from:"Ivan Mitev"

Re: [qubes-users] Thank You & How to "Give Back"?

2019-01-16 Thread Ivan Mitev

Hey John,

On 1/16/19 8:20 PM, John Goold wrote:
> I want to say thank you to those members of Qubes Users who have had the 
> patience to answer my questions and solve my problems getting Qubes up and 
> running. I have been particularly pleased that this is a forum where there 
> are few, if any, unhelpful responses to questions and few questions/requests 
> for help where the asker has not tried to find the answer in this forum or in 
> the documentation.

Thank you. As a long time user of Qubes OS I don't see how I could do
without it so I'm happy to help the community here. Kind of "giving
back" as you say. I'm sure it applies to the other users who helped you
as well.

> While I have a computer background, my entire career was spend in the 
> software/research environment, I do not have a background in PC/Linux 
> internals (though decades ago I did acquire some Unix sys-admin knowledge). 
> That means I came to Qubes without the the in-depth security knowledge that 
> the more knowledgeable of you have — my knowledge is more superficial.
> 
> Having provided that background, I was trying to think of a way of "giving 
> back" to this community.
> 
> Would a "Setting up a Semi-Secure Personal Computing Environment Using Qubes" 
> document be a useful addition (albeit, with a more succinct title!)?
> 
> It would be aimed at computer users who want a more secure environment, but 
> are willing to live with some security exposures (ones that hopefully have an 
> exceedingly low probability of being exploited against an "average Joe") — 
> for example, using a USB mouse and keyboard. Clearly one needs to have some 
> degree of computer literacy to tackle switching to Qubes, but I think a 
> step-by-step migration guide might be useful and fewer people might give up.
> 
> In it, I could briefly describe the "Hardware Issues" which are already well 
> documented (hence "briefly" as they applied to me) and then get into the 
> issues of choosing which qubes to set up, the issues of dealing with a 
> desktop computer that only has USB mouse/keyboard capability, various 
> user-interface issues and, perhaps more importantly, migrating data from 
> another OS (in my case Linux Mint) to the Qubes environment.

In my opinion such document may be helpful as a blog post - but the
problem would be visibility (only through search engines). Maybe a
better way would be to improve the official qubes docs where you found
things to be lacking details/clarity [1]. Some people find it easy to
deal with the official docs, others don't. In the latter case you could
float ideas/pull requests in the unofficial "qubes community" project
[2] and folks there (including myself) would help you format them for
submission to the official docs.

Writing docs can be time consuming though, so in any case spending a bit
of time helping other people on the ML is already a nice way of "giving
back" !


[1] https://www.qubes-os.org/doc/doc-guidelines/#how-to-contribute
[2] https://qubes-community.github.io/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b714c9c-93ac-f025-96d1-3210c85ebc02%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Keyboard and mouse issue (R 4.0.1)

2019-01-15 Thread Ivan Mitev




On 1/15/19 11:04 PM, John Goold wrote:
> On Tuesday, January 15, 2019 at 9:08:48 AM UTC-6, Ivan Mitev wrote:
>> On 1/15/19 2:42 PM, unman wrote:
>>> On Tue, Jan 15, 2019 at 09:26:31AM +0200, Ivan Mitev wrote:
>>>>
>>>>
>>>> On 1/15/19 3:36 AM, jrg.desk...@gmail.com wrote:
>>>>> KEYBOARD
>>>>>
>>>>> How do I set the "compose" key on the keyboard? I have run several Linux 
>>>>> distributions (base on Debian/Ubuntu) for several years and have had no 
>>>>> problems setting a compose key so that I could enter diacriticals and 
>>>>> symbols like the em-dash and the Spanish upside down exclamation and 
>>>>> question marks.
>>>>
>>>> IIRC there's no gui setting in XFCE for setting a compose key. I don't
>>>> use such key myself but I guess you can edit dom0's
>>>> /etc/X11/xorg.conf.d/00-keyboard.conf and add XkbOptions there (eg.
>>>> Option "XkbOptions" "compose:menu"). Run `grep "compose:"
>>>> /usr/share/X11/xkb/rules/base.lst` to find what keys you can use.
>>>>
>>>
>>> The default key combo is Shift+AltGR - enabled by default in X
>>> You can also set XkbOptions compose: in /etc/default/keyboard
>>
>> I thought that /etc/default/keyboard was only for debian and
>> derivatives. Are you sure it works for fedora ?
> 
> First things first :-)  When trying out keyboard changes, I wanted them to 
> apply globally (they work just fine when I use setxkbmap..., thanks) and so 
> made a change in dom0. Since the test change did not seem to work, I thought 
> I would try a complete reboot (imagining that when dom0 starts up, it reads 
> its configuration files and then doesn't reread them after that).

Indeed, tweaking X conf files will require a reboot in Qubes OS. With a
standard distribution you'd log off, kill/restart the X server, and log
in again, but if you do so in Qubes OS your VM apps won't be displayed
anymore (not sure if it's a bug or a feature - I never log off anyway so
it doesn't bother me).


> What a surprise -- my mouse reverted to being left-handed! I have no idea why 
> (other than the reboot) or why it reverted to right-handed (other than the 
> sys-usb VM being set up). Any way, the problem has "gone away".

Magic :)


> Now for the keyboard changes. As I indicated, I wanted to turn off the Caps 
> Lock key and set a "compose" key.
> 
> I launched a dom0 terminal and sudo'ed to root. Then I edited the file 
> "/etc/X11/xorg.conf.d/00-keyboard.conf" and added the XkbOptions line. It now 
> reads:
> 
> Section "InputClass"
>   Identifier "system-keyboard"
>   MatchIsKeyboard "on"
>   Option "XkbLayout" "us"
>   Option "XkbOptions" "caps:none"
> EndSection
> 
> After rebooting, the Caps Lock key is now off in all Qubes :-)  However, I am 
> not sure of the syntax of this file and do not want to make an error in the 
> file in case it makes my keyboard inactive.
> 
> Can I change that last Option line to:
> 
> Option "XkbOptions" "caps:none compose:menu"
> 
> or do need to use a comma to separate the two options (could not find this 
> information in the Wikipedia article) OR, possibly use:
> 
> Option "XkbOptions" "caps:none"
> Option "XkbOptions" "compose:menu"
> 

You'll have to use commas - eg.

Option "XkbOptions" "caps:none,compose:menu"

In case you mess up your X config and X won't start you should see a
text login prompt instead the graphical login; you can login and fix
conf files from there like you did from a terminal in dom0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d3dfe60-1732-4e80-b5db-57f153496ef1%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Keyboard and mouse issue (R 4.0.1)

2019-01-15 Thread Ivan Mitev




On 1/16/19 2:43 AM, unman wrote:
> On Tue, Jan 15, 2019 at 05:08:39PM +0200, Ivan Mitev wrote:
>>
>>
>> On 1/15/19 2:42 PM, unman wrote:
>>> On Tue, Jan 15, 2019 at 09:26:31AM +0200, Ivan Mitev wrote:
>>>>
>>>>
>>>> On 1/15/19 3:36 AM, jrg.desk...@gmail.com wrote:
>>>>> KEYBOARD
>>>>>
>>>>> How do I set the "compose" key on the keyboard? I have run several Linux 
>>>>> distributions (base on Debian/Ubuntu) for several years and have had no 
>>>>> problems setting a compose key so that I could enter diacriticals and 
>>>>> symbols like the em-dash and the Spanish upside down exclamation and 
>>>>> question marks.
>>>>
>>>> IIRC there's no gui setting in XFCE for setting a compose key. I don't
>>>> use such key myself but I guess you can edit dom0's
>>>> /etc/X11/xorg.conf.d/00-keyboard.conf and add XkbOptions there (eg.
>>>> Option "XkbOptions" "compose:menu"). Run `grep "compose:"
>>>> /usr/share/X11/xkb/rules/base.lst` to find what keys you can use.
>>>>
>>>
>>> The default key combo is Shift+AltGR - enabled by default in X
>>> You can also set XkbOptions compose: in /etc/default/keyboard
>>
>> I thought that /etc/default/keyboard was only for debian and
>> derivatives. Are you sure it works for fedora ?
> 
> Not really a Fedora person. Probably not. :-(
> On the other hand, I *do* find a GUI way of setting the key under System
> Settings/Keyboard in KDE, and in Xfce, under
> SystemTools-Keyboard-Layout.

Oh, you're right - as usual :)

I remember trying to assign a compose key looong ago and not finding
anything in XFCE ; a web search also returned many "XFCE doesn't provide
a way to set a compose key..." so I assumed there was still no GUI for that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35b3b3e7-8266-79c5-6650-29e71bef3c4a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to autostart a program in an appVM?

2019-01-15 Thread Ivan Mitev




On 1/15/19 7:48 PM, John Goold wrote:
> On Tuesday, January 15, 2019 at 12:31:00 AM UTC-6, Ivan Mitev wrote:
>> On 1/15/19 3:46 AM, jrg.desk...@gmail.com wrote:
>>> I am sure almost everyone has one or more appVMs in which they autostart 
>>> programs. That is, how do I set things up so that when a particular appVM 
>>> is automatically launched at boot time (or I manually start it), one or 
>>> more programs get started automatically? For example, in my "personal" 
>>> Qube, I want Thunderbird, Slack (the collaboration tool) and Dropbox to 
>>> start automatically.
>>>
>>> This is another thing I did under "straight" Linux, that I cannot see how 
>>> to do under Qubes. I did the RTFM and attempted to find something relevant 
>>> in the qubes-users forum -- no luck (or I missed seeing anything).
>>
>> You'll have to use .desktop files (as per the freedesktop "standard" [1])
>>
>> For a given VM create (or copy/symlink) the .desktop file of the
>> application you want to autostart in $HOME/.config/autostart/
>>
>> Eg. to start thunderbird:
>>
>> mkdir -p $HOME/.config/autostart/ # in case it doesn't exist yet
>>
>> ln -s /usr/share/applications/mozilla-thunderbird.desktop \
>>$HOME/.config/autostart/
>>
>> You can of course create custom .desktop files to (auto)run arbitrary stuff.
>>
>> As a side note the system-wide folder (that you'd customize in your
>> templateVMs) is /etc/xdg/autostart.
>>
>>
>> [1] https://specifications.freedesktop.org/desktop-entry-spec/latest/
> 
> @Ivan: Thanks, that worked just fine. I vaguely remember messing with 
> .desktop files before my Linux distributions included GUI settings that 
> handled autostart.

Happy to help. It took me a bit of time too to figure those things when
I switched to Qubes OS since VMs don't run a full fledged VM with easily
found GUI settings apps. You then have to find out how things run "under
the hood".

As a side note you can also prevent system-wide autostart apps from
starting by putting the following two lines .desktop file in
$HOME/.config/autostart/ (the file has to be named exactly like the one
that is defined in /etc/xdg/autostart/ and that you want to override):

[Desktop Entry]
Hidden=true

(That's what the GUIs do when you deselect applications in
startup/autostart.)


> By the way, how do I "Mark as complete"?

No need !

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5e6122b-c535-c4c0-730a-94d1b473f9b7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Keyboard and mouse issue (R 4.0.1)

2019-01-15 Thread Ivan Mitev




On 1/15/19 2:42 PM, unman wrote:
> On Tue, Jan 15, 2019 at 09:26:31AM +0200, Ivan Mitev wrote:
>>
>>
>> On 1/15/19 3:36 AM, jrg.desk...@gmail.com wrote:
>>> KEYBOARD
>>>
>>> How do I set the "compose" key on the keyboard? I have run several Linux 
>>> distributions (base on Debian/Ubuntu) for several years and have had no 
>>> problems setting a compose key so that I could enter diacriticals and 
>>> symbols like the em-dash and the Spanish upside down exclamation and 
>>> question marks.
>>
>> IIRC there's no gui setting in XFCE for setting a compose key. I don't
>> use such key myself but I guess you can edit dom0's
>> /etc/X11/xorg.conf.d/00-keyboard.conf and add XkbOptions there (eg.
>> Option "XkbOptions" "compose:menu"). Run `grep "compose:"
>> /usr/share/X11/xkb/rules/base.lst` to find what keys you can use.
>>
> 
> The default key combo is Shift+AltGR - enabled by default in X
> You can also set XkbOptions compose: in /etc/default/keyboard

I thought that /etc/default/keyboard was only for debian and
derivatives. Are you sure it works for fedora ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1bb509df-da41-5551-95a0-f02bea7a6e3a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Keyboard and mouse issue (R 4.0.1)

2019-01-14 Thread Ivan Mitev

On 1/15/19 3:36 AM, jrg.desk...@gmail.com wrote:
> KEYBOARD
> 
> How do I set the "compose" key on the keyboard? I have run several Linux 
> distributions (base on Debian/Ubuntu) for several years and have had no 
> problems setting a compose key so that I could enter diacriticals and symbols 
> like the em-dash and the Spanish upside down exclamation and question marks.

IIRC there's no gui setting in XFCE for setting a compose key. I don't
use such key myself but I guess you can edit dom0's
/etc/X11/xorg.conf.d/00-keyboard.conf and add XkbOptions there (eg.
Option "XkbOptions" "compose:menu"). Run `grep "compose:"
/usr/share/X11/xkb/rules/base.lst` to find what keys you can use.

Alternatively, set up an autostart command - you now know how to do
that:) - and run setxkbmap like so:

setxkbmap -option compose:menu

Note: keyboard settings are propagated from dom0 to VMs so you simply
need to set them in dom0 to have them working in all the VMs. However I
found that this was unreliable when switching languages - in case that's
something you have to configure see [1] for a workaround.

> The other issue with the keyboard involves disabling the Caps Lock key (I am 
> a fumble-fingered 73-year old and the caps lock key is the bane of my typing 
> existence).

XkbOptions: caps:none

or,

setxkbmap -option "caps:none"

Combined with the above:

setxkbmap -option "caps:none compose:menu"

> MOUSE
> 
> Before using the "Salt" method of setting up a sys-usb VM, I had my mouse set 
> as left-handed. Then I got sys-usb set up. The mouse reverted to 
> right-handed, but when I checked the System Tools --> Mouse and Touchpad, it 
> indicated the mouse was left-handed.
> 
> But it is not :-(   Changing the setting to right-handed and then back had no 
> effect. I have searched the menus to no avail.  Adding "Settings" to the 
> sys-usb VM menu and then trying to invoke it failed.

Sorry, can't really help here; hopefully other users will chime in.

Dumb question though: are you sure you selected the right (no pun
intended) mouse in System Tools --> Mouse and Touchpad ? On my system I
have 3 mice - the laptop's trackpoint, touchpad and an external usb
mouse ; I just tried to set the right/left handed setting for each of
them (the setting works individually for each mouse) and it worked.

[1]
https://github.com/Qubes-Community/Contents/blob/master/docs/localization/keyboard-multiple-layouts.md#alternative-setups

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77d87836-c7f6-cd24-460a-1a1f5626553c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to autostart a program in an appVM?

2019-01-14 Thread Ivan Mitev




On 1/15/19 3:46 AM, jrg.desk...@gmail.com wrote:
> I am sure almost everyone has one or more appVMs in which they autostart 
> programs. That is, how do I set things up so that when a particular appVM is 
> automatically launched at boot time (or I manually start it), one or more 
> programs get started automatically? For example, in my "personal" Qube, I 
> want Thunderbird, Slack (the collaboration tool) and Dropbox to start 
> automatically.
> 
> This is another thing I did under "straight" Linux, that I cannot see how to 
> do under Qubes. I did the RTFM and attempted to find something relevant in 
> the qubes-users forum -- no luck (or I missed seeing anything).

You'll have to use .desktop files (as per the freedesktop "standard" [1])

For a given VM create (or copy/symlink) the .desktop file of the
application you want to autostart in $HOME/.config/autostart/

Eg. to start thunderbird:

mkdir -p $HOME/.config/autostart/ # in case it doesn't exist yet

ln -s /usr/share/applications/mozilla-thunderbird.desktop \
   $HOME/.config/autostart/

You can of course create custom .desktop files to (auto)run arbitrary stuff.

As a side note the system-wide folder (that you'd customize in your
templateVMs) is /etc/xdg/autostart.


[1] https://specifications.freedesktop.org/desktop-entry-spec/latest/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/988786a0-3eab-7d0e-5d47-65b64ca6874c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dom0 downloads, but does not update packages

2019-01-14 Thread Ivan Mitev




On 1/14/19 5:14 PM, meindatenschr...@gmail.com wrote:
> Had the same issue, just do "sudo dnf reinstall anaconda-core anaconda-gui 
> ..." in dom0 and you're good to go. At least, that's what worked for me :-)

It worked for me, thanks !

Still wondering what caused that problem in the first place...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57a2dd69-1853-3dd0-f583-7ac8b1cc7516%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)

2019-01-14 Thread Ivan Mitev

On 1/14/19 11:59 AM, Alexandre Belgrand wrote:
> Le lundi 14 janvier 2019 à 01:52 +, js...@bitmessage.ch a écrit :
>> It sounds like you've already looked at the docs but here's the link:
>> https://www.qubes-os.org/doc/usb/
>> You have to have sys-usb to attach a usb device like a scanner to an 
>> appvm (unless you can just attach the whole usb controller, which
>> you 
>> can't).
> 
> Pardon my ignorance, I am planning to install Qubes on a laptop. 
> 
> I need to connect to 
> (1) a USB scanner and 
> (2) a USB smartcard reader (with OpenSC).
> 
> In the documentation it is written:
> 
> " Note, you cannot pass through devices from dom0 (in other words: a
> USB VM is required). To use this feature, you need to have the qubes-
> usb-proxy package installed in the template used for the USB qube "
> 
> Does it mean I will have to create a USB VM and then connect it to
> other VMs using USB proxy. And I will loose USB keyboard and mouse in
> dom0.

You will need a VM with the USB controller assigned to it. Actually that
VM is created by default at install time (it's called "sys-usb"). You
won't "loose" your USB keyboard/mouse in dom0: those are "proxied" from
sys-usb to dom0 with the help of the qubes-input-proxy daemon, which -
if I'm not mistaken - has nothing to do with proxying of USB devices
from one VM to another.

So in theory you would plug your scanner which should appear in sys-usb,
and you'd attach ("proxy") it to a VM where you have your scanning
software installed. If you're lucky it will work that way but not every
USB device works well with proxying and scanners aren't know to be very
plug friendly. In that case you will have to use sys-usb directly
(either for firmware loading - most scanners need that nowadays - or for
firmware loading + scanning software).
That's also why you have the option to combine sys-net and sys-usb into
one VM during installation time: some USB networking devices can't be
proxied so the only way to use them is to have the usb controllers in
sys-net (or symmetrically, networking support in sys-usb).

Ditto for the smartcard reader...

Hope this helps...
Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85d1a3ea-502c-314e-a6a5-3aad1814b399%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] choice of media player with minimal resources ?

2019-01-13 Thread Ivan Mitev

Hi 799 :)

On 1/14/19 9:05 AM, 799 wrote:
> Am Mo., 14. Jan. 2019, 08:00 hat Ivan Mitev  geschrieben:
> 
>> Hi all,
>>
>> I'd be interested to know what people use for playing videos in VMs
>> (without GPU passthrough).
> 
> 
> For streaming content I use Google Chrome in a special "Multimedia AppVM",
> which has no other purpose.
> 
> I rarely have other sources for video, but if so I'm using VLC / VideoLAN
> Client.

Yes, I saw that's what you recommended in the multimedia doc.


> I never cared about ressource consumption, as the multimedia task was often
> the foremost task and I didn't do anything in this time.

That's OK for a desktop PC (including laptops that stay plugged on a
desk) but for mobile use performance/battery life is a concern.

Another less obvious reason for not having the laptop's fan constantly
on due to high CPU usage is to avoid clogging the heat sink with
dust/fibers (eg. when you have your laptop lay on a blanket when you're
in bed).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab3ce70d-0058-1157-f8c8-b9cc029c07d2%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] choice of media player with minimal resources ?

2019-01-13 Thread Ivan Mitev

Hi all,

I'd be interested to know what people use for playing videos in VMs
(without GPU passthrough).

I've tried mpv, mplayer, vlc, google-chrome and ffmpeg: mpv, vlc and
ffmpeg were the worst in terms of CPU usage. google-chrome fared better,
while mplayer seemed to consume the least resources.

I guess it boils down to how well those players implement software
rendering given the lack of hardware acceleration in qubes. I haven't
looked at what library each player use for decoding (for instance mpv
and vlc may use ffmpeg which would explain why they're all more or less
in the same cpu resource usage group).

Note: the tests I've done were with h264 640x480 videos and the way I
measured CPU usage was very scientific: eyeballing the output of xentop
and adding dom0's % with the vm's % I was playing the video in :)

Cheers,
Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ebc86146-ccb6-47ab-bcc9-b501a6dc92f4%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dom0 downloads, but does not update packages

2019-01-13 Thread Ivan Mitev




On 1/13/19 11:04 PM, pixel fairy wrote:
> heres the output of qubes-dom0-update. it just stops after downloading. done 
> this for at least a week. 
> 
> Fedora 25 - x86_64  913 kB/s |  50 MB 00:56   
>  
> Qubes Dom0 Repository (updates) 686 kB/s | 8.0 MB 00:11   
>  
> determining the fastest mirror (15 hosts).. done..5 kB/s | 2.7 kB 00:00 
> ETA
> Qubes Templates repository  1.7 kB/s |  10 kB 00:06   
>  
> Last metadata expiration check: 0:00:01 ago on Sun Jan 13 12:53:10 2019.
> Dependencies resolved.
> 
>  Package  Arch   Version   Repository  
> Size
> 
> Reinstalling:
>  anaconda-corex86_64 1000:25.20.9-14.fc25  qubes-dom0-current 1.5 
> M
>  anaconda-gui x86_64 1000:25.20.9-14.fc25  qubes-dom0-current 386 
> k
>  anaconda-tui x86_64 1000:25.20.9-14.fc25  qubes-dom0-current 186 
> k
>  anaconda-widgets x86_64 1000:25.20.9-14.fc25  qubes-dom0-current 119 
> k
>  python3-blivet   noarch 2:2.1.6-5.fc25qubes-dom0-current 1.0 
> M
>  python3-kickstartnoarch 1000:2.32-4.fc25  qubes-dom0-current 370 
> k
>  qubes-anaconda-addon noarch 4.0.9-1.fc25  qubes-dom0-current  34 
> k
>  xorg-x11-drv-ati x86_64 18.0.1-1.fc25 qubes-dom0-current 168 
> k
>  xorg-x11-drv-intel   x86_64 2.99.917-32.20171025.fc25 qubes-dom0-current 696 
> k
> 
> Transaction Summary
> 
> 
> Total download size: 4.4 M
> Installed size: 4.4 M
> DNF will only download packages for the transaction.
> Downloading Packages:
> (1/9): anaconda-tui-25.20.9-14.fc25.x86_64.rpm  136 kB/s | 186 kB 00:01   
>  
> (2/9): anaconda-widgets-25.20.9-14.fc25.x86_64. 709 kB/s | 119 kB 00:00   
>  
> (3/9): anaconda-gui-25.20.9-14.fc25.x86_64.rpm  231 kB/s | 386 kB 00:01   
>  
> (4/9): python3-blivet-2.1.6-5.fc25.noarch.rpm   914 kB/s | 1.0 MB 00:01   
>  
> (5/9): python3-kickstart-2.32-4.fc25.noarch.rpm 367 kB/s | 370 kB 00:01   
>  
> (6/9): qubes-anaconda-addon-4.0.9-1.fc25.noarch 585 kB/s |  34 kB 00:00   
>  
> (7/9): anaconda-core-25.20.9-14.fc25.x86_64.rpm 543 kB/s | 1.5 MB 00:02   
>  
> (8/9): xorg-x11-drv-ati-18.0.1-1.fc25.x86_64.rp 512 kB/s | 168 kB 00:00   
>  
> (9/9): xorg-x11-drv-intel-2.99.917-32.20171025. 1.1 MB/s | 696 kB 00:00   
>  
> 
> Total   860 kB/s | 4.4 MB 00:05   
>   
> Complete!
> The downloaded packages were saved in cache until the next successful 
> transaction.
> You can remove cached packages by executing 'dnf clean packages'.
> Qubes OS Repository for Dom0   27 MB/s |  37 kB 00:00 
>

Same here but with a slightly different list of packages.

