I've finally got Qubes set up in a way I'm comfortable working every day.
Now I wanted to move that same installation to another drive for its
permanent home.
The current drive has a standard bios /boot partition (sda1), and an
encrypted extended partition (#5) containing lvm with swap and /.
Th
> I've finally got Qubes set up in a way I'm comfortable working every day.
>
> Now I wanted to move that same installation to another drive for its
> permanent home.
Oh, I also meant to ask this:
Does all of the Template/VM state live in /var/lib/qubes? Obviously the
machines' disks do, and it
Qubes 3.2rc3-testing (and earlier), AMD Athlon X2, GeForce motherboard,
NVidia MCP61 USB controller:
I'm currently running Qubes from an external USB drive. (Moving to
internal drive as soon as I figure out how to smoothly migrate it.) For
now, it works great in general.
In the meantime, I've n
> Anaconda is notorious for messing up specific requests for volume
> layout. You would stand a much better chance of getting help in a fedora
> or redhat forum... they have many more people experienced with this.
Cool, thanks. I guess it is a more general grub/luks/lvm issue, and not
necessarily
> On Sunday, September 11, 2016 at 11:11:28 PM UTC-4, Drew White wrote:
>> On Friday, 9 September 2016 18:58:51 UTC+10, Thomas Ernst wrote:
>> > Hi all,
>> >
>> > Does Qubes support NVIDIA GeForce graphics cards? The reason for
>> asking is that I am planing to buy a Lenovo ThinkPad T460p Laptop,
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-09-19 13:36, johnyju...@sigaint.org wrote:
>>> I've finally got Qubes set up in a way I'm comfortable working every
>>> day.
>>>
>>> Now I wanted to move that same installation to another drive for its
>>> permanent home.
>>
>> Oh, I a
Quite frequently, under Debian-8, when I go to assign a device, it quietly
appears to work (Qubes Manager shows it assigned), but the device never
shows up, and the VM's dmesg shows things like this:
[Tue Sep 20 13:17:09 2016] xenwatch: page allocation failure: order:5,
mode:0x240c0c0
[Tue Sep 20
> Quite frequently, under Debian-8, when I go to assign a device, it quietly
> appears to work (Qubes Manager shows it assigned), but the device never
> shows up, and the VM's dmesg shows things like this:
A bit more info:
I repeatedly failed to add a device to one VM.
I close another VM, freein
> On Wednesday, 21 September 2016 02:25:15 UTC+10, johny...@sigaint.org
> wrote:
>> > On Sunday, September 11, 2016 at 11:11:28 PM UTC-4, Drew White wrote:
>> >> On Friday, 9 September 2016 18:58:51 UTC+10, Thomas Ernst wrote:
>> >> > Hi all,
>> >> >
>> >> > Does Qubes support NVIDIA GeForce graph
Has the Qubes team ever considered the use of btrfs?
https://en.wikipedia.org/wiki/Btrfs
It's been the default root FS for Suse since 2012:
https://www.linux.com/news/suse-linux-says-btrfs-ready-rock
While reading about its features (and using it) it seems like it would be
especially well-suite
> Has the Qubes team ever considered the use of btrfs?
I do see Qubes does indeed support btrfs as a root fs during install. Cool.
JJ
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Thu, Sep 22, 2016 at 03:56:57PM -0700, Connor Page wrote:
>> In fact, I think the right question is "Will Qubes 4 be compatible with
>> btrfs root if vm storage is expected to reside on a LVM thin pool?"
>
> This is a good question. The new
> Mr. Harrison:
>> Dear qubes-users,
>>
>> I am long time qubes follower and user. I apologize in advance if anyone
>> feels this request is spam.
>>
>> I am looking for two invite codes needed to sign up to anonymous
>> riseup.net email service.
I agree that asking random strangers for Riseup inv
> Hello,
>
> New version of Qubes Screenshot tool available.
>
> https://github.com/evadogstar/qvm-screenshot-tool
>
>
> If you do not know what is it: a tool to easy make screenshots and
> upload them to the AppVM and to the web ( imgurl service ).
