
> - right click sys-net/Qube Settings/Services tab
> - clocksync should be in the list and ticked if not type clocksync and click 
> on +
> - I think a full reboot is required. There are probably ways to avoid it... 

clocksync is checked.


> I am confused, did you do this in sys-net or sys-firewall. Because sys-net 
> would have a default route and a route for your Lan. You may have tripped the 
> info which is fine.

In fact I left the default routes away and just focused on the missing one.
When I start sys-firewall a new network interface is added (vifx.0) where x is 
a number.
"ifconfig -a" displays:

vif3.0: flags=4098  mtu 1500
(and also 2 default interfaces: enp0s0 and lo, which are both UP and RUNNING)


I noticed here that "UP" / "RUNNING" is missing for the vif, therefore I have 
to "up" it myself.
This might be part of the problem, since it has to be running in order to add a 
new route (which should be done automatically).
So "route" in sys-net displays only the default routes:

Destination Gateway Genmask Flags Metric Ref Use 
Iface
default gateway 0.0.0.0 UG 100 0 0 enp0s0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0enp0s0

So if I add the route myself it additionally displays:

10.137.0.6 0.0.0.0 255.255.255.255 U 100 0 0vif3.0

So far so good, the values in sys-net are looking "ok" to me now. Or am I 
missing something?


> on sys-firewall, you are probably going to need to ifconfig eth0 up and you 
> should have something like this:
> -bash-4.4# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags   MSS Window  irtt Iface
> 0.0.0.0 10.137.0.14  0.0.0.0 UG0 0  0 eth0
> 10.137.0.14  0.0.0.0 255.255.255.255 UH0 0  0 
> eth0 

On sys-firewall eth0 and lo are UP and RUNNING, but "route" takes around 20 
seconds to finish and displays:

Destination Gateway Genmask Flags Metric Ref Use 
Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
gateway 0.0.0.0 255.255.255.255 UH 0 0 0eth0

The long waiting time before "route" finishes makes me wonder...

I deleted the default routes and recreated them. I also restarted the eth0 
interface.

When I try to ping 8.8.8.8 from sys-firewall I get:

>From 10.137.0.6 icmp_seq=1 Destination Host Unreachable
>From 10.137.0.6 icmp_seq=2 Destination Host Unreachable
...


I also switched the templates of sys-net and sys-firewall to debian-9, but the 
result is the same (vif down in sys-net, no route for vif).

The more I try to fix this, I get a feeling that the root of the problem lies 
inside sys-net.
It seems like the vif in sys-net does not get "up", which breaks the 
setup/initialization script (or maybe it breaks earlier, I don't know).

If I knew, which steps have to be done to set up network between a VM, 
sys-firewall and sys-net correctly, I could try to pinpoint the problem better.
What happens exactly behind the scenes when sys-firewall starts and uses 
sys-net as netVM?
Also I was thinking if iptables might be involved here?!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/785727e5-718e-4709-b395-3dd2ebfbc647%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Clearing qubes-dom0-cached packages

2018-02-27 Thread Chris Laprise

On 02/27/2018 12:42 PM, Yuraeitha wrote:

On Tuesday, February 27, 2018 at 6:08:57 PM UTC+1, awokd wrote:

On Tue, February 27, 2018 5:00 pm, Yuraeitha wrote:

I'm working on an update script btw, which might solve issues like these.

I haven't tested it but I noticed there's a clean action, so you can do:

sudo qubes-dom0-update --action=clean

Not exactly sure what it does but it might simplify things if it works.

Yes that is a good trick, but Marek recently told me not to use it though, from
what I understand it's because it causes extra load on the server, which is bad
if too many people does it. So the clean command is probably really good if
only used sparingly once in a while. But maybe it could be used in the script
with some kind of countdown, like for example if it only cleans once a month?
But would that be useful though?

I didn't mention or show the script to Marek, as it was only a few days
afterwords I started working on it. But he did tell me to use --refresh instead
when he saw I used the clean command. I found the --refresh flag in fedora
template, but I couldn't get it to work in dom0. Though I found --check-only in
the qubes-dom0-update manual, presumably it's the same as --refresh and only
updates the metadata? Seemingly debian does it all automatically already too.
uh, too many questions that needs sorted out. I definitely need these sorted
out with a degree of certainty before I give this script to other people, I
don't want to risk messing someone elses Qubes system up with it, that would
suck.

So maybe clean is not needed if metadata are cleaned? I believe the clean
command works very well indeed, but from what I understood from Marek at the
time, it might overdo it.

I'll see if I can upload the script when I get home later today so you can see
it (I'm on the road atm), I'll post a link here so it's easier to discuss any
potential pitfalls in it.

FWIW, I'm working on porting my updater to 4.0. The existing version
already uses "clean packages" and I may add --refresh (which has worked
for me) as well.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0ce5177c-d61a-975e-a95d-7bcbb78e4f44%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qrexec demon fails to load any VM when I attach any device

On Tuesday, February 27, 2018 at 6:58:11 PM UTC+1, Allen Larocque wrote:
> Thanks Yuraeitha for the thoughtful reply!
> 
> Hm. It doesn't seem to work in the other templates. I think it is a driver 
> issue. I've tried volume etc.; and switching through the pulseaudio menus 
> shows only 'simultaneous output' devices (which DO have actively fluctuating 
> 'volume bars' when playback is happening!). Under 'config' there is 'no sound 
> cards available for configuration'. 
> I've been trying some things and let me try to clarify:
> 
> 'lspci' lists '00:1b:0 Audio device: Intel Corporation 7 Serices/c210 Series 
> Chipset Family High Definition Audio Controller (rev04)'
> I interpret that as the audio card being on the chipset (hence 'plugged in' 
> automatically).
> 
> 'aplay -l' however lists "no soundcards found". So alsa doesn't see it?
> 
> Alsa is a deeper level than pulseaudio generally, right? So if alsa doesn't 
> see it then it makes sense that pulseaudio doesn't either.
> 
> So: how to get alsa/pulseaudio to see it?
> 
> Thanks again for the gracious help!
> - Allen
> 
> On Tuesday, 27 February 2018 04:16:15 UTC-8, Yuraeitha  wrote:
> > On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque wrote:
> > > Hi Qubes,
> > > First time installer here, trying to get my sound to work. Strangely, 
> > > speakers are broken, but headphones work fine.
> > > 
> > > Anytime I move my sound device from 'available' to 'selected' in a given 
> > > VM, the VM won't load and I get the 'qeexec demon' error. Same thing when 
> > > I move various other devices over (tested with USB ones). I should need 
> > > the audio device moved over in order for it to work in a given VM, right?
> > > 
> > > Any thoughts? Running 3.2 on a Zenbook UX31A.
> > > 
> > > Thanks,
> > > Allen
> > 
> > Also if you moved the soundcard to a direct pass-through, and the soundcard 
> > hardware does not support the PCI pass-through feature. Then you need to 
> > make a full restart of Qubes OS (fully power down power in order to clean 
> > hardware memory). This is due to security reasons. If this is hitting you, 
> > then you may want to first undo the pass-through you made of your 
> > soundcard, and then make a full restart before trying the above suggestions.

np's :)

Try compare "qvm-pci list" with lspci, it's the same list, but it'll show you 
if the Qubes tools register the sound card. Also try look in the Qubes menu --> 
Systems Tools --> Pulseaudio Manager. See if the sound server is connected or 
disconnected here.

