Re: [qubes-users] Re: desktop recommendations?
I personally use one PC and one laptop. PC is a Dell T5500, 12 threads, 24 GB RAM. I can upgrade that to 24 threads and 128 GB RAM, I run 14 Guests at a time often. I rarely use all the CPU. RAM runs out if I start too many. X5680 with DDR3 RAM. Laptop is an HP EliteBook 8460p, 4 threads and 8 Gb RAM, can upgrade to 8 threads and 16 GB RAM. I run 4-10 Guests at a time. i7-2620M, SODIMM DDR3 (Guests referring to not the always active NetVM or ProxyVM.) On Wednesday, 4 April 2018 11:12:54 UTC+10, Ted Brenner wrote: > What do people recommend for CPU? With running a lot of VMs, it would seem > having a lot of cores could be helpful. Is that accurate? Or is that not > really necessary? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6165bedd-92ac-4185-a34d-ee036f068b99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: desktop recommendations?
On Wed, April 4, 2018 1:12 am, Ted Brenner wrote: > What do people recommend for CPU? With running a lot of VMs, it would > seem having a lot of cores could be helpful. Is that accurate? Or is that > not really necessary? It's nice to have but often usage patterns don't require it because you're only actively using one application at a time and the rest are idle. If you're the type who has a compile going in one qube, some video conversions in another, watching web video in another, etc. then there's no substitute for cores (and RAM and fast disk). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ebd06a1f719cbae19dbccb03bb43b560.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tor security - browsing/downloading over http
On Tue, April 3, 2018 11:42 pm, Giulio wrote: > Just a note, it all depends on your threat model. Be careful that most of > the solutions you explained have each very different implications: 1) Most > website with a login do have https. If they are hidden services they do > not need it as traffic does not go through an exit node. If none of the > above apply you could still use a VPN or a tunnel on top of tor but you > will loose some anonimity I think you're saying many otherwise HTTP only sites still use HTTPS for the login step (but not all)! > 3) Not using tor in order to download files prevent only man in the > middles attack coming from the tor network, your provider, your > neighbors, your dns server etc may still tricks you the same way. To jsnow's question on this, file modifications can be automated. The attacker could have a selection of files already modified, then watch for anyone trying to download it and substitute the poisoned one. Probably other ways to dynamically patch filetypes (like all .EXE for example) on the fly too. Check out "Quantum Insert". Tor helps here because it's much more difficult to target specific recipients for poisoned files, so they have to be sent to everyone who requests them which increases the likelihood they will get discovered. Of course, that's not the case if you're logging in to something. > As a general rule, mixing any of your tor activities with your non tor > activities do break the very purpose of tor, especially if you use the > same accounts in and out. My suggestion is to first try to understand > what the purpose of tor is and against which type of adversary you need > protection and then make your choices on that basis. What Giulio said. Sounds like the OP has a good understanding of the various weaknesses and trade-offs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/beceebd3874c8acc07bf44741deef8b1.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505S Coreboot
Among other suggestions, I added an 8-cell battery to my G505s. What kind of battery life are people getting with these? Mine seems hardly better than the OEM 4-cell. Just wondering if I got a bum battery or if the improvement isn't really that significant. Thanks again to everyone for helping me get my G505s up and going with coreboot and for all the useful info on recommended upgrades here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b9d5ae8-6650-47de-9de1-1d520e7b77d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whats the deal with kernels?
Yes, thank you. I have read that entire page, as well as a few other good resources: github.com/rtiangha/qubes-linux-kernel/blob/devel-4.14-hard/README.md github.com/0spinboson/qubes-doc/blob/patch-1/managing-os/compiling-your-own-kernel.md Im running into a problem right at the end. rpm --add-sign /home/user/*.rpm You must set "%_gpg_name" in your macro file I have made the missing file: ~/.rpmmarco %_signature gpg %_gpg_path /home/user/.gnupg %_gpg_name (b4892c28 / mypgp) I still get the error. Can I ignore this? Qubes-Builder docs suggests editing the builder.conf and changing NO_SIGN=1 but that doesnt exactly apply to kernels, does it? I dont need to sign my packages, do I? Im not sure if the compiler is failing at the rpm signing or if its ignoring and finished. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/78ad93c4-42f4-481a-860e-3baa5cafeae7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: desktop recommendations?
What do people recommend for CPU? With running a lot of VMs, it would seem having a lot of cores could be helpful. Is that accurate? Or is that not really necessary? On Sat, Mar 24, 2018 at 4:51 PM, cooloutac wrote: > On Friday, March 23, 2018 at 5:42:16 PM UTC-4, tai...@gmx.com wrote: > > On 03/22/2018 10:01 PM, cooloutac wrote: > > > > > also just wanted to say the other reason I suggest the legacy ps2 port > is if you plan to use usb 3.0 ports most boards route all the usb > controllers into one when 3.0 controller (xhci) is enabled. so you would > need to use the usb proxy and it would not be safe using a keyboard this > way. > > > > > > Although some mobos will let you manually route usb ports to specific > controllers. There is always two next to the ps2 port for keyboard and > mouse on separate controller if you are fine with disabling 3.0 and don't > want to use a ps2 adapter. > > Telling people to use PS/2 is dangerous advice as all your keystrokes > > are sent out via the ground wire, it is better to instead have two or > > more physically separate USB controllers. > > Oh here we go again... I"m just repeating what Joanna Rutkowska and the > devs of this very OS you are using have advised people to do. > > And what if people ant to use a sys-usb and a keyboard and mouse and don't > have two seperate usb controllers? And I believe USB keyboard is more > vulnerable, then someone listening to your ground wire lmao... > http://theinvisiblethings.blogspot.com/2011/06/usb- > security-challenges.html again this is why the free software movement is > never taken seriouslywow. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/d7496522-fc5b-4805-968f-5455872d11da%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Sent from my Desktop -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANKZutxXKZ%2BxHLQLY5cohzWvLYjH%3DmM3AiUyRB0i%2BOYmM6LWOg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cloudflare DNS-over-HTTPS in Qubes?
