Re: [qubes-users] Re: Broadcom wireless driver issue.

[Ivan Ivanov]

22 Feb 2019 at 20:11,  wrote:
>
> I have the same wireless chipset BCM4331 and just got it working.
>

Thank you for sharing your solution. Hope you understand that Broadcom
chips require the closed source binaries at firmware/drivers which
could contain the backdoors - and that is why they are not working
out-of-the-box (because this closed source stuff is a potential
security risk it is rarely preinstalled at distros). Personally I
think you should try your best to switch to a better card, e.g.
something from Atheros ath9k family - they are working with both open
source drivers and firmware , and there are good cards like AR9462
which support 2.4GHz/5GHz and 300Mbps

Best regards,
qmastery

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAaskFDBiCFypwHBmswRVk9ksPcE_%3D8kdjnMoNLAbWJO0iOhig%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [In]Valid Concerns Regarding Integrity of Whonix Project

['awokd' via qubes-users]

cooloutac:


The reason why I say privacy and anonymity are two diff things.  And way apart 
from security. is For example if I log into a facebook .onion site.  Its still 
my identity.  All that information about you is still being sold to ad 
agencies.  Governments are still watching it.   The only benefit I can see, is 
again,   people hiding their location for fear of their life or imprisonment.


You listed one of the more common Tor benefits in your own paragraph- 
many people also use it for every day browsing to avoid most of that 
commercial information gathering and resale.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef33d7fd-cd90-3a80-ab6a-2d45925a1bbb%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

[Patrick Schleizer]

Reminds me, would be good to have OpenPGP signed websites all over the
internet. Unfortunately there is no project working towards it.

https://www.whonix.org/wiki/Dev/OpenPGP_Signed_Website

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d931f65-c1ba-3d8b-f510-9d38dfb82802%40whonix.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

[Patrick Schleizer]

cooloutac:
> The reason why I say privacy and anonymity are two diff things.  And way 
> apart from security. is For example if I log into a facebook .onion site.  
> Its still my identity.  All that information about you is still being sold to 
> ad agencies.  Governments are still watching it.   The only benefit I can 
> see, is again,   people hiding their location for fear of their life or 
> imprisonment.

Alternative end-to-end encryption without TLS certificate authorities
involved.

> And actually be using it you are using up bandwidth those people could be 
> using, just to feel special.

Citation required.

At no point Tor Project had the position that people should limit
themselves if possible, except for Bittorrent traffic. On the contrary.
They welcome Tor adaption.

See PDF:

Anonymity Loves Company: Usability and the Network Effect

By Roger Dingledine and Nick Mathewson (Tor founders and core developers)

https://freehaven.net/anonbib/cache/usability:weis2006.pdf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4164f23b-06e2-e284-9f4e-dde38ea93ead%40whonix.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Dom0 upgrade and reinstallation packages

[cooloutac]

On Thursday, February 21, 2019 at 7:40:06 PM UTC-5, Andrzej Andrzej wrote:
> Hi, I'm asking you to make sure, I do not want broke anything. I made dom0 
> updates a few days ago (two days) via the command line. After running 
> qubes-dom0-update it downloaded packages and updated eg qubes core and a few 
> other packages, but for example packages related to anaconda and a few others 
> just downloaded and did not update them, leaving them in the field for 
> reinstallation. Certainly you also had this after the last updates dom0. What 
> should I do? Command with dnf system-upgrade reboot?

Do you have any other repositories enabled.  like testing,  security?   I 
vaguely remember something like this happening to me.  Have you tried to update 
again?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90f5d49f-6147-4010-9c60-dc6a8937ca00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

[cooloutac]

and it would still require alot more discipline and restraint not to post 
exposing information about yourself online,  that would defeat the purpose of 
using something like facebook or twitter imno.Again not something I could 
see practical for daily life.   Are there propagandists  and government agents 
on these sites.  Of course,  but even they have a separate personal digital 
life somewhere.The world is getting faker by the minute,  we don't need 
more fakes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8db1a24d-a13a-457c-980e-9ec3043e09e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

[cooloutac]

