[qubes-users] update dom0 offline?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

My problem: new computer (ThinkPad P51) comes with Intel networking
hardware which requires kernel 4.9 to be detected. When installing
Qubes 3.2 one starts of with kernel 4.4.

I can see on my other computer that is already running Qubes 3.2 that
Dom0 is meanwhile at kernel 4.9 - how can I update dom0 on my new
machine? Is there some way I could download the packets on my old
computer, transfer them to the new and update dom0?

I am aware that Qubes 4 has kernel 4.9 from the start. But I am also
aware that it is still an RC and doesn't (yet) support Windows VMs.

/Sven



-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJaKbn7AAoJENpuFnuPVB+28LMQAM+crCLrTRutFAGyPI7aUXFN
r2x0TD6AIh7tMhxOS6sFmBACEhDe3nL35HBW2S33pdnuZxL5f1L5bmoikSvy4Ypj
Hu8HsK9Mvg2VLJo4UmjdS4MvjqQpIegipKu4O4MunFyzaU9qK/UyWZ4lQQp3XXar
M1R2Yg/3WVaMiqzIHpvkp2TIrKtGCwmIerVoO0tPhDCC5I8bFxe8jlyS01aN4FZ2
VKiJHXQkJ2ohK2HKkoZixdyGgxU3vIFBZh5WPVQoTiEZjOOKvSxq9z7o9uTKbwT0
lLp8n+ANXYyxRKnNBjWzelOeeCIE4BeHC4dxoOrJ+un2Z45FKuKbi+EEy5FA/AXa
su44Waw9uBlwxVrdqtCOjFbaCOKJiCJs98ilmpqtbQ8y+MC2Z2jWrE08ftBgkLAL
pvWG/ULyRAZ/mvigGZ8zWo97hK9km3Dlu0YTJL7XZnWeMVYIeBVJyGIaVoRXblUm
8zQb7FtTXS2bTNI6hNDIOBQ7624EuXTI3TRTGhdvnCM7OCb08aDlXlWf53N7O0Dh
NpOX1tyg8AiB7OA6RBR9bPRwETKeh+YopjlUrvdYUnUreWvzhELTtlmX0PEvxdzr
b1ICRvX01RWH2SYr60KninRdyvNdZ0uegAc8uG7lZMNSoH9v6x25qgRofkpX12Nc
QsiGyY/0XnZ+Q0qS/frc
=oEXD
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b4291ce-4bc4-aa4e-a7cb-68781ef1251b%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] update dom0 offline?

[Sven Semmler]

On Dec 7, 2017, at 6:37 PM, Unman  wrote:
> 
> You can always grab the files from yum.qubes-os.org on the old computer.

You mean https://yum.qubes-os.org/r3.2/current/dom0/fc23/rpm/ ?

All of them? There seem to be different versions. If I copy all of them, is 
there a way to tell dnf to just upgrade the packets that are already installed?

Here is what I already tried:

- installed R4rc3 and confirmed that kernel 4.9 supports my hardware 

- on my old R3.2 machine uname -r returns 4.9 both in dom0 and the fedora-25 
template

- I copied that template to the new machine now running R3.2 freshly installed 
and both dom0 and the template report kernel 4.4 (expected for dom0 but would 
have thought the template would continue to report 4.9)

- I then downloaded and transferred and installed the dom0 kernel 4.9 rpm from 
yum.qubes-os.org. Now dom0 reports 4.9 but the fedora-25 template still reports 
4.4 ??? 

- when trying to install kernel-qubes-vm-4.9.56-21.pvops.qubes.x86_64.rpm I get 
dependency errors. 

Do I just download all rpms and let dnf sort it out? 

Thank you for your time and support!

/Sven





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EFFEB324-09B6-4FF0-9D75-1F3395B8957D%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] update dom0 offline?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/07/2017 06:57 PM, r...@tuta.io wrote:
> Im not sure how easy it is for your hardware.

I looked into it. My old computer runs SATA and legacy BIOS, the new
one M.2 PCIe SSD and UEFI ... I tried imaging the one and using it on
the other with Clonezilla but that didn't work.

Also my M2 memory uses "M key" and I have not been able to locate any
M2-SATA adapters that would work.

So thanks for the hint, but I am afraid it won't work out.

/Sven


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJaLrrmAAoJENpuFnuPVB+2w5sQAKpqu/mtoY0W+vPIQjA/P6K0
JP2K5ELkeb+WRwiujyupltpreSBmxGultsTPKe9PybNQCax9UZwlstlQHz64ISY4
su4klVKgb79Z22RGlRj6YVr6muXRW/EzeN+IduMs4dml6205aDqCyLBV6jp5eHqS
fnO81LEoTFpa3OQS8E3ALnin7bAdz3UOPWIKxIiUflDjwwIOLTFpTTU0yKDfOXGZ
0ZPIHmUEg6Ab3igNRzzuUwrP9gsYIfvxhWIVBs047OJ3RRoeRuHsAXmnMC1uLPkj
iZHZOb76YTGi7i2RxQjdHaSHUyxjXZE8+GXKb7aoDo26+/A0C3+mS/frGEbWqZPB
bv/1LTid6DpmIxg/nxWflOHqa9/wUsLm0xXCzeCkPk7aSH4CCwb07f471JZyu3ZM
wIftO0sSVcMNZ8MK9X4gBFGBlqTEoVRId8y+5o/kI2lf/9Xc//dhVlFSCu522YXh
QOOj1JF2QUUl8bLcxs3yhxk/cAEtQPWhEFzB901AKCZwi3UQ8DQhejp1MzGTgsxL
H27oYMTl4gatRy5rPRAAoeuf/+b8T78gn2vnnLAMB7Qx1Kmfns+19E5KUD60dh+Q
JtXCZqU1N+jCnyKkOxp9md25iQpqihRFlX42Fpcm8GwoEjOOyoNiLEC6GyYocgy4
fTNiuWt8EzMuUxMivWdl
=W3Nn
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57fc035a-2b1b-79f0-2c4c-d082164cfd6d%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] update dom0 offline?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/10/2017 07:06 PM, Unman wrote:
> sudo qubes-dom0-update --action=download  I *think* that 
> dnf will do the right thing and resolve dependencies for you. This 
> should download the packages to the current directory, then you
> can transfer them to the offline box and install them manually. dnf
> will select the most recent version if you only give a package name
> - if you want a specific version you can specify that.

Thank you! Although I couldn't get it to work. My original plan was to
go with R4 for the new computer and that's what I will do now. Once
everything is setup, I'll reformat the old one and make it a Windows
machine for those few use cases I can't solve on Linux.

I'll also give installing Windows on R4 a try. As long as I can get
networking to work, I should be fine even without qubes-windows-tools
for now.

/Sven

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJaLr9nAAoJENpuFnuPVB+2t/gQAIm6ni7geic89xAGV/D1Xrxv
jeNs38CXBa2dU946NpVnzxs0qTJhalxPV3Zulyk0MN3QEjXg/IUTkfKJXKcr5sRs
JJnz2i+KXYZYB/RxyiP9X1zuXeqGPf4QLAF/lmgwMcw4pCOl/IFttTzNrlgvCElM
7V6lhgMreWvLnkurkNfZWHhy3UDfum6S7f7g0ddTAM14GFUI9wZbfYOnbWSVY9Y9
N7YmkOrECobuYj+YHy9Z5GpVMtiOkz+ZbvFl7GN61FPUz+CAH/kat4QcQx7gErar
dq+j/gUjFhUqywLwh3Uql0nT9AvpeojnpXrEQblcJ+JzsC2wk6M3fYnQ2EZ428E3
QB/Uy+qYpTFyA9WIuqNN5BB2fEu6SQV59sgP/URkC0y7xafmdRLvMf96ArIuem4I
3i9vbKQMdF7qLNqLsLCJqIppBJgcVyWwMJKUWJCDxiuJBpXKCDo408yzK5sKDd82
fj1OEglzjgqQ2YrepS9GLP8qyfxtZh0DB8f1e72JDk11tpVinYy5n/GgU0NmblaI
n+7pvyAIWgv61GnpAcVnhf/79bRY2Fb/qc9OVEM+T6ueFY/qWX9tVmHeBph3//Mz
TugfOWY8WID0AhXI9Pyb/KJV5GJDfYI9Y1WsA04VYzn2HTWHv/Bq9h6BZvLsi9P/
idV6Fr3/ahtNnFo7+J7w
=2/CP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7475cec1-7d63-854a-62df-f7d5edadcba5%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Constant pop-up from dom0 for qubes.gpg action

[Sven Semmler]

I just get started with R4 and restored my email vm. Everything works
great, except that now everytime I am in the To: of Subject: line I get
a pop-up from dom0 asking:

[dom0] Operation execution

Do you want to allow the following operation?
Select the target domain and confirm with 'OK'

Source: email
Operation: qubes.Gpg
Target: ... this is where I select 'vault' and click 'OK'

After this, I get the prompt to allow GPG access that I am used to from
R3.2 (it's configured to allow for 500s).

The problem is that the first / new prompt pops-up all the time and
makes entering To: and Subject: hell.

I couldn't find any documentation. What can I do so I don't have to
select 'vault' all the time?

All the steps of the original spit-gpg docu are followed.

/Sven


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dd3e0435-89dd-5143-d7bf-7251880bc9f0%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Ethernet-to-USB Adapter

[Sven Semmler]

When installing R3.2 one is presented with the option to create sys-usb as 
sys-net. 

Is there a guide somewhere on how to achieve this after the fact?

Is there an guide to bringing up an Ethernet-to-USB adapter?

Context to my previous posts: I’m struggling too much with R4RC3. Really do 
need to get R3.2 running. 

Thanks for all the patience and help!

/Sven

-- 
Sent from my iPhone

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62D01F72-97D9-467E-A08F-17B511B44A0A%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ethernet-to-USB Adapter

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/12/2017 05:27 AM, taii...@gmx.com wrote:
> You can simply assign disable sys-usb then assign the USB
> controllers to sys-net via the VM manager. Please note that any non
> PCI-e network interface is going to be have terrible performance
> and high CPU usage.

This did the trick! I needed it only once for an initial run of
qubes-dom0-update ... now all my networking hardware works.

Thank you!

I will post a detailed description of all steps I had to follow and a
HCL soon.

/Sven

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJaMva7AAoJENpuFnuPVB+2tPoP/AgTdpVs3wGky0KHQ+ZRNcbe
1SF7onbrTQCLVKe9utlNXXoV/lphhrJVxK3BFGtzpDItOQdXaiangVgw/O/URKhR
OXFOLp01A8i0gHXb6PwCniqPVdJHzx18+EAjougXpVjZP2KCvA1uMxCGs4fSG9EM
9Y+0To9LtbUjklCXxWLzhogGmocbcSYhGTvufR3g5NUAzTVIxeV7fDaTLGOUtJ5b
GbvRQ7qsXY1BcTJqAMibXs85+FvvNRHscD72wL6g38bM1Bg9RTPr4DLPFCFRihpu
H+/pVgXLBDdvjVFJhApiXRqR1854MUHBToJxXOgCr6Q6tHzTfijT+BclK8hSRVJN
ZYN73x3oU6RIx97GGoIip5XwBtuFFlIx6qTweU6xyLw5g9Rkx1h3zRgKqSizfwUa
LC1SCyZRWIK5MI8dopqNYocSwxsz6Y5QZ0BwEzfYNZhdQU5LbsArRP5l21BT17kZ
W/DRdhZdauVnVNlZHDxhLeCN3CL1PWFFzSpyJoq3f/mHtJR9Zrt0ituaAYHlC/kV
7tabfsn5utPUGgOCOzH9fpf8TmGLTivin4p1OSMQsM51PquYoONaZuW53FNPbkMf
OlAzXhsFt0J+qN8r5FL+rvfEr0mJB/7Ef3KS8SdEsUrSnucy0eOuiHDEkKQvMM2H
zibG4jnjH+epGnRA79et
=zJ88
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd30b827-2683-7a25-3c53-9c974c142012%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [HCL] Qubes OS R3.2 on a ThinkPad P51 (model 20HJS0BX00)

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

With significant help from members of this mailing list, I was able to
install R3.2 on my new ThinkPad P51 (model 20HJS0BX00). The starting
point was the HCL linking to swami's post ,
which describes or links all the steps below except for the use of the
USB-to-Ethernet adapter to run the initial update.

A little twist that distinguishes my ThinkPad from his is that my
networking hardware requires kernel version 4.9 to run, while after the
install Qubes OS runs version 4.4. Therefore some extra steps and
hardware are required to run the initial update to kernel 4.9 to make
everything work:

* another computer running Fedora or Qubes OS with a Fedora qube
  (to create the USB sticks)
* Qubes installer USB stick prepared using Fedora's livecd-tools
* rEFInd live USB stick
* Linux-friendly Ethernet-to-USB adapter (e.g. the one from Apple)

Create Qubes installer USB stick
- 

This step was described by Dave C.'s post 
with additional important input from Stephan Marwedel.

1. Get the ISO, signature and pgp key from the Qubes OS Download page.
2. Follow the instructions on digital signatures and key verification.
3. Install the 'livecd-tools' package.
4. Run 'sudo livecd-iso-to-disk --efi --format Qubes-R3.2-x86_64.iso
   /dev/sda' (assuming /dev/sda is the USB stick).
5. Mount the newly created USB stick and edit /EFI/BOOT/xen.cfg. In this
   file, replace every occurrence of 'LABEL=Qubes-R3.2-x86_64' with
   'LABEL=BOOT'.
6. Unmount and run 'sudo dosfslabel /dev/sda BOOT' (assuming /dev/sda is
   the USB stick).

Create rEFInd live USB stick
- 

1. Download the USB flash drive image from Roderick W. Smith's rEFInd
   Boot Manager page.
2. Run 'sudo dd if=refind-flashdrive-0.11.2.img of=/dev/sda bs=1M'
   (assuming /dev/sda is the USB stick).

BIOS settings
- -

* boot in UEFI mode (not legacy)
* disable secure boot
* set graphics to discrete
* enable all virtualization features including VT-d

Install Qubes
- -

1. Boot the ThinkPad with the Qubes installer USB stick and run through
   the normal setup routine.
2. When it is time to reboot, remove the Qubes installer USB stick and
   insert the rEFInd live USB instead.
3. Once in the rEFInd boot manager, select the /EFI/BOOT/xen.cfg entry
   to boot.
4. On the Qubes OS configuration screen, do not create the sys-usb qube
   yet!
5. Finish configuration and log into Qubes OS.

Using USB-to-Ethernet adapter to run initial update
- ---

Both Taiidan and and earlier comment from Yethal helped me figure out
this sequence:

1.  connect the USB-to-Ethernet adapter and shutdown all qubes
2.  in dom0 run 'qvm-prefs -s sys-net pci_strictreset false'
3.  add your USB controller to sys-net using the qubes manager
4.  start sys-net and sys-firewall - you should now be online!
5.  update the fedora-23 template
6.  update dom0
7.  reboot with rEFInd USB stick
8.  use 'uname -r' to make sure you are running kernel 4.9 in both
dom0 and sys-net. In my case sys-net was now running kernel 4.9 but
dom0 was still on 4.4. It took the extra step of running 'sudo
qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel
kernel-qubes-vm --best --allowerasing' to upgrade dom0 to 4.9.
9.  shutdown all qubes and remove the USB controller from sys-net
10. run 'qvm-prefs -s sys-net pci_strictreset true'
11. reboot with rEFInd USB stick

Fix EFI boot configuration
- --

For some reason the EFI entry generated by the Qubes installer doesn't
work, which is why we had to use the rEFInd live USB stick until now to
boot the machine. This can be fixed, by downloading the following
packets via rpmfind.net:

* efibootmgr-15-1.fc26.x86_64.rpm
* efivar-31-1.fc26.x86_64.rpm
* efivar-libs-31-1.fc26.x86_64.rpm

Obviously those packets are not signed by the Qubes OS team and
represent a security risk. Unfortunately the version of efibootmgr
delivered with Qubes OS doesn't fix the issue (it might actually be the
cause of it). So you have to decide whether you want to keep booting
with the rEFInd live USB stick or if you take the risk of installing
those packets in dom0.

1. copy the files to dom0 and install them via 'sudo dnf install
   efibootmgr-15-1.fc26.x86_64.rpm efivar-31-1.fc26.x86_64.rpm
   efivar-libs-31-1.fc26.x86_64.rpm'.
2. delete the old entry via 'sudo efibootmgr -b  -B'
3. create a new entry via 'sudo efibootmgr -v -c -u -L Qubes -l
   /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1'
4. reboot without the rEFInd live USB stick

Done!
- -

Now the ThinkPad boots straight into Qubes OS R3.2 and all the hardware
should work. During the installation we skipped creating sys-usb, which
one might want to enable now that everything works. Finally I'd like to
thank Unman and Rory for their help with approaches that ultimately
didn't w

Re: [qubes-users] Trying to download new Whonix templates and fedora 23 gets updated?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/09/2017 08:38 PM, vel...@tutamail.com wrote:

> Dependencies resolved. Nothing to do.

Did you include the --enablerepo parameter as shown below?

sudo qubes-dom0-update --enablerepo=qubes-community-templates
qubes-template-whonix-ws qubes-template-whonix-gw

/Sven





-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlo/A+YACgkQ2m4We49U
H7YAAQ//eFNBXzo7qHoqwAkXJOZHxvWOKor685XDYjTd9amhGmhYqtgbZ2gYUXTX
xzRWTOPkvEVU6jI8ON7xaOszrHdpP1CJv3YTfsz672uLH4M5pO3BFyAT4SeCHB/a
FG7jhtFc/HYtEdudUSNOxeq+OK+WWqHkXF2EsxBZYjUQ6f5eEsncXtJDLLeIfc90
dDkuHLd2Inob3xeilfFvpECApIb4p78giQHb8oMymIoQBbateUF8Wfe8sn08Syz0
PhfAwz7I3Ne4kCCWKa+bdfzrQDfbJoMFMYnf9cGov+xVerp2ofI4mdQxV0IqtSzI
swQkbfi6SSku5JipLLe/kgY+SFnOauR2d/RyEizfY9CCaLmEaObRZfAjCDHoqJbQ
9IhUhqdGacOabwUnjyeP+2DnW+jc1/pIw3jdJQ4/pkvH0LwndgU8eZrVw23OqVmf
F9ZDNQtTAXcLPTJvyTuwIMiD7EhB/KNjSfDZohHzep2i/7QhDbUQxSLD4/C+hHJl
VYycWDPKaNmS2lUh5RXLkbwXSfSwnSpaTJkSIxcJV355Ock0DhJ2LbRrtqhYQ2zV
AuSnpabKLYxy2Ha9agxL4BAkvUU6lxPH9fp/h+lIn/hapJUFjYcAd6jOcPZrUKJq
nUM+8Sz7CzbAnAQjf2RJoZYIyB6qNicJ07/7e0qRa3OvbKbRUvs=
=Brhw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62ac8757-ed98-2cf9-0816-e6eaa384e5af%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/15/2017 03:20 AM, kotot...@gmail.com wrote:
> It does boot but the X server cannot start. Text installation did
> not work.