On 04/03/2018 03:16 PM, Dominique St-Pierre Boucher wrote: Hi, Is there a way to have a DNS proxy in the sys-net interface that try to use DNS-over-HTTPS at 1.1.1.1 (cloudflare) and if not working standard DNS with what was received by the DHCP. Is it possible Thanks Dominique See this thread "DNS propagation in Qubes": https://groups.google.com/d/msgid/qubes-users/9XVz-7viQEqd-6MPx8NvR4Fnk502VgBDJUYogFE056xaFr-k76ApY7WmEbi3oH6yQZQ7MEHbuqYbwCZInJ8LE9lysw_e3w8Dw93FrISL2hU%3D%40micahflee.com -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90c0ce94-5c64-775d-8279-705b5e514d11%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] X230 won't boot into Qubes after installing 4.0
Den søndag den 1. april 2018 kl. 10.53.43 UTC+2 skrev [ 799 ]: > Hello Andreas, > > > > Andreas Rasmussen schrieb am So., 1. Apr. 2018, > 10:44: > I tried to install Qubes 4.0 on my Lenovo Thinkpad X230. The install went > smoothly without having to do any work in the BIOS. > > > > However, upon reboot/startup I get the following error and then a black > screen. Any clues to how I should continue? > [...] > > > Check this here: > https://github.com/QubesOS/qubes-issues/issues/2841 > > > > I am unsure if iommu=no-igfx is the right option for the X230. > I would press "e" on boot and edit the grub prompt, let us know how it works > with changing the iommu-setting upon boot. > > > [799] Thank you so much for taking your time to reply. Your solution didn't work. In danish we have a term: "Errorcode 40". It means that the problem is sitting approximately 40 centimeters from the computer. That seems to be the case this time. I don't know what went wrong, but my solution was the following: - Remove the SSD from the x230 and connect it as an external drive to another laptop, do a full format. - Reconnect it to the x230 - Change bios-settings from "UEFI first" to "legacy only" - Install Ubuntu (with the mere hope that this would fix grub, which it did) - Install Qubes 4.0 I guess my primary problem was installing in uefi instead of legacy, but somehow during one of the first tries I've managed to destroy/delete something. I cannot tell you how or why, I wish I knew, but the solution posted above worked :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88399622-6bc0-42fd-b0f1-1ea2ff08121d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tor security - browsing/downloading over http
Just a note, it all depends on your threat model. Be careful that most of the solutions you explained have each very different implications: 1) Most website with a login do have https. If they are hidden services they do not need it as traffic does not go through an exit node. If none of the above apply you could still use a VPN or a tunnel on top of tor but you will loose some anonimity 2) Which type of files are you talking about? If we are not talking about executables (i hope not) then Qubes do have disposable vms which should prevent an attacker from accessing sensitive files or gaining persistance. Also even for attacking the disposable vm the attacker would need an exploit for a reader software (evince, libreoffice etc). 3) Not using tor in order to download files prevent only man in the middles attack coming from the tor network, your provider, your neighbors, your dns server etc may still tricks you the same way. As a general rule, mixing any of your tor activities with your non tor activities do break the very purpose of tor, especially if you use the same accounts in and out. My suggestion is to first try to understand what the purpose of tor is and against which type of adversary you need protection and then make your choices on that basis. Giulio On April 4, 2018 1:23:56 AM GMT+02:00, "js...@riseup.net" wrote: >Hi everyone, > >I've been thinking about ways i can increase security when using tor in >a whonix vm, and i had a few questions about the security risks of >browsing/downloading files over http. > >I've looked up some info about it and i know it presents a security >risk, but i don't really know what i'm talking about so i thought i'd >ask you guys. Please let me know if i'm wrong about anything here >(which >is likely!) Sorry this is so long! > >Anyways, let's say i want to use a site that doesn't use https (http >only) that i can do 3 things on: > >1. general browsing/reading content >2. download small files >3. log into an account, which is required to download large files > >I'm browsing the site in a relatively unsecure vm that i don't >necessarily care much about, but i'll probably want to move some of the >files to another vm to use elsewhere, or to a usb stick to transfer to >another machine. > >If i use the site over tor, the exit node operator can read all the >unencrypted traffic, and possibly maliciously modify files downloaded, >which is why it's recommended to always use https when possible over >tor. Qubes helps with this since i can do all my browsing on the site >in >a separate vm, but there's still a security risk especially if i >transfer files elsewhere. > >It seems to me that i basically have 4 options: > >1. Do everything over tor, including downloading files and logging into >the account. This is bad because the exit node operator can see my >username/password, and i don't think there's any way of really reducing >the risk from this. > >2. Browse the site and download small files (without logging in) over >tor, but use a non-tor VM to log into the account to download larger >files. This is better than option 1 because exit node operators never >see me log into the account, but still presents a security risk because >they can maliciously modify files i download. > >It seems to me that exit node operators doing something like this >(modifying files downloaded over http to compromise my vm) is something >that would have to be done manually, in real time, but please let me >know if i'm wrong about that! I also don't know how likely this is to >actually happen. > >But it seems to me that a way to reduce the risk here is to use the >"get >a new tor circuit" option right before downloading the file. That way >the new exit node operator would have not much warning/time to do >something bad before i download the file. Would that help? > >3. Do general browsing in tor, but download all files outside of tor. >This is better than option 2 from a security standpoint because i'm not >downloading files in a risky way over tor that will then be transfered >elsewhere, and if the vm i'm browsing the site in using tor gets >compromised, i don't really care. But it's a pain to have to switch to >a >non-tor vm every time to download a file (and i know it's recommended >not to have tor and non-tor connections to the same site at the same >time). > >4. Do everything on the site outside of tor because the site doesn't >support https. This is best from a security perspective, but worst from >a privacy/anonymity perspective because i can't use tor to browse the >site. > >If i really wanted to only use https over tor, i could enable the >"block >http connections" option in https everywhere, but couldn't this >increase >fingerprintability of browser since most tor users don't block http >connections? The same reason it's recommended not to use additional >browser plugins in tor browser. > >What do you guys think is the best way to go about it? Am i wrong about >anything
Re: [qubes-users] Re: Help with 4.0 transition from 3.2?