On Wednesday, February 20, 2019 at 4:17:45 AM UTC-5, qube...@tutanota.com wrote:
> I trust Whonix  the same as I trust Qubes and TAILS, or Debian, Fedora, Xen. 
> I don't have enough intelligence, that would convince me otherwise. And I do 
> research quite often when periodically adjusting my FMECA. Which is just a 
> professional deformation. 
> Every project, however secret, secure, top notch it seems to be, is 
> vulnerable this or that way, and will always remain so. Some of the attacks 
> are common, some are specific. Once old attacks are covered, new emerge. That 
> is life. Disregard a project, only because one of the emerging attacks, is 
> pathetic (I know not your case, you have different reasons mentioned), as 
> this attack (ausie law like, or malicious dev) is possible for every other 
> project too, including your refrigerator, assembled on the production line 
> with malicious guy, willing to do evil. Living somewhere in cave is not a 
> solution.
> 
> Interestingly I don't have much problem with Whonix in Qubes, and I like it 
> very much. Working very well. I use it on daily basis as my primary template 
> in Qubes, for my company management, email, chat, browsing, research, and 
> privately as well, because I believe that anonymity is a very strong security 
> attitude to thread mitigation, even I understand well the limitations of Tor 
> and Whonix as well. They are clear about what they can do and what not. Are 
> they a magical wand, solving all problems of the world? No, and they don't 
> claim that.
> Most of the time I try to prefer connections to .onion websites rather than 
> clearnet, because I don't see any benefit from exposing myself to 
> surveillance capitalism. I like v3 onions, and prefer to use it wherever 
> possible. I love to see myself as a person, not as a product. When chatting 
> on XMPP with OTR I use .onion server for my identity and ask the other site 
> to do the same, as I don't see any benefit using clernet server. Tor allows 
> me to mitigate some risks, and of course opening me to another ones. This 
> comparison is still putting the weight *for-tor-whonix-in-qubes*. Others may 
> have it different, depending on ones OPSEC and ones willingness to give 
> his/her life away for free to any random observer. 
> 
> I hope Whonix will go on further with their excellent job, same as Qubes or 
> TAILS or Torproject. 
> 
> I would just stress out the importance to include the high-risk, high-impact 
> emerging threads into their thread model and try to mitigate these risks same 
> way, as other risks included there already - recognized. If you set up your 
> bullet-proof environment and than by crossing a nation border just breaks it 
> down by one simple question of the officer, than resistance of your security 
> setup is extremely weak and breakable any time. More and more states will go 
> on with this attacks in the near future. Australia is only the first one to 
> make it so clear. There are tools and ways available for mitigation, for 
> Plausible Deniability for example, like Hidden Operating System, Hidden 
> Volumes, but are not included in the standard package of the projects yet. If 
> I was a programmer, I would sure contribute, but I am not. And so the only 
> point is to mention it, and try to stress it enough, to motivate people with 
> skill-set to contribute for all of us.
> 
> 
> 
> 
> Feb 20, 2019, 6:15 AM by raahe...@gmail.com:
> 
> > I read that whonix thread.  Still not sure why whonix doesn't have a 
> > canary.  What could it hurt?  Any aspect of the project could be 
> > compromised for any reason.   Thats the same as people saying I have 
> > nothing to hide so why worry.  In the other thread Patrick says US laws 
> > affect all countries.
> >
> > And don't feel bad.  Patrick banned me from the forums too once a long 
> > while ago.  I told him I'd never post there again and never did. lol.
> >
> > I was constantly having issues with whonix.   You are a target just for 
> > using it.  You really have to pay attention when you are updating it.
> >
> > Sill never understood why the user qubes-whonix left the project in 
> > flamboyant fashion claiming it was just a "cool experiment" and its 
> > "security was not taken seriously" ...
> >
> > I stopped using whonix after the annoying clock issue.  And then couldn't 
> > be troubled to install the latest version and just removed it instead. 
> >
> > I'm sure it has its purposes and some people need it.  But I don't.  The 
> > websites I use qubes for ban tor or it just has no benefit.  Anonymity is 
> > different then privacy.
> >
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to > qubes-users+unsubscr...@googlegroups.com 
> > > .
> > To post to this group, send email to > qubes-users@google

[qubes-users] Re: Best ideal laptop for Qubes?