I don't remember interrupting any update process in dom0.

I tried to clean the cache with `--clean` or directly with `rm` in
sys-firewall but it didn't help. I then tried to redo the last dnf
transaction (`dnf history redo ...`) but it failed with:

[...]
No package qubes-mgmt-salt-dom0-0:4.0.13-1.fc25.noarch installed.
Error: An operation cannot be redone

Oddly, `rpm -q qubes-mgmt-salt-dom0` returns a newer version of that
package:

qubes-mgmt-salt-dom0-4.0.14-1.fc25.noarch

No idea how that's possible given that I'm redoing the *last* dnf
transaction and I've never manually installed/updated packages in dom0.
Not sure if this is related to the original problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6daed4cf-a28e-64ad-e72c-7a13cf15eb33%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A way to have a qube close once all its windows are closed?

2019-01-13 Thread Ivan Mitev




On 1/13/19 6:19 PM, Stumpy wrote:
> I usually have lots of windows open but am finding that after a few days
> I have lots of appvms open that arent being used... usually finding this
> when i try to open (yet another) appvm and being told I am out of memory.
> I have maxed out my memory slots, and shaved each appvm down to the
> minimum amount of memory that it needs to operate so...
> 
> Is there a way, like dispVMs, to have an  appvm automatically close when
> its not in use? "In use" defined as not having a window open?

See https://github.com/QubesOS/qubes-app-shutdown-idle

and the related issue:

https://github.com/QubesOS/qubes-issues/issues/832#issuecomment-437303826

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34bee960-bff7-93b8-ec26-b40b3d4ba335%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Set up a ProxyVM as a Wireguard instead of a OpenVPN gateway

2019-01-12 Thread Ivan Mitev




On 1/12/19 5:16 PM, Daniil Travnikov wrote:
> Does anyone know how could be configured the Wireguard 
> (https://www.wireguard.com/) in Proxy VM?
> 
> Maybe do you know some doc like https://www.qubes-os.org/doc/vpn/ where it is 
> already described step by step?
> 
> I understand that this is new technology, but maybe someone knows which OS is 
> more preferable and what is the first step in the settings?

The following thread might be helpful, although it's a bit old:

https://groups.google.com/d/msg/qubes-users/MQaePIslfY8/k0s65DfaCQAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a9c7b8a-8267-e603-bcc8-ba5581a06d7b%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fedora-28 upgrade to fedora-29 messes up the wireless network icon

2019-01-11 Thread Ivan Mitev




On 1/12/19 9:11 AM, max via qubes-users wrote:
> Hi everyone,
> 
> After upgrading my fedora appVM's to use the fedora-29 template instead of 
> fedora-28, sys-net icon is weird looking. When the network starts, the 
> circular drawing is only creating red color and not deleting it, smudging  
> the icon out so you can hardly see how good your connection is, or if the 
> connection is broken/unreachable.
> 
> fedora-28
> https://www.dropbox.com/s/0m8gx9v2qt0t8ay/networkicon-1.png?dl=0
> 
> fedora-29
> https://www.dropbox.com/s/xf1k1avfuono03x/networkicon-2.png?dl=0
> 
> Anyone know of a fix? I'm looking at the fedora sites, but haven't found 
> anything yet.

I have the same problem - looks like a problem with refresh and
transparent background.

For info that issue is tracked at

https://github.com/QubesOS/qubes-issues/issues/4701


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1bf5e0a1-99f4-7dee-a086-f8aa67e1f5d8%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fedora-29-minimal sys-net/firewall problem

2019-01-11 Thread Ivan Mitev

Hi Rumsey,

On 1/12/19 7:59 AM, rumsey.anth...@gmail.com wrote:
> Thanks to Ivan, I figured it out (with a bit of luck).
> 
> After comparing packages in his working template to my own, I first tried to 
> install:
> 
> dbus-glib
> ipcalc
> iproute
> iproute-tc
> iputils
> 
> That fixed it as far as I can tell. I now have a working sys-net and 
> sys-firewall with the fedora-29-minimal template. I'm assuming the ip* 
> packages were the key, but I don't really have any idea.

Happy you figured it out. I'd bet that the missing package was iproute,
but it could also be dbus-glib (if I'm not mistaken NetworkManager uses
dbus, that could be the issue); If I have some time later today I'll try
to remove those packages from my working template and see what happens.

By the way, you can find info about packages with eg. `dnf info
iproute`. If the package is installed, `rpm -qi iproute` will be much
faster than dnf. You can also get a list of installed file with `rpm -ql
iproute` (I usually do `rpm -ql package | grep bin`)

Re- your previous email, I wouldn't have expected that there would be so
many packages added in my template. I used a fedora-26-minimal and added
only a few packages [1]. But maybe I didn't pay attention to all the
dependencies that were pulled.

[1]
https://github.com/Qubes-Community/Contents/tree/master/docs/user-setups/taradiddles#fedora-minimal

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9832cb29-ce88-3633-d27e-eb4b4d52754c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fedora-29-minimal sys-net/firewall problem

2019-01-11 Thread Ivan Mitev

Hi 799,

On 1/11/19 8:47 PM, 799 wrote:
> I had the
> 
> Am Fr., 11. Jan. 2019, 19:36 hat  geschrieben:
> 
>> I've been using Qubes for about 1 year now, and I wanted to try using a
>> minimal template on my Dell XPS 13 laptop for the sake of conserving space.
>>
>> I've installed the packages recommended at
>> https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and
>> sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my
>> fedora-28 template to the fedora-29-minimal clone in order to get my wifi
>> to work.
>>
>> Under the fedora-29-minimal template clone I can connect to wifi. With
>> both sys-net and sys-firewall using the minimal template, both templates
>> and dom0 are able to update, so I know there is connectivity. However, I am
>> unable to get any internet connectivity in my appvms.
>>
>> I have no expertise in the realm of troubles
>> I had the
>>
>> Am Fr., 11. Jan. 2019, 19:36 hat  geschrieben:
>>
>>> I've installed the packages recommended at
>>> https://www.qubes-os.org/doc/templates/fedora-minimal/ for sys-net and
>>> sys-firewall and I also had to copy the /usr/lib/firmware/ath10k from my
>>> fedora-28 template to the fedora-29-minimal clone in order to get my wifi
>>> to work.
>>> Under the fedora-29-minimal template clone I can connect to wifi. With
>>> both sys-net and sys-firewall using the minimal template, both templates
>>> and dom0 are able to update, so I know there is connectivity. However, I am
>>> unable to get any internet connectivity in my appvms.
>>> I have no expertise in the realm of troubleshooting these problems. I am
>>> just knowledgable enough to sometimes figure stuff out and sometimes screw
>>> things up.
>>> Any help would be appreciated.
>>
>>
> I was running into the same issues and have already open a question here.
> 
> This is my script to build my sys-app-VM-template from scratch:
> (You might need to install another Intel Wifi Package).
> 
> sudo qubes-dom0-update qubes-template-fedora-28-minimal
> qvm-clone fedora-28-minimal t-fedora-28-sys
> qvm-run --auto --user root t-fedora-28-sys "xterm -hold -e 'dnf -y update
> && \
> dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd \
> qubes-core-agent-networking polkit qubes-core-agent-network-manager \
> notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy \
> network-manager-applet iwl6000g2a-firmware qubes-input-proxy-sender \
> NetworkManager-wwan NetworkManager-wifi NetworkManager-openvpn \
> NetworkManager-openvpn-gnome && \
> echo ... Everything completed! Shutdown Template'"
> 
> # Optional packages you might want to install in the sys-template:
> qvm-run --auto --user root t-fedora-28-sys "xterm -hold -e 'dnf -y install
> nano less pciutils iputils'"
> qvm-shutdown --all --wait --timeout 120
> qvm-prefs --set sys-net template t-fedora-28-sys
> qvm-prefs --set sys-firewall template t-fedora-28-sys
> qvm-prefs --set sys-usb template t-fedora-28-sys
> qvm-start sys-firewall sys-firewall sys-usb
> 
> I have tried to run the same script on a fedora-29-minimal template .. same
> problem which you have described.
> sys-net has internet, but no other vm which has it set as NetVM.
> 
> Strangely it will work if you use the FAT fedora-29 template out of the box
> ... so it seems we are missing some packages/settings.

Not sure it'll help but here's a git below with a list of the rpms
installed in the templateVM of my sys-{net,firewall} vms so you can
compare and check if you're missing something; the templateVM is a
minimal fedora install but unlike yours its initial version was f26,
upgraded to f28 and then to f29.

https://gist.github.com/taradiddles/7db0970d464a5129213c3626c69fb1a3

a crude way to generate such list in your templateVM:

rpm -qa | sort | sed -e 's/-[0-9\.-].*//' > allrpms

and then find differences:

grep -xvf list_rpms_f29-1.txt allrpms

(there will be a few packages that I have installed that are not needed
for networking, eg. keepassxc, rsync, encfs, ...).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a852e74-d446-92d8-902e-3c56e1d7dbfd%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] restoring dom0/Fedora baseline

2019-01-09 Thread Ivan Mitev

Hi Sven,

On 1/9/19 9:39 PM, Sven Semmler wrote:
> This is probably more a Fedora question then a Qubes question, but
> it's in the context of Qubes.
> 
> I have installed i3, gnome-tweak-tools, qt5cl and redshift in dom0.
> Meanwhile I removed both gnome-tweak-tools and qt5cl but a lot of the
> dependencies that got installed with it have not been automatically
> removed.
> 
> My goal would be to return to a standard dom0 (+i3 and redshift). I
> understand it's not a security issue and doesn't matter that those
> extra packages remain installed, but I'm kind of OCD about a "clean"
> system.
> 
> So is there a smarter, less severe way than reinstalling Qubes and
> restoring my qubes from backup? Is there some dnf magic to remove
> those other packages while making sure everything that qubes actually
> needs stays?

- magic: use `dnf history ... ` commands to rollback/undo some
transactions. I haven't used those so I have no idea if dnf uses dnf.*
log files (which might have been logrotated/deleted if the transactions
are old) or if the transactions are stored in a db somewhere.

- same as above but manually: extract the list of dependencies you want
to remove from the packages listed in dnf.rpm.log* ; again that's if you
didn't install gnome-tweak-tools and qt5cl too long ago. If you
installed the additional packages at once you probably won't be able to
differentiate the dependencies pulled by gnome-tweak-tools and qt5cl vs
the ones pulled by i3 and redshift; in that case simply re-install the
latter packages if they end up being removed by dnf.

- heavy-handed approach (!): do a clean install on another machine and
compare the rpms installed in dom0 vs the ones in your current install
(or have a trusted user send you his/her list of packages).

Hopefully other users will point to better solutions. IIRC unman posted
an email about dnf and transaction rollback a week or so ago - can't
find the post atm, got to get some sleep :)

Cheers,
Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4bb61bf-b22f-593c-7191-f5009a39116c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using Windows 7 vm from R3.2

2019-01-07 Thread Ivan Mitev

Hi Chris,

On 1/7/19 9:04 PM, Chris Laprise wrote:
> A Windows 7 vm I restored from R3.2 can boot. However I wanted to update
> it with the new Qubes Windows Tools and it won't recognize the
> --qubes-windows-tools volume. I also tried 'qvm-block attach' on the qwt
> iso directly and Windows still won't see it.

I just tried to start some of my windows vms with
--install-windows-tools but it triggers a bsod at boot time, while the
vms work fine otherwise.
Setting a loop device in dom0 with the windows tools iso and attaching
it to a running win vm doesn't trigger a bsod but the disk that shows up
in the disk manager is empty (17MB unallocated disk).

You could try to copy the iso to the VM and mount it with an emulator.

> Is there a way to get the Windows 7 vm fully updated Qubes drivers? Or
> is it better to reinstall Windows instead (IIRC getting all the Windows
> updates was difficult so I'd rather not repeat installation.)

After spending way too much time with win VMs I'd advise you not to
loose time with re-installation and newer Qubes Windows Tools; windows
update'ing a new install takes at least half a day with multiple reboots
(+ qvm-clone before each boot because it's not even sure that the VM
will still boot after the last batch of windows updates).

I never managed to update any of my win7 VMs - imported from R3.2 or
created on R4.0 - that were running QWT 3.x with QWT 4.x. Comments in
the huge QWT issue [1] show I'm not alone.

FWIW I've been using Win7 VMs imported from R3.2 as well as Win7 VMs
installed under R4.0 without any problem except the issues listed in [1]
but I can live with them (note: the VMs created under R4.0 have QWT 3.x
because I created them before Marek uploaded the newer version).

You could also try the newer QWT with win10 instead of win7 but
according to Marek they're a hit-or-miss too [2].

[1] https://github.com/QubesOS/qubes-issues/issues/3585
[2]
https://github.com/QubesOS/qubes-doc/pull/752#pullrequestreview-185336141

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a09f7800-eeb4-53a0-7508-adf5f5351e3a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: my dom0 is not updating since before 4.01

2019-01-07 Thread Ivan Mitev




On 1/7/19 5:48 AM, Sergio Matta wrote:
> Em domingo, 6 de janeiro de 2019 13:25:17 UTC-2, simon@gmail.com  
> escreveu:
>> On Sunday, January 6, 2019 at 1:32:45 PM UTC, Sergio Matta wrote:
>>> I think I have a problem with yum file configuration. Fedora 25 looks like 
>>> ok but Qubes never finds data:
>>>
>>> Fedora 25 - x86_64 - Updates 1.0 MB/s |   24 MB   00:24
>>> Fedora 25 - x86_64   2.0 MB/s |   50 MB   00:25
>>> Qubes Dom0 Repository (updates)   86  B/s |  169  B   00:01
>>> Qubes Community Templates repository  84  B/s |  169  B   00:02
>>> Qubes Templates repository   116  B/s |  169  B   00:01
>>> Qubes Templates repository   116  B/s |  169  B   00:01
>>> Failed to synchronize cache for repo 'qubes-dom0-current', ignoring this 
>>> repo.
>>> Failed to synchronize cache for repo 'qubes-templates-sommunity', ignoring 
>>> this
>>> repo.
>>> Failed to synchronize cache for repo 'qubes-templates-itl', ignoring this 
>>> repo.
>>> Failed to synchronize cache for repo 'qubes-templates-itl-testing', 
>>> ignoring this repo.
>>> Last metadata expiration check: 0:00:09 ago on Sun Jan  6 10:12:44 2019.
>>> Dependencies resolved.
>>> Nothing to do.
>>> Complete!
>>> No packages downloaded
>>
>> https://github.com/QubesOS/qubes-issues/issues/3737
>>
>> https://www.qubes-os.org/doc/releases/4.0/release-notes/#upgrading
>>
>> change your repo from http to https
> 
> Thank you Simon but it is not the protocol. I already had tried. I changed 
> the qubes-dom0.repo with the rpmnew too. It looks like url error but I 
> checked the url with firefox and it is ok.
> Now, I had a idea to change the r$releasever variable with the string v4.0 
> and it works! But there is something wrong in my Qubes. Why there is no 
> $releasever variable? I think I need another fresh installation!
> Thank you to make me think!

The OP in the ML post below had the same issue:

https://groups.google.com/d/msg/qubes-users/Whaa_OR6j6U/B4vwzYSqBgAJ

It's rather old though, not sure you have the same problem

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b413dca8-9b80-6968-89e5-d0fcff1c6e68%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dom0 bell

2019-01-06 Thread Ivan Mitev

On 1/2/19 11:24 PM, haaber wrote:

Try these:
As root rmmod pcspkr, should stop it in running machine.
Edit /etc/modprobe.d/blacklist, and insert a line:
blacklist pcspkr

That helps in dom0 terminal, but neither on dom0 login screen nor dom0
xterm. Funny.

If that doesnt work, put the rmmod command in a startup script.

I'd love to place it in /etc/rc.local -- but there is none! Can I create
it?? Can I blacklist it somewhere else on boot (grub??)

The ultimate sanction is to unplug the leads to the internal speaker
from motherboard.
Yes. That would be a joyful step, too. I am afraid if I have to cut
the red

or the blue cable first, to avoid detonantion :)) Let us try startup
scripts first ... Bernhard

Can you check with lsmod to see if pcspkr is being loaded?

Yes, despite /etc/modprobe.d/blacklist it is being loaded. I remove it
manually with rmmod in the momemt but that is odd. This is why I earch
where to put a line in some init script .. Bernhard

Not sure if you managed to blacklist the pcspkr module ; if not you
could try to mute the beep: in dom0, run alsamixer (you may have several
cards, for instance I have to run `alsamixer -c1` because the first card
is my hdmi port). There should be a "beep" column - navigate to it and
press "M" to toggle mute.

If that works, the mixer settings should be saved automatically on
shutdown by the alsa-state systemd service but you can store the
settings manually with `sudo alsactl store`.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1e89d919-72a7-8480-d03a-00c68337d319%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] delete old whonix-13

2018-12-21 Thread Ivan Mitev





On 12/21/18 10:36 AM, haaber wrote:
I have slat-installed whonix-14 along with the old whonix-13. At least 
the W14-GW does work, so I want to delete old W13-GW. But I can't. 
qvm-remove says "it is in use by:   " and then an empty list. That is 
buggy. the Qubes-Settings delet-function fails as well. How delete this 
template?  Bernhard


check that:

- the template isn't installed by an rpm (`qvm-prefs whonix-13 
installed_by_rpm`). If it is, `qvm-remove` will exit with the cryptic 
"It is in use by: " error. You'll have do remove the vm with `dnf`.


- none of your vms use whonix-13 as a template (`qvm-prefs vmname 
template` for each of your non-standalone VMs) ; Chris' excellent 
findpref tool [1] is a time saver for such tasks, otherwise check the 
prefs manuall for each VM (or write a bash loop over the output of 
`qvm-ls --raw-list --all --exclude dom0`).


- whonix-13 isn't defined as a general settings in `qubes-prefs`


[1] https://raw.githubusercontent.com/tasket/Qubes-scripts/master/findpref

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6fa1f9af-423b-8b0d-19c9-72d7e5eed9db%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fed-28 update error

2018-12-19 Thread Ivan Mitev





On 12/19/18 12:34 PM, qubes-...@tutanota.com wrote:

Hi, I updated the dom0 and after I tried to update the Fed-28 template. I get 
following error:

[user@fedora-28 ~]$ sudo dnf update
Last metadata expiration check: 0:27:37 ago on Wed 19 Dec 2018 11:04:23 AM CET.
Dependencies resolved.

Problem 1: cannot install the best update candidate for package 
hplip-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-3.18.6-11.fc28.x86_64
Problem 2: cannot install the best update candidate for package 
hplip-libs-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-libs-3.18.6-11.fc28.x86_64
Problem 3: cannot install the best update candidate for package 
libsane-hpaio-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
libsane-hpaio-3.18.6-11.fc28.x86_64
Problem 4: package hplip-libs-3.18.6-10.fc28.x86_64 requires 
hplip-common(x86-64) = 3.18.6-10.fc28, but none of the providers can be 
installed
   - cannot install both hplip-common-3.18.6-11.fc28.x86_64 and 
hplip-common-3.18.6-10.fc28.x86_64
   - problem with installed package hplip-libs-3.18.6-10.fc28.x86_64
   - cannot install the best update candidate for package 
hplip-common-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-libs-3.18.6-11.fc28.x86_64

Package  Arch  Version    Repository  Size

Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
hplip-common x86_64    3.18.6-11.fc28 updates    110 k
Skipping packages with broken dependencies:
hplip    x86_64    3.18.6-11.fc28 updates 16 M
hplip-libs   x86_64    3.18.6-11.fc28 updates    204 k
libsane-hpaio    x86_64    3.18.6-11.fc28 updates    127 k

Transaction Summary

Skip  4 Packages

Nothing to do.
Complete!

***

When doing the --best --allowerasing I get this:

[user@fedora-28 ~]$ sudo dnf --best --allowerasing update
Last metadata expiration check: 0:28:55 ago on Wed 19 Dec 2018 11:04:23 AM CET.
Error:
Problem 1: cannot install the best update candidate for package 
libsane-hpaio-3.18.6-10.fc28.x86_64
   - problem with installed package libsane-hpaio-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
libsane-hpaio-3.18.6-11.fc28.x86_64
Problem 2: cannot install the best update candidate for package 
hplip-libs-3.18.6-10.fc28.x86_64
   - problem with installed package hplip-libs-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-libs-3.18.6-11.fc28.x86_64
Problem 3: cannot install the best update candidate for package 
hplip-3.18.6-10.fc28.x86_64
   - problem with installed package hplip-3.18.6-10.fc28.x86_64
   - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-3.18.6-11.fc28.x86_64

*

Any help appreciated.
Thank you!


