Re: [qubes-users] Is there a standard procedure to reinstall whonix?

[Achim Patzner]

Am 07.06.2016 um 01:02 schrieb Andrew David Wong:


I'm not sure if I understood the proposed two changes


Steps 1 and 2: If someone starts poking around in sys-whonix, changing 
settings arbitrarily and it suddenly fails to work one has to assume 
that it isn't secure anymore. So instead of preserving sys-whonix and 
anon-whonix they should be deleted and replaced, too.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57565D3C.6030801%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Remnder: Ubuntu-template anyone?

[Achim Patzner]

Hi!


Has anybody had success getting a Ubuntu template compiled? Even at 16.04?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba7cec7c-2896-19ab-ea9c-c9fa3cf98d55%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to install clean template?

[Achim Patzner]

Am 09.06.2016 um 12:09 schrieb Andrew David Wong:
> On 2016-06-09 00:09, Albin Otterhäll wrote:
> > Is it considered god practice to only use copies of the default
> > templates?
>
> Yes.

There is some grey area around that. Some tools just have to be there
for you to feel well. In my case it's things like "no unix without joe".
On the other hand side there is a lot of stuff I would never haven in
/usr of a "minimally comfortable" baseline installation.

Essence: If you know what you're doing there is nothing wrong with
creating your own templates and use them all over the system. And remove
the templates that came with the installation.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9982f2df-79fa-b25c-597e-ae617b963eb2%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Windows 7 virtual graphics card

[Achim Patzner]

Am 09.06.2016 um 08:46 schrieb Drew White:

> On Thursday, 2 June 2016 21:24:02 UTC+10, Achim Patzner wrote:
>
> Is there a way to provide a virtual graphics card that will support
> 3840*2160 pixels? I'm having serious problem to see anything using a
> Windows 7 HVM at 257 dpi...
>
> Either install the tools and go Seamless, OR alter the settings to
> have the text and all larger.

Great idea. Then you've got a stamp-sized window with very few but
readable characters. That's making work much easier.

I'll rephrase my question: Does anyone have an idea how to get a Windows
HVM to provide a window of more than 2560*1400 pixels, no matter which
size the pixels are? (Obviously things are _much_worse for people using
a 15" display at > 300 dpi).

> Or else just use a lower resolution.

An even greater idea. That's ok if your competition is a zSeries
mainframe. It sucks if your competition is Mint or Ubuntu.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b086227-fcfe-2c69-c5dc-95443262c2d8%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing additional firmware

[Achim Patzner]

Am 29.05.2016 um 03:31 schrieb Andrew David Wong:
> On 2016-05-28 11:38, Achim Patzner wrote:
> > Hi!
>
> > Is it only me or are there some more people who seriously hate
> > having to add firmware for virtual machines?
>
> I'm not sure I understand.

My mistake. I wanted to write _modules_ and constantly wrote "firmware".
"You should not post at 3 in the morning after 27 hours of work", I guess.

> Is this some kind of special procedure required by your particular needs?

Yes. For some reasons I'm running around with a collection of USB WLAN
devices and I have to install the appropriate drivers (and firmware) for
them whenever I update the kernel. I wouldn't really mind it so much if
they were really exotic hardware but most of them are Ralink and Realtek
based "IT-groceries" found at every corner. This is annoying me quite a bit.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de33ac98-d0ec-bbd3-0f76-7ac1b8a5d7d7%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Remnder: Ubuntu-template anyone?

[Achim Patzner]

Am 10.06.2016 um 23:30 schrieb Unman:

>> Has anybody had success getting a Ubuntu template compiled? Even at 16.04?
> If you mean "at all", then some months back I built a 14.04. Haven't
> tried anything more recent.

Right now I'm not able to even compile it even after getting a fresh
building environment... I guess I'll have to get some more exercise,
then, unless someone is generating a working setup.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25aad691-bde8-35e1-6a18-e875be78041f%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3 MacOSX

[Achim Patzner]

Am 17.06.2016 um 06:11 schrieb Drew White:
Well, in the end, I own a mac, It's not breaking any agreement or 
anything for me wanting to run it.


You didn't read the license very well, then. Depending on the version of 
Mac OS X you bought as part of your machine there are several 
restrictions (including only running server versions and only running it 
on genuine Apple hardware) on the use of the software you licensed.


All that the qubes-os developers are doing is putting the availability 
for those that have a MAC and want to run one piece of hardware 
instead of 4 to do so without an issue.


_could_ be doing.

If people decide to use it for the wrong purposes, then that is not 
the fault of Qubes-OS. Qubes-OS and developers should not be the 
judge, jury, and executioner for this.


The Qubes developers should have the right to decide that for themselves.

The patch for Qubes 3.0 would work fine, jsut have to put it into 3.1 
/ 4.0 and get it working again.


If you belive this is a good idea why don't you spend your time on doing it?

I own a Mac, I want to run MacOSX on Qubes on my PC which is much much 
more powerful than my Mac. And that way I could also have multiples.


You know that you really start sounding like a spoilt child? If this is 
so important to do, implement it, publish it on the repository and 
mantain the code across Qubes versions. Do the work or pay for it.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5763C72C.2050006%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Achim Patzner]

> Am 26.07.2016 um 19:42 schrieb Andrew David Wong :
> 
> The updated requirements for Qubes R4.x-certified hardware are
> explained here:
> 
> https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
> 
> Although the requirements for Qubes-certified hardware are likely to
> be more stringent than that minimum requirements

If

"Another important requirement we’re introducing today is that Qubes-certified 
hardware should run only open-source boot firmware (aka “the BIOS”), such as 
coreboot. The only exception is the use of a (properly authenticated) 
CPU-vendor-provided blobs for silicon and memory initialization (see Intel FSP) 
as well as other internal operations (see Intel ME). However, we specifically 
require all code used for and dealing with the System Management Mode (SMM) to 
be open-source.”

is the minimum requirement, Qubes just put itself out of the game by being able 
to run on prehistoric hardware only (see coreboot’s list of supported systems 
and CPUs) or being at the mercy of someone being able to provide a system with 
appropriate firmware support by twisting some of Intel’s appendages. It’s nice 
to demand free beer for everyone but you’ll have to find someone providing it. 
Especially with Qubes hardware demands to be more than a fancy typewriter 
(unlike others I found 64 GB of memory and a sufficient number of CPU cores not 
to be wasted).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78D98A33-C9C9-4FF6-A9F4-230D5A80FA0B%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to log all the websites accessed by a VM

[Achim Patzner]

> Am 23.07.2016 um 00:41 schrieb Andrew David Wong :
> 
> Your best bet is to whitelist the entire CIDR block of bank's domain (and hope
> the site doesn't rely too much on CDNs). You can typically find the CIDR block
> in the domain's WHOIS information:

… and then you’ll find out that $BANK is using an external service for its 
financial transactions and their website is only providing you with a locally 
running front end to that gateway. Which will probably not use any machine in 
their own registered block. Or the web servers are hosted by a third party who 
is not hosting the transaction gateway.

Sorry, but this answer might cause more problems than it solves.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/B649EA8F-BD3A-4BEA-849C-F5107AB6B97D%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If Ubuntu's license is keeping us from having a ready-made template...

[Achim Patzner]

Am 03.08.2016 um 13:08 schrieb Marek Marczykowski-Górecki:
> On Wed, Aug 03, 2016 at 12:42:25PM +0200, Achim Patzner wrote:
> > ... what about preparing a Mint template that can be distributed?
>
> That's good question. I guess only that no one added support for it in
> builder-debian plugin (or separate one).

Hm. Who is that No One I keep hearing so much about lately and what does
it take to convince him to spend some time on it? 8-)


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/433b8e56-d677-7d46-430b-f110b7925ebd%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Network Setup Service

[Achim Patzner]

Am 16. Juli 2016 6:59:38 vorm. schrieb Drew White :
Congrats Drew, I'm finally taking the time to reroute all incoming messages 
from drew.qu...@gmail.com to /dev/null.


That's okay, you can block that address if you want, I'll just post from a 
different account every day just to annoy you. :} naa, I wouldn't do that, 
I'm not that much of a prick. But to block all my accounts, you would have 
to block some other people that you think are different people, but are 
actually me. lol


In the good old time on Usenet we always thought "if adding that jerk to 
the local kill file didn't suffice we could add him to the kill file at 
kgbvax and specialists were going to take care of the problem in the real 
world". Maybe it's still active.


YOU, Jeremy, are one of the people I dislike more than anyone I have ever 
met or heard from online.


Some rabbi told me once "if you're pointing a finger at a person there will 
be four fingers pointing at yourself".



Achim


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/155f2f01420.281f.2b581044abc684aae9f668a8f7bd46c1%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Is there any debugging in the Qubes 3.2-r1 installer?

[Achim Patzner]

Hi!


As I'm not getting the install image to boot into the installer (it is
dropping me into dracut), is there any debug version that could collect
debug information in a convenient way? Alternatively: Could the
installation process be launched from a running Qubes 3.1 installation
(e. g. as VM, getting access to the destination disk)?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7682df52-3020-7b7e-16a4-f302c615a320%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes top priorities suggestions for me as an user.

[Achim Patzner]

Am 08.07.2016 um 10:56 schrieb juris...@gmail.com:
> HERE!!! This is the perfect qubes solution according to this guy.
Whatever they prescribed you, please take your pills. You really need them.

To the rest: Could everybody please stop feeding the troll; some of us
had quite a busy week and it is bad enough having to catch up with this
list without having to wade through this kind of bullshit.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/011a562e-b234-b264-4fd4-84a0fe531d80%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes-users forum - Please, moderate this guy

[Achim Patzner]

> Am 09.07.2016 um 15:29 schrieb Chris Laprise :
> On 07/09/2016 08:17 AM, Gorka Alonso wrote:
>> Even me, being heterosexual, feel offended with this attitude.
> I agree.

I’m neither really heterosexual nor depressed nor do I really feel offended. 
This more than slightly disoriented individual is appearing around a number of 
mailing lists and forums from time to time (doesn’t anybody remember the last 
similar occurrence here?), annoying the community with complete nonsense until 
he finds something to feel insulted about and tries picking a fight. If you 
don’t feed him after his initial attack he’ll just wither away.

Yes, moderation would help but would you really want someone to read every 
single message before forwarding it to the mailing list? Right now it is easier 
to provoke an attack (as I did) and then ignore him (which after all will annoy 
him more). That’s why I put up the

___
   /|  /|  |  |
   ||__||  |   Please don't   |
  /   O O\__   feed   |
 /  \   the trolls|
/  \ \|
   /   _\ \ -- 
  /|\\ \ ||
 / | | | |\/ ||
/   \|_|_|/   |__||
   /  /  \|| ||
  /   |   | /||  --|   
  |   |   |// |  --|   
   * _|  |_|_|_|  | \-/
*-- _--\ _ \ //   |
  /  _ \\ _ //   |/
*  /   \_ /- | - |   | 
  *  ___ c_c_c_C/ \C_c_c_c

sign.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7D32B49B-A51B-4E7A-A4F0-80CE08162E73%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 and YubiKey acting as keyboard

[Achim Patzner]

Am 08.08.2016 um 10:43 schrieb Marek Marczykowski-Górecki:
> Start with qrexec policy. By default input proxy for keyboards is
> blocked in /etc/qubes-rpc/policy/qubes.InputKeyboard.

My K400 was still working so I didn't think about that.

> or whatever your USB VM name is)

And that was my mistake: I'm patching up the Lenovo P-Series design
fault by dynamically launching additional USB VMs whenever another PCI
bus with USB(s) connected to it is coming up (which is happening when
someone is attaching an USB interface to the USB-C connectors). And the
YubiKey was connected to that bus. Problem solved.