I can't write much more right now as I'm on the road and need to close the lid 
and move now, but checking these might get us a little closer with more 
information.

I can confirm I see my own soundcards with "aplay -l", so this command should 
indeed be working in Qubes it seems?

It sounds like a problem that is out of my league though, but I'll try to help 
where I can.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/feaba198-afe7-4d06-b012-e5ca155f9149%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qrexec demon fails to load any VM when I attach any device

2018-02-27 Thread Allen Larocque

Thanks Yuraeitha for the thoughtful reply!

Hm. It doesn't seem to work in the other templates. I think it is a driver 
issue. I've tried volume etc.; and switching through the pulseaudio menus shows 
only 'simultaneous output' devices (which DO have actively fluctuating 'volume 
bars' when playback is happening!). Under 'config' there is 'no sound cards 
available for configuration'. 
I've been trying some things and let me try to clarify:

'lspci' lists '00:1b:0 Audio device: Intel Corporation 7 Serices/c210 Series 
Chipset Family High Definition Audio Controller (rev04)'
I interpret that as the audio card being on the chipset (hence 'plugged in' 
automatically).

'aplay -l' however lists "no soundcards found". So alsa doesn't see it?

Alsa is a deeper level than pulseaudio generally, right? So if alsa doesn't see 
it then it makes sense that pulseaudio doesn't either.

So: how to get alsa/pulseaudio to see it?

Thanks again for the gracious help!
- Allen

On Tuesday, 27 February 2018 04:16:15 UTC-8, Yuraeitha  wrote:
> On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque wrote:
> > Hi Qubes,
> > First time installer here, trying to get my sound to work. Strangely, 
> > speakers are broken, but headphones work fine.
> > 
> > Anytime I move my sound device from 'available' to 'selected' in a given 
> > VM, the VM won't load and I get the 'qeexec demon' error. Same thing when I 
> > move various other devices over (tested with USB ones). I should need the 
> > audio device moved over in order for it to work in a given VM, right?
> > 
> > Any thoughts? Running 3.2 on a Zenbook UX31A.
> > 
> > Thanks,
> > Allen
> 
> Also if you moved the soundcard to a direct pass-through, and the soundcard 
> hardware does not support the PCI pass-through feature. Then you need to make 
> a full restart of Qubes OS (fully power down power in order to clean hardware 
> memory). This is due to security reasons. If this is hitting you, then you 
> may want to first undo the pass-through you made of your soundcard, and then 
> make a full restart before trying the above suggestions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7659bd70-21fb-44a3-a349-bcde532a5cb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Clearing qubes-dom0-cached packages

On Tuesday, February 27, 2018 at 6:08:57 PM UTC+1, awokd wrote:
> On Tue, February 27, 2018 5:00 pm, Yuraeitha wrote:
> 
> > I'm working on an update script btw, which might solve issues like these.
> 
> I haven't tested it but I noticed there's a clean action, so you can do:
> 
> sudo qubes-dom0-update --action=clean
> 
> Not exactly sure what it does but it might simplify things if it works.

Yes that is a good trick, but Marek recently told me not to use it though, from 
what I understand it's because it causes extra load on the server, which is bad 
if too many people does it. So the clean command is probably really good if 
only used sparingly once in a while. But maybe it could be used in the script 
with some kind of countdown, like for example if it only cleans once a month? 
But would that be useful though?

I didn't mention or show the script to Marek, as it was only a few days 
afterwords I started working on it. But he did tell me to use --refresh instead 
when he saw I used the clean command. I found the --refresh flag in fedora 
template, but I couldn't get it to work in dom0. Though I found --check-only in 
the qubes-dom0-update manual, presumably it's the same as --refresh and only 
updates the metadata? Seemingly debian does it all automatically already too. 
uh, too many questions that needs sorted out. I definitely need these sorted 
out with a degree of certainty before I give this script to other people, I 
don't want to risk messing someone elses Qubes system up with it, that would 
suck.

So maybe clean is not needed if metadata are cleaned? I believe the clean 
command works very well indeed, but from what I understood from Marek at the 
time, it might overdo it.

I'll see if I can upload the script when I get home later today so you can see 
it (I'm on the road atm), I'll post a link here so it's easier to discuss any 
potential pitfalls in it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb69d45e-6574-4ec8-ae1c-91d2cdff6fed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Upgrade of my sys-usb ??

On Tue, Feb 27, 2018 at 07:35:10AM -0800, ThierryIT wrote:
> Hello,
> 
> I have upgrade the template (fedora-26) who has been used to build my sys-usb 
> VM.
> I do not see yet, any propagation of this upgrade to my sys-usb ... Is there 
> any possibility to force this to be done ?
> 
> Thx
> 

Have you shutdown the template and then restarted the sys-usb?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180227172252.b2yp5gmpn3jsgftn%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how to upgrade qubes-core-agent ?

On Tue, Feb 27, 2018 at 07:15:22AM -0800, ThierryIT wrote:
> Hi,
> 
> I have installed the fedora-26 template but it is running with version 4.0.20 
> and I would like the version 4.0.23 ... How to upgrade ?
> 
> Thx
> 

Read the docs at :
https://www.qubes-os.org/doc/software-update-vm

Enable the current-testing repository.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180227172134.2hnstqol62ndrzoc%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Clearing qubes-dom0-cached packages

On Tue, February 27, 2018 5:00 pm, Yuraeitha wrote:

> I'm working on an update script btw, which might solve issues like these.

I haven't tested it but I noticed there's a clean action, so you can do:

sudo qubes-dom0-update --action=clean

Not exactly sure what it does but it might simplify things if it works.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d1032049a8aeee762f1da9391c5df76.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Clearing qubes-dom0-cached packages

On Tuesday, February 27, 2018 at 5:28:01 PM UTC+1, Alex Dubois wrote:
> On Tuesday, 27 February 2018 16:13:43 UTC, Yuraeitha  wrote:
> > On Tuesday, February 27, 2018 at 4:45:45 PM UTC+1, Alex Dubois wrote:
> > > On Tuesday, 27 February 2018 15:34:00 UTC, Alex Dubois  wrote:
> > > > On Friday, 12 February 2016 22:08:05 UTC, m.3.7.31.127...@gmail.com  
> > > > wrote:
> > > > > I accidentally ran qubes-dom0-update qubes*testing and qubes 
> > > > > downloaded testing packages. I didn't install them, and I don't want 
> > > > > to. However, the packages are still cached and I have no way to 
> > > > > update qubes now without installing the testing packages.
> > > > > 
> > > > > How can I clear the package cache?
> > > > 
> > > > Hi,
> > > > 
> > > > I had the exact problem in this thread. I wanted to check if my 
> > > > qubes-dom0-update was broken or not. so enabled testing, which 
> > > > downloaded packages, I let it finished but then did not install.
> > > > 
> > > > Searched the past threads and found this one.
> > > > 
> > > > Applied the --clean option
> > > > Which seem to have done some things as I had now 5 packages that it 
> > > > wanted to install.
> > > > Which seems to confirm that qubes-dom0-update was stuck, also I am not 
> > > > sure (or maybe these 5 packages were release during my experiment on 
> > > > the current repo).
> > > > 
> > > > Is there a way in github to see the list of packages and the associated 
> > > > commits for each repo?
> > > 
> > > Sorry it was 8 packages.
> > > 
> > > I have cleared both rpm and repodata, and with the clean option was 
> > > offered to install these 8 packages. which I did.
> > 
> > Have you cleaned your templates too to keep them up-to-date and in sync 
> > with dom0?
> 
> Good heads-up. Just did, and there was also 25 packages (6 of which on 
> qubes-vm-r4.0-current).
> 
> I am not going to speculate at this point if Qubes OS team released some 
> updates this afternoon or not.