Try to clear dnf's cache first (`sudo dnf clean all`) and see if it helps.

If not, remove the packages (eg. `dnf remove "hplip*" libsane-hpaio`), 
update the vm, and then try to reinstall the packages you've removed. 
But clone your VM first to have a backup in case things go wrong.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d703886a-0f5c-82c2-2140-59ce5ea2c97a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: thunderbird, open link in AppVM

2018-12-19 Thread Ivan Mitev





On 12/19/18 2:57 PM, dimi wrote:

On Tuesday, December 18, 2018 at 6:32:42 PM UTC+2, dimi wrote:

Since upgrade to new Template fedora 29 in R4, clicking links does not open up 
the menu.
Email Attachments do start in dispVM.

Not sure if this link select AppVM feature was build into r4 or if i used some 
github repo.


found it, 
https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/


you may find that doc interesting too:

https://github.com/Qubes-Community/Contents/blob/master/docs/common-tasks/opening-urls-in-vms.md

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8901045c-a2f8-a1de-8335-6981b8e887a8%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: What's the use of the kernel package in VM?

2018-12-17 Thread Ivan Mitev





On 12/17/18 8:54 PM, qubesuserma...@gmail.com wrote:

I found some related doc here:
https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm-r40
So, are these kernel files in VM totally useless if I'm not using them?


yes.

By the way I asked the same question on qubes-devel a while ago:

https://groups.google.com/d/msg/qubes-devel/BK5qiopm9-8/0JFzbTr5BwAJ


tl;dr;, the qubes dev would like to use stock distribution kernels but 
there's always something that breaks so they have to provide custom kernels.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71c39be4-aa31-2183-d1ca-646cba76b726%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Adobe Flash - official guide is not working for me

2018-12-15 Thread Ivan Mitev

On 12/15/18 6:26 PM, unman wrote:

On Sat, Dec 15, 2018 at 06:23:09PM +0200, Ivan Mitev wrote:

On 12/15/18 6:10 PM, qubes-...@tutanota.com wrote:

This is precisely what I did. See below:

user@flash:~$ ls
flash_player_npapi_linux.x86_64.tar.gz
user@flash:~$ tar xf install_flash_player_npapi_linux.x86_64.tar.gz
tar: install_flash_player_npapi_linux.x86_64.tar.gz: Cannot open: No such file
or directory
tar: Error is not recoverable: exiting now

Maybe for some reasons your tar version doesn't automatically detect that
the file is a gz archive. Try to extract it with `tar xzf` instead of `tar
xf`.

But it's most likely that you didn't download the archive properly. I've
just downloaded flash_player_npapi_linux.x86_64.tar.gz from the link in the
doc and had no problem extracting it.

Check the file's md5sum - mine is dce1cb23cf104e8e9aaba6d217efe884, yours
should be the same.

(md5sum flash_player_npapi_linux.x86_64.tar.gz)

Look at the file names ;-)

Aha ! - missed that :)

Indeed, time for whiskey and closing the laptop...

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/65a89031-37d0-60c0-88db-e5ebec4a9c4a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Adobe Flash - official guide is not working for me

2018-12-15 Thread Ivan Mitev

On 12/15/18 6:10 PM, qubes-...@tutanota.com wrote:

This is precisely what I did. See below:

Maybe for some reasons your tar version doesn't automatically detect
that the file is a gz archive. Try to extract it with `tar xzf` instead
of `tar xf`.

But it's most likely that you didn't download the archive properly. I've
just downloaded flash_player_npapi_linux.x86_64.tar.gz from the link in
the doc and had no problem extracting it.

Check the file's md5sum - mine is dce1cb23cf104e8e9aaba6d217efe884,
yours should be the same.

(md5sum flash_player_npapi_linux.x86_64.tar.gz)

Dec 15, 2018, 5:01 PM by un...@thirdeyesecurity.org:

On Sat, Dec 15, 2018 at 04:34:05PM +0100, > qubes-...@tutanota.com
> wrote:

Hi all, I am having an issue with the installation of the Flash Player: >>
https://www.qubes-os.org/faq/#how-do-i-install-flash-in-a-debian-qube
>> <>>
https://www.qubes-os.org/faq/#how-do-i-install-flash-in-a-debian-qube
>> >

The Adobe download offers only the PPAPI or NPAPI versions for Linux 64, for
tar.gz. I tried both but when executing the:

tar xf install_flash_player_npapi_linux.x86_64.tar.gz

I get error:

tar: install_flash_player_ppapi_linux.x86_64.tar.gz: Cannot open: No such file
or directory
tar: Error is not recoverable: exiting now

I tried to instal it both into a debian template and AppVM. Both fail. The name
of the file is correct. I of course execute it in the folder where the file is
present.

Thank you!

The file name has changed - it's flash_player_ppapi_linux.x86_64.tar.gz
(or _npapi_)
Check the name you have again.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to >
qubes-users+unsubscr...@googlegroups.com
> .
To post to this group, send email to > qubes-users@googlegroups.com
> .
To view this discussion on the web visit >
https://groups.google.com/d/msgid/qubes-users/20181215160117.vyv2x2tkimm7a...@thirdeyesecurity.org

>
.
For more options, visit > https://groups.google.com/d/optout
> .

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d391ff91-2876-1f68-7ec6-b114b0676750%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] TPM usage

2018-12-14 Thread Ivan Mitev





On 12/15/18 8:00 AM, John Smiley wrote:

So Xen just sets up LUKS without the TPM even if it’s there?


XEN has nothing to do with LUKS, volume unlocking is done by the ramdisk 
(eg. initramfs-4.14.[...].img).
You'll have to tweak the ramdisk if you want to unlock your luks volume 
with TPM. There's probably some doc on the web about how to do that (try 
to search if it's been done on Fedora since Qubes is based on it).


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03759416-439c-0e54-8ded-30c5817e68e5%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Internet does not work in kali linux VM

2018-12-14 Thread Ivan Mitev

On 12/14/18 12:00 PM, unman wrote:

On Fri, Dec 14, 2018 at 10:49:22AM +0200, Ivan Mitev wrote:

On 12/14/18 9:30 AM, TitanoBOT wrote:

четверг, 13 декабря 2018 г., 21:15:55 UTC+3 пользователь Ivan Mitev написал:

On 12/13/18 7:07 PM, TITANBOT wrote:

Hello. Forgive me for my bad english. I hope you can understand me. I installed
Kali linux in my Qubes OS, but the internet is not working. When I made the
kali installation, I needed to enter ip, netmask, gateway and DNS. VM in the
settings shows
10.137.0.15 255.255.255.255 10.137.0.6. But when installing, I can not specify
the same parameters of the mask under the network. I can specify 255.255.255.0
but this is not true. How to configure the Internet in Qubes OS for Kali linux?
I want to note that windows successfully works without any settings.

Assuming 10.137.0.15 is your VM's IP, try the following network settings:

ip: 10.137.0.15
mask: 255.255.255.0 (/24)
gateway: 10.137.0.6
dns1: 10.139.1.1
dns2: 10.139.1.2

But I have the address of the subnet mask 255.255.255.255
Would it be correct to write 255.255.255.0? This is the address I indicated
when installing KALI VM, because 255.255.255.255 showed an error.
Can you write in more detail? I am a novice Linux user. You can write commands
that I have to enter in order for the Internet to start working on Kali VM.

Sorry, I'm not familiar with Kali Linux. The following doc might help:

https://kali.training/topic/configuring-the-network/

Create a wired connection in NetworkManager and try to use default network
settings first (eg. dhcp) ; this should work if network PV drivers aren't
installed by default in Kali. Otherwise configure a wired connection with
manual settings with the ip/... I gave you earlier.

Re- netmask: not sure why qubes advertises 255.255.255.255 - it's probably
related to PV drivers. Don't worry about it, simply use 255.255.255.0

Hope this helps,
Ivan

It's not a driver issue, I think. Unless you want to have interqube traffic then
255.255.255.255 will work.
You will need a route to the gateway and set it as default route, but
you set this manually.
If the Network tools insist on something other than 255.255.255.255
then as Ivan says, use 255.255.255.0

Interesting - out of curiosity I tried a network config with a /32 mask
in NetworkManager and it worked, the tool was clever enough to detect
that the gateway wasn't in the subnet and added a route to the gateway
through the outgoing device before setting up the default route.

So, given that Kali Linux seems to use NetworkManager, the OP's config
with 255.255.255.255 should work.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b650929e-9219-03a9-057b-8059e1c58f72%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Internet does not work in kali linux VM

2018-12-14 Thread Ivan Mitev

On 12/14/18 9:30 AM, TitanoBOT wrote:

четверг, 13 декабря 2018 г., 21:15:55 UTC+3 пользователь Ivan Mitev написал:

On 12/13/18 7:07 PM, TITANBOT wrote:

Assuming 10.137.0.15 is your VM's IP, try the following network settings:

ip: 10.137.0.15
mask: 255.255.255.0 (/24)
gateway: 10.137.0.6
dns1: 10.139.1.1
dns2: 10.139.1.2

Sorry, I'm not familiar with Kali Linux. The following doc might help:

https://kali.training/topic/configuring-the-network/

Create a wired connection in NetworkManager and try to use default
network settings first (eg. dhcp) ; this should work if network PV
drivers aren't installed by default in Kali. Otherwise configure a wired
connection with manual settings with the ip/... I gave you earlier.

Re- netmask: not sure why qubes advertises 255.255.255.255 - it's
probably related to PV drivers. Don't worry about it, simply use
255.255.255.0

Hope this helps,
Ivan

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/af866611-a25f-1adb-c5d5-739e5ba86aac%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Internet does not work in kali linux VM

2018-12-13 Thread Ivan Mitev





On 12/13/18 7:07 PM, microtita...@gmail.com wrote:

Hello. Forgive me for my bad english. I hope you can understand me. I installed 
Kali linux in my Qubes OS, but the internet is not working. When I made the 
kali installation, I needed to enter ip, netmask, gateway and DNS. VM in the 
settings shows
10.137.0.15 255.255.255.255 10.137.0.6. But when installing, I can not specify 
the same parameters of the mask under the network. I can specify 255.255.255.0 
but this is not true. How to configure the Internet in Qubes OS for Kali linux? 
I want to note that windows successfully works without any settings.


Assuming 10.137.0.15 is your VM's IP, try the following network settings:

ip: 10.137.0.15
mask: 255.255.255.0 (/24)
gateway: 10.137.0.6
dns1: 10.139.1.1
dns2: 10.139.1.2

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ed5b16a-4a06-b7cc-7f1c-3e626d1226cd%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [R4.0] CPU Freq Scaling, or "Why am I stuck at 2.1 Ghz?"

2018-12-06 Thread Ivan Mitev

On 12/7/18 1:54 AM, Eric Duncan wrote:

Finally received my new Thinkpad X1 Yoga 3rd gen.

i7-8650U up to 4.2 Ghz Turbo

How can I debug/check that my CPU governor/frequency is scaling correcting
under Qubes R4?

So far, the only thing I've found is xentop/xl top that lists the CPU - as a
never-changing 2.1 Ghz. Maybe this isn't the best way to measure CPU freq
under dom0? All other tools seemed to want to use xfce4 tools, which seemed to
only be specific to that fedora VM - and not the xen host.

see `xenpm`

eg. in dom0:

sudo xenpm get-cpufreq-para

/TL;DR

I let Windows 10 register itself before wiping the disk and installing Qubes
R4. Under Windows, Google Chrome benchmarked around 5300 pts with the online
tool I was using. As a test, I also installed Arch Linux briefly to test
Chrome performance, and it came in around 4500 pts. I chalk that up to not
optimizing anything on the system - just a raw install and no tweaks.

Now, under Qubes R4.0, I'm still noticing a lot of sluggishness/slowdowns just
like my older Thinkpad Helix has always had under Qubes R3.2 (and one of the
reasons why I waited for this quad core CPU to upgrade my Qubes install). I
could never benchmark Chrome under that Helix dual-core low-powered device.

It could be that the smt=off "fix" for L1TF causes you pain (see issues
4372 and 4252). Unplug your laptop from AC, open a VM, browse the web
casually and check your power consumption - a recent laptop should be
between 5 to 7 W on Qubes with light usage. If you see something >10W
(like I did), try to re-enable smt - which is not really a good thing to
do but that's that or throwing the laptop out of the window. Note: I
haven't tested if recent kernels fixed the issue.

I loaded up Chrome on a new debian-9 VM and... Almost the same extremely
sluggish performance. Google Chrome can't even get partially through the
benchmarks without timing out, much less finish them.

I've tried assigning 4 and even 8 vcpus to try to max things out.

You shouldn't configure more vcpus that cpus, that'll add overhead.

I am wondering where to start to debug this.

Is it a dom0 cpu scaling thing?

Does Qubes impose some artificial throttling?

Is it a lag in iGPU rendering through the DisplayVM? (this DisplayVM is a new
concept to me, still trying to figure it out)

DisplayVM ? AFAIK Qubes dev are working to isolate the gui stuff into a
specific domain but I think it was planned for 4.1.

Or maybe you meant dispVM ? If yes, disposable VMs in R4 are a bit
different than R3.2 (way more flexible).

I've spent about 3 days on this device with various other issues to get to this
point (no S3 sleep yet, pixel-perfect scaling of the HDR 1440p 14" display,
etc). I few duckduckgo searches hasn't turned anything up yet; so, i'll continue
when I have some time.

Good luck :)

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/23b47a1f-d34b-7d9d-057b-1d71e343a0e7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Custom Indicator

2018-12-06 Thread Ivan Mitev

On 12/6/18 6:18 PM, Stuart Perkins wrote:

List. I'm using Qubes 3.2/XFCE4 and I want to add an indicator to show a
status based on the contents of a file in dom0.

I can set the contents of the file to 1 or 0, Yes or No, etc...from the vm
where I am running a VPN connection. I want the panel to indicate if I am
running the VPN connection or not.

I have tried the "Generic Monitor" which allegedly shows the output of a command, as it
would be logical to cat the file with a certain frequency and update the displayed results, but the
only thing the "Generic Monitor" displays is the label given it.

You can't `cat` a file, the command you configure in the applet has to
be an executable. You also have to specify the full path, '~' or $HOME
won't work.

Here's for instance the output of a script that displays my batteries'
status + current power:

dom0 $ ~/bin/batstat

65 | 79
30 | 34
P: 6.9

The script is configured as `/home/user/bin/batstat` in the applet.

(I'm on R4 but I think I used to have the same setup with R3.2).

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3a4fb926-b33a-3a9c-1a9b-5440c99c7cfe%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] connecting AppVM via jack to remote jack for sound output

2018-12-04 Thread Ivan Mitev





On 12/4/18 5:16 PM, dimi wrote:


Have been reading up on jack audio control kit and decided to try out to get 
sound from my surfing AppVM over to a rpi3 which is connected to my PA.
I'd prefer not to lay 25m Audio cables which is bad for sound quality and
it also would free up my Desk from this little ugly Boxessess.

Does anyone have any experience and success storys or can point me to a 
painless solution?


IMHO your best bet would be to use pulseaudio over the network. I used 
that setup years ago but lost my notes so can't help with specifics, but 
searching "pulseaudio over network" on the web give plenty of useful 
info. It boils down to setting up pulseaudio on the rpi3 with the 
module-native-protocol-tcp module and configuring your AppVM to use a 
sink that sends audio to the network server instead of dom0.


By the way, do you have any specific requirement for using JACK ? It's 
mostly used for low-latency/low-jitter audio stuff - which is orthogonal 
with tcp/udp.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46920fca-01b8-de3c-1c02-4ff61c2ea02c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] correct way to install awscli on qubes

2018-12-02 Thread Ivan Mitev





On 12/2/18 5:08 PM, Roy Bernat wrote:

Hi all ,

is there a best practice to install awscli in qube ?


Depends on how you want to use it: in many VMs or in only one ?

If it's in only one, simply install the package to your home folder. Eg.:

pip install --user awscli

The files will then be installed 
$HOME/.local/lib/pythonX.Y/site-packages/ ; that's assuming you have 
internet access from this VM.



Now, if you want to use the package in many VMs that are based on a 
given templateVM, you'll first have to download the required files in a 
VM that has internet access, copy them to the templateVM, and install 
them from the copied files.


eg.

in a VM - say 'dispvm1234'

mkdir awscli
pip download awscli -d awscli
qvm-copy awscli

in the templateVM

cd ~/QubesIncoming/dispvm1234/awscli
sudo pip install awscli-[..].whl -f ./ --no-index

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad6bc075-86e1-fada-02fe-690d1dd2c4db%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SD card not read

2018-12-02 Thread Ivan Mitev





On 12/2/18 3:22 PM, haaber wrote:
I wonder why my Q4 notebook does not read my sdcard (well readable on my 
+10y old dell430 running debian) - maybe there is some firmware 
necessary/missing? How can I discover the concerned hardware (in which 
VM? in dom0 ??? sys-usb?) Thank you, Bernhard


You should see your device in the output of `lspci` in dom0

For instance:

02:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5227 
PCI Express Card Reader (rev 01)


On my setup this device is assigned to sys-usb. I can mount the SD card 
there ; attaching it to another VM with the help of the device tray 
works well too.


Your reader may also not work because:
- it's disabled in your bios
- your laptop's too recent and it's not supported
- it's buggy

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2ea4924-f053-4b23-d57b-95207daab15d%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible to fix? Qubes (4.0 and earlier) freezes on sleep on a System76 Oryx Pro laptop

2018-12-01 Thread Ivan Mitev


Hi,

On 11/30/18 9:27 AM, Bryan Beus wrote:

New to Qubes. Hope I can get it to work. Would love to be a part of the 
community.


Laptop is System76 Oryx Pro

Core i7 7700 2.80 Ghz


If the system goes to sleep, when you try to wake it the display remains dark.


Is the laptop crashed on resume ? Or is it functional except for the 
black screen ? If you don't know, check if the laptop is suspended again 
when you close the lid. Alternatively you could try to play something 
before suspending the laptop and check if you can hear it after resume.


If the laptop is crashed, maybe try to shutdown VMs with attached 
devices (usually sys-net and sys-usb) before suspending.


If the laptop isn't crashed, try to switch to a text console before 
suspending (eg. press CTRL-ALT-F2), I remember having to do that trick 
but that was very long ago. It could also be that your brightness is 
stuck to 0 (no idea how to fix that though).




Otherwise, Qubes seems to work fine.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8fd95bc8-c989-dc20-22dc-ffe0451881e6%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Documentation on how to setup programs or appvms to open links files in DVMs?

2018-12-01 Thread Ivan Mitev

On 12/1/18 3:36 PM, Stumpy wrote:

On 12/1/18 1:29 AM, Ivan Mitev wrote:

On 12/1/18 2:08 AM, Stumpy wrote:
Are there any documents that tell how to setup either individual
programs, or better, appvms to open links, files, etc in DVMs?
I would love to have the VM that I use for webmail to automatically
open links or files in the webmails in a DVM, preferably with a
context menu or something like that gives a choice of regular dvm or
whonix dvm.

There is :)

https://github.com/Qubes-Community/Contents/blob/master/docs/common-tasks/opening-urls-in-vms.md

Feel free to improve the doc if you find things that aren' clear.

I found Micha Lee's page which covers this but perhaps parts of it
are qubes 3.2 centric and dont work quite the same on 4.0?
Perhaps there are some other .desktop examples out there or a 4.0
guide on doing this?

Anyway.

I tried something like:
qvm-open-in-vm fedora-28-dvm https://startpage.com

and it worked, or the window popped up and I had to select fedora-28-dvm

I made a .desktop like instructed containing:
[Desktop Entry]
Encoding=UTF-8
Name=BrowserVM
Exec=qvm-open-in-vm fedora-28-dvm %u
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;

but when I tried to use
xdg-settings set default-web-browser
./local/share/applications/browser_vm.desktop

it tells me:
xdg-settings: invalid application name
Try 'xdg-settings --help' for more information.

You shouldn't use the full path. This should work:

xdg-settings set default-web-browser browser_vm.desktop

So. Am i doing something wrong in the .desktop or in using xdg-settings
and
is there a way to have it bypass the window that asks which target
VM, or at least pulls that target vm up (as I already specified which
target vm I wanted to send it to via qvm-open-in-vm fedora-28-dvm

Yes there is a way, you have to edit some dom0 RPC permissions to
reflect your setup (it's in the doc too).

Ivan

Wow, thats quite long, perferct! I will check it out? Is it listed on
the Qubes Docs page?

The doc is not in the official docs - yet.

The Qubes Community project is supposed to be a "staging" area for docs
that may one day make it to the official docs. It's also a collection of
links and resources. More info at:

https://qubes-community.github.io/

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5ae7d920-f5aa-5b54-3f92-66196cda436d%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Documentation on how to setup programs or appvms to open links files in DVMs?

2018-11-30 Thread Ivan Mitev





On 12/1/18 2:08 AM, Stumpy wrote:
Are there any documents that tell how to setup either individual 
programs, or better, appvms to open links, files, etc in DVMs?
I would love to have the VM that I use for webmail to automatically open 
links or files in the webmails in a DVM, preferably with a context menu 
or something like that gives a choice of regular dvm or whonix dvm.


There is :)

https://github.com/Qubes-Community/Contents/blob/master/docs/common-tasks/opening-urls-in-vms.md

Feel free to improve the doc if you find things that aren' clear.


I found Micha Lee's page which covers this but perhaps parts of it are 
qubes 3.2 centric and dont work quite the same on 4.0?
Perhaps there are some other .desktop examples out there or a 4.0 guide 
on doing this?


Anyway.

I tried something like:
qvm-open-in-vm fedora-28-dvm https://startpage.com

and it worked, or the window popped up and I had to select fedora-28-dvm

I made a .desktop like instructed containing:
[Desktop Entry]
Encoding=UTF-8
Name=BrowserVM
Exec=qvm-open-in-vm fedora-28-dvm %u
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https; 



but when I tried to use
xdg-settings set default-web-browser 
./local/share/applications/browser_vm.desktop


it tells me:
xdg-settings: invalid application name
Try 'xdg-settings --help' for more information.


You shouldn't use the full path. This should work:

xdg-settings set default-web-browser browser_vm.desktop




So. Am i doing something wrong in the .desktop or in using xdg-settings
and
is there a way to have it bypass the window that asks which target VM, 
or at least pulls that target vm up (as I already specified which target 
vm I wanted to send it to via qvm-open-in-vm fedora-28-dvm


Yes there is a way, you have to edit some dom0 RPC permissions to 
reflect your setup (it's in the doc too).