Based on swami's post from 9/15/17 I suspect you need kernel 4.9 in
dom0 ...

https://groups.google.com/d/msg/qubes-users/ZFZT7mQNeWY/xZ1AiCYOAwAJ

> In BIOS setup, disable Secure Boot and set graphics mode to
> DISCRETE, otherwise the graphical installer won't start - You can
> set graphics mode back to Hybrid once Qubes is installed an kernel
> is upgraded to 4.9.45-21.pvops.qubes.x86_64

He is talking about a ThinkPad P51 which has both DISCRETE (NVidia only)
and HYBRID (Intel with option to switch to NVidia) graphics. I just
recently installed Qubes 3.2 on ThinkPad P51 and posted my experience to
qubes-users and my website:

http://svensemmler.org/blog/2017/12/17/qubes-on-thinkpad-p51.html

There I also describe an alternative to Stephan Marwedel's approach to
the network drivers. I used an Ethernet-to-USB adapter to run the
initial dom0 update.

Anyway, all that doesn't help you.

1. Text install is not working for you
2. X server with Intel graphics needs dom0 on 4.9
3. Install media of Qubes 3.2 is kernel 4.4

So you either get R4 to work (my last attempt with RC3 was rough - but
your mileage may differ) OR you give Frédéric Pierret's _unofficial_
R3.3 a try ...

https://groups.google.com/d/msg/qubes-users/4le5YK2V9Qg/HrdmUi6dBAAJ

/Sven



-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpRlMQACgkQ2m4We49U
H7bplw//SsLCrfSJQeQkQnjElMs59inBKk6ldRVlVB9PRD6hgxyPDIEaGv4ef13l
JVLEXLaXJov99/UttamtK+su/jgO2+a4sIz8rT9Mz2FMBA6tVqi1X4E3MmnLlRSh
Ak00l9M2qkZ/nxFtxKViN4ACP3CuUrt+C99osGNaXAVPhj7W75uXYEuDORlddt30
PeENBEAKQI4uGEvYaxQsJuMIJUf1PJr7hyrJsro2RcSKyUhzGS1IotLjzuwuuHTT
3I7AmdZ66wTkfDSUXne1MFxMo2k2QQS986kQM8MkIWbcTRQbcV5ubiTN4lNmE0Va
FqzFDzo0gVirkk4Qgt46qUthjIo3RhuXP8GeVpo1VbEMsfTgGcsiWmxvQZkwWJqx
SNg/xGWynyc3D/Zj+oQ8RaU1EqAU53H30uBabbPTVdaEwtVc7ZfSCFwSt3OSO6X9
XWeIwP6INQ4KWmwx04z4kKmyIoPg++qiBcsXWid7BK6sESXSRyLq6MLmhElkyCsP
9ihsEcqa2AG+sSmHx95ruruHDz8bj9hvjGMqCleEBC9Qg1gACA9iamSz1/xlHIgV
HRyVwcNIwsKNLMLtU9uYW8HE674BXzC3ZYRc4urZLDVUP9BbPFNHGbKLUL1PineR
cw+Kt6ZlE4aPYAZ0EZQyG/CuGF/1f+rrX0AuR74XbaQHbg3JQqE=
=APF5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c725d6b-0b3a-896d-d49d-7bc9ef43fbf7%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recommended wireless or Ethernet card / chipset

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/18/2017 11:07 PM, 'EW' via qubes-users wrote:

> I tried a lot of things from various posts but to no avail, I'm 
> going to just assume for now that the HW is not compatible (they
> are USB 3 adapters, some posts are at least opening the possibility
> that USB 3 is no really supported yet). The system worked off of a
> USB 3 based SD card though (before I installed to bullt-in SSD).

Yep, got trouble with USB3 too. As far as USB-to-Ethernet adapters are
concerned I had success with Apple's (which is USB2)...

https://www.apple.com/shop/product/MC704LL/A/apple-usb-ethernet-adapter

/Sven

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpRnrQACgkQ2m4We49U
H7axgQ/+MIaJOvYVWwsuwPtyOTXaJUcVotfenqxUeMtI4nxc3zN04vAqqNAVy65W
vwGH61VirM9+6R9AbOd/4aQEu0EC0vruqU7qpb6Yu+2JSBAAK1U3dULyFch1Txid
odysmae5jWgP9PZdJyfyGfanOdd8EdXXZSeNXRFK5cFmrQwOvOp+wk25uMnIBOyZ
WVHtR0IJuRqoosLQlpEiIvzJ8s0F/SAS8I4WdNFla3+SbN+LlfIBWxlMPhQp6pTT
hY8+uvhaMNDiQEqdLyBly+oWxuUbB+jeKr1qBYmanRgfVrZ9mi2fJ2fGm60I/z48
HfP1Sl8VrEH+H3zKP9gg+M9EwFiiD2gSsyOjcPWJ+xsB3nyaMhQZGVlGe7fwZnqt
NOjMSYHu28mc+tqI52XaBmR2OfqDGoD9kXc1GAgJ+Pcm8/DcGGLaWBpvxgafgykL
xNs8qR/RvgPUep5pld40KaA/fkfTuRB1s6BkmdR50yrOJE6Tyi8KVM+KukYkSVrA
YPqUCDake9lhZRvc26zOPmMVFiqWpMICI8cw88ML8CphabJ+5g4rmSvDh6jB81VI
mqNjCYA8RgXZgWpIRoFqL+mU400RKGa/evSOMph/b1OLQrz5RjCY/vD8f12xa9+C
cuBLG3hXYcv1jmy2jlcVUoX/WR6Z8R0YDujfWwu7xYWI6iaEZHs=
=q7nq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d5f7f32-ebd1-9966-33fa-15d45ac26bf7%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] rc04

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/09/2018 12:07 AM, Roy Bernat wrote:

> What about release rc04? it should be release at 8/1 that  was 
> yesterday .

Delayed until the devs have a good workaround for SP1/SP2/Spectre.

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U
H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1
hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5
lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau
aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA
VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv
X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs
u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F
h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv
2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU
54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS
k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY=
=59oT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2499c72a-30da-d969-4fe1-d6c00e08404f%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change default usb qube

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/10/2018 04:10 AM, 'Blacklight447' via qubes-users wrote:
> I recently installed qubes on my new laptop, but i think i 
> accidently ticked the box which configure qubes to use sysnet as
> usb qube, does someone know i can revert this and usb a normal usb
> qube instead?

I didn't try this right now, but based on previous experience I would
suggest the following sequence should work:

1. shutdown all qubes

2. use qubes manager to remove all your USB controllers from sys-net

3. dom0: check /etc/qubes-rpc/policy/qubes.InputKeyboard and
/etc/qubes-rpc/policy/qubes.InputMouse and rename any mention of
"sys-net" into "sys-usb"

4. dom0: sudo qubesctl top.enable qvm.sys-usb

5. dom0: sudo qubesctl state.highstate

That should be all!

/Sven


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpX7TkACgkQ2m4We49U
H7bv5RAAj5AoJjTShkFHribPSryZowXx9h2wtFCcsumjh0jB6P0QE0QL0h/+L/oT
iuxbhjkWX+Dz0mmBPAifR2iMex5hRXEiaHTFoHAXqdnJkn2VpI5Fi7G8opU6A3j1
9qgOkTjVV+IyuT/8xui8+4GJRyURpbDiTv4B704deUr3MuM5EjKKqt9fuQF1qpPv
Rhq7ZhDUuN2E3t9esEPbXfQK6johu1r0BdMYggE1MuSR/yOnHF/jUfQ/mBsMYTn+
Brb5YjbJfV83+N1jtW9ZdsoADFbxQaV/6NSb0oky6xMqOR3m0VrmFQhkOdlS9rY5
fcv6H5pIA0HUjpmqspR4hZ7wvLSFTVYS3bjSxMCueb8vOUJ2ZCW4OWVIRCmUMnqk
iaun1Xn0j9F3pHjl/s8/dcpBv7IA2c83+sQXcgVT06RhMsyrqBBaXMk8FTrSfxGZ
9ra0yL+uaVf+rY73KmlmHlaVsmNX/oibpDo4gjoMQb667xbC+TFBC8iMotW0UONi
IOkKRlRQolF2zgHV/iL0lNsGEmtyjpOmt3JVqnfGSHumv2UmdoXg3mbJYJB/zAB8
Bb9rsyJ2zdIa7R4UvrsZvbNIGf2M/s2g5SEQ4l73aBeGUde+814YBlIPHElcd8It
jHcunq4nAdp5dmfzwGwljUNZlPO6ZGh9KByFpglCksAYQd0v9fk=
=zzyL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2d5daf6-099c-bacf-60b6-dfe68fe38130%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A question for the Qubes community: multiboot documentation

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/11/2018 07:15 AM, 'Blacklight447' via qubes-users wrote:
> This issue described the lack of documentation how to multiboot 
> qubes. I have decided that i will be writing it, but as described
> in the issue above, I need some user feedback.

Great! Would you consider including instructions on how to multiboot
between Qubes OS 3.2 (main system) and Qubes OS 4 (test/future system)?

I'd love to test and play with 4RCx but need to have a stable
environment for work (3.2).

/Sven

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpX+EIACgkQ2m4We49U
H7ZHsxAAiJF1z3NQ8MCRV1+kR7lWgIhp3/xGLoULoYAEgV24/apAKm5b7IEHmD2e
GBgoa1Nij2mIIrfqNNj8cIe9548tqLOAa4oaDGqQtI6u3MH3AgkBRgenvOtRCaKu
lWxAERCgC02LpAQx+pBMAcHH1WrT8i9twCeXhUSTxfYwRmC2PHSRXtrT+ttpv7XR
afFeSrybU6whRVvYjVySfJks8P7KImvaToVEZPsFbFIjKum8MGh4h+xmAysGyNhj
34Bxo3g+9eyWU03cCNcROQq0Mi/zuxQM9p3ydkahStJjD5FFRafha0TiyJIXXh7H
y5irTk+CxZ972Qq5ixq0I/MBw+nKk/uJEnRPra2E7SxPSZpKkjhvH6mWBPqtoDYo
U8VKCRIrcqTJLX2HPvQO69Z4o7Uzgkhjrzt2XbkbBpbp0Akh7Pwo2nFPOz94tW6+
o88ebhbB8QJSUzcjZ8JZOh+NQ6cH/7lPDRSkXuc+ZvNVw5GV5qka4dkTEmZAGMoI
9KVkGyDrbM5MHm0TkGVOvVa/vKioIrF9na9b4P5al+m3tHK/M8fiJuJ9AIrlXQIK
tBzLiuyfkrZalna7Zbp+NfZ8SctIXb+h4ikreiYPbrOkyib7/+V0YULllKugH/6T
PqS5Hgll8SvKQ6ikwnc582EeOqIkUjtwM7e2afcrvob96ayzX/s=
=hgxO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37e53df9-d7c0-bc60-c1a1-50390560c04e%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change default usb qube

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/11/2018 06:25 PM, Unman wrote:
> If you are connected through sys-firewall or similar, then it is 
> sufficient to set the netvm of sys-firewall to none.

Oh wow! Thank you! You just gave me back so much future time...

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpYVuYACgkQ2m4We49U
H7bamg/+NhzvUJS53o9Zc6JH2EOep9nRB+6H/cuQPayFvkDPV5UqCocQuAW6Lpcb
HSh4xHy7dqNPWdYJRUIdrtZ9LI7Y7koKV1Wv2LGxHK270mJCmHgZThfhRjbsZDNV
J/WXA0peUjjJzEMBEGFsVekwCBUJ4YXAR2fyVNK4L7+PPf+jwV8Ae4Xd7iiVgHX2
jXu39tcbNRjRA1R/9up5TWcjJcE3VfYRWqqyuotMsbPeCnZHv/Vm8HfNL62d2n1W
fqIIkqGOfc6Iu7zqJdbzbAlhk9A6ctGvaa0yxhRnn4Z/BKMRB5afY5UGvm7SVgNa
Bdp5HcpQ5bgZDBefTW2u384PrUsTv73H8uTBKEEQTficCNFtoNruv+aqH9rbIAh0
1+WbhXEs1y/B3y9YyTLABySUBmknRY7lY4Tyuu/uqiRTLgiotpJniRrmzVs6YfDh
bErC5koNIz6LxNU1lonOjiGGQzP4H23f/cYqRdWtuhH5YR3rC39riskeB59E7cYx
vyKR3mhD0Jz+pDmE9MODJlTVzkjHJJ9CiYjX7XifEl+YVNQkzwPFZDncJuxBdqn9
VTk7KvMZBaPZD6wIOnpcjfcX9Ceurvj9XuFWRG7khOZXNaeYsNRfk3cyi9p4D/ev
Px/onaBg4571tbeTaqCqsoAVdmq0AtStI/n3Cw/1jdU9BRAJNlc=
=Pvhf
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27eb7b67-e476-0c60-912f-1e77192e3b82%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A question for the Qubes community: multiboot documentation

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/11/2018 06:48 PM, Unman wrote:
> It's really easy to do this Sven.

I will try this next week ... not sure though if grub is even used. I
am booting via EFI. But I got the basic idea and will do some
google-ing. And of course make backups of everything first.

One of the things I love about Qubes is that "if things go
pear-shaped" I can always wipe, install and then restore all my qubes
from backup. Takes about 3 hours and I'm back in business.

I do a full backup every lunch break. ;-)

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpYWI8ACgkQ2m4We49U
H7a/AxAAglGrADFVt876P1uo+d/GSYCIEeW/6E93x0UTj/ZlK9mZ6wakcRqw5E2s
1pyuNn6oONp34kBZnxgCOkXxPe7FyhOKusdeZQCufHQFgxBpSpOSpomVRaaqBSVK
36ZJ7oT6jeZJ3S/Ddxtns8R2I54o4w9n/fhsHLuzmk5Ea5P1pB7KeDAGlpfansnl
NyyYS2f6SxKphf9XfekMMXz5yaqIxzZcUr3ryGZHNRiZfm4uJ22+4cXkPvku3JJP
KXJqgENqomh9Fujwqpa9HOW5L81dCPZLJL/otrmL3FLXPUzIoKI+JisaORFlqE0n
JbbBI0kVl3rTWCPvUwekFgdkr2rSiwIQJykZlAWEL/lDMZHs4IzOPKFNzZAs4MXI
YBRKoYsLlPPWz7ivAzkbJ6sE4FgCJ6Q28ePOW0X5Eyy9kTBVWxH7K6kHoWIMtpCo
wx3pwbAN7MGobyNHqoY/y0cpHcwP8ywLez9/mmxGw6lVVD9UrocTx/rHjvLjCDXR
GxzDmFuvLYFoNjACR2NiJKv8gqR8t2EADj9HbDHyr174P98WkEfB93GQZj1aseRa
0ejr3jq8V4DXns/qixXH9nI57cfmTbjK+EzUinSedH28nEx8zut2Ph/a7aw1579Y
EqtAfnQAbkHz1RmQVnHBqOZA1dL4za482CfrcRjH4eiCSmo2uUU=
=M67V
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/188c90dc-b2f6-e461-967d-3fda6f0ad41b%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A question for the Qubes community: multiboot documentation

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/12/2018 12:41 AM, Sven Semmler wrote:
> I will try this next week ...
I'll wait for "R3.3" and R4rc4 to be released.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpesRQACgkQ2m4We49U
H7YiqQ/9HIjh4iP1yeMuBHuuhC1jgcz6grJ1UvDQIHkNhhmJ0dASIBBNLOZ44ebS
a20KhGIkdMTazUW6kYSRjfTtHFYbp2vraER2c9uSyRSOIwr1SoZVRTEc3s+EbD00
PdzuMr96R7wKnephpw3J2m1EFC+Nx3me0+T/iTwiJeh0zHK7UepWcMpPeBCpaKR4
ptTwN93pbv/5qA+64FwlNPCaT0I6GSyoJJitbYRRD+wgzm5y32bX3IPK+cc7sOSA
R3uhSCPirA7OxIoetW3t3OglAcdwKzE+/TTJxQaCdCvzOsGeoJbvwKaUN+veVgOt
YBK8qbwO877B2u0JgFPZK81oL0DXXEE925Y5BkMgm6sJ8HbDuTayu2XHF4OVQ0x0
JD5ZlTac/Ai8JGyqipgnx0AfKGu2oTjJLRKxVkbEBx2Df7xgUzE88tejBxoc2Epz
nn+B1em+Vr7MTIaEWuhNUQCUxArnMQBzSffUVUwTChJLd+mh7ZUcB99Dyr3vltPF
gasK5XeEWg9Uz/9aTNkO+aLfleyr5wOnAqKuTNyIB3wUa4iu+GWiMfET9VPxGDNx
K3ID/PuAZLBN+dUAOw5a3cv2g7ZXfdsRWZx4Xd7DqDEBx/Z3l5FW8Qe8Lv1oB9Ss
gTcgkcNjdqmPVTjU1cMhOxQHl2g4OJ6yZIweMjUOMqTCQY2Ar38=
=qaxN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/801681e5-45f7-dd0e-a86e-d088ef8df80f%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Using USB device with Windows 7 HVM?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I am new to Qubes OS and this group. Attached please find a PDF
outlining how I organized my setup in general. Getting right to the
point, here is what I have done so far:

* setup and using all fedora-23 based qubes / qubes-split-gpg ... all
works fine and as expected

* created Windows 7 HVM template [1]

* created USB qube [2] and verified that USB pass-through works using
the "dev" fedora-23 AppVM. Many of the hardware tools I use have Linux
clients [3][4][5]

My issue:

* other hardware tools I need to use have only Windows clients [6][7][8]

* it is my impression that the qubes-windows-tools do not (yet) support
USB pass-through - is that correct?

