Re: [qubes-users] Problem with VMs not launching

2020-08-14 Thread Ángel
On 2020-08-11 at 18:15 -0700, BGW wrote:

> I hope that I've explained this well enough to be understood.
> 
> Anybody got any ideas what is going on? Thanks for any help.

Try starting them from a dom0 console (qvm-start). Sometimes, you will
find there details that point to the solution, such as the VM requiring
a pci device that is already in use by a different one.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1597444247.1079.2.camel%4016bits.net.


Re: [qubes-users] My farewell to Qubes OS!

2018-10-27 Thread Ángel
Thanks for all your work, Joanna!

Good luck at the Golem Project.
I am sure that having you on board it will feature many 'interesting'
properties that otherwise it wouldn't.

Remember to s/‎אמת/‎מת‎/ should you have trouble with the golems 

Best regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1540660835.969.12.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Is the hostname "_gateway" (on systemd linuxes) a security issue?

2018-08-18 Thread Ángel
On 2018-08-18 at 07:09 -0700, Marcus Linsner wrote:
> Since systemd exposes the hostname "_gateway" (ie. `ping _gateway`) on
> systemd OSes, does this pose any security risk if any website decides
> to use that hostname to access your router?
> 
> On appVMs this apparently can't be an issue, because _gateway points
> to a 10. IP class, in fact, it point to sys-firewall's IP (assuming
> sys-firewall is the net VM set for that appVM in its settings).
> 
> On a vanilla Linux though, it seems that websites could access the
> router by using the _gateway hostname. Does anyone know if this can be
> done? It'd be kinda lame if so... and I can only imagine the attacks
> that could be performed.
> 
How would that be different than a website accessing the router using a
private address like 192.168.0.1 ? It requires a bit of guessing, but
not too much, as a few addresses are used by 90% of routers.

The onus is on the routers not to have bugs on their web interface that
could be exploited by a malicious web page (they should both require a
password —which may not be too secret— and a CSRF).
Sadly, experience has shown that this is not always the case.

Browsers of course could add some extra safeguards (eg. Opera did), you
may be interested in watching this 12 years old mozilla RFE:
https://bugzilla.mozilla.org/show_bug.cgi?id=354493

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1534626723.1280.23.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

2018-05-14 Thread Ángel
This paper is most interesting for the discovery of multiple ways email
client leak information on visualization.
(not clearly stated in the paper: some of them are already fixed, while
in other cases the developers are still working on providing them)

Luckily, with Qubes it is easy to set a firewall rule so that your email
AppVM can only contact with your email server.
NB that some of these leaks are dns-based, so ideally you would not
allow it to perform any dns query, either.

Best regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1526345890.1079.63.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.

2017-12-19 Thread Ángel
Steve is right in the wrong placement of sudo, but I don't think
brackets would do (that would create a subshell in your current sh).

You simply need to add sudo in front of dd, which is the only one that
needs elevated privileges, ie.


openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1
2>/dev/null | base64)" -nosalt  | sudo dd bs=64K of=/dev/sd"X"

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1513727438.933.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] What's the best way to share Firefox add-ons among VMs and have separate bookmarks and settings per VM?

2017-12-06 Thread Ángel
You can configure the software inside your TemplateVM.

I would place your favorite Firefox settings in a .js inside 
/etc/firefox (or /etc/firefox-esr)
Note that this is done with the internal names (ie. as if done with
about:config), so it may be a bit hard need a to find out the mapping
with the UI preference
(eg. I didn't find out yet how to set a certain search engine this way)

As for extensions, you may be able to install them using an OS package:
https://packages.debian.org/search?keywords=xul-ext-=names

in case it is not available there, you could manually install it (note
you will need to watch for updates yourself) providing the xpi at 
/usr/lib/Mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/
({ec8030f7-c20a-464f-9b0e-13a3a9e97384} is the application ID of
Firefox)

See for details
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Alternative_distribution_options/Sideloading_add-ons


This way, you are providing system defaults, and you can create then a
different profile on each AppVM, without needing to keep or carry
individual settings on them.


