Re: [qubes-users] Re: Compatible Hardware.

2018-01-06 Thread Grzegorz Chodzicki


On 01/06/2018 10:41 PM, Sir Hugo Drax wrote:
> On 01/06/2018 10:26 PM, Yethal wrote:
>> W dniu sobota, 6 stycznia 2018 20:40:16 UTC+1 użytkownik Sir Hugo Drax 
>> napisał:
>>> Hello everyone,
>>>
>>>
>>> Like most of you, I came upon Qubes OS and fell in love. I have it
>>> running on an Asrock Z77 Extreme 11 with 32GBram and an i7-4790K. Apart
>>> from a few unexplained hangups from time to time, it has been smooth
>>> sailing. I'm in the process of building a brute of a machine (For heavy
>>> number crunching and video editing etc). My objective is to some day
>>> retire the machine I'm currently building into my daily driver with
>>> Qubes OS but that is some time in the future.
>>>
>>> My current confusion is over 3 parts on my build list. I wish to know if
>>> these are compatible with Qubes 4.
>>>
>>> - X2 Intel Xeon Silver 4114 2,20GHz
>>>
>>> - Supermicro X11DPi-NT
>>>
>>> - Sapphire Radeon RX 580 Pulse
>>>
>>> I suspect The board and processors are probably OK but have no clue if
>>> the above graphic card would work. Any information and or suggestions
>>> for alternatives if these are unsupported is appreciated and welcome.
>>>
>>>
>>> Thanks in advance for your time and heartfelt appreciation to the Qubes
>>> team who toil over this OS.
>>>
>>>
>>> Cheers
>>>
>>>
>>> Drax
>> GPU won't be compatible out of the box with 3.2 due to the fact that 3.2 
>> ships with 4.4 kernel (Plaris GPUs require kernel 4.7 or newer). Should work 
>> fine after updating the kernel though.
>>
> Hi Yethal,
>
> Thanks for the prompt reply and good tip. Do you know of any GPU of
> equivalent power that would work out of the box? I'm not too particular
> about GPUs, I just need something that would drive dual Asus VN279QLB
> monitors without too much trouble.
>
> Cheers
> Drax
>
Don't bother. The supermicro motherboard comes with an onboard gpu. It's
very basic but should be enough to install the os and update the kernel.
Afterwards just use the Radeon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5964c94-e468-a2ba-f710-ca8206c9c59c%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Tip: How to speed up QubesOS shutdown

2017-03-18 Thread Grzegorz Chodzicki


On 03/18/2017 05:21 PM, Unman wrote:
> On Sat, Mar 18, 2017 at 08:59:29AM -0700, Grzesiek Chodzicki wrote:
>> W dniu sobota, 18 marca 2017 15:08:35 UTC+1 użytkownik Unman napisał:
>>> On Sat, Mar 18, 2017 at 03:41:49AM -0700, Grzesiek Chodzicki wrote:
 I've experienced this issue myself and I saw some people complaining about 
 it on the mailing list. Sometimes Qubes takes forever to poweroff.

 The issue is caused by the fact that for some unknown reason machines with 
 PCI devices attached take forever to shutdown and sometimes need to be 
 manually killed from within VM Manager. After manually killing them, the 
 system will shutdown normally.

 So, here's the fix:

 In Dom0 run qvm-prefs -s sys-net pci_e820_host false

 Repeat that for sys-usb and any other machine that holds a PCI device.

 Your system should shut down normally after this.

 No, I don't know how or why this works but I know that it solved the issue 
 on my machine. Explanation welcome. I'll add this to documentation once we 
 have a confirmation that this is 100% reproducible.

>>> I'd be reluctant to propose this as a tip as is, because it will almost
>>> certainly break networking for some users.
>>> We specifically set pci_e820 to address user problems. I don't know what
>>> the intersection is between those for whom this is a fix and those for
>>> whom shutdown is slow/doesn't happen.
>>>
>>> Have you tried the solution suggested here before of shutting down other
>>> vms first, then sys-usb and sys-net? Andrew, I think, posted a simple
>>> script that he uses. I suspect that that will have more impact with
>>> fewer consequences than this proposal, but user experience will be key
>>> here: comments ?
>> Yes, I did try that, this is how I found out that on my system it is not 
>> possible to cleanly shut down VMs that hold PCI devices. If I try shutting 
>> down sys-net the VM Manager hangs for a few minutes, then the entire system 
>> stops responding then the machine gets killed, then VM manager throws an 
>> exception and then system becomes responsive again. After setting 
>> pci_e820_host to False I can cleanly shutdown sys-net and sys-usb just like 
>> any other VM.
>>
> So that sounds very system specific. Why not put together a tip
> incorporating Andrew's script ( which will help on almost all
> machines), and then yours as a special case to be used where that
> doesnt help?
That's the point, I don't know whether this is specific to my machine
but I don't have another PC to test so I posted this here so other
people can try it and see if that alleviates the issue.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4834e61-6e58-6a2a-a552-81e9509d007b%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: [qubes-devel] Re: Google Summer of Code 2017