>
> Changelog:
> - Now, it's possible to re-open
> Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet.
>
> The Qubes machine is sharing its Internet connection.
>
> Let's say the Qubes machine gets hit with a DMA attack.
>
> The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for
> DMA protection.
>
> Can th
(Apologies if this is a duplicate; I could have sworn I already submitted
it, but I don't see any sign of it on the list or my outbox. Weird.)
USB is generally considered evil/risky as compared to the simpler/safer
PS/2 protocol; in that spirit, it might be handy to have "inputattach" in
dom0, to
> If the Qubes machine is hit by a DMA attack, it is compromised and could
> thus tamper with the forwarded Internet connection however the attacker
> desires. (As well as scraping any credentials you might use in common on
> the Qubes box, and carrying out aggressive attacks on anything on your
>
> Simple question: Why are Ethernet and WiFi in sys-net..?
>
> Is it
>
> (A) Just for easy access to the same network for all App VMs..?
>
> (B) Because this is isolating Ethernet and WiFi from the rest of the
> system, to stop DMA attacks..?
Primarily (B). Any DMA attack or other network hardwar
Chris wrote:
> Especially if you did the sharing via a separate vpn or ssh tunnel. But
> in general, I don't think Qubes security should be considered much if
> any benefit to adjacent non-Qubes systems.
I'm curious as to why you would say this.
Any additional firewall between a Laptop and the ne
Chris wrote:
> Especially if you did the sharing via a separate vpn or ssh tunnel. But
> in general, I don't think Qubes security should be considered much if
> any benefit to adjacent non-Qubes systems.
This is one of my favorite implicit features of Qubes:
Setting up multiple layers of network
> I am surprised that there is no way to disable ipv6 on Debian template.
>
> I reinstalled first the template using documentation
> https://www.qubes-os.org/doc/reinstall-template/
>
> Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I
> did reboot the Template but it didn't
> OK, it's the original poster here.
> The consensus so far is that anything I run inside sys-net should be
> vulnerable, and that it is advised not to run programs in sys-net.
>
> So, in this case, how am I supposed to run my Ethernet Tor hotspot..?
I think you're going to have be more specific a
> In terms of "hotspot" terminology, what it does is, quote from author of
> the script:
>
> "it bridges the two interfaces but uses NAT to achieve it"
Ah, so it sets up some iptable nat rules (and maybe tweaks torrc to allow
it to listen on a non-local interface; although iptables could do that
r
> I'm pretty sure that can be done fairly simply, out-of-the-box via
> NetworkManager, not requiring a script:
Oh, and another good tip, is to make another NetworkManager show up in a
secondary VM (other than just from sys-net), you can manually add
"network-manager" (and check it) as a service in
> nishiwak...@gmail.com:
>> Hello,
>>
>> I am surprised that there is no way to disable ipv6 on Debian template.
>>
>> I reinstalled first the template using documentation
>> https://www.qubes-os.org/doc/reinstall-template/
>>
>> Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf
> OK, but I have already built the script. I have it running in Net VM. It
> works.
>
> I am NOT asking you to make an alternative system.
>
> I am simply asking whether an attack on the WiFi/Ethernet in the Net VM
> could also end up messing up my Tor script.
>
> Look at the question again:
>
> ht
> If your Tor is running in another appVM, such as whonix-gw does, the worst
> a sys-net compromise could do is redirect the *encrypted* Tor traffic from
> whonix-gw, which isn't terribly useful for the attacker.
Oh, I should mention, as you asked in your original question, that yes, a
compromised
> Yeah... and surely this is exactly what can happen, no..?
>
> We had 2 Xen exploits in the last 1 year.
I expect those exploits have caused a lot more scrutiny of the code, so
hopefully such exploits won't be heard of again. Qubes devs are moving
away from PVM which should avoid the threat of s
> Hi folks,
>
> Any chance that there will be added in the feature for snapshots?
> even CoW snapshots would be good, then a consolidation option once done.
