[qubes-users] Instability with video and graphics in fedora-30

2019-06-28 Thread Andrew Todd
Hi,

I've recently updated to a fedora-30 + rpmfusion template for many of my 
AppVMs. I've begun to experience a lot of instability in the following 
situations:

* mpv playing video (often segfaults even before playback starts)
* vlc playing video (often segfaults before playback starts)
* Firefox rendering Google Maps -- I suspect this uses WebGL? (performance 
significantly degraded, occasionally the browser locks up)
* Firefox rendering video (occasionally the browser stops responding)

I double-checked my dom0 configuration against this page:
https://www.qubes-os.org/doc/intel-igfx-troubleshooting/

and in fact I even switched from the Xorg Intel driver to the modesetting 
driver (see https://github.com/QubesOS/qubes-issues/issues/4782) after I 
noticed from the Xorg log that there seemed to be some issues with my graphics 
card and the Intel driver. That didn't make much of a difference.

I've confirmed that it's something in the template: if I switch those AppVMs 
back to fedora-29 + rpmfusion, the problems go away. However I'm not really 
sure where to look from here to continue debugging. I'd appreciate any advice. 
Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a36c76a5-9fa1-4436-93b2-5870a388db92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Quick question please, need help!

2019-06-28 Thread Jon deps

On 6/27/19 10:01 AM, Sphere wrote:

The general idea is correct
If dom0 gets pwned then everything else can be pwned and stolen, including your 
data
pwning dom0 properly and successfully however, is not trivial because dom0 has 
no direct access to network hardware to communicate in the first place and 
malicious actors would need malware to communicate directly to the C2 server 
for commands.

What's great about qubes is the fact that with proper hardening, it becomes 
very resilient thanks to the fact that it follows a 0-trust model.




just curious what "proper hardening"  you  do  (Sphere)


maybe the argument is are you "safer" using hypervisors   , because 
'qubes' isn't really an  traditional  OS  of course


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3938aafb-d997-d535-9031-d23091f59481%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS Installation Resolution

2019-06-28 Thread Jon deps

On 6/28/19 7:56 AM, 'awokd' via qubes-users wrote:

'[NOTIFICATION]' via qubes-users:

The problem is the ease of convenience when it comes to to eh various VM 
instances. As a new user to QUBES OS, it seems more complicated than usual. One 
of the main issues was the ethernet tethering passthrough. That was so 
difficult to set up due to the lack of or vague instructions. QUBES OS should 
have a more user friendly interface or framework. While it does seem simple as 
it can get, The ability to maneuver in the infrastructure can be confusing. 
Sometimes just using VIRTUALBOX can seem much more easier because of its visual 
compartmentalization. Along with the extension pack to share data between, 
QUBES OS does not have this setting options. In QUBES OS, you have to do it 
each time? Anyways, hope to some QUBES OS improvement in terms of interface and 
ease of use?


Glad you were able to get it installed and try it out. 8GB should be
sufficient- I wonder if it's not a bad stick. I missed having a
graphical representation of networking too, when I came to Qubes from
other OS/virtualization products.

Not sure what you mean by ethernet tethering passthrough in context of
Qubes. What were you trying to do, and where did you have trouble?





Along with the extension pack to share data between, QUBES OS does not 
have this setting options. In QUBES OS, you have to do it each time?


you probably are not going to get far comparing VBox  and  Qubes, I 
believe your talking about VB extensions to do things.


Qubes are designed Not to share easily, I think that is the point. So, 
if your wanting a permanent data sharing between Qubes, afaik, not 
possible, what would be the point ?


maybe you can make a  HVM and install VBox on it and see how far you get
https://www.qubes-os.org/doc/hvm/

it's probably as complicated as you make it

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8236422-17d2-e8df-0051-afe0501b5694%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to get network adapter working

2019-06-28 Thread Chris
> Do remember to run backups, though. EXT3 on thin LVM is not
> as resilient as NTFS, for example.

Thanks for the reminder!

> For a canonical answer, you might try the qubes-devel mailing list since
> they get more in-depth.

Will try to ask over there.

Thanks much!
Case closed

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f90b3ad-af50-4913-83cb-7d444a0ba9d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes update servers down?