2017-03-01 Thread Grzegorz Chodzicki


On 03/01/2017 10:19 PM, Andrew David Wong wrote:
> On 2017-03-01 07:39, Grzesiek Chodzicki wrote:
> > W dniu środa, 1 marca 2017 16:05:32 UTC+1 użytkownik Grzesiek
> > Chodzicki napisał:
> >> W dniu środa, 1 marca 2017 04:45:27 UTC+1 użytkownik Andrew
> >> David Wong napisał:
> > On 2017-02-28 03:21, Grzesiek Chodzicki wrote:
> > W dniu wtorek, 28 lutego 2017 06:50:47 UTC+1 użytkownik
> > Andrew David Wong napisał: On 2017-02-27 10:29, Grzesiek
> > Chodzicki wrote:
>  W dniu poniedziałek, 27 lutego 2017 19:19:07 UTC+1
>  użytkownik Andrew David Wong napisał: We’re pleased
>  to announce that the Qubes OS Project has been
>  accepted as a mentor organization for Google Summer
>  of Code (GSoC) 2017! Many interesting projects have
>  already been proposed, and we’re still looking for
>  both students and mentors. If you’re interested in
>  participating, please see our GSoC 2017 page for
>  details!
> 
>  https://www.qubes-os.org/gsoc/
> 
> 
>  Congratulations to the team! I've noticed that the
>  GSoC page is not linked to from any other
>  documentation pages, is tihs by design?
> 
> >
> > More likely that we haven't had a chance to do it yet.
> > However, it's not clear to me which *documentation* pages
> > should link to the GSoC page. Which ones do you have in
> > mind?
> >
> >
> > For example doc page on USB devices
> > https://www.qubes-os.org/doc/usb/
> >
> > On the bottom of the page there is an information that USB
> > Passthrough and USB Keyboard functionalities are not
> > available in the Qubes Manager. However there is GUI
> > Improvements Project Idea in GSoC that aims to implement
> > these options in the VM Manager so a link to the GSoC page
> > with a brief explanation, something like: "This feature is
> > not available yet in Qubes Manager but if you'd like to
> > help implement it, and you're a student then you can apply
> >  for the Google Summer of Code program" and a link to the
> > Project Idea on the gsoc page.
> >
>
> > Ah, I see. Would you mind submitting pull requests for these?
>
> > For reference: https://www.qubes-os.org/doc/doc-guidelines/
>
> >>
> >> Sure, no problem.
>
> > Just submitted a PR for the USB page, if the text is acceptable I
> > can add it to all other pages that may require it. If not please
> > tell me what to change.
>
>
> I haven't received a PR from you. Please try again.
>
>

How about now?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05d8c974-3787-75d6-9e08-1bed0c0c0a20%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: I can't see my webcam in dom0 with qvm-usb but have to pass to another skype-vm

2017-03-01 Thread Grzegorz Chodzicki


On 03/01/2017 03:38 PM, Arnulf Bultmann wrote:
> thank you.
>
> I can't pass the entire USB controller to the VM because keyboard and
> trackball are connected to it. This doesn't resolve my problem that I
> can't see the camera using qvm-usb.
>
>
> On 02/28/2017 11:32 PM, Grzesiek Chodzicki wrote:
>> W dniu wtorek, 28 lutego 2017 14:42:24 UTC+1 użytkownik a.bul...@allmedo.de 
>> napisał:
>>> Hello,
>>> I have a problem I can't resolve by myself.
>>> running qubes 3.2 with feb updates.
>>> I use a Logitech webcam C525 which shows up besides all my other usb stuff 
>>> when I use lsusb.
>>> When I use qvm-usb I get an empty list.
>>> I have to pass the webcam to a VM based on fedora 24 which I plan to use 
>>> for skype.
>>> But I'm stuck...
>>> Any help appreciated.
>>> Thanx
>> Try passing entire USB controller to the VM instead of the single device.
So, what does show up after running lspci -tv?
Also, please keep the qubes-users mailing group cc'ed and please do not
top-post.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de12a3d0-b392-3251-afb3-fdef523710dd%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qvm-usb fails if sys-usb template is set to fedora-24-minimal