Good you got it in sync :)

I'm working on an update script btw, which might solve issues like these. But 
while the script works pretty smoothly (by all looks of it, it works in, at 
least in controlled conditions), I still need to sort out reliability questions 
and redundancy mechanics, as well as appeal and looks. Also need critical eyes 
to spot dangerous dragons in the script (mistakes that I made). It's kind of a 
simple script though, but I'm not an expert, so who knows if I messed something 
up. If these remaining issues can be worked out, then I'll share it on my 
github page. I also got exams irl atm though, so I might not work so fast on 
this, plus my lack of scripting skills slows me down too. Hopefully it will 
work though, my goal is to make updating possible for people who have no 
background in Linux/Qubes, like for example to the QubesTV project I'm trying 
to get going.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b9dc93a-ad6a-4ecf-93e0-356e17606f3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Don Hemminger

Thanks for all the comments and suggestions.  I just thought it might be 
something to consider if someone could re-purpose some of the code from Qubes 
for a diagnostic that could help individuals (like myself) to quickly determine 
and document (in the HCL) systems that are or are not compatible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/058215c1-7cb6-4f8f-a470-d67f9b998f77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Clearing qubes-dom0-cached packages

On Tuesday, 27 February 2018 16:13:43 UTC, Yuraeitha  wrote:
> On Tuesday, February 27, 2018 at 4:45:45 PM UTC+1, Alex Dubois wrote:
> > On Tuesday, 27 February 2018 15:34:00 UTC, Alex Dubois  wrote:
> > > On Friday, 12 February 2016 22:08:05 UTC, m.3.7.31.127...@gmail.com  
> > > wrote:
> > > > I accidentally ran qubes-dom0-update qubes*testing and qubes downloaded 
> > > > testing packages. I didn't install them, and I don't want to. However, 
> > > > the packages are still cached and I have no way to update qubes now 
> > > > without installing the testing packages.
> > > > 
> > > > How can I clear the package cache?
> > > 
> > > Hi,
> > > 
> > > I had the exact problem in this thread. I wanted to check if my 
> > > qubes-dom0-update was broken or not. so enabled testing, which downloaded 
> > > packages, I let it finished but then did not install.
> > > 
> > > Searched the past threads and found this one.
> > > 
> > > Applied the --clean option
> > > Which seem to have done some things as I had now 5 packages that it 
> > > wanted to install.
> > > Which seems to confirm that qubes-dom0-update was stuck, also I am not 
> > > sure (or maybe these 5 packages were release during my experiment on the 
> > > current repo).
> > > 
> > > Is there a way in github to see the list of packages and the associated 
> > > commits for each repo?
> > 
> > Sorry it was 8 packages.
> > 
> > I have cleared both rpm and repodata, and with the clean option was offered 
> > to install these 8 packages. which I did.
> 
> Have you cleaned your templates too to keep them up-to-date and in sync with 
> dom0?

Good heads-up. Just did, and there was also 25 packages (6 of which on 
qubes-vm-r4.0-current).

I am not going to speculate at this point if Qubes OS team released some 
updates this afternoon or not.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20cc5724-956e-41cd-bd5b-e60d1107254e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tuesday, February 27, 2018 at 4:45:26 PM UTC+1, awokd wrote:
> On Tue, February 27, 2018 3:24 pm, Unman wrote:
> 
> > To work efficiently,a program as
> > you envisage it would need to hold a database of board/processors to
> > provide accurate report, I think.
> 
> That's true but it would be next to impossible to keep that database up to
> date with errata about broken chipsets/processor opcodes, various EFI
> firmware revisions (some functional, some not) etc. etc. etc.
> 
> Seems best to report on currently enabled processor & IOMMU capabilities-
> which your live image approach allows!

It could be interesting if a small simple A.I. was made to look into the HCL 
thread though, maybe it won't need to be so sophisticated to pull of a feat 
like that. I.e. run down the list online when HCL report is being processed. 
Maybe this won't even need to be an A.I. but an automated search engine that 
quotes from the HCL report list if one is available? It won't be perfect, but 
it'd be an improvement for people that don't check the HCL list themselves. But 
it's kind of a luxury problem right now though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7649836-134e-4f92-b2a6-f6367efe4f66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Clearing qubes-dom0-cached packages

On Tuesday, February 27, 2018 at 4:45:45 PM UTC+1, Alex Dubois wrote:
> On Tuesday, 27 February 2018 15:34:00 UTC, Alex Dubois  wrote:
> > On Friday, 12 February 2016 22:08:05 UTC, m.3.7.31.127...@gmail.com  wrote:
> > > I accidentally ran qubes-dom0-update qubes*testing and qubes downloaded 
> > > testing packages. I didn't install them, and I don't want to. However, 
> > > the packages are still cached and I have no way to update qubes now 
> > > without installing the testing packages.
> > > 
> > > How can I clear the package cache?
> > 
> > Hi,
> > 
> > I had the exact problem in this thread. I wanted to check if my 
> > qubes-dom0-update was broken or not. so enabled testing, which downloaded 
> > packages, I let it finished but then did not install.
> > 
> > Searched the past threads and found this one.
> > 
> > Applied the --clean option
> > Which seem to have done some things as I had now 5 packages that it wanted 
> > to install.
> > Which seems to confirm that qubes-dom0-update was stuck, also I am not sure 
> > (or maybe these 5 packages were release during my experiment on the current 
> > repo).
> > 
> > Is there a way in github to see the list of packages and the associated 
> > commits for each repo?
> 
> Sorry it was 8 packages.
> 
> I have cleared both rpm and repodata, and with the clean option was offered 
> to install these 8 packages. which I did.

Have you cleaned your templates too to keep them up-to-date and in sync with 
dom0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec36080b-5eab-4c1d-949a-f41f6213c9be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Clearing qubes-dom0-cached packages

On Tuesday, 27 February 2018 15:34:00 UTC, Alex Dubois  wrote:
> On Friday, 12 February 2016 22:08:05 UTC, m.3.7.31.127...@gmail.com  wrote:
> > I accidentally ran qubes-dom0-update qubes*testing and qubes downloaded 
> > testing packages. I didn't install them, and I don't want to. However, the 
> > packages are still cached and I have no way to update qubes now without 
> > installing the testing packages.
> > 
> > How can I clear the package cache?
> 
> Hi,
> 
> I had the exact problem in this thread. I wanted to check if my 
> qubes-dom0-update was broken or not. so enabled testing, which downloaded 
> packages, I let it finished but then did not install.
> 
> Searched the past threads and found this one.
> 
> Applied the --clean option
> Which seem to have done some things as I had now 5 packages that it wanted to 
> install.
> Which seems to confirm that qubes-dom0-update was stuck, also I am not sure 
> (or maybe these 5 packages were release during my experiment on the current 
> repo).
> 
> Is there a way in github to see the list of packages and the associated 
> commits for each repo?