2019-06-28 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Jun 29, 2019 at 12:45:51AM +0200, Marek Marczykowski-Górecki wrote:
> On Fri, Jun 28, 2019 at 09:43:19PM +, mossy wrote:
> > Hi,
> > 
> > Updating my qubes templates (debian-9, fedora-29/-30, whonix-14) have
> > been failing all day with `Failed to synchronize cache for repo
> > 'qubes-vm-r4.0-current'`
> > 
> > There's also this bug report:
> > https://github.com/QubesOS/qubes-issues/issues/5130
> > 
> > Any updates?
> 
> Indeed there is some problem. Working on it, should be back in few
> minutes (hopefully).

Took more than few minutes, but it's back online.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0Wst0ACgkQ24/THMrX
1yzgeAgAhuKNpNEVUnRHqjlikyunb8imNWOWGyGVtli9v4XKDLCqSUt0BP+TVy+D
ARg/Q6xMXKkDO7Gyn65bvjhogsqb/W6cupgRVroupu0Vjlxqo7slI6T7KyW58170
d9ej1vE9HFY594Ge77iA9xu+Ty02g49tLTYTbWgy1wZqp4fAR3ocBqFaY+y5+ZrK
3S34c1vNXrAuwfPLT/mxQBo8wkFR8WmS1zth0/zQ/XQ3EOaMHqFnihmYg8USdiik
efXXpayG1wo90IlUmvKe8j+eLz7M/5oSurt5ioZlqt6AjZUUAwXQN7nuBGuQnroX
SbXwFbsZvY/eD7IsnW6h6OHdJtEnmg==
=M6XH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190629003747.GY1423%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0.1 Installation To Emergency

2019-06-28 Thread Daniil Travnikov
Also you can try a Rufus instead of the Etcher if you doing this from Windows.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f9d184f-b0f5-4e9e-bf39-6c6e98522350%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Install on an up to date Macbook

2019-06-28 Thread Daniil Travnikov
Do not leave this thread after your any steps (successful or not) because I 
want to buy Macbook 12-inch for Qubes OS in near future. And I will keep my 
eyes on this thread. Thank you in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aada683d-0c3c-42fa-ab60-7b54a1356e19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes update servers down?

2019-06-28 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jun 28, 2019 at 09:43:19PM +, mossy wrote:
> Hi,
> 
> Updating my qubes templates (debian-9, fedora-29/-30, whonix-14) have
> been failing all day with `Failed to synchronize cache for repo
> 'qubes-vm-r4.0-current'`
> 
> There's also this bug report:
> https://github.com/QubesOS/qubes-issues/issues/5130
> 
> Any updates?

Indeed there is some problem. Working on it, should be back in few
minutes (hopefully).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0WmJsACgkQ24/THMrX
1ywIKgf/Z/prJo24uRatUhvLMkCNViL0gNGAd5aRNxpRRF2GYM6sJbN6s+mTeezR
9VOGLKF1CyiQfY1PVYNrJub7p5YabYH2fiAQdOe2ynTYrPjNiob8K9lYHapnnTwl
azMDv3b9eGq6xZOTPfUeAYCCqQ0qB3fFWnft2mJpVAYY1j+PIZhuH885SEavpwZZ
seDcvbUWMFhNfpLDf589N0+mzGYa9zJ1r6ux99f2yUK+jOLDy/B7Y65vf1Vqoh6v
xrbb4HdwPZxvScmey1me/j0uYLCGM9rSXo1ezzqcVCoC+riE3sxJiFen8yz+U7xa
Tkvul/sOHLkhaoXbkXpdepizLHb66A==
=pD2m
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190628224547.GA16142%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes update servers down?

2019-06-28 Thread mossy
Hi,

Updating my qubes templates (debian-9, fedora-29/-30, whonix-14) have
been failing all day with `Failed to synchronize cache for repo
'qubes-vm-r4.0-current'`

There's also this bug report:
https://github.com/QubesOS/qubes-issues/issues/5130

Any updates?

thank you!

-m0ssy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9392427-89a4-d86f-83ee-513c6ed22046%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How do I choose the right controller for Opt Drive in Win7 Qube?