cooloutac: > On Tuesday, April 3, 2018 at 8:54:48 AM UTC-4, vel...@tutamail.com wrote: >> 7) It is my understanding that 4.0 introduces a remote admin functionhow >> do I confirm this is OFF and can never be turned on? > > 7. first I've heard of this got any links to exactly what you are referring? > I think they're talking about this? https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/ Not sure if that's been implemented yet tho. -Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6601056f-e89b-93e5-0a41-6aaeae34f108%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Tor security - browsing/downloading over http
Hi everyone, I've been thinking about ways i can increase security when using tor in a whonix vm, and i had a few questions about the security risks of browsing/downloading files over http. I've looked up some info about it and i know it presents a security risk, but i don't really know what i'm talking about so i thought i'd ask you guys. Please let me know if i'm wrong about anything here (which is likely!) Sorry this is so long! Anyways, let's say i want to use a site that doesn't use https (http only) that i can do 3 things on: 1. general browsing/reading content 2. download small files 3. log into an account, which is required to download large files I'm browsing the site in a relatively unsecure vm that i don't necessarily care much about, but i'll probably want to move some of the files to another vm to use elsewhere, or to a usb stick to transfer to another machine. If i use the site over tor, the exit node operator can read all the unencrypted traffic, and possibly maliciously modify files downloaded, which is why it's recommended to always use https when possible over tor. Qubes helps with this since i can do all my browsing on the site in a separate vm, but there's still a security risk especially if i transfer files elsewhere. It seems to me that i basically have 4 options: 1. Do everything over tor, including downloading files and logging into the account. This is bad because the exit node operator can see my username/password, and i don't think there's any way of really reducing the risk from this. 2. Browse the site and download small files (without logging in) over tor, but use a non-tor VM to log into the account to download larger files. This is better than option 1 because exit node operators never see me log into the account, but still presents a security risk because they can maliciously modify files i download. It seems to me that exit node operators doing something like this (modifying files downloaded over http to compromise my vm) is something that would have to be done manually, in real time, but please let me know if i'm wrong about that! I also don't know how likely this is to actually happen. But it seems to me that a way to reduce the risk here is to use the "get a new tor circuit" option right before downloading the file. That way the new exit node operator would have not much warning/time to do something bad before i download the file. Would that help? 3. Do general browsing in tor, but download all files outside of tor. This is better than option 2 from a security standpoint because i'm not downloading files in a risky way over tor that will then be transfered elsewhere, and if the vm i'm browsing the site in using tor gets compromised, i don't really care. But it's a pain to have to switch to a non-tor vm every time to download a file (and i know it's recommended not to have tor and non-tor connections to the same site at the same time). 4. Do everything on the site outside of tor because the site doesn't support https. This is best from a security perspective, but worst from a privacy/anonymity perspective because i can't use tor to browse the site. If i really wanted to only use https over tor, i could enable the "block http connections" option in https everywhere, but couldn't this increase fingerprintability of browser since most tor users don't block http connections? The same reason it's recommended not to use additional browser plugins in tor browser. What do you guys think is the best way to go about it? Am i wrong about anything here or missing something? I know this may be too long to read, sorry! -Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d12c7d6-4b38-4356-9f80-fa749db2280b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: network issues on R4.0
On Monday, April 2, 2018 at 3:19:30 AM UTC-4, yon...@gmail.com wrote: > I have multiple issue regarding network with R4.0 > > The main issue is that net-vm crashes after a long sleep. > It doesn't happen 100% of the time but many times coming back from sleep it > will be completely unresponsive and will have to be killed. > > Other times it will be responsive but will not be able to access the wifi > card unless rebooted. > > On top of all that if I change the network of a running disp vm to none and > than back to sys-firewall it will not be able to access the network. so if I > have a running disposable VMs when net-vm needs a restart they will not be > able to access the network after the restart I can't use sleep on my system either. in 3.2 it would be unstable I figured due to ssd.but in 4.0 i get the network not working either. Nowadays I can't rarely ever use sleep on a windows system either without instability or bad driver issues. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/473f3727-5ab1-4b85-b9c1-7343d98b5b9b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Cloudflare DNS-over-HTTPS in Qubes?