Thank you!


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/623fd398-ab43-e77c-4da7-3ee8c2744318%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] p70 rebrand $2k+ cheeper

[Achim Patzner]

Am 01.07.2016 um 03:19 schrieb bobby.the.jellyfish...@gmail.com:

> for those holding out for a p70 the ws72 is well worth a long look 
>
> https://www.msi.com/Workstation/WS72-6QJ.html
>
> i think its the same laptop ecept max 32gb ram

Not quite and having 64GB of RAM is one of the features that mad us buy
P-series machines.Plus the fact that Lenovo's on-site support is really
great in Germany. We've used up quite a number of main boards until we
found out which EFI settings to leave alone.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84d003be-07e7-f884-c493-a4000376a639%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking problem with Windows 7 HVM (with PVM parts)

[Achim Patzner]

Hi!


In order to get things a bit less messy I asked the IT department of a
customer who handed me a VM for personal use to add XEN PV network
drivers to the VM. Since adding the driver I've got network problems on
every second boot as the network interface could not be started. Going
to the device manager I can deactivate and reactivate it which cuases it
to apear as a new LAN connection (... #) or just resign and reboot
after which it will be working until the next reboot. The device this
network connection is attached to is always "XEN PV Network Device #0".


Obviously the idea of cluttering up the registry with more and more LAN
connections doesn't seem too appealing. The LAN adapter doesn't seem to
be changing in any obvious way every time I boot. What could be
different each time the VM is started?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d128b41b-01c6-623c-ad7f-e2f93952d68e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Will KDE be deprecated? Migration for in-place upgrades?

[Achim Patzner]

Am 01.07.2016 um 19:53 schrieb Marek Marczykowski-Górecki:
> On Fri, Jul 01, 2016 at 03:43:00PM +, Patrick Schleizer wrote:
> > Therefore my question, will KDE be deprecated? Or will it still be
> > somewhat supported?
>
> It will still be available in repositories, but but will not be included
> in installation image and Xfce will be the default environment for new
> installations.

And you have tested it on a HiDPI display, I suppose?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da9ea919-aef5-8d9d-f130-4528fe18c64a%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] If Ubuntu's license is keeping us from having a ready-made template...

[Achim Patzner]

... what about preparing a Mint template that can be distributed?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ac396bf-19ea-fb7a-8ce8-8f2f803ecd6d%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request for test: Re: [qubes-users] Fedora 24?

[Achim Patzner]

Am 06.09.2016 um 11:17 schrieb Marek Marczykowski-Górecki:
> Just some standard usage things, like:
>  - networking (like standard web browsing)

Working.

>  - updates / package installation (is it working at all? does new apps
>show up in the menu?)

Working.

>  - emails (for example if Qubes addon for Thunderbird still works)

Working.

>  - update process itself (some broken dependencies?)

Working.

>  - memory usage, performance - compared to Fedore 23

No realy noticeable difference.

Some key bindings might have changed; ctrl-"+" in a terminal window
increases the font size but the terminal window does not grow with it
anymore.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cebd70c1-4a71-6292-7843-3cbd2f579803%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request for test: Re: [qubes-users] Fedora 24?

[Achim Patzner]

Am 06.09.2016 um 11:30 schrieb Marek Marczykowski-Górecki:
> > Does anyone have a simple tool to diff the rpm inventory of two machines
> > and apply everything that is not installed in the target machine? 8-)
>
> rpm -qa |sort > pkg_list
> Then diff those files...

I hoped there was an easier way 8-). I did that (actually not using a
diff; adding a package that is already there doesn't matter). But that
didn't solve what wou were mentioning next:

> But apparently you can
> easily get this from its database:
>
> grep -l user /var/lib/dnf/yumdb/*/*/reason

That did a bit more for me and reduced overhead quite a bit.

> There are no fc24 packages for R3.1. So if you're starting with R3.1
> template, first you need to upgrade it to R3.2.

What I wanted to way was "using an old template I brought forward from
3.1 to 3.2 got me into a dead end so I started over with the fedora-23
from 3.2". Don't ask me, I'm only the end user and don't know much about
growing penguins.

Which reminds me: Is there a serious difference betwenn sys-* in 3.1 and
3.2 or is it a bad idea to backup and restore the old VMs?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0efd159-3d40-1b83-ca67-bc3103abc1a5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: Negative test result for fedora 24... Was: Re: Request for test: Re: [qubes-users] Fedora 24?

[Achim Patzner]

Am 14.09.2016 um 23:16 schrieb Marek Marczykowski-Górecki:
> > Ok, as everybody was looking for a problem, I finally found one.
> I've been
> > bitten by this
> > http://forums.fedoraforum.org/showthread.php?p=1770311
> ("/etc/resolv.conf
> > missing once NetworkManager is stopped") and don't really know how
> to deal
> > with it right now in a way that does not require quite a bit of work.
>
> > Marek? Is NetworkManager necessary for a happy AppVM? Does anybody
> know what
> > this is good for and how to counter it?
>
> No, it shouldn't be needed in AppVM, only in NetVM.

Nevertheless I've been bitten by this nonsense for some unknown reason;
maybe I've awoken some mummy in its grave when I added NM-based things
to the template in order to create a vpn proxy VM. No matter why, it
might be a good idea to add

rc-manager=file

to the [main] section of NetworkManager.conf to avoid running into it
suddenly. For something as unclean as a standard Linux system it is
ridiculous to suddenly start symlinking files around (and the generating
conflcts between systemd and NetworkManager – didn't anyone learn
anything from Apple's early problems with launchd?).


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20e3133d-c27e-7a56-64e8-86f96faf7986%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] cloning sys-net

[Achim Patzner]

Am 12.09.2016 um 15:38 schrieb Marek Marczykowski-Górecki:
> On Mon, Sep 12, 2016 at 02:06:24PM +0200, Achim Patzner wrote:
> > /var/lib/qubes/servicevms/sys-whatever/icon.png
> > ERROR: [Errno 2] No such file or directory:
> > '/var/lib/qubes/servicevms/sys-net/icon.png'
> > [ap@dom0 ~]$
>
> > Ahem... "Never check for an error you can't handle..."? Could someone
> > grace that copy command with an "if [-f"
>
> Can you check if that icon is really missing, or rather it is there, but
> as a broken symlink?

It's not there – in none of the network or proxy VMs. At least not in
mine (which I brought forward from 3.1). And the semantics of copying
symlinks is copying the link itself, not the data they are pointing to
in most utilities (unless you specify something els, see cp) so I would
expect a broken symlink just to be copied over... Tested, confirmed.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0534735-19f1-717d-04f5-4d1ae9b35f7d%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Minor annoyancies in X since I've started using xfce

[Achim Patzner]

Hi!


1) I never noticed this but I have been typing in dark rooms lately: The
screen saver does not dim the keyboard when it is turning off the
backlight on my P-series machines; I'm fairly sure it was working on R
3.1 (but I was not using xfce there, I only noticed its presence after
someone decided to make it the only supported dm). Marek, could you try
that on a W-series, too (alt- and wait)?


2) If I mute the sound completely by pressing the respectice key (or
sending the X11 event) I cannot un-mute it any other way than using the
sound settings; none of the keys does the job.


Am I the only one who would like getting the good old times back?



Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/233e2212-1b85-e0da-ecb2-009e2e4a0af3%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] multiple display support

[Achim Patzner]

Am 13.09.2016 um 08:44 schrieb Zrubi:

> It is only me or a general problem?
> is there ANY workaround for those problems?

This seems to be a general problem coming from the maximally stupid idea
of having multiple "crt"s making up one display (so a projector could
overlap a part of a screen" instead of doing it as X11 originally
intended and map one output device/connector to one display. My
workaround on other systems was assigning each of my output devices to
separate displays (after all that's what the y in host:x.y was invented
for) but I didn't spend the time on that for Qubes on my current machine
yet.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5482002-863f-c596-e403-e6115bbb313d%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] no keyboard after installing Qubes Windows tools

[Achim Patzner]

Hi!


With installation of all of the Qubes Windows 3.2.1.3 tools in my
Windows HVMs the display driver is working now but I've got the strange
effect that I cannot log in anymore as there is apparently (is there any
way to check it without logging i?) no keyboard input coming in (even
starting the on-screen keyboard using the mouse will help); at least I'm
unable to send alt-ctrl-delete. Running the VM in safe mode is
permitting me to log in, though. Did I miss something?



Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f4dfec3-7e7e-790c-cfb1-3aa54bc8ce46%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qvm-usb UI

[Achim Patzner]

Hi!


Maybe it's just me but I would expect the qvm-usb command to list the
USB devices of this command... sub-optimal (see
https://www.qubes-os.org/doc/usb/ or try it yourself). Is there a good
reason why dom0 isn't getting (and showing) the full output of lsusb (of
the USB qube) but to display lines like

|sys-usb:2-4 04ca:300d 04ca_300d instead? As I've got a number of very
exotic things on my hubs I'd rather like to see something that tells me
what it is instead of providing vendor and product IDs. And as I'm sure
I didn't invent the wheel myself I'm feeling confident that Marek had a
good reason not to add that little bit of usability to the tool so what
is the hidden cost of asking the sources of the USB devices for the
output of lsusb and displaying it in dom0 (which is what I'm really
curious about)? Achim |

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/485166df-7401-0c87-f9b6-a58456bd7764%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Windows Tools

[Achim Patzner]

Am 28.09.2016 um 10:06 schrieb Drew White:
> On Wednesday, 28 September 2016 17:47:01 UTC+10, Foppe de Haan  wrote:
>> On Wednesday, September 28, 2016 at 8:20:29 AM UTC+2, Drew White wrote:
>>> Why does QWT require TESTSIGNING to be turned on?
>>> Is that because Win7 requires things to be signed?
>> https://www.qubes-os.org/doc/windows-appvms/
>> "Before proceeding with the installation we need to disable Windows 
>> mechanism that allows only signed drivers to be installed, because currently 
>> (beta releases) the drivers we provide as part of the Windows Tools are not 
>> digitally signed with a publicly recognizable certificate."
> Still doesn't answer that question either.
>
> I said "hi devs" because I needed someone with the knowledge of WHY, not just 
> an end user reason, but a dev description that is technical.

Which part of "we don't provide signed drivers so if you want to run
them you have to turn that requirement off" needs a developer to make
you understand it and what kind of LART do you expect said developer to
use for beating some sense into you? It's clear, it's precise and unless
you need a translation into another language there is not much anyone
could do for you. Please keep the developers doing something more
important than correcting your refusal to accept facts.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1102da2-761d-d890-515f-c9060fe1f9c6%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Windows Tools

[Achim Patzner]

Am 30.09.2016 um 03:20 schrieb Drew White:

> On Thursday, 29 September 2016 19:40:12 UTC+10, Achim Patzner  wrote:
>> No, you -- being a non-paying end-user; I've yet to see any worthwhile
>> contribution from you -- _demanded_ (in a quite untoward manner an
>> explanation from a "developer". Sorry. I guess even if said developer
>> tried explaininig to you why he does not apply for a valid code
>> signature certificate you would continue ranting.
>>
> Well, how am I to make a worthwhile contribution when there are so many bugs

By fixing them if you can or paying someone for fixing them if you
can't. Or politely asking if someone can provide a fix because he deems
the problem important enough or at least well described.

> and I provide details to get them fixed but they are ignored because

Yes. Just as my mother calling me to tell me "I erased the Internet!".
You didn't provide details of a (known) non-problem; you ranted and
demanded.

> everyone causes them to get lost in an array of insults towards me and bad 
> information thrown around confusing my good data in the mix?