Ivan

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a99ccec-f250-36c2-96fe-66e54e4d3286%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QJackctl starting on Qubes 4.0

2018-11-30 Thread Ivan Mitev





On 11/30/18 5:41 PM, maxheadonl...@gmail.com wrote:

On Thursday, November 29, 2018 at 3:37:29 AM UTC-5, Ivan Mitev wrote:

On 11/28/18 7:01 PM, maxheadonl...@gmail.com wrote:

On Sunday, November 25, 2018 at 7:38:24 AM UTC-5, awokd wrote:

maxheadonl...@gmail.com wrote on 11/24/18 7:45 PM:

Hi all.

I've put enough time into this one where I'm finally willing to reach out for 
some help.  I wanted to see if I could create an AppVm dedicated to music 
creation, using QJackCtl and other open source software.

However, I'm having a terrible time at even getting Jack Audio off of the floor.

System: Base Qubes 4.0 installation, Fedora 28 template, Thinkpad T480 w/32Gb 
RAM.

Expected results: Pressing "Start" on the QJackCtl GUI starts the server, per 
the online manuals and Fedora's Musician documentation.

Actual results: Receive the "Could not connect to JACK server as client. - Overall 
operation failed. - Unable to connect to server." error.

Tried so far: Following online documentation (treating the AppVM as a standard 
Fedora installation), assigning the Audio PCI of the computer to that VM via 
the Qubes Manager.

I'm totally willing to have this be something simple and embarrassing as I 
learn the OS.  Any help that you can provide would be much appreciated!


If I understand Qubes' audio right, Pulseaudio inside AppVMs gets
redirected to dom0's Pulseaudio which normally controls the sound
hardware. So if you want to override that, maybe try setting up an HVM
with the audio device assigned and without Qubes Pulseaudio redirection.
Think there's a Qubes package that does it so don't install that one in
the HVM.


Thanks, awokd.  I tried passing through the audio PCI, but didn't get any 
farther than the 'Settings' tab in Qjackctl.  I could get Jack to recognize the 
sound card, but couldn't get the server to actually start.

If anyone else has success in implementing Jack Audio (or configuring an audio 
creation VM in Qubes/Xen), please don't hesitate to contact me!


Not meaning to discourage you but latency sensitive stuff will be a
hit-or-miss with virtualization (and by experience misses unfortunately
far outweigh hits). That's because of inaccuracies with the guest OS'
virtualized timer and/or how host resources are prioritized and
allocated to the guests.

With Qubes: my quality USB DAC constantly outputs audible clicks despite
being fed a data stream directly from sys-usb (ie. it's not
"pass-through'ed" to another VM). The same DAC works perfectly well on
other laptops (including a 10+ year old one) without virtualization.
It's USB though, and USB audio sucks so YMMV :)

I do hope you'll manage to have your setup working properly. If not I'd
advise that you buy/use an old laptop dedicated to your audio creation
tasks. That way you could install an audio focused distribution (like
Ubuntu Studio [1], AV Linux [2] - and probably others), as those
distributions package all the popular apps and may provide so-called
realtime kernels that help with latency and jitter.

You could also try to install such a distribution as a HVM in Qubes and
see how it works.

[1] https://ubuntustudio.org/
[2] http://www.bandshed.net/avlinux/





If this is the intended sound set up for Qubes, it makes sense and I'll instead 
try the HVM approach to create my audio VM.  I'll address the issues that I've 
found so far in that attempt in another thread.

Excellent community, thank you!

- Max



Thank you, Ivan. It's good to hear that there are other Qubes/VM musician types 
out there in the world.


:)


I would like to test to the situation described above by getting a MIDI device 
to be recognized by this HVM.

I made a HVM that boots fine, but when I attempt to pass the attached 
MIDI-device to this HVM, I received an error related to qrexec.

Do devices not pass-through to HVMs as with AppVMs, using the menu in the upper 
right of XFCE?


They should, provided the target VM *supports* it.

Did you install your HVM with an iso downloaded from the distribution's 
site ? If yes, support for qubes won't be included by default.


In case you installed Ubuntu, have a look at unman's templates and 
packages [1]. You should be able to add the proper packages (looks like 
'qubes-core-agent-qrexec' - however I have 0 experience with 
ubuntu/debian so I can't really help ; I'm sure unman will chime in if 
you have any problem though !).


You wrote you were using a laptop so I'm assuming you're trying to 
attach a USB device. You will be aiming for the the worst case though :)

- USB controllers on a different VM (resource sharing + timing issues)
- + another amount of latency/jitter/resource consumption because of 
passthrough itself
- + no guarantee that passthrough will even work (by experience it's a 
hit-or-miss for "non-storage" devices).


For your tests I think it would be much faster and easier for you to 
assign the USB controller(s) to your HVM and see how your devi

Re: [qubes-users] Re: The state of the HiDPI display support in Qubes

2018-11-30 Thread Ivan Mitev

On 11/30/18 11:22 AM, Achim Patzner wrote:

Am Donnerstag, den 29.11.2018, 09:16 +0200 schrieb Ivan Mitev:

The following might help to work around your issues:

https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md

It is solving a few of the issues but you definitely need more (like
HiDPI themes in several sizes). Or moving new Xresources into templates
(or VMs) if they change in dom0. And dealing with xsettingsd.

As a side note the doc is meant to be a "workaround" guide until issue
#1951 is closed/fixed. My screen isn't HiDPI but has a resolution large
enough that I have to scale things up, however I never had a need for
such themes. A PR to the doc with a section about those could be a
welcome addition...

Especially xsettingsd -- it would be an ideal point of attack if Qubes
had a dedicated UI (or UX in techno hipster speak) team. Just give it
another database backend for its settings that was maintained in dom0
and accessible to all running VMs and you could easily change settings
in everything running on your system.

I don't use/have xsettings on my fedora vms. Did you install it ? If
yes, what for ? Or is it maybe something that Debian uses by default ?

As to how to solve that, Qubes' policy is to keep the distribution
settings as close as possible to upstream but HiDPI is an important
issue so it could trump that rule. But if it does, the changes would
have to be minimal. AFAICT the common denominator is Xresources' Xft.dpi
so that'd mean relying on that + making sure gnome settings isn't running.
Also, any "HiDPI configuration" dom0-vm communication would likely be
implemented through QubesDB keys and/or dedicated qrexec service.

But none of the above solves the problem for OSes that don't use an X
server.

(Anecdote: I sometimes have to use a program in a windows HVM that
supports only an older version of JRE which doesn't have support for
font/dpi scaling. I literally have to be 10cm close to the screen to be
able to read something if I don't change my monitor's resolution
*globally* to a lower one (in dom0 with xrandr). I even have a keyboard
shortcut to switch between the lower resolution and the default one.)

Granted, having a "scale everything by a factor X" option in dom0
would be way better

It is necessary unless you like using a microscope for HVMs. In a few
months we will see the first 12" mobile computers running at mobile
phone resolutions...

but it'd be nearly impossible to implement/support if the
config has to be passed down to the VMs.

Not at all. The currently implemented mechanisms for the virtual X
servers are not working perfectly yet but that could be changed. It
just won't solve the problem of xsettingsd messing everything up
(including Xft settings which are coming from Xresources and
.xresources) if it does not have the correct parameters in its
database. So all we have to take care of was getting the databases in
all VMs right -- or implement a central one. If one was mad enough he
could use the qubesdb which is already accessible everywhere.

No need to be mad to use qubesdb :)

I'm wondering if it couldn't be solved at a lower level

[...]

That could also end up being very CPU intensive.

You should let the GPU handle that; applying transformations is a
standard feature today.

In theory yes but I'm not sure it is feasible given Qubes' architecture.

BTW, my "low level" suggestion is more or less what xrandr does, except
that xrand is "global", so no per-vm customization is possible.

Ivan

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d09f76c5-8356-acf2-3c32-0486e5576994%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The state of the HiDPI display support in Qubes

2018-11-30 Thread Ivan Mitev

On 11/30/18 3:47 PM, Jonathan Proulx wrote:

Edit ~/.Xresources and add

Xft.dpi: 200

(or whatever your dpi is) then restart VM. I've several Linux HoDPI
systems and this is most general fix I've found.

Except that it won't work if gnome settings daemon is running.

Only been Qubesing for a couple days but works there on my X1.

Should be able to put this in /etc/X11/Xresources in template (where it's
set to 96) but for some reason that doesn't seemnto do it for me & I've not
looked for why that is yet...

Yes ; how to do that is described in the doc I've linked to.

Achim's main gripes are that there's no easy config and that everything
is static.

On Fri, Nov 30, 2018, 4:23 AM Achim Patzner
Am Donnerstag, den 29.11.2018, 09:16 +0200 schrieb Ivan Mitev:

The following might help to work around your issues:

https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md

Granted, having a "scale everything by a factor X" option in dom0
would be way better

It is necessary unless you like using a microscope for HVMs. In a few
months we will see the first 12" mobile computers running at mobile
phone resolutions...

but it'd be nearly impossible to implement/support if the
config has to be passed down to the VMs.

I'm wondering if it couldn't be solved at a lower level

[...]

That could also end up being very CPU intensive.

You should let the GPU handle that; applying transformations is a
standard feature today.

Achim

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/7e1f199f6cb9b469d37858c293b7e374a0bd791f.camel%40noses.com
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a9b0aea0-1a29-aa56-8a7b-ef268e0ee8c5%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] storing window layout? (qubes-manager for example?)

2018-11-29 Thread Ivan Mitev





On 11/30/18 4:35 AM, n1ete wrote:

Is there a way to store the Window Layout from different dom0 applications? or 
at least for Qubes Manager? i pull pretty often the panes to the right size, 
just to do it after an reboot again. not that its that important tough but 
it would be nice to save this amount of personalisation :D


Long ago I used devilspie for that purpose.

I just checked, Fedora packages it so you can install it in dom0 with:

sudo qubes-dom0-update devilspie

See this guide for configuration (it's for ubuntu but that shouldn't 
really matter):


https://help.ubuntu.com/community/Devilspie

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed4a8cc9-58e1-d60c-5176-a8204ea2227e%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QJackctl starting on Qubes 4.0

2018-11-29 Thread Ivan Mitev

On 11/28/18 7:01 PM, maxheadonl...@gmail.com wrote:

On Sunday, November 25, 2018 at 7:38:24 AM UTC-5, awokd wrote:

maxheadonl...@gmail.com wrote on 11/24/18 7:45 PM:

Hi all.

I've put enough time into this one where I'm finally willing to reach out for
some help. I wanted to see if I could create an AppVm dedicated to music
creation, using QJackCtl and other open source software.

However, I'm having a terrible time at even getting Jack Audio off of the floor.

System: Base Qubes 4.0 installation, Fedora 28 template, Thinkpad T480 w/32Gb
RAM.

Expected results: Pressing "Start" on the QJackCtl GUI starts the server, per
the online manuals and Fedora's Musician documentation.

Actual results: Receive the "Could not connect to JACK server as client. - Overall
operation failed. - Unable to connect to server." error.

Tried so far: Following online documentation (treating the AppVM as a standard
Fedora installation), assigning the Audio PCI of the computer to that VM via
the Qubes Manager.

I'm totally willing to have this be something simple and embarrassing as I
learn the OS. Any help that you can provide would be much appreciated!

If I understand Qubes' audio right, Pulseaudio inside AppVMs gets
redirected to dom0's Pulseaudio which normally controls the sound
hardware. So if you want to override that, maybe try setting up an HVM
with the audio device assigned and without Qubes Pulseaudio redirection.
Think there's a Qubes package that does it so don't install that one in
the HVM.

Thanks, awokd. I tried passing through the audio PCI, but didn't get any
farther than the 'Settings' tab in Qjackctl. I could get Jack to recognize the
sound card, but couldn't get the server to actually start.

If anyone else has success in implementing Jack Audio (or configuring an audio
creation VM in Qubes/Xen), please don't hesitate to contact me!

Not meaning to discourage you but latency sensitive stuff will be a
hit-or-miss with virtualization (and by experience misses unfortunately
far outweigh hits). That's because of inaccuracies with the guest OS'
virtualized timer and/or how host resources are prioritized and
allocated to the guests.

With Qubes: my quality USB DAC constantly outputs audible clicks despite
being fed a data stream directly from sys-usb (ie. it's not
"pass-through'ed" to another VM). The same DAC works perfectly well on
other laptops (including a 10+ year old one) without virtualization.
It's USB though, and USB audio sucks so YMMV :)

I do hope you'll manage to have your setup working properly. If not I'd
advise that you buy/use an old laptop dedicated to your audio creation
tasks. That way you could install an audio focused distribution (like
Ubuntu Studio [1], AV Linux [2] - and probably others), as those
distributions package all the popular apps and may provide so-called
realtime kernels that help with latency and jitter.

You could also try to install such a distribution as a HVM in Qubes and
see how it works.

[1] https://ubuntustudio.org/
[2] http://www.bandshed.net/avlinux/

If this is the intended sound set up for Qubes, it makes sense and I'll instead
try the HVM approach to create my audio VM. I'll address the issues that I've
found so far in that attempt in another thread.

Excellent community, thank you!

- Max

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/4c37f5c7-e256-6e49-bc71-3bc1f8a6c7c0%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The state of the HiDPI display support in Qubes

2018-11-28 Thread Ivan Mitev

On 11/29/18 1:25 AM, schadensregulier...@gmail.com wrote:

Am Sonntag, 28. Oktober 2018 16:20:44 UTC+1 schrieb Achim Patzner:

Hi!

As I'm trying to set up a Lenovo P52 with HiDPI display (and external
nVidia GPU -- don't buy one without right now) I'm close to getting rid
of it completely and install Windows on it...

1) Xfce is not bringing in a single HiDPI theme and the window
decorations are looking extremely awful unless you find one of the
scarce themes adapted for this. It would be nice to have at least one
Theme suitable for an environment like this n the standard distribution.
At least it is xfce -- setting resolution (and some other things) in
.Xresources (or the default file in /etc) is solving the worst problems
easily.

2) The Fedora VMs delivered with Qubes right now are still fully Gnome
based, so just copying an appropriate Xresources is not sufficient
(luckily someone created an fc28-xfce template VM; could we please have
that as part of the standard distribution?) and one has to jump through
hoops to set up the template correctly.

Could whoever is doing the VM startup scripts right now (still Marek?)
consider expanding the X setup scripting to not only getting the screen
size in pixels into the virtual X server but also the correct resolution
and add a very late script that will, independently of the virtual
session manager, move a copy of the X resource db data from Dom0 into
the VM (in the current fedora template this is messed up by
gsd-xsettings which is merrily overwriting what came from Xresources via
xinitrc).

Petition: Take the developers' Lenovo laptops and replace them with
generation 6 HiDPI X1 (and to completely annoy kernel developers they
have to be using P52 or similar systems).

Achim

i am an owner of an p52s HiDPI modell and the whole scaling issues on qubes are
troubling me aswell.

Maybe you got some good contributions to solve some of these scaling issues?
Edit the Xressources didnt seems to solve everything for me and also "xrandr"
editing didnt quite hit it.
what kind of modifications did you do to work proper on qubes? i am tired of
fiddling everytime a new window into right shape

how do i scale the xterm terminals right for instance?

i would love to see at least proper default configuration for 4k displays and
would love to contribute this to the qubes community.

maybee it does make sense to wait for the gtk3 portbut this wouldnt help me
with i3wm anyway i guess. :-/

The following might help to work around your issues:

https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md

Granted, having a "scale everything by a factor X" option in dom0 would
be way better but it'd be nearly impossible to implement/support if the
config has to be passed down to the VMs.

I'm wondering if it couldn't be solved at a lower level: AFAIU VM
windows are "shown" in dom0 as virtual screens - either seamless with
the help of qubes' X driver or "fullscreen" for (H)VMs with the debug
property set. Maybe there's a way for Qubes (or XEN?) to present the VM
with a virtual screen that has a lower resolution. Then Qubes/XEN would
upscale the windows' resolution. But even if that approach is feasible a
problem is that the usable scale factors are severely restricted (even
integers, or maybe only powers of 2). That could also end up being very
CPU intensive.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/22b10284-5dda-0a16-9676-36a938373a9f%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] network question

2018-11-28 Thread Ivan Mitev

On 11/28/18 10:24 PM, haaber wrote:
Sometimes, I need to acces my local net (192.168.1.X) via ssh, say. That
usually finishes with "no route to host" (even in sys-net that has a
192.168.1.Y address) which is annoying. What do I miss? How shall I do
it right (doing anything inside sys-net seems a BAD idea anyhow).

By "usually" - do you mean that sometimes it works, sometimes it
doesn't, or that it never works ?

If it's the latter:

- assuming you're using a wireless connection, you may have "client
isolation" enabled on your AP (ie. wireless stations can't talk to each
other, only to the AP).

- wrong firewall config on your router/AP
- wrong bridging config if you have a mix of wired and wireless hosts
- wrong firewall config on the hosts you're trying to access

etc.

If it's the former: maybe your wireless connections isn't stable (eg.
weak signal, dodgy hardware support, ...) so you have intermittent
connectivity - but then you'd notice it for everything else. Check
'dmesg' in sys-net. Or your hardware is broken. Or it has dodgy drivers. ...

tcpdump is your friend for debugging network issues.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1efff210-5378-41c2-4fea-d0a679ee0f8c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recovering TemplateVM from boot failure caused by incorrect /etc/fstab

2018-11-26 Thread Ivan Mitev

Hi Fabio,

On 11/27/18 2:33 AM, 'Fabio' via qubes-users wrote:

Thanks for the reply Ivan.

I was able to mount `dom0:/dev/qubes_dom0/vm-...-private vmname` successfully,
however when trying to mount `dom0:/dev/qubes_dom0/vm-...-root vmname`, I still
get the `wrong fs type, bad option, bad superblock...` error.

You're probably mounting the wrong partition or you are trying to mount
the whole disk.

The following steps work for me:

in dom0:

sudo losetup /dev/loop3 /dev/qubes_dom0/vm-fedora-26-medium-bkp-root

then, attach the device to some VM like you did. In that VM run `sudo
dmesg` and you should see a line like

[timestamp_here] xvdi: xvdi1 xvdi2 xvdi3

Note: it could also be xvdj, xvdk, ... if you have other devices
attached to the VM.

There are thus 3 partitions in the device/volume you attached. You can
see what they are with `sudo sfdisk -l /dev/xvdi`:

Device Start End Sectors Size Type
/dev/xvdi1 2048 411647 409600 200M EFI System
/dev/xvdi2 411648 415743 40962M BIOS boot
/dev/xvdi3 415744 20971486 20555743 9.8G Linux filesystem

Trying to mount the first two partitions will return a "bad superblock"
error because there isn't any recognised fs on those. Trying to mount
the whole device (/dev/xvdi) will fail for the same reason.

Mount the third partition:

sudo mount /dev/xvdi3 /mnt

And you should be able to fix fstab there:

ll /mnt/etc/fstab

-rw-r--r-- 1 root root 851 May 11 2018 /mnt/etc/fstab

Then, reverse the instructions: sudo unmount /mnt, detach the device in
the tray and remove the loopback device in dom0 (losetup -d /dev/loop3).

Hope this helps...

I can confirm that I get this same error message when trying to mount any
`--root` suffixed volume nested under `/dev/qubes_dom0`.

To confirm, I am running Qubes v4.0.

Any reason why the `--root` volumes in particular aren't mounting? Those are
where `/etc/fstab` would be located, right?

Thanks again for your help!

Fabio

‐‐‐ Original Message ‐‐‐
On Monday, November 26, 2018 12:11 PM, Ivan Mitev wrote:

On 11/26/18 1:46 PM, 'Fabio' via qubes-users wrote:

I made an accidental edit to /etc/fstab which is causing my TemplateVM to
timeout on boot with error Cannot connect to qrexec agent for 60 seconds
Is there a way to edit a particular VM's etc/fstab without booting it up? Can I
perhaps mount it's root filesystem?

for R4:

https://groups.google.com/forum/#!searchin/qubes-users/losetup|sort:date/qubes-users/rWRNIt0NOc4/VaFHp42rBgAJ

Alternatively the following command will configure a loopback device
automatically:

qvm-start --hdisk dom0:/dev/qubes_dom0/vm-...-root vmname

R3.2 uses files by default instead of LVM volumes, I can't remember
where they were located (/var/lib/qubes/ or something like that) but the
procedure should be more or less the same.

Attempted solutions

1. I've tried adding init=/bin/bash to the kernel opts, starting the
templateVM and then running sudo xl console TEMPLATE_NAME from Dom0 but I did
not reach a command-prompt before fstab was read and executed.

2. I tried mounting the root filesystem for the TemplateVM from Dom0 with:
sudo mount /dev/qubes_dom0/vm-fedora-26-root mnt but got error wrong fs type,
bad option, bad superblock...

It's not recommended to access VMs' files in dom0. Once you set up a
loopback device and the volume pops up in the device tray, attach it to
a trusted VM and fix fstab there.

You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a303a7f7-6b8f-5ff3-7e46-13154b8edda4%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/9770a421-70a9-6f8e-ce03-361cb8afdee9%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recovering TemplateVM from boot failure caused by incorrect /etc/fstab

2018-11-26 Thread Ivan Mitev

On 11/26/18 1:46 PM, 'Fabio' via qubes-users wrote:

I made an accidental edit to /etc/fstab which is causing my TemplateVM to
timeout on boot with error Cannot connect to qrexec agent for 60 seconds

Is there a way to edit a particular VM's etc/fstab without booting it up? Can I
perhaps mount it's root filesystem?

for R4:

https://groups.google.com/forum/#!searchin/qubes-users/losetup|sort:date/qubes-users/rWRNIt0NOc4/VaFHp42rBgAJ

Alternatively the following command will configure a loopback device
automatically:

qvm-start --hdisk dom0:/dev/qubes_dom0/vm-...-root vmname

R3.2 uses files by default instead of LVM volumes, I can't remember
where they were located (/var/lib/qubes/ or something like that) but the
procedure should be more or less the same.

Attempted solutions

1. I've tried adding init=/bin/bash to the kernel opts, starting the templateVM
and then running sudo xl console TEMPLATE_NAME from Dom0 but I did not reach a
command-prompt before fstab was read and executed.