Sorry it was 8 packages.

I have cleared both rpm and repodata, and with the clean option was offered to 
install these 8 packages. which I did.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/881cf787-4f3e-44de-8ca9-bc11f77ce0f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tue, February 27, 2018 3:24 pm, Unman wrote:

> To work efficiently,a program as
> you envisage it would need to hold a database of board/processors to
> provide accurate report, I think.

That's true but it would be next to impossible to keep that database up to
date with errata about broken chipsets/processor opcodes, various EFI
firmware revisions (some functional, some not) etc. etc. etc.

Seems best to report on currently enabled processor & IOMMU capabilities-
which your live image approach allows!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f38dff92ec74fb6f4653bbe405d1b205.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0 rc4 / Qubes backup doesn't find the directory

Le mardi 27 février 2018 17:37:53 UTC+2, Alex Dubois a écrit :
> On Tuesday, 27 February 2018 10:39:06 UTC, Yuraeitha  wrote:
> > On Tuesday, February 27, 2018 at 7:00:46 AM UTC+1, ThierryIT wrote:
> > > Le mardi 27 février 2018 02:50:05 UTC+2, Yuraeitha a écrit :
> > > > On Monday, February 26, 2018 at 8:04:44 PM UTC+1, ThierryIT wrote:
> > > > > Hi,
> > > > > 
> > > > > I would like to backup few of my VMs.
> > > > > I have mount my external usb (not using sys-usb) HDD.
> > > > > From the console where my HDD is attached/mounted, I have access 
> > > > > through /mnt/removable to all my previous (3.2) backup files.
> > > > > I have created, in /mnt/removable, a new folder.
> > > > > When running the Qubes backup, and choosing the newly created folder, 
> > > > > I have this error:
> > > > > 
> > > > > Selected directory do not exists or not a directory
> > > > > 
> > > > > I have created others folders, I have change permissions ... Same 
> > > > > problem.
> > > > > Today all my folders are:
> > > > > 
> > > > > - drwxrwxr-x 3 user:user AppVM_bck
> > > > > 
> > > > > Same pb if root:root
> > > > > 
> > > > > ??
> > > > 
> > > > Apologies, I overlooked the "- drwxrwxr-x 3 user:user AppVM_bck" line 
> > > > in your post. Since your USB controller then must be directly passed 
> > > > into the AppVM, you can try create a direct path copy directly in dom0, 
> > > > even though you won't be using this path. As suggested in Rusty Bird's 
> > > > link. Does it work for you?
> > > 
> > > I have created the "/mnt/removable" in dom0.
> > > If using as path: /mnt/removable/AppVM_bck I do still have the same error 
> > > message.
> > > If using as path: /mnt/removable I do have a permission denied.
> > > 
> > > drwxr-xr-x root rootmnt
> > > drwxr-xr-x root rootremovable
> > > drwxrwxr-x user user AppVM_bck
> > > 
> > > Are the permissions correct ? It should be root:root or user:user ?
> > > 
> > > Thx
> > 
> > It looks like you did the permissions correctly, lets try something else. I 
> > suggest you try make a new fixed artificial mounting path rather than the 
> > dynamic allocated one, because it may quite reasonably be why Qubes 4 can't 
> > find its way to the path when special symbolic location letters are used as 
> > path shortcuts, such as $HOME/ or ~/ and similar for /home/user, which 
> > seems similar to /run/removable. So it may be that dynamic folders aren't 
> > working very well. 
> > 
> > For example XFCE4 keybinding a script located in /home/user/ can be a huge 
> > hassle if using $HOME/ or ~/ to bypass dynamic user-names in different 
> > Linux systems, and instead one has to write the actual user-name in the 
> > path, which means it only works if using the full path name, rather than 
> > path shortcuts. Maybe it's the same that happens with /mnt/removable. In 
> > which case, it may be useful to abandon this location to something not 
> > bound by location rules, which can be anywhere but the official places.
> > 
> > Perhaps this bug could even be related to the recent $ some days back? I 
> > dunno though, but without any insight, it seems like it maybe could be.
> > 
> > So try un-mount the USB drive in the AppVM, and make a new fixed location 
> > folder, it could be in /mnt/some-folder <--- give folder a name, but 
> > without spaces and special letters to avoid issues.
> > 
> > Change the some-older's ownership to user and give it permissions. Then 
> > once that is done, mount your drive to the folder with appropriate mounting 
> > permissions. Then do the same new path in dom0, with same 
> > ownership/permissions. 
> > 
> > Generally only the last folder should have the same permission, at least as 
> > far as I know the parent folder permission shouldn't matter much. So don't 
> > worry about the parent folders, just focus on the final folder in the path.
> > 
> > Does it make a difference when you clear out dynamic paths for fixed paths, 
> > then remount it, and ensure all permissions are in place?
> > 
> > Also I don't think you need the dom0 trick if you try this approach, 
> > although I could be wrong. I think the dom0 identical path trick is a 
> > method to trick the system to not fail on the shortcut path. So by avoiding 
> > shortcut paths altogether, you may not need to do the dom0 trick to bypass 
> > the bug. I'm not 100% sure if this how it actually works, but it may be 
> > worth a try.
> 
> fyi, I had same problem, and doing the back-up at the root of the mount point 
> allowed me to continue (/media on a DispVM in my case where I had bound a 
> second HD on my SATA temporarilly).

I have tried at the mounting point too "/mnt" without succes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on