>
> I have one issue where I want to do something, but I have to 7z the VM
> before I can do anything to it in-case it breaks.
>
> I know that
> OK, so the main takeaway from your answer:
>
> "The card doesn't have a host CPU and so it doesn't require a firmware
> source"
>
> that seems like the most interesting
>
> the driver would still need to be bug-free though
>
> who knows whether any of these have even been audited
I think the wir
> Well, entr0py, you are correct.
>
> It does indeed come down, to either Xen, or my networking stack.
>
> Let me ask... what is the security like for Ethernet..?
Anything going over a wire is going to have a far shorter RF leakage range
than WiFi. Unless your threat actor is in the house or next
> And yes, by all means, I will use Whonix's system rather than my own
> custom script.
I agree that Whonix is a key component. A NetVM that ensures *all* your
traffic goes through Tor, with no leakage, as well as doing secure DNS
lookups for you, is a big security plus.
They've also put a fair
> Please read if you haven't already:
>
> http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
>
> 2 big takeaways:
>
> 2. The Physical Gateway needs to be secure not only from attacks from the
> Internet but also attacks from the client appVM.
Have
> Thank you guys for your help, but unfortunately I don't think there is a
> way to get rid of this process listening on tcp6 on init (systemd... d
> standing here for distant...). It is listed as 1 on PID, I don't think you
> can't remove it, it is a main process. So I am not interested in using
> What does "systemctl list-sockets" show? Any services that systemd is
> providing a listener for should be listed here.
If you do spot a network socket service in that listing, you can stop the
current service with "systemctl stop blah.socket", and disable it in the
future (next reboot or VM re
> Wow. Not even 4 GB of compiled drivers for the WiFi. You are saying it's 4
> GB of raw plaintext source code..?
>
> WOW
>
> That's INSANELY complex.
Apologies, I spoke a bit hastily. What was seeing was 4 million Git
objects, not 4G of data (although it may be). And that included all
branches
> Really ? No one to find also suspicious a wild init/1 tcp6 port listening
> on your templateVM, right out of the box ? This got to be real.
...
> I am answering you on my phone just because it seems my old Qubes deleted
> partition doesn't like very much my USB key to runs over it, for some
> rea
> On Monday, 26 September 2016 12:11:56 UTC+10, johny...@sigaint.org wrote:
>> AppVM's are designed to toss changes, other than /home, /rw, /usr/local.
>> It's a good thing; if one gets compromised, it's a temporary compromise.
>> :)
>>
>> If you want permanent changes, update your template.
>>
>>
> I just copied my standalone VM that was working, to back it up.
>
> Then I restored the .img files, which is the HDD, and now it's telling me
> I don't have the dependancies to run the application that I was running
> before I copied the img files.
>
> Why is this broken?
> Why will backup/resto
> Hmmm, you would probably also need to re-export the app shortcuts to dom0.
> This *may* be the best way to do it, but the Qubes devs may have a better
> suggestion. Open a terminal in the newly restored VM and run:
>
> "/usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh
> /etc/qube
> If I think a computer has been infected, is there anything else I should
> wipe/re-install other than
>
> 1. Hard Drive / Operating System
>
> 2. BIOS
>
> Is there anything else that a hacker could possibly infect that needs to
> be wiped/re-installed..?
Lol, don't get me started...
- Any PCI c
>> Especially if you did the sharing via a separate vpn or ssh tunnel. But
>> in general, I don't think Qubes security should be considered much if
>> any benefit to adjacent non-Qubes systems.
>>
>> Chris
>>
>> > The benefits far outweigh the risks, as long as you don't do most of
>> your
>> > cri
> I forget which blackhat event, they showed how you can think you are
> flashing a bios. But the malware will remain.
That's creepy. Don't most BIOS flashing utilities do a verification? Or
perhaps the flashing utility itself is what was compromised in the
blackhat demo.
Another reason why d
> I'm back with a brand-new workstation setup to try Qubes on. I bought a
> Matrox C680 and hooked up six monitors to its DisplayPort outputs. I'm
> using Qubes R3.2 fully updated as of now, with XFCE.