Poor you; the whole world is against you and you cannot figure out why
even if the bad world is continuously telling you why and everybody is
ignoring your issues completely. Hint: People get tired of you if you
constantly annoy them.

>> What about remoiving Qubes and install a nice Ubuntu or Mint on your
>> machine and be happy about your life?
>>
> No thanks, I don't use end-user only operating systems.

But that might be much more fitting to your lifestyle, your experience,
your demands and your behavior. And if you want paid support, why not
install Windows 10 and rant at Cortana; she seems getting used to
disgruntled five-year-olds complaining about their parents so I'm sure
she will put up with your demands.

>> None of your posts have ever been worth reading so please forgive the
>> rest of the world not having read most of them.
> Maybe they weren't worth reading because your IQ is too low to understand 
> them?

I guess so. I hope so or I would probably end like Marvin, the depressed
robot having to understand them.

> Or maybe the fact is that you read people attacking me for no reason

*rofl*

Actually I didn't see anyone attacking you up to now. They're just
venting a bit of their frustration about your major contributions to
this list.

> and you take heir side because you don't want to be the odd one out

Even more *rofl* on this. What's next? Calling me gay like the last
secret agent of Moronia that was posting to these lists?

I should really (and will now) follow my own advice.

__
   /|  /|  |  |
   ||__||  |   Please don't   |
  /   O O\__   feed   |
 /  \   the trolls|
/  \ \|
   /   _\ \ -- 
  /|\\ \ ||
 / | | | |\/ ||
/   \|_|_|/   |__||
   /  /  \|| ||
  /   |   | /||  --|   
  |   |   |// |  --|   
   * _|  |_|_|_|  | \-/
*-- _--\ _ \ //   |
  /  _ \\ _ //   |/
*  /   \_ /- | - |   | 
  *  ___ c_c_c_C/ \C_c_c_c 



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/773e15fc-dba4-2a19-9b9e-c272d9aa38e2%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Screen geometry for VMs

[Achim Patzner]

Am 05.10.2016 um 08:20 schrieb Alex:

> The problem solved itself after forcing an update of qubes-gui-vm (and
> only this package) from the stable repo to the version in
> current-testing, which solved the multi-monitor problem (I have 6
> monitors, and qubes-gui-vm only managed up to 4). I guess it may have
> something to do with screen geometry.

Actually for the first time in ages the screen dimension is not 0 x 0 mm
in xrandr so the dimensions are coming through. There always was a
metric shitton of utilities and libraries dividing by these values
without testing them first and I guess somewhere along the way nearly
every program picked up something that would do it. Sometimes
repeatedly. Divisions by zero are expensive.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d1c8d4c-a500-1734-6eb1-cbe7d5d822f6%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Switch of DMA altogether..?

[Achim Patzner]

Am 07.10.2016 um 20:40 schrieb neilhard...@gmail.com:

> On Friday, 7 October 2016 19:37:50 UTC+1, Achim Patzner  wrote:
>> I think I’ve still got a bunch of NE2000 and early RealTekNICs somewhere in 
>> the cellar – how much do you want to offer?
> 
> Are you saying that these devices are non-DMA…?

Let me wiki that for you. There you go: https://en.wikipedia.org/wiki/NE2000

By the way, your “.” key seems to be broken.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/DADFC01C-FDE8-4A05-9FBE-210AEC121A6F%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Switch of DMA altogether..?

[Achim Patzner]

Am 07.10.2016 um 16:57 schrieb neilhard...@gmail.com:
> 
> Presumably through the CPU.

I think I’ve still got a bunch of NE2000 and early RealTekNICs somewhere in the 
cellar – how much do you want to offer?

> So I see no reason you couldn’t get Ethernet + WiFi chips without DMA.

I do; those doing IO with CPU IO transfers have died out in the beginning of 
the 100 MBit age.

> But certainly, I think there are devices out there without DMA. I think you 
> just need to search the market for a Ethernet/WiFi that supports non-DMA.

Please post the result of your research – if possible including the sustainable 
bandwidth with these devices.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ACA86453-9322-4C46-AABE-64AA72421A89%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Major problems with 3.2, devs must address

[Achim Patzner]

Am 07.10.2016 um 06:44 schrieb boromirsbe...@sigaint.org:
> Ok my concern mostly is because its my windows disk and i dont trust it,

If you're not using a dedicated machine for Qubes instead of booting
multiple operating systems with definitely lower security standards 
anyway I don't see your problems at all as this is only a minor problem
in that kind of environment. The same applies to Tails – it's generally
a good idea to stop trusting a machine that has been running something
like Windows if your security requirements prompt you to consider
attacks coming from the firmware of a possibly compromised SATA device.


> > This is not specific to my printer, i used it fine in Tails, the OS
> asked
> > me in tails for a login/pass to install a printer, this is not printer
> > specific, i dont even have to have a printer connected in qubes for this
> > to happen.

Part two of the answer before: This is probably a CUPS-related problem;
as soon as you're dealing with the CUPS server itself (instead of the
tools that modify the CUPS configuration files) you'll be running into
this. Either keep your fingers off the web interface, editing the
configuration files with an editor or (ironically using the same editor)
modify the authentication requirements of the configuration files
appropriately for the web interface to permit you to use it (keep in
mind that "user" does not have a password so you'll have to do quite
some cleaning).

> In tails i would set an admin password prior to logging in and then
> use that to add printers, in qubes it asks for this but does not
> accept my user account login info.

because the account on the virtual machine is not the login account of dom0

Always keep in: Qubes is not Tails. Not by far.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a13d5f0-bbf0-a96b-b757-16841376c5ef%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why is there no built-in nvidia driver support? aka GTX 980 issues

[Achim Patzner]

> Am 16.09.2016 um 09:09 schrieb almightyl...@gmail.com:
> 
> Qubes was working flawlessly on my GTX 670,

So why did you change anything if things were working?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5A1D98D1-7318-42F5-933E-31BFE3A2E6B5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes VM compromised? - Follow up

[Achim Patzner]

Am 25.08.2016 um 21:33 schrieb johnyju...@sigaint.org:

> While it's a bit slower, I prefer booting from DVD, a read-only medium.

There are verifyably hardware-controlled (physical switch) unwritable
USB storage devices. A bit expensive but you can get one.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c7362495-014d-3b77-b62d-17a06366ac49%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Windows Tools

[Achim Patzner]

Am 29.09.2016 um 09:41 schrieb Dave Ewart:
> If you have some unusual definition of 'version' then you should explain
> what that definition is.  Shouting at people - expecting them to
> understand you - won't help.

Didn't someone read you some classics when you were a child?

Carrol, Lewis, "Through The Looking-Glass":

'Some people,' said Humpty Dumpty, looking away from her as usual, 'have
no more sense than a baby!'
[...]
'I don't know what you mean by "glory",' Alice said.
Humpty Dumpty smiled contemptuously. 'Of course you don't  till I tell
you. I meant "there's a nice knock-down argument for you!"'
'But "glory" doesn't mean "a nice knock-down argument",' Alice objected.
'When I use a word,' Humpty Dumpty said, in rather a scornful tone, 'it
means just what I choose it to mean  neither more nor less.'
'The question is,' said Alice, 'whether you can make words mean so many
different things.'
'The question is,' said Humpty Dumpty, 'which is to be master, that's all.'

> You need to *ask a better question* rather than insulting the person
> answering.

"All the King's horses and all the King's men..."

Could we agree on not feeding the troll (excuse me, egg) any more? It's
like mud wrestling with a pig; the animal will like it and all you will
ever get is dirty. Treat it like the tree having a dog urinating on its
roots: Grow from it and just wait; the dog will die a lot earlier than
you so the problem will solve itself sooner or later.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/737b13b3-b71e-d0ee-3fb2-8076d8d38cbb%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Remnder: Ubuntu-template anyone?

[Achim Patzner]

Am 26.10.2016 um 00:17 schrieb Unman:

> On Tue, Oct 25, 2016 at 11:17:44AM +0200, Robert Mittendorf wrote:
>> What would be the advantage of a Ubuntu-template compared to the Debian
>> template?
>> (No offense, I'm just curious)
>>
> No offense taken.
>
> Comparing Stable with LTS, probably not that great a difference. Perhaps
> Ubuntu is slightly easier out of the box and the core software is well
> integrated.
> Comparing stable with Ubuntu releases, Ubuntu will generally have newer
> versions and better driver support.

Even Arch was already a major improvement for me... I've baesd most of
my machines on a (rather easy to produce) arch template...


Achim


>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53fea010-1d22-2210-c9dc-deb1817bcd79%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Introducing the qubes-announce read-only mailing list

[Achim Patzner]

Am 28.10.2016 um 12:32 schrieb Manuel Amador (Rudd-O):

> Forgive me for asking this: 

Forgiveness granted.

> Anyone else beginning to get annoyed

No. I'm so far beyond the beginning that I'll probably start being
unfriendly to him soon.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00509084-0c7e-2822-5b1b-f8f270f1f1d5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

Am 08.11.2016 um 12:31 schrieb Andrew David Wong:
> >>> After template updated ask user at the console to shutdown current
> template.
> >>
> >>> "Shutdown current template [Y/n]"
> >>
> >> Currently tracking a very similar suggestion here:
> >>
> >> https://github.com/QubesOS/qubes-issues/issues/832
>
> > Wouldn't a command-line tool qvm-update-template [--all]
> > [--shutdown-after-upgrade] [, ]* be much more
> flexible?
>
> Yes, but I don't think the primarily goal of that ticket is flexibility.
> Rather, I think it's to implement a quality-of-life feature that will
> benefit users generally, including novice users who never touch the
> command-line.

Maybe I should have added the (obviously in my eyes obvious) argument:
The current update-procedures are launched by a GUI-application and then
open a window that is asking questions which need keyboard interaction.
And in some cases the default answer (at least in Fedora) (which is
making things worse – at least the default Xterm is looking different
for Fedora and Debian) is not what you want. Or at least not what I want
(aborting the update). Now someone wants to add another bloody
interactive option that will require at least me to select the
non-default option.

No. Thank you very much, but no. If someone is making things even more
like a text adventure they could just as well do it right, make the
update process command line based and give up interactive decisions in
favor of command line parameters to finally deliver a launch-and-forget
solution. That could be easily scripted without opening that barrel of salt.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24af09d7-f174-a1b7-e0d9-ac7e659f93a4%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3 MacOSX

[Achim Patzner]

Am 06.11.2016 um 10:42 schrieb Alex:

> On 11/06/2016 10:31 AM, Jeremy Rand wrote:
> Actually reading the license of OSX available at
> https://store.apple.com/Catalog/US/Images/MacOSX.htm is very easy
> because they are awfully short and simple, compared to a lot of other
> software.
>
> And in 2.A. there is the actual permitted use:
>> This License allows you to install and use one copy of the Apple 
>> Software on a single Apple-labeled computer at a time.
> which means that you can own an Apple Mac computer, install
> Qubes/Linux/what you want on it, install VirtualBox/VMWare/Xen on it,
> and have an OSX virtual machine while still behaving according to the
> license.

There were other people who thought it would be that simple (mind you,
I'm not talking about Mac OS X Server, a product that became a 30$
add-on later); does anyone remember a product called VMware Fusion
version 4.10 which suddenly removed the artificial barrier against
running non-Server Mac OS X on VMware and which had ot be replaced by
version 4.11 only two weeks later with the only bug fixed being able to
run Mac OS X on a VM? That must have ben one hell f a letter Apple sent,
I guess I would pay for reading it.

> The third point, "ensure your physical system is an Apple-labeled
> computer", explicits the then-actual license conditions to run a
> virtualized OSX within the license terms.