[qubes-users] Re: Qubes 4.0 rc4 / Qubes backup doesn't find the directory

On Tuesday, 27 February 2018 10:39:06 UTC, Yuraeitha  wrote:
> On Tuesday, February 27, 2018 at 7:00:46 AM UTC+1, ThierryIT wrote:
> > Le mardi 27 février 2018 02:50:05 UTC+2, Yuraeitha a écrit :
> > > On Monday, February 26, 2018 at 8:04:44 PM UTC+1, ThierryIT wrote:
> > > > Hi,
> > > > 
> > > > I would like to backup few of my VMs.
> > > > I have mount my external usb (not using sys-usb) HDD.
> > > > From the console where my HDD is attached/mounted, I have access 
> > > > through /mnt/removable to all my previous (3.2) backup files.
> > > > I have created, in /mnt/removable, a new folder.
> > > > When running the Qubes backup, and choosing the newly created folder, I 
> > > > have this error:
> > > > 
> > > > Selected directory do not exists or not a directory
> > > > 
> > > > I have created others folders, I have change permissions ... Same 
> > > > problem.
> > > > Today all my folders are:
> > > > 
> > > > - drwxrwxr-x 3 user:user AppVM_bck
> > > > 
> > > > Same pb if root:root
> > > > 
> > > > ??
> > > 
> > > Apologies, I overlooked the "- drwxrwxr-x 3 user:user AppVM_bck" line in 
> > > your post. Since your USB controller then must be directly passed into 
> > > the AppVM, you can try create a direct path copy directly in dom0, even 
> > > though you won't be using this path. As suggested in Rusty Bird's link. 
> > > Does it work for you?
> > 
> > I have created the "/mnt/removable" in dom0.
> > If using as path: /mnt/removable/AppVM_bck I do still have the same error 
> > message.
> > If using as path: /mnt/removable I do have a permission denied.
> > 
> > drwxr-xr-x root rootmnt
> > drwxr-xr-x root rootremovable
> > drwxrwxr-x user user AppVM_bck
> > 
> > Are the permissions correct ? It should be root:root or user:user ?
> > 
> > Thx
> 
> It looks like you did the permissions correctly, lets try something else. I 
> suggest you try make a new fixed artificial mounting path rather than the 
> dynamic allocated one, because it may quite reasonably be why Qubes 4 can't 
> find its way to the path when special symbolic location letters are used as 
> path shortcuts, such as $HOME/ or ~/ and similar for /home/user, which seems 
> similar to /run/removable. So it may be that dynamic folders aren't working 
> very well. 
> 
> For example XFCE4 keybinding a script located in /home/user/ can be a huge 
> hassle if using $HOME/ or ~/ to bypass dynamic user-names in different Linux 
> systems, and instead one has to write the actual user-name in the path, which 
> means it only works if using the full path name, rather than path shortcuts. 
> Maybe it's the same that happens with /mnt/removable. In which case, it may 
> be useful to abandon this location to something not bound by location rules, 
> which can be anywhere but the official places.
> 
> Perhaps this bug could even be related to the recent $ some days back? I 
> dunno though, but without any insight, it seems like it maybe could be.
> 
> So try un-mount the USB drive in the AppVM, and make a new fixed location 
> folder, it could be in /mnt/some-folder <--- give folder a name, but without 
> spaces and special letters to avoid issues.
> 
> Change the some-older's ownership to user and give it permissions. Then once 
> that is done, mount your drive to the folder with appropriate mounting 
> permissions. Then do the same new path in dom0, with same 
> ownership/permissions. 
> 
> Generally only the last folder should have the same permission, at least as 
> far as I know the parent folder permission shouldn't matter much. So don't 
> worry about the parent folders, just focus on the final folder in the path.
> 
> Does it make a difference when you clear out dynamic paths for fixed paths, 
> then remount it, and ensure all permissions are in place?
> 
> Also I don't think you need the dom0 trick if you try this approach, although 
> I could be wrong. I think the dom0 identical path trick is a method to trick 
> the system to not fail on the shortcut path. So by avoiding shortcut paths 
> altogether, you may not need to do the dom0 trick to bypass the bug. I'm not 
> 100% sure if this how it actually works, but it may be worth a try.

fyi, I had same problem, and doing the back-up at the root of the mount point 
allowed me to continue (/media on a DispVM in my case where I had bound a 
second HD on my SATA temporarilly).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8ff7216-f51d-4fc1-8a14-093c5232af8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Upgrade of my sys-usb ??

Hello,

I have upgrade the template (fedora-26) who has been used to build my sys-usb 
VM.
I do not see yet, any propagation of this upgrade to my sys-usb ... Is there 
any possibility to force this to be done ?

Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d04a83c-24c6-409d-b733-99fcc4d24a33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Clearing qubes-dom0-cached packages

On Friday, 12 February 2016 22:08:05 UTC, m.3.7.31.127...@gmail.com  wrote:
> I accidentally ran qubes-dom0-update qubes*testing and qubes downloaded 
> testing packages. I didn't install them, and I don't want to. However, the 
> packages are still cached and I have no way to update qubes now without 
> installing the testing packages.
> 
> How can I clear the package cache?

Hi,

I had the exact problem in this thread. I wanted to check if my 
qubes-dom0-update was broken or not. so enabled testing, which downloaded 
packages, I let it finished but then did not install.

Searched the past threads and found this one.

Applied the --clean option
Which seem to have done some things as I had now 5 packages that it wanted to 
install.
Which seems to confirm that qubes-dom0-update was stuck, also I am not sure (or 
maybe these 5 packages were release during my experiment on the current repo).

Is there a way in github to see the list of packages and the associated commits 
for each repo?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d0ba026-99cb-46fd-81d8-460602b6ffb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tue, Feb 27, 2018 at 09:40:49AM -0500, Don Hemminger wrote:
> The boot up report is very helpful, but if it could be run outside of
> Qubes, it would be quicker, and could provide comprehensive specific
> details (e.g. TPM 1.2 or 2.0) on specific platforms.  I'm not sure how
> feasible that would be.  It's just a suggestion.
> 
> On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:
> 
> > On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> > > Would it be possible to create a simple diagnostic that could be run on a
> > >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> > > could quickly diagnose and report on the compatibility level of each
> > major
> > >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> > > issues or conflicts. It would take a lot of the guesswork out of the HCL
> > > process. I'd love to run it on my new Dell Optiplex 3050.
> >
> > qubes-hcl-report. Or are you suggesting something that could be run
> > outside of Qubes?
> >
> >
> >
> 

For 3.2 I have a Qubes Live that can be run from DVD/USB and generate HCL from
that.
http://www.qubes-3isec.org

A major issue is that programs like HCL will report on the current capabilities,
not necessarily what the machine is capable of. For that you really need
to look in BIOS (to see what can be enabled) and check the documentation
for your mb/processor combo.
To work efficiently,a program as you envisage it would need to hold a
database of board/processors to provide accurate report, I think.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180227152454.ndo4uzeujttbib5r%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to upgrade qubes-core-agent ?

Hi,

I have installed the fedora-26 template but it is running with version 4.0.20 
and I would like the version 4.0.23 ... How to upgrade ?

Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbd28883-ffcf-4e1b-bcef-1da44f152f69%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tuesday, February 27, 2018 at 3:40:53 PM UTC+1, Don Hemminger wrote:
> The boot up report is very helpful, but if it could be run outside of Qubes, 
> it would be quicker, and could provide comprehensive specific details (e.g. 
> TPM 1.2 or 2.0) on specific platforms.  I'm not sure how feasible that would 
> be.  It's just a suggestion.
> 
> 
> On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:
> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> 
> > Would it be possible to create a simple diagnostic that could be run on a
> 
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> 
> > could quickly diagnose and report on the compatibility level of each major
> 
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> 
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> 
> > process. I'd love to run it on my new Dell Optiplex 3050.
> 
> 
> 
> qubes-hcl-report. Or are you suggesting something that could be run
> 
> outside of Qubes?

So for exampæe if you look up the laptops compatibility with other Linux 
systems, or you know from experience that it runs other Linux distributions 
well, then you know the kernel will likely run somewhat fine on Qubes. 

If you use other diagnostic tools or look up the hardware specs, then you can 
narrow down which features your system support. Though if using diagnostic 
tools, it must first be enabled in UEFI/BIOS too, even the HCL report requires 
this though, so it's all the same there anyway.

Poor UEFI/BIOS you can do research on too, for example does other people have 
issues with that particular motherboard? Especially with these virtualisation 
features and/or Linux in general?