* I have also tried to assign the entire USB controller to the Windows
HVM but have failed. I can repeat and provide error messages if that
would be a valid approach.

My next steps:

* install VirtualBox [9] in a dedicated fedora-23 based AppVM

* run Windows 7 as a guest in VirtualBox inside the fedora-23 qube

I know that:

1) USB pass-through into fedora-23 AppVM works
2) I have used a Windows VBox on Linux installs before (non Qubes OS)
3) USB pass-through from Linux to the VBox worked too

So I see no reason other than performance that the above wouldn't work.

The purpose of this email is:

* confirm that qubes-windows-tools do not support USB pass-through and I
have not overlooked anything or made a mistake along the way

* evaluate whether assigning the entire USB controller to the HVM is a
viable solution ... some seem to have had success with that, but I
couldn't find much details on how to do it other than the obvious tab
in the Qubes VM Manager details for the respective qube.

* get feedback regarding my setup in general (attachment) ... does this
make sense?

* get feedback if anyone else is using the Windows VBox in fedora AppVM
approach to enable USB pass-through

Thank you for taking the time to read this. I am looking forward to any
feedback you are willing to share.

/Sven

[1]
https://www.qubes-os.org/doc/windows-appvms/#using-template-based-window
s-appvms-qubes-r2-beta-3-and-later
[2] https://www.qubes-os.org/doc/usb/
[3] https://www.totalphase.com/products/beagle-i2cspi/
[4] https://www.saleae.com/originallogic16
[5]
https://www.microchip.com/Developmenttools/ProductDetails.aspx?PartNO=DV
244005
[6] https://www.k2l.de/products/42/OptoLyzer%C2%AE%20MOCCA%20compact/
[7] https://www.k2l.de/products/15/MediaLB%C2%AE%20Analyzer/
[8] https://www.k2l.de/products/16/INIC%20Explorer/
[9] https://www.virtualbox.org/

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZlJn1AAoJENpuFnuPVB+2qj4P/2FIG65UyErGMeX7JlVWh63s
fZBoSMH0hWenEY96UCGNvqYjIoqYPD68NczXjzOypWzW8/1vjbgKkgRPSglb83/N
X4iUU54gCnShiNSMTpqxBRpA/vXA/ynT6uPX2HnytK/4poEgA2w0VH8Xm2PfUVkn
WOUHd5QvoFMMczAQY8yu0eM6klI2SwqWo6kMBmXljfak43Mx/WWRgBuEqdZsOMwY
P1/ei7Yj98o+VONKO5IwQg9O7GcpCJB8EladQhTXA5/xt/VdjUdao+j8vX0Lr1Ld
wT8aD/SSmZuO4DwGV1goUy0eUdsvrwsc9Os0zlUysF4Z28bqyMdseJKNPmYj8Ntj
8skDgCD45BTczURwD63DTtbHC+akOBA1G/T2cIQJOIm2Y1iE3vxWQssZOS8MDJ6F
MM4jmjVqLX5oWQxm5VEw5Noajx/Vg0bFPfxfj1HVXidhf9ntaVBV2lS4TUkgCWQc
ICqwXfjxoj88O94sCFxoZCMrBS3lE+SEXtAJqkRNxeUGfIO+knSy5oaxKUrEQCQh
g6QDc4AaYLYvYvou4hLktWvwTNeeUmzSZGCu5NX3JKuEncVFDBh0KNdjuZGJ9WXG
CuW96jgdYvBSbPVrg30kKR3d1YlLCPm8vSvI4FwknclrrVhSBYL2kcInvBJW3aM0
9vqcQKtJgd/O8HTDCWZR
=dVhj
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f59fc8a-c13b-d30e-34be-b0f9a7bf5785%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


domains.pdf
Description: Adobe PDF document


domains.pdf.sig
Description: PGP signature

[qubes-users] libre motherboards

[Sven Semmler]

On Monday, August 14, 2017 at 8:50:20 PM UTC-4, tai...@gmx.com wrote:
> As always I offer free tech support for libre motherboards if you
> wish to buy one.

For the next several months I am planing to use Qubes 3.2 with a DELL
Latitude E6410 basically accepting that it is far from perfect. Also
since I am new to Qubes OS I will make many mistakes an learn from them.

At some point in 2018 however I wish to buy / build a high powered
laptop that runs Qubes OS 4 and is as secure as possible. Are there any
libre motherboard based laptop options or does this automatically mean
desktop?

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/709eb393-213c-b539-1995-129cf2d021c2%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] DELL | LATITUDE E6410 WITH QUBES OS

[Sven Semmler]

On 08/16/2017 01:55 PM, QubesOS-ML wrote:
> there how i have done it - a bit tricky with the Bios Settings
> http://wombat3.kozo.ch/j/gadgets/9720-laptop-dell-latitude-e6410-with-qubes-os

I too have installed Qubes 3.2 on a DELL Latitude E6410.

For me however it worked with the default BIOS settings and enabling
everything under "Virtualization" except Intel Virtualization Technology
for Directed I/O (VT-d). The issue with VT-d was that the Intel graphics
wouldn't work as documented here: [1]

Have you been able to get WiFi to work?

I tried installing broadcom-wl in the fedora-23 template but ultimately
failed. So I solved my WiFi issue by purchasing a $44 IOGEAR
Ethernet-2-WiFi Universal Wireless Adapter [2], which is probably the
better option anyway if you don't want to install packages from outside
the qubes repository.

/Sven


[1] https://www.qubes-os.org/hcl/#hardware-laptops
[2]
https://www.amazon.com/IOGEAR-Ethernet-2-WiFi-Universal-Wireless-GWU637/dp/B018YPWORE/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c69fce91-73dd-6151-4891-c965966d1c7d%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Using USB device with Windows 7 HVM?

[Sven Semmler]

On 08/16/2017 02:53 PM, Yethal wrote:
> 1. VT-d is not enabled on your machine. In this case go to bios and 
> enable it.

It isn't. I am running Qubes 3.2 on a DELL Latitude E6410 ... which has
the issue that he Intel Graphics stop working as soon as VT-d is
enabled. At least that was the case for the installer. I will confirm
whether I can enable it after the install, but the HCL comment for the
E6410 doesn't make me optimistic:

> Intel graphics unusable with enabled VT-d

Thank you for pointing this out.

/Sven


[1] https://www.qubes-os.org/hcl/#hardware-laptops

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aceced12-bf8c-c6c4-5cf2-7b41693c8b40%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Using USB device with Windows 7 HVM?

[Sven Semmler]

On 08/17/2017 12:53 PM, Yethal wrote:
> Issue might be resolved by adding iommu=no-igfx to GRUB config

Thank you very much Yethal!

Yes, it resolved my graphics issues. I am now able to run Qubes with
VT-d enabled. :-)

I am also able to assign the USB controller to the Windows HWM! :-)

That means I can use USB either exclusively in the Windows HWM or via
sys-usb with all the other AppVMs and an external mouse. That's a
compromise I can live with.

Again, thank you. I could have used a second laptop running windows to
capture data, but this is far more convenient.

/Sven


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cd18fcd-6771-043b-c648-bd13588b10df%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] libre motherboards

[Sven Semmler]

Thank you Taiidan,

on 08/18/17 19:34, you wrote:
> Lenovo G505S

"AMD A10-Series A10-5750M (2.50 GHz) 6 GB Memory 1 TB HDD AMD Radeon HD
8650G"

-> I do have an AMD based laptop and while Qubes installed, there are
issues (DispVM doesn't work, after a while it won't even boot anymore).
>From the little research I've done I take it that AMD means I have to
deal with a "missing firmware" issue. While I do intent to figure this
out for educational purposes, I am not sure I want to go with AMD for
the "big one" next year. That's why I am running Qubes on the DELL right
now (it had an i7 and Intel graphics).

-> 6 GB Memory ... I have 8 GB now and would say that that's probably
the absolute minimum. I am hoping to go with at least 32 GB next year.

-> Radeon HD 8650G ... sounds like trouble too

Is that really the machine you meant?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5eecd15-3c7d-e7b2-a418-57c1d38fba70%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] libre motherboards

[Sven Semmler]

On 08/24/17 17:34, taii...@gmx.com wrote:
> That is a software error (which I of course would be pleased to help 
> with) not a hardware error.

I will definitely try again. It has been my practice for over a decade
to have a second computer fully installed and with the latest backups
restored on standby. Because stuff usually breaks at the worst time.
Since my move to Qubes, I don't have this safety. During the last 2
weeks I learned a lot about Qubes, so maybe this time it'll go better.
If I need help, I will surely post to this list.

> People who say "oh AMD sucks" 
I didn't. Quite the opposite, I am very pleased with that computer when
it runs Windows. I simply had issues with a stock / not troubleshooted
version of Qubes OS 3.2 installed. I would actually prefer the AMD based
machine as primary computer due to screen size, keyboard size (it's a 17").

/Sven


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab5f96ed-eb31-51d9-1258-91ac20da67a6%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] how to cleanup the application menu?

[Sven Semmler]

Hi,

this is probably documented somewhere but I seem to not find the right
keywords to get to the answer.

Issue: I have uninstalled the debian-8, fedora-23, fedora-25, whonix-*
templates. All my VMs are based on fedora-25-minimal clones, a windows-7
or kali template. However the application menu still shows all of the
uninstalled templates. How can I clean this up?

I already manually removed the .menu files from
/etc/xdg/menus/application-merged except the qubes-dispvm.menu
obviously. That alone didn't do the trick.

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e11b1b0-6daa-ed80-255d-de4192d0f1fd%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] how to cleanup the application menu?

[Sven Semmler]

My apologies, as so often I found the answer right after I asked for
help. Sorry!

I missed https://www.qubes-os.org/doc/remove-vm-manually/

The missing step was rm ~/.local/share/applications/*

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05381a9b-2a69-774e-8c2e-994f2c2a3978%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] set mimetypes in dispvm

[Sven Semmler]

Hi,

I have a customized disposable vm template. It is based on
fedora-25-minimal and instead of firefox I have icecat installed along
with libreoffice and okular.

When I now try qvm-open-in-dvm example.pdf I get a dialog with the
following error message: Unable to handle mimetype of the requested file
(exit status: 768)!

How can I set said mimetype?

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/270baca4-bc5c-c2f7-e835-bbd88038bdb6%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] set mimetypes in dispvm

[Sven Semmler]

On 09/02/17 08:06, Unman wrote:
> There's been discussion of this with okular before, [...]

Hi Unman, thank you for the hint. I found the discussion between
Francesco and cooloutac on 2/7/16. In summary:

> But it worked to use in template mimeopen -d 

So I installed perl-File-MimeInfo and then ran mimeopen -d in the VM.
Then regenerated ... and it works!

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc318252-b755-2ed8-a365-afdc6ad225f5%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] diagnose cause for lock up / black screen

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

In my post "[AMD/ATI] Carrizo (rev c5)" from today I make the assumption
that the black screen / lock up is connected to the graphics driver,
because that's what I have observed with other Linux distributions on
that machine.

However, I just realized that I have the same issue much less frequently
(~1/month) on my Intel-based computer running Qubes OS 3.2

So I would like to learn how to go about diagnosing such an issue...
which logs to look at? How can I see what happened just before the
lock up?

So with this post I am not asking for help with a specific issue on a
specific machine but general hints, links and references as to how one
goes about diagnosing / analyzing and eventually maybe reporting issues
with Qubes OS.

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZsEbtAAoJENpuFnuPVB+2abcP/R6Pjre1sJwebRWsn5SxvNQP
XnR/zh4GTV2blSqJyjZj9q6/PRxzPXEbXoKy+zC4ljPnLeFRJ3NPaLnCgHZY/Nd/
DhHAJZNbwO45w4TZ/NdimpRpe4jQaZCYT9rfvVJk8OlIdJS59hSQMuuk6dH525MP
3cjRHER78s8wF6nlUxfF4xArLm8y89XB3vqG3gnO8z/c4XuYbyP7xPk8ReUCsc2k
sCnMMOUqZ9vy0rU5xINjDEuqyjdlAYtt703zbCf3TBZeINCHN737E4+ubIqCtHF8
hK1ezoGAUnMowk411UnHPa/5ETycr3WHEGTJBXEBBq7i8AojKUUp0KV35DZv4EPL
ko7NQrRDhcmaVA+xte8RZ4+yTo7cqC4KCJWzk6vsdlGuZB9m+Zefeqyh/k/V9Hb/
4cg+1dbNNiFWDnleDzifIe5av6cqKU/TZ8QqoVNmGkT7YGD1O9OtRBIvyxvN/s4N
aG5RD1EjfaEtsY3OJR5/H9WBVp0qR7zEWtBWghdiG+4kq47Mn1O7Ajc4P/TwXgvV
JJW203y7gIK5B3MgPhUbZDKT1RuAYSfvFPLvLa/YNx1uGAw3a4gq2uRHoJQLUVxT
eSDoU2l4melhPKPGMi/zz6V2jNZa7yaw9TBcL33MlrQ1T4amsOHotGHxlSaiTPha
P/qcrr5+k0HctcIIjosJ
=mwqA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af27292a-0050-9a38-ac75-5960180b9716%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installing ssh / capturing dom0 output (was: [AMD/ATI] Carrizo (rev c5))

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/06/2017 04:59 PM, taii...@gmx.com wrote:
> install ssh so you can get access then

Ok, that'll keep me busy for a moment. My plan is:

* install sshd in a dedicated qube on computer 1
* follow
https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-th
e-outside-world
to enable computer 2 to connect to sshd on computer 1
* follow
https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-th
e-outside-world
to forward dom0 output through a VM on computer 2 to computer 1

At this point I should be able to use the keyboard on computer 2 and
see dom0 output on computer1. Then I'll just wait for the black screen
and run dmesg on computer 2 / capture output on computer 1

I'll report back when I have it. Thank you!

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZsHj3AAoJENpuFnuPVB+2j2cQAJbc519CyO5+gx8HtzNlRY7J
f2qjYffu+S40gJrZyImOKi9kwGUg6RwdlsVuKrHPV+BVodurCD5C8t8YUqQRl7nI
0Hn8ZW1a2wA/gw1Zz+nON9E9YwxRcD8yNQsODZ+fIYA+Y2tHtwyNW4vp6kSPzTSa
HaPp6j5quISeInYSgSCFQfSMQulQZ6metomHlGSyd9FbUEbBzOvKon/vxOL7ezsv
z3P9un8AIhlWf8nm92ZBLGhc19A+PPdnN/9Hl210mNjIu67ytfTFby10GFITWBXp
2mHPXp0uy2zvaBE1GqONkn/Hb0KjHng5O6kn4Mnc0d3qOowPlByj89usHgBr4PmS
OrmjztKjvH2o7FUEIj7x1hUmTrx/juRrtjG0oMJ1qPx17qsZ+xMtCTKDDzrjh2kh
KPhEUuy28SXCEoH1xydtJR0uePPJIe7k+QW4lC3vnlCYmMPaVbdV3ixPN2oCfj6L
UIaTEERF+jjmfVx91VgUPC9YKFJAw3jNOSNEluTXy38O7KfFEWg0BdtaITTZuPfp
3/6RUPgsUzGWPFA5v8TuT2xWkijidB+PEDdVNpQBPeysWF4foFmslpsnTqXXs45f
T0Ef+IjYRe9Yh3mXwTDIBwpi3hMa2RsdBZc1Qz+Sol6Hp3E7rfKXzsYg1qdfTWdS
k4ECLv4HXbMtdTT2w34S
=aWvv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/574652f1-4a31-f6fa-d6d1-7c4b96f48c5f%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: secure hardware after purchase but before qubes installation

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/07/2017 10:00 PM, taii...@gmx.com wrote:
> 
> Why do you guys use qubes anyways? (feel free to message me off
> list) I can't understand why everyone is so paranoid

1) Qubes is an excellent networking lab / playground to learn about
InfoSec.

2) Having all important / personal data in offline qubes separated
from any online activities is simple & effective.

3) The same reason I encrypt files and emails ... so that if I ever
really need it, me starting to use it is not a data point that gives
me away.

I love technology and see it's benefit to society, however when I look
around and see all those Facebook addicts littering their livable
space with always on IOT devices (cameras, microphone and all kinds of
other sensors) and uploading everything to cloud storage I cannot help
but wonder what the future will bring.

Also: https://twitter.com/rootkovska/status/891949524830257154

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZsqjDAAoJENpuFnuPVB+2EUIP/0E4NkAWLdrbSkjrs4pal+Zd
kSQSARjCa1S2Daspxkv8B1qnN+44UalIGCMSQYhgDedlJ/kpNaBp1ay/up4tm6BS
pJib/X309f1iQlBa/QiYU2DlmN5BB9x+iKr9QFZ3PYOtglbdFPnYHkzC6tj1H5pi
2OP1tF9JVa6nA9hcT9GmJCSk8ezqmIeXKCZ4iRNmyvgrEkaTxgkrIQrmlWP+bMAR
G4nIH/nic82py7v2wNb8q/19ZxLuwVuNtEaptp8rCahnEgoHQ7Tf/WBggGo62BB/
2U9XltIP1F2VyHWY5bJzgIOuJYtkb7v9mfNhyqnRBcQEVYprmfV8bUnB3tBACMnp
VHhyI3YMwH7f0dV1OJA6kpcwEnfba1EXKHqQotKUPJZ+advWWfwxU73L+YBgluHO
x60Pg7jXhFouQ8XeaevWXgnefq6m/b7M0U0iiqXUnaLb11K0TV45ikKFi/RoT8pt
hoJOlxZTI6ksK5+V1vxpsCNy4edlR7RtDEify27CQQjZ/Yix669hZhUreDkpbVgm
7GRK9VkGMEVB2deUdvxr8MdSl/050CV596rYlKSpgq0j5z36i2NKPKAF0fITAznv
GkNe7fLmVYKBGWmbehcOvAIqZUHk734pjmz+0BOhycTKSpWor7Wq+x70IHWdzA12
uZ20iH0H/8JxAQsrWCSD
=Q9ag
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dad31bf1-4385-7a0c-1ad9-6232dbd818d0%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using UNISON between VMs... Is that possible?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/12/2017 02:15 AM, segu.sa...@gmail.com wrote:
> I have a script that uses UNISON [...] The idea is to sync files 
> between two virtual machines that have no visibility between them.