And if you do, you can run VMware ESXi on a Mac Pro cluster and use it
to virtualize multiple Mac OS-based machines, as long as they are
installing Server.app on them. One of our customers is doing it to get
the applications from his old Mac Servers running in a world where the
most important customer is obviously the iPad Pro user...

> AFAIK, by the link from the apple store reported above, these terms are
> still valid - you can run a virtualized OSX and be within the license
> terms if it is the only instance you run, and it runs on an
> Apple-labeled computer.

Point is: You can't buy a valid license without buying a machine with
it. I guess you could buy *heaps* of Mac mini just to obtain licenses...
Just like having to buy defective power supplies to get MagSafe
connectors. And Apple does not attack the people breaking the licenses;
they are usually aiming at those who enable others to break them (which
I regard as a good thing).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b63a0115-312d-a809-8cad-62154112c7b0%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

m 08.11.2016 um 10:07 schrieb Andrew David Wong:
> On 2016-11-07 10:05, Eva Star wrote:
> > After template updated ask user at the console to shutdown current
> template.
>
> > "Shutdown current template [Y/n]"
>
>
> Currently tracking a very similar suggestion here:
>
> https://github.com/QubesOS/qubes-issues/issues/832

Wouldn't a command-line tool qvm-update-template [--all]
[--shutdown-after-upgrade] [, ]* be much more flexible?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04a97647-4ff9-0636-239d-55ce636e3f46%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: super-bag

[Achim Patzner]

Am 22.10.2016 um 11:29 schrieb volodatrahore...@gmail.com:

>> Добавь меня в вк /m3forfree
> нет вк у меня

Und mich würde der Scheiß nicht einmal interessieren, wenn ich bei VC wäre.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d65a862a-862b-bc64-ab2f-a1fe1a63a46d%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Future plans for KDE on Qubes?

[Achim Patzner]

Hi!


After a few months of severe suffering from xfce on a HiDPI display I
gave in and installed @kde-desktop-qubes on my system – and I'm pretty
sure I don't want to see xfce for the next few years. Title bars have a
usable size (something that cannot be configured in xfce without
building your own themes), icon aren't scaled randomly and fonts are
finally looking as they should. And third-party software like Softmaker
Office is finally working as expected. So: Will there be support for KDE
beyond Qubes 3.2 or will I have to plan for carrying a third machine for
my office work space?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/776d86b7-4e65-cfa8-e624-5e1e50c6f983%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Future plans for KDE on Qubes?

[Achim Patzner]

Am 23.10.2016 um 21:28 schrieb Grzesiek Chodzicki:

> W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim 
> Patzner napisał:
>> Hi!
>>
>>
>> After a few months of severe suffering from xfce on a HiDPI display I
>> gave in and installed @kde-desktop-qubes on my system – and I'm pretty
>> sure I don't want to see xfce for the next few years.
> On my previous machine Qubes with KDE was unusable. Damn thing kept 
> crashing/hanging. It was totally unusable. I switched over to XFCE and the 
> entire system became 3x faster.

I've been using KDE as long as it was around, starting with FreeBSD and
I never had it crashing on me unless I was using broken hardware. I
can't say much about Qubes yet; I have it on a number of machines for 9
months now but KDE never crashed. And I don't care for the speed – I
need a certain result (i. e. a working environment suited to my needs);
geting nothing done three times as fast doesn't sole my problems (and I
don't believe these numbers anyway as I'm having both on the same machine).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9154ca-344d-dda6-25ec-1164757ba64e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Import a .img file (Windows7) into Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:10 schrieb Marek Marczykowski-Górecki:
> On Sun, Oct 23, 2016 at 12:29:32PM -0700, Dima Puntus wrote:
> > Is it possible at all? I'm trying to virtualize my windows machine
> and move
> > entirely to Qubes. Some of the applications can't be reinstalled so
> fresh
> > install isn't an option.
>
> Should be possible, but probably you'll need to install some drivers (as
> the emulated hardware is most likely different than your real one).

And it depends on the installed software; some "enterprise-typical
software" for remote administration will make things hard to impossible
(I have  a few machines) that really work hard on not being compatible
with Qubes, even as pure HVM without any XEN drivers).

> You'll need a lot of disk space for this... You can make it smaller by
> first filling all free space of the (windows) disk with zeros (create
> big file with zeros, then remove it). And then add "conv=sparse" to dd
> command. It will not copy unused space.

If wasting money is not a problem you can use a physical-to-virtual tool
to convert it to a VMware image which will do all those things on the
way and convert the VMware disk to a Xen image; the better ones will
also disable drivers that won't work in virtual environments.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa1af92a-9c39-e44c-af94-5727153d6636%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Attaching USB 3g modem to sys-net.

[Achim Patzner]

Am 21.10.2016 um 02:36 schrieb Manuel Amador (Rudd-O):

> USBIP / Xen USB passthrough.
> It ought to be possible, at a cost of reduced security, to pass through
> individual devices from the dom0 to the NetVM, where they should appear
> as regular USB devices that you can just use.

You're talking about a "modem" here. Depending on the access port on the
other side, the PPP implementation specifics and some more parameters
this will stop working if there is more than a little bit of variance in
packet delays. This probably won't matter if the IP connection is fast
enough (e. g. VMs in Qubes) but I've seen this not working with PCMCIA
modems in PCMCIA-to-USB already (because they were not stable enough to
stay isosynchronous "enough") so don't expect it always to work. This
will get worse if there is some real USB involved.

Considering the "reduced security": We're already afraid that the
controller of a wireless NIC could be subverted at the network control
plane and used against bugs in the USB hardware driver in our USB
controllers. Yet there seem to be people willing to risk connecting
known-to-be remotely controllable wireless hardware (and we're not
talking of OTA updates we're used to get pushed into our "baseband
hardware" if we want it or not) to the system buses of their computers.
It's a bit mind boggling for me. You don't have to be rich to get one of
the gl-inet routers and move your long-range wireless stuff away from
your computer. Or run Windows instead and have all the comforts of a
modern (but a bit snoopy) OS.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8f2b58b-cdfd-2da2-3217-691876f294e9%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Future plans for KDE on Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:14 schrieb Marek Marczykowski-Górecki:
> I think we can keep its current state. Shouldn't be a problem for Qubes
> 4.0 and later. At least until next major incompatible changes in KDE...

I'm wondering whether I should try to get one of the discontinued Lenovo
P50 with 3840x2160 dots at 15" just to make someone's eyes bleed
enough... Believe me, even with all available settings it is not usable
with xfce; not everything in a window will be text and not every
application is taking care of adapting to Xft.dpi.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ff2a1f6-3bbf-ba59-5e78-4973de4d1221%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Import a .img file (Windows7) into Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:30 schrieb jidar :
> 
> qemu-img has worked for an "enterprise" VM I use without any issue (going 
> from VMDK to raw/qcow2). If the disk is encrypted you might be SOL though.

It was the LanDesk Manager that killed me last time…


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/F1EDB378-64C4-46D4-8CE8-F1E0A06D9E0C%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Improvement: check disk space before copy to VM

[Achim Patzner]

Am 14.11.2016 um 14:46 schrieb Robert Mittendorf:

> One basic principle of usability is to make it hard to make mistakes
> (including destroying work/files). 

Imagine a guy dressed in an elaborate tin can standing behind you,
kicking you down some cliff shouting "THIS... IS... UINX...". Really, it
is. Failing to copy a file is nothing dramatic. Nothing is destroyed,
nothing erased. Let some air out of the elephant until you can recognize
the shape of the original mosquito, would you?

> As I stated before I think the protocol would not have to become "more
> non-unidirectional" to improve on this.

Why don't you just write a proof -of-concept and put it on github? If it
is working well and showin an improvement I'm sure someone will add it
to the Qubes repositories. They are not that dogmatic.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75b2f969-3036-89ef-6e52-83e99dee5579%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

[Achim Patzner]

Am 15.11.2016 um 14:46 schrieb Andrew David Wong:
If you plan to be using the same machines for Qubes 4.x, you should 
also take into consideration the updated requirements for 
Qubes-certified hardware, which will go into effect for 4.x:

https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/


These requirements are probably the worst you can do for corporate 
users; they prefer "standard hardware"; even I would rather stop using 
Qubes than not being able to take any off-the-shelf Lenovo systems but 
having to use underperforming boxes from unknown sources. Keep in mind 
that the average company doesn't like hardware with broad maintenance 
contracts and won't buy outdated designs (and that's about every system 
supported by coreboot) either.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db901ce2-ac2b-69e7-5204-52b978500373%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

[Achim Patzner]

Am 16.11.2016 um 11:53 schrieb taii...@gmx.com:
The "certified" program is stupid in its current form I agree but what 
is stopping you from buying a dell business or hpe machine with 
iommu/TPM and using that?


The uncertainty whether it will work with Qubes 4.0 at all as it is very 
improbable that it will support coreboot. And many companies require 
hardware fulfilling all requirements of the software they are planning 
to use so this will kill Qubes for them.


If you want a new open source firmware machine that supports adv. 
virtualization go hit up IBM, they'll happily sell you a high 
performance OpenPOWER8 system with just that, complete with a nice fat 
enterprise grade extended support maintenance contract.


Can I carry it around with me? I once had a SparcBook... Nice thing, that.


Coreboot is hobbyist/embedded pretty much,


That's the problem. Requiring it will exclude many from using Qubes. And 
a disclaimer "Qubes 4.0 might also work on EFI or even legacy firmware" 
isn nor enough reassurance.


the reason that only "outdated" designs are supported is because intel 
(and now AMD) actively tries to stop free firmware and people are 
mostly doing this on their spare time - it boils down to an issue of 
funding.


I don't care for the reason. There is no applicable "serious" hardware 
fulfilling the requirement so I cannot seriously try to move Qubes into 
corporate environments. Which will in the end severely restrictspreading 
of Qubes.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f84a708-565a-bbd3-516f-988560059d5e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cryptsetup Vulnerability affects QubesOS?

[Achim Patzner]

Am 19.11.2016 um 12:54 schrieb Andrew David Wong:
> By default, Qubes does not encrypt /boot. Traditionally, that's
> because doing so would render the
> system unbootable. However, that's no longer true with newer versions
> of GRUB, which are now capable
> of booting from encrypted block devices.

There is still the option of grub-less EFI booting. With exotic setups
like mine which is getting its boot loader from an external USB device
that unlocks boot and compares checksums of relevant files to a table
stored on that external device.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc1a208a-b061-c626-4d6e-22b9d59d4948%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

Am 10.11.2016 um 00:24 schrieb Marek Marczykowski-Górecki:
> On Tue, Nov 08, 2016 at 10:37:02PM +0100, Achim Patzner wrote:
> > Maybe I should have added the (obviously in my eyes obvious) argument:
> > The current update-procedures are launched by a GUI-application and then
> > open a window that is asking questions which need keyboard interaction.
> > And in some cases the default answer (at least in Fedora) (which is
> > making things worse – at least the default Xterm is looking different
> > for Fedora and Debian) is not what you want. Or at least not what I want
> > (aborting the update). Now someone wants to add another bloody
> > interactive option that will require at least me to select the
> > non-default option.
>
> I'd like to change this default - indeed it is very confusing, but I
> don't know how.

Only be recompiling it. This is hardcoded. I remember a
"Linux-Stammtisch" in the area where the discussion over this topic
nearly led to bloodshed so please avoid supplying patches unless you've
got a black belt in something.

> The only related option is to accept automatically.
> Maybe this is the way to go?