2. I tried mounting the root filesystem for the TemplateVM from Dom0 with: sudo
mount /dev/qubes_dom0/vm-fedora-26-root mnt but got error wrong fs type, bad
option, bad superblock...

It's not recommended to access VMs' files in dom0. Once you set up a
loopback device and the volume pops up in the device tray, attach it to
a trusted VM and fix fstab there.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a303a7f7-6b8f-5ff3-7e46-13154b8edda4%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Setting up automated appvm backups using cron?

2018-11-25 Thread Ivan Mitev

Hi,

On 11/25/18 11:31 PM, Stumpy wrote:
I was wanting to back up some of my more important appvms, like vault,
on a regular basis. I am lazy so was thinking that cron might be an
option? Its been awhile since I used cron but I assume I could make a
job with a line like:

qvm-backup -d vault -p /tmp/vault-key ?

qvm-backup --yes --passphrase-file /some/file /backup/dir vmname

then create an executable script with this one-liner and put it in one
of the /etc/cron.* dir (eg weekly, daily). Or, create a specific cron
entry in /etc/cron.d/

I am not sure about the last part as I would like to put it on an
external drive so in 3.2 I could have pointed it to the ext drive on
dom0 but now I am not quite sure where to point it? Ideas?

I backup VMs in dom0 (qvm-backup ... like above) and then copy the
backup file to a mounted dir in an AppVM (could be an external HD, a
NFS/smb share, ...).

eg.:

cat backupfile | qvm-run --pass-io work "cat > /store/dir/qubes/backupfile"

You can backup multiple VMs at once with `qvm-backup` so you can't
specify a target file. A workaround is to create a dedicated target
directory for each qvm-backup "run" and `ls` the file(s) created there
(I prefer to run `qvm-backup` for each vm rather than listing all the
vms at once - it helps with error detection and simplifies scripting).

Here's how you could backup some VMs to /bkpvm in dom0 and then copy the
files to a mount in the 'work' AppVM:

for vm in vault banking; do
bkpdir=/bkpvm/$vm-$(date "+%FT%H%M%S")
mkdir $bkpdir
qvm-shutdown --wait --timeout 60 $vm
qvm-backup --yes --passphrase-file /some/file $bkpdir $vm
bkpfile=$(ls $bkpdir)
cat $bkpfile | qvm-run --pass-io work "cat > /mnt/qubes/backupfile"
done

Note- no guarantee that the above works as-is (I've copied/adapted the
main commands from my backup script).

FWIW backuping large VMs is a waste of resource when there are only a
few files changed. For such VMs I mount an encrypted volume in a
dedicated backup AppVM and rsync the content of the VM there. That's
much, much, much (did I say much ?!) faster and efficient than the
qvm-backup resource hog.

BTW writing a backup strategy doc is on my todo list for more than one
year. Can't get around to writing it :(

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a0ccff1f-9d51-3c8a-f631-4480d3c5b221%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Setup NextCloud in Qubes

2018-11-24 Thread Ivan Mitev

On 11/25/18 2:26 AM, pr0xy wrote:

I was trying to install NextCloud into a Qubes R3.2 machine. Although I
have it working it isn't persistent across reboots of the AppVM. Every
time I restart the AppVM it asks me to setup my NextCloud again.

How can I get NextCloud working in an AppVM?

I put NextCloud into a Fedora template. I tried the full manual install
and the Snap method. When I base the AppVM on that template I can
startup NextCloud, create a MariaDB database, create an admin account
and work with various settings, but a restart of the AppVM will lose all
of those settings. How can I make my changes persistent so that I can
use NextCloud normally?

Why not use a StandaloneVM ?

Or do you want to get a "clean/blank" nextcloud install each time you
restart an AppVM based on the template where you installed nextcloud ?
If so, you'll have to create the db/admin account/... in the templateVM,
not in the AppVM, otherwise any changes you do to the root filesystem
will be lost at the next restart. Note that it's usually not a good idea
to install and run third party stuff in templates (or, don't base
sensitive AppVMs on such templates).

FYI the folders/files related to nextcloud are usually:

- The folder where you extracted nextcloud (eg. /var/www/nextcloud)
- The data dir you configured; could be a subdir of the folder above or
another path.

- Mysql db (/var/lib/mysql) and maybe /etc/my.cnf*
- relevant httpd config (/etc/httpd/...) + php stuff, eg. /etc/php.ini
if you modified it.

You'll also have to enable the web server and mysql in the template
(systemctl enable ...); or start it in the AppVM.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5f1f3df3-f65a-48de-535c-e76ec8abd7d1%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Adding modules to initramfs

2018-11-21 Thread Ivan Mitev

Hi,

On 11/21/18 4:41 PM, mike wrote:

Hi,

I recently replaced the SSD drive in my laptop and the new one turned out to be
using completely different technology (namely nvme as opposed to sata).
It costed me a lot of fuss to make my system able to boot up from the new drive
(ie. I did a fresh installation of Qubes just to realise it put the necessary
nvme driver into initramfs, the lack of which on my original OS had been the
cause of the issue).

My question is: how can I add necessary drivers to initramfs
(/boot/efi/EFI/qubes/initramfs-*)? For instance, referring to the scenario
above, I would like to add nvme kernel modules to initramfs to be able to boot
the system when I move it to the new drive.

I don't have a UEFI setup to test but the following should work:

mkinitrd --with=yourmodule /path/to/new/initramfs $(uname -r)

(see `man mkinitrd` ; mkinitrd is actually frontend to dracut).

IIRC, you can specify multiple modules with several `--with=` options.

Backup your current initramfs if you use the same filename as you
current initramfs (eg., "/initramfs-4.14.67-1.pvops.qubes.x86_64.img").
Or alternatively, use a different filename and tweak the config at boot
time in grub when testing, and then overwrite the old initramfs with the
new one once everything works as expected.

Ivan

Thanks,
Mike

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/46f145ea-f2d6-1f1f-72c7-91282917ebdc%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up internet connection via wireless netgear internet adapter without internet

2018-11-20 Thread Ivan Mitev

On 11/20/18 2:12 AM, 'Ryan Carter' via qubes-users wrote:

Hi I am having troubles setting up a internet connection via a wireless netgear
internet adapter.
Some problems I encountered:
- I believe that I have to install installation disc software via a cd/rom
drive just like setting up on any other OS without a prior internet connection
- So I tried attaching the cd/rom to sys-net vm by clicking yellow device
button in top right corner and it was successful although when I went into the
sys-net vm devices to add it it wasn’t there. I also tried doing it manually
via the terminal but had no such luck maybe I did something wrong there not
sure though.
- Also I tried inserting the wireless adapter w/o the installation disc first
and it’s not registering at all on devices, but I assume that is b/c the
software for it hasn’t been downloaded via cd hence my problem

You shouldn't have to install third-party drivers, the linux kernel
usually supports mainstream hardware out of the box. There are
exceptions though - fancy printers/scanners, exotic hardware, closed
hardware difficult to reverse-engineer, and/or hardware that is too new
for support to have reached the stable kernels used in Qubes, ...
By the way installing vendor drivers is quite a painful and time
consuming process.

What is your wireless adapter based on ? USB ? PCIe ? If you have
another computer with a "standard" linux distribution installed - eg.
debian, fedora, ubuntu, ... - did you try your adapter there ?

If your adapter is a PCIe card, did you assign it to sys-net ? Do you
see anything relevant in `sudo dmesg` in sys-net ?

Otherwise, assuming it's a USB device, is it shown when typing `lsusb`
in sys-usb (assuming you have such vm) ? Ditto for `sudo dmesg` ?

Or maybe your adapter is supported but you simply didn't configure your
VM(s) to use it - eg.:

1- attach the device from sys-usb to sys-net (not guaranteed to work -
usb pass-through is usually a hit or miss)

2- or, attach the relevant usb controller(s) to sys-net (and ditch
sys-usb if it doesn't have controllers assigned to it anymore).

3- or, setting up NetworkManager in sys-usb and defining 'sys-usb' as
sys-firewall's netvm (which basically ends up being identical to 2- above).

(note: I don't have a usb network adapter to test so the above is what I
imagine is needed given my knowledge of qubes. Others may chime in...).

The following may also help: https://www.qubes-os.org/doc/usb/

Ivan

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ab405d5f-fc3f-b4ac-e3fc-c09b6b5a20b8%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Windows HVM TemplateVM never leaves transient state

2018-11-19 Thread Ivan Mitev




On 11/19/18 12:48 PM, qube1...@gmail.com wrote:

I'm a newbie trying to set up a Windows 10 HVM template (without Qubes windows 
tools) in Qubes 4.0.1rc1. The tempalate works fine but never leaves the 
transient state. Is this a known limitation without the windows tools or am I 
missing something?


Without Qubes windows tools (QWT) you don't have qrexec [1], so no 
communication is possible between the (H)VM and dom0 -> no way for dom0 
to know that the vm has properly started. Hence the 'transient' state 
instead of 'running'.



My real issue is that an AppVM of this template never persist/commit the 
private snap image. I'm just guessing this might be due to the fact that the 
qube (AppVM and TemplateVM) never hits the Running state?


No, that's because in template mode the private volume is wiped so you 
have to format it *each time* (+ migrate the user profile folders 
there). You'll have to write a shell script that takes care of that or 
alternatively, try to install QWT, which provides that feature. But if 
you go that route clone/backup your vm first and be ready for some trial 
and error (QWT 3.x is buggy on R4 [2], and I have no idea if the QWT 4.x 
test versions works properly on Win10 as a template).




Normal PVHs AppVM's work fine with their states/private data.


Yes - because their private volume is persistent.


Hope this helps,
Ivan


[1] https://www.qubes-os.org/doc/qrexec3/
[2] https://github.com/QubesOS/qubes-issues/issues/3585

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62248398-13c3-14df-7084-1f4216de487a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Ivan Mitev

On 11/13/18 9:15 PM, Otto Kratik wrote:

On Monday, November 12, 2018 at 11:44:08 PM UTC-5, Ivan Mitev wrote:

Oh, I see. I've updated the issue to add a mention about the gateway.
Actually the issue was originally meant to document the problems with
QWT on R4 but it slowly evolved into a step-by-step guide.
The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have
a fancy vpn/firewall setup, it's likely 10.137.0.6.

Thanks - I added the sys-firewall gateway value and that seemed to do the trick
in restoring connectivity (which is of course, entirely obvious in hindsight).
A couple of oddities I noticed though:

With everything manually configured and working, I can successfully ping the
VM's own ip address and the gateway from within the VM, however I can *NOT*
ping the DNS servers at all.

Attempting to ping 10.139.1.1 or 10.139.1.2 results in:

Response from 10.128.100.62: Destination net unreachable

The DNS server ips are destination nat'ed so you can't ping them. I
forgot about that when I advised to ping them - sorry.

I have no idea what that IP address above is. Obviously DNS resolution is
working since I can lookup websites correctly as expected, but the ping attempt
either fails with that reply or times out completely, every single time.

Also, if I delete the DNS entries from adapter IPv4 config completely and then do
"ipconfig /all" from command line, they seem to get magically filled in by
themselves, with one slight change:

10.138.1.1 <-- (note the 138 instead of 139)
10.139.1.2

..And everything continues to work fine in terms of connectivity. The Qubes
Network Setup service is definitely disabled and stopped, so I am not quite
sure how that auto-fill is occurring.

No idea.

With the qubes network service disabled the only way I'd think of would
be to get the ips from the dhcp server running in the xen stub domain
but this shouldn't work with the PV driver (which is the reason
automatic settings work without QWT - see my other email in reply to
Achim Patzner) - and if it did the vm's ip/mask/gw should have been set
too automatically.

Also AFAIK there's no 10.138.1.1 ip used in R4, so it must be coming
from QWT.

I can also use other externally operated DNS like:

8.8.8.8
4.4.4.4
1.1.1.1

And it gets saved correctly in ipconfig and also produces full connectivity. I
am going to try garbage values and see what happens, but it almost seems like
the HVM is somehow routing its DNS queries automatically regardless of entered
values, but maybe not.

The DNS queries should be sent to the servers you specified. The NAT
rules in sys-firewall and sys-net are only valid for 10.139.1.{1,2} (at
least on my setup).

I've also added a note about QWT 4 breaking *new* HVMs (I thought the
breakage was only when updating from QWT3 to QWT4). It seems it's a
hit-or-miss process, IIRC some users managed to have QWT4 running.

Hit or miss, yes... possibly partially related to the state of updates in
Windows 7 at the time QWT4 is installed. Those reporting success (in this
thread and issue 3585) seem to have installed updates into Win7 first before
installing the guest tools. In my case I tried installing QWT4 into a fresh
Win7 SP1 with no updates applied yet, and it broke completely. So that might be
the crux, though it's just a hypothesis.

Indeed. Actually the issue mentions that relatively recent updates
*must* be installed in order to be able to use the PV storage driver,
so it might a requirement for other stuff. Windows being windows, it's
really a hit-or-miss process.

At some point if I have the 2-3 days needed to fully update Windows 7, I may try removing QWT3 and
installing QWT4 to see what happens. Of course I will try this in a clone, since I have no idea how
easy or difficult it actually is to uninstall QWT3223 cleanly, and it's far more likely I'll break
something in the attempt. Is it just a question of selecting "Remove" from the internal
Win7 "Add/Remove Programs", and then installing QWT4 anew? Or is there a more elaborate
procedure required?

The time needed to update Windows can be reduced to a few hours (!) by
using larger update packs, like described in the following guide:

https://plugable.com/2016/06/08/windows-7-wont-update-what-to-do/

advice: clone the VM before each important step and always keep at least
the past 2 clones; I remember discarding a clone after the VM
successfuly booted, only to find out that it wouldn't boot next time.

FWIW I never managed to update from QWT3 to QWT4, whatever I tried -
updating "over" QWT3, removing QWT3 first (through add/remove
programes), ...

advice 2: fully update the VM first and then mess with QWT. Again, clone
first before testing anything.

Good luck - you'll need some :)

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this g

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-13 Thread Ivan Mitev

On 11/13/18 1:44 PM, Achim Patzner wrote:

On 20181113 at 06:44 +0200 Ivan Mitev wrote:

The real problem with these tools is not being able to install and
deinstall them in steps. Somewhere along the way I lost libvirt and
there is no easy way to just put it where it belongs. Using the
installer to "repair" the system breaks it because it is messing with
the drivers. If you uninstall completely you break the system with the
reinstallation. All in all it worked better NOT to use the Qubes tools
but the XEN installers and add the Qubes video driver later.

The installer allows custom installations where you can select
components but I agree that it'd be more flexible to have the tools
split in several packages.

What value, if anything, should go under Gateway in the VM? The ip address
shown by Qubes as belonging to the network-providing VM itself, ie Sys-Net or
Sys-Firewall, namely 10.137.0.6 ? Or something else?

The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have
a fancy vpn/firewall setup, it's likely 10.137.0.6.

This is another joke I'm not understanding. Ok, no DHCP for the
unwashed masses. But if I have qubes-rpc working, why not inject the
necessary settings using this mechanism?

[ What do you mean by "another joke" ? ]

There is a dhcp server in XEN's stub domain, that's why networking works
out of the box on plain windows VMs. The problem is that the PV network
driver (installed by QWT or manually from XEN windows PV drivers)
bypasses the stub-domain networking [1].

Workarounds:
- use QWT 4 (if it works for you).
- or, use QWT 3 and configure the network manually
- or, don't use the network PV driver, which should be perfectly fine
for VMs used for casual browsing.

Re- rpc settings: IIRC the qubes network service provided by QWT reads
the ip/dns/gw/... values from the exposed keys [2] and sets the network
accordingly.

[1] https://groups.google.com/forum/#!topic/qubes-users/EXAcxrD7ZQU
[2] https://www.qubes-os.org/doc/vm-interface/

Achim

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6bb55a58-b067-ac6d-4978-944d5b0128e7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-12 Thread Ivan Mitev

On 11/12/18 9:47 PM, Otto Kratik wrote:

On Monday, November 12, 2018 at 1:52:44 PM UTC-5, Ivan Mitev wrote:

Hi,
Since you mention that the network is functional without QWT installed
there's probably an issue with your ip settings in the windows HVM. Make
sure that the IP you've manually configured in windows matches the one
assigned to the VM (in dom0, run `qvm-prefs vmname visible_ip`).
Also check that the ip/gateways/dns ips you've configured are properly
applied in the vm (`ipconfig /all` in a command prompt), it could be
that the "Qubes Network Setup" service is still active for some reason.

Then, if everything looks OK, try to ping the VM's IP from the VM (this
should work), then the gateway, then the DNS IPs.

I'll give this a try, thanks. So far in the Windows HVM I have not put any value under
"gateway" because that is not mentioned in the instructions from Issue3585
above. Only IP address, Subnet mask, and DNS server fields are filled out. Default
gateway is left empty.

Oh, I see. I've updated the issue to add a mention about the gateway.
Actually the issue was originally meant to document the problems with
QWT on R4 but it slowly evolved into a step-by-step guide.

The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have
a fancy vpn/firewall setup, it's likely 10.137.0.6.

Also, I am presuming the values listed for DNS servers are universal constants
at the moment in Qubes 4, meaning 10.139.1.1 and 10.139.1.2 are absolute values
for all installations and not dynamically dependent on specific configuration?

Yes, IIRC the DNS servers were hardcoded somewhere in one of the qubes
python scripts in dom0.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c0e05adc-cf1e-ebd6-9e0c-31bb632a5f96%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

2018-11-12 Thread Ivan Mitev

Hi,

On 11/12/18 8:02 PM, Otto Kratik wrote:

Here's what I've done so far:

Created a new Windows 7 SP1 HVM by using an .iso as I've done many times
successfully in the past on Qubes 3.2. Everything works fine, HVM is created
and runs correctly, internet connection is intact and functioning as expected.

Downloaded Qubes Windows Tools 4.0 and installed them into the HVM as per
documentation. Installation of QWT 4.0 completely *breaks* HVM and places it
into a totally irrecoverable state, as detailed here near the top:

https://github.com/QubesOS/qubes-issues/issues/3585

"at the following reboot, windows fails to boot and tries to repair files, which as
usual doesn't fix anything (the VM might boot at some point, without the tools
installed)"

Deleted the HVM, and started over from scratch by creating a new one. This
time, I installed Qubes Windows Tools version 3.2.2.3 instead of 4.0. That
worked perfectly fine, and the usual QWT-enhanced Windows HVM appeared with
full screen resolution, mouse pointer integration etc. Except, the internet
connection suddenly completely went offline and stopped functioning.

As per Issue 1 again from the same source, I tried the following instructions:

https://github.com/QubesOS/qubes-issues/issues/3585

Issue 1 - Networking isn't set up properly

The PV adapter's status is stuck at "Identifying"; pinging an ip works but pinging a host
fails, indicating a problem with DNS resolution. A tcpdump on sys-firewall indeed shows that DNS
requests are sent to the gateway's ip and are rejected. The reason is that in R4 VMs are now using
the exposed "/qubes-{primary,secondary}-dns" values, while R3.2's Windows Tools still use
/qubes-gateway (whose IP in R4 is different from /qubes-primary-dns).

Workaround: disable the "Qubes Network Setup" service (with gui/msconfig, or sc config
"QubesNetworkSetup" start= disabled in a command prompt) and configure the network
manually.

Settings:

DNS{1,2}: 10.139.1.1, 10.139.1.2
Subnet: 255.255.255.0
IP: in dom0, qvm-prefs vmname ip will output the VM's ip. Caveat: a
cloned/restored/... VM will likely have its IP changed so you'll have to
remember to update your network settings.

Implementing this attempted fix did *NOT* solve the problem, and the lack of
internet connectivity persists despite doing everything suggested. All other
VMs on the system have their internet connections working perfectly fine.

What are the next suggested steps to try? Should that fix have worked
regardless of using QWT 3.2.2.3 rather than 4.0, as long as the base system is
Qubes 4 instead of 3.2? If not, what options should I be using for my specific
situation? What do I do from here to get internet connectivity back?

Since you mention that the network is functional without QWT installed
there's probably an issue with your ip settings in the windows HVM. Make
sure that the IP you've manually configured in windows matches the one
assigned to the VM (in dom0, run `qvm-prefs vmname visible_ip`).
Also check that the ip/gateways/dns ips you've configured are properly
applied in the vm (`ipconfig /all` in a command prompt), it could be
that the "Qubes Network Setup" service is still active for some reason.

Then, if everything looks OK, try to ping the VM's IP from the VM (this
should work), then the gateway, then the DNS IPs.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fccd0b96-b05e-c964-9cb9-fa8611034e1f%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cannot boot new HVM from cdrom. What is the new command?

2018-11-05 Thread Ivan Mitev





On 11/4/18 9:25 PM, Otto Kratik wrote:

Previously when creating a new Windows HVM on Qubes 3.2, to boot from a 
physical CD in the physical CD drive I would do:

qvm-start --cdrom=/dev/cdrom win7

When I try that in Qubes 4.0, I get an error that starts with "Traceback" and ends with 
"Not enough values to unpack (expected 2, got 1)."

What am I doing wrong? What is the new command to make this work in Qubes 4?


The following command should work:

qvm-start --cdrom=dom0:/dev/cdrom win7

(and yes, the error message is cryptic).

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ba43017-5be6-0695-83f6-4617bc5d29bb%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] firefox plugins on disp templates?

2018-10-20 Thread Ivan Mitev

On 10/20/18 1:54 PM, unman wrote:

On Sat, Oct 20, 2018 at 07:07:25AM +0300, Ivan Mitev wrote:

On 10/19/18 10:05 PM, Stumpy wrote:

I realize this is marginally relevant but thought that I am likely not
the only/first one to think about this so Id reach out to see if anyone
else has solved it.

I LOVE the disp feature and use it fairly often for random browsing,
but, I miss a few addons. I managed to add them to my template (which I
am think might be bad op/sec juju) but even then, when a new addon comes
out the browser updates so I have to update the addon manually in the
template which is a PITA that is quickly becoming not worth it.

Yeah, that's the downside of dispVMs.

My workflow for updating my profile is:

1- every now and then I start a dedicated appVM where my "master" firefox
profile/folder lives, in order to update addons, tweak prefs, ...

2- I then copy the folder to the dispVM's *dvm* template (not the dvm
template's template). I assume you're on R4.0 - IIRC for R3.2 you'd have to
update the template itself.

It seems to be pretty much what you did though. It doesn't take too much
time but then I update my profile every month or so - maybe your addons
require more frequent updates.