On Tuesday, April 3, 2018 at 3:16:54 PM UTC-4, Dominique St-Pierre Boucher wrote: > Hi, > > Is there a way to have a DNS proxy in the sys-net interface that try to use > DNS-over-HTTPS at 1.1.1.1 (cloudflare) and if not working standard DNS with > what was received by the DHCP. > > Is it possible > > Thanks > > Dominique Not sure what you are trying to do but yes I believe so. You can just make a whole nother separate custom proxyvm separate from sys-firewall. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90254167-8421-473c-b40a-5ad5c8c19f57%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Quebes and whonix
On Tuesday, April 3, 2018 at 3:17:59 PM UTC-4, Black Beard wrote: > Jear, > > sounds hear really cool. This community is really nice and helpful. Thanks > for this. 👍🙂 > > Okay, i will make a backup tommorow and will install Quebes. 👍✌ > > Windows will come into virtualbox. Iam a Linux Newbie. Can someone recommend > some good sites or Videos to install Quebes Os correctly? > > For Linux i need a swap and home partition. Which sizes are good for that? > Are 40 GB enough for the Swap partion? > > Thanks for our tipps and feedbacks. Look at instructions for how to install fedora, and it is very similar. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/012bdbc4-a1e0-46f6-83d5-4a56a7db0619%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whats the deal with kernels?
On Monday, April 2, 2018 at 10:42:14 PM UTC-4, sevas wrote: > Ive been looking at kernel compiling. Ive amounted certain information, > but not enough. > > I see 3 git repos with kernels: qubes-linux-kernel, rtiangha and fepitre. > > I know I can change versions with $ git checkout *version* > > I also know that I can download the sources and build them and I would > preferably > edit a .config file to edit my options and hardware. > > What I need to know: > -how to use the gen-config file. > -whats the difference between the config-base, config-qubes and > config-qubes-minimal? (well the minimal part is obvious) > -I can edit one of these config files to build with my kernel, correct? > -I have built a .config using the '$ make oldconfig' command and it was a > nightmare. The most effective way to configure a .config is to use '$ make > menuconfig' correct? A good balance between my time and control? > -Is there a convenient way to merge an existing .config with the qubes > .config? > > Any other tips? > Is there a qubes doc on this? https://groups.google.com/forum/#!topic/qubes-users/yBeUJPwKwHM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b72b1d86-afeb-4972-8eaa-59c3b2f77bc4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whats the deal with kernels?
On Monday, April 2, 2018 at 10:42:14 PM UTC-4, sevas wrote: > Ive been looking at kernel compiling. Ive amounted certain information, > but not enough. > > I see 3 git repos with kernels: qubes-linux-kernel, rtiangha and fepitre. > > I know I can change versions with $ git checkout *version* > > I also know that I can download the sources and build them and I would > preferably > edit a .config file to edit my options and hardware. > > What I need to know: > -how to use the gen-config file. > -whats the difference between the config-base, config-qubes and > config-qubes-minimal? (well the minimal part is obvious) > -I can edit one of these config files to build with my kernel, correct? > -I have built a .config using the '$ make oldconfig' command and it was a > nightmare. The most effective way to configure a .config is to use '$ make > menuconfig' correct? A good balance between my time and control? > -Is there a convenient way to merge an existing .config with the qubes > .config? > > Any other tips? > Is there a qubes doc on this? Search the mailing list for Reg Tiangha I forget how to spell the last name, or building qubes kernel till you see his thread. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0221589c-585b-4296-89ec-972da2c9ee21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Options for securing /boot
On Tuesday, April 3, 2018 at 4:24:21 AM UTC-4, tai...@gmx.com wrote: > On 04/02/2018 09:32 PM, cooloutac wrote: > > > On Monday, April 2, 2018 at 3:43:50 PM UTC-4, tai...@gmx.com wrote: > >> On 09/08/2017 07:12 AM, Leo Gaspard wrote: > >> > >>> Just a datapoint: secure boot is *not* microsoft-controlled (unless you > >>> assume the manufacturer put in some kind of backdoor, in which case > >>> you're screwed anyway). > >> Yes it is microsoft controlled, they're the ones who made the standard > >> and conveniently left out the owner controlled mandate in sb 2.0 once > >> the attention died down. > >> It will eventually be used to prevent people from running linux all > >> together at least your own linux not one that is approved by red hat. > > Where are these boards. I've never seen one that doesnt' let you shut it > > off or use your own keys? > The MS ARM "Windows RT" tablets for one - with those they test the waters. > SB 2.0 leaves out the owner control mandate - go examine the specs and > see for yourself. > > Smartphones were actually the first area the walled garden was tested on. > I am old enough to remember the PalmOS era when installing apps on a > smartphone was the same as the average win32 model of downloading > something off the internet not a walled garden app store - folks like > apple/ms have the masses convinced that it has always been a walled > garden but that is not the case. > > Time will tell, but right now as Richard Stallman thinks "its failed its > > intended purpose" > This is a slow burn effort - doing it all at once straight away would > lead to protest. > > and Why Red Hat? > Red hat controls linux and is microsoft friendly - because their > developers control many critical linux programs they ARE a modern > desktop linux. Why do you think so distros suddenly adopted systemd > against the opinions of their users? or why so many core programs now > require red hat controlled systemd? (like gnome and udev) > Red hat accepted "secure" boot and got a grub and kernel signed by MS - > such an action is a betrayal. > > Soon you will not even be able run the apps you please on the average > store bought computer enforcing a MS monopoly where they get a cut of > every app sale. > MS says "Windows 10 S is not well-suited for many app > developers/hackers, admins & IT pro's!" > How do you create the next generation of those? They ALL learn on their > parents computer not some "developer edition" which not even wealthy > parents buy their children. > Windows S, a locked down walled garden PC is the future of computing. tablets and phones? I'd have to see it to believe it. Qubes is a beast for a beastly desktop. it got me back into building them lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e5cb0dd0-95f6-4105-9fbf-2c3aff9f63b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Upgrade from RC3 to final release