2019-06-28 Thread 'awokd' via qubes-users
oak2...@gmail.com:
> On Friday, June 28, 2019 at 12:21:09 PM UTC-4, oak...@gmail.com wrote:
>> Hi, I'm trying to assign the opt drive controller to the Win7new Qube so I 
>> can use an install cd to install windows in the qube, but I can't figure out 
>> which one the optical drive controller is. How do I figure it out? 
>>
>> I tried using command line to attach it (as per Qubes instructions) with:
>>
>> qvm-start my-new-vm --cdrom=/dev/cdrom
>>
>>  But gave me error "Valueerror: not enough values to unpack (expected 2, got 
>> 1)
>>
>> So my plan was to attach it in manager then start the qube and it should 
>> boot up from the cd in the win qube, but can't find the controller.
> 
> Tried to install from iso on a usb drive but get error "Failed to setup loop 
> device".  I'm lost.
> 
Try this except with the path to your USB drive, assuming you have it
mounted in "untrusted":
qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new

Also, follow https://www.qubes-os.org/doc/windows-vm/ if you aren't already.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8853a1f6-7b15-9506-7992-855f4d3dfc1f%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How do I choose the right controller for Opt Drive in Win7 Qube?

2019-06-28 Thread oak2572
On Friday, June 28, 2019 at 12:21:09 PM UTC-4, oak...@gmail.com wrote:
> Hi, I'm trying to assign the opt drive controller to the Win7new Qube so I 
> can use an install cd to install windows in the qube, but I can't figure out 
> which one the optical drive controller is. How do I figure it out? 
> 
> I tried using command line to attach it (as per Qubes instructions) with:
> 
> qvm-start my-new-vm --cdrom=/dev/cdrom
> 
>  But gave me error "Valueerror: not enough values to unpack (expected 2, got 
> 1)
> 
> So my plan was to attach it in manager then start the qube and it should boot 
> up from the cd in the win qube, but can't find the controller.

Tried to install from iso on a usb drive but get error "Failed to setup loop 
device".  I'm lost.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f72bd05-f5f5-435a-a39f-9a25213d7d2f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Pass Capita with Tor

2019-06-28 Thread Claudia

ehag...@gmail.com:

Den torsdag 27 juni 2019 kl. 10:49:43 UTC-4 skrev eha...@gmail.com:

This takes som explanation. With capita I mean that box that comes up when 
preforming a registration or setting up a new account at a webbpage. In order 
to confirm thar youre not a robot and so on.

I tried this with my Tor browser and just dont work out. I tried it a number of 
times an eventually realized that the browser is the problem.

Why is that and can be don about it

Thanks for youre time and suport



when registering on new webbpage Its often obligated to confirm that you're not 
a robot. Typically this is done ny klicking on imagrd of busses or what ever. 
Untill there are non left.

I tride doing this with Tor and it just doent work! Dosen any one else has the 
same experience

And what can be done about it

Im relay puzzled by this!

And woud like to know what youre all make of it


Best regards



This is a very common problem. Not sure what you mean by "it doesn't 
work," but for me reCaptcha usually just never ends. It has me select 
busses, then traffic lights, then store fronts, whatever, and just 
repeats until I give up.


There's no solution that I'm aware of. Depending on the captcha service, 
you might be able to do the audio captcha (for blind people) instead, 
although I've never had much luck with it and I don't know if reCapcha 
still offers one.


Also, you can try setting the slider to "Standard". It might allow the 
site to detect more browser features, and not give you so many 
challenges. If you're really lucky, you might just get the "I'm not a 
robot" checkbox.


Also, someone might be able to help you better on one of the Tor mailing 
lists. https://lists.torproject.org/




-
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a8c5f7b-850b-623f-e4d3-306f4ed5db68%40vfemail.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] How do I choose the right controller for Opt Drive in Win7 Qube?

2019-06-28 Thread oak2572
Hi, I'm trying to assign the opt drive controller to the Win7new Qube so I can 
use an install cd to install windows in the qube, but I can't figure out which 
one the optical drive controller is. How do I figure it out? 

I tried using command line to attach it (as per Qubes instructions) with:

qvm-start my-new-vm --cdrom=/dev/cdrom

 But gave me error "Valueerror: not enough values to unpack (expected 2, got 1)

So my plan was to attach it in manager then start the qube and it should boot 
up from the cd in the win qube, but can't find the controller.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8a3f67e-7d35-4e0a-b5e5-0c507c5e5a34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Pass Capita with Tor

2019-06-28 Thread unman
On Fri, Jun 28, 2019 at 04:31:01AM -0700, ehag...@gmail.com wrote:
> Den torsdag 27 juni 2019 kl. 10:49:43 UTC-4 skrev eha...@gmail.com:
> > This takes som explanation. With capita I mean that box that comes up when 
> > preforming a registration or setting up a new account at a webbpage. In 
> > order to confirm thar youre not a robot and so on. 
> > 
> > I tried this with my Tor browser and just dont work out. I tried it a 
> > number of times an eventually realized that the browser is the problem.
> > 
> > Why is that and can be don about it
> > 
> > Thanks for youre time and suport
> 
> 
> when registering on new webbpage Its often obligated to confirm that you're 
> not a robot. Typically this is done ny klicking on imagrd of busses or what 
> ever. Untill there are non left.
> 
> I tride doing this with Tor and it just doent work! Dosen any one else has 
> the same experience
> 
> And what can be done about it 
> 
> Im relay puzzled by this!
> 
> And woud like to know what youre all make of it 
> 
> 
> Best regards  
> 

There is long standing issue with Tor and captchas.