Six monitors??? Wow!
Can I come over and hang out at your place?
JJ
--
You received this me
> On Tuesday, September 27, 2016 at 6:51:31 AM UTC-4, neilh...@gmail.com
> wrote:
>> If I think a computer has been infected, is there anything else I should
>> wipe/re-install other than
>>
>> 1. Hard Drive / Operating System
>>
>> 2. BIOS
This also brings up the question of BIOS vs. EFI, which h
> How about Google Chromebooks which have a system to auto-restore the OS if
> it thinks it's been tampered with..?
Doesn't that imply trust in Google, who is known to cooperate with NSA and
such (as required by US law)?
I have had serious problems with a hacked Android phone, and the
"weirdness"
> Also just to add qubes devs have fedora template with less listening
> process then debian-8 which is not default and more community based. But
> if you want to use use debian instead for your sysnet or firewall or w/e.
> You can disable all the listening processes yourself.
It's an outstandin
> The "listening" services are less of a concern, since the firewall
> wouldn't permit any incoming connections to be passed through to start
> with. It's the "phone home" style services, like time sync, Samba name
> lookups on microsoft servers, and such, that are more concerning, and
> privacy-b
> My PC's RT clock might drift by a few seconds each week
Actually, it's not even that bad. I'm sure I've fired up motherboards or
laptops that haven't been touched in years, and their clocks were accurate
within a minute.
So there's no need for synchronizing your time so frequently.
I just rea
> Like many encrypted tunnel setups, Tor requires both ends to have similar
> date/time. You can easily test this by manually setting to the wrong
> time, and watching the Tor fail.
>
> Tor also checks your local date/time against the consensus status
> document, and will warn you if it's off. If
> Yeah, Joanna is seriously epic.
Upon that, we can all agree.
Everything she designs or writes up, seems bang-on (and wonderfully
informative) in this increasingly security-threatened world we're living
in.
She's probably just a fictional character created by the NSA to mesmerize
and lure us Li
> On Wednesday, 28 September 2016 03:54:10 UTC+10, raah...@gmail.com wrote:
>> Is your issue after a wake from suspend? Desktop freezes on me on one
>> machine if it is left asleep for too long. I figure its related to bios
>> or what vms were running when it went to sleep. I also find its less
> You can get a motherboard that has a removable bios chip that you can just
> snap in to replace, Then call the company and have them send you one or
> two to hold onto for emergency lol. There is also mobos with dualbios,
> most ly this is for bringing a bricked board back to life.
I actually
> I want to get the USB VMs to work, but I use keyboard and mouse via USB,
> not PS/2, so it will not permit me to configure it.
>
> I wish to attach specific USB Ports to Dom0, which is 1 of the bus's. And
> the other USB bus's to the USBVM, but I can't find out what device to
> attach to Dom0 to
> It may no longer be the case, but it used to be that most USB keyboards
> and mice had controllers that also automatically auto-detected and
> supported PS/2, with a simple passive passthrough dongle between the
> USB->PS/2 connection.
>
> http://www.ebay.com/itm/Cool-PS2-Female-to-USB-Male-Port-
> Hi JJ,
>
> My PC has 10 USB Bus's.
> My keyboard and mouse are on bus 10, which is PCI device .XX.X and I
> left that one on Dom0.
Are they 10 separate PCI devices, 10 separate USB buses?
I'd be very surprised if that were the case. But also very impressed, and
wanting such a motherboard f
> Hi JJ,
>
> Did some more testing, you were right, I only have 3.
Hey, that's still pretty handy for separation.
In Qubes VM Manager, for a chosen VM, you *should* be able to pick a given
PCI USB device and assign it.
Only having one USB bus myself, also used for root, I haven't tried this.
I
Finally got around to doing a fresh install of Qubes 3.2rc3 on a btrfs root.
It's quite wonderful, being able to clone a template or an AppVM
instantly, taking no additional disk space except for changes.