Can you be more specific? Will those two VMs have network connections?
Are you planning to continue using UNISON? Must the script run fully
automatically or is some limited user interaction ok? (scheduled or
manual run)

> Has anyone faced this problem or imagined a solution for this?

* you can use qvm-copy-to-vm to copy file(s) from one VM to another,
whoever it won't give you synchronization ... if the sender had
visibility of the file system of the receiver, it would defeat the
entire purpose of Qubes OS (compartmentalization).

* you can mount a USB block device to VM 1 and run your script to sync
between VM 1 and a folder structure on the USB block device, then you
could unmount and mount the same to VM 2 and now run your script again
to sync with VM 2

* you could allow network for both VMs via sys-firewall and setup
firewall rules that would ensure that the only connection between the to
VMs is the one for UNISON (e.g. unison -socket 1234). You can lookup the
internal IP addresses of the VMs in the Qubes Manager.

Finally, I would recommend to take a step back and question your setup.
How much thought have you put into your domain compartmentalization? Is
it really necessary to sync between the two VMs? What is the purpose of
having the same files in two VMs that are isolated from each other?

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZuA6YAAoJENpuFnuPVB+2VkwP/0mWxWFlBKQtsfUp25rw7a9y
eiNsgIzzmWUgMAkFY6yFryVFUtmwCMOW48w9unx9FIUpOpboHSDrGW84N2yaqjyV
KzwFPhhaJbV/i7/1CyHzHzkhctgpipHfz5c0G4PFdpchSbgepaOfEjTQv5sv0p5X
swFxx3f7OA162rZRZqjSJ3KKvrkHzVLJuU2moRJvwg/+LMAtjtlsRGmG1wBsyBDy
LF94GMlKD+mMbGB5TQmAU2Svxq3ym0yKzjvwzzFbNc3RSASJROlFOvEtqSVwWioH
t6RicdD2DW0WnohVrbYLrj55oIhwDvRFfvBVqYr+Bbw9uD+lh16GHX6eALEm0yww
wZP4Xtk2id+giDkj9agSv+aLCoAQpxp0lg2Vrtj9LT/3rJWMRP2GPIirqVFLXONX
HmEC0iozlvG/OltQnuD+VQvX2yYdT84FgxKqGEtNhnRNs45RwDhkVqIXwifzSbIu
KRYRap6W9FNbpcEBoq4jBmotnOkECOdqi7qSCvzjlrBQNAHrSXZyY2SZaD731hir
UApJnm4Bo8yJE7O12P6IvA0335ins0eNk6IuWVTlYuN+ymIqwfitYqOd7HWE/Zzu
WXBwT3QzI9Br2R3D0dJR6+LoEQLmt/OXAhqG5wsFhKF6kd/SGTFpWseCoypjsZKB
bk3DM/YPjTAvWOLtkfOp
=L7c+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/edab4168-df00-5037-7741-7f9879303e2b%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing ssh / capturing dom0 output

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/06/2017 11:44 PM, taii...@gmx.com wrote:
> Just use another distro to do it, don't go to all that effort.

Yeah, after 5+ hours of trying to get this to work, I'll have to cut my
loses. While it might theoretically be possible to diagnose and correct
whatever issues this computer has ... it's just not worth it.

So when the time comes to buy HW for Qubes 4.0 next year, I'll be sure
to pick an Intel processor and Intel integrated graphics. I don't need
better graphics and more than that I don't need the struggle.

Thanks for offering to help though. I understand your position that
technically an AMD would be just as good. But out of the box it won't be
.

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZuDy8AAoJENpuFnuPVB+2rEIQAM7cnyyMETCYwT9aUh6wYSmc
TPS6i7j6uhNdqTxCZQ58rmmIoyIW/1i4JBc8x8MJ/VTogbeqfDBZeBEvIbM1I8H3
S53TLhYxOkn5R7cq2OSyRrsScsKYUDcF5vNPbYT5nJ34ffXv5suj5GGhQshq1U8m
YH7TEbQDFdlPq3UfDb3dW0I/S61rXyd55bFHgnZwvvvQL0/ApjQtx8mEcRuEO8bX
jzaQIYSBEsnnMQ85KZaF6KjsmfipgM8exzYDcoBrMX6yiA7byxvhd+t3c/EYC4MM
63BY0Fr/1AhvITOkRVfew4LDY7TbnRNR6khian1di/27cakNVNUgGEVPvGKoRymx
VKRhrr1DTdqjEhWm+qgwUzc11H8p07mST5BGx8rfg9cHrGYfL2YQCkcwVPLERHKs
6UY/Adu6XnJUHJUeOt8/oN1NNn0FfxV68gzJ3ddd9VwTQ16rUbdwRqkO1nUqoCtN
29uR3KvS3PfZ8K7yaikRyTEoCcnNHmLF8PUR+yqz1FtvxfI5xmdDUKJmzUKw6QTE
UNmk0oNTZT1qEfSFaEGZClhGwLO+NSgxSS/SWAuXL4BlW98H0r1fjhdOEB+Rv4+a
1XAmO8s7gZ2qdeJxiQnGcKPFqn1JsNBgIfLuPcqEMpG0MSNKtqD69/nVKalNbAEl
kVVuaH7uy8R8i3lETCRZ
=cMt5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47832067-8de8-cce4-c393-3b016c5633f2%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] unable to start dvm

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/06/2017 04:53 PM, Sven Semmler wrote:
> The computer does have iommu, however dmesg reports error
> initializing iommuv2. All other AppVMs start and work.

At this point I am giving up assuming that my particular AMD processor
lacks a feature needed for disposable VMs. I got Qubes OS R3.2 running
fine on a DELL/Intel computer and will wait for the Qubes project to
announce compatible HW for R4 ...
https://www.qubes-os.org/news/2017/07/08/toward-a-reasonably-secure-lapt
op/

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZuD5sAAoJENpuFnuPVB+2GYwP/jRK0S8fymCOSjAQ8cBXbqq+
FCysCTWj9wyMn5XHDw1vkHe1ftLbnzabnUNB/fsQ4dvfmd8ogdwp0OaH4m4uu20N
utoM9NXR98a9P3CrRUFOfxSWvnj61hXHnkT/k9p53TD9jpfrsNgyV6XnoPGCdze6
M1vmj3OU2o5j21J8hYXyifsBqSCgwA3E6foLEYJOkqkBFmar5J0JvDbur35YfjfY
qNoB1OafbdhL029aM9XIrJluDd4QSR0ZUpYGytMgGV31Ip4xI/orU29NyDQ/omI4
+IRLvrvTARHC/yYsmz8VLTOBqjdmUHvcHywGFtjjEAdK1HBc1AJcG4GxlwsyG97O
Rrhv22M18En+XoMdYT7IHFL9BS05pXZji8JlGkPOzqsB8MLKX7BT42nlD3YmEj9U
ybUgrsfJ48f8jFYZR7OqS7dvqdlKgwyljPNZtocTSwqfDHMg7xs90xL8nC6WVdXW
X0WkhIxSmAzFqf2CXppauhjTbF27c4aHNOas0LMa7Jw/7LmHo5JmGpp+pSe0WkRJ
hCA2U7UBl/JhwIYz6dPshAQBgcQP/B/MIYoSV7U6fP16BwJsXpOaJMYLWJn3pqlZ
Hb6O/R/DYtfQ8/6noszB3QBY6OwMKPQkVOpx0f/8s2Px3vqmUWj5YuUEjFSJ5YrW
D2RkFwTS0gkfc+AIeyDV
=5gon
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/914b20b6-91fb-516a-cd84-acf5f542a3a5%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-usb not functioning

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/13/2017 08:35 PM, Drew White wrote:
> I try to do a qvm-usb attachment to pass a usb device through, but
> it doesn't let me, it tells me it fails but provides no description
> of error.

Hi Drew,

are you assigning the USB device to an AppVM based on a Qubes Fedora
or Debian template? Or is it a HVM (e.g. Windows)?

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZwoD2AAoJENpuFnuPVB+262sQALfyMMKOUXFRi8Nt9tXEcxnY
F2ypVAVbe6SNQkA9GWtov43pGYvgXVBSCX0fnBQ5wRD0klKqxyygXI7co/ZBXdJC
Greq9HdNr1reunnBdgD3RmCSQzpbUppOqqzBHpC8VJz7Y5/utmspg/QwGcJzBZM7
wuPRDwNiyrC+8i0wZjLa/hFoSpGtd6uVZrAS1bQ7dS/v9jwB4nKRrak6LdhY8OR7
LJbjAE3Rri9fPV0WjoCtihx+QCrB1CZrxamDQx4YgD79FDhFlCj8K+2+y3cPJYyM
fxzXN30uXZ0s/kac9D9vVHKJX15YrVPOVewP88yRAojvfqyivzgaii2nbYlreCcw
61DNVAUcq2tanoYZbtz9xAJa8nMiaPxllq7s1639pJF4TzQj5UAEl7mA7koGt7Xw
WXfaV1ePDWotVBZdL1BFbZzu0VUXQeUg/A+oglxYlqRDSeBnRtSvEBBwYc6sK+L1
9W19UTnfXdlIviYzjJHp13C1r6u+3uB+yuKaY8iUo2QvOrYVTZ8qzaJBWHy4ViFQ
HLBET3hzE8mAb3rTHV9yl+UYWV7+kj/hj0bjaPAOjdCGFJMYu9Sc3R5PVz5VGImn
U14my9Vx5m4q65gl4QdgpYmQflLwMVUpr0hhx3rhrQKM6cdPtiXwZmmQHPSkuJvY
Gs9jnEDvmloIJB7tWzEb
=hQkV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f372aab4-bd05-8d8d-5ba4-1d24f933cbc5%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-usb not functioning

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/20/2017 09:53 AM, Sven Semmler wrote:
> are you assigning the USB device to an AppVM based on a Qubes
> Fedora or Debian template? Or is it a HVM (e.g. Windows)?

Sorry. Ignore me. I hadn't read the whole thread.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZwoGCAAoJENpuFnuPVB+2Fx8QAN00NE1iPulTsvFxdH62pi0k
tvGdTl90N6b/QJxjPmzw6xfai19a47OvRh15gUosFze6d5HtJaej9vQYQrFsAUBc
GAIqsV5D5eDWWOhw/obMnYxGDUaqA25bmW63FSskLCXY+2+729q8WGB+HYH0Ve6o
aznAyLwuomgSR0RvoiDZ0o77hjguCIpMPZ7gcM69Mr8//FR7XdBNVi/nTSOQsLW6
xPyta+Op/TjFPcPqefMTgV6byu/w/cJKt+/9+gRum9s1rJBZObZsGlygkPIpXO/K
IbB1PN+yjF5gndxFFB301QlAgBErCdmLB0FsGwYfCAUGW0B72QngM76g9qJgUBPR
Wbj5i3K7AmV+N6CJh0Dl4aiKt/AKzc0qI+uIv9PjCK3RSUfNRIJT642sQPCIRJGi
EJI6E/oLSargxmQWiV5KwK20SlJirPj58p7AV1D+az0VWJD1MmkjVI1PYVD+4vBI
wtxIvLF7w4SBv26pEl40KDbLg6RP3K2pU99d088konmyuTSVLUiqPIlv+b5La2mo
MEuIWQ598/r/f0KxNcYpHpelVTD2xZVvV6nF5+YGAFeejDZTeAqd1Rj9vgRXsXgo
FmybmmCD3zIMHQn4xqFdjlNgz3/XRh0fCkwWFhrLNQF3LiWROEZZP2DjzHnBiRCb
e/RwqTf/LLzRo89f/Cfj
=GGW1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c4a59bf-dae3-dcd1-1ca9-8492559c3c8e%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Privacy in Qubes

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/25/2017 09:10 PM, Drew White wrote:
> Debian, Slackware, CentOS, Windows 3.11,95,98,2000,xp,7,8,10 (32
> and 64 bit versions of available). I run OSX, ESXi, PFSense,
> Android 4, 5, 6, 7, Qubes 1,2,3, XEN, PASOS, COFFEE, OS/2,

why? (just curious, maybe off topic for this list)

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZynX6AAoJENpuFnuPVB+2+I4P/RrDrdI8mIh7JDGJEkAR0HH0
KpxsqBOEKAy9juPu+domotmHaj8czLRNqaNTJkI9kxqH7CQbAIoLf1z4H5JeYw8e
BXD0V4x3S4Ik7tlISqTHwHq9DfN2KUmJhl1k9SewLfQBqgF7O892YjKItPbeZ3kJ
OMCu98YgA2tcfmNh2B2f6Sx4hX51JaB/NQtvGaAu0pjRCQwn2GZwpZnxAYYOnAER
NRKZQwGVczE0m1FIkL1HtWBOB268u8uni2LKYoGHRkcq2RvDiezVlPtPXj1s4MQS
y1J8o0YrjL5EtZBGi+XcCiFSUM36smMuE906tXfAcwvON9LPFLfc3qkmhXrTYkLx
w99b+oDiWD9aVnr0XMN/iAl1ZlNp53Us/8FkeizmrKJ9imSKJUUMj70QKZAwgyXX
ait5tpUdKczI5jq7fC6C8H4/IGt+PI0XqBH2AHGDDY9l3TSPTXwWZv0xOYXOxwR6
+jufPeJwnXZjyL05Tz2a/iYy4m7zP1rIT1lL5ox7oyEL2Kk3Z24X6y2JXDoqe8lt
cY16o7aT2sXbESQAiOp4RfjxCGyGJRieIVlPnnfydu62fqte8BB9Jfbk3LvdKqxr
eUpBQ5jkQsMrAXculMwt23Xqu8fwnI+KFZuMeLttgNGdr73MoV+td7i3I8l3mWFv
mHEyXu1L+BtEg8+IHEGi
=CVVV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e47315f-d635-589d-d02b-769d9113f4d7%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Send Files to Windows 7 Qube

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/01/2017 07:38 AM, inval...@gmail.com wrote:
> I can't send files to my Windows 7 Qube. Can someone tell me the 
> steps I should go through to set up my VM and Qubes so I can
> transfer files to the Win7 Qube?

Have you installed the Qubes Tools?


When you send files to your Windows Qube they in a subfolder of "My
Documents" instead of your home folder.

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZ3n8hAAoJENpuFnuPVB+2dQ4QALI3j1gE7F5KtTscIAVXETbR
wG2bn+NcmJwEDcw+vp/5VwACt/0dl2d5+BmSOdtTD6KmQPC7f7uGUZoFGRYTc9od
VHD2TgPB+avQSWL/WH8QMXW036j3X+kzroknpi5/rSmnB77Gny5Ipt9aBvsZFjRB
MSwpSdGsFuWsse3tqEfHIATqs/HQ/o1Y+V1GAwr+Ewg/mR/DrpBi2kZNeVbSD+JO
CluqaFdMGlVAjW7aVVRL8Dq5aCw3sv6P+/DqM3qVB02EqyZAuwX2CukgGKsHWoSd
+kEQprpZrIR78dU2CPkSCkUZRX/u6yxyUz9bXVrHvKI/mXOo/BOH4421C9gX+A77
D2LwlPqENc5H+KtFfDvNT8Yx/mX1YrutVrKucuq5shI4/wIrvcphOadeAxf5Af5A
2sqm0UnFDlzn2mcvs294E4/w2/askL4tuz5bw8fmF/IUgndaEzSCmifc/PC1RegR
o4iUcUfNSI9I6wH0mPkZn0IXOVxz15tmF0y6UByw2rGDsRicqWmfzMExABu8785T
nfPe/qtEb6+BUXtdcCoP+yt6jNtkAiDdqiwrWq2dBxsTnaKJxB3A11iwoGUvrLWj
KdfH0BdOQEEI6MB3hwHHJwbAGHmLfHx8qBiFW0SiLYBZXUS0B5QvuhGrnLGP6oKN
KkqbJmBzUOTebZEI+dar
=+ULi
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7ab3bef-a32a-b3ff-c440-222787639375%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] cannot trim whonix-ws template anymore

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I regularly trim my templates after updating them. I don't recall this
process ever being interrupted, but it appears that something got
corrupted once when trimming whonix-ws. What I have already done:

* deleted /var/lib/qubes/appvms/trim-whonix-ws multiple times
* completely uninstalled and reinstalled the whonix templates

Never the less, I get the following error:

Disk usage before:
2574760 /var/lib/qubes/vm-templates/whonix-ws/root.img
Creating temporary VM...
Traceback (most recent call last):
  File "/usr/bin/qvm-trim-template", line 172, in 
main()
  File "/usr/bin/qvm-trim-template", line 115, in main
fstrim_vm.create_on_disk()
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
line 1317, in create_on_disk
self._update_libvirt_domain()
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
line 764, in _update_libvirt_domain
raise e
libvirt.libvirtError: operation failed: domain 'trim-whonix-ws' already
exists with uuid 34bfb7d4-b96d-4d8d-9042-53e212761316

It appears that the VM 'trim-whonix-ws' gets created during the trim
operation and that the operation now fails, since the same name is
already registered somewhere. I checked /var/lib/qubes/qubes.xml ...
it's not in there.

Any ideas where to check?