You are likely being prompted because the "protector" ( google or
cloudflare) flag your Tor exit node as suspicious.
You find it difficult to complete because of the security features set
in Tor Browser.
Because you dont explain *how* "it just doesnt work", it's difficult to
help you.

You can try changing the security settings for the site, (and for google
sites for their captchas); sometimes, using a different exit node will
help; sometimes , installing helper applications - cloudflare offers
link to one.
Nothing here is Qubes specific, and you can find plenty of advice by a
simple search.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190628141837.fh7p2pwit2ym3itu%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Pass Capita with Tor

2019-06-28 Thread ehage39
Den torsdag 27 juni 2019 kl. 10:49:43 UTC-4 skrev eha...@gmail.com:
> This takes som explanation. With capita I mean that box that comes up when 
> preforming a registration or setting up a new account at a webbpage. In order 
> to confirm thar youre not a robot and so on. 
> 
> I tried this with my Tor browser and just dont work out. I tried it a number 
> of times an eventually realized that the browser is the problem.
> 
> Why is that and can be don about it
> 
> Thanks for youre time and suport


when registering on new webbpage Its often obligated to confirm that you're not 
a robot. Typically this is done ny klicking on imagrd of busses or what ever. 
Untill there are non left.

I tride doing this with Tor and it just doent work! Dosen any one else has the 
same experience

And what can be done about it 

Im relay puzzled by this!

And woud like to know what youre all make of it 


Best regards  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea4395f1-a9c6-4178-bf9e-d9310fcc1888%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Windows Seamless Mode

2019-06-28 Thread 'Epinsion Polickye' via qubes-users
Just reinstalled qubes - haven't used it for five months.

Very impressed with how Windows has come along. I have been able to get it 
working (after some tinkering) in seamless mode with some stability! First time 
I have seen it work for me, or on qubes 4 at all.

A few things that threw me:
- Not reading the readme and restarting the qubes windows tools installer 
prematurely
- The VM was crashing. I disabled the page file, set RAM to be static at 2G, 
and disabled windows time. Also in sysdm.cpl set the display to best 
performance, then enabled visual styles, smoothed fonts, and allowing windows 
contents while dragging.

Great work qubes team. Time to plan purchasing a Lenovo X1 extreme at full 
specs now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85c42792-1c96-421b-8fbb-b6b04c714739%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to get network adapter working

2019-06-28 Thread 'awokd' via qubes-users
Chris:
>> I will do a fresh install and confirm again that disabling msi does the 
>> trick.
> 
> Confirmed. I tweaked the command a bit because it removed the default kernel 
> options.

Depending on hardware, getting Qubes up and running can sometimes be the
hardest part of using it. In comparison, the rest should be smooth
sailing. :) Do remember to run backups, though. EXT3 on thin LVM is not
as resilient as NTFS, for example.

>> qvm-prefs sys-net kernelopts "nopat iommu=soft swiotlb=8192 pci=nomsi"
> 
> Any idea if this would introduce any security vulnerabilities?
> 
I've looked at the Xen/Qubes PCI virtualization code when
troubleshooting a similar issue with interrupts on one of my systems.
IIRC, MSI and standard interrupts get handled the same way and processed
through the same code base, so I don't see any difference in exposure.
For a canonical answer, you might try the qubes-devel mailing list since
they get more in-depth.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3826c678-f998-1a7d-f0ee-b8a75243cf98%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes OS Installation Resolution

2019-06-28 Thread 'awokd' via qubes-users
'[NOTIFICATION]' via qubes-users:
> The problem is the ease of convenience when it comes to to eh various VM 
> instances. As a new user to QUBES OS, it seems more complicated than usual. 
> One of the main issues was the ethernet tethering passthrough. That was so 
> difficult to set up due to the lack of or vague instructions. QUBES OS should 
> have a more user friendly interface or framework. While it does seem simple 
> as it can get, The ability to maneuver in the infrastructure can be 
> confusing. Sometimes just using VIRTUALBOX can seem much more easier because 
> of its visual compartmentalization. Along with the extension pack to share 
> data between, QUBES OS does not have this setting options. In QUBES OS, you 
> have to do it each time? Anyways, hope to some QUBES OS improvement in terms 
> of interface and ease of use?