Best

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1512557994.919.16.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Keyboard AltGr bug

2017-08-15 Thread Ángel
On 2017-07-31 at 12:15 +, Kelly Dean wrote:
> In Qubes 3.2 with i3, in any qube, regardless of which template I use, and 
> regardless of which physical keyboard I use, the right Alt key is useless 
> when mapped as AltGr, because it generates spurious Alt_L events.
> 
> With a standard American keyboard (or Polish one; they're equivalent except 
> for the markings) and American localization, start a new qube, run xev, press 
> and release right Alt, and notice you get KeyPress and KeyRelease events for 
> keycode 108 (keysym Alt_R).
> 
> Now, do this:
> xmodmap -e 'remove mod1 = Alt_R'
> xmodmap -e 'keycode 108 = Mode_switch'
> 
> Then run xev again, and notice when you press right Alt, you get a KeyPress 
> event for keycode 108 (keysym Mode_switch), as expected. However, when you 
> release right Alt, you get two events: a spurious KeyPress event for keycode 
> 64 (keysym Alt_L), followed by a KeyRelease event for keycode 108 (keysym 
> Mode_switch). You should only get the latter.
> 
> Why does that happen?

Hello Kelly

I have found that when changing the modifiers, I need to run the xmodmap
on dom0 *and* the inner qube.

I don't really know why that's the case, I would expect it would only
need to be changed on one of the two xorg servers involved, but that's
what worked for me. I haven't found any documentation about how the key
presses are passed between domains, but the issue seem to lie there.

Hope that helps

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1502837931.2325.19.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problem with Microphone of the Headset

2017-05-24 Thread Ángel

Really basic hints, but often those end up being the hardest to realize.


> attaching audio input to the VM i'm listening music in does nothing.

Did you enable audio input for this VM?
(Right-click the VM on qubes-manager and choose "Enable audio input", or
press the mic button on the toolbar.)


> if i go to the audio mixer, i can see the mic acting.
> at the configuration is "analog stereo duplex"
> at the recording is "internal audio analog stereo" and it reacts on mic
> action on every VM.

The audio mixer shows on every VM but, is the recording level at a
suitable for the VM you are recording from?
Note that by default it's at 0% (Silence)

Hope that helps

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1495665839.930.7.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Custom shared directory between VM's

2017-05-18 Thread Ángel
On 2017-05-18 at 07:20 -0700, loke...@gmail.com wrote:
> I regularly compile the latest version of Emacs for use in my development VM. 
> I simply compile Emacs from the git repository and install it in /usr/local. 
> All works the way it's supposed to.
> 
> However, I now have more than one VM where I need to use Emacs, and I would 
> like to avoid having to compile it from source in both VM's.
> 
> The only way I can think of to handle this situation is to create a separate 
> templatevm for this, enabline networking in the template so that I can use 
> git from it, and then compile Emacs there.
> 
> Is there a better way to handle this? Ideally I'd like to be able to compile 
> Emacs and install it to some specific directory that can then be made 
> available to both VM's.
> 
> What is the best way to handle this situation?

I would compile in a dev VM and create a "package" (which may be just a
tgz of /usr/local), then move it to the template VM.

Please note that on default templates, /usr/local is a symlink
to /rw/usrlocal (ie. it is per-VM), so you would want to make it a
normal folder before installing shared programs there.

Personally, I prefer having /usr/local at the template, and use
$HOME/bin for per-VM programs. Otherwise, there's no good place to
install a non-packaged program to several VMs.

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1495158778.963.30.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Opening links in your preferred AppVM

2017-05-01 Thread Ángel
On 2017-05-01 at 18:32 -0700, Gaiko wrote:
> On Monday, May 1, 2017 at 6:40:40 PM UTC-4, Ángel wrote:
> > On 2017-05-01 at 12:34 -0700, Gaiko wrote:
> > > Thoughts?
> > 
> > Does your desktop file validate?
> > ie. run:  desktop-file-validate open_work_vm.desktop 
> > 
> > If the desktop file is malformed, it will be bypassed silently.
> 
> Thx for the reponse, I had no idea about desktop-file-validation. I tried it 
> and got:
> 
> open_work_vm.desktop: warning: key "Encoding" in group "Desktop Entry" is 
> deprecated
> 
> somehow that doesn't seem like a dealbreaker? but am not sure.