You could try to automatize the process with a script in dom0 that would
start the VMs, `qvm-run` commands, copy files, ...

Another way would be to skip updating the dvm template (step 2 above) and
instead copy the updated profile to one of your VMs that is always started
(or to dom0, provided you don't open/read any of these files). You could
then write a qubes extension [1] that automatically sync the dispVM profile
with the "master" one when a dispVM starts.

[1] https://groups.google.com/d/msg/qubes-users/JtLBUB-YfM0/y2izgbZDBAAJ

What's the advantage of doing this, as opposed to using the appVM in 1
itself as template for the disposableVMs?

Because I'm certain that the only thing I'm copying is the .mozilla
folder. Now, if I start the dvm template itself it's difficult to know
if something else has changed when things are being updated.
Also, the dedicated appVM can be firewalled to allow only mozilla/addons
sites. You could do the same with the dvm template but that would
involve tweaking the firewall each time you update the VM and revert it
to its original settings afterwards.

If the points above are not a concern, using the appVM template is
indeed more straightforward.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/2e71b0d1-152c-b34c-c7aa-8f29eaaa5b52%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] firefox plugins on disp templates?

2018-10-19 Thread Ivan Mitev

On 10/19/18 10:05 PM, Stumpy wrote:
I realize this is marginally relevant but thought that I am likely not
the only/first one to think about this so Id reach out to see if anyone
else has solved it.

Yeah, that's the downside of dispVMs.

My workflow for updating my profile is:

1- every now and then I start a dedicated appVM where my "master"
firefox profile/folder lives, in order to update addons, tweak prefs, ...

2- I then copy the folder to the dispVM's *dvm* template (not the dvm
template's template). I assume you're on R4.0 - IIRC for R3.2 you'd have
to update the template itself.

It seems to be pretty much what you did though. It doesn't take too much
time but then I update my profile every month or so - maybe your addons
require more frequent updates.

You could try to automatize the process with a script in dom0 that would
start the VMs, `qvm-run` commands, copy files, ...

Another way would be to skip updating the dvm template (step 2 above)
and instead copy the updated profile to one of your VMs that is always
started (or to dom0, provided you don't open/read any of these files).
You could then write a qubes extension [1] that automatically sync the
dispVM profile with the "master" one when a dispVM starts.

[1] https://groups.google.com/d/msg/qubes-users/JtLBUB-YfM0/y2izgbZDBAAJ

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/96b170d7-74eb-8960-a286-60b00490cafe%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: My touchpad and mouse didn't work

2018-10-14 Thread Ivan Mitev





On 10/14/18 10:39 AM, Máté Kovács wrote:

2018. október 13., szombat 22:13:58 UTC+2 időpontban Máté Kovács a következőt 
írta:

Hi
Somehow I turned off my touchpad in Qubes, and it get stucked in the middle of 
the screen.
How can I navigate myself to dom0 console with my notebook's keyboard?


I made a huge mistake when I tried at the settings how to set up my usb mouse, 
and I accidentally turned off the touchpad after the arrow of my mouse somehow 
moved a few millimeters away, and I cannot re enable it again. :/


CTRL-ESC should show the qubes menu; use arrows to go into system tools 
-> mouse and touchpad, and use arrows/tab/space to change the settings.


Or do you mean that you already did that but that the touchpad is still 
disabled ? If so, make sure it is really enabled (as above) and reboot.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29e9682c-012c-66f6-77e5-2e5d6821526d%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: My touchpad and mouse didn't work

2018-10-14 Thread Ivan Mitev





On 10/14/18 8:39 AM, Hugo Costa wrote:

On Saturday, 13 October 2018 21:13:58 UTC+1, Máté Kovács  wrote:

Hi
Somehow I turned off my touchpad in Qubes, and it get stucked in the middle of 
the screen.
How can I navigate myself to dom0 console with my notebook's keyboard?


I usually just restart the computer when something like that happens. But in 
your case, I'd probably just alt tab into the Qube Manager and go on from there.


I also had a stucked pointer a few times for the past 2-3 weeks - don't 
know what is triggering it. Instead of rebooting you could try to login 
in a text console (eg ctrl-alt-2) and suspend the laptop (`systemctl 
suspend`). After resuming I could move the pointer again, maybe it'll 
work for you and the OP - rebooting is really painful/slow.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22398a2d-abad-820d-95bd-46eb68255335%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to see what Qubes is doing during boot?

2018-10-11 Thread Ivan Mitev





On 10/11/18 9:45 PM, 'floasretch' via qubes-users wrote:

Booting Qubes 4.0 on a five-year-old Core i3 laptop, it always sits for several 
minutes with a grey screen, white Q logo, and slowly advancing progress bar. Is 
there some textual boot report I can watch instead, to see why it takes so long?


hiting the `esc` key when you see the grey screen should switch to text. 
Alternatively you can boot without the 'quiet' option (edit the kernel 
options when you're presented with the grub menu at boot).


A long startup time is usually the consequence of (auto)starting many VMs.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b696582c-bb3e-2701-7090-5abb1fc6e70e%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] nftables vs iptables

2018-10-10 Thread Ivan Mitev

On 10/10/18 4:14 PM, unman wrote:

On Tue, Oct 09, 2018 at 09:18:22PM +0300, Ivan Mitev wrote:

On 10/9/18 7:44 PM, mfreemon wrote:

On 10/8/18 10:56 AM, mfreemon wrote:

On 10/2/18 2:25 AM, Ivan Mitev wrote:

On 10/2/18 1:32 AM, Chris Laprise wrote:

On 10/01/2018 05:48 PM, mfreemon wrote:

On 1/11/18 3:01 PM, Chris Laprise wrote:
   > On 01/10/2018 03:47 PM, Connor Page wrote:
   >> The official templates use nftables so shouldn’t be mixed with
iptables. I didn’t have time to learn about nftables, so just removed
nftables package from debian 9 template. YMMV.
   >
   > Hmmm, I was just thinking how Qubes' own guest scripts still use
   > iptables even in fedora-26.
   >
   > IIUC, iptables and nft are two different interfaces
to netfilter. I
   > don't know if it really matters, at least for the R4.0 window. I'd
   > prefer to put the syntax change (for docs) off until
a later release.

I was recently thrown by the mix of both nftables and iptables in R4.

The qubes docs don't clarify much.  The qubes firewall scripts use
nft. Most of the discussion on the qubes website documentation is
about iptables, but there are also a few mentions of nft.  The upgrade
instructions (going from R3.2 to R4) did not mention converting rules
from iptables to nftables.  It looks like other related projects (one
example is qubes-tunnel) is using iptables.

Just reading a few things and trying to come up to speed, I get the
impression that nftables and iptables should not both by used at the
same time.  Even if technically possible (i.e. both sets of rules
applied correctly), it strikes me as not a great idea to maintain
packet filtering rules in two different ways.

What is the best practice recommendation on this (for R4, Fedora 28
template)?  Are we to be using, exclusively, nftables in R4?

The last I read about this (for 4.0) is that nftables is used in Fedora
Qubes code, but Debian Qubes is still using iptables. That
still appears
to be the case since nftables is not installed in my
debian-9 templates.

I've submitted qubes-tunnel to Qubes with iptables commands only, with
the intention to transition to nftables (or that other new interface in
Linux, name escapes me just now) for Qubes 4.1. Someone who is just
starting a project might be better off going with nftables.

... until yet another packet filtering mechanism replaces nftables (in
that case, bpfilter [1]).

I understand the rationale behind using nftables [2] but given how it is
widespread (hint: close to 0 even amongst seasoned sysadmins) IMHO it
wasn't worth it. The OP's post confirms there's quite some confusion
about how it interacts with iptables, and the official documentation is
far from helpful.
I'm quite proficient with iptables and networking in general but it took
me half an hour to understand how to tweak Qubes' nftables rules last
time I wanted to change something in the firewall, while I would have
done that task in less than one minute with iptables. I could have spent
a few hours learning nftables to improve the official doc but at my age
I prefer to spend time learning tech that significantly improves things
(eg. Qubes OS over standard linux distribution) over loosing time
learning stuff that is only marginally better.
Anyway - I digress :)

[1] https://old.lwn.net/Articles/747551/
[2]
https://github.com/QubesOS/qubes-issues/issues/1815#issuecomment-245109500

I'm concerned about the confusion and unnecessary complexity here.

Network packet filtering is certainly (one of) those features that
software such Qubes needs to be solid on (in both design approach
and implementation detail).

Is the Qubes team confident in the current situation, such that
users of Qubes should not be concerned?

nb.  This is not meant to be a criticism at all.  I very much
appreciate the hard (and complicated) work going into Qubes.  I'm
just looking to understand the current situation better so as to
judge whether my concern is warranted or not.

As an example:  I'm wanting to enable some specific network traffic
between two qubes.  The docs say to use iptables 
(https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes).
  qubes-firewall-user-script also specifies iptables rules.  But
qvm-firewall implements the rules it manages using nftables.  So the
firewall VMs have both iptables rules and nftables rules in effect.  And
these are different sets of rules.  It's not that the iptables command
and the nft command are just two user interfaces showing the same packet
filtering rules.  They are different packet filtering rules.  This seems
like a receipt for disaster.

Is this the wrong forum for this discussion?  Should this be on
qubes-devel, or an issue in qubes-issues at
https://github.com/QubesOS/qubes-issues/issues?

You'll definitely get more visibility on qubes-devel.

FWIW I'm not concerned about the complexity itself: I trust the Qubes devs
not to mess up.
IMHO the problem is that p

Re: [qubes-users] nftables vs iptables

2018-10-09 Thread Ivan Mitev

On 10/9/18 7:44 PM, mfreemon wrote:

On 10/8/18 10:56 AM, mfreemon wrote:

On 10/2/18 2:25 AM, Ivan Mitev wrote:

On 10/2/18 1:32 AM, Chris Laprise wrote:

On 10/01/2018 05:48 PM, mfreemon wrote:

On 1/11/18 3:01 PM, Chris Laprise wrote:
  > On 01/10/2018 03:47 PM, Connor Page wrote:
  >> The official templates use nftables so shouldn’t be mixed with
iptables. I didn’t have time to learn about nftables, so just removed
nftables package from debian 9 template. YMMV.
  >
  > Hmmm, I was just thinking how Qubes' own guest scripts still use
  > iptables even in fedora-26.
  >
  > IIUC, iptables and nft are two different interfaces to 
netfilter. I

  > don't know if it really matters, at least for the R4.0 window. I'd
  > prefer to put the syntax change (for docs) off until a later 
release.

I was recently thrown by the mix of both nftables and iptables in R4.

The qubes docs don't clarify much.  The qubes firewall scripts use
nft. Most of the discussion on the qubes website documentation is
about iptables, but there are also a few mentions of nft.  The upgrade
instructions (going from R3.2 to R4) did not mention converting rules
from iptables to nftables.  It looks like other related projects (one
example is qubes-tunnel) is using iptables.

Just reading a few things and trying to come up to speed, I get the
impression that nftables and iptables should not both by used at the
same time.  Even if technically possible (i.e. both sets of rules
applied correctly), it strikes me as not a great idea to maintain
packet filtering rules in two different ways.

What is the best practice recommendation on this (for R4, Fedora 28
template)?  Are we to be using, exclusively, nftables in R4?

The last I read about this (for 4.0) is that nftables is used in Fedora
Qubes code, but Debian Qubes is still using iptables. That still 
appears
to be the case since nftables is not installed in my debian-9 
templates.

I've submitted qubes-tunnel to Qubes with iptables commands only, with
the intention to transition to nftables (or that other new interface in
Linux, name escapes me just now) for Qubes 4.1. Someone who is just
starting a project might be better off going with nftables.

... until yet another packet filtering mechanism replaces nftables (in
that case, bpfilter [1]).

I understand the rationale behind using nftables [2] but given how it is
widespread (hint: close to 0 even amongst seasoned sysadmins) IMHO it
wasn't worth it. The OP's post confirms there's quite some confusion
about how it interacts with iptables, and the official documentation is
far from helpful.
I'm quite proficient with iptables and networking in general but it took
me half an hour to understand how to tweak Qubes' nftables rules last
time I wanted to change something in the firewall, while I would have
done that task in less than one minute with iptables. I could have spent
a few hours learning nftables to improve the official doc but at my age
I prefer to spend time learning tech that significantly improves things
(eg. Qubes OS over standard linux distribution) over loosing time
learning stuff that is only marginally better.
Anyway - I digress :)

[1] https://old.lwn.net/Articles/747551/
[2]
https://github.com/QubesOS/qubes-issues/issues/1815#issuecomment-245109500 

I'm concerned about the confusion and unnecessary complexity here.

Network packet filtering is certainly (one of) those features that 
software such Qubes needs to be solid on (in both design approach and 
implementation detail).

Is the Qubes team confident in the current situation, such that users 
of Qubes should not be concerned?

nb.  This is not meant to be a criticism at all.  I very much 
appreciate the hard (and complicated) work going into Qubes.  I'm just 
looking to understand the current situation better so as to judge 
whether my concern is warranted or not.

As an example:  I'm wanting to enable some specific network traffic 
between two qubes.  The docs say to use iptables 
(https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes). 
  qubes-firewall-user-script also specifies iptables rules.  But 
qvm-firewall implements the rules it manages using nftables.  So the 
firewall VMs have both iptables rules and nftables rules in effect.  And 
these are different sets of rules.  It's not that the iptables command 
and the nft command are just two user interfaces showing the same packet 
filtering rules.  They are different packet filtering rules.  This seems 
like a receipt for disaster.

Is this the wrong forum for this discussion?  Should this be on 
qubes-devel, or an issue in qubes-issues at 
https://github.com/QubesOS/qubes-issues/issues?

You'll definitely get more visibility on qubes-devel.

FWIW I'm not concerned about the complexity itself: I trust the Qubes 
devs not to mess up.
IMHO the problem is that people proficient with iptables are not willing 
to spend time learning yet another packet fi

Re: [qubes-users] Qubes and Mega Cloud App using

2018-10-09 Thread Ivan Mitev





On 10/9/18 11:39 AM, myblackcatisb...@gmail.com wrote:


Hello guys,

Since the Windows 7 HVM machine unfortunately does not recognize any external 
drives, I was forced to upload my documents to the Mega Cloud.


Qubes Windows Tools [1] allow you to copy files from/to a Windows VM to 
linux VMs. You could for instance mount your external disk in sys-usb 
and copy files to your windows VM from there. Wouldn't it be easier than 
downloading from Mega cloud ?


[1] https://www.qubes-os.org/doc/windows/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/081a6572-8378-bdf9-2854-1ab7d75bcae8%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DispVM starts and halts

2018-10-07 Thread Ivan Mitev

On 10/7/18 7:44 AM, Todd Lasman wrote:

On 10/6/18 9:29 PM, Ivan Mitev wrote:

On 10/7/18 5:54 AM, Todd Lasman wrote:

Help me troubleshoot this:

When I launch a terminal from the menu using the fedora-28-dvm template,
I get a message that disp407 is starting, disp407 has started, and
disp407 has halted. No terminal comes up.

However, if I launch the browser (Firefox), it works fine.

If I run from dom0:
$ qvm-run --dispvm=fedora-28-dvm --service qubes.StartApp+gnome-terminal

I get exactly the same starting/started/halted sequence, and no error is
reported.

That's because gnome-terminal calls gnome-terminal-server and then
exits so the dispVM exits. See:

https://github.com/QubesOS/qubes-issues/issues/2581#issuecomment-272664009

Thank you! This makes sense. I've taken the easier approach and just
started using xterm, as the link suggests.
You may want to customize xterm to look like gnome-terminal (see the
links in a former ML post):

https://groups.google.com/d/msg/qubes-users/rhp_jCrIO28/AcCk_G-CAwAJ

Hope this helps !
ivan

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/cb2ef3a6-a298-3133-08e1-dc3b44e84f68%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DispVM starts and halts

2018-10-06 Thread Ivan Mitev





On 10/7/18 5:54 AM, Todd Lasman wrote:

Help me troubleshoot this:

When I launch a terminal from the menu using the fedora-28-dvm template,
I get a message that disp407 is starting, disp407 has started, and
disp407 has halted. No terminal comes up.

However, if I launch the browser (Firefox), it works fine.

If I run from dom0:
$ qvm-run --dispvm=fedora-28-dvm --service qubes.StartApp+gnome-terminal

I get exactly the same starting/started/halted sequence, and no error is
reported.


That's because gnome-terminal calls gnome-terminal-server and then exits 
so the dispVM exits. See:


https://github.com/QubesOS/qubes-issues/issues/2581#issuecomment-272664009

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e892179-419f-dead-ad62-a4015735b99c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installation of windows 7 on qubes 4.0 fails

2018-10-06 Thread Ivan Mitev

On 10/6/18 2:52 PM, Cranix wrote:

I repeated all the steps with other installation image of windows 7
with this same results.

By "I'd suggest that you try another install" I meant that you give it
another go (with the same install disk you have). Sorry that it wasn't
clear.

I tried to use automatic repair included with installator
but without success.

Any other ideas how i can debug this?

It's still not clear when the install fails: do you get past the first
part, ie. after the first reboot ?

Did you follow *exactly* the instructions below or do some of your
commands differ (except the vm name of course and maybe the path to your
install iso) ?

qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
qvm-prefs win7new memory 4096
qvm-prefs win7new maxmem 4096
qvm-prefs win7new kernel ''
qvm-volume extend win7new:root 25g
qvm-prefs win7new debug true
qvm-features win7new video-model cirrus
qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
# restart after the first part of the windows installation process ends
qvm-start win7new

What are the last 10 lines or so of
- /var/log/qubes/vm-win7new.log
- /var/log/xen/console/hypervisor.log
- /var/log/xen/console/guest-win7new-dm.log

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1367ce1c-2c5f-084c-5a98-1464ada44e87%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Failed to synchronize cache for repo 'qubes-dom0-cached', disabling.

2018-10-06 Thread Ivan Mitev

On 10/6/18 1:48 AM, Otto Kratik wrote:

On Friday, October 5, 2018 at 3:26:51 PM UTC-4, Ivan Mitev wrote:

Every time I had a "failed to synchronize..." erorr it was because there
was a problem with the proxy in sys-net. Restarting it usually did the
trick, eg:

sudo systemctl restart qubes-updates-proxy.service

(run the command sys-net ; the syntax is for R4.0, I don't have R3.2 to
test but it shouldn't be too different).

Check the proxy's status with

sudo systemctl status qubes-updates-proxy.service

Thanks for your help and suggestion. I just tried both of those commands and
sys-net reports the update proxy is working perfectly, however there is no
change in the result from dom0 and I get the same error message as before.

The original interruption glitch happened after dom0 had already successfully
downloaded all updates, but during the upgrade/install of those new packages.
Ever since then, this issue has occurred. So I am thinking something local has
gotten messed up rather than a connection issue.

Any other ideas I should try in order to fix this?

If you haven't done so, maybe try to clear dnf/yum's cache. Hopefully
someone more knowledgeable with the dom0 update mechanism may chime in.
Otherwise I'd suggest you file an issue...

Thanks...

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d5929618-1033-b382-dc1b-199cd6ccb475%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Failed to synchronize cache for repo 'qubes-dom0-cached', disabling.

2018-10-05 Thread Ivan Mitev





On 10/5/18 9:48 PM, Otto Kratik wrote:

Qubes 3.2

Ever since a routine qubes-dom0-update was interrupted in the middle of the 
upgrade process, I can no longer run any updates on dom0. Instead I see the 
message:

"Failed to synchronize cache for repo 'qubes-dom0-cached', disabling."

..in response to most commands that I attempt through yum/dnf/qubes-dom0-update 
to try fixing it. None of the usual approaches like --clean have been 
successful.

What should I try from here to correct the issue?


Every time I had a "failed to synchronize..." erorr it was because there 
was a problem with the proxy in sys-net. Restarting it usually did the 
trick, eg:


sudo systemctl restart qubes-updates-proxy.service

(run the command sys-net ; the syntax is for R4.0, I don't have R3.2 to 
test but it shouldn't be too different).


Check the proxy's status with

sudo systemctl status qubes-updates-proxy.service





Thanks,
Otto



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/075cfeb5-0057-4ae6-6d7c-7e2de4a7dd5f%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installation of windows 7 on qubes 4.0 fails

2018-10-04 Thread Ivan Mitev

On 10/4/18 9:46 PM, Cranix wrote:

On Thu, Oct 04, 2018 at 09:18:22PM +0300, Ivan Mitev wrote:

Did you follow the official doc [1] ? If yes, at which step does the VM
fails to shutdown ?

Thanks for quick reply.

I did not created custom config becouse
there is no config file in /var/lib/qubes/appvms/*
There are directories for appvms but none of them contains
any config file.
I just created HVM without memory balancing.
Most of detailed instructions are for qubes 3.2 if i correctly see.

The page I linked to has separate sections for R3.2 and R4.0. The
instructions for R4.0 are in the "Qubes 4.0 - Windows VM installation"
section.

After windows installer finished it's job and started powering
down VM, VM's window disappeared but there was yellow dot in qubes
manager for hour (literally i watied hour to see if it will finish by
itsefl), then i forced vm shutdown. After reboot i got message that
installation failed.

That kind of error is unfortunately common with windows so it's
difficult to pinpoint what could be causing it. I'd suggest that you try
another install, this time following the instructions in the doc ; many
users had windows installed successfully that way, hopefully it'll work
for you too. If it doesn't, please send more details with the step
you're stuck at and the last 10 lines or so of the debug/log files
specified in the doc.

Hope this helps !

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/9ec1796a-ccc4-0d2b-891e-f2fff10180be%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installation of windows 7 on qubes 4.0 fails

2018-10-04 Thread Ivan Mitev


Hi,

On 10/4/18 8:47 PM, Cranix wrote:

Hello,
I'm running qubes os 4.0. I tried to set up windows 7 HVM.
I tried both ultimate and home (most basic one) editions with this same
effect.

I managed to get installator running after upgrading dom0, disabling memory 
balancing
and setting amout of ram to 2048M.
After installation HVM starts to shut down, its screen disappears but on
qubes manager i still see yellow dot in the state field for this vm.
After an hour i pressed stop button for this vm and killed it due to 20s
timeout.


Did you follow the official doc [1] ? If yes, at which step does the VM 
fails to shutdown ?