Glad you were able to get it installed and try it out. 8GB should be
sufficient- I wonder if it's not a bad stick. I missed having a
graphical representation of networking too, when I came to Qubes from
other OS/virtualization products.

Not sure what you mean by ethernet tethering passthrough in context of
Qubes. What were you trying to do, and where did you have trouble?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d8901a93-3191-393e-59d6-1214218b8082%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes - Critique (long)

2019-06-28 Thread Sphere
About corruption and reliability of data being stored, regardless of whether or 
not it is sensitive data or day to day files, is not entirely the 
responsibility of the Qubes OS itself. There are many factors to consider, the 
software being used, the filesystem being used, the components of the distro 
being used, and etc.

This is based on my personal experience on using qubes on a daily basis for 
almost over a year already.

So far I've only encountered corruption of data through the use of 
qvm-copy/qvm-move commands to move stuff from vm to vm and this is a rare case 
too since it probably only happens once or twice over a hundred times. With 
this in mind, the LVM thin fs of Qubes I believe, is extremely reliable.

So with that I believe the problem most likely leans more towards the software 
that you are using, with respect to the distro that you are using as well.

I haven't had much trouble using any software so far in my experience of using 
qubes provided they have the right dependencies installed, with respect to my 
usage of fedora minimal template.

Despite that however, I agree with your sentiment about USB devices and the 
detaching notification though I am not entirely dependent on it since I can go 
ahead and confirm myself whether or not the usb device was detached by running 
"sudo lsblk" on the qube where the USB was attached and on the sys-usb qube 
itself. Convenience-wise, it is bad yes and there is definitely room for 
improvement.

Also mind you that flash is a HUGE BLOB of SECURITY RISK. If you're using qubes 
for security reasons then using flash is really counterproductive against it 
not unless you really know what you're doing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94143ecf-7500-41e0-8d9b-ab6f154dad02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Fitlet2

2019-06-28 Thread Chris
1. Installation was smooth except for the following error:

> The following error occurred while installing the boot loader. The system will
> not be bootable. Would you like to ignore this and continue with installation?
> 
> failed to set new efi boot target


Issue solved by manually creating boot entry (using another live distro) in EFI 
firmware as mentioned in #4 of 
https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty

> efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1 
> "placeholder /mapbs /noexitboot"

2. All network ports (2 built-in + 2 expansion) stuck in reset cycle when cable 
is connected.

Issue seems to be related to MSI and MSI-X interrupts as disabling it solves 
the problem. See https://groups.google.com/forum/#!topic/qubes-users/U6Dw9WuYcXo

> qvm-prefs sys-net kernelopts "nopat iommu=soft swiotlb=8192 pci=nomsi"

3. HDMI works.

4. Audio through HDMI works. The built-in 3.5mm line-out not working.

5. USB3.0 and 2.0 ports working

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3321343-ab5b-49c7-98c1-93115148d418%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Compulab-fitlet2-20190628-135505.yml
Description: Binary data


Re: [qubes-users] TemplateVM updates almost instantly fail when target is VPN qube but dom0 updates run just fine