However, after the initial install, I had sys-net, sys-firewall and had to
create them manua
Why is it that the linux module for my ethernet device is loaded in dom0?
There's obviously no networking, /proc/net/dev and ifconfig only show
localhost.
The module is also loaded in, and provides the device to sys-net, of course.
Seemed odd to even have networking device Linux modules (existin
Hi, Qubers:
Wonder if someone could tell me if this is normal/expected behaviour.
(3.2rc3):
If I have a few AppVM's running, at some point, the manager will refuse to
start any more VM's, complaining about low memory. Similarly, assigning
devices to running VM's will fail. (Most annoying.)
Ho
(Accidentally posted this to the tail of another thead; I assumed a
subject change would create a new thread. Whoops. Reposting.)
Why is it that the linux module for my ethernet device is loaded in dom0?
There's obviously no networking, /proc/net/dev and ifconfig only show
localhost.
The module
> I'm having same issue, I know there is enough space because df -h shows
> 198G available and qemu-img-xen info image.vmdk shows that the virtual
> disk size is 8G
I've had cases with the qemu tools where it reported a write error because
it had trouble reading one of the input files (corrupted,
> Andrew:
> This kind of security-first posture is what has made Qubes famous.
I agree that Qubes separation is probably the most secure basis for a
reasonably usable PC-based platform today. It's all I'll use. (I worry
about 4.0 not working on my hardware, tho. And upgrading hardware brings
it
>> Does anyone knows how to set static routes persistently into the
>> sys-firewall?
NetworkManager lets you add static routes for a network card. You might
be able to get what you want by adding and checking off the
'network-manager' service for the VM (and restarting), then configuring
the virt
> Ok, so I tried to enable the updates proxy in the sys-firewall
> consequently forcing all updates to go through the VPN, I followed the
> instructions outlined here -
> https://www.qubes-os.org/doc/software-update-vm/#updates-proxy
> However, as soon as I try to run the updates on one of the vmte
>> 1) XEN is developed by people working for a company based in
>> the U.S.
Some fun stats for Xen 4.6 changesets, as used by Cubes:
Lines of Code: ~150,000
This is from
https://wiki.xenproject.org/wiki/Xen_Project_4.6_Acknowledgements
and related pages (and similar pages with 4.6 replaced by
>> Now, about 4.7. Note that the page for only lists individual names,
>> does
>> not list any company affiliations or employers at all. An odd
>> change/omission?
>
> could there be a simpler explanation?
Certainly. Maybe some intern generating the stats page was too lazy to
summarize it by co
> Hello,
>
> I need to add some static routes since I'm using a network with different
> GWs. For that reason I've tried to add some static routes through the
> NetworkManager which maps all the configuration into a file called
> qubes-uplink-eth0 . Strangely and since this file is within the priva
It always seemed a bit "off" to me that there should be any swap usage or
significant buffers/caches inside VM's.
dom0 already caches the virtual .img files, so having the kernel inside
each VM also buffering/caching files and metadata is really just a waste
of CPU and disk space.
More importantl
> Interesting, sounds reasonable.
>
> Running with absolutely 0 swap however can lead to unexpected problems
> from my experience:
Interesting that the Wiki page for swappiness (this kernel parameter is
officially more famous and I am) recommends setting it to at least 1.
https://en.wikipedia
> Interesting that the Wiki page for swappiness (this kernel parameter is
> officially more famous than I am) recommends setting it to at least 1.
>
> https://en.wikipedia.org/wiki/Swappiness
I'm going to stick with vm.swappiness=0 for a few days just to see if any
reliability problems or app
> On Tuesday, 29 November 2016 09:44:17 UTC+11, Patrick Schleizer wrote:
>>
>> Would setting
>>
>> /etc/sysctl.d/swaplow.conf
>> vm.swappiness=0
>>
>> in Qubes by default make sense?
>>
>> If not effective at all, why is it not required?