On Tuesday, April 3, 2018 at 4:39:42 PM UTC-4, awokd wrote: > On Tue, April 3, 2018 8:44 am, kotot...@gmail.com wrote: > > > > [MIRROR] qubes-release-4.0-0.4.noarch.rpm: Curl error (7): Couldn't > > connect to server for > > http://yum.qubes-os.org/r4.0/current/dom0/fc25/rpm/qubes-release-4.0-0.4. > > noarch.rpm [Failed to connect to yum.qubes-os.org port 80: Connection > > refused] [FAILED] qubes-release-4.0-0.4.noarch.rpm: No more mirrors to try > > - All mirrors were already tried without success > > https://github.com/QubesOS/qubes-issues/issues/3737#issuecomment-376348366 I saw that link when I had similar problems but could not find that file on my system. might of had something to do with the fact i chose to use whonix to install dom0 and templates from. so I ended up reinstalling without that option after realizing fedora wouldn't update with whonix. Instead rom qubes manager after install selecting global settings and set default update vm as sys-whonix. Doing it that way doesn't seem to have any errors but only dom0 uses sys-whonix not fedora or debian. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/765a14a9-8202-49bf-b9a0-603794a0230a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Qubes 4.0] Debian 9 unusable
On Tuesday, April 3, 2018 at 4:48:41 PM UTC-4, awokd wrote: > On Tue, April 3, 2018 4:22 pm, schwoerera...@gmail.com wrote: > > Le mardi 3 avril 2018 03:13:29 UTC+2, awokd a écrit : > > > >> On Mon, April 2, 2018 3:34 pm, FerFrc via qubes-users wrote: > >> > >>> Le lundi 2 avril 2018 10:38:04 UTC+2, awokd a écrit : > >>> > >>> > On Sun, April 1, 2018 6:45 pm, schwoerera...@gmail.com wrote: > > > > Hello all. > > I was on Qubes 3.2 and I've switched of Qubes 4.0 but I have some > > problems : In fact, I can't use and update/upgrade Debian 9. > > > >> > >>> > >>> Hello, I'm using Debian 9 template that came with Qubes 4.0. > >>> > >> > >> Need more details. Is your network working? What happens when you try > >> to upgrade, etc. > > > > My network worked. > > When I tried to update, Debian 9 didn't work, impossible to run a > > terminal, and it did nothing when I clicked on "update the VM" by the VM > > Manager. > > That's the problem I was having with the restored R3.2 templates. In dom0, > try "dnf list installed qubes-template-debian-9" and check the version. > Mine says 4.0.0-201803270258. you definitely would run into problems restoring default template names in 3.2. maybe the same in 4.0 probably. Give it a cloned name first. But in my upgrade to 4.0 i didnt' restore any templates at all. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65b21dba-934a-4707-ade9-7c71bfe33e56%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Help with 4.0 transition from 3.2?
On Tuesday, April 3, 2018 at 8:54:48 AM UTC-4, vel...@tutamail.com wrote: > I recently transitioned to the new 4.0thank you Qubes Developers and > Community for the effort and help. I really appreciate the better security. > > I managed to get 4.0 installed however I am having some challenges and > concerns: > > 1) I am getting numerous ACPI erros when I boot? 4.0 seems to boot, I can > login and function but I am concerned. Is this a concern? I didn't get these > errors when booting 3.2. > > 2) I used to be able to download a .iso file, keep it in a VM and boot it > from another VM. 3.2 even had a "Boot from .iso" function. I managed to get > this working with 4.0 but it is extremely slow and sometimes doesn't work. > Was the boot from .iso functionality removed? > > 3) I am struggling with customizing the DVMs. Specifically I can't delete a > DVM. I tried the steps on this link: > https://www.qubes-os.org/doc/dispvm-customization/ but it just didn't delete. > Are there other instructions available? Maybe some one is willing to post > there steps/commands? > > 4) I am unsure how to add a wireless printer into a DVM? I either can't > install the driver i.e. Do I install software into e.g. Print-dvm(based on > Debian-9-Gnome), Debian-9-Gnome Template, other? > > 5) Could be related to 4) above but I have been unable to get my printer to > even provide an error(possible networking issue). In 3.2 I would add the > printer to the Debian-9-Gnome template and then generate a new "DVM" > > 6) When I attempt to update Dom0 after install I get the pop-up from Dom0 > that something is happening, I get the "green update" window(similar to 3.2) > but then it just stops...no message about "No updates needed" or any > response. Is my Dom0 up-to-date? > > 7) It is my understanding that 4.0 introduces a remote admin functionhow > do I confirm this is OFF and can never be turned on? > > Please understand this is by no means critism...I truly do appreciate the new > version and sense it is more secure with the PVH default and with the new > code that is under the hood. > > Some things that worked well: > * VPN by Tasket works great. > * Love the clean and updated Debian/Fedora templates > * Ability to swap templates and a VM and get the new programs refreshed > * The potential of multiple DVMs and additional drop downs beyond just Firefox > > Any help with my questions above would be greatly appreciated and I would be > happy to summarize the instructions for users having similar challenges now > or going forward. > > Thanks again for the effort, 1. what acpi errors? what they say? 2. dunno, no idea, maye for security purposes? 3. I only can't delete the default dvms. Make sure no other vms are using them as netvm first.I can delete any custom ones I create though np. 4. install and run system-config-printer on the template you are using for the dvm templateyou wish to use for printing. the main template. It is much more confusing its like an extra template. not the one that says dvm, the black colored one. in 4.0 Temporary allow it network access first from qubes manager or qubes-prefs by giving it a network vm first. 6. try update from dom0 terminal and see wha it says. 7. first I've heard of this got any links to exactly what you are referring? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ef36e92-ce65-43fb-9a28-12420e4773f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Help with 4.0 transition from 3.2?