I'm currently living with about 10 Fedora-based templates. I'm usually
updating the fattest, reviewing the list carefully and then go on with
the update. The others are just getting a treatment using qvm-run
(because I am annoyed by all those questions using the Manager). So
using "-y" on the command line would not be exactly what I consider safe
nor secure.

> Personally I like to review list of packages to be updated, but I guess
> most users don't do that.

… until they have been burnt. I just spent hours finding out how I
destroyed my native Arch system until I remembered that I'm EFI booting
without grub and forgot copying the new kernel (which I didn't notice
being installed because I didn't check the f* list) to /boot/efi/EFI/arch.

> I think it's important to give the user some feedback. Fully automated
> updates are somehow broken in most tools[1] - this is why we have this
> terminal window,

I guess I mentioned already that I'm mildly hating someone for using an
xterm in default settings 8-). Although it is looking coool when you're
updating 20 machines at the same time and showing your stamp collection
to someone I've yet to figure out how to use a different font size for it.

> instead of just some progress bar or something even less intrusive.

Sometimes I like the way Ubuntu and the likes are handling things –
until they break something. 8-)

> But automatically shutting down the template (after user have a chance
> to see update feedback) is a good idea. Something like "Press enter to
> shutdown template, or Ctrl-C to just close this window".

I once got into a serious discussion with Jordan Hubbard about the fact
that I really disliked the sudden pop-ups asking for something innocent
like "do you really want to shut down/have your cat slaughtered by
satanists/vote for Trump?" with the least convenient option being the
default while I was busily typing at something (you know that Macs are
used by pushing mice and touching pads; that's why you can remove keys,
one after the other, without any user noticing it).

It's the same with the update process; the keyboard is not flushed
before the "shutdown or not" question so any extraneous return key will
still be in the buffer. Shutting a machine down isn't as bad as messing
up your boot disk (which I did on the Mac by accepting a system update I
would not have accepted if I had time to read the pop-up) but you should
always be careful with users… Their attitude might type first, think later.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee71786a-1bf7-475b-3637-fee3a1e6bc38%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

Am 10.11.2016 um 12:43 schrieb Eva Star:

>> I hope I'm not too offtopic but a gui option to shut down multiple vms at 
>> once would be cool.
> `qvm-shutdown --all --wait` -- will shutdown all VMs (if it helps)

Multiple, not all. Select multipel lines and then get a pop-up option
"shut these down". Or "qvm-shutdown --class=Template --all".


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/524504aa-61af-72ca-8db6-842c6aba33b2%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing VPN in Qubes Versus VPN on a Router

[Achim Patzner]

Am 13.11.2016 um 14:22 schrieb hed...@tutanota.com:

> 13. Nov 2016 08:48 by amad...@riseup.net :
>
> We see much correspondence in these forums about installing a VPN
> within Qubes. Surely, the most secure place for VPN is to install
> on a Router?
>

You might continue proving that this is the case for a router running on
its own VM compared to a router running on separate hardware but keep in
mind counting the problem of keeping the router's os current and free of
security-relevant problems.

> The solution they say is to isolate these rogue routers in the
> Militarized Zone by creating a DMZ [demilitarized zone]. Achieved
> by installing a 2nd router [flashed with open source firmware such
> as OPenWRT]. It is here, on the router, that we should enable and
> run OpenVPN.
>

And of course another router/packet filter/firewall/whatever behind it
as there could be something _inside_ the VPN that would not be agreaable
to you.

> Thoughts on this paper and it's conclusions are welcomed
>

There is a point where additional components won't give you
defense-in-depth but only additional complexity that will in the end
make you less secure.

> An always-on VPN connection on the router works well but can be a bit
> slow since the processing power of router CPUs is generally quite
> limited. If choosing a router, I'd suggest a dual-core ARM-based
> device. Although openvpn is only single-threaded you can usually
> configure cpu-affinity to place it on one core and the other routing
> tasks on the other core.
>

One of the GL-Inet small arm(s 8-) ) routers is sufficient for 80 MBit/s
(see https://www.gl-inet.com/). I'm using one of their "Mifi" devices
(https://www.gl-inet.com/mifi/) to write this and right now it is
holding up quite well with 150 MBit/s LTE plus an OpenVPN on top of it.
The only problem is the about 1MBit/s I'm getting from their uplink.

> For those who want to go beyond around 20-25 Mb/s, which is where an
> ARM router will start to reach its limits
>

Seriously? I doubt that. Right now I'm using an ASUS RT-AC5300 (ARM,
dual core) router on a 400/20 MBit link (residential cable) and even if
I'm sturating it using an OpenVPN process running on the router its
cores seem quite unimpressed. But maybe DD-WRT is magical.

> , a fine alternative is a small fanless PC, such as the Intel NUC or
> Gigabyte Brix, and run an open source firewall on it, instead of a router.
>

For security-sensitive applications I'm using a USBArmory-based
"crypto-afterburner" that I can plug into other machines offering two
"USB-NICs" and I don't have problems with reathing the USB bandwidth
limit. If it wasn't impossible to get a single USB port into a VM I
would have found a place to stick one inside my Thinkpad already. If
there was a Qubes developer feeling bored I would have thrown one at him
already to see if we could have a few interesting things introduced into
Qubes (like boot media running on a separate volume that need to be
unlocked first, external key storage, external crypto functions…)

> Finally, I've always felt that running a vpn on Qubes and having an
> always-on vpn running on a router/PC complement each other.

And an independent packet filter in front of it. And one behind it. And
no wireless networking in between any component. Again: Consider a USB
Armory; write some interesting tools, add them to Qubes. That might
really help.


Achom

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a07e2dfb-10f7-d37e-50f4-0712f8d25453%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Archlinux template – dend early Christmas gifts to Marek ASAP! Re: [qubes-users] Arch-template and Firefox (49.0.2)

[Achim Patzner]

> qubes-template-archlinux package is available qubes-templates-community 
> repository!

Make a wish 8-). But watch the movie “Wishmaster” first to see why getting more 
Genies is not a good idea.

> I haven't tested it in any way. It include only what builder-archlinux
> scripts does

> - test it out

Without testing it (I do not have real bandwidth in the middle of nowhere right 
now): Did you modify /etc/fstab to mount a /dev/shm larger than 256MB?

> - automate powerpill setup (probably as part of core-agent-linux
>   repository - some post-installation script or such)

As much as I am in favor of it, everybody with a good grasp on security should 
think what was the least of three evils: Adding another repository (for 
powerpill as package), using the AUR to install powerpill or giving his 
template access to the network for updating (while updating). I’m still not 
clear about it myself (although using powerpill at home with a 400 MBit line 
is… fascinating).

> - adjust https://www.qubes-os.org/doc/templates/archlinux/
> - write some separate announcement(?)

Just change the subject on this message 8-)


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0F71EC19-F107-4BF9-85C3-5AEE0D568392%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Kaspersky OS

[Achim Patzner]

Am 20.11.2016 um 05:26 schrieb Sec Tester:

> Dam maybe this could be a new super hardened VM for Qubes..?

All we get is a heap of paper. And a switch I could not even pre-order
yet. But I've got a few Qubes systems happily running.

It might be an ideal solution for the outward-facing VMs (networking,
firewall) as it is in fact a minimalistic OS for this kind of devices
(or why would they have put it on a router first?). But I could just as
well imagine them running on QNX which is obviously safe enouth to
protect Cisco hardware (think IOS XR) (keep in mind that the Cisco
vulnerabilities up to now are results from sloppily written non-core
functionality modules). I even wondered briefly if it was possible to
use a Mikrotik router VM on Qubes. Alas, someone has to provide it; I'm
not going to do that myself.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b37ccae-7caa-613c-bb6f-3208442a83e5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Kaspersky OS

[Achim Patzner]

Am 20.11.2016 um 05:44 schrieb Fabian Wloch:
> And: Probably nothing will run on that Kaspersky OS, because its coded
> from scratch. No browser, no email client etc.

What would the be needed for? It's obviously not the intended use
anyway. As soon as there is a user in front of a terminal,
"hack-proofing" the system isn't possible as it is a known fact that the
stated goal of nature is creating dumber and dumber users. Technology
will never catch up.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33d51c17-48b3-4965-2093-0e382a03d8bc%40noses.com.
For more options, visit https://groups.google.com/d/optout.

"What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?

[Achim Patzner]

> Am 20.11.2016 um 21:16 schrieb Joonas Lehtonen 
> :
> 
> Hi,
> 
> since Qubes 3.1 is supported until 2017-03-29

This is a question I always wanted to ask: What does “support” mean in relation 
to Qubes? Security fixes? Plus bug fixes? Plus feature upgrades?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/51E5C22F-D678-4486-860D-BD4B94928B92%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Arch-template and Firefox (49.0.2)

[Achim Patzner]

Hi!


I just tried moving my main working environments from the Fedora
template to Arch. All in all a much better user experience for nearly
everything besides one thing: Firefox tabs are constantly crashing. If
I'm opening the same URLs on a native Arch installation or other
templates the contents is displayed without any problems. Am I the only
one with that problem?


And no, no plugins installed at all.


Besides that: I could live without ever getiing a Ubuntu (or lookalike)
template but it might be time to adopt the Arch template (even if that
means the debian template was dropped completely). (Marek: What could we
offer to convince a core developer that he always wanted to do this?)



Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92613b45-b8ae-b19f-32f0-97615d6f86e0%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?

[Achim Patzner]

Am 03.11.2016 um 19:51 schrieb Marek Marczykowski-Górecki:
> Really is all that needed? I'd guess you need to have the window visible
> during calibration only, which means it should be ok to manually switch
> it to fullscreen (from titlebar menu) for that time only. As for the
> brightness - is it ok to set it manually?

If you take a closer look at the W540's hand rest area you'll notice a
small camera-like device. This is a built-in colorimeter. The Windows
software coming with it is about the worst piece of "I have to ignore
all kinds of security" trash I've ever seen. It is running as "local
system" in order to control screen brightness and turn the screen
on/interdict sleep while the lid is closed in order to run. I can't
really imagine anyone really wanting to use it (considering the fact
that the Windows software is carrying about 100MB into your system,
parts of it having more privileges than Administrator – who needs that
much stuff for calculationg a color profile using specialized hardware?).

So yes, the software seems to need those rights (including modifying
screen brightness during measurement, at least in the case of Lenovo).

> Of course in practice calibration software may not like those
> constrains...

I would bet on it. Maybe Zrubi can bribe you with 5kg of assorted
chocolate to try it yourself (some years ago this
https://www.amazon.de/Toblerone-Jumbo-1er-Pack-4-5/dp/B004INT01A used to
be quite good currency to convince developers).



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c96dfcef-f6fa-2b1f-f466-1af92b8478fa%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Introducing the qubes-announce read-only mailing list

[Achim Patzner]

Am 28.10.2016 um 02:00 schrieb Drew White:
> On Friday, 28 October 2016 10:57:03 UTC+11, Andrew David Wong  wrote:
> We've just introduced a new mailing list: qubes-announce
> > So it's a forum, not a mailing list >

No, darling. It's a mailing liist. The contents are transferred to
registered users by mail and only those subscribed will receive it. The
contents are distributed by SMTP. The link he sent is an explanation
page on a web server.

Don't pretend to be dumber than you are, it doesn't make you look better.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf2f3c00-5ae6-2f86-389c-1e7e11bda8dd%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Major problems with 3.2, devs must address

[Achim Patzner]

Am 09.10.2016 um 11:39 schrieb Pablo Costa:

> (I usually manage CUPS with a browser to http://localhost:631 )

Real men don't use the web administration interface. Real men use vi.
8-) (Which, incidentally, is the only way to deal with CUPS without
losing your mind).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19bdc8f9-b5a5-fe90-8b5f-4b42ace9b984%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes and HiDPI

[Achim Patzner]

Am 02.12.2016 um 00:25 schrieb pixel fairy:
> Im missing something here,

Yes

> why not just set your screen res in dom0 to 1920x1080 or whatever you
> find comfortable? 