[cooloutac]

https://www.qubes-os.org/doc/hcl/command to test if vt-d is supported.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6e5febd-c5f4-4edc-9874-45c1abfa2087%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Best ideal laptop for Qubes?

[cooloutac]

On Wednesday, February 20, 2019 at 7:49:27 PM UTC-5, dexint...@gmail.com wrote:
> I've been spending hours and hours looking at laptop configs from dell to 
> lenovo and I still have yet to make a decision. I'm hoping you guys can help 
> me. 
> 
> Uses:
> 
> - Programming
> - Web Dev
> - Tor
> - Screen real estate
> - Regular web surfing and videos
> - Some video and photo editing but I have a PC for that 
> 
> I'd like to keep cost as low as possible but my budget is very flexible if I 
> need to stretch it. I want something that will last me 3-5 years.

The most important thing, in terms of Qubes,  is the hardware specifications 
and if it supports all the proper qubes security features.

https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ 

"Of course, to be compatible with Qubes OS, the BIOS must properly expose all 
the VT-x, VT-d, and SLAT functionality that the underlying hardware offers (and 
which we require). Among other things, this implies proper DMAR ACPI table 
construction." 

The way to figure this out is to go to the store and boot one up with a qubes 
live flash stick.Or to get a hold of the manual and see if it mentions vt-d 
anywhere in it as an option.

Regarding the specific questions you are asking, that is a general hardware 
questions.

https://www.qubes-os.org/doc/system-requirements/

"Fast SSD (strongly recommended)
Intel IGP (strongly preferred)
Nvidia GPUs may require significant troubleshooting.
AMD GPUs have not been formally tested, but Radeons (RX580 and earlier) 
generally work well
See the Hardware Compatibility List
TPM with proper BIOS support (required for Anti Evil Maid)
A non-USB keyboard or multiple USB controllers
Also consider the hardware certification requirements for Qubes 4.x."

I would also recommend at least 16gb of ram.  more if you can afford it.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b036bb46-de42-4e58-b1f9-8f529712a294%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What is the state of automatic updates?

[cooloutac]

On Wednesday, February 20, 2019 at 5:39:09 AM UTC-5, Frank Beuth wrote:
> The documentation is somewhat unclear: which updates can be or are automated, 
> and for which updates do users need to do manual checking? (and can this be 
> turned into a cron job?)
> 
> I checked the qubes-users archive but found conflicting (probably out of 
> date) 
> information.

>From a security point of view I would caution against automatic updates. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d7bda46-188f-4d3f-b82f-55b48577376b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Is it safe to install Qubes4 on laptop used windows10 before?

[cooloutac]

On Wednesday, February 13, 2019 at 3:55:06 PM UTC-5, zxcv...@scryptmail.com 
wrote:
> Hello All,
> 
> I have a laptop from family that is rarely used,but with windows10 installed 
> on it,arguably the most infamous windows version.
> 
> If I install Qubse4.0 on this laptop, would qubes completely wipe windows10 
> away?  
> Since some hardware's ID numbers are registered with microsoft in update 
> process,and maybe even UUID, 
> would microsoft still be able to track this laptop when it's online?
> 
> Second option, is to take off the harddrive with windows10 and change to a 
> completely new one purely for qubes. 
> with the concern above still there-the hard ware records---can microsoft 
> track THIS laptop when it's online?
> 
> * by installed with windows 10 ---I mean it pressed the agree button on 
> microsoft agreement when new laptop 
>   switched on, this stage is offline,
> 
>   and pressed 'update' button, and fully updated with microsoft and 
> registered with it, this part is online.
> 
> Please advi
>  se, thank you

MS wouldn't be able to track you from anything on your hdd. BUt not sure why 
you would be worried about that?   Tor would help keep your location anonymous, 
 but to block browser fingerprints you would probably be better off using 
whonix which has tor browser.  But i'm not really sure how effective it is at 
stopping that.