Why do you thik it is not effective? I've played around wit
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Wed, Dec 14, 2016 at 06:44:35AM -0800, Andrew David Wong wrote:
>> On 2016-12-14 06:31, harh...@gmail.com wrote:
>> > I did that already, so...
>> >
>> > That's the point - I can't run any command, cause vm-manager (and
>> > the process its
TomL Wrote:
> I believe that Nvidia binary drivers do not work under Xen. I spent a
> while trying unsuccessfully before reading some documentation to that
> effect which I considered reliable at the time, but can't immediately
> recall. If you find credible evidence that there's some workaround, I
While updates are signed, so even if they come over the wire in cleartext,
the fact that they often are sent in the clear (even from debian.net)
allows a snooper to know what packages your scanning for metadata or
installing. It reveals a lot about the state of your system.
Updating over Tor or a
I've finished my conversion of all VM's to debian-8 (and isolating USB,
the sound card, etc.). (Next is dom0, and maybe the replacing the
hypervisor, but that's another story. :) )
The last hiccup was getting OpenVPN working in debian-8 in a ProxyVM. It
would connect, but then get stupid and han
I've converted all my VM's to debian-8, and I'm continuing the
never-ending process to trim down the service vm's to the bare minimum
underlying template.
No sense having cups, pulseaudio, libreoffice, etc, lurking around in a
dedicated packet-flinger VM. Especially with the dozens of processes t
I realize USB drives (or USB *anything*) is a stupid, stupid idea when it
comes to being security conscious, but while trying out Qubes, I do have
my root drive on an external USB HD.
(And there's something to be said for taking your drive with you.)
It works great in general, is fast enough, and
Greetings, Qubers.
Say you have a VM (e.g. "Banking only"), which has a NetVM of
sys-firewall, but for which you have disallowed or greatly restricted
networking, turned off DNS and ICMP, but left on "allow connection to
updates proxy."
As I understand it, this creates rules in sys-firewall to en
>> Say you have a VM (e.g. "Banking only"), which has a NetVM of
>> sys-firewall,
>> but for which you have disallowed or greatly restricted networking,
>> turned
>> off DNS and ICMP, but left on "allow connection to updates proxy."
>>
>
> That box should be unchecked by default in AppVMs and check
I realize that nVidia's aren't the preferred video card, but (being
divorce-poor) one sometimes has to make do with what one has. :)
With my on-board nVidia (GeForce7100) and the nouveau driver (on both
Tails and Qubes), things work okay, then suddenly at some random point the
screen gets filled
>> However, under Qubes, I experience random screen corruption.
>>
>> See: https://i.imgur.com/ovEFgYO.png
> Looks like it could be this issue:
>
> https://github.com/QubesOS/qubes-issues/issues/1028
>
> As you can see from the qubes-builder-github comments, some patches for
> this
> are already i
One of the banes of a Qubes addict's existence is memory.
Too many times I see that red stop sign and breathe a sigh of frustration,
that I need to shut down or mem-set other VM's to start up another AppVM.
I like my VM separation, dammit, which means lots of VMs.
In a perfect world, I'd have a
Well, my wild enthusiasm with Qubes has turned into complete frustration
and exasperation this morning.
The "mild" corruption I was seeing on boot (running Qubes from a USB 2.5"
HD) wasn't quite so mild the last time I booted.
This time, rather than "recovering journal... done," the fsck spewed m
Thanks for the feedback. The fact USB is a bad idea all around for
security (and potentially stability), and the fact I was getting minor
corruption, should have been a warning to me to move the drive right onto
the SATA bus, rather than risking worse corruption. I guess I only have
myself to bla
On the Signal matter, just some personal paranoia Re: Signal and Google
Play Services:
I've been the subject of some rather intense and ongoing hacking (iPhone,
iPad, Android phone/tablet, PC, MacBook, cable modem connection, you name
it).
On the Android phone, I wiped it several times, and switc
This problem persists in 3.2rc2.
(And I get 0 errors on the same USB drive under Tails. When I can find
the SATA power connector around here somewhere, I'll try moving the drive
direct onto the SATA bus.)