/Sven



-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZ57WCAAoJENpuFnuPVB+2XOgP/RC9i4p+C83XXYDx17HimO2/
LHBJf82TRV6U57SEQ1YNs74X7FZRSRQyVAP9VcxmTrAO7ts2LtUX4a7wdKZjbHU0
zEhlGCbbiybsC87jVz3LpzwOzfv4TWdinjcD9Fjc833j/qkXhmxTBTI7KAyROAco
K7+JEru2VIGLMAsmrVzTUSkDCcN5WY3aTWOiBFip3ECEU5uXdiHevXIaH95zkrkE
AR6URQfsvlS0UM6wqDpHCCyavhrwHMlo6Sft6JcqvFRw9Z1zLVcv3TrTUPGbLWzB
Dfz2CM0E1T0ohGqh4/C933Eb30mN8os6aL92C3HRmzqHPtQuI9uYhef362PDIML6
fiIi8auC42ehF//IQ2jDFvr5mywyhCyoly50A4aTHlIqjOymrbXXe+JtN/LUVqs6
Rreb8JeD28524HSJzRceHgRk1/6WwPa47naOYcN4zXYl/yCmdnLqCdhy5ydr7xaU
fhq5wPBkg0qBBFzuRsBdJ6dEB8w0aLJEN/dTvTBlTD09JtRvy5q6U54crFODsEL8
Js8wpnzo0CAFe98F3tyMchYPfrodWeXf1Dchy7TUJfnRXnv2bEC1/VzsVzB5mKjF
HPzZsV6etkAp2XfPuGpOJTjqZy/VWpFOg2jd/8Ob8WhXOZ4KfmXJRzsY9Vf53riA
3f3boyIUNdJQpYzb08c3
=eCsr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0789d45-07bb-7faa-3433-f1b4bedb795d%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: cannot trim whonix-ws template anymore

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/20/2017 10:25 AM, Noor Christensen wrote:
> $ virsh undefine 34bfb7d4-b96d-4d8d-9042-53e212761316

Thank you Noor!

The above command did the trick.

/Sven


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZ7nGUAAoJENpuFnuPVB+2Oo4QAKFSqV6D3viMZccDjq13qsVw
yuggf4mUfyRZX1s2M8L2R0TOn6Z4eof8X9z1Zfj/dKfcWXJFdbLOwhKmHTXS+i2X
cPgCWdHuXg2RoPe77GKjp1buJ0YlbLvpUxPEcAVScOwCET/0shZ02UF0Cr7imsHl
jvNZdB4kd4VS3O0s21ED/L8upAUsen5Fn3P09om0lMMasrRMOrpBOeJ/wYQbBJA9
7klPpcbgli+zh1hAPcnRpu8tQU777pbbbkmMgaSxSNFUmXsjh3SDHQO/kS4ol+Cz
eGRsNLuZ7eohr0p3ObO1EXgW2c7E3+YEZs/uSwhGSFPwB3SMzprhWO2z+6ZBiUgY
Komd6FK7WrcOoDEEe4hjowGBnxmhtK8Wg8MMfpKPtIMck7f3GhE8vHMBVyP6YMVi
pK5u6uw0a0j2nM4fu4g3X+Yh2T8C0G/Zfk7BktLRMhf7UikHxb0GD8MvYJBGmPib
RKj86B1rpRdngFOApbxynJRA8MRqTTULxRzx3yA3ByCtZrADOmnBH7gv1lVOavCI
hQzzP/J4dIOfaLTyLT/Z3dGA0Ue/nGNHoNGHhDpCuVCGWBukGn6eht8bK/xmtfz5
NwbrqdRQnebA9NgGH4VqjIw7TscMjL1Y31I5o1BncrjJ8hYVQLOjdeWApKaurtLs
tmslBaZc235FL6lKAA3A
=wVtg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e67dc9b-b31f-bf06-467f-cae757aee71e%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: XEN)QUBES END POINT SECYRITY

[Sven Semmler]

On 10/19/2017 03:52 PM, yuraei...@gmail.com wrote:
> If so, you can simply make good use of your AppVM firewall. For 
> example create a AppVM strictly and only for payments, then limit
> all internet connections in the firewall to only talk with your
> bank, and whichever additional services your bank may use. Although
> it can be a bit of a hassle with some services, who use many
> different domains, and they typically change too from time to time.
> Either way, this way, nothing gets into your bank AppVM, except
> those connections you allowed in.

That was my initial setup. I had a banking VM, a shopping VM and a
"untrusted web" VM. First I got rid of the "untrusted web" VM in favor
of just doing all non-logged-in browsing in a disposable VM.

Soon I realized that keeping the firewall configuration of the
shopping VM working was a constant battle ... so I got rid of it too.
Instead I am using a disposable VM instance, the additional step of
logging in isn't that painful (KeepassX in the vault VM and Qubes
Copy&Paste support).

Finally I didn't see the point in a dedicated banking VM anymore and
started using a disposable VM for that too.

Looking at my domains now, I have only one that is online and with
firewall rules (email). All others are offline (dev, office, vault).
All web browsing happens in a disposable VM.

I am pretty happy with that and are under the impression that this is
probably the safest I can get. Obviously this is only safe /
compartmentalized if one opens a new disposable VM for each
destination, which is reasonably fast on my machine.

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/829b68d4-5720-0175-0944-42ebe481e5c7%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL Report 2023 Lenovo T480s

[Sven Semmler]

Thank you Howard for your HCL report, which is online now:

https://www.qubes-os.org/hcl/#lenovo_thinkpad-t480s-20l70028us_i7-8650u_integrated-graphics-hd-620_howard-chen_4-2-0-rc3

/Sven

--
https://keys.openpgp.org/vks/v1/by-fingerprint/0C276715E93D4CE54007BDBF54EB584E8668B05F

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c13c426-316c-4312-84da-0408ceb750da%40SvenSemmler.org.

Re: [qubes-users] HCL - HP ZBook 17 G4

[Sven Semmler]

Thank you crypto_pipao for your HCL report, which is online now:

https://www.qubes-os.org/hcl/#hewlett-packard_zbook-17-g4_i7-7820hq_integrated-graphics-hd-630-quadro-m2200-mobile_crypto-pipao_r4-1

/Sven

--
https://keys.openpgp.org/vks/v1/by-fingerprint/0C276715E93D4CE54007BDBF54EB584E8668B05F

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25daf29a-1104-4743-a4d2-7b4b6c4ab437%40SvenSemmler.org.

Re: [qubes-users] HCL - Prime Z390-A with i9-9900K

[Sven Semmler]

Thank you Eduardo for your HCL report, which is online now:

https://www.qubes-os.org/hcl/#asus_prime-z390-a_i9-9900k_geforce-gtx-1080-ti_eduardo-bogosian_r4-1

/Sven

--
https://keys.openpgp.org/vks/v1/by-fingerprint/0C276715E93D4CE54007BDBF54EB584E8668B05F

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e1cf0c9-08ae-4da3-af86-c9b1b9e89e6d%40SvenSemmler.org.

Re: [qubes-users] HCL

[Sven Semmler]

Thank you Grey Grey for your HCL report, which is online now:

https://www.qubes-os.org/hcl/#dell_precision-5520_i7-7820hq_integrated-graphics-hd-630_grey-grey_r4-1


/Sven

--
https://keys.openpgp.org/vks/v1/by-fingerprint/0C276715E93D4CE54007BDBF54EB584E8668B05F

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be28e5e2-dc09-4d02-9b35-8414d71569e4%40SvenSemmler.org.

Re: [qubes-users] HCL - ThinkPad X1 Carbon Gen 10

[Sven Semmler]

Thank you gluonium for your HCL report, which is online now:

https://www.qubes-os.org/hcl/#lenovo_thinkpad-x1-carbon-10-21cb00b9ge_i7-1260p_integrated-graphics-iris-xe_gluonium_r4-1


/Sven

--
https://keys.openpgp.org/vks/v1/by-fingerprint/0C276715E93D4CE54007BDBF54EB584E8668B05F

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a66c58f3-1ad7-4bde-8ab2-d97184c8c509%40SvenSemmler.org.

Re: [qubes-users] Re: Confuse Update QUbes OS

[Sven Semmler]

On 7/25/19 10:48 AM, unman wrote:
> Debian-10 is stuck in testing at the moment because it needs packages
> from the *testing* repositories for updating. This could be confusing if
> users install from current and don't want to use the testing
> repositories.

I'm sorry that confused me. My main template is buster based and pulls
from "/r4.0/vm buster main". Everything looks fine. Can you please
clarify what you mean with the above?

/Sven


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09a85f7f-4203-9258-9f90-2a7c43c1fa88%40SvenSemmler.org.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: [QubesOS/qubes-issues] Support for HiDPI (#1951)

[Sven Semmler]

On 8/6/19 9:46 AM, Abdullah Alansari wrote:
> 2. I will try to figure out how to use `xrandr` to add a 3840x2160 with 200% 
> zoom. I did some research before but I couldn't find any fast solutions and 
> will need to understand `xrandr` more to do what I need.

xrandr knows nothing about "200% zoom" it only deals in resolution (e.g.
3840x2160)

Your "200% zoom" is implemented by GTK/Gnome and Qt. The easiest way to
get there is to use gnome-tweaks and qt5ct.

Also: this is an issue tracker for Qubes and since you understand now
that it's actually not an issue with Qubes it would be kind if you'd
close the issue and move further discussion over to the
qubes-users@googlegroups.com mailing list.

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/18f18291-e844-6836-6271-2be3f3236cf1%40SvenSemmler.org.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] How to change date and time format in Thunderbird

[Sven Semmler]

On 8/15/19 11:25 AM, galt...@gmail.com wrote:
> I googled and found that thunderbird gets its setting from the OS.

You want to google for the command line commands: locale and localectl
as well as /etc/locale.conf

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8e65b89-e7dc-874a-b482-27eb0155edcc%40SvenSemmler.org.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Behaviour of qvm-open-in-(d)vm

[Sven Semmler]

On 8/16/19 8:37 AM, Phil Knüfer wrote:
> qvm-open-in-vm still works like the older tools, that is, it takes two
> parameters (VM name + file name or URL to be opened), but then still
> shows the GUI prompt where the user needs to pick the destination VM.

This depends on the contents of your /etc/qubes-rpc/qubes.OpenURL

See https://www.qubes-os.org/doc/disposablevm/

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cddfb295-3bd0-822e-fec8-dca5f3080a78%40SvenSemmler.org.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: using static dispVM for sys-net

[Sven Semmler]

On 8/17/19 3:55 PM, rec wins wrote:
> how to store the wifi credentials in custom-dvm-template ?
assuming you created sys-net using the a dvm template named
dvm-fed-30-min and know the PCI identifier of your wireless interface
(the one you assigned to sys-net)


1) qvm-shutdown --all --wait
2) qvm-prefs dvm-fed-30-min virt_mode hvm
3) qvm-prefs dvm-fed-30-min provides_network true
4) qvm-pci attach dvm-fed-30-min --persistent dom0:
5) qvm-start dvm-fed-30-min
6) once started use the NetworkManager in the tray to enter your WiFi
credentials
7) qvm-shutdown --wait dvm-fed-30-min
8) qvm-pci detach dvm-fed-30-min dom0:
9) qvm-prefs dvm-fed-30-min provides_network false
10) qvm-prefs dvm-fed-30-min virt_mode pvh
11) start sys-net

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/deb437f3-7595-bb7f-e912-61d7af9ca91f%40SvenSemmler.org.


signature.asc
Description: OpenPGP digital signature

[qubes-users] using two whonix-gw instances

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

In addition to my fairly standard dvm based on whonix-ws connected to 
sys-whonix based on whonix-ws I have now done the following:

1) cloned sys-whonix to sys-whonix-id
2) created app-signal based on whonix-ws
3) installed signal in whonix-ws
4) connected both app-email-private and app-signal to sys-whonix-id

The idea being:

1) sys-whonix and the instances of whonix-ws connected to it are for truly 
anonymous browsing. I have never nor will I ever type in anything even remotely 
identifying into those qubes. 

2) sys-whonix-id is used more like a VPN in that the endpoint of the connection 
(my email provider or my phone in case of signal) knows very well who I am ... 
not anonymous at all. However no one in between my PC and those end points 
should be able to tell.

Here is my assumption I would like to check against the members of this group: 
while both instances (since cloned) will use the same entry guards, the 
resulting TOR circuits will be different and there is no way the traffic on the 
one connection can be correlated to the other - right?

/Sven


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2L5bAACgkQ2m4We49U
H7aWew/+PBWpr9Y7dJ8TaQIKb6gE/YmaCGACNt7z1JREYQXtSKmYa2ktQtwOSDJf
vxKCECnJhfKAm6IsgFUiACtYcPM/3Cfj002N4dXXmzas6RrXl4i7MFTBi91P+wvJ
wU/sGAO2Lvb9PqfTanQZzaEmLk/ulECSpRRpeS8X1b92XOuFNnLJWJnQvdCacyre
qgwdX8L0mLTx71Q5uckWJpJZgu97qh7tZke3/OlBGKCG5J1WYKKKHb9uvzTwDmET
ZY1GYfI3rSLuHZz0jeIx+5R39GLJuVfkQwj6nHF0pz8uQSSo05+DUrF0J9bIV0uu
wYzNGvJjNcrhPAvD38viAO7Q7uPK+MgeYBZpHkQ+nL/uzGrdQr00RICnVdH+n8Zy
D7aMBK9IvObFhDA76nEIaC1A2WarOaNb4QOR2xkMgl0ba06JcWVogSu3llFd8VuB
4bhxlPK3mitwNb25nsKV3dkMZ8ieV/H3r3Qjm0GgtzQGrppSLsYEnozqHp4vDhkY
dHk1T5xbA36zewXY9BBeAYUtAfV36+dCXoLaWIdXDxXd1dC1nVgQOtYyRQ7QSvZ9
u+LDEshgDjdGZ7qN7u+zS5SJjJmHNhjr465eTq1znoh2gaMvPbruh0UUzXyAnCpm
zlEyYPT/b9bRmgsMiwPp8eutIzYNRadNDd1khaynosIup63waeg=
=Jmzb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1f900152-275c-1503-aaa1-59d462d33a54%40svensemmler.org.

Re: [qubes-users] using two whonix-gw instances

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 9/25/19 5:26 PM, 'Jackie' via qubes-users wrote:
> Whonix vms have stream isolation so different whonix appvms, or even 
> different applications within the same vm, will use different tor circuits.

Oh wow... that sounds great. I just discovered there is actually a whonix-users 
group ... I will post my question there too. 

Thank you!

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2L8yoACgkQ2m4We49U
H7Y+/hAAyxvND+NBLI2HGfCM5CItI2nolO1XMsVB7XQ/a/Dko6Om3zUAhLfVPggJ
UKnNhl5bfdRtjM6RWNb9k2xoX+NRMdxVyX8A0tXBWu4sR/toZEKSCh9EXF8ituxo
ud9G/kTvDJmkh/MSOK8gU7BpNwRQOnxAObc0OPEzfodSWBMzzY4uZl4fvH03keh9
ctvu6xewXsR1cOvVwggR98gTr3prWNPXSe2J9wsK+yzzGEq9NEVYCFBe+5e4frGf
/U3AcDA/z4r8NyTWWxM3RgS2YqQdPs/jwaOmPp5YxuNlr9LbuzwQsGU7LnN5xioA
1c7xPHZ6b7pVV5fj4g0GNA70FLFb2LV3qS1YSPz931Wiy/m8Tt6Yaxlp5VLk9zV4
hhF5E+9rcmsON3fK74Ae2U6MRFsxD6cCzuimWAxr6ZYZPdYlL9iQurcvelhscjAe
mjsQPTRLmwxn8zNVgC7579VZn4rWH8wqPUeQv4/+7eG4rQpY+PmQ17uJSo8zHFU9
9p/Ha2dSa46bA0U7KDfr3Kos9JqA17mgf43ozETafiShR/o+IMy+rPudA6D2Mqku
Eo4dWn6Y8p4L67ytgI1b/iEZeQZEg1QWW0IrcWQXxzyO/yji7UnctzORa10V3cZd
iXIx/5e1Z/8W7zj+F4TBLC1XWClajKp8vlLpFniZ25pd5XFzClA=
=a4uj
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd38deb5-4057-631f-c333-8f679e2ed8d4%40svensemmler.org.

Re: [qubes-users] using two whonix-gw instances

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

My understanding is that TOR actually runs in the gateway and the the 
workstation(s) enable typical Qubes style compartmentalization. Meaning that if 
app-anon-1 is compromised, the sys-whonix and a potential app-anon-2 are not. 
When I create a second sys-whonix-id I can see via the Tor control panel that 
it uses a different Onion circuits than the first instance. 

Patrick pointed me to the Whonix forum and to the Tor project for answers. I'll 
report back here once I got clarification.

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2M1TIACgkQ2m4We49U
H7ZK5w/8Dtbj/qPRGiyUkcay+KrK7Vw/VWlf5uEGsxLFnjyU/rVzZ+hFq6G1Y4Vy
2xwnmi9oygMuPpzTfDBw8pXS+mrqEIaIyzw6rEYgqZDAIcb2JBJiQ967EqIWuwWD
pqo8q5t8mlh2YQ+JNKF/IQi0lzoxyZnxeT8uKaVC/7oYvpFWz8DsbRFybjUfc4YI
tVj7J4RHOu5kzszTNBTMM0Dp0oFH+U4vIH/maIwB9ufhcQyLtXkDUKWVuQ2/Q+UO
nTSd52wvjcYE+eHbplDE6jqJNqsXoMEGfbr8NwgkUyeohtwlX/mNo9vosih+SGO5
abklDdwZPrKwigo5BQ7tH1GroXfjZKWbhEW28d22UVvM1FaSqHAwBDm0uO+E+J25
LCLClOcdYRYf7/Qh6d2UkaPcp1bWKdLNbUYjwvKlm19bJBxCWQJn4lCPV0/GQiiV
vddzRw340zIsFi1qAfrYMlKN7Xl0oHmqQPKM9FnDHBCsem7NkCItWTrbYvpizEXO
t/V+EKCBpPy0/e0z3JlkzDWij2PMh8gZ/eytchQ+664sWX+2pqCs67/lNLE2RlEn
lPQ4Y9J+wqsRhDg/4sflO/KDeBIVwUwrhuqvVuKu9237zUh3N8GsCbVtx3tSApFR
jyFtaSj09u0l3rsd/0Ph5wN7nS9brA8Q8dL+Rqv+hog65YY1Z8E=
=doZL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4e51178-c9a2-e67a-a3ce-49c101d84586%40svensemmler.org.