No, if it only reports that it should be fine.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1493689095.4874.0.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Opening links in your preferred AppVM

2017-05-01 Thread Ángel
On 2017-05-01 at 12:34 -0700, Gaiko wrote:
> Thoughts?

Does your desktop file validate?
ie. run:  desktop-file-validate open_work_vm.desktop 

If the desktop file is malformed, it will be bypassed silently.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1493678423.908.12.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] disk utility in dom0

2017-01-29 Thread Ángel
Ted Brenner wrote:
> What is the best way to add and partition disks in dom0? I just added
> some hard drives that I'd like to format and partition and then pass
> those to a guest VM for storing my person files. With xfce, I don't
> see any GUI based disk utility. Does this have to be done via the
> command line?
> 
> 
> Thanks!
> 
I would recommend you to simply attach the disks to be formatted into a
VM and format them there. What's the point of exposing dom0 to them?
You can later attach them to the same or different VM for usage.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485735957.1234.2.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Linux HVM through Whonix Gateway or VPN

2017-01-25 Thread Ángel
Chris Bensch wrote:
> I'm running Qubes 3.2.  I have a Debian HVM that works perfect when using the 
> default sys-firewall as the netvm.  If I change the netvm to another proxyvm 
> such as a VPN (https://github.com/Rudd-O/qubes-vpn) or change it to the 
> default sys-whonix, I lose all connectivity.  Can someone point me in the 
> right direction?
> 

Do you have it configured using a static IP address? I would try
manually changing the route to the configured NetVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485381120.1167.6.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes r3.2 bricked

2017-01-25 Thread Ángel
Bernhard wrote:
> Thank you Angel, for helping me.
> 

You're welcome, Bernhard.


> and, as I said, nothing starts. I start thinking of a disaster-mode data
> recovery since I do not know how I could possibly unbrick a system that
> has no network anymore?! 

That's just because most VMs depends on sys-net, and sys-net is not
available. Can you still edit them with Qubes VM Manager? The VMs should
at least start if you set their NetVM to none. Then you could create a
new sys-vm if it still doesn't get fixed.

Best

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485380250.1167.4.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Slow performance of Docker containers in AppVMs

2017-01-24 Thread Ángel
Garrett Robinson wrote:
> I am working on transitioning my day-to-day software development work to
> Qubes. The primary challenge that I face is widespread use of Vagrant
> for provisioning development environments. I am aware of the challenges
> and concerns around hacking Qubes to achieve nested virtualization, so I
> am trying to avoid going down that road.

Supposedly, you could make vagrant use xen with
https://github.com/jonludlam/vagrant-xenserver at which point there
would be no double virtualization. I don't know how would it interact
with Qubes way, or if it would be breaking some security fence, but
seems worth investigating.


Best

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485297583.1492.8.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes r3.2 bricked

2017-01-24 Thread Ángel
Bernhard wrote:
> Hello, I bricked my system a bit. Yesterady I decided  to follow the
> ..onion update procedure. For dom0 all went well (after reading that I
> must change to whonix-net),but I had to modify the debian-8 and
> fedora-24 repo-files "by hand". No big deal. I could update f24 (this
> morning), but debian bugged a bit. Suddenly I thought that maybe I had
> to put netVM to whonix for the templateVM's as well. With a doubt on it
> I looked up what I did with f24 .. and there, by accident I let the
> dropdown box on "sys-net" instead on sys-firewall (or whonix-net).

I would expect that this would make you lose the firewall protection...


> Immediately sys-net derailed and lost network. 
...not sys-net to die.


Is any of your /var/lib/qubes/*/*/firewall.xml files 0-bytes?
(if so, delete it -so it gets replaced with default settings- and
restart)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485297015.1492.5.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Truncating a non linux HVM?