On Tue, April 3, 2018 12:54 pm, vel...@tutamail.com wrote: > > 4) I am unsure how to add a wireless printer into a DVM? I either can't > install the driver i.e. Do I install software into e.g. Print-dvm(based > on Debian-9-Gnome), Debian-9-Gnome Template, other? Probably Debian-9-Gnome. > 5) Could be related to 4) above but I have been unable to get my printer > to even provide an error(possible networking issue). In 3.2 I would add > the printer to the Debian-9-Gnome template and then generate a new > "DVM" Try it from the DVM. > 6) When I attempt to update Dom0 after install I get the pop-up from Dom0 > that something is happening, I get the "green update" window(similar to > 3.2) but then it just stops...no message about "No updates needed" or any > response. Is my Dom0 up-to-date? Use command line instead- "sudo qubes-dom0-update". Not sure on the others, have you tried searching https://github.com/QubesOS/qubes-issues/issues ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23d271984d9e7dca864c40c466c93f44.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Quebes and whonix
On Tue, April 3, 2018 7:17 pm, Black Beard wrote: > Jear, > > > sounds hear really cool. This community is really nice and helpful. > Thanks for this. 👍🙂 > > > Okay, i will make a backup tommorow and will install Quebes. 👍✌ > > > Windows will come into virtualbox. Iam a Linux Newbie. Can someone > recommend some good sites or Videos to install Quebes Os correctly? > > For Linux i need a swap and home partition. Which sizes are good for > that? Are 40 GB enough for the Swap partion? If you want to erase everything on your drive, Qubes is usually easy to install. You don't need to specify sizes then. Use automatic partitioning, look for the "make additional space available" and tell it to erase everything. Windows 10 will be gone! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4fb836ae9fc9699ef351bbbe9fd71cea.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Qubes 4.0] Debian 9 unusable
On Tue, April 3, 2018 4:22 pm, schwoerera...@gmail.com wrote: > Le mardi 3 avril 2018 03:13:29 UTC+2, awokd a écrit : > >> On Mon, April 2, 2018 3:34 pm, FerFrc via qubes-users wrote: >> >>> Le lundi 2 avril 2018 10:38:04 UTC+2, awokd a écrit : >>> >>> On Sun, April 1, 2018 6:45 pm, schwoerera...@gmail.com wrote: > Hello all. > I was on Qubes 3.2 and I've switched of Qubes 4.0 but I have some > problems : In fact, I can't use and update/upgrade Debian 9. > >> >>> >>> Hello, I'm using Debian 9 template that came with Qubes 4.0. >>> >> >> Need more details. Is your network working? What happens when you try >> to upgrade, etc. > > My network worked. > When I tried to update, Debian 9 didn't work, impossible to run a > terminal, and it did nothing when I clicked on "update the VM" by the VM > Manager. That's the problem I was having with the restored R3.2 templates. In dom0, try "dnf list installed qubes-template-debian-9" and check the version. Mine says 4.0.0-201803270258. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e312b2ce5fd81f0d21ad128930e2dbf.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Upgrade from RC3 to final release
On Tue, April 3, 2018 8:44 am, kotot...@gmail.com wrote: > [MIRROR] qubes-release-4.0-0.4.noarch.rpm: Curl error (7): Couldn't > connect to server for > http://yum.qubes-os.org/r4.0/current/dom0/fc25/rpm/qubes-release-4.0-0.4. > noarch.rpm [Failed to connect to yum.qubes-os.org port 80: Connection > refused] [FAILED] qubes-release-4.0-0.4.noarch.rpm: No more mirrors to try > - All mirrors were already tried without success https://github.com/QubesOS/qubes-issues/issues/3737#issuecomment-376348366 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/30a58729cedba5ed08ab9647b107cce1.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Quebes and whonix
Hey, i found all informations on the main site. But sometimes it can be, that someone have outher good sites. Cao -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/deeb66b3-09c6-4c63-a782-c08b5a5b5062%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Quebes and whonix
Jear, sounds hear really cool. This community is really nice and helpful. Thanks for this. 👍🙂 Okay, i will make a backup tommorow and will install Quebes. 👍✌ Windows will come into virtualbox. Iam a Linux Newbie. Can someone recommend some good sites or Videos to install Quebes Os correctly? For Linux i need a swap and home partition. Which sizes are good for that? Are 40 GB enough for the Swap partion? Thanks for our tipps and feedbacks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d034854c-0ff3-4f94-8886-eb01a2121324%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Cloudflare DNS-over-HTTPS in Qubes?