2017-02-04 Thread Grzegorz Chodzicki

On 02/03/2017 11:56 PM, Andrew David Wong wrote:
> On 2017-02-03 06:34, Grzesiek Chodzicki wrote:
> > qubes-usb-proxy not installed in VM is thrown in dom0 terminal after
> running qvm-usb -a if sys-usb uses minimal fedora 24 template.
> Necessary packages were installed in fedora-24-minimal beforehand
>
> > Steps to reproduce:
> > 1. Launch fedora-24-minimal terminal
> > 2. sudo dnf install qubes-usb-proxy qubes-input-proxy-sender (or
> switch to root beforehand if sudo not installed)
> > 3. Shutdown fedora-24-minimal
> > 4. Shutdown sys-usb
> > 5. Change sys-usb template to fedora-24-minimal (qvm-prefs -s
> sys-usb template fedora-24-minimal)
> > 6. Launch sys-usb
> > 7. Try attaching any USB device via qvm-usb
>
> > Observed behavior:
> > ERROR: qubes-usb-proxy not installed in VM
>
> > Expected behavior:
> > Device is attached to an AppVM
>
> > Additional details:
> > Switching the template back to regular fedora-24 causes the qvm-usb
> to work fine.
>
>
> Are you sure that the necessary packages and all dependencies are
> actually installed? See:
>
> https://github.com/QubesOS/qubes-issues/issues/2606
>
>

This does seem to be the issue, however manually installing the pycairo
package does not resolve the problem. Fedora-24-minimal has the
qubes-usb-proxy-1.0.5-1.fc24.noarch package installed however Dom0 still
throws the usb-proxy not installed error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f42b6e38-90fd-355f-fe9d-8fceca8afd9b%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Workstation *Barebone* Hardware recommendation

2017-01-29 Thread Grzegorz Chodzicki



On 01/29/2017 04:12 PM, Predinosaur wrote:

Hi,

Thanks for sharing your specs, and especially the lot of details and 
reasons why you choose this or this part ... That'd be really useful 
for me.

I'll move around this and closely think of adopting it !
What an expertise you've done on it () Many thanks, i'll surely 
let you know in few weeks what will be my final solution.

Thanks a lot again !

Dan

Sent with ProtonMail  Secure Email.


 Original Message 
Subject: Re: [qubes-users] Re: Workstation *Barebone* Hardware 
recommendation

Local Time: January 29, 2017 3:16 PM
UTC Time: January 29, 2017 2:16 PM
From: grzegorz.chodzi...@gmail.com
To: Predinosaur 
qubes-users@googlegroups.com

On 01/29/2017 02:47 PM, Predinosaur wrote:


Hi,
Thanks for the answer ! I need to know what MB and CPU, or 
'pack/bundle' i need to put in it now, but this seems *really* 
interesting :)

Hope i'll be able to put enough RAM, and good CPU in it :)

Regards

Sent with ProtonMail  Secure Email.


 Original Message 
Subject: [qubes-users] Re: Workstation *Barebone* Hardware 
recommendation

Local Time: January 29, 2017 1:28 PM
UTC Time: January 29, 2017 12:28 PM
From: grzegorz.chodzi...@gmail.com
To: qubes-users 
predinos...@protonmail.com

W dniu niedziela, 29 stycznia 2017 12:01:34 UTC+1 użytkownik 
Predinosaur napisał:

> Hi all,
>
>
>
> Someone want to share his thoughts and recommendations for a 
'small factor' / barebone workstation that will be working with 
Qubes 4 ...and more ? please.

>
> ex: NUC model.., Zotac model ..etc
>
>
>
> I need to keep my current workstation, and want a secondary 
workstation with Qubes.

>
> So a small computer to put behind my monitors will be great :) I 
need something small size, and fast (ssd + 16 or 32GB RAM),, 
compatible with latest HCL requirements for qubes 4.x and in the 
future (don't want to buy a new pc each year..)

>
>
>
> I know it 's general topic discussion but if someone want to 
share exactly the model it's be great. I'm not experienced with 
CPUs and technology (VT-x, VT-d, and TPM..), just want to be sure 
all security features and technology will work wit Qubes.