2019-06-28 Thread Sphere
On Thursday, June 27, 2019 at 11:44:51 AM UTC, unman wrote:
> On Wed, Jun 26, 2019 at 10:12:40PM -0700, Sphere wrote:
> > @unman: thanks for that
> > I also noticed that qubes-updates-proxy.service fails by default on startup 
> > and I'm unsure if that is a minimal template-only problem but I was able to 
> > fix it thanks to it indicating that the problem is a missing folder: 
> > /var/run/qubes-service/qubes-updates-proxy
> > 
> > Pretty much the same problem that I get with clocksync service thankfully 
> > so I was able to confirm that this service was running as intended
> > 
> > systemctl status qubes-updates-proxy:
> > qubes-updates-proxy.service - Qubes updates proxy (tinyproxy)
> >Loaded: loaded (/usr/lib/systemd/system/qubes-updates-proxy.service; 
> > enabled;
> >  vendor preset: enabled)
> >Active: active (running) since Thu 2019-06-27 12:06:14 +08; 2s ago
> >   Process: 1603 ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start 
> > (code=e
> > xited, status=0/SUCCESS)
> >  Main PID: 1608 (tinyproxy)
> > Tasks: 3 (limit: 414)
> >Memory: 4.1M
> >CGroup: /system.slice/qubes-updates-proxy.service
> >??1608 /usr/bin/tinyproxy -d -c 
> > /etc/tinyproxy/tinyproxy-updates.conf
> >??1609 /usr/bin/tinyproxy -d -c 
> > /etc/tinyproxy/tinyproxy-updates.conf
> >??1610 /usr/bin/tinyproxy -d -c 
> > /etc/tinyproxy/tinyproxy-updates.conf
> > 
> > Jun 27 12:06:14 redacted systemd[1]: Starting Qubes updates proxy 
> > (tinyproxy)...
> > Jun 27 12:06:14 redacted systemd[1]: Started Qubes updates proxy 
> > (tinyproxy).
> > Jun 27 12:06:14 redacted tinyproxy-wrapper[1608]: Found tinyproxy at 
> > /usr/bin/tinyproxy
> > 
> > Despite this however, the problem still persists and still behaves the same 
> > even after trying dnf update for 5 times
> > 
> > I think is right about the fact that there is a bug about this
> > 
> > @Chris I think you may be right about the fact that this is a bug and I 
> > guess it's time to escalate it into an issue in github. I'm willing to lend 
> > a helping hand in making the issue as needed.
> > 
> > My setup is all fully dependent on variations of fedora-30-minimal template 
> > that I have tailored depending on use-case of the AppVM that would be using 
> > it.
> > 
> 
> Like Chris, I use a separate qube for updates.
> Unlike you and Chris I don't see the behaviour you report.
> 
> Let's try to dig in before raising a bug report.
> 
> I've tested this with 30-minimal template 201905071541 and 201906241949,
> from stable and testing.
> I've tested against dom0 stable and dom0 testing: both fully updated.
> Test boxes are an old x230 and a custom rig with X-series CPU and 32G RAM.
> 
> In all cases, the proxy is started as appropriate, and the update
> process (from fedora 29 and 30-minimal) waits until proxy is up and then
> proceeds.
> 
> What hardware are you, Sphere and Chris, running?
> 
> Sphere - if you create a dedicated update qube using the 30-minimal with
> qubes-core-agent-networking installed,
> enable the qubes-updates-proxy service, route it through
> sys-firewall, and edit the policy file appropriately, do you see the
> same behaviour? (Almost instant fail)
> What if you start the new update proxy before attempting a 'dnf update'?
> 
> unman

Big update: I was able to solve the problem
What I essentially did:
1. Ensure to run the Update Qube first
2. Confirm and ensure that the qubes-updates-proxy is already running after the 
qube is started. qubes-updates-proxy was listed and set as checked in the 
services tab of Qubes Settings GUI before starting the update qube.
checking was done through the `systemctl status qubes-updates-proxy` command.

3. Ensure that qubes.UpdatesProxy policy file is configured correctly before 
starting the templateVM
4. Ensure that DNS queries are resolving in the update qube
5. Start the templateVM and try to do a dnf update

One big thing to note here is that I encountered the problem after step 4 and 
was able to solve it by ensuring that my update qube is able to properly 
resolve DNS queries but I have to say that what's unique in my situation is 
that I use DNSCrypt for resolving DNS queries.

So basically, the problem was solved after I ran DNSCrypt on the update qube.
Admittedly that was kinda dumb on my part to not realize that the f30 template 
definitely needs to have DNS resolutions to do updating along with that fact 
that I have already blocked all plaintext DNS from going out.

However, I can't quite remember whether or not I had DNSCrypt running on the 
update qube last time I tested it so there's a possibility that strictly doing 
the first 2 steps that I did contributed greatly in solving the problem.

For the purpose of troubleshooting this problem however, the qube that I used 
to update and the qube that I used for VPN is one and the same. I guess I'll 
try to use separate ones next week to see how it goes (I have none to very 
minimal online 

[qubes-users] Re: Unable to get network adapter working

2019-06-28 Thread Chris
> I will do a fresh install and confirm again that disabling msi does the trick.

Confirmed. I tweaked the command a bit because it removed the default kernel 
options.

> qvm-prefs sys-net kernelopts "nopat iommu=soft swiotlb=8192 pci=nomsi"

Any idea if this would introduce any security vulnerabilities?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddc16187-b4b6-4b21-96cc-620cb523a6c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.