I think Qubes is more for home desktop security,  not really anonymity.  Maybe 
tails on a flash drive is more for your use case.

 Google is probably tracking you more and actually making money off your 
browsing habits.  But There is nothing wrong with installing Qubes on your 
machine.   I mean are you afraid of Microsoft assassinating you, throwing you 
in jail?  I'm not sure they even make ad money off you unless you are using 
windows 10,  and probably only then when using an MS account on a non hardened 
machine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ed2c0a8-26cd-424e-b9cb-07670df836e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Whonix update error??

[cooloutac]

On Monday, February 18, 2019 at 12:00:53 AM UTC-5, 22...@tutamail.com wrote:
> Mus be the Australian government and the five eyes! 
> 
> I tried it on a clone and it update no issues...tried it on my main templates 
> as-is/no change to http(fromhttps) and they happened to work fine.
> 
> Next time I will consider the option of waiting...
> 
> Xaver&awoked...you rock! Thx...

Yes you are targeted way more with MITM attacks when updating with tor I've 
learned.  You really have to pay attention to any notifications before hitting 
Yes.  Such as invalid signature, etc...  But even the best of us can hit y by 
accident.  

Sometimes when I have issues updating.  I will update from qubes-manager,  or I 
will update manually from console,  which sometimes will give different 
results.  For examplesometimes will notice a notification on one but not the 
other.

I think this is the biggest way to attack qubes users.  Through updates. Its 
what Spengler threatened Joanna with.Especially dom0 updates you need to be 
extra careful.  Most of us have hardware thats already screwed, imo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc55bd2a-6eeb-4e28-88fe-452a36e8e389%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

[cooloutac]

On Thursday, February 21, 2019 at 4:16:52 PM UTC-5, Patrick Schleizer wrote:
> cooloutac:
> > I read that whonix thread.  Still not sure why whonix doesn't have a 
> > canary.  What could it hurt?  Any aspect of the project could be 
> > compromised for any reason.   Thats the same as people saying I have 
> > nothing to hide so why worry.  In the other thread Patrick says US laws 
> > affect all countries.
> > 
> > Patrick banned me from the forums too once a long while ago.  I told him 
> > I'd never post there again and never did. lol.
> 
> "banned" is wrong. Ban referring to a block from posting to Whonix
> forum. That was never the case.
> 
> Reference:
> 
> https://forums.whonix.org/t/forward-and-reverse-dns-dont-match-up/2147

Ok well then I banned myself before flipping out lol.  I'm sure I have more 
threads then that.  

 But I for one wouldn't trust you the same as trusting someone like Marek.  And 
thats what it boils down to.  You are a little too emotional and have multiple 
agendas in your life.  But at least you're not as bad as the subgraph os guy.  
And hey I wouldn't trust me if I was running a project either lol.

Nor would I trust it as much as a project like debian that has so many more 
free software eyes on it.

Everytime I came to you with a problem you had an attitude.  I never 
experienced that on qubes forums.  And  updating whonix is so sketchy and such 
a pain in the ass I gave up on it.  I have no need for it.  I think it creates 
more security problems then it solves in qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d781fe36-bb77-48a7-ac4c-1f0901713684%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Broadcom wireless driver issue.

[moore61989]

I have the same wireless chipset BCM4331 and just got it working. I'm using 
Qubes 4, Fedora 29, and kernel 4.19.15-1. Below are the steps to get it 
working. Make sure the pci card is detached.

On my system the BCM4331 card is dom0:04_00.0

Create a new vm, so we have the same settings. Use AppVM, fedora-29 as the 
template and check provides networking. Set your virtualization mode to HVM.

Start the vm and open a terminal.