Re: [qubes-users] using two whonix-gw instances

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 9/25/19 8:31 PM, Claudia wrote:
> One way to find out for sure. Open /etc/torrc (or ~/.config/tor/torrc, or 
> other torrc location), and look for stream isolation flags. Make sure you 
> understand exactly what each one means.

Thank you!

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2SX7YACgkQ2m4We49U
H7aR/w//f8Qt8tMoYewLLIMsWZY2gY/95uZ04wdBLH7Ymg2SCbEE/n17MGU6E6Hc
0gfsuh4Yd7/Qh3GCx6mt7D+IR/ozOuIFby1y703pH2j31eYRy8m2n5G23/I9jtD0
iIChj1BJDpHsH2SSOdAwvHLPFXxKOgsETMdXBTeL6owVlW31AOip9EpJEjf2oYIC
HVuBKx9dYDhwjty+TJVL75o5uhsqMaeC2awUg1yV048mWKhFkdseDI8BN7sjTWK1
DOzX67Y8Na4DSdi8KsnThGyvQFCgk4eYjQqZdHdA53M1rCVQvg5dJ6ym487mxDt0
6urozSZtLyuE19xQFyPTsBs1aXw3gKBzKpOh8dFJ3QO8oy8uihJ7QqdbxLDDIvAV
NPFkfwlBU62vbe/oMrRwMZY7dUqLqWXEWxA1Pc0In+81TtX9laQKbzVB9mXPopf0
4KUbklpmVoU2uYTaetae7BuJFdi/8Lh0TgMszOT3qQl3m6jh03DYdpGENczbw30t
5QMV6pSgqBckPLjd++4U+8eELBeGD8illyWVeomSqi2yK+ftIfduXhLZnG7OMKKL
h0puSitk9H/b8ez30ED8oGvA5kA75Y0ZtuySDjTPHIThXuP8uzj28EHSQ7jkDWso
29rDTBfngv+Hrc232I8mN4RyA5DeZx9pdhGcmK/y5prvcFUQHik=
=KPtn
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c418f75e-da1a-988f-14d5-4fa9ea4f0c24%40svensemmler.org.

Re: [qubes-users] using two whonix-gw instances

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/1/19 2:59 AM, tetrahe...@danwin1210.me wrote:
> 
> A 2nd sys-whonix gateway for this situation would seem to reduce the
> vulnerability. Or maybe I am just being paranoid?

I agree and decided to go with two gateways for the following reason: running 
two gateways is like having two PC's on the local network each running Tor ... 
in this way Virtualization/Qubes is responsible so an accidental 
misconfiguration / bug in Whonix is less likely to result in a compromise

I'll still have it on my todo list to read through both the Whonix and the TOR 
design. But until then, I'll go ahead with the two gateways.

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2TjlsACgkQ2m4We49U
H7ZVHhAAo4lVq0o0wYkmfrcLUlOIQMb9Yaxg9RwKswy17aSDOqmsxBIT/+1leQQJ
thxC/mlxzuzi7zTcqEJmQEU0iV+YWMzUdT55Wr2KV+6mTD+CGmus4Qx9uEYBLEvl
iP/F0ABgvfgQGLGryOSfSd/jWeOdSEgiBOkf0Y7xIrN/A3jp2zaxZV4TdY91YAJQ
/qnYqoq88z0xiQg8UT3NdIA2XvLDtDZ3aZX4UEyhAFgihBTpDQKybtgJhlM0Rqjd
Abbn9YXj0Odcl8oBDv2Yk03jKPcD9z18upkLuZzpi+cPVfhARSa0CljiFvwAzbkf
HzJTYM/uE6hnvLFMws4PAZYwawQ/MoSfuLuN2G4MkUJm0h2+GsMLQ0+2fdPufWZg
mjX4vIQZPaK+eV/SxslmMgzzpkOXTcKhz9MAF6lU1d2QYKcAFQq30NNacAT65q7H
KRNz7nNH8640lie0oQWZrUJ7HzSIFodVHS9P37V7DIGsQX5VPD30N5ezObsyowi/
piL4GEVtwUA0/kCxtW4kR8as08g06/tMXxxDF6vXFL7tAqmog14tr+vWxSii0eN8
LGSpwMDzGnLgrhnUwJOmX1uYenOkRYLjaH2DRVajZE4jKtQmUW31MG4jDPePF2HO
QEofFXZ7WyH1rFeFhdGZbQIVl71mevw039xJXjHShi6Wx8ILQVA=
=zW2c
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7807df8-e1c4-eee9-cfc1-b51176e88566%40svensemmler.org.

[qubes-users] Reinstall/Restore ... incredible speed up

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I remembered that after first installing R4 on my ThinkPad starting VMs took 
1-2 seconds (super fast internal SSD). Over the last several months however 
things became slower and slower (factor 10 or more when starting VMs) even 
though I applied all the recommendations and settings relating to 'trim'. 

Today I finally did a complete reinstall of R4.0.1* and restore of all my qubes 
from last nights backup. The result is that I have my super fast PC back! ;-)

Just putting this out here, if you are getting frustrated with the performance: 
it's not Qubes, it's your SSD!


* I will send a new HCL to this list with very good news: R3.2 required UEFI 
and WiFi workarounds as well as switching to discrete graphics in the BIOS to 
install, R4.0 found the WiFi but required the UEFI workaround and the switching 
to discrete graphics. R4.0.1 installed out of the box (no workarounds needed, 
no switching of graphics mode - had it on "hybrid" the whole time). Awesome!

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2WaB4ACgkQ2m4We49U
H7ZLehAAniKSNly9sj2eEBnxOQc0LmmOSBIVRatyDFiaeijKGyZSCat4nXyanGLd
K6iYpaEgsyp4svSLN9skRBcSuQi8leYgjiHrwR94dEQCwmzXZqcV8KbeUSLbrvco
pBixIt8xDY7Mc8Z7Orr56v/0MkOFQgqFC0Dw/fPQLcswDr6J/NpOLLKozw3BaGTN
V4nRjH2qINb5Td4RbQXp0WzPgvHUezgkgx1hyW6mLO11wbU4TWMkdBHe2CZyfw3m
QznxNcgmcA3THd+CG6i9Bk0LWOzIcI3GdRfcG7Ff54qCOagVdPbSjhS69tOU5Bzq
o7rdRifb0DzdOtrFdc4/TDM4YiknScEqvcg2vWugFLEHn0aAIVP+NWjkwdEMrAxO
El9Y6hrFuQ7wt0FgX/JPa3DvNwNcmjTrulUxctIKB0aq7DEftqgNtin25uWFUYdG
aTjDuVXMJMzBW+vs4T+UdRZmCB/9zh5DlPwQXiFUrkg1byw2xqWyadEE5TPlJj29
Wq49D8UhYNDRXu0tuhO7fRnP9pUPT4ZVLM/7JH6wDtu4h9jQmaLuYbmC46iXnb09
geYTLr8hfXABU8qv3erVLB0iuU4LpY5f5k6+iMJJ69HsxtDa5HojgcFPi6ZABluX
j7MZTtAiTeSnlsrOV++00TaV/xOP2XEeaNaPi9RJbWXVjvdPu4w=
=tnl5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/675fd170-cdd2-fe42-4fa6-4aee330032b2%40svensemmler.org.

Re: [qubes-users] Update: HCL - LENOVO Thinkpad P51 (20hjs0bx00) for R4.0

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Reinstall with R4.0.1 ... this time everything worked out of the box! No 
workarounds, no change to 'discrete graphics' ... nothing. Just bliss! Awesome 
work! Thank you Qubes Team!

HCL attached

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2WaYIACgkQ2m4We49U
H7ZiJQ/+NN79jigfnmIvhZanX+CE+WiwhUBf/CpOkqTWIbG2HCcuAR2O6qI5CMlw
S9Xbfez3X6cvRCK7m88MBXX+M924tRfE30MiJVA9vRXiSTi8tfO8EYy9IZ5azObk
vdNZb6b2BC2RwYbI4Hp/VfKl+iaGFxi3mvdLD+dstvc25PXgxROEL0sZprsdx0Kf
aEKEcOPPJ6sw6+Y9fZhGTBKlbkwLL1Bw0Nnu++tUQrW3Z7azvh3EsU/nP+5Mrf1z
Bj9P/cH/evbkUqsol8r28YnC9ifOBjx1EDm1ZVESTB2SW5GApotqkF4yFIT74Css
IfDUkRnbH197/oh2uAJXst2DYq5f/evw0YO050S7SKBcvaC6cwYhejecLpBCZAT4
4moA6x/UYNUgNOeEh5GIb7Yb5GXhrhpaW1YM9y5eaqesEFqbgvrnnLzI4Dfrps9s
b2sHG9zEM/zLZxJg65GwJ/fzplqAP7onm8eUBd0tdfuLaRuw9cIgdZrs7NVI6NTl
NIrUVUb0LkI+cKHdC4wziFmNMp6ul4dTbLJxrP+edRoJu+OHWurrrdyKm3vfmNSZ
rmy4olwAXTDaR0oLB89zXX9Ns4Rz5tFbEoadklCxKeUVH91U72fvx8c4LxDp1he9
kNEgUQcGDyx+/3qpeWDYQPbkh4LRDoqdT+KWHUo4mYeOKq6YtwY=
=fyXy
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5da03a1f-c74d-08c9-757f-02cab3e2db91%40svensemmler.org.


Qubes-HCL-LENOVO-20HJS0BX00-20191003-162918.yml
Description: application/yaml


Qubes-HCL-LENOVO-20HJS0BX00-20191003-162918.yml.sig
Description: Binary data

Re: [qubes-users] Thunderbird Addon for launch attachments in dispVMs

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/3/19 3:05 PM, John Maher wrote:
> All of a sudden Thunderbird (68.1.0) no longer has the Qubes addon that 
> allows the launching of attachments in dispVMs.  Did something change that I 
> can change back?

It's Thunderbird that changed, but the issue is already fixed. Update the 
thunderbird-qubes package from the current-testing repo and you're back in 
business!

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2WanoACgkQ2m4We49U
H7YWmA//TsIv0zu+7wwMojOvijTiaqciIw4T9fMYw1OnM3o/METgOTjCRc7KxBnw
8QICynKGbrKqW3br7d/dnuAn8sJ9J9XloLTV68nHYPU65EPKESAwn8+BVxiWn9Jg
RI8aWe7ap1PosQ31udBH8PPFtByu5d3ng/E+g2+ay8RGsA+QIKyRfveoiXaHTZcp
ew3L6aLY83J2T9NJzPka+LL0l6ltPiRUNzTbPovqVRjKtYOZesqeMUkHsdPkZBeB
WramVCEZ76MDdr4ZrYXiYzh+5EGINSvZ8nMNnsVweJ/qCghiMLZ/qF7QvwLAAgaQ
1arFviiZ3RwUTwOndkuhaqbJe+50hQCsGjpLXvoh2eeMw5eT4lSToZfwULoM3dM6
/JNQ1E18LunOwJ6UW4zmX/IA8ZyylvHwpO8/qZJ7rxzpOZn/YahfLX9SyZ2bZLo6
nMKJi7UIN6iJFi+vcjzf53/+a95VDq/e9HG8m4TZKRSvs96PFZBVZyRyYB/sFYqb
KYv4bkv/xeLhsIEhq4sSYehtzf3cV1kuOc2IeXejYTblQ/l8jdxhDaiN9yQ0Mt0x
T2OTrkMwpaGOwEE5jyQJkF/+pit535OiJCgZP2KlmOas8+tuEXy4sjA141oRb55J
/c8WSKAAHltyWvvGA4pGWcaaJC+q3IyQuJyq/ZwXU8vLH32fBsE=
=bAG8
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2ff33ef-2532-42f6-b07a-642c7fb769cf%40svensemmler.org.

[qubes-users] I just lost several days worth of email ... /var/spool/mail/user not mapped to /rw?

[Sven Semmler]

I followed the instructions to setup postfix [1], fetchmail [2] and mutt [3] 
and everything seemed great. I didn't move / save the emails (~200) yet as I 
wanted to fully read the mutt manual before doing so. 

Then I did an update off all my templates this morning and restarted the VM 
that runs postfix, fetchmail & mutt and all my mails are gone!

I assume this is because /var/spool/mail/user is not part of the VM but the 
template? ... and I have to bind it to /rw like I did with the postmail 
directory: mount --bind /usr/local/etc/postfix /etc/postfix ?

If that is so, what would be my best choice? /home/user/var/spool/mail ?

Should we maybe update the mutt page [3] to mention this?

Is there any way I can get those mails back? (I assume no, but ask anyway)

/Sven

[1] https://www.qubes-os.org/doc/postfix/
[2] https://www.qubes-os.org/doc/fetchmail/
[3] https://www.qubes-os.org/doc/mutt/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf55f561-c2bb-44ed-9d3c-3875946df8d2%40www.fastmail.com.

[qubes-users] Re: I just lost several days worth of email ... /var/spool/mail/user not mapped to /rw?

[Sven Semmler]

On Wed, Nov 6, 2019, at 10:32 AM, Sven Semmler wrote:
> I assume this is because /var/spool/mail/user is not part of the VM but 
> the template? ... and I have to bind it to /rw like I did with the 
> postmail directory: mount --bind /usr/local/etc/postfix /etc/postfix ?
> 
> If that is so, what would be my best choice? /home/user/var/spool/mail ?

I followed https://www.qubes-os.org/doc/bind-dirs/ and created a 
/rw/config/qubes-bind-dirs.d/50_user.conf containing the line

binds+=( '/var/spool/mail' )

Which did the trick. I'll make a CR for the 
https://www.qubes-os.org/doc/fetchmail/ to add a note to this effect. No need 
for other folks to loose their emails too. 

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8088472a-be31-48bb-8bd3-b6b45660ddfc%40www.fastmail.com.

Re: [qubes-users] Turning a NetVM into an AppVM

[Sven Semmler]

On Fri, Nov 22, 2019 at 08:44:00AM +, 'awokd' via qubes-users wrote:
> nanop...@tuta.io:
> > Hello there, I realized that everytime I made a new Qubes VM, I have been 
> > checking the "provides network" option turning it into a NetVM.
> > I mistakenly believed that the option of "provides network" meant that the 
> > VM would need connectivity (yeah, I didn't RTFM), so now they are all 
> > NetVMs... hehe
> > 
> > It would be cumbersome to delete them all and start over, so I was 
> > wondering which commands I could use to block such functionality turning it 
> > effectively into an AppVM.
> 
> Qube Settings/Advanced tab.

Or 'qvm-prefs myvm provides_network false' in dom0 terminal.

/Sven

> 
> 
> -- 
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/696875e5-a039-f92f-bf38-168a6a99da17%40danwin1210.me.

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191123003927.GA1002%40app-email-private.


signature.asc
Description: PGP signature

[qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption

[Sven Semmler]

Hi!

This morning I shutdown my Debian 9 Standalone VM "app-dev" to change the 
amount of RAM allocated to it. When I tried to restart it, I get the following 
error:

app-dev: Cannot connect to qrexec agent for 60 seconds, see 
/var/log/xen/console/guest-app-dev.log for details

So I did and these are the last few lines of that log file:

[   17.309359] EXT4-fs error (device xvda3): ext4_validate_block_bitmap:376: 
comm qubes-early-vm-: bg 18: bad block bitmap checksum
[   17.312367] EXT4-fs error (device xvda3): ext4_mb_generate_buddy:747: group 
19, block bitmap and bg descriptor inconsistent: 11338 vs 11339 free clusters
[.[0;32m  OK  .[0m] Started Early Qubes VM settings.
[   17.327458] JBD2: Spotted dirty metadata buffer (dev = xvda3, blocknr = 0). 
There's a risk of filesystem corruption in case of system crash.
[.[0;32m  OK  .[0m] Started Raise network interfaces.
[.[0;32m  OK  .[0m] Reached target Network.
You are in emergency mode. After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
Press Enter for maintenance

Since I have two full days of work in that VM that I haven't pushed to the git 
server yet, my first impulse is to get my source code out of there to a safe 
place. I understand I can do that with qvm-block but I have no idea where to 
find the volume of the standalone VM (as opposed to the private volumes of 
template based VMs).

* How do I mount the volume to retrieve my data?
* Is there anything I can do to rescue this VM? Rebuilding it from scratch will 
cost me most of the day.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191127175051.GA1640%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption

[Sven Semmler]

On Wed, Nov 27, 2019 at 05:59:07PM +, 'awokd' via qubes-users wrote:
> Sven Semmler:
> 
> > Since I have two full days of work in that VM that I haven't pushed to the 
> > git server yet, my first impulse is to get my source code out of there to a 
> > safe place. I understand I can do that with qvm-block but I have no idea 
> > where to find the volume of the standalone VM (as opposed to the private 
> > volumes of template based VMs).
> > 
> > * How do I mount the volume to retrieve my data?
> 
> You should be able to mount it from /dev/mapper/VMNAME--root. You can
> mount it directly in dom0. I think it is better to loop mount it to a
> different VM, but I am not sure how to do that.

Thank you! I used the instructions from 
https://www.qubes-os.org/doc/mount-lvm-image/

It turns out a standalone still has a --private volume in addition to the 
--root. So I had to mount the --private volume to get to my home directory. My 
files are save now! :-)

> 
> > * Is there anything I can do to rescue this VM? Rebuilding it from scratch 
> > will cost me most of the day.
> 
> "sudo xl console VMNAME" should let you connect interactively and
> possibly repair. A possible root cause of your problem though is your
> thin disk running out of space, which is a bigger problem than just the
> VM. Check the disk widget to make sure you have sufficient free space.

My disk is 38.8% utilized and I have 554GB free. Unless I fundamentally 
misunderstood you this means space is not the issue.

Once in the "emergency mode" I realized I got no skills here and wouldn't know 
what to do. So I'll go an rebuild.

Thank you again for the quick response and helping me recover my files!

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191127184026.GB1640%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Standalone VM (debian-9) doesn't boot anymore due to file system corruption

[Sven Semmler]

On Wed, Nov 27, 2019 at 12:40:26PM -0600, Sven Semmler wrote:
> Once in the "emergency mode" I realized I got no skills here and wouldn't 
> know what to do. So I'll go an rebuild.