 Because it is looking much better and for people spending more than 12
hours using a computer this makes a difference.


> i could see it useful for art or visualization. what other advantage would it 
> have?

Ask your ophtalmologist.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbfb5722-c62e-3c44-2b63-5504c5074687%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: [qubes-users] Re: porting to ARM

[Achim Patzner]

On 11.01.2018 14:58:34, "Vít Šesták" 
 
wrote:


Qubes is a desktop OS*, so it does not make much sense to target ARM 
servers.


My current workstation is an Intel server system. What's wrong with that 
(besides the noise so the system is not exactly besides my desk)? I 
would definitely like using ARM-based (or POWER-based) systems instead 
just to throw a few bird droppings on Intel's heads.


Remember: Today the classification "server" does not mean "high I/O 
load-capable machine" but "very expensive system" the common user would 
not buy but is nice to have (as in Mac Pro with two 18-core CPUs and a 
metric shitload of memory -- on which booting Qubes is an adventure).



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em9f53854b-e221-42bd-b337-05a4b0acc928%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo ThinkPad P50

[Achim Patzner]

On 22.08.2018 09:36:33, "Benjamin Girdner"  
wrote:
Everything seems to have worked without any special troubleshooting.  
Docking station, multiple monitors, wireless network, lan network, etc  
My windows vm is a bit laggy at times when switching windows within the 
windows vm itself but I don't think that has anything to do with my 
hardware?


I would expect it to have the same problems as a P70 in regard to USB-C 
connectors (attaching devices will create new PCI attachments leading to 
new USB controllers showing up which will be attached to dom0 at that 
point. The same happens for Thunderbolt devices (but creating different 
entries). Not quite what I like...



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em3014d819-6270-4e67-bc28-303a81bf1f8a%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB-C hub

[Achim Patzner]

Am Donnerstag, den 25.10.2018, 19:46 + schrieb 'Christophe Vial'
via qubes-users:
Any workaround for this problem ?

Connect the hub before booting and look at lspci; all my Lenovo systems
turn on the required controllers (and only them!) only after something
has been connected to the physical port and requested something. In
Qubes 3.2 this was annoying because there were sudden appearances of
USB (or Thunderbolt) controllers in Dom0 and it seems someone turned
off adding busses that appear after booting now (good decision).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/14b9c057b706c7c5a78780ff8790debdfb0b35d0.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes User Forum

[Achim Patzner]

Am Freitag, den 26.10.2018, 13:17 +0200 schrieb Zrubi:
> This means: it is able to sync any mailing list with a forum.
> So every mail posted to any of the qubes mailing lists will be
> received by the forum engine, and convert it to a forum post.

How well is it dealing with the endemic "I can earn 8000$ an hour by
selling all my grandmothers and so can you"-type forum spam (besides
having a houskeeping department consisting of more mods than users)?

> As the sync working both ways if a user post a new topic, or reply to
> an existing one using the forum interface, it will be sent out as a
> regular mail to the corresponding mailing list.
> 
> This way - if it's really work in practice - You don't have to chose
> one solution, both the mailing list and the forum can work and live
> together.
> 
> So if you prefer the forum interface - or just want to give it a try
> -
> you can login to the forum, and just start using it. :)
> Every kind of feedback are welcome. ;)
> 
> The direct registration is disabled for a reason:
> If you post any mail to one of the mailing lists, the forum engine
> creates a user account automatically, using your email address and
> your name (if you using any alongside your mail address)

And then sends out the password for that account by mail to the mailing
list? 8-)

> Some technical background:
> The domain name is registered by me for "personal use". But if the
> PoC
> will be successful, and/or the Qubes team ever would need it, I
> willing to cooperate.

If that would be a problem I would be able to donate the domain
irren.haus...


> The domain, and the hosting is paid for 12 months.

Even with 1&1 being quite cheap: How expensive is it?

> However I would really need help to:
> - test this solution, by using it :)
> - forum administrators also welcome.
> - some voluntary moderators would be nice also.

You mean "cleaning staff"? 8-) Sounds like a great idea if all heavy
duty users should volunteer some time for it.

> - creating a privacy policy, and such pages...

UGH.

To make it a bit more palatable: Make it Tapatalk compatible... 8-).


Achim



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48f3059ba0335fec955bd284c860fbed42be24e6.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] The state of the HiDPI display support in Qubes

[Achim Patzner]

Hi!

As I'm trying to set up a Lenovo P52 with HiDPI display (and external 
nVidia GPU -- don't buy one without right now) I'm close to getting rid 
of it completely and install Windows on it...


1) Xfce is not bringing in a single HiDPI theme and the window 
decorations are looking extremely awful unless you find one of the 
scarce themes adapted for this. It would be nice to have at least one 
Theme suitable for an environment like this n the standard distribution. 
At least it is xfce -- setting resolution (and some other things) in 
.Xresources (or the default file in /etc) is solving the worst problems 
easily.


2) The Fedora VMs delivered with Qubes right now are still fully Gnome 
based, so just copying an appropriate Xresources is not sufficient 
(luckily someone created an fc28-xfce template VM; could we please have 
that as part of the standard distribution?) and one has to jump through 
hoops to set up the template correctly.


Could whoever is doing the VM startup scripts right now (still Marek?) 
consider expanding the X setup scripting to not only getting the screen 
size in pixels into the virtual X server but also the correct resolution 
and add a very late script that will, independently of the virtual 
session manager, move a copy of the X resource db data from Dom0 into 
the VM (in the current fedora template this is messed up by 
gsd-xsettings which is merrily overwriting what came from Xresources via 
xinitrc).


Petition: Take the developers' Lenovo laptops and replace them with 
generation 6 HiDPI X1 (and to completely annoy kernel developers they 
have to be using P52 or similar systems).



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em98d84865-1e63-45f4-bf99-bb2b2e5a317d%40sir-face.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL entry Lenovo P52 (20M9001NGE)

[Achim Patzner]

TL;DR: Don't bother buying one (or a similar machine from the other 
series (T, X, P1)) yet.


Well...

I finally got my personal Lenovo P52 back (actually forced Lenovo into 
late DOA as there are no spare parts for them right now).


[Side notes: If you have a current generation Lenovo (Px2, X/Tx80) DO 
NOT actitvate Thunderbolt pre-boot support (recommended for Linux but 
completely useless for current generation Linux kernels) as it will 
immediately brick your mainboard. The same will happen if you do an ME 
firmware upgrade and reboot into the setup menu immediately afterwards 
instead of rebooting it into some OS. The same may happen if you turn 
off Secure Boot and reset any secrets involved in it at the same time. 
Yes, I caused 5 DOAs in one week by de-Windowing them (is someone from 
Prague permitting me to call that "defenestration"?).]


1) Unlike former generation hardware I cannot get the CPU's GPU to work 
with it; not even as EFI frame buffer (much less as i915). Thanks to 
current kernels nouveau is able to bring it up at all but as soon as I 
try changing resolution or terminate my session the display goes black 
(even on the text consoles). The nVidia is a major annoyance but it is 
at least working.


1a) Unlike Lenovo's compatibility chart claims the system none of the 
Linux distributions I have been testing are working with this Intel GPU 
ight now (https://certification.ubuntu.com/hardware/201806-26280/ is 
probably plainly synthetic). As soon as you type lshw with the device 
active (as in "enabled in the firmware setup") our P52 hang and have to 
be powered off. I've heard that the latest kernel might be working... 
But at least none of the others are crashing with the nVidia GPU.


2) If you boot the system set to external GPU you will get these PCI 
devices


00:00.0 Host bridge: Intel Corporation Device 3ec4 (rev 07)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen 
Core Processor PCIe Controller (x16) (rev 07)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 
v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 07)
00:08.0 System peripheral: Intel Corporation Xeon E3-1200 v5/v6 / 
E3-1500 v5 / 6th/7th Gen Core Processor Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Device a379 (rev 
10)

00:14.0 USB controller: Intel Corporation Device a36d (rev 10)
00:14.2 RAM memory: Intel Corporation Device a36f (rev 10)
00:14.3 Network controller: Intel Corporation Device a370 (rev 10)
00:15.0 Serial bus controller [0c80]: Intel Corporation Device a368 (rev 
10)

00:16.0 Communication controller: Intel Corporation Device a360 (rev 10)
00:16.3 Serial controller: Intel Corporation Device a363 (rev 10)
00:17.0 SATA controller: Intel Corporation Device a353 (rev 10)
00:1b.0 PCI bridge: Intel Corporation Device a340 (rev f0)
00:1c.0 PCI bridge: Intel Corporation Device a338 (rev f0)
00:1c.7 PCI bridge: Intel Corporation Device a33f (rev f0)
00:1d.0 PCI bridge: Intel Corporation Device a330 (rev f0)
00:1e.0 Communication controller: Intel Corporation Device a328 (rev 10)
00:1f.0 ISA bridge: Intel Corporation Device a30e (rev 10)
00:1f.3 Audio device: Intel Corporation Device a348 (rev 10)
00:1f.4 SMBus: Intel Corporation Device a323 (rev 10)
00:1f.5 Serial bus controller [0c80]: Intel Corporation Device a324 (rev 
10)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (7) 
I219-LM (rev 10)
01:00.0 VGA compatible controller: NVIDIA Corporation Device 1bbb (rev 
a1)
02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd 
Device a808
70:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS525A 
PCI Express Card Reader (rev 01)
71:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd 
Device a808


(02:00.0 and 71:00.0 depend on NVMe devices being installed; the 
firmware is hiding them if they are empty).


If you connect something to the USB-C ports before booting Qubes (which 
is ignoring devices coming up after booting now) you will get additional 
devices like


04:00.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:00.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:01.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:02.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:04.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
06:00.0 System peripheral: Intel Corporation Device 15eb (rev 06)
3a:00.0 USB controller: Intel Corporation Device 15ec (rev 06)

(06:00.0 being a Thunderbolt controller -- the device on the other end 
of the line, a TEKQ SSD "drive" doesn't show up and is not usable on 
Qubes but bloody fast on Windows and can keep your coffee hot)


Turning on the Intel GPU would add a

00:02.0 VGA compatible controller: Intel Corporation Device 3e9b

(but as soon as it is on, Qubes (better: Xen) is not showing more than 5 
lines of messages before the fan goes to high speed and  the system 
freezes).


3) The Intel NIC needs 

[qubes-users] gnome-control-center in Fedora > 27

[Achim Patzner]

Hi!

Finally having updated the fedora-26 template to something more recent
I'm hit by the side effects of not having a full GNOME running there.
One of them is the gnome-control-center not doing its job as it needs
to be started with

env XDG_CURRENT_DESKTOP=GNOME gnome-control-center

As certain other abgnominations are launching it directly the
modification ot the .desktop files seems the best way to go:

grep -l "Exec=gnome-control-center" /usr/share/applications/* |  xargs
-n 1 sed 's/Exec=gnome-control-center/Exec=env
XDG_CURRENT_DESKTOP=GNOME gnome-control-center/g' -i

(I'm of course not responsible for this turning your system into a
toad...)


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4694a5045a0bd828a77e0646daff852d137ac820.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Running a single appVM off another volume

[Achim Patzner]

Hi!