Hi, Is there a way to have a DNS proxy in the sys-net interface that try to use DNS-over-HTTPS at 1.1.1.1 (cloudflare) and if not working standard DNS with what was received by the DHCP. Is it possible Thanks Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/69f2a4e5-54fe-48e4-8c99-d85c3e52d238%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Qubes 4.0] Debian 9 unusable
Le mardi 3 avril 2018 03:13:29 UTC+2, awokd a écrit : > On Mon, April 2, 2018 3:34 pm, FerFrc via qubes-users wrote: > > Le lundi 2 avril 2018 10:38:04 UTC+2, awokd a écrit : > > > >> On Sun, April 1, 2018 6:45 pm, schwoerera...@gmail.com wrote: > >> > >>> Hello all. > >>> I was on Qubes 3.2 and I've switched of Qubes 4.0 but I have some > >>> problems : > >>> In fact, I can't use and update/upgrade Debian 9. > > > > > Hello, I'm using Debian 9 template that came with Qubes 4.0. > > Need more details. Is your network working? What happens when you try to > upgrade, etc. My network worked. When I tried to update, Debian 9 didn't work, impossible to run a terminal, and it did nothing when I clicked on "update the VM" by the VM Manager. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2a28e8e-fa9f-4daf-a8e6-1021916f10f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Help with 4.0 transition from 3.2?
I recently transitioned to the new 4.0thank you Qubes Developers and Community for the effort and help. I really appreciate the better security. I managed to get 4.0 installed however I am having some challenges and concerns: 1) I am getting numerous ACPI erros when I boot? 4.0 seems to boot, I can login and function but I am concerned. Is this a concern? I didn't get these errors when booting 3.2. 2) I used to be able to download a .iso file, keep it in a VM and boot it from another VM. 3.2 even had a "Boot from .iso" function. I managed to get this working with 4.0 but it is extremely slow and sometimes doesn't work. Was the boot from .iso functionality removed? 3) I am struggling with customizing the DVMs. Specifically I can't delete a DVM. I tried the steps on this link: https://www.qubes-os.org/doc/dispvm-customization/ but it just didn't delete. Are there other instructions available? Maybe some one is willing to post there steps/commands? 4) I am unsure how to add a wireless printer into a DVM? I either can't install the driver i.e. Do I install software into e.g. Print-dvm(based on Debian-9-Gnome), Debian-9-Gnome Template, other? 5) Could be related to 4) above but I have been unable to get my printer to even provide an error(possible networking issue). In 3.2 I would add the printer to the Debian-9-Gnome template and then generate a new "DVM" 6) When I attempt to update Dom0 after install I get the pop-up from Dom0 that something is happening, I get the "green update" window(similar to 3.2) but then it just stops...no message about "No updates needed" or any response. Is my Dom0 up-to-date? 7) It is my understanding that 4.0 introduces a remote admin functionhow do I confirm this is OFF and can never be turned on? Please understand this is by no means critism...I truly do appreciate the new version and sense it is more secure with the PVH default and with the new code that is under the hood. Some things that worked well: * VPN by Tasket works great. * Love the clean and updated Debian/Fedora templates * Ability to swap templates and a VM and get the new programs refreshed * The potential of multiple DVMs and additional drop downs beyond just Firefox Any help with my questions above would be greatly appreciated and I would be happy to summarize the instructions for users having similar challenges now or going forward. Thanks again for the effort, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1b39fdf-44f1-43b2-a1ca-31ddc085e557%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Upgrade from RC3 to final release
I used RC3 and always update from stable repo, never from testing. Do I have now the good repos in yum? I think I have outdated yum repos and cannot update to final. Can somebody paste the content of its /etc/yum.repos.d/qubes-dom0.repo file? How am I supposed to ugprade to the final candidate? UpdateVM to download updates for Dom0; this may take some time... Last metadata expiration check: 0:28:30 ago on Tue Apr 3 10:07:04 2018. Dependencies resolved. Package Arch VersionRepositorySize Reinstalling: qubes-release noarch 4.0-0.4qubes-dom0-current50 k Transaction Summary Total download size: 50 k DNF will only download packages for the transaction. Downloading Packages: [MIRROR] qubes-release-4.0-0.4.noarch.rpm: Curl error (7): Couldn't connect to server for http://yum.qubes-os.org/r4.0/current/dom0/fc25/rpm/qubes-release-4.0-0.4.noarch.rpm [Failed to connect to yum.qubes-os.org port 80: Connection refused] [FAILED] qubes-release-4.0-0.4.noarch.rpm: No more mirrors to try - All mirrors were already tried without success The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: Error downloading packages: Cannot download rpm/qubes-release-4.0-0.4.noarch.rpm: All mirrors were tried [user@dom0 ~]$ ls /etc/yum.repos.d/ fedora.repo fedora-updates.repo qubes-dom0.repo qubes-templates.repo [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing Using sys-net as UpdateVM to download updates for Dom0; this may take some time... Failed to synchronize cache for repo 'qubes-dom0-current', disabling. Failed to synchronize cache for repo 'qubes-dom0-current-testing', disabling. Last metadata expiration check: 0:32:26 ago on Tue Apr 3 10:07:04 2018. Dependencies resolved. Nothing to do. Complete! No packages downloaded Qubes OS Repository for Dom0 108 MB/s | 244 kB 00:00 [user@dom0 ~]$ sudo qubes-dom0-update Using sys-net as UpdateVM to download updates for Dom0; this may take some time... Last metadata expiration check: 0:32:37 ago on Tue Apr 3 10:07:04 2018. Dependencies resolved. Nothing to do. Complete! No packages downloaded Qubes OS Repository for Dom0 112 MB/s | 244 kB 00:00 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54e64a8d-6c3b-4abc-b59b-f16365fdeefc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Options for securing /boot