*facepalm* ... I'll just restore my backup from Sunday. That'll be even faster. 
;-)

/Sven


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191127184411.GC1640%40app-email-private.


signature.asc
Description: PGP signature

[qubes-users] need Qubes to forget a "--persistent" attached USB device

[Sven Semmler]

So I got myself into a corner:

* Usually I attach the entire USB controller to my app-dev (debian 9) qube. But 
in that case this qube can only have 2048 MB of memory (for some reason that's 
the limit when the USB controller is attached; any more and things crash ... 
same with Windows qube and fedora qubes; it's a HW thing I supose).

* I needed more memory, so I cloned my app-dev qube (that has all the udev 
rules etc) to sys-usb-special. Set sys-usb-special to use 1024 MB memory and 
attached the USB controller to it.

* Then I used qvm-usb attach app-dev --persistent sys-usb-special:... on a 
whole bunch of devices 

* This seemed to work according to lsusb in app-dev and some of the devices 
worked (Beagle I2C/SPI analyzer, some USB-RS232 connections) and other wouldn't 
(debuggers, RealICE etc). 

* So in frustration I shut everything down. Reassigned the USB controller to 
app-dev, decreased the memory to 2048 and removed sys-usb-special (<-- BIG 
MISTAKE!!!)

* Now when I want to start app-dev I get the following error: app-dev: usb 
device sys-usb-special:2-1.4.4.1 not available ... this is because I 
persistently attached that device to app-dev but that qube doesn't exist anymore

* cloneing app-dev again and attaching / detaching the respecitve devices 
doesn't solve the issue. I assue qubes have unique IDs and even though I did 
the same thing with another qube called sys-usb-special, the result was 
additive and didn't overwrite.

* if I do 'qvm-usb ls app-dev' I get: 

[user@dom0 ~]$ qvm-usb ls app-dev 
Traceback (most recent call last):
  File "/usr/bin/qvm-usb", line 5, in 
sys.exit(main())
  File "/usr/lib/python3.5/site-packages/qubesadmin/tools/qvm_device.py", line 
287, in main
args.func(args)
  File "/usr/lib/python3.5/site-packages/qubesadmin/tools/qvm_device.py", line 
86, in list_devices
for dev in domain.devices[args.devclass].attached():
  File "/usr/lib/python3.5/site-packages/qubesadmin/devices.py", line 221, in 
attached
for assignment in self.assignments():
  File "/usr/lib/python3.5/site-packages/qubesadmin/devices.py", line 212, in 
assignments
backend_domain = self._vm.app.domains[backend_domain]
  File "/usr/lib/python3.5/site-packages/qubesadmin/app.py", line 91, in 
__getitem__
raise KeyError(item)
KeyError: 'sys-usb-special'

So ... now what? Where does Qubes keep a record of this. What can I do to 
'detach' this and the other USB devices from app-dev? 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191205223557.GA1650%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] need Qubes to forget a "--persistent" attached USB device

[Sven Semmler]

On Thu, Dec 05, 2019 at 04:35:57PM -0600, Sven Semmler wrote:
> So ... now what? Where does Qubes keep a record of this. What can I do to 
> 'detach' this and the other USB devices from app-dev? 

qvm-clone app-dev app-dev2
qvm-remove app-dev
qvm-clone app-dev2 app-dev
qvm-remove app-dev2

... did the trick.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191205225124.GB1650%40app-email-private.


signature.asc
Description: PGP signature

[qubes-users] 2 GB RAM limit for PCI passthrough of USB controller?

[Sven Semmler]

Hi,

this is a limitation that pleagues me on my otherwise excellent working Qubes 
setup:

* Whenever I assign the USB controller (Intel Sunrise Point-H USB 3.0 xHCI) to 
a qube, regardless of the operating system (Debian or Windows) it crashes. If I 
stay below or equal to 2 GB there are no problems.

* Windows doesn't even start
* Debian boots but whenever I attempt using a USB device it immediately 
crashes the qube
* The very same qubes without the USB controller or with 2GB memory 
assigned work perfectly

Yes 2GB are plenty but if you are doing development (IDE, compiler, analyzer 
tools ...) 2GB can get tight quickly. 

* Do others have simliar issues or is this specific to my setup?
* Is there anything Qubes or Xen specific I could look into (settings, logs 
etc)?
* What could explain this behavior?

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191208194949.GA1642%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: redshift or brightness control?

[Sven Semmler]

On Wed, Dec 11, 2019 at 08:20:27PM -1000, rec wins wrote:
> so $sudo dnf install redshift-gtk   ?

sudo qubes-dom0-update redshift

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191213070912.GA1653%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Open several files in THE SAME dispVM

[Sven Semmler]

On Fri, Jan 17, 2020 at 05:40:50PM +0100, r.wiesb...@web.de wrote:
> Is there a way to open a bunch of files in the same dispVM ? Yes, I can
> copy/move those files and open them in the dispVM, that is what I do
> right now - but it would be nice if there was a simpler way to do so.

1) create named disp vm via qvm-create --class DispVM --template dvm-whatever 
--label red app-offline
2) qvm-start app-offline
3) qvm-open-in-vm app-online file1.txt (repeat for each file you want to open 
there)

Once you are done you can shutdown the app-offline qube. Don't delete it, from 
now on you just do steps 2 and 3. It's a disposable VM so it won't hold any 
state across reboots. My app-offline also has no netvm (as the name indicates) 
... qvm-prefs app-offline netvm ''

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200117070724.GA1655%40app-email-private.


signature.asc
Description: PGP signature

[qubes-users] sys-firewall based on debian-10-minimal not recognized

[Sven Semmler]

Hi,

I created a sys-firewall based on debian-10-minimal:

* qvm-clone debian-10-minimal deb-10-sys-firewall
* qvm-create --template deb-10-sys-firewall --label blue dvm-sys-firewall
* qvm-prefs dvm-sys-firewall template_for_dispvms True
* qvm-create --class DispVM --template dvm-sys-firewall --lable blue 
sys-firewall
* qvm-prefs sys-firewall provides_network True
* qvm-prefs sys-firewall netvm sys-net

Then in deb-10-sys-firewall (template):

* sudo apt-get install qubes-core-agent-networking 
qubes-core-agent-dom0-updates 
* attempting to install iproute tells me that this package no longer exists and 
I shall try iproute2
* iproute2 does exist and was already installed

Then in dvm-sys-firewall (template for disposable):

* added "iptables -I FORWARD 2 -s 10.137.0.21 -d 10.137.0.25 -j ACCEPT" to 
/rw/config/qubes-firewall-user-script

Then shut everything down and started sys-firewall.

Result: 

* network connectivity working
* the above mentioned iptables rule is working (.21 can connect to .25)
* qubes-qube-manager gives me this error when I try to edit the firewall rules 
of any qube connected to sys-firewall: "Networking qube does not support 
'qubes-firewall' - firewall restrictions will not be applied."
* however it does not give me this error when I try to edit other qubes 
connected to sys-whonix

Any ideas?

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200204002930.GA959%40app-eml-private.

Re: [qubes-users] sys-firewall based on debian-10-minimal not recognized

[Sven Semmler]

On Tue, Feb 04, 2020 at 09:59:57AM -0600, Sven Semmler wrote:
> As far as I can tell the firewall rules are enacted / the firewall does work. 
> So it's "just" Qubes Manager thinking it's not. How does it check?

$ qvm-service sys-firewall
qubes-firewall   on
clocksyncon
qubes-updates-proxy  on

$ qvm-features sys-firewall
service.qubes-firewall   1
check-updates
service.clocksync1
service.qubes-updates-proxy  1
appmenus-dispvm  1

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200204231053.GB1890%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] sys-firewall based on debian-10-minimal not recognized

[Sven Semmler]

On Sun, Feb 09, 2020 at 01:46:12PM +, 'awokd' via qubes-users wrote:
> Maybe it doesn't like the "disposable" part? Try it with a regular AppVM
> based on that same minimal template.

I did: makes no difference. Also I've been running debian-based and
fedora-based disposable sys-firewall for years. It has most likely to do
with the -minimal template and me being oblivious to what the Qubes
Manger looks for. 

After verifying that the firewall does indeed work and does what it's
supposed to do I see this as a minor annoyance. I saw some discussion on
github about how the Qubes Manager recognizes firewall functionality but
all those things I already checked - I think (see previous postings).

Could you point out to me please how I would verify that the qubes-firewall 
service is up and running?

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200210064307.GA1559%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Will Thunderbird 78 kill Qubes Split gpg?

[Sven Semmler]

On Tue, Feb 11, 2020 at 12:06:23AM -0800, Claudio Chinicz wrote:
> I've just read this post from TB 
> (https://wiki.mozilla.org/Thunderbird:OpenPGP:2020) and do not know if it 
> will support Qubes Split gpg without Enigmail?
> Anyone knows?

If I understand the Wiki entry correctly the Thunderbird team does 
not plan to use GnuPG because they don't want the user to have to 
install it separately and they can't bundle it with Thunderbird 
because of incompatible licenses.

Instead they plan to use other open-source libraries to implement
GPG/PGP compatible en/decryption and signing/verification. 

In that case I don't see how it could work with Qubes Split GPG.

Makes me happy I switched to mutt late last year. But that's not really
a solution for the masses.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200211173519.GA958%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] sys-firewall based on debian-10-minimal not recognized

[Sven Semmler]

On Mon, Feb 10, 2020 at 04:55:40PM +, 'awokd' via qubes-users wrote:
> I had double-checked my debian-10-minimal firewall template against the
> packages you installed and they matched, so I'm trying to think what
> else is different. Maybe because you manually edited the rules? I've
> seen that confuse the GUI before.

I decided to redo everything from scratch as a sanity check:

dom0: sudo qubes-dom0-update qubes-template-debian-10-minimal
dom0: qvm-clone debian-10-minimal tpl-deb-10-min
dom0: sudo dnf erase qubes-template-debian-10-minimal
dom0: qvm-run -u root tpl-deb-10-min xterm
tpl-deb-10-min: apt-get update
tpl-deb-10-min: apt-get install qubes-core-agent-passwordless-root
qubes-core-agent-networking qubes-core-agent-dom0-updates
tpl-deb-10-min: apt-get dist-upgrade
tpl-deb-10-min: apt-get autoremove
tpl-deb-10-min: apt-get autoclean
tpl-deb-10-min: sudo poweroff
dom0: qvm-create --template tpl-deb-10-min --label blue sys-firewall2
dom0: qvm-prefs sys-firewall2 provides_network true
dom0: qvm-prefs sys-firewall2 netvm sys-net
dom0: qvm-create --template tpl-deb-10-min --label red app-test
dom0: qvm-prefs app-test netvm sys-firewall2
dom0: qvm-start app-test
dom0: qubes-qube-manager

When checking the Firewall tab of app-test the Qube Manager does not
complain. ... so I must have done something wrong the first time around.

I'll clean this up. Thank you for your help!

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200211212143.GA949%40app-email-private.


signature.asc
Description: PGP signature

Re: split-mail setups (was: Re: [qubes-users] Will Thunderbird 78 kill Qubes Split gpg?)

[Sven Semmler]

On Tue, Feb 11, 2020 at 09:13:36PM +0100, dhorf-hfref.4a288...@hashmail.org 
wrote:
> On Tue, Feb 11, 2020 at 11:35:19AM -0600, Sven Semmler wrote:
> > Makes me happy I switched to mutt late last year. But that's not really
> > a solution for the masses.
> 
> mutt in a no-netvm mua-vault?
> with fetchmail-vms feeding it through qubesrpc-procmail?
> and separate vms for qubesrpc-msmtp for sending?
> or msmtp-vms mixed with the fetchmail-vms based on credentials-overlap?
> 
> but, yes. not really a solution for the masses.
> 
> :)

lol... just mutt/fetchmail/postfix/qubes-split-gpg in a firewalled qube.

however, I am afraid that you have already successfully placed a virus in 
my head. That setup sounds like a challenge. Any documentation you could 
link? 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200212005358.GC917%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Will Thunderbird 78 kill Qubes Split gpg?

[Sven Semmler]

On Tue, Feb 11, 2020 at 09:48:52PM -0800, Claudio Chinicz wrote:
> Can you provide more details on mutt and how to implement its use with 
> Qubes (and TB I suppose)?

Hi Claudio,

modern email clients like Thunderbird combine serveral functions into
one software package:

- mail user agent (MUA)
- mail transfer agent (MTA) speaks SMTP
- mail retrieval agent (MRA) speaks POP or IMAP

Actually, originally mail was nothing more than mailfiles transported
from one machine to another via SMTP and stored in the local file
system. That was at a time where all machines were stationary and
constantly connected.

Later we then had dedicated SMTP and POP/IMAP servers that would do the
sending and receiving for you so your local machine wouldn't have to
deal with retries (SMTP) and incoming mail would be stored somewhere
until your machine came online. Those servers are called "smart hosts".

- mutt is a MUA
- postfix is a MTA
- fetchmail is a MRA

Here are some helpful pages:

- https://www.qubes-os.org/doc/mutt
- https://www.qubes-os.org/doc/postfix
- https://www.qubes-os.org/doc/fetchmail

But very little in this setup is Qubes specific, so there is a multitude
of information when you search for mutt, postfix and fetchmail.

In any case it is a replacement for Thunderbird/Enigmail (mutt works
with GnuPG) and it's all happening in the terminal ... so no GUI. This
is why I wrote it's "not a solution for the masses".

Cheers,
/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200212171921.GA971%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Is Qubes Split GPG safe?

[Sven Semmler]

On Wed, Feb 12, 2020 at 11:10:09AM -0800, Claudio Chinicz wrote:
> But TB 79 will not support 
> Enigmail(https://wiki.mozilla.org/Thunderbird:OpenPGP:2020), so we'll "miss" 
> split gpg working with TB.
> Any alternative with GUI like TB?

These are quite popular and work with GnuPG (and therefore very likely
also with split gpg):

- KMail (KDE)
- Evolution (Gnome)
- Claws (GTK+)

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200212205016.GB971%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Ubuntu templates

[Sven Semmler]

On Mon, Feb 05, 2018 at 01:01:28AM +, Unman wrote:
> When I post in these mailing lists I don't speak for Qubes: I'm posting
> as a Qubes user. I think there may be some people who aren't confident
> enough, or don't have time, to build Ubuntu templates for themselves, so
> I build example Templates and make them available. I also host repos to
> serve deb packages for Ubuntu.
> I use a dedicated machine for building, a caching proxy to save
> downloads, and run through Tor. Is that secure and reliable?
> 
> That said, I STRONGLY recommend that you build these templates for
> yourself.

Done. My only open question now is: how do I get qubes-specific
updates?

I know I could just hook up to unman's repos, but if I wanted to do it
myself? 

- I have the qubes-builder setup and have successfully created a 
  bionic template (using it right now). 

- How do I know there are changes to the qubes-* packages? Can I monitor
  that on Github somehow? Just run qubes-builder every weekend?

- Obviously I don't want to redo all my customizations to the template
  every time there are new packages. Where in the qubes-builder output
  can I find the respective packages? I suppose I simply qvm-copy them
  into my template and then run 'apt install'?

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200214021147.GB1083%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Ubuntu templates

[Sven Semmler]

On Fri, Feb 14, 2020 at 12:07:51PM +, Unman wrote:
> Good stuff.
> It's somewhat difficult to see exactly what's happening in Github.
> A "foolproof" method would be to watch for update-notifications for
> Debian templates, and rebuilding accordingly. (If you generally use
> stable you might care to set up a "testing" template and qube for this
> purpose.)

All my "system" qubes run on debian-10-minimal and by definition have
the critical qubes-core-agent- packages installed. I'll use that as a
notification mechanism. 

> The packages are in qubes-packages-mirror-repo, in the "deb" directory
> under vm name. You can indeed just copy them in and install.

Great! Thank you!

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200214171330.GA1298%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] How well does Qubes OS actually protect against key lockers ?

[Sven Semmler]

On Wed, Feb 19, 2020 at 04:19:07AM -0800, A wrote:
> How well does Qubes OS actually protect against key lockers ?

Through compartmentalization: this means if someone has a successful
exploit and installs a key logger only that qube will be affected.

Example:

- web qube
- email qube
- project 1 qube (offline)


If by clicking on something in the web qube, you end up having a
keylogger there, everything you do in the email and project 1 qube
should still be invisible for that keylogger

Of course, if you got somehow tricked into installing tainted software
in dom0 the game is over.

An additional level of defense can be achieved by having e.g. your web
qube be disposable (not storing state through reboot). That way if you
get infected in one session, after you stop/start the qube you are clean
again.


/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200219152445.GA1130%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] What happened to "paranoid mode"?

[Sven Semmler]

On Tue, Feb 25, 2020 at 12:42:42AM +0530, Anil wrote:
> At that time I didn't notice, but what in the world is TOFU? I even
> looked it up on Google, in Urban Dictionary, but still couldn't decide
> in which sense it was being used and for what.

In top-posting style, the original message is included verbatim, with the reply 
above it. It is sometimes referred to by the acronym TOFU ("text over, 
fullquote under"). It has also been colloquially referred to as Jeopardy! reply 
style: as in the game show's signature clue/response format, the answers 
precede the question.

https://en.wikipedia.org/wiki/Posting_style

/Sven

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200225011749.GA1116%40app-email-private.


signature.asc
Description: PGP signature

[qubes-users] Device () available / removed

[Sven Semmler]

Hi,

I just downloaded the latest updates (incl. dom0 updates)... shortly
after installing them I saw a notification "Device () available" twice
and then maybe 2-3 minutes later "Device () removed" twice.

Any idea what this was? ... is this connected to the update? How would I
investigate?

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200225231023.GA1105%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Benefits of Sys-Firewall

[Sven Semmler]

On Thu, Feb 27, 2020 at 07:40:40PM -0800, Claudio Chinicz wrote:
> Being a non technical user of Qubes, I'd like to ask the community about the 
> benefits of using an additional VM between an AppVM and Sys-Net.
> 
> I do not configure Sys-Firewall and therefore it should be "all" open, right?
> 
> If I were to configure it for a specific purpose, like for a MailVM, I'd have 
> to use 'clones' of Sys-Firewall, one for each specific purpose, correct?
> 
> So, I got confused. Is there a benefit for using Sys-Firewall without
> configuring it?