2017-01-24 Thread Ángel
Drew White wrote:
> What is the easiest way to truncate a non-linux HVM filesystem so that it can 
> be smaller and take up less space?
> 

1. Resize the filesystem from inside the HVM in a supported way (maybe
with a Live CD?)
2. Actually truncate the backing file

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485296642.1492.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problem: Convert to Trusted PDF Hangs

2017-01-13 Thread Ángel
Pushpins4u wrote:
> When I try this process now, the PDF conversion progress window gets
> to like 95% full and then hangs.  I'm notified that a script appears
> to have hung and asked if it should be terminated.  This is happening
> consistently with the same PDF.
> 
Does it only fail with *this* PDF (ie. you are still able to convert
other pdfs)?

It seems a problem with this specific pdf. pdf is a complex
specification so it's not that strange that there could be some special
case where the processor could apparently hang (I'm sure it's possible
to create a pdf requiring much more memory than could be available, for
instance).
If it's not confidential, the way to figure out why it fails would
involve sharing it with some dev...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484324259.1390.6.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: DOS VM - Spinrite - Direct Access to Drives

2017-01-13 Thread Ángel
Steve wrote:
> On Thursday, January 12, 2017 at 4:51:44 PM UTC+4, Steve wrote:
> > I would like to be able to run Spinrite which runs in DR-DOS in a VM. The 
> > software needs to have direct access to the SATA hard drives. Is this 
> > likely to be possible
> 
> I have been researching and to make this work I need to be able to setup the 
> equivalent of a RAW DISK (Virtual Box). Initial research shows that this 
> might be possible in Xen, does that mean I will be able to do it in Qubes ? 
> thx

Create a HVM with Spinrite image as root.img and the disk image to scan
as private.img ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484320110.1390.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] New Lenovo laptops: X1 (4th Gen), T460/p, and T560

2017-01-12 Thread Ángel
sbore...@gmail.com wrote:
> Thus, is there a (documented) way to add a newer kernel to the 3.2 install 
> image? I'd rather avoid taking the SSD out and install qubes in my older
> machine.
> 
> Thanks in advance,
> 
> Stefan

For booting the install or for being installed?

I expect that changing the kernel being used during the install should
be as simple as replacing the isolinux/vmlinuz* / EFI/BOOT/vmlinuz plus
initrd in the install media.

Changing the kernel that is getting installed may be harder, although it
can surely be inserted into Packages/ but anyway you could drop the
right file into the boot partition just until you get to install it
correctly.

Make sure you only replace them with a trusted binary, though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484264579.1203.10.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Query - Why unable to clone net-sys VM ?

2017-01-12 Thread Ángel
Steve wrote:
> my default net-sys includes both Ethernet and Wifi. I wanted to split them 
> out into 
> net-sys-eth and 
> net-sys-wifi
> 
> each with the appropriate PCI device. I tried to clone the net-sys but it is 
> greyed out and I was wondering why 
> 

Probably because it is running. Stop the VM before attempting to clone it.
Also, you will need to remove one of the pci devices while it is
stopped, as those cannot be edited while it is running (nor can you
attach the same pci to two VMs).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484263774.1203.6.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] DispVM does not work anymore

2017-01-12 Thread Ángel
mittend...@digitrace.de wrote:
> Hey there,
> 
> today I noticed that my dispVM is no longer working (not in Dom0 and not
> in AppVMs). There is the notification that the DispVM starts, but
> nothing shows up.
> If I start the internal fedora-23-dvm I boots up without any problems
> and also allows me to start tools (e.g. Firefox)
> 
> any idea what is wrong?
> 
> Thanks

I suspect you too may be suffering
https://github.com/QubesOS/qubes-issues/issues/2182

Look at /var/log/libvirt/libxl/libxl-driver.log and see if there is a
line like 
 xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal
error

The reason that directly booting the dvn works is that the problem lies
in restoring the savefile (and the buggy creation of it).

There are some patches fixing it, but you would need to recompile xen :/

Best regards



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484263628.1203.4.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Windows 7 VM - Direct access to Hard Drives to flash SSD firmware

2017-01-12 Thread Ángel
Steve wrote
> I need to run Samsung Magician software in Windows to flash the firmware of 
> the SSD's I put in the laptop, is there any special way I need to setup the 
> Windows VM to give direct access to the firmware
> 

I don't think that is going to work at all. If you really need to do
that, I would install Windows 7 in a different partition/disk, boot from
that, and flash the firmware from there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484263410.1203.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] What's your DispVM high score?