[1] 
https://www.qubes-os.org/doc/windows-vm/#qubes-40---windows-vm-installation


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0797c89-0f57-0ef9-5dce-b4292b1dd221%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Enabling and disabling external monitors based on laptop lid status

2018-10-04 Thread Ivan Mitev

On 10/4/18 11:10 AM, 'Mads R. Havmand' via qubes-users wrote:
> I'm scratching my head over this... How are people configuring their QubeOS 4 
> instances to enable and disable external monitors based on the laptops lid 
> status?

I've been through this too - see below.

> Current laptop (EliteBook 1040 g2) works flawlessly with Qubes (even 
> suspend...) and my only current issue is that I have to manually enable and 
> disable screens when I dock the machine.

I too manually enable/disable screens but I have configured a keyboard
shortcut that runs a custom shell script with xrandr commands based on
the presence - or lack thereof - of my external monitor.
All it takes is to dock the laptop and hit the shortcut - lightning fast.

> Normally, I'd use ACPI hooks and I'm guessing this needs to be done in dom0 
> (I don't suppose any DomU's have access to reconfigure screens?) but acpid 
> isn't available om dom0.

Yes this needs to be done in dom0.

On moderm distros systemd handles lid events provided no other
application has inhibited ("overridden") the event. See `man logind.conf`.

In the case of Qubes, Xfce's power manager overrides HandleLidSwitch=
(but not HandleLidSwitchedDocked=). There's an option in xfce power
manager to turn the display off when the lid is closed but it won't be
able to differentiate when the laptop's docked or not so it's useless.

IIRC there are a few ways to run a script based on lid events without
resorting to installing acpid (which is not even guaranteed to work):
eg. listening for dbus lid close/open events, monitoring
/proc/acpi/button/lid/LID/state, ... ; An alternative is to run stuff on
dock/undock events, via dbus and/or udev rules.

In the end my hacky keyboard shortcut "solution" worked well enough that
I didn't spend time to investigate the solutions above...

> What would you recommend? I guess a possible solution could be to source an 
> acpid RPM, or find the source code, and install that manually in dom0?
> 
> Best regards
> Mads
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6fb81f1-bfb8-0cd0-8b96-3bfcafee8d5c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] nftables vs iptables

2018-10-02 Thread Ivan Mitev




On 10/2/18 1:32 AM, Chris Laprise wrote:
> On 10/01/2018 05:48 PM, mfreemon wrote:
>> On 1/11/18 3:01 PM, Chris Laprise wrote:
>>  > On 01/10/2018 03:47 PM, Connor Page wrote:
>>  >> The official templates use nftables so shouldn’t be mixed with
>> iptables. I didn’t have time to learn about nftables, so just removed
>> nftables package from debian 9 template. YMMV.
>>  >>
>>  >
>>  > Hmmm, I was just thinking how Qubes' own guest scripts still use
>>  > iptables even in fedora-26.
>>  >
>>  > IIUC, iptables and nft are two different interfaces to netfilter. I
>>  > don't know if it really matters, at least for the R4.0 window. I'd
>>  > prefer to put the syntax change (for docs) off until a later release.
>>
>> I was recently thrown by the mix of both nftables and iptables in R4.
>>
>> The qubes docs don't clarify much.  The qubes firewall scripts use
>> nft. Most of the discussion on the qubes website documentation is
>> about iptables, but there are also a few mentions of nft.  The upgrade
>> instructions (going from R3.2 to R4) did not mention converting rules
>> from iptables to nftables.  It looks like other related projects (one
>> example is qubes-tunnel) is using iptables.
>>
>> Just reading a few things and trying to come up to speed, I get the
>> impression that nftables and iptables should not both by used at the
>> same time.  Even if technically possible (i.e. both sets of rules
>> applied correctly), it strikes me as not a great idea to maintain
>> packet filtering rules in two different ways.
>>
>> What is the best practice recommendation on this (for R4, Fedora 28
>> template)?  Are we to be using, exclusively, nftables in R4?
> 
> The last I read about this (for 4.0) is that nftables is used in Fedora
> Qubes code, but Debian Qubes is still using iptables. That still appears
> to be the case since nftables is not installed in my debian-9 templates.
> 
> I've submitted qubes-tunnel to Qubes with iptables commands only, with
> the intention to transition to nftables (or that other new interface in
> Linux, name escapes me just now) for Qubes 4.1. Someone who is just
> starting a project might be better off going with nftables.

... until yet another packet filtering mechanism replaces nftables (in
that case, bpfilter [1]).

I understand the rationale behind using nftables [2] but given how it is
widespread (hint: close to 0 even amongst seasoned sysadmins) IMHO it
wasn't worth it. The OP's post confirms there's quite some confusion
about how it interacts with iptables, and the official documentation is
far from helpful.
I'm quite proficient with iptables and networking in general but it took
me half an hour to understand how to tweak Qubes' nftables rules last
time I wanted to change something in the firewall, while I would have
done that task in less than one minute with iptables. I could have spent
a few hours learning nftables to improve the official doc but at my age
I prefer to spend time learning tech that significantly improves things
(eg. Qubes OS over standard linux distribution) over loosing time
learning stuff that is only marginally better.
Anyway - I digress :)

[1] https://old.lwn.net/Articles/747551/
[2]
https://github.com/QubesOS/qubes-issues/issues/1815#issuecomment-245109500

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/038dbfeb-9bbc-2bd5-2a96-06c761d54a52%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Open in Qube 3.0 beta released!

2018-09-25 Thread Ivan Mitev

Hi Sven,

On 9/24/18 9:16 PM, Sven Semmler wrote:
> On 9/16/18 9:28 AM, Ivan Mitev wrote:
>> Just curious - isn't it possible to open a link with 
>> `qvm-open-in-dvm` in your ThunderbirdVM and tweak the
>> corresponding rpc service (qubes.OpenInVM) to open a whonix-dvm ?
> 
> Yes it is, following the way you outlined for me here:
> https://groups.google.com/d/msg/qubes-devel/0CpN7ol1ZdM/0cBPvwc6CgAJ

Is it working with whonix too ? (that was the part of the post from John
S.Recdep I was replying too - I was wondering if there was a problem
specific to whonix dispVMs).

> 
> When I click any link in my Thunderbird VM I get the Open in VM dialog
> that allows me to either choose a new disp VM or an already running /
> existing VM. Works perfect!

Happy to read that it's working well. I'll try to write a proper doc
with instructions over at QubesCommunity, I may ask you and Raffaele to
read-proof it when it's ready so that you spot mistakes and/or give
additional tips.

Cheers,
Ivan


> 
> /Sven
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3640c853-b873-fa8f-f457-63eee3bcd796%40maa.bz.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Accurate time in AppVM

2018-09-19 Thread Ivan Mitev




On 9/19/18 9:22 AM, Gaijin wrote:
> On 2018-09-19 05:22, Ivan Mitev wrote:
>> On 9/19/18 5:17 AM, Gaijin wrote:
>>> Running Qubes R3.2
>>>
>>> I have some software that I run in an AppVM that needs to be accurate to
>>> within a second or two of NTP server time in order to work. I have
>>> finally figured out how to get my ClockVM to sync to an NTP server and
>>> for timesyncd.service to run when sys-net boots.
>>>
>>> My problem is that my AppVM slowly loses several seconds after some
>>> time, and I can't figure out a way to manually or automatically force it
>>> to resync itself.
>>
>> I don't have a R3.2 to test, but if it's like R4 your VM has a systemd
>> timer that updates the time every 6 hours [1]. In that case you could:
>> - change the definition of the timer so that it's run more frequently
>> - disable the timer and run a ntp client ; that'll be the best solution
>> if your software is very time sensitive, but it increases the attack
>> surface because of the ntp client.
>>
>>
>> [1]
>> https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md
> 
> How might I adjust the schedule of qubes-sync-time.timer in the AppVM if
> that is available in R3.2? That looks like a safer way to proceed if
> possible.

Provided that R3.2 time sync mechanism is the same as R4, you could
paste the following text into /etc/systemd/system/qubes-sync-time.timer:

[Timer]
OnUnitActiveSec=10min


Doing so allows you to override stuff from
/usr/lib/systemd/system/qubes-sync-time.timer and preverve your changes
in case the original unit file is updated.

Then reload the definitions with `sudo systemctl daemon-reload`

You can see the timer's status with `systemctl list-timers`

If you want those changes to stick after a reboot, apply them in the
TemplateVM you're using for your AppVM; alternatively you could add the
new file to your AppVM's /rw/config and issue commands in the rc.local
script there (copy the file + reload systemd).




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49c3cd57-e802-7998-bba5-3c6bc2b8ec9a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: dom0 uses 105%+ of cpu

2018-09-18 Thread Ivan Mitev




On 9/19/18 1:11 AM, Guy Frank wrote:
> Could someone clue me in on whether it's unusual for dom0 to be perpetually 
> running the processor at at least 105% all the time according to xentop?

What does 'top' in dom0 show ?

If you see that xenstored is using a lot of cpu, a fix is to revert to
an older version of xen-hvm-stubdom-linux [1]. That's assuming you're on
R4.0 though.


[1] https://github.com/QubesOS/qubes-issues/issues/4191

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5aca42ca-4d30-d48f-878b-b19ffeaec734%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Accurate time in AppVM

2018-09-18 Thread Ivan Mitev




On 9/19/18 5:17 AM, Gaijin wrote:
> Running Qubes R3.2
> 
> I have some software that I run in an AppVM that needs to be accurate to
> within a second or two of NTP server time in order to work. I have
> finally figured out how to get my ClockVM to sync to an NTP server and
> for timesyncd.service to run when sys-net boots.
> 
> My problem is that my AppVM slowly loses several seconds after some
> time, and I can't figure out a way to manually or automatically force it
> to resync itself. 

I don't have a R3.2 to test, but if it's like R4 your VM has a systemd
timer that updates the time every 6 hours [1]. In that case you could:
- change the definition of the timer so that it's run more frequently
- disable the timer and run a ntp client ; that'll be the best solution
if your software is very time sensitive, but it increases the attack
surface because of the ntp client.


[1]
https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e41b359b-9acc-78bd-000a-28f164858d34%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qubes-u2f not installing on templates

2018-09-17 Thread Ivan Mitev




On 9/17/18 3:32 PM, digitalintag...@gmail.com wrote:
> On Monday, September 17, 2018 at 6:24:45 AM UTC-6, digital...@gmail.com wrote:
>> https://www.qubes-os.org/news/2018/09/11/qubes-u2f-proxy/
>>
>> Wojtek shared this on 9/11/18.
>>
>> Following the instructions, I'm not able to install qubes-u2f on either my 
>> debian or fedora templates. Anyone else have similar issues?

The packages are still in the current-testing repositories, and you
likely didn't enable them.


> to clarify, the package manager doesn't find the named package on either 
> distro.
I don't use the graphical package manager so no idea how to enable
current-testing there, but if you use a terminal it's pretty
straightforward:

For dom0:

sudo qubes-dom0-update \
--enablerepo=qubes-dom0-current-testing qubes-u2f-dom0

And for a fedora (template)VM:

sudo dnf --enablerepo=qubes-vm-r4.0-current-testing install \
qubes-u2f


There should be something similar for debian's apt-get

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27098e9b-9636-92c1-4eff-654fd5c21dfa%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Time problem

2018-09-16 Thread Ivan Mitev




On 9/17/18 12:03 AM, ptitv...@gmail.com wrote:
> After going back to many of the changes I've done, the time in dm0 is always 
> wrong.
> All the other VM have the correct time. I don't know what to do...
> 
> the hwclock output in sys-net and dm0 are not the same. always the 2 hours of 
> difference.

This might help:

https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7af65ff5-0915-3584-10e7-845f5ff52538%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Open in Qube 3.0 beta released!

2018-09-16 Thread Ivan Mitev




On 9/14/18 9:29 PM, John S.Recdep wrote:
> On 09/14/2018 07:02 AM, 'Raffaele Florio' via qubes-users wrote:
>> Dear Qubes community,
>> I've released a new version of "Open in Qube" (aka qubes-url-redirector) 
>> [v3.0_beta]. The repository is at [repo].
>> This is a browser extension inspired by [gsoc idea] and it's written using 
>> standard WebExtension APIs. Each customization is done via the browser 
>> because it's highly integrated in it.
>>
>> ### What does it do
>> The extension allows you to choose which URLs are whitelisted in the 
>> browser, with a lot of flexibility. Indeed you can specify allowed URLs also 
>> with regular expression. Non whitelisted URLs are treated in a custom way: 
>> you can choose to block them only, or to block and redirect them to a 
>> specific/disposable qube. In this way unwanted/malicious URLs will not be 
>> opened in the current browser, so in the current qube.
>> Furthermore there are three context menu entry ([menu issue]) through which 
>> you can choose how to handle specific link. Then there is the toolbar's 
>> popup that allows you to whitelist a **specific** resource currently blocked 
>> in the **active** tab. In the popup is indicated the URL and the type (i.e. 
>> image, stylesheet, script, xhr and so on..) of each resource.
>> In the repo there are some screenshot and other infos. Furthermore after the 
>> first installation the browser will open a welcome page whose will guide you.
>>
>> ### Installation
>> Installation is really easy and it's covered in the [repo]. As you can see 
>> in [contrib issue] its integration in Qubes OS is scheduled for the 4.1 
>> release.
>>
>> I hope that it will be useful to a lot of us and for whatever issue don't 
>> hesitate to contact me! :D
>>
>> [v3.0_beta] = 
>> https://github.com/raffaeleflorio/qubes-url-redirector/releases/tag/v3.0_beta
>> [gsoc idea] = 
>> https://www.qubes-os.org/gsoc/#thunderbird-firefox-and-chrome-extensions
>> [menu issue] = https://github.com/QubesOS/qubes-issues/issues/4105
>> [contrib_issue] = https://github.com/QubesOS/qubes-issues/issues/3152
>> [repo] = https://github.com/raffaeleflorio/qubes-url-redirector/
>>
>> Best Regards,
>> Raffaele.
>>
>>
> 
> Nice.
> 
> Can't quite understand how or why this would be used, though..?  am
> sure it makes sense to the smart folks :)
> 
> 
> here's my vote for whatever "gsoc idea" is , 'cause:
> 
> I wish I could click on a URL in ThunderbirdVM  and have it open a
> whonix-dvm  by default  .  afaik there is no current way to do that.

Just curious - isn't it possible to open a link with `qvm-open-in-dvm`
in your ThunderbirdVM and tweak the corresponding rpc service
(qubes.OpenInVM) to open a whonix-dvm ? Alternatively you could create a
new RPC service just for that (it's pretty easy).

In my setup thunderbird opens links with `qvm-open-in-vm` in a
"semi-permanent" dispVM (eg., a VM of DispVM class), this way I know the
name of the dispVM in advance - in my case 'dispBrowser' and I don't
have to wait each time for a dispVM to start. That's a bit of a security
compromise, but then I just have to power the VM to get it back to a
clean slate.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/531c2f7a-11b7-913c-348a-1c2bba5f94c6%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: "Introducing the Qubes U2F Proxy" by Wojtek Porczyk

2018-09-12 Thread Ivan Mitev




On 9/12/18 4:33 PM, Sergio Matta wrote:
> Em terça-feira, 11 de setembro de 2018 13:38:09 UTC-3, Brendan Hoar  escreveu:
>> On Tuesday, September 11, 2018 at 5:18:49 AM UTC-4, Andrew David Wong wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA512
>>>
>>> Dear Qubes Community,
>>>
>>> Wojtek Porczyk has just published a new article titled "Introducing
>>> the Qubes U2F Proxy." The article is available on the Qubes website:
>>>
>>> https://www.qubes-os.org/news/2018/09/11/qubes-u2f-proxy/
>>
>> *FANTASTIC*. Thanks, this is very useful.
>>
>> Brendan
> Good news, thank you. But sudo dnf install qubes-u2f results not found on 
> fedora-28 repo. Please check.

It is in the current-testing repo:

dnf --enablerepo=qubes-vm-r4.0-current-testing install qubes-u2f

(same goes for dom0 - only the current testing repo name is different)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/469b5f1b-ba11-30e8-d912-b970b858ee12%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes-R4.0 : missing argument to qvm-create

2018-08-31 Thread Ivan Mitev




On 08/31/2018 08:42 PM, GDRUB wrote:
> Le 31/08/2018 à 14:43, GDRUB a écrit :
>> Le 31/08/2018 à 13:33, brendan.h...@gmail.com a écrit :
>>> On Thursday, August 30, 2018 at 4:43:42 PM UTC-4, GDRUB wrote:
>>>> Thank you for those explanations.
>>>>
>>>> However, Windows 10 fails with error code : 0xc225 "a required
>>>> device isn't connected or can't be accessed".
>>>>
>>>> win10.raw = 96.6 GB
>>>>
>>>> How to fix this error ?
>>>>
>>>>
>>>> Le 30/08/2018 à 11:58, Ivan Mitev a écrit :
>>>>> On 08/30/2018 11:10 AM, gd...@gmail.com wrote:
>>>>>> Hi, 
>>>>>>
>>>>>> I'm trying to run the following command:
>>>>>>
>>>>>> $ qemu-img convert -O raw *.vmdk win10.raw
>>>>>> $ qvm-run --pass-io untrusted 'cat "/media/user/externalhd/win10.raw"' > 
>>>>>> /home/user/win10-root.img
>>>>>> $ qvm-create --hvm win10 --label red --mem=4096 --root-move-from 
>>>>>> /home/user/win10-root.img
>>>>>>
>>>>>> qvm-create: error: unrecognized arguments: --hvm --mem=4096
>>>>>>
>>>>>> Source : https://www.qubes-os.org/doc/hvm/
>>>>> You're using 3.2 commands, see the "R4.0: ..." paragraph below in the doc.
>>>>>
>>>>> The following command should do the trick:
>>>>>
>>>>> qvm-create win10 \
>>>>>   --class StandaloneVM \
>>>>>   --property virt_mode=hvm \
>>>>>   --property kernel='' \
>>>>>   --label=red \
>>>>>   --property memory=4096 \
>>>>>   --property maxmen=4096 \
>>>>>   --root-move-from /home/user/win10-root.img
>>>>>
>>>>>
>>>>>
>>>>>> How to create a new PVH instead of HVM in Dom0 with the root image from 
>>>>>> R4.0 ?
>>>>>>
>>>>>> Thank you so much for your help.
>>>>>>
>>>>>> Best regards.
>>>>>>
>>> I think the issue of > 10GB images being truncated via ---root-copy-from 
>>> during create still exists. See this Issue is still open in the tracker: 
>>>
>>> https://github.com/QubesOS/qubes-issues/issues/3422
>>>
>>> You'll likely need to qvm-create w/o the root-copy-from, then 
>>> qvm-grow-root, then copy the image to the right volume listed in 
>>> /dev/mapper.
>>>
>>> See this thread (and choose commands wisely!):
>>>
>>> https://groups.google.com/forum/#!topic/qubes-users/vBk-jjvoeT0
>>>
>>> Brendan
>>>
>> Hi Brendan,
>>
>> It seems to be the solution to this problem.
>>
>> I'll test this with caution.
>>
>> Thank you so much for your help.
>>
> missing binary in PATH ! :-(
> 
> $ qvm-grow-root win10 100g
> 
> bash : qvm-grow-root : command not found

qvm-grow-root is a R3.2 command, on R4.0 you have to use `qvm-volume`:

https://www.qubes-os.org/doc/resize-disk-image/#expand-disk-image-r40

eg.:

qvm-volume resize win10:root 100G

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/829cc36b-7477-663f-e3b0-ee8a0a873636%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Importing a VM from R3.2 and shortcuts

2018-08-31 Thread Ivan Mitev




On 08/30/2018 11:58 PM, GDRUB wrote:
> Thank you for those explanations.
> 
> I have adjusted the documentation on my restored template (debian 8.0).
> 
> $ qvm-copy /etc/apt/sources.list.d/qubes-r4.list
> 
> I have bypassed step 4, so I get :
> 
> W: GPG error: http://deb.qubes-os.org stretch Release: The following
> signatures couldn't be verified because the public key is not available:
> NO_PUBKEY 43B760F197CA1BF5
> 
> How to fix this error ?

In fedora you have to import the key with rpm, simply copying the file
to /etc/... is not enough. I'm not familiar with debian but the link
below suggests you have to import the key with `apt-get install yourkey'

https://askubuntu.com/questions/291035/how-to-add-a-gpg-key-to-the-apt-sources-keyring



> 
> Le 30/08/2018 à 12:05, Ivan Mitev a écrit :
>>
>> On 08/30/2018 12:49 PM, gdru...@gmail.com wrote:
>>> Hi,
>>>
>>> Qubes OS version: Qubes-R4.0
>>>
>>> After restoring VM from a backup (R3.2), all applications have been 
>>> automatically included in the list of available apps. They appear in the 
>>> VM’s submenu ("start menu" in dom0).
>>>
>>> When I click on shortcut, the assigned application is not running in its 
>>> AppVM.
>> IIRC non working shortcuts were a symptom of using imported R3.2
>> standaloneVMs/templateVMs.
>> You should:
>> - configure your imported R3.2 AppVMs to use R4.0's templates
>> - or upgrade the imported R3.2 templateVMs:
>>
>> https://github.com/Qubes-Community/Contents/blob/master/docs/system/restore-3.2.md
>>
>>
>>> I can start an AppVM only from command line :
>>>
>>> $ qvm-run -a personal terminator
>>>
>>> How can I fix it ?
>>>
>>> Thank you so much for your help.
>>>
>>> Best regards.
>>>
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54182713-7afe-22e9-7579-ccc50beaf9b7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes-R4.0 : missing argument to qvm-create

2018-08-31 Thread Ivan Mitev




On 08/30/2018 11:43 PM, GDRUB wrote:
> Thank you for those explanations.
> 
> However, Windows 10 fails with error code : 0xc225 "a required
> device isn't connected or can't be accessed".
> 
> win10.raw = 96.6 GB
> 
> How to fix this error ?

Sorry, no idea...