It isn't all easy to do, but you can get a lot more information this way. The 
HCL report is actually quite limited in contrast to what you can quickly gather 
with research on a search engine. You would need something akin to an A.I. if 
you want it to be able to outsmart a person researching, the modern programs 
can't do it that well.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd68b8c4-06da-4a49-abc7-21829fac4b8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Can't install Qubes, Rebooting after loading initrd.img

On Mon, February 26, 2018 11:06 pm, awokd wrote:
> On Mon, February 26, 2018 11:01 pm, patelma...@gmail.com wrote:
>
>
>>
>> After following the links, I see that yes I had already visited those,
>> however they do lead to other important links to be sure, so thank you.
>> The ones you sent me explain how to install through the terminal, I
>> believe, whereas I was hoping to simply transfer the file from my stick
>> over to the computer and then simply hit install. Is the only option
>> that I use the terminal, do you know?
>>
>
> If you're doing it from another Linux machine, then the terminal is the
> quickest/most reliable way to do it. You can't just copy the install file
> over like you were doing.

Be careful to get the destination right, though. You want to make sure it
is writing to your USB drive, not the internal hard drive!

One way to check on Linux is to enter "ls /dev/sd*" without your USB drive
plugged in and see what's listed. Then, plug the USB drive in and run the
command again, and check for new entries on the list. You can repeat
multiple times to make sure which sdX entry belongs to the USB drive.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56c1f5f08a14327cb94dae01cdacc8b5.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tuesday, February 27, 2018 at 3:40:53 PM UTC+1, Don Hemminger wrote:
> The boot up report is very helpful, but if it could be run outside of Qubes, 
> it would be quicker, and could provide comprehensive specific details (e.g. 
> TPM 1.2 or 2.0) on specific platforms.  I'm not sure how feasible that would 
> be.  It's just a suggestion.
> 
> 
> On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:
> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> 
> > Would it be possible to create a simple diagnostic that could be run on a
> 
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> 
> > could quickly diagnose and report on the compatibility level of each major
> 
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> 
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> 
> > process. I'd love to run it on my new Dell Optiplex 3050.
> 
> 
> 
> qubes-hcl-report. Or are you suggesting something that could be run
> 
> outside of Qubes?

Definitely, but I don't think it's something they'd work on right now. They 
have limited resources and a lot planned to do atm. It could be something for 
the future perhaps? If it's not on the issue tracker on Github already, then 
you could add it there so that it maybe one day gets picked up and solved.

But I don't think the HCL report is much different from other tools, this 
report won't tell you if you will run into UEFI issues and bugs, poor kernel 
drivers for your hardware, or other hickups that can happen. Even the Qubes HCL 
report can't tell you so much about that.

So if your goal is just to verify the different features, you can get far on 
Windows/Mac/Linux by running other diagnostic tools to tell what kind of 
virtulisation your hardware supports. This can also be foind in the specs, 
though, if people are unsure, having a program that can run in 
Windows/Mac/linux is definitely a good idea, I agree. Even more so if drivers 
can be tested, but that'd require much more work I imagine.

UEFI/BIOS issues is more of a poor motherboard lottry risk, I'm not sure if 
this can be tested from another system.

But if you have the essential featues, which is easy to find with other tools 
and hardware specs, then at least you got one major hurdle out of the way, with 
remamining potential issues in bad drivers and firmware support.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9d6ea39-63e7-4be6-bfe8-840ea3fdbbc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Don Hemminger

The boot up report is very helpful, but if it could be run outside of
Qubes, it would be quicker, and could provide comprehensive specific
details (e.g. TPM 1.2 or 2.0) on specific platforms.  I'm not sure how
feasible that would be.  It's just a suggestion.

On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:

> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> > Would it be possible to create a simple diagnostic that could be run on a
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> > could quickly diagnose and report on the compatibility level of each
> major
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> > process. I'd love to run it on my new Dell Optiplex 3050.
>
> qubes-hcl-report. Or are you suggesting something that could be run
> outside of Qubes?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHpGpy0n2O4g3VvCt_NBHqBiBi1bQyvtyVK8A4uv-yJBGT7aLA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tuesday, February 27, 2018 at 3:19:11 PM UTC+1, awokd wrote:
> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> > Would it be possible to create a simple diagnostic that could be run on a
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> > could quickly diagnose and report on the compatibility level of each major
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> > process. I'd love to run it on my new Dell Optiplex 3050.
> 
> qubes-hcl-report. Or are you suggesting something that could be run
> outside of Qubes?

hmm, maybe something that could be run in Windows or other Linux OS's that most 
people have running before going Qubes? I wonder, it might not have to be Qubes 
specific right? As long as it looks for those VM related hardware support 
features. 

The question then would be, what programs are available that can do this? I 
can't think of any at the top of my head atm at least.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8f22712-ced4-4c71-9460-572f3b1fa06d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New laptop install R4rc5 fresh install, X startup failed.

On Tuesday, February 27, 2018 at 3:18:56 PM UTC+1, Michael MENG wrote:
> Yes. I did , but still no luck. Also googled. I did press e when see grub 
> menu but show mothing.

btw, you need to use "Tab" key on the installer, not the "E" key. Once Qubes is 
installed however, it's the regular old "E" Grub again. But during the 
installer, you need to use "Tab", screen will not change but 3 or so lines 
appears at the bottom of the screen, where you can add the driver blacklist at 
the very end (remember to add a proper space before adding it).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1834b6f1-f089-451c-baec-1ef7d0e87cce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New laptop install R4rc5 fresh install, X startup failed.

On Tuesday, February 27, 2018 at 3:18:56 PM UTC+1, Michael MENG wrote:
> Yes. I did , but still no luck. Also googled. I did press e when see grub
> menu but show mothing.

If you only plan to use Qubes OS on it, and not any other OS dual-boot system
(not recommended to dual-boot with Qubes btw, but still may make sense for some
use-cases), then you can just flat out disable nvidia grapghics in your
BIOS/UEFI. That way you won't have to bother with Grub or EFI settings. Also
even if you dual-boot, onboard graphics is often more than enough for most
things, unless you plan to game or run really high-end graphic applications.

You will eventually have to solve it though if you want to use that nvidia in
Qubes 4.1. (assuming GPU pass-through to specific AppVMs) makes it to the final
4.1. release version. But it'll take a good while before we see 4.1. as 4.0 is
barely out of the door yet.

But you can try disable it in UEFI/BIOS to get started, if it works then you're
also more sure that nothing else is preventing Qubes from being installed. If
nothing else, it'll at least single out where the issue is, even if you only
temporary disable it in UEFI/BIOS.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8ce5a050-1fe0-4081-96f8-9738035f0a8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New laptop install R4rc5 fresh install, X startup failed.