[vm]
$ sudo dnf update
$ sudo dnf install gcc-plugin-devel bison flex patch
$ cp -r /lib/modules/($uname -r)/build /tmp/build
$ make -C /tmp/build gcc-plugins
$ git clone https://github.com/fabiomartino/broadcom-wl.git
$ cd broadcom-wl/
$ wget 
https://docs.broadcom.com/docs-and-downloads/docs/linux_sta/hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz
$ tar zxvf hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz
$ patch -p1 < linux-415.patch
$ make -C /tmp/build M=$PWD
$ sudo cp -a /lib/modules /rw/modules
$ sudo mkdir /rw/modules/$(uname -r)/kernel/drivers/net/wireless/broadcom/wl
$ sudo cp wl.ko /rw/modules/$(uname -r)/kernel/drivers/net/wireless/broadcom/wl/
$ sudo mount --bind /rw/modules /lib/modules
$ systemctl --no-block restart systemd-udevd
$ sudo depmod -a
$ sudo modprobe wl

Next you need to edit your /rw/config/rc.local file and add the following 4 
lines:
mount --bind /rw/modules /lib/modules
systemctl --no-block restart systemd-udevd
rmmod b43 ssb bcma
modprobe wl

$ sudo chmod +x /rw/config/rc.local
$ poweroff


Add the pci card to the vm with permissive=true
[dom0]
$ qvm-pci attach --persistent --option permissive=true  dom0:04_00.0
$ qvm-start 

Now check to see if you scan for networks. With this card you cannot spoof the 
MAC address.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca8d6d64-e784-4219-9119-6b7b50b563fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to connect to usb tethering of my mobile to sys-net qube

[acharya . sagar . sagar5]

Stuart, I read things on tethering earlier and there's no clear indication that 
the people were able to solve the problem and get the connection. So I have 
ordered a WiFi adapter and I'll install it in a couple of days reading relevant 
sources. Regarding USB, there's a nice GUI + sign tool on top right corner in 
R4 which I intend to use and nothing more. Once you plug in a USB device, it is 
detected in the tool and I'll distribute the trusted and untrusted ones in 
different qubes.
Also, I have 8 usb buses. So I can use different ones to connect to different 
VMs.

unman, there's no difference in both responses tethered and untethered here. I 
executed qvm-usb and qvm-device ls
Got

BACKEND:DEVID DESCRIPTION USED BY
&
Got empty response from qubesd. See journalctl in dom0 for details

respectively. Why don't I connect devices to sys-net? Again quoting the Joanna 
article above.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/879b75f0-f390-430e-bb3a-8a3460aaa484%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] X1C6 Undervoltong?

[dexinthecity]

Has anyone been successful in undervolting the X1C6 if so please post your 
steps. Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b5d313c-26cd-4495-9fff-72de89374322%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to connect to usb tethering of my mobile to sys-net qube

[unman]

On Thu, Feb 21, 2019 at 05:25:52AM -0800, acharya.sagar.sag...@gmail.com wrote:
> I don't have a sys-usb. If I assign my usbs to sys-usb, then how will the net 
> VM have access to it?
> Also according to Joanna here, networking stacks lie in NetVM
> https://blog.invisiblethings.org/2017/10/03/core3.html
> So I want to move my USB bus of the mobile connection to sys-net. When I 
> tried the command
> 
> qvm-pci -a sys-net 08:00.3 
> which is the address of my usb bus, it shows error regarding 'sys-net'
> 
> Also,
> Under dom0, when I execute commmand
> qvm-block
> With tethered usb it doesn't show any device and without tethered usb, it 
> shows
> 
> dom0:sr0  File-Stor_Gadget (CDROM)
> which means once I start tethering, the USB connection somehow dissappears.
> 
> Thanks Stuart
> 
Are you trying to attach pci device to a running sys-net? Dont.
(What was the error you got?)

qvm-block shows (as the name suggests) block devices.
qvm-usb or qvm-device may be of more help in this context.
Post output from those commands tethered and non-tethered.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190222113147.pk7lmyqbhife6scf%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes for enterprise usage

[unman]

On Fri, Feb 15, 2019 at 12:23:28PM -0800, tggrps wrote:
> Hi all,
> 
> Did anyone try to use Qubes for enterprise use cases? e.g. for securing 
> access to sensitive resources? How did that end up?
> 
> Last time I looked at Qubes, it didn't have enterprise manageability features 
> and required users to be familiar with Linux, which is not always the case 
> with enterprise users. The HCL is also a bit of a concern as enterprise 
> laptops might not well support Linux (audio/video/docking stations/wifi/power 
> management...).
> 
> Details about your experience with Qubes today for enterprise users (either 
> power users or simple users) would be helpful!
> 
> Thanks!