(PS: please do not top post)

> 
> 
> Le 30/08/2018 à 11:58, Ivan Mitev a écrit :
>>
>> On 08/30/2018 11:10 AM, gdru...@gmail.com wrote:
>>> Hi, 
>>>
>>> I'm trying to run the following command:
>>>
>>> $ qemu-img convert -O raw *.vmdk win10.raw
>>> $ qvm-run --pass-io untrusted 'cat "/media/user/externalhd/win10.raw"' > 
>>> /home/user/win10-root.img
>>> $ qvm-create --hvm win10 --label red --mem=4096 --root-move-from 
>>> /home/user/win10-root.img
>>>
>>> qvm-create: error: unrecognized arguments: --hvm --mem=4096
>>>
>>> Source : https://www.qubes-os.org/doc/hvm/
>> You're using 3.2 commands, see the "R4.0: ..." paragraph below in the doc.
>>
>> The following command should do the trick:
>>
>> qvm-create win10 \
>>  --class StandaloneVM \
>>  --property virt_mode=hvm \
>>  --property kernel='' \
>>  --label=red \
>>  --property memory=4096 \
>>  --property maxmen=4096 \
>>  --root-move-from /home/user/win10-root.img
>>
>>
>>
>>> How to create a new PVH instead of HVM in Dom0 with the root image from 
>>> R4.0 ?
>>>
>>> Thank you so much for your help.
>>>
>>> Best regards.
>>>
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3534b73b-dd58-734e-aed2-e16eb1d6f4da%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Importing a VM from R3.2 and shortcuts

2018-08-30 Thread Ivan Mitev




On 08/30/2018 12:49 PM, gdru...@gmail.com wrote:
> Hi,
> 
> Qubes OS version: Qubes-R4.0
> 
> After restoring VM from a backup (R3.2), all applications have been 
> automatically included in the list of available apps. They appear in the VM’s 
> submenu ("start menu" in dom0).
> 
> When I click on shortcut, the assigned application is not running in its 
> AppVM.

IIRC non working shortcuts were a symptom of using imported R3.2
standaloneVMs/templateVMs.
You should:
- configure your imported R3.2 AppVMs to use R4.0's templates
- or upgrade the imported R3.2 templateVMs:

https://github.com/Qubes-Community/Contents/blob/master/docs/system/restore-3.2.md


> 
> I can start an AppVM only from command line :
> 
> $ qvm-run -a personal terminator
> 
> How can I fix it ?
> 
> Thank you so much for your help.
> 
> Best regards.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73ab6b32-c9d0-a870-4d04-00f839f7129c%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes-R4.0 : missing argument to qvm-create

2018-08-30 Thread Ivan Mitev




On 08/30/2018 11:10 AM, gdru...@gmail.com wrote:
> Hi, 
> 
> I'm trying to run the following command:
> 
> $ qemu-img convert -O raw *.vmdk win10.raw
> $ qvm-run --pass-io untrusted 'cat "/media/user/externalhd/win10.raw"' > 
> /home/user/win10-root.img
> $ qvm-create --hvm win10 --label red --mem=4096 --root-move-from 
> /home/user/win10-root.img
> 
> qvm-create: error: unrecognized arguments: --hvm --mem=4096
> 
> Source : https://www.qubes-os.org/doc/hvm/

You're using 3.2 commands, see the "R4.0: ..." paragraph below in the doc.

The following command should do the trick:

qvm-create win10 \
--class StandaloneVM \
--property virt_mode=hvm \
--property kernel='' \
--label=red \
--property memory=4096 \
--property maxmen=4096 \
--root-move-from /home/user/win10-root.img



> 
> How to create a new PVH instead of HVM in Dom0 with the root image from R4.0 ?
> 
> Thank you so much for your help.
> 
> Best regards.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03faaa4b-b4e9-6f78-8abe-82406e7d2bca%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-26 Thread Ivan Mitev




On 08/26/2018 12:50 AM, Rusty Bird wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Rob Fisher:
>> I'm wondering when we can expect information on the impact of XSA-273 (1) on
>> Qubes R4?
> 
> I'd guess early next month:
> https://groups.google.com/d/msg/qubes-users/Isn_hko7tQs/PcqIuUleEQAJ
> 
>> what are the best options for a Qubes user right now?
> 
> - - Add smt=off as a Xen boot parameter (which disables hyperthreading)

FWIW I was wondering how to turn off HT last week on a thinkpad 450s
(i7, 2 cores) which doesn't have a "disable HT" bios option. I had
overlooked the smt= boot option and tried maxcpus=2 but this left me
with 1 core/2 threads instead of 2 cores / no HT.

smt=off doesn't seem to work though:

$ xl dmesg | grep smt
(XEN) Command line: [...] smt=off

$ xl info | grep thread
threads_per_core : 2

$ xenpm get-cpu-topology
shows CPU0, CPU1, CPU2, CPU3

$ xl vcpu-list
shows that CPUs # 0-3 are randomly assigned to VCPUs # 0-3


Does smt=off work for you ?


One possible workaround would be to pin CPUs to VMs. Another one would
be to remove CPU1 and CPU3 from the cpu pool, like so:

$ xl cpupool-cpu-remove Pool-0 1
$ xl cpupool-cpu-remove Pool-0 3

but:
- I have no idea if this is identical to disabling HT
- 'xl vcpu-list' shows that only CPU0 and CPU2 are used, but VMs still
use 4 VCPUs - even VMs started after removing the CPUs - which doesn't
seem optimal wrt context switching overhead.




> - - If you're worried that some VM might want to steal data from another,
>   try not to run both at the same time
> - - Hole up, have a nice cup of offline and wait for all this to blow over
> 
> Rusty
> -BEGIN PGP SIGNATURE-
> 
> iQJ8BAEBCgBmBQJbgc8qXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
> NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfr38P/1KtCRK5qEvTcCTVLVbwYZHj
> k63iIhA6n7wzRaV8oaOq7YrRzFryNoikeU2eqYe+T6Rwuw3hBE842pN+rABTJ7BS
> Lb9UdUaC14y481Ad0uMxR4MvE+zKx6Ok4XuHTEwpZXDPw5URqNLNwp0+3ll1MXj2
> lkRFqb9/IuwdR491YpQQAfjkD/EfHkMvd+TJAGowkUOBFno9605x8fLYRCMw0ZTL
> U0c0amlRSeM57bhqPR0fMtc3rfFT/w+wZS1QHoq881qXfx9E29HjjOnTI3E1EN0I
> MRbh222HsjScvl2O7OPbDUzIQW6uC/rZPYKrekMNYfK0c+sfUCehLE/RUNp3qdUf
> 8dEpVL5uBFIL4wBSN4g9GIFa2wmHvnrJ90v7U7pJ61iWoA1vaKEARlECZU7u3+EH
> rOXSdb0+o7RtOItY/Lb8e/qfZxfScvvCb2n7dz1fqFFB2dXd7pIixMT7cERPbvsR
> AGiqs6hkmHKKuw38xeKhhl5yVQQhIa77WgAVVHQ0mXu0sqGOWPLA30kwp4Tioqvh
> HgKl9OtEUlVfYDj9HOuRdKM7Ns8rxLyDuYd6ENDgkMIC8QCEmE6blmnkJybR2mBo
> knEQ0vgRQ++R8eG0b+3u7a97Up94D6FhDGA5b042a0wOGgBEG7e9/sefwCOskXGL
> pnSyzaTOZPeHlStNxxhf
> =bImI
> -END PGP SIGNATURE-
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a13160c-e502-63e5-c80b-5fb0980daa36%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't use settings in fedora 28 vm.

2018-08-13 Thread Ivan Mitev




On 08/13/2018 01:58 PM, Michael MENG wrote:
> Actually i need to add chinese input method in appvm, but there's nothing in 
> settings, i can't found Region & Language/Input Sources. How can i open the 
> gnome settings in qubes?

The following doc might help:

https://github.com/Qubes-Community/Contents/blob/master/docs/localization/keyboard-multiple-layouts.md

No idea if Chinese input packages are installed by default on your appVM
template though, you might want to check that if something doesn't work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/933985c7-86ec-8130-1de1-0cb6164d74ce%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3840x2160 Resolution - How to change: Icon, Windows and Text Sizes?

2018-08-08 Thread Ivan Mitev

Hi,

On 08/08/2018 11:31 PM, Daniil .Travnikov wrote:
> среда, 1 августа 2018 г., 14:27:14 UTC-4 пользователь Ivan Mitev написал:
>> Hi,
>>
>> On 08/01/2018 07:15 PM, Daniil .Travnikov wrote:
>>> Hi,
>>>
>>> I bought Oryx Pro recently which has 3840x2160 resolution.
>>>
>>>
>>> Do you know how to change in Dom0 Windows, Texts and Icon sizes? Maybe 
>>> existing some software for this options?  Or it could be done in setings 
>>> somwhere?
>>
>> This may help:
>>
>> https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md
>>
>>>
>>>
>>> Screenshot of my situation: 
>>> https://drive.google.com/open?id=1V8Yg2nGd5A44laCGwMvAo71kHxb5DCqi
>>>
> 
> It helps in Dom0 and Fedora templates, so thank you very much.
> 
> But what about Debian 9 template? How did you resolve this problem?
> 
> 
> I even tried to change in Debian
> 
> /usr/share/glib-2.0/schemas/org.gnome.desktop.interface.gschema.xml
> 
> "text-scaling-factor" and "scaling-factor"
> 
> and Re-compile the schemas:
> 
> glib-compile-schemas /usr/share/glib-2.0/schemas
> 
> 
> All this instructions from 
> https://mike42.me/blog/2018-02-how-to-use-hidpi-displays-on-debian-9 did not 
> helps too.
> 
> 
> Maybe do you have any recommendations for Debian?

Sorry, I'm not familiar with Debian. I thought that the instructions in
the doc I've linked to would be generic - ie. either you have gnome
settings daemon installed/running, or you don't.
Did you try to change the Xft.dpi X resource ?

If you find a solution for debian, please post it so that I can update
the doc (or if you're familiar with git/github, you could send a pull
request with changes to the doc !).

Cheers,
Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41d957ff-5b29-40e5-49ff-b6246112a3b7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to enable Sound in Qubes 4.0

2018-08-07 Thread Ivan Mitev




On 08/07/2018 03:03 PM, levons...@gmail.com wrote:
> On Tuesday, August 7, 2018 at 12:21:11 PM UTC+3, Ivan Mitev wrote:
>> You don't have to attach any device to an AppVm in order to get sound
>> (but you need to attach the microphone if you want to record).
>>
>> That said there was problem with fedora-28 and pulseaudio, there are
>> quite a few recent posts on the mailing list about that. The updated
>> package/fix is in the current-testing repository and should be pushed to
>> current soon.
> 
> Thank you for your help.
> 
> Actually when I am update Dom0 I see version 25 of Fedora.

That's normal. (see https://www.qubes-os.org/faq/#why-is-dom0-so-old)


> But in Templates I see 26 version of Fedora.

Those are EOL, you should upgrade to Fedora 28

> 
> It means, that I must hear sound already in Dom0 and any other VM's?

In theory, yes, but given that you're using an older f26 template, I
can't say if there are/were problems with pulseaudio like with f28 now.

In dom0, open pulseaudio volume control (in the settings menu), you
should see the VMs where you have pulseaudio running.

In one of the VMs, say 'untrusted', play something ; in the volume
control you should see the volume monitor/level moving for that VM.

- if you don't, something's not OK with pulseaudio between the VM and
dom0 (sorry, can't help to debug further)

- if you do, then your soundcard is likely muted for some reason. Check
for instance the levels in the volume control's "Output devices" tab. It
could also be that the sound driver for your soundcard is buggy, or that
your headphone jack has something stuck in it, which automatically stops
audio to the speaker (this happened to me after my kids played with my
laptop).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16bf96f5-197c-baac-13a3-7546e7e94a63%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to enable Sound in Qubes 4.0

2018-08-07 Thread Ivan Mitev

On 08/07/2018 10:19 AM, levons...@gmail.com wrote:
> Maybe I need to attach some device on any AppVM to enable sound? Or it is 
> must working in any VM and in Dom0 also without attaching?

You don't have to attach any device to an AppVm in order to get sound
(but you need to attach the microphone if you want to record).

That said there was problem with fedora-28 and pulseaudio, there are
quite a few recent posts on the mailing list about that. The updated
package/fix is in the current-testing repository and should be pushed to
current soon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a7bed33-c21a-b7f0-a0c7-63c5813671f3%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't find a guide to setup a new fedora-28 template

2018-08-07 Thread Ivan Mitev




On 08/07/2018 11:58 AM, Sphere wrote:
> So I just installed a new fedora-28 template in hopes of using it as the 
> template for my sys-net and sys-firewall VMs but apparently seems there's 
> still alot of manual configuration to do in the template before it becomes 
> ready for that.

How did you install your fedora template ?

> Could anyone provide me with a guide to do this?

https://www.qubes-os.org/doc/templates/fedora/
https://www.qubes-os.org/doc/templates/fedora-minimal/

For instance all my fedora templates are based on the minimal template
with packages added to fit my needs, like so:

https://github.com/Qubes-Community/Contents/tree/master/docs/user-setups/taradiddles#vms-customization




> 
> Thanks in advance
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f21aaa3-6aa9-31c5-3341-70211bcc3c6f%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [need help] how to restore domain: untrusted, work, vault, personal?

2018-08-03 Thread Ivan Mitev

Hi,

On 08/03/2018 11:28 AM, x99nin...@gmail.com wrote:
> Hi all.
> 
> I want to "grow down" private storage max size "untrusted" (switch back from 
> 6048MiB to 2048MiB)
> 
> Ok. Let's start
> 
> qvm-volume info untrusted:private
> lvresize -L2G /dev/qubes_dom0/vm-untrusted-private
> 
> It's done and qubes-manager (basic tab) show me that private storage max size 
> changed to 2048M.
> 
> Ok, now i'am start untrusted domain
> 
> qvm-start -a untrusted gnome-terminal
> 
> Domain started, but nothing happens.
> What i do wrong? What happened with "Untrusted" domain qube?

Shrinking a volume is not a trivial thing to do.

You should have first resized (shrinked) the filesystem itself, and then
resized the underlying volume. Data loss aside, you now have a broken
filesystem which is likely why you can't start your VM.

The following page shows how it is done for Linux VMs:

https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/shrink-volumes.md

> How to restore "Untrusted" domain ?

- Did you do a backup with qvm-backup ? if yes, restore with
qvm-backup-restore
- Did you clone the vm ? if yes, delete (or rename) the broken vm and
clone/rename the original, backuped vm

However since you're asking, I guess that you don't have any backups.
The probability that you lost data is ~100%, your best bet now is to
attach your untrusted VM's private volume to another VM (see the link
above for how to do that), run e2fsck, and hope that your important data
was at the beginning of the volume (by running lvresize -L2G on a 6G
volume, you trashed 2/3rd of the virtual disk without any easy way of
recovering it).

> 
> Thanks. Also attached pic's related.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6f5ffd3-5483-1a82-27ad-ca132aa185ed%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3840x2160 Resolution - How to change: Icon, Windows and Text Sizes?

2018-08-01 Thread Ivan Mitev

Hi,

On 08/01/2018 07:15 PM, Daniil .Travnikov wrote:
> Hi,
> 
> I bought Oryx Pro recently which has 3840x2160 resolution.
> 
> 
> Do you know how to change in Dom0 Windows, Texts and Icon sizes? Maybe 
> existing some software for this options?  Or it could be done in setings 
> somwhere?

This may help:

https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md

> 
> 
> Screenshot of my situation: 
> https://drive.google.com/open?id=1V8Yg2nGd5A44laCGwMvAo71kHxb5DCqi
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54ea1430-9954-3c22-9f5f-7d4ba9986fee%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Dolphin or Nautilus in a standard Qubes AppVM Template

2018-05-28 Thread Ivan Mitev

Hey :)

On 05/28/2018 07:02 PM, 799 wrote:
>  schrieb am Mo., 28. Mai 2018, 13:45:
> 
>> On Sunday, May 27, 2018 at 10:16:17 PM UTC+2, [ 799 ] wrote:
>>
>>> The question is now, if I should install Dolphin or Nautilus as the
>> default File Manager and which qubes-specific question I should install.
>>> What do you suggest under Qubes Dolphin or Nautilus?
>>
>> For fedora use nautilus. Better Qubes integration.
>> In debian use dolphin, because in the past there already were some Qt
>> packages installed.
>>
> 
> Thanks for the hint.
> 
> And respectively use Qt Applications in debian and gtk stuff in fedora.
>>
> 
> Is there a way to check which  application uses GTK and which are using QT?

ldd should help:

eg.:

$ ldd /bin/nautilus | grep  -i 'gtk\|qt'
libgtk-3.so.0 => /lib64/libgtk-3.so.0

$ ldd /usr/bin/qgis  | grep  -i 'gtk\|qt'
libQtXml.so.4 => /lib64/libQtXml.so.4
libQtCore.so.4 => /lib64/libQtCore.so.4
[...]


Another solution is to list the package's dependencies; for rpms:

$ rpm -qR packagename | grep -i 'gtk\|qt'


> 
> [799]
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d88bd66-dfae-f86e-d79d-26f6458cd82e%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Fedora 26 and Debian 8 approaching EOL

2018-05-24 Thread Ivan Mitev



On 05/24/2018 04:28 AM, Andrew David Wong wrote:

> Update: Fedora 28 is also available.
> 
> Instructions for upgrading from Fedora 27 to 28:
> 
> https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/
> 
> (As stated in the document, these instructions should also work for
> upgrading from Fedora 26 to 28.)
> 
> Instructions for installing a fresh Fedora 28 TemplateVM:
> 
> https://www.qubes-os.org/doc/templates/fedora/#installing

FWIW when upgrading my custom fedora templates from 26 to 28 I got an
error with the qubes-core-agent-networking and qubes-core-agent-qrexec
packages: the "preun" rpm script of the old f26 rpm fails ("fg: no job
control"), and both version end up being installed, as shown by:

$ rpm -q qubes-core-agent-networking qubes-core-agent-qrexec

qubes-core-agent-networking-4.0.28-1.fc26.x86_64
qubes-core-agent-networking-4.0.28-1.fc28.x86_64
qubes-core-agent-qrexec-4.0.28-1.fc26.x86_64
qubes-core-agent-qrexec-4.0.28-1.fc28.x86_64

I've fixed this with:

$ rpm -e --noscripts qubes-core-agent-networking-4.0.28-1.fc26.x86_64 \
 qubes-core-agent-qrexec-4.0.28-1.fc26.x86_64

and re-installing the f28 versions (maybe not needed but can't hurt):

$ sudo dnf reinstall qubes-core-agent-networking qubes-core-agent-qrexec




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/057396f4-ddaf-9a2a-0558-348db54ed3d3%40maa.bz.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] unknown HID "Adomax" found in sys-usb while all USB-ports empty

2018-05-23 Thread Ivan Mitev



On 05/22/2018 05:42 PM, edalva...@riseup.net wrote:
> Hi,
> 
> On a machine with sys-usb configured and mouse/keyboard connected
> through "old" PS2-connections, I've noticed this when running lsusb -v
> 
> Michal Lee has pointed this out earlier
> (https://groups.google.com/d/msg/qubes-users/EANuL9rj_6w/-tjgYcThBAAJ),
> but I still lack an explanation of what is going on here.

The adomax device is a virtual qemu "tablet" used to provide absolute
mouse coordinates. In other words it helps with mouse pointer
synchronization between the host and vms.

You may have noticed that the device is picked up by sys-usb's
input-proxy sender as a HID device, which is why you may get a popup
dialog (if qubes.InputKeyboard policy is set to 'ask') - even if you
don't have a usb keyboard.


> 
> 
> Best regards
> Ed Alvarez
> 
> 
> 
> [code]
> 
> [someuser@sys-usb]$ sudo lsusb -v
> 
> (...)
> 
> Bus 005 Device 002: ID 0627:0001 Adomax Technology Co., Ltd 
> Device Descriptor:
>   bLength18
>   bDescriptorType 1
>   bcdUSB   2.00
>   bDeviceClass0 
>   bDeviceSubClass 0 
>   bDeviceProtocol 0 
>   bMaxPacketSize0 8
>   idVendor   0x0627 Adomax Technology Co., Ltd
>   idProduct  0x0001 
>   bcdDevice0.00
>   iManufacturer   1 QEMU
>   iProduct3 QEMU USB Tablet
>   iSerial 5 42
>   bNumConfigurations  1
>   Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength   34
> bNumInterfaces  1
> bConfigurationValue 1
> iConfiguration  7 HID Tablet
> bmAttributes 0xa0
>   (Bus Powered)
>   Remote Wakeup
> MaxPower  100mA
> Interface Descriptor:
>   bLength 9
>   bDescriptorType 4
>   bInterfaceNumber0
>   bAlternateSetting   0
>   bNumEndpoints   1
>   bInterfaceClass 3 Human Interface Device
>   bInterfaceSubClass  0 
>   bInterfaceProtocol  0 
>   iInterface  0 
> HID Device Descriptor:
>   bLength 9
>   bDescriptorType33
>   bcdHID   0.01
>   bCountryCode0 Not supported
>   bNumDescriptors 1
>   bDescriptorType34 Report
>   wDescriptorLength  74
>  Report Descriptors: 
>** UNAVAILABLE **
>   Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x81  EP 1 IN
> bmAttributes3
>   Transfer TypeInterrupt
>   Synch Type   None
>   Usage Type   Data
> wMaxPacketSize 0x0008  1x 8 bytes
> bInterval  10
> Device Qualifier (for other device speed):
>   bLength10
>   bDescriptorType 6
>   bcdUSB   2.00
>   bDeviceClass0 
>   bDeviceSubClass 0 
>   bDeviceProtocol 0 
>   bMaxPacketSize064
>   bNumConfigurations  1
> can't get debug descriptor: Resource temporarily unavailable
> Device Status: 0x
>   (Bus Powered)
> 
> (...)
> 
> [/code]
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/185d542e-7472-df8b-6951-ba9d26f27e62%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ProxyVM in Qubes 4.0

2018-05-10 Thread Ivan Mitev



On 05/10/2018 11:08 PM, Quentin Le Guennec wrote:
> From the docs (https://www.qubes-os.org/doc/vpn/)
> 
> "Create a new VM, name it, click the ProxyVM radio button, and choose a
> color and template."
> 
> On Qubes 4.0, I don't see that radio button. I don't see anything about
> that in the manual page of qvm-create either. Am I missing something?

"ProxyVMs" in 4.0 are simply AppVMs with the "provides_network" pref set
to true (or the "provides network" radio button checked when creating a
VM with the gui)

BTW you may want to check Chris Laprise's VPN code

https://www.mail-archive.com/qubes-users@googlegroups.com/msg21339.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e87ac105-26a6-b8a3-7e12-a400a1c9f3ca%40maa.bz.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

1 2 >

1 - 100 of 174 matches

Mail list logo