2018-02-27 Thread Michael MENG

Yes. I did , but still no luck. Also googled. I did press e when see grub menu 
but show mothing. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dd44b0f4-4f36-4926-9f51-bc07168f1533%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> Would it be possible to create a simple diagnostic that could be run on a
>  PC to summarize the Qubes Hardware Compatibility of that machine. It
> could quickly diagnose and report on the compatibility level of each major
>  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> issues or conflicts. It would take a lot of the guesswork out of the HCL
> process. I'd love to run it on my new Dell Optiplex 3050.

qubes-hcl-report. Or are you suggesting something that could be run
outside of Qubes?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9edf04fdafaf0b1f59d4ed9f86dad1b9.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Don Hemminger

 Would it be possible to create a simple diagnostic that could be run on a
PC to summarize the Qubes Hardware Compatibility of that machine. It could
quickly diagnose and report on the compatibility level of each major
requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible issues
or conflicts. It would take a lot of the guesswork out of the HCL process.
I'd love to run it on my new Dell Optiplex 3050.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHpGpy3kj0uzt80oYpUBZXP01GAViGCY5Ae5n5vL-miMYGMbZw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qrexec demon fails to load any VM when I attach any device

On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque wrote:
> Hi Qubes,
> First time installer here, trying to get my sound to work. Strangely, 
> speakers are broken, but headphones work fine.
> 
> Anytime I move my sound device from 'available' to 'selected' in a given VM, 
> the VM won't load and I get the 'qeexec demon' error. Same thing when I move 
> various other devices over (tested with USB ones). I should need the audio 
> device moved over in order for it to work in a given VM, right?
> 
> Any thoughts? Running 3.2 on a Zenbook UX31A.
> 
> Thanks,
> Allen

Also if you moved the soundcard to a direct pass-through, and the soundcard 
hardware does not support the PCI pass-through feature. Then you need to make a 
full restart of Qubes OS (fully power down power in order to clean hardware 
memory). This is due to security reasons. If this is hitting you, then you may 
want to first undo the pass-through you made of your soundcard, and then make a 
full restart before trying the above suggestions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b70c8306-6d50-4850-a435-0a5dceb9ae48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qrexec demon fails to load any VM when I attach any device

On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque wrote:
> Hi Qubes,
> First time installer here, trying to get my sound to work. Strangely, 
> speakers are broken, but headphones work fine.
> 
> Anytime I move my sound device from 'available' to 'selected' in a given VM, 
> the VM won't load and I get the 'qeexec demon' error. Same thing when I move 
> various other devices over (tested with USB ones). I should need the audio 
> device moved over in order for it to work in a given VM, right?
> 
> Any thoughts? Running 3.2 on a Zenbook UX31A.
> 
> Thanks,
> Allen

I'm not sure if we're on the same page here, but being a new Qubes user, have 
you seen that sound will automatically be passed from different VM's to the 
speakers/headphones without doing much or anything at all? From your choice of 
words, it seems you both are aware and not at the same time, I'm not sure which 
is the case.

I'll start with the less likely issues, like driver issue or broken template 
issue. If sound in a template is broken (and thereby any AppVM based on the 
template), then generally sound should work in another template (typically). So 
if its broken on fedora VM's, then chances are good that it will work on debian 
templates (and vice versa). I never got hit by this issue, but I believe it's 
relatively rare issue too. Incompatible drivers is probably more likely, and 
even that may be rare if you got common hardware, especially if sound works on 
other Linux distro's running on that hardware.

So if it works on other Linux distro's, then it is less likely to be a driver 
issue, and if it doesn't work in all templates (fedora/debian/whonix), then 
it's also less likely to be an issue in the template. Of course it could be an 
issue in the dom0 sound server (off-topic mention, it sounds insecure that its 
run in dom0, but I believe it's planned to be secured in the near future). 
However I think the dom0 sound issues is even more rare, I've actually never 
seen one of those, usually only seen less than a handful cases of single 
template issues.

Which leaves me with the question, could it be that you need to change the 
output in the sound settings? Did you try click on the sound icon on the XFCE4 
panel and click "Audio mixer..." and then in the first tab, "Playback" change 
the soundcard for each individual VM?

Note that if only one soundcard is available, that it won't give you a choice 
to pick between them in the first tab. But if there are multiple of soundcards 
available, then you should be able to pick between them. 

If you want to change between headphones/speakers within the same soundcard, 
then you need to pick the "Output Devices" tab instead and click on the 
soundcard with the two outputs and change it. Though normally this switch is 
done automatically if a jackstick is pressent in the soundcard. If a jackstick 
is sticked in your soundcard, like your headphones for example, then only your 
headhphones will give sound (unless you manually change it yourself like 
described here).

Also, if you use USB based headset, then it might be defined as a soundcard 
instead, which you need to go back to the first tab again and pick between the 
speakers/USB-headset.

Note also that if you use a soundcard, like the USB based soundcard you have, 
that you can pass it directly to any VM's you like. But if you want to use that 
soundcard on other VM's, then the dom0 sound server need to be changed to 
address it somehow. Which means your soundcard probably need to be placed in 
dom0, as far as I know? But if soundcards are passed directly into VM's then it 
should work in individual VM's at least. I'm not sure if qvm-usb can handle it, 
but direct pass-through should work just fine.

A bit of different perspectives, does any this work for you? Did I 
misunderstand your issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f68acf8-acc1-4fea-b9b0-2d16009070af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: AW: Re: [qubes-users] Installing Chrome

On Tuesday, February 27, 2018 at 3:06:36 AM UTC+1, brenda...@gmail.com wrote:
> On Monday, February 26, 2018 at 7:21:11 PM UTC-5, [799] wrote:
> > An 27. Feb. 2018, 00:59, Yuraeitha schrieb:
> > > It is by no means a complete guide as you
> > > make it sound though, it's relying overly much
> > > on closed code, and Chromium is no good
> > > here to look into Google Chrome. I wouldn't
> > > call it the "go to" guide to get everything
> > > working. 
> > 
> > Seriously? Do you know how much time it takes to write a how-to? To test all
> > steps and to use the feedback from other committed users to make it better?
> > And as mentioned the guide is written for a special use case, playing
> > multimedia on Qubes as I wanted an OS which I can use for everything I'm 
> > using
> > a laptop for.
> 
> Hey, just wanted to say: thanks for the guide, it's great. :)
> 
> One of the strengths of Qubes is that you *can* divide your usage into 
> compartments which have different compromises (both security-wise and 
> philosophy-wise). A full-out "yes, we can Netflix and ... well, popcorn in 
> this case" Qube and separately have a "open source intelligence research 
> behind VPN and/or TOR" Qube or "develop sensitive open source application" 
> Qube on the same machine, *and* worry less about cross contamination 
> (security, software development ethics, identities, etc.) is just a big win.
> 
> Again: thanks! I am already using your guide and I appreciate all the work 
> you and others put into it.
> 
> ...
> > > The fact that Firefox isn't even mentioned in
> > > that "between the lines self-proclaimed all
> > > solution page guide", makes me a bit sad and
> > > disappointed in Qubes. I hope this is a
> > > mistake. 
> > 
> > Honestly it was me writing this "self-proclaimed all solution page guide"
> > which took me lots of hours starting from the first version and following 
> > the
> > excellent feedback from other users to improve it.
> > Maybe you should provide content instead of being sad that others try to
> > contribute to the Qubes project?
> 
> Great idea! Maybe Yuraeitha can write up a "multimedia, most of it, with 
> firefox" guide? I have seen Yuraeitha add useful information on other threads 
> in this forum, appears to be very engaged and generally appears to mean well.
> 
> > Do you know how motivating it feels if people comment on your work like 
> > you're
> > doing?
> 
> I hope I have at least added some positive balance. :)
> 
> > If my how-to will convince one user to try out Qubes because he can even do 
> > the "evil closed source" stuff, I am happy.
> 
> :)
> 
> Brendan

I think you add positive balance Brendan, I like that you try to see both 
parties views and seek to make peace. Although I did overstep and caused a 
provocation, when I could have criticized without it becoming emotional. Even 
if I did not do it intentionally, it's still something I need to take 
responsibility for.