>
>
>
> I'm actually reading the HCL web page and some barebone got my 
attention :

>
> GIGABYTE
> BRIX Pro report (GIGABYTE-BRIX_Pro_-_Ultra_Compact_PC_(M4HM85P-00)
>
> ref 
https://github.com/QubesOS/qubes-hcl/blob/master/GIGABYTE-BRIX_Pro_-_Ultra_Compact_PC_(M4HM85P-00)-Bjarne_Thomsen.yml

>
>
>
> So if someone want to share another experience/recommendation, 
it's the kind of barebone i'm looking for !

>
> Thanks a lot community for your advices/clues/recommendations.
>
>
> Dan

I currently use a custom mini-ITX PC built inside Lian-Li TU100B. 
Not exactly a NUC but the entire PC is smaller than my cat so 
pretty small.


Here's a pretty good picture showing how small this case is:
http://cdn.eteknix.com/wp-content/uploads/2013/07/DSC_1030.jpg

Hit me up if You want to know the rest of my PC specs.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to qubes-users+unsubscr...@googlegroups.com.

To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e361b058-92e6-4ef2-a62b-3e72e79ab55b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


MB/CPU/RAM is highly dependent on your budget so without that info I 
can't give out any recommendations aside from posting my own specs.
Here are my specs and a brief explanation why I chose this specific 
part and not any other:



  * *Case*: Lian-Li TU100B (chosen because of really small footprint
and the carrying handle which makes this build rather portable)
  * *CPU*: Intel i7-6800K (chosen because it was only slightly more
expensive than i7-6700k and it has two more physical cores and
its Passmark score is 3k points higher. Downside is that it uses
rather unpopular X99 chipset and doesn't come with integrated
GPU) Killer performance at the cost of (some) convenience.
  * *Motherboard*: AsRock X99 mini-itx/ac. On of only two Mini-ITX
X99 motherboards. An obvious choice here.v Advantages are: M.2
SSD slot, Mini-PCIe slot for WiFi/Bluetooth card. USB 3.1
controller, PS/2 controller, comes with an integrated air cooler,
has a TPM slot. Disadvantages: Only one PS/2 port so the mouse
needs to be USB. Included air cooler doesn't fit the Lian-Li
case. Included Wi-Fi/Bluetooth card is made by Broadcom so
doesn't work under linux out of the box. If you decide to buy
this mobo you'll have to either compile the driver manually or
buy an intel wifi card.
  * *RAM*: Corsair Vengeance 2133mhz 32GB. No point in buying 

Re: [qubes-users] Re: Workstation *Barebone* Hardware recommendation

2017-01-29 Thread Grzegorz Chodzicki

On 01/29/2017 02:47 PM, Predinosaur wrote:

Hi,
Thanks for the answer ! I need to know what MB and CPU, or 
'pack/bundle' i need to put in it now, but this seems *really* 
interesting :)

Hope i'll be able to put enough RAM, and good CPU in it :)

Regards

Sent with ProtonMail  Secure Email.


 Original Message 
Subject: [qubes-users] Re: Workstation *Barebone* Hardware recommendation
Local Time: January 29, 2017 1:28 PM
UTC Time: January 29, 2017 12:28 PM
From: grzegorz.chodzi...@gmail.com
To: qubes-users 
predinos...@protonmail.com

W dniu niedziela, 29 stycznia 2017 12:01:34 UTC+1 użytkownik 
Predinosaur napisał:

> Hi all,
>
>
>
> Someone want to share his thoughts and recommendations for a 'small 
factor' / barebone workstation that will be working with Qubes 4 
...and more  ? please.

>
> ex: NUC model.., Zotac model ..etc
>
>
>
> I need to keep my current workstation, and want a secondary 
workstation with Qubes.

>
> So a small computer to put behind my monitors will be great :) I 
need something small size, and fast (ssd + 16 or 32GB RAM),, 
compatible with latest HCL requirements for qubes 4.x and in the 
future (don't want to buy a new pc each year..)

>
>
>
> I know it 's general topic discussion but if someone want to share 
exactly the model it's be great. I'm not experienced with CPUs and 
technology (VT-x, VT-d, and TPM..), just want to be sure all security 
features and technology will work wit Qubes.