When you configure firewall rules for e.g. email VM it is the
sys-firewall that enforces them. This point is critical, since otherwise
if your email VM get's compromised the malware could simply disable or
workaround the firewall.

You want your sys-firewall to be separate from sys-net for the same
reason: compartmentalization. 

First of all, your sys-net VM needs to have virt_mode hvm (hardware VM)
because you assing the Wifi and Ethernet controllers to it. The sole
purpose of this VM is to provide connectivity, so even if it get's
compromised through e.g. a WiFi controller firmware issue ... there is
nothing in it of any interest to the attacker. 

Ideally, if your traffic is encrypted (https, VPN, tor etc) the attacker
can't even spy on much other then which IP's you are talking too. 

"Normal" VMs / qubes have virt_mode pvh which offers better security
(this is where my knowledge gets a little shacky). It is the default
type in Qubes R4.0. But a PVH can't have PCI devices assigned to it.

To recap:

sys-net: hardware VM with attached network controller
 sees only traffic, no other information besides your
 WiFi passwords is stored here

sys-firewall: PVH, enforces firewall rules for connected VMs
contains no information other then firewall rules
get network from sys-net

e.g. email VM: PVH, get network from sys-firewall and has
   therefore no way around the rules enforced 
   by it.

The firewall rules are properties of your VMs and not available to the
VM itself. 

I hope others will correct me if I got anything wrong.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2020022904.GA1167%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Howto enable quiet boot/splashscreen during boot qubes 4.03

[Sven Semmler]

On Mon, Mar 02, 2020 at 11:28:30AM -0800, Dave wrote:
> I have installed the latest qubes 4.03 today, but dont have a splashscreen 
> during startup.
> How can i hide all bootlog messages, and show the qubes splashscreen 
> instead ..?

Hi Dave,

I had the same issue. Always had a graphic boot screen but when I did a
fresh install with 4.03 it was gone ... thing is after all the latest
updates it is back. So it might be as easy as 'sudo qubes-dom0-update'
and reboot.

Cheers,
/Sven

> 
> Thanks in advance,
> 
> Dave
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/bcaed4da-7528-420b-a6e6-816554e238c4%40googlegroups.com.


-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200302201346.GA1101%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Ubuntu templates

[Sven Semmler]

On Fri, Feb 14, 2020 at 12:07:51PM +, Unman wrote:
> It's somewhat difficult to see exactly what's happening in Github.
> A "foolproof" method would be to watch for update-notifications for
> Debian templates, and rebuilding accordingly. (If you generally use
> stable you might care to set up a "testing" template and qube for this
> purpose.)

Got two more questions:

- the ubuntu templates have a file
  /etc/apt/sources.list.d/qubes-contrib-r4.0.list which contains URI's
  to the qubes-os server (e.g. https://contrib.qubes-os.org/deb/r4.0/vm
  bionic main)

  Those don't work for me, which makes sense as Qubes can't provide
  Ubuntu binaries. Correct?

- the above though got me thinking... if I build using my own signing
  key, run a webserver on the qubes-builder VM and configure the
  firewall to allow the Ubuntu templates on my machine to connect to the
  qubes-builder VM ... then I could replace the above URI with my local
  qubes-builder VM IP and 'apt update' should pick it up - right?

  There is probably another file that I need to create for this to work
  ("Release file")?

Thanks!

PS: I know Unman is doing all this work and that's awsome ... I could just 
use his binaries ... but where is the fun it that ;-)

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200302203613.GB1101%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Ubuntu templates

[Sven Semmler]

On Mon, Mar 02, 2020 at 11:58:56PM +, Unman wrote:
> Yes, but I dont think my templates have that file.
> Isnt it deleted as part of 09_cleanup?

All I did is:

-> new Fedora 23 minimal standalone VM
-> install all dependencies as listed on Qubes website
-> git clone
-> setup script
-> only bionic 
-> no precompiled 
-> the 4 make runs as instructed by the scripts output

I'll see if I can locate the '09_cleanup' section in the makefile and
have a look.

> Indeed you can do this - use reprepro to create the relevant files in
> your repo, and serve it with a tiny web server.
> Keep having fun.

I will & thank you for all the answers and work on Qubes. 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200303003508.GA1414%40app-email-private.


signature.asc
Description: PGP signature

[qubes-users] cache for UpdateProxy?

[Sven Semmler]

I have several template VMs that are based on the same distro but with
different software installed.

tpl-ubu-18-apps  ... for offline / disposable qubes ... lots of apps 
tpl-ubu-18-web   ... for online / disposable qubes ... just firefox
tpl-ubu-18-email ... fetchmail / postfix / mutt
tpl-ubu-18-base  ... just the basics for all kinds of qubes

Even though those templates have all their special purposes and contents
there are lots and lots of packages that are installed in all of them.

If I now run my update scripts, each of those will download identical
packages. All of them will do so through the Qubes UpdateProxy
(tinyproxy?).

Is there a way for me to configure this proxy to hold a very short term
cache? Something like 30 minutes? Meaning if an identical download was
requested within the last 30 minutes a locally cached copy is served
instead of downloading it again from a remote server. 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306073255.GA1076%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] cache for UpdateProxy?

[Sven Semmler]

On Fri, Mar 06, 2020 at 12:38:45PM +, unman wrote:
> Drop in apt-cacher-ng in its place to get lightweight caching proxy.

Thank you! A keyword is all I needed ...

- https://github.com/QubesOS/qubes-issues/issues/1957
- https://github.com/unman/notes/tree/master/config/cacher

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306214300.GA1106%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Device () available / removed

[Sven Semmler]

On Fri, Mar 06, 2020 at 08:38:39PM +, 'awokd' via qubes-users wrote:
> > I just downloaded the latest updates (incl. dom0 updates)... shortly
> > after installing them I saw a notification "Device () available" twice
> > and then maybe 2-3 minutes later "Device () removed" twice.

> Response might be too late, but was it updating dom0 or a template at
> the time? Cross-reference dom0 or the template's journalctl device
> messages with /var/log/dnf.log (or apt if it was a Debian template) to
> find out what package was being updated when the device change happened,
> then dig into details of that package to see what it would impact.

Hi awokd,

I'm afraid my linux skills are not sufficient to explain this with
confidence. What I can see in the logs you pointed my to is:

-> major updates in dom0 including kernel, linux-firmware, salt
management stack

-> right around the time I've seen the notifications I see lots and lots
of dracut output aparently building a initramfs (seems to be a file
system image)

-> apparently at the same time I also had a VM with qubes-builder
running

-> Qubes memory management was busy reshuffleing RAM

-> the Qubes OS daemon was restarted

-> qubesd also reports: permission denied for call
b'admin.vm.device.block.Available'+b'' (b'dom0' -> b'disp213') with
payload of 0 bytes

I don't expect you or anyone else on this list to solve this for me, but
if the above gives you any ideas I'd be thankful to hear them.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306225309.GB1106%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Serial ports in Qubes appvms

[Sven Semmler]

On Fri, Mar 06, 2020 at 10:12:07PM +, donov...@unseen.is wrote:
> I'd like to use serial console (via a serial port on the mobo and appropriate 
> cable) into a piece of equipment using an appVM. I tried using dmesg, but 
> dom0 term says "operation not permitted". 

I'm doing this all the time using USB-to-serial-cables and minicom
instances in a Standalone HVM.

It would probably work just by assigning that USB device to a regular AppVM,
but since I also have other devices connected (ICE, I2C/SPI logger,
logic analyzer) I just assign the entire USB controller to the HVM.

If your serial port controller shows up with qvm-pci you could also try
to assign that one the the VM. 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306231548.GC1106%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Device () available / removed

[Sven Semmler]

On Fri, Mar 06, 2020 at 11:01:56PM +, 'awokd' via qubes-users wrote:
> > -> apparently at the same time I also had a VM with qubes-builder
> > running
> 
> That would do it. It frequently sets up loop devices while doing a
> build, so you'd see those messages.

:-) Thank you!

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306232505.GE1106%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] cache for UpdateProxy?

[Sven Semmler]

On Fri, Mar 06, 2020 at 03:43:00PM -0600, Sven Semmler wrote:
> On Fri, Mar 06, 2020 at 12:38:45PM +, unman wrote:
> > Drop in apt-cacher-ng in its place to get lightweight caching proxy.
> - https://github.com/unman/notes/tree/master/config/cacher

For others reading this now or later... making the salt in the above
link work is more then I could handle* (there were some dependencies on
other salt scripts I didn't have). However, unman also has a super
helpful step-by-step instruction:

https://github.com/unman/notes/blob/master/apt-cacher-ng

This worked as described with the following restrictions:

-> debian templates did not work unchanged due to the https:// URIs but
once I changed those to http://HTTPS/// it worked just fine

-> ubuntu did work out of the box as the URIs are http://

-> some 3rd party repos needed the http://HTTPS/// change (e.g.
   Signal)

-> I couldn't get it to work with the one Fedora qube I have
(qubes-builder) and wasn't in the mood to tinker. Since it's the only
Fedora instance (besides dom0 which is an entirely different version)
having a cache would bring me no benefit.

I don't quite understand why repos would be hosted on https:// URI in
the first place. The contents is hardly confidential, the authenticity
is checked via signatures ... why the overhead? Might be off-topic for
this list though. 

/Sven

*salt along with Python is something I know I have to learn, but right
now just don't have the mental bandwidth for

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200307033447.GB1101%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Appvm freezes whole system on startup?!

[Sven Semmler]

On Sat, Mar 07, 2020 at 06:15:11AM -0500, Stumpy wrote:
> On 2020-03-06 08:16, Stumpy wrote:
> > I shutdown an appvm then tried to start it back up, but now, when i try
> > to start it up, my monitor goes white (with a very thin outline of the
> > appvm that i started, and then nothing. I cant kill it, change
> > workspaces, access menus, nada.
> 
> Is anyone else having a similar problem?

I had a simlilar issue months ago when I installed 'gnome' as in the
whole desktop environment. I suggest when doing so one can damage the
GUI integration with Qubes.

When installing packages or trying things out I've never done before I
always do so in an AppVM, no the TemplateVM. The advantage being, if I
mess things up all my changes to the VM are gone once I restart it.

Only after testing changes successfully in an AppVM do I then install
them in the TemplateVM (with the obvious exception of things I've
installed before or that couldn't conceivably mess things up).

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200307173638.GA1166%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Win7 Qubes windows-tools v3.2. attaching any device failsf

[Sven Semmler]

On Sat, Mar 07, 2020 at 07:42:06AM -0800, xyzo wrote:
> I updated the pv drivers to 8.2.2 and now win 7 is running a lot smoother. 
> If I attach the audio pci controller under devices in Qubes device manager. 
> The audio will work and is recognized in win 7. That's great but Is there 
> anyway I can get the audio to work with out attaching audio controller to 
> only win 7? I'd like to have audio running in other appvms in parallel to 
> hvm.

I use a little USB audio in/out adapter [1] for $9.99 

> Also, attaching the USB controller pci to win7 will stop win 7 from 
> booting. It will say "no bootable device was found" when I run it.  And if 

I get this error if there is any storage media connected on USB when I
boot the Windows VM. Maybe try again and make sure nothing is connected
when you boot.

Also: for some strange reason I need to limit my VMs memory to 2048MB
when attaching the USB controller. Otherwise it'll crash. Your millage
might differ.

> I try attaching  any USB device  through dom0 "qvm-usb attach Win7 
> sys-usb:2-7" I get "exception failed. Device failed to attach" I'm lost 
> with this one. any help is appreciated thanks

It's my understanding that this functionality is simply not implemented
in the Qubes Windows drivers. The way this is implemented in Qubes is
using USBIP but instead of a network IP connection it uses the XEN
qrexec mechanism: https://github.com/QubesOS/qubes-app-linux-usb-proxy

So I tried to run USBIP in Windows and run an unchanged USPIP host in
sys-usb a couple years back and that worked for simple devices /
protocols (e.g. USB-to-serial interface but not more complex USB devices
like RealICE debuggger). So I gave up on that and instead have dom0
scripts to easily switch the controller between sys-usb, app-dev and
app-win.

/Sven

[1] TROND External USB Audio Adapter Sound Card with One 3.5mm Aux 
TRRS Jack for Integrated Audio Out & Microphone in
https://www.amazon.com/gp/product/B07L56C28R/

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200307175240.GB1166%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] How to expand the amount of storage in a Win10 HVM ?

[Sven Semmler]

On Tue, Mar 10, 2020 at 02:09:18PM -0700, 'M' via qubes-users wrote:
> But how do I configure the amount of storage space manually ?

- start your Windows VM
- open start menu and type 'disk'
- select the 'create and format hard disk partitions' entry
- when the 'Disk Management' starts it will prompt you about an
  uninitalized disk. Cancel that dialog.
- now you should see three disks.

- Disk 0 is the system disk
- Disk 1 contains the private image / user files
- Disk 2 ... leave that one alone

- if you enlarged the system area you will see free space after the 'c:'
  partition. Right-click on 'c:' and choose 'Extend Volume...'
 
- same works for 'D:' if you enlarged the private volume

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200310211932.GA1104%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Embarrassing question

[Sven Semmler]

On Tue, Mar 10, 2020 at 06:57:47PM -0500, Stuart Perkins wrote:
> How do I edit the configuration to suppress the splash?

There seems to be a parameter "rhgb" (Red Hat Graphical Boot) that needs
to be removed. 

https://groups.google.com/forum/#!topic/qubes-users/jsCup_hVa-E

> How do I regenerate the boot files?

If you boot with Grub by editing /etc/default/grub then run grub2-mkconfig -o 
/boot/grub2/grub.cfg

If you boot with EFI then just edit /boot/efi/EFI/qubes/xen.cfg

See also the bottom of this page for an example: 
https://www.qubes-os.org/doc/usb-qubes/

> None of it is making any sense today.

I haven't verified the above instructions will work, but hope they'll
get you started in the right direction. 

Cheers,
/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200311004356.GB1104%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Installing templates.

[Sven Semmler]

On Thu, Mar 12, 2020 at 01:03:50PM -0700, drbgw...@gmail.com wrote:
> Pardon my basic understanding, but I probably need someone to serve this up 
> to me in a  very easy way.  I haven't asked this question because its so 
> basic so maybe I can get a lead here?

I'll take a shot at it. 

Let's say you have a VM called 'web' in which you downloaded a file
'template.rpm' which is not stored under
/home/user/Downloads/template.rm in that 'web' VM.

You want to transfer it to dom0.

So in dom0 you will be using a command called qvm-run, which allows you
to run/start programs inside VMs. It has a parameter called --pass-io
which let's you see the output of that program in your dom0 terminal.

You can test this for example with a simple text file. In your 'web' VM
start a terminal and use gedit to create a text file test.txt in your
home directory (/home/user/test.txt). Put some "hello world!" text
inside and safe it / close gedit. Not in your terminal write "cat
/home/user/test.txt" and you will see the contents of that text file in
the terminal.

Next, go to dom0 and open a terminal there. In that terminal write:
"qvm-run --pass-io web 'cat /home/user/test.txt'"

Now you see the context of the text file in your dom0 terminal. The
final step is to add something to the end of this command: "qvm-run
--pass-io web 'cat /home/user/test.txt' > /home/user/test.txt

When you run this, instead of seeing the output in the terminal it is
now written into /home/user/test.txt in dom0! You can verify with "cat
/home/user/test.txt"

I've explained this with a little text file to make it easy to
understand. Back to your /home/user/Downloads/template.rpm in the web
VM. We can use the same mechanism:

qvm-run --pass-io web 'cat /home/user/Downloads/template.rpm' >
/home/user/template.rpm

It'll take a few secondes or maybe even a minute depending on your
computer and the size of the file. But when it's done you know have
successfully copied the template.rpm into dom0 and can now run 

sudo dnf install template.rpm

This is all described a bit more brief at
https://www.qubes-os.org/doc/copy-from-dom0/ 

Cheers,
/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200312212520.GB1113%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Installing templates.

[Sven Semmler]

On Thu, Mar 12, 2020 at 04:25:20PM -0500, Sven Semmler wrote:
> inside and safe it / close gedit. Not in your terminal write "cat

... close gedit. *Now* in your terminal ...

> computer and the size of the file. But when it's done you know have

... when it's done you *now* have ...

Sorry for the typos.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200312212935.GC1113%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Win7 Qubes windows-tools v3.2. attaching any device failsf

[Sven Semmler]

On Thu, Mar 12, 2020 at 11:07:18AM -0700, xyzo wrote:
> So the script would basically be something like "qvm-pci attach app-win 
> dom0:bdf_usb_controller_address"?

I always do this while the hvm is shutdown in which case you need to add
the --persistent parameter. Also some (including my) USB controller
don't support PCI resets so you need an additional parameter dealing
with that...

qvm-pci attach win --persistent --option no-strict-reset=True
dom0:xx_xx.x

> I will look into the usbip thanks..

Don't hold your breath. It won't work for more complex devices.

> But have you ever tethered into Win7 while USB controller attached to win7. 
> [...] I think it's possible it's just a matter of configuring your win7 net 
> adapter correctly..

Well I've seen it happen by accident ;-) My normal setup is to enable
the hotspot function on my iPhone and have sys-net connect to it via
WiFi. 

Then I assign the USB controller to Windows and start it while my iPhone
is also connected to the PC to charge. In Windows I have iTunes
installed and with it the USB-Ethernet drivers. So as soon as Windows
sees my iPhone it uses it as primary network interface. 

Basically I agree if you only thether then assigning the USB controller
to Windows will have the rest of Qubes offline (since now obviously
sys-usb doesn't have it anymore). But Windows should be able to use the
conntection if the right drivers are installed.

Side note: my old MacBookPro which I used with Qubes R3.2 had two USB
controllers. So I could keep one connected to sys-usb while the other
one was connected to Windows. Just had to figure out which port connects
to which controller. You might be lucky and also have two controllers. 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200312214630.GE1113%40app-email-private.


signature.asc
Description: PGP signature