To which I really apologize for [799], I hope we can still see eye to eye. By 
the way, even if I criticized your how-to doc here, there are two things that 
soften the perceived written criticism (quite a lot actually), which I want to 
underline. First the work you did is really good, I like what you did. What I 
criticized is only a lack of work into open alternatives, and not the work you 
did, which is good (which the criticism here takes a whole different character 
when criticizing an institution/culture rather than a single person). Adding a 
section to the how-to with minimum a brief mention of privacy/open-source 
concerns could be a good quick solution as a disclaimer, which would fend off 
this criticism even if you don't add open source solutions. Second, I want to 
admit that I make mistakes too (which is obvious, but the point here is that 
I'm admitting to it, in fact I make a lot of mistakes). I'm not trying to 
belittle, be arrogant or feel superior (I don't). It's just that my writing 
style can be very straight forward and it can risk sounding harsh. Adding 
on-top of that, I can be pretty darned merciless when it comes to challenging 
authority, which is not how I act towards individual people. I believed in the 
moment of the writing that what I challenged, did not have a face or emotions, 
but instead was a system, an authority through institutionalization/culture. 
But it turned out the wrath I put forward actually hit a person, which was not 
my intention at all. Shaking things up can sometimes fix issues in 
institutions, but it's not a good approach for individual people. I hope you 
will forgive me for being rude towards you, I do feel bad about it... 
Especially when as a person a mistake like this is very minor, while in 
contrast it would be big mistake if it's an institutional error when a lot of 
people are involved in it and no one criticizes it (which is where the big 
words are needed to shake things up). I'm not trying to write my self out of a 
mistake here, because I

[qubes-users] Re: Qubes 4.0 rc4 / Qubes backup doesn't find the directory

On Tuesday, February 27, 2018 at 7:00:46 AM UTC+1, ThierryIT wrote:
> Le mardi 27 février 2018 02:50:05 UTC+2, Yuraeitha a écrit :
> > On Monday, February 26, 2018 at 8:04:44 PM UTC+1, ThierryIT wrote:
> > > Hi,
> > > 
> > > I would like to backup few of my VMs.
> > > I have mount my external usb (not using sys-usb) HDD.
> > > From the console where my HDD is attached/mounted, I have access through 
> > > /mnt/removable to all my previous (3.2) backup files.
> > > I have created, in /mnt/removable, a new folder.
> > > When running the Qubes backup, and choosing the newly created folder, I 
> > > have this error:
> > > 
> > > Selected directory do not exists or not a directory
> > > 
> > > I have created others folders, I have change permissions ... Same problem.
> > > Today all my folders are:
> > > 
> > > - drwxrwxr-x 3 user:user AppVM_bck
> > > 
> > > Same pb if root:root
> > > 
> > > ??
> > 
> > Apologies, I overlooked the "- drwxrwxr-x 3 user:user AppVM_bck" line in 
> > your post. Since your USB controller then must be directly passed into the 
> > AppVM, you can try create a direct path copy directly in dom0, even though 
> > you won't be using this path. As suggested in Rusty Bird's link. Does it 
> > work for you?
> 
> I have created the "/mnt/removable" in dom0.
> If using as path: /mnt/removable/AppVM_bck I do still have the same error 
> message.
> If using as path: /mnt/removable I do have a permission denied.
> 
> drwxr-xr-x root rootmnt
> drwxr-xr-x root rootremovable
> drwxrwxr-x user user AppVM_bck
> 
> Are the permissions correct ? It should be root:root or user:user ?
> 
> Thx

It looks like you did the permissions correctly, lets try something else. I 
suggest you try make a new fixed artificial mounting path rather than the 
dynamic allocated one, because it may quite reasonably be why Qubes 4 can't 
find its way to the path when special symbolic location letters are used as 
path shortcuts, such as $HOME/ or ~/ and similar for /home/user, which seems 
similar to /run/removable. So it may be that dynamic folders aren't working 
very well. 

For example XFCE4 keybinding a script located in /home/user/ can be a huge 
hassle if using $HOME/ or ~/ to bypass dynamic user-names in different Linux 
systems, and instead one has to write the actual user-name in the path, which 
means it only works if using the full path name, rather than path shortcuts. 
Maybe it's the same that happens with /mnt/removable. In which case, it may be 
useful to abandon this location to something not bound by location rules, which 
can be anywhere but the official places.

Perhaps this bug could even be related to the recent $ some days back? I dunno 
though, but without any insight, it seems like it maybe could be.

So try un-mount the USB drive in the AppVM, and make a new fixed location 
folder, it could be in /mnt/some-folder <--- give folder a name, but without 
spaces and special letters to avoid issues.

Change the some-older's ownership to user and give it permissions. Then once 
that is done, mount your drive to the folder with appropriate mounting 
permissions. Then do the same new path in dom0, with same 
ownership/permissions. 

Generally only the last folder should have the same permission, at least as far 
as I know the parent folder permission shouldn't matter much. So don't worry 
about the parent folders, just focus on the final folder in the path.

Does it make a difference when you clear out dynamic paths for fixed paths, 
then remount it, and ensure all permissions are in place?

Also I don't think you need the dom0 trick if you try this approach, although I 
could be wrong. I think the dom0 identical path trick is a method to trick the 
system to not fail on the shortcut path. So by avoiding shortcut paths 
altogether, you may not need to do the dom0 trick to bypass the bug. I'm not 
100% sure if this how it actually works, but it may be worth a try.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/18768012-1e80-4a80-bf4e-5f730fb278f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qrexec demon fails to load any VM when I attach any device

2018-02-27 Thread Allen Larocque

Hi Qubes,
First time installer here, trying to get my sound to work. Strangely, speakers 
are broken, but headphones work fine.

Anytime I move my sound device from 'available' to 'selected' in a given VM, 
the VM won't load and I get the 'qeexec demon' error. Same thing when I move 
various other devices over (tested with USB ones). I should need the audio 
device moved over in order for it to work in a given VM, right?

Any thoughts? Running 3.2 on a Zenbook UX31A.

Thanks,
Allen

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b5e6e40-9282-4a5e-9ed9-2fb1acfade10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: POWER9

On Mon, February 26, 2018 5:40 pm, David Hobach wrote:
>

>
> On 02/26/2018 04:29 PM, 'awokd' via qubes-users wrote:
>
>> On Sun, February 25, 2018 11:33 pm, taii...@gmx.com wrote:
>>
>>
>>
>>> Yeah unfortunately Xen doesn't support POWER and they have rebuffed
>>> advances from IBM and Raptor offering assistance to support it.
>>
>> Is there a link somewhere to this? I've been searching but not finding
>> it. I don't see why Xen wouldn't want to increase their user base.
>>
>
> Found
> https://discussions.citrix.com/topic/358571-installation-of-citrix-xenserv
> er-on-ibm-power-server/

I see in that thread "PowerPC development in Xen was short lived. It
stopped in 2010 and the code was removed from Xen 3.3". I wonder what the
reasoning was and the history on it at the time. It doesn't talk about Xen
and Raptor though, they've only been working on Power for the past couple
years or so.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84e229cf3ce1a964d73dd71c1b4c4991.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: firewall/proxy VM not working with Qubes 4.0-rc4