Is there an easier way of storing a single VM on an external device
(assume it to be an USB conneted medium) without doing elaborate dances
around it or having to backup and restore? One of our customers got the
bright idea to store a VM containing their CA on an USB flash and
connecting it to "an appropriate machine" (Yes! "Appropriate! Imagine
the fun I'm having *now*) for key signing ("Guys, have you ever heard
of a device called HSM?" "No, and please don't tell us.").

$appropriate was considered to be VMware without a virtual network
interface, running the machine off a USB flash. Securely stored on a
hook besides the door, "because if it is physically disconected it is
safe".

Ok, may not be TAILS (because that's used by criminals) but using Qubes
is an option. Getting off the VM-on-external-media-only trip not. Is it
possible to get these guys on Qubes without "changing the documented
process"?


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30149d2008d3ee42cd7ebfc798a3a1772c071d35.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donation costs

[Achim Patzner]

Am Mittwoch, den 07.11.2018, 18:40 +0100 schrieb 799:
> In Germany you can even save taxes when you make donations to a
> charitable organization.

It's a tax nightmare if that entity wants to hand over money to
something else. It would be easier if the "Qubes FOundation" would get
that status.
> I think it would help if recurring  payments can be done easily
> without loosing 16%.

Using Stripe would alrady improve things.

Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ce83f58a788a695ee6c319acd59f2bd6c0efc49.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes User Forum

[Achim Patzner]

Am Mittwoch, den 07.11.2018, 18:10 +0100 schrieb Zrubi:
> Any further suggestion and/or bug reports are welcome.

Replace the useless smiley by things like ⚙️, ☠️, ,  and ✔️? (8-))


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cac3557ee8a3b23d1105d94e40634dee09f88e1f.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Vertrauliche Nachricht von Sebastian Schatter

[Achim Patzner]

Am Samstag, den 10.11.2018, 21:11 +0100 schrieb Sebastian Schatter:
> Guten Tag,
> ich habe gerade eine vertrauliche Nachricht mit Tutanota (
> https://tutanota.com) gesendet. Tutanota verschlüsselt E-Mails
> automatisch Ende-zu-Ende, inklusive aller Anhänge. Der folgende Link
> führt zur verschlüsselten Mailbox, von der aus auch verschlüsselt
> geantwortet werden kann:

Aber sonst gehts noch, oder?

[But other it still goes, or?]


Achim Patzner

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/135a3dc961b5f81fd143bd91962cf13482e5bf7b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

[Achim Patzner]

On 20181113 at 06:44 +0200 Ivan Mitev wrote:
> I've also added a note about QWT 4 breaking *new* HVMs (I thought the 
> breakage was only when updating from QWT3 to QWT4). It seems it's a 
> hit-or-miss process, IIRC some users managed to have QWT4 running.

The real problem with these tools is not being able to install and
deinstall them in steps. Somewhere along the way I lost libvirt and
there is no easy way to just put it where it belongs. Using the
installer to "repair" the system breaks it because it is messing with
the drivers. If you uninstall completely you break the system with the
reinstallation. All in all it worked better NOT to use the Qubes tools
but the XEN installers and add the Qubes video driver later.

> > What value, if anything, should go under Gateway in the VM? The ip address 
> > shown by Qubes as belonging to the network-providing VM itself, ie Sys-Net 
> > or Sys-Firewall, namely 10.137.0.6 ? Or something else?
> 
> The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have 
> a fancy vpn/firewall setup, it's likely 10.137.0.6.

This is another joke I'm not understanding. Ok, no DHCP for the
unwashed masses. But if I have qubes-rpc working, why not inject the
necessary settings using this mechanism?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74949a1f504baa8c94af509a063e022bf6a17661.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

[Achim Patzner]

On 20181112 at 20:52 +0200 Ivan Mitev wrote:
You do not need to quote a full message as a block; just coppy what you
really refer to.

> Since you mention that the network is functional without QWT
> installed there's probably an issue with your ip settings in the
> windows HVM.

Not necessarily so; it depends on how much of what has been installed
and updated at what point.

I've just finished setting up a new Windows 7 HVM, too. The up to now
best route for me was installing an original Windows 7 SP 1 medium and
then spend about two days of updating it (including 28 reboots...)
before even trying to install the tools package.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b713b5b973be4184915513bac3fd39b0b145c02.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Removing KDE

[Achim Patzner]

On 20181112 at 00:28 -0800 aaq via qubes-users wrote:
> Honestly I completely agree. If I was to use a DE I would definitely prefer 
> KDE or GNOME over XFCE (I sincerely hate XFCE, loose opinion held strongly)

Seconded. My ass is still in pain over getting it to run at 286 dpi,
especially if disp VMsneed to get everything, too. And I'm still trying
to get a handle on the nome-tools menu bar sizes. Getting KDE to agree
on a different resolution is definitely easier (although i fell in love
with Mint - you don't have to do anything, it's like MacOS on this
machine.)

> My machine only has 8 gb of RAM, and so far that is more enough for my usage, 
> but I fear if I bloat dom0 too much, that I might end up having some issues..

Right now it's CPU cores we're lacking, not RAM -- that can be added,
mobile CPUs are limited. But maybe that's because I once had a Sun
Tadpole, the only mobile computer thatever felt like having enough
horsepower.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22ad0b15ff48e5d2a89decd38a22fbc9ca510766.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Donation costs

[Achim Patzner]

Well... As https://www.qubes-os.org/donate/ is warning, 16%
of the donation are going to administrative costs due to
Open Collective's charges. 10% could be saved (probably
more, Stripe is charging at most 2.9% plus 0,25€ per
transaction) if ITL would get their own Stripe account (by
buying a Stripe card reader off Amazon and registering with
Stripe) and I don't think the administrative/bookkeeping/tax
headache would be any less that way.

They are accepting AliPay and WeChat pay (and all the other
exotic things roaming around the European banking system).

I would bet we could create a secure payment gateway...


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/192.5be3171a%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donating to qubes

[Achim Patzner]

Am Samstag, den 03.11.2018, 00:24 +0100 schrieb pieter lems:
> Are there any other options available for donating such as paypal or
> IDeal (for people from Holland)? If not is it possible to create
> those options for people that either dont use a credit card or are
> not familliar with bitcoins?

Paypal. But not a credit card? Really? In my opinion that's like "I'm
only eating vegan chicken" (nothing against chicken, though, we all
should fight the dinosaur invasion).

Why don't you just set up a virtual credit card with Entropay or a
similar service and be over with it? 


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/199ca07e3c15731b90bb712b31842c27d7d667fa.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donating to qubes

[Achim Patzner]

Am Samstag, den 03.11.2018, 00:24 +0100 schrieb pieter lems:
> Are there any other options available for donating such as paypal

Just tried it; Open Collective is taking credit cards and Paypal. So go
there and donate.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b794de00c47e60ecfd24c2b0111840fac109a8b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The state of the HiDPI display support in Qubes

[Achim Patzner]

Am Donnerstag, den 01.11.2018, 11:20 -0700 schrieb ka...@transmuted.io:
> I feel this situation would get better once Xfce finishes their GTK3
> porting. They are at 80% right now and GTK3 supports HiDPI natively
> and then Qubes will need help porting their Window decoration system
> to the new interface if required (I haven't looked at it yet).

I'm still owing you an answer on this...

Trying to solve this somewhere at the level of GTK is a bit late and it
will not help applications flying lower.

I'm a dinosaur. I'm coming from a time without all that stuff where X11
(finally version 1.1! yeah!) came with The Window Manager (twm) and the
scaling was controlled by starting X with the correct settings for dpi
and position in your x11.conf.

I'm still living in that age as I'm using lots of stuff that is still
stuck in the age of Motif. My weapon of choice is the terminal and it
is coming as xterm (because you will find it everywhere) and if the X
server is configured correctly it will do miracles for you (just read 
the description at 
http://www.futurile.net/2016/06/14/xterm-setup-and-truetype-font-configuration/
for a good idea).

If you want this to be working well for you (including readable pop-up-
menus your X geometry has to be correct (and I don't think that gnome
is doing a better job there without that). You can of course set
parameters "by hand" in configuration files but it will not work easily
across monitors with different resolutions.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c1a94658cce8f031b82caac5ae36e20ef230f85.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 2nd external monitor using usb c-type

[Achim Patzner]

On 20181113 at 12:05 -0800 Patrick wrote:
> Has anyone done that - i.e. use a 2nd external monitor using a usb c-type 
> connector?

What difference between using a USB-C and a DP connector did you
expect? It is just another port on your GPU... So yes, it is working if
there is a running GPU connected to it. It got a bit interesting on a
Lenovo P70 because I had to have two GPUs running but that's not a
problem with X11 either.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/086d24283330a37d17c1b77cbda4134e4b13bfa8.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donation costs

[Achim Patzner]

On 20181114 at 06:01 -0600 Andrew David Wong wrote:

> They looked into it and have informed me that switching from OC to
Stripe wouldn't be cheaper at this point because the accounting costs
for the large number of small donations we receive
would exceed OC's fee.

Wow. This is sounding a bit strange to me because their pricing would
be about 31 cents on 2€ and getting consecutively cheaper; a friend of
mine is using it as street musician (but to be fair, for him the ease
of use is gaining him additional income -- he set up an old Android
device as terminal and asks for a minimum of 2€ if people want to use
it and instead of dropping 1€ they are now transferring something
around 5€).

> We're approaching the point where switching would be cheaper, but
we're not quite there yet.

Good to hear. I just got a message from AliPay they would give me a
discount of 30% on my next payment up to 700 RMB and it would have been
a good opportunity to get rid of the excess RMB hanging there I cannot
get out of their system easily. OC doesn't offer me that.

> It's worth noting that Bitcoin donations and payments from Qubes
Partners both bypass OC, so the largest amounts tend to avoid that fee.

Bitcoins are for me an ethical problem. The mining is now costing so
much energy that there are lots of (mostly Chinese, but we're somehow
sharing the planet with them) unclean power plants generating the
energy for them (because they are cheaper). [Cheap shot: This should
pose a more serious problem for people claiming loudly "I'm a vegan to
save the planet" and then developing technologies that need crypto
currencies to be viable... I just had that discussion.]


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1622c5107cf56af5fa676f087df6f82293f5cc50.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Lenovo P52

[Achim Patzner]

I just tried installing Qubes 4.0 on a Lenovo P52 (out of the box, no
firmware updates) and it didn't even boot the distribution media off
USB (after trying several USB ports; there are at least three separate
controllers in this thing). I'm getting exactly 4 lines of mesages
during boot and as it is a 4k display I would have had to take a photo
of it to enlarge whatever was written there (so I can't really tell you
what I saw).

My first suspicion is the RAM; I ordered it with 128GB to keep it from
even thinking about swapping. Is there a limit on in the current
distribution?

The firmware has old bugs I encountered on P70 already; I turned off
secure boot and reordered the EFI boot entries resulting in a machine
that is not even displaying the Lenovo banner after turning it on so I
have enough time to think about the errors of my ways (kids, don't try
this at home -- there aren't any replacement mainboards in Europe and a
"repair" will take 6 weeks so you have to force IBM UK into calling it
a late DOA if it happens).

Does anyone have an idea how to convince it to boot?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9485b3e9bac5d921fcffbae2a1690d6f3048510b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo P52

[Achim Patzner]

Am Freitag, den 05.10.2018, 03:21 -0700 schrieb brendan.h...@gmail.com:
> On Thursday, October 4, 2018 at 3:05:00 PM UTC-4, Achim Patzner wrote:
> > Does anyone have an idea how to convince it to boot?
> 
> Ha ha ha, ouch. I am SOOO jealous of you right now ...but also feel so much 
> pain for you as well. That's a very expensive doorstop.