On 04/02/2018 09:32 PM, cooloutac wrote: > On Monday, April 2, 2018 at 3:43:50 PM UTC-4, tai...@gmx.com wrote: >> On 09/08/2017 07:12 AM, Leo Gaspard wrote: >> >>> Just a datapoint: secure boot is *not* microsoft-controlled (unless you >>> assume the manufacturer put in some kind of backdoor, in which case >>> you're screwed anyway). >> Yes it is microsoft controlled, they're the ones who made the standard >> and conveniently left out the owner controlled mandate in sb 2.0 once >> the attention died down. >> It will eventually be used to prevent people from running linux all >> together at least your own linux not one that is approved by red hat. > Where are these boards. I've never seen one that doesnt' let you shut it off > or use your own keys? The MS ARM "Windows RT" tablets for one - with those they test the waters. SB 2.0 leaves out the owner control mandate - go examine the specs and see for yourself. Smartphones were actually the first area the walled garden was tested on. I am old enough to remember the PalmOS era when installing apps on a smartphone was the same as the average win32 model of downloading something off the internet not a walled garden app store - folks like apple/ms have the masses convinced that it has always been a walled garden but that is not the case. > Time will tell, but right now as Richard Stallman thinks "its failed its > intended purpose" This is a slow burn effort - doing it all at once straight away would lead to protest. > and Why Red Hat? Red hat controls linux and is microsoft friendly - because their developers control many critical linux programs they ARE a modern desktop linux. Why do you think so distros suddenly adopted systemd against the opinions of their users? or why so many core programs now require red hat controlled systemd? (like gnome and udev) Red hat accepted "secure" boot and got a grub and kernel signed by MS - such an action is a betrayal. Soon you will not even be able run the apps you please on the average store bought computer enforcing a MS monopoly where they get a cut of every app sale. MS says "Windows 10 S is not well-suited for many app developers/hackers, admins & IT pro's!" How do you create the next generation of those? They ALL learn on their parents computer not some "developer edition" which not even wealthy parents buy their children. Windows S, a locked down walled garden PC is the future of computing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b78210fd-9edf-d31b-6654-546770ec427c%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys
Re: [qubes-users] Whats the deal with kernels?
On 04/02/2018 10:25 PM, sevas wrote: > -how to use the gen-config file. gen config as in general, most of the options enabled for a general PC. > -whats the difference between the config-base, config-qubes and > config-qubes-minimal? (well the minimal part is obvious) Base for a regular kernel, qubes for a qubes kernel. > -I can edit one of these config files to build with my kernel, correct? Yeah. > -I have built a .config using the '$ make oldconfig' command and it was a > nightmare. Which is why its called oldconfig :P > The most effective way to configure a .config is to use '$ make menuconfig' > correct? A good balance between my time and control? Yeah you get all the same stuff only in a nice ncurses graphical menu. Honestly I don't really see a reason to compile a kernel but not compile anything else unless for instance you want a bleeding edge feature or you want to disable some lame shit like IPv6. I hope some day qubes will have an easy-compile system like gentoo so one can compile the base distro and all updates from source when downloaded for maximum security. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2a5b904-f44f-3893-2cd9-f00621ffabbb%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys
Re: [qubes-users] network issues on R4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/02/2018 09:19 AM, yon...@gmail.com wrote: > I have multiple issue regarding network with R4.0 > > The main issue is that net-vm crashes after a long sleep. It > doesn't happen 100% of the time but many times coming back from > sleep it will be completely unresponsive and will have to be > killed. > > Other times it will be responsive but will not be able to access > the wifi card unless rebooted. > > On top of all that if I change the network of a running disp vm to > none and than back to sys-firewall it will not be able to access > the network. so if I have a running disposable VMs when net-vm > needs a restart they will not be able to access the network after > the restart > You probably have hit by several bugs, including this one: https://github.com/QubesOS/qubes-issues/issues/3657 - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlrDNQcACgkQGjNaC1SP N2Tf4g/+NUgoOgwflddoYyUqpsDXYDodzj5CzoySQboLkJi0/VnzAd9ReZmWREgt h1BgS7SVAXrOGBEbHS9SB/+kGNKRVaYvyrLF8HyUoeuoMz8yXeji9fyzMuZIHBRK KX+SRu9lKPtPKjOU4cjzrMsWB2Zdt0vJKxqrybLHyjEPbAyQIvcroJn7jtZMEUls V53tyXNH5d4yipe4Q+Y2DtTkMIkAOf22f2U7dDa3lhL1Ngj4gZbBMbvYMERZIttK ZuEM5P8+3f3iQnqyecrgO8rkSe8ffhB6TZLh0ma8GPONFVYclYLEw5hBaFGLo3lg kwyB537JSncklUZCSMkOcXl25ln7dGp+ioqvxkiFgw9f2JU3ThZvSEQhZTtaxad/ S99NBV3q1BD5GpXTS5v9fbVqoMUP6j3mVFDogaIrK0yTjL3UpUEDpz3xl3S8UI/F nizocNb++Yp32WJe01IBj8DGUIRZ0536QQSrFsHAQAxWJ/uSoN3WkklPdqZJPQWs 6rI8LHGKJ2NTV/TDDnsV4i9UXlvMfMgTxGi9urSncE6cTA4fEcJicaHWGFH1EOXx LjY8xtDmHNlz48SvwJRGkgGpDKD5vFIsc22YnA5lSC9sUKGyh96oE6wXxNlVJpBX VqGnpWqC2TqTO3dHCJW6BF4/UiW27fSgAry8iiuaYnS1corqqyo= =7y7s -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e8b01b5-3a31-708d-5929-efea93b75f2b%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