Qubes has salt stack and some features for manageability.
Look here:
https://www.qubes-os.org/doc/salt
https://www.qubes-os.org/news/2017/06/27/qubes-admin-api

It does not require *users* to be familiar with Linux, but undoubtedly
admins do. I don't know what a power user is.
Sensible selection from the HCL make the choices somewhat limited, but
workable.
I know some SMEs that use Qubes, but the sysadmins are extremely
competent in Linux and Xen.
The biggest blocker to widespread adoption is the somewhat sketchy
support for Windows imo. (Win 7 support is generally good, but later?)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190222112325.rvjzhijhnzugmfgc%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Some VMs on an external disk (unavailable at boot)

[unman]

On Tue, Feb 12, 2019 at 07:37:51PM -0500, preill...@gmail.com wrote:
> 
> 
> There was a page called this that I referred to. 
> https://www.qubes-os.org/secondary-storage
> 
> I don't see that page today.
> 

It's at https://www.qubes-os.org/doc/secondary-storage

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190222110855.3n2fahhvdcuhwpve%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to set individual VM swap?

[unman]

On Fri, Feb 22, 2019 at 10:11:42AM +, 'awokd' via qubes-users wrote:
> Eric:
> > R4.0 I must be missing something - really quite
> > basic - cannot see how to change the fixed 1GB
> > allocation of swap to each VM on its volatile
> > volume at startup. This is much too small for a
> > larger VM - eg a 6GB f29 VM running leaky
> > software, I notice Swap: 0.0 free and it is then
> > not long before the biggest memory hog gets the
> > bullet from the kernel - out of memory - when
> > the VM is nowhere near thrashing.
> > 
> > I expected either a fixed value for swap or a
> > ratio to maxmem exposed by qvm-prefs. Ratio
> > makes more sense as then inheriting a default
> > from the template should work.  Should be on
> > Qubes Manager/Settings/Advanced tab under maxmem
> > as well.  Is opening an issue warranted?
> > 
> > In the mean time where is this constant defined?
> > 
> > Thanks, Eric
> > 
> https://github.com/Qubes-Community/Contents/blob/master/docs/misc/iaq.adoc#how-can-i-provision-a-vm-with-a-larger-non-standard-swap-and-tmp

The 1G is the partition size set for /dev/xvdc1
Since /dev/xvdc is 10G in size and only 1G is allocated to swap, an
alternative (better?) would be to use that space.
/sbin/swapoff -a
/sbin/parted /dev/xvdc rm 1
/sbin/parted /dev/xvdc mkpart primary 0 10G -s
/sbin/swapoff -a
/sbin/mkswap /dev/xvdc1
/sbin/swapon -a

You can put this directly in to /rw/config/rc.local and it will
reprovision swap on boot, with little effect on boot time.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190222105740.g2t5wrix732j7jzd%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to set individual VM swap?

['awokd' via qubes-users]

Eric:

R4.0 I must be missing something - really quite
basic - cannot see how to change the fixed 1GB
allocation of swap to each VM on its volatile
volume at startup. This is much too small for a
larger VM - eg a 6GB f29 VM running leaky
software, I notice Swap: 0.0 free and it is then
not long before the biggest memory hog gets the
bullet from the kernel - out of memory - when
the VM is nowhere near thrashing.

I expected either a fixed value for swap or a
ratio to maxmem exposed by qvm-prefs. Ratio
makes more sense as then inheriting a default
from the template should work.  Should be on
Qubes Manager/Settings/Advanced tab under maxmem
as well.  Is opening an issue warranted?

In the mean time where is this constant defined?

Thanks, Eric


https://github.com/Qubes-Community/Contents/blob/master/docs/misc/iaq.adoc#how-can-i-provision-a-vm-with-a-larger-non-standard-swap-and-tmp

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ffcea6cd-c18d-a5d1-261e-c7633d4b6339%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.