> Thanks for the feedback. The fact USB is a bad idea all around for
> security (and poten
The Qubes security team has written:
> Consequently, we have decided to move to hardware memory
> virtualization for the upcoming Qubes 4.0 release [4].
And Joanna has written:
> For Qubes 4 we want to move away from using PV as the default
> method of virtualization in favor of using hw-aided (
This problem persists in 3.2rc2.
JJ
>>> However, under Qubes, I experience random screen corruption.
>>>
>>> See: https://i.imgur.com/ovEFgYO.png
>
>> Looks like it could be this issue:
>>
>> https://github.com/QubesOS/qubes-issues/issues/1028
>>
>> As you can see from the qubes-builder-github co
However, under Qubes, I experience random screen corruption.
See: https://i.imgur.com/ovEFgYO.png
> This problem persists in 3.2rc2.
>
> JJ
Actually, just FYI, the behavior seems to be a lot better under 3.2rc2.
I've only seen it a couple of times, versus seeing it consistently un
> This problem persists in 3.2rc2.
>
> (And I get 0 errors on the same USB drive under Tails. When I can find
> the SATA power connector around here somewhere, I'll try moving the drive
> direct onto the SATA bus.)
I think the problem *may* be that systemd has a default 90 second timeout
on jobs,
When I try to run qvm-run from within an AppVM, I get "Request refused."
Is this by design, for security reasons? If so, I guess that's perfectly
reasonable. I just don't see that fact documented anywhere.
(The demonstration of one of the Xen exploits executes a qvm-run of xcalc
in dom0 from an
Is there any qvm-* command, or other method, to programmatically copy to
the qubes clipboard?
(Similar to my last question, a perfectly reasonable answer might be "of
course not, are you crazy?" due to security concerns. Requiring explicit
dom0/GUI user interaction for clipboard manipulation seem
>> This problem persists in 3.2rc2.
>>
>> (And I get 0 errors on the same USB drive under Tails. When I can find
>> the SATA power connector around here somewhere, I'll try moving the
>> drive
>> direct onto the SATA bus.)
>
> I think the problem *may* be that systemd has a default 90 second timeo
> On 2016-08-19 05:11, johnyju...@sigaint.org wrote:
>> When I try to run qvm-run from within an AppVM, I get "Request refused."
>>
>> Is this by design, for security reasons? If so, I guess that's
>> perfectly
>> reasonable. I just don't see that fact documented anywhere.
>>
>
> Yes, but it's co
>> Several packages were recently pushed to testing repos (see
>> qubes-buider-github comments on the issue). Have you had a chance to try
>> those?
>
> Cool, I will grab the latest qubes-gui-vm from current-testing and see if
> that helps.
Sorry, that was phrased wrong, and I hate to add any conf
> I see the updated packages are for qubes-gui-agent's in the fedora/debian
> templates. Will grab those, fire up several AppVM's, and see if things
> improve.
Added testing repos to (clones of) debian-23 and debian-8 templates (as
well as whonix-gw/whonix-ws), did upgrades/dist-updates, restarte
> On Friday, August 5, 2016 at 1:52:12 AM UTC+8, Torsten Grote wrote:
>> I tried it now and it works, but is barely usable, because it is
>> very(!!!) slow. On top of running ARM emulation in an AppVM, I needed to
>> turn on software graphic rendering, because hardware rendering didn't
>> work.
>
>
/rw/config/rc.local doesn't seem to be run on startup in debian-8
(3.2-testing).
What is supposed to launch this? systemd, another startup script, or
something dom0-related?
I added "/rw/config/rc.local" to "/etc/rc.local" and it works, but was
wondering what might be the official way to do this
I'm trying to create a ProxyVM of my own, to replace sys-firewall.
I'm on 3.2rc2-testing.
When I create a ProxyVM in either fedora23 or debian-8, eth0 shows up, but
no vif interface appears.
There are iptables entries for 10.137.4.*, so the firewall mechanism seems
to be doing (part of) it's thi
1 - 100 of 138 matches
Mail list logo