2017-01-11 Thread Ángel
Andrew wrote:
> What's your highest DispVM number you've accomplished through legitimate
> daily use?

About 10, achieved while debugging them. DispVMs don't work here :)

(courtesy of https://github.com/QubesOS/qubes-issues/issues/2182
I wish there was an option to disable savefiles usage. Slow-to-start
dispvms would be better than having no dispvms at all)



PS: dispvm count in a day would be more fair to compare.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484180866.1220.16.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] how to print on a network printer out of a standalone windows hvm?

2017-01-11 Thread Ángel
kreil...@gmail.com wrote:
> My question is:
> how can I manage to print directly on my network printer? 
> or:
> how to copy files (without using a usb hdd or something like this)from my 
> windows hvm to my printer appvm?

You could connect the Windows VM to a printer-vm per
https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes

At that point you could:
a) Make Windows print to the cups service in the printer-vm
or
b) Copy the files to the printer-vm (eg. with samba)


Connecting directly to the real network printer may be from simple (eg.
just providing an IP address, because it's just autodiscovery that
fails) to quite complicated.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484175675.1220.8.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: HCL - Toshiba Satellite C55A

2017-01-10 Thread Ángel
Nicklaus McClendon wrote:
> On 01/09/2017 08:12 PM, Caleb Thompson wrote:
> > Update: I'm trying to figure out why the report says I have no
> > IOMMU when my BIOS says I'm set to VT-x. Are they different things?
> > Is an IOMMU something I can take my computer to a computer store to
> > have added to it?
> 
> Intel VT-d provides IOMMU support on Intel chips. If your processor
> does not support IOMMU/VT-d, you will need to get a new processor, it
> isn't something that can just be added.

Note that even if the chipset supports IOMMU, it may be disabled in the
‘BIOS’, or even not supported by it:

«Even when the chipset supports IOMMU, the bios must have a ACPI IVRS
table to enable the use of it!»
- https://wiki.xenproject.org/wiki/VTd_HowTo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/148409.1509.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Use an remote PULSE Audio server

2017-01-09 Thread Ángel
Robert Mittendorf wrote:
> The second and third post were send as a new mail (not a reply).
> Why do these mails appears as answers here?

Where is "here"? The google groups web interface?


> The first post was send as a reply to the mailing list, changing the
> topic and expecting to create a new thread, my bad. Sorry.
> But I do not understand why the other mails end up in this other thread
> as well, as they were created using a new mail just c the body of the
> old mail.

They are not. Whatever is grouping them in the same thread is probably
"fixing" the thread for you trying to be smart based on the subject.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483978083.1209.2.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: compose key

2017-01-08 Thread Ángel
Daniel Moerner wrote:
> On 01/08/2017 04:14 PM, haaber wrote:
> > Thank you. Doing this, I have compose key in dom0, but not in any
> > other domain. Do I miss something? Bernhard
> 
> Hi,
> 
> Please remember to reply to the list as well. For me, using Left Win,
> this setting sets the compose key for all VMs and dom0. I'm confused
> that you're seeing different behavior, and not sure why that would be
> the case.
> 
> Daniel

Maybe it doesn't apply to already-running VMs?
I performed a simple test with xmodmap and it didn't affect other VMs.
As each VM uses its own Xorg, I'm unsure about how these systemwide
changes to input devices are supposed to be configured.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483917371.2514.8.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Built the software in TemplateVM from source and installed => it doesn't appear in TemplateBasedVM?

2017-01-08 Thread Ángel
qmaster...@gmail.com wrote:
> Please tell, how can I enable sharing the compiled-and-installed-from-source 
> software with the TemplateBasedVM's ? Or it is discouraged by Qubes to 
> compile the software by yourself?

It should be working:
* Place the files in the TemplateVM (somewhere different than /home
or /usr/local).
* Power down the Template
* (Re)start the VM based on that template

Are you sure that the VM is based on the template that you customized?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483911139.2514.4.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Archlinux template instruction leads to failed recipe on target "core-agent-linux-vm"

2017-01-08 Thread Ángel
Marek Marczykowski-Górecki wrote:
> Fixes for both issues already merged:
> https://github.com/QubesOS/qubes-app-linux-split-gpg/pull/7
> https://github.com/QubesOS/qubes-core-agent-linux/pull/32
> 
> Thanks Nicklaus!