After IBM UK had to admit the _earliest_ possible date for a mainboard
replacement was December 15th it was surprisingly easy to get them to
accept "either DOA or I just return it and take my money to Apple". 8-)

> There should be 4 SODIMMS. Remove two to try booting with 64GB of RAM?

I was hoping for some boot command magic to get things done.
Removing/adding memory on current P series triggers 7 kind of demonic
things on the next boot (including ComuTrace if it was turned on).

> Can you not get to the BIOS by vigorously tapping F1 after power on, then 
> reset it to factory config?

No. It's deader than Spock was as it is not even initializing the boot
process (it is never leaving the ME's initialization stage). (Just in
case anyone wants to try it at home: In the EFI boot variables you will
find a _lot_ of strange stuff like "Lenovo Diagnostics" and similar
things as disabled boot entries. Removing them caused the same kind of
lock ups on my P70 (which got 9 replacement mainboards due to this
nonsense)).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3729565fda80976edfe7ef2d051fb1ae196322a.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re[2]: [qubes-users] Donation costs

[Achim Patzner]

On 17.11.2018 03:42:25, "taii...@gmx.com"  wrote:

Using alipay is super bad considering you would be supporting a country
that censors the internet and imprisons people for viewing the "wrong"
things.


Not using Alipay is worse; it's been the only way of getting your money 
back if a dealer on one of 10Cent's market places is not keeping his 
side. So using the accumulated cash there for something I want to use it 
for is a bad idea? Well, then... And yes, I will continue buying 
interesting stuff directly from China instead of getting it via USA and 
Amazon.


Crypto payments and cash in mail to trusted qubes people (with secret 
shoppers to help ensure honesty) are the least terrible option.


From my point of view on ecology: not. Besides throwing all your money 
towards China, too or where do you think is most crypto mining being 
done because there currently is no place you're paying less for the 
ecological damage right now. So while China's censorship is not 
threatening me right now, adding unnecessary carbon dioxide to my 
environment is.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em1e3bd25a-70a9-4f86-8870-ca8597b98372%40sir-face.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Hi!

Is it worth creating issues if certain parts of the Builder tools do
not work (e. g. template-local-centos7 or template-local-fc29+xfce)
which would be creating things not in the Qubes distribution?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59d8e3c7dad130ac0f6a83f8706e96cf267bee32.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Right now I'm not even getting to centos-7:

make get-sources get-sources-extra qubes-vm is stopping at

-> Installing core RPM packages...
error: Failed dependencies:
glibc = 2.28-9.fc29 is needed by
glibc-all-langpacks-2.28-9.fc29.x86_64
glibc-common = 2.28-9.fc29 is needed by
glibc-all-langpacks-2.28-9.fc29.x86_64
make[1]: *** 
[/home/user/qubes-builder/qubes-src/builder-rpm/Makefile-leg
acy.rpmbuilder:35: 
/home/user/qubes-builder/chroot-fc29/home/user/.prepared_bas
e] Error 1
make: *** [Makefile:217: vmm-xen-vm] Error 1


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68d.5c2d3178%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] APC UPS daemon

[Achim Patzner]

On 20190118 at 16:18 +0100 Bill Wether wrote:
> I installed apcupsd to Dom0

Is there any good reason to do that? I handed over my UPS' USB
connection to a separate VM which in turn notifies dom0 using RPC. My next step 
was moving that to an old Pi and asking it across the network.

And please don't forget to restrict access appropriately if you use a
separate server. Someone turned off my workplace's power bar (and thus
the UPS) and it shut down my notebook across the VPN link.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d39831202def96786f6e9f9d01328f3e68d4556b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0.x - Linux kernel 4.19.15 package available in testing repository

[Achim Patzner]

Well... Keep it. All CPUs are coming up and for the first time since
the 4.0 release touchpad and track point are working on Lenovo P52. And
all of the things that got successively worse to 4.19.12 are gone.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c020b30dfe9782f63370ab6cbc68ba55b5fccb71.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Resuming a suspended/hibernated VM

[Achim Patzner]

Hi!

A seriously broken application is issuing systemctl
hibernate in a VM. I cannot live well without it and do not
have the sources for it either (that's why it is sitting in
its own VM). How do I get a PVH out of suspension or
hibernation? xl trigger didn't work.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88f.5c43115a%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo T480 freezes after resume on suspend

[Achim Patzner]

On 20190114 at 06:48 +0100 Zrubi wrote:
>   Error verifying signature: Output from /usr/bin/qubes-gpg-
> client-wrapper:
> open sig: No such file or directory

Did I do something wrong here?

- - disable Thunderbolt in BIOS
> (Hence, you will loose the USB-C connector)

At least on a P52 you are losing more than that; it confuses the hell
out of the GPUs if you turn off Thunderbolt and connect a monitor to
the USB-C port.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9230ea4795c393389a5b8b9eea0c56e7e45d5c.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

[Achim Patzner]

On 20190114 at 17:21 + 'awokd' via qubes-users wrote:
> Eric Duncan wrote on 1/13/19 9:08 PM:
> 
> > I then spent several days trying to get Nvidia drivers loaded to no avail.  
> > Also, trying to get just the Intel card working (hybrid graphics) but I've 
> > hit a brick wall there - Xen just freezes on the initial splash screen of 
> > the 4 lines showing what kernel is loading.  The system hard locks up 
> > there, with no logs.  I highly prefer the Intel drivers for battery life.

Arguing about the battery life was making me grin seriously; we're
talking about a desktop replacement machine (with the P1 being the
smallest of the current generation but even that one will suck the
battery dry before you finished watching a movie) and intending to use
it without a power supply is a rather limited experience.

> A nouveau.modeset=0 might help there.

Actually the only way to do it; unlike previous models the current
generation P systems offer you "dGPU and iGPU active" or "dGPU only"
(unlike the Px0 and Px1 where it was "iGPU" or "dGPU and iGPU").

But it's not a problem in itself; the dGPU is using less energy than
the iGPU running on "intel" or "modesetting" (and in my case it's a
P3200). And with kernel-latest installed you get all your cores working
vs. 1 core on a P52.

> That is too bad; I thought those Thinkpads usually worked well with Qubes.

It's more of a Linux (and Xen) problem as far as I can judge it; I'm
constantly comparing what Qubes can do with an Arch on a second
(identical) machine I have around. The worst complaint I might want to
make is that nouveau does not have control of screen brightness (unlike
intel/modesetting) and acpi_backlight=vendor thinkpad-
acpi.brightness_enable=1 is not working as thinkpad-acpi doesn't know
the hardware yet. Both network interfaces (and Bluetooth) are working
on the P52 so they will be working on the P1 if correctly set up.

If there are any Qubes-related problems I'm very sure they will be
found and fixed sooner or later.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/743b80eee6a22341709eded9590abafdc8fa482f.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo Thinkpad P52

[Achim Patzner]

On 20190123 at 20:40 +0100 Aly Abdellatif wrote:

> Current Condition: Everything works perfectly(kali-rolling,offline
> penstesting lab,audio,bluetooth,wifi,updates,whonix,etc...) in legacy
> mode with discrete graphics for installation(with rufus) and hybrid
> graphics after disabling nouveau

Check if all CPU cores are running...

> Only problem is the ethernet

That's not a problem with "permissive=true" and "no-strict-rest=true".

> Uefi works too but problems with wake and sleep after closing the
> lid(Nvidia problem)

Actually using Fn+Backspace, too.

> Graphics:Discrete(Hybrid won't work in uefi)

Works for me since firmware 1.06

> Sadly, there wasn't
> any grub installed(grub and grub2 were empty folders) so I couldn't
> follow the steps regarding the nvidia troubleshooting to disable 

You can do that in xen.cfg.

> I will try now to fix the ethernet and the nvidia drivers . I will
> keep you updated.

To get nouveau working you have to create an xorg.conf. By hand, of
course, to make it more fun.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/386c545b05adbf2afe12afc6843f0abc4ab5f823.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Resuming a suspended/hibernated VM

[Achim Patzner]

Chris Laprise wrote on Sat, 19 January 2019 12:35
> I don't know how to do the un-hibernate (and it seems
> unlikely to work 
> on Qubes), but you could avoid hibernate in the first
> place with 
> 'systemctl mask hibernate.target' in the template.


I would expect that a simulated finger on the simulated
power button would reanimate it (although it doesn't work on
my Qubes installation on a P52 either) but the xl trigger
power was ignored, too.


Achim
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/898.5c4370d9%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] updating CentOS-7 templates

[Achim Patzner]

I just updated my CentOS templates (with hundreds of packages being
upgraded) which seems to have messed up the X environment sufficiently;
did that only happen to my local generated templates or is that worth
reporting an issue?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8519467e6b306bb3922fd9e460c7a1b2b50ad74.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] updating CentOS-7 templates

[Achim Patzner]

Am Donnerstag, den 13.12.2018, 06:12 + schrieb Wynn Tseng:
> Yes, mine happened too. 
> 
> Post error log about /var/log/Xorg.0.log in centos-7 template.
> 
> In dom0, use sudo xl console (insert centos vmname here)to access
> centos7 vm

I did that; that's why I know that there was X11 breakage.

So: Which packages (of the few millions) is the one to back out or what
would have to be added again?


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aeab7ef45df15fa767e04ce20dd81aecfd334856.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Where is Qubes' idea of private image size coming from?

[Achim Patzner]

On 20181218 at 23:53 + unman wrote:
> On Tue, Dec 18, 2018 at 09:18:06PM +0100, Achim Patzner wrote:
> > [ap@dom0 bin]$ qvm-ls --disk BuilderNAME STATE   DISKPRIV-
> > CURR  PRIV-MAX  PRIV-USED  ROOT-CURR  ROOT-MAX  ROOT-
> > USEDBuilder  Halted  124948  124948 2048  6100%  0 
> >  10240 0%[ap@dom0 bin]$ 
> > 
> > Before I start doing something stupid (like reporting a non-issue or
> > shooting my own foot): Where is that 2GB PRIV-USED coming from and how
> > do I correct it? The image file itself has a size of 128GB right now...

> 6100% used. Impressive.

I really like efficient data compression...

> I'm not clear if you tried to extend first or checked the sizes first.

I have to admit that I wanted to use the Qubes-Manager (GUI tools make
people lazy...) and started scratching my head first (getting me to
realize that just increasing the size might not be the wisest
decision).

> You can see the code in
> /usr/lib/python3.5/site-packages/qubesadmin/tools
> 
> PRIV-MAX comes from vm.volumes[private].size - it's strange that that
> should be showing the default 2G size.

It's really there. But I used qubes tools to grow the image and they
usually register correctly what they did in the relevant databases.

> Just to be safe I would backup anything you have on the BuilderVM.
> What does qvm-volume info Builder:private show?

size 2G (in bytes)
usage 128GB (in bytes)

> You could try then resizing with extend. 

... without changing any stored data...

Ok, now the information is matching reality.

If this is happening again I'll open an issue. Or get a patent for my
compression algorithm.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f938cf7f5a3eafd7323fbabed524950996188f0.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fed-28 update error

[Achim Patzner]

On 20181220 at 14:53 -0500 Chris Laprise wrote:
> How stable is the CentOS 7 "testing" template? I'm so over Fedora,
> but need dnf for full compatibility with qubes-dom0-update.

It just self-destructed by upgrading x11-xorg*, see "[qubes-users]
updating CentOS-7 templates" - I guess I have to find 
xorg-x11-server-{Xorg,common}-1.19.5 as Nick Darren wrote. Besides that it's 
quite useful (but the arch template is more versatile). Fedora and plain Debian 
have a sucking coefficient that rips fleas off dogs.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f87fd65e58a1d9bd582f9772aa0aa0f6fcfc5e2.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.