Is there a flag so that qubes-builder picks the master branch instead of
the last release?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483909359.1281.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Error while updating the default Archlinux Community template

2017-01-07 Thread Ángel
anti-sec...@re-gister.com wrote:
> Hello @all!
> 
> I installed the default arch community template using,
> 
> sudo qubes-dom0-update --enablerepo=qubes-templates-community
> qubes-template-archlinux
> 
> But when I click on the update button I get an error:
> 
> ::Synchronizing package databases...
> 
> error: failed retrieving file 'core.db' from mirrors.kernel.org :
> Resolving timed out after 10524 milliseconds
> 
> error: failed to update core (download library error)
> 
> error: failed retrieving file ...
> 
> Although the Template VM is connected to the sys-firewall...
> 
> Appreciate any help!

You will need to allow full network access if you use pacman.
Alternatively, use a different package manager, see

https://www.qubes-os.org/doc/software-update-vm/#rpmfusion-for-a-fedora-templatevm

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483832499.1886.4.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] fedora - mplayer (command line)

2017-01-07 Thread Ángel
haaber wrote:
> Hello,
> 
> I wanted to provide my fedora template with mplayer (command line 
> version). But according to dnf / yum that does not exist (?). This seems 
> a subject on its own in stand-alone fedora (f22 at least), and have 
> qubes-fedora won't make it more easy, I fear. I could live with vlc as 
> well, but it does not exist either.
> 
> Does somebody have this problem before me? Thank you!  Bernhard

That's indeed an upstream decision of not including those packages in
fedora. The usual solution is to enable the rpmfusion repository, where
it can be found.

Instructions are provided at:
https://www.qubes-os.org/doc/software-update-vm/#rpmfusion-for-a-fedora-templatevm

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483829769.1886.2.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] strange bug: qubes-os booted from external device forces filevault reset.

2017-01-06 Thread Ángel
pixel fairy wrote:
> when booting qubes-os on a mac (hardware 11,3) filevault stops accepting the 
> passphrase and you have to use the reset key to make a new one. 
> 
> ive only done this with an external drive. for some reason, qubes is either 
> writing to the internal drive, or the mac firmware is rewriting it, or 
> filevault keeps those keys elsewhere and qubes is somehow tripping that. 
> either way, its pretty strange stuff.
> 

My guess is that it would be related to a TPM, either being tripped
directly (eg. by Qubes checking if there is one) or by detecting a
hardware change related to the boot from the external drive.

You could try removing/disconnecting the internal drive and then booting
from the external drive. That way cannot write to the internal drive at
all, so if it still happens after putting it back, it clearly is not a
matter of accesses to the internal drive.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483659678.1409.4.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Dom0 (System tools) shortcuts suddenly disappeared

2017-01-06 Thread Ángel
Otto Kratik wrote:
> Is there any way to easily refresh/restore the System Tools shortcuts, 
> without having to add each one back manually in some obscure way? I don't 
> even remember what all the normal items under that menu are, but they 
> suddenly just vanished without warning or explanation, and I have no idea 
> whatsoever how to get them back. Can anyone please help?
> 

Look at /var/lib/qubes/appvms/*/whitelisted-appmenus.list

Do you still have those files listing the .desktop entries that should
be shown in the menu?


Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483450270.1356.3.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Trouble reading data CD under Qubes

2017-01-06 Thread Ángel
Pawel Debski wrote:
> 
> > How do I check whether it is really mounted in dom0?
> > (I think it is not, but maybe I'm doing something wrong
> notification bubble should pop up on the screen.  I think its usually sr0 or 
> something. 
> 
> What would be the right command in Konsole?
> 

Try doing:
 mount | grep ^/dev/sr

but if the files are available at /run/media/pdebski/CDTITLE, it is
clearly mounted.

In order to unmount it, you can do 
 umount /run/media/pdebski/CDTITLE

and then proceed to attach dom:sr0 to your favourite AppVM

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483660084.1409.6.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.