>
>
>
> I'm actually reading the HCL web page and some barebone got my 
attention :

>
> GIGABYTE
> BRIX Pro report (GIGABYTE-BRIX_Pro_-_Ultra_Compact_PC_(M4HM85P-00)
>
> ref 
https://github.com/QubesOS/qubes-hcl/blob/master/GIGABYTE-BRIX_Pro_-_Ultra_Compact_PC_(M4HM85P-00)-Bjarne_Thomsen.yml

>
>
>
> So if someone want to share another experience/recommendation, it's 
the kind of barebone i'm looking for !

>
> Thanks a lot community for your advices/clues/recommendations.
>
>
> Dan

I currently use a custom mini-ITX PC built inside Lian-Li TU100B. Not 
exactly a NUC but the entire PC is smaller than my cat so pretty small.


Here's a pretty good picture showing how small this case is:
http://cdn.eteknix.com/wp-content/uploads/2013/07/DSC_1030.jpg

Hit me up if You want to know the rest of my PC specs.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to qubes-users+unsubscr...@googlegroups.com.

To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e361b058-92e6-4ef2-a62b-3e72e79ab55b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


MB/CPU/RAM is highly dependent on your budget so without that info I 
can't give out any recommendations aside from posting my own specs.
Here are my specs and a brief explanation why I chose this specific part 
and not any other:


 * *Case*: Lian-Li TU100B (chosen because of really small footprint and
   the carrying handle which makes this build rather portable)
 * *CPU*: Intel i7-6800K (chosen because it was only slightly more
   expensive than i7-6700k and it has two more physical cores and its
   Passmark score is 3k points higher. Downside is that it uses rather
   unpopular X99 chipset and doesn't come with integrated GPU) Killer
   performance at the cost of (some) convenience.
 * *Motherboard*: AsRock X99 mini-itx/ac. On of only two Mini-ITX X99
   motherboards. An obvious choice here.v Advantages are: M.2 SSD slot,
   Mini-PCIe slot for WiFi/Bluetooth card. USB 3.1 controller, PS/2
   controller, comes with an integrated air cooler, has a TPM slot.
   Disadvantages: Only one PS/2 port so the mouse needs to be USB.
   Included air cooler doesn't fit the Lian-Li case. Included
   Wi-Fi/Bluetooth card is made by Broadcom so doesn't work under linux
   out of the box. If you decide to buy this mobo you'll have to either
   compile the driver manually or buy an intel wifi card.
 * *RAM*: Corsair Vengeance 2133mhz 32GB. No point in buying faster RAM
   since neither mobo nor CPU support it. I bought 32GB because that's
   the maximum you can fit on this board.
 * *GPU*: Nvidia Geforce GTX750Ti. I bought this GPU because it is
   small enough to fit inside this case and doesn't require a separate
   power cable. This is important because in a case this small cable
   management is a real pain in the ass. I highly recommend buying a
   GPU specifically marketed as Mini-ITX compatible due to size
   constraints.
 * *SSD*: Samsung M.2 PCIe SSD. I bought this SSD for two reasons. The
   first is that it's an M.2 SSD so it doesn't require any cables (same
   as GPU). The second reason is that drive performance takes the
   biggest hit in Qubes due to virtualization overhead so to offset
   that loss a fast SSD is recommended.
 * 

[qubes-users]

2016-12-03 Thread Grzegorz Chodzicki

Bądź mną
Nikomu bliżej nieznana osóbka
Załóż partię
Nazwij ją: "1000 złotych na każde dziecko"
Załóż funpage partii, pisz tylko o 1000 złotych na każde dziecko
Reklamuj się natrętnie, zwłaszcza na forach PiS
Reklamuj się też na forach pro socjalnych
Ludzie pytają Cię o różne rzeczy
Zawsze, nieważne o co pytany, opowiadaj o 1000 złotych na każde dziecko
Idź do urzędu stanu cywilnego, zmień imię i nazwisko na "1000 złotych na 
każde dziecko"

Spamuj nie tylko Internet, proś Grażyny z forów by agitowały na Twoją rzecz
Załóż pełno patusiarskich, lokalnych grup nacisku
Wieszaj na MOPS'ach i innych urzędach ulotki
Plakaty
Banery
W zasadzie to niech robią to Grażyny, ty im tylko wysyłasz szablony
Zakładasz własne forum pt. 1000 złotych na dziecko
Opowiadasz o tym, jak zbawienne skutki to przyniesie
Każdy drobny hejt banujesz
Każdą próbę polemiki  banujesz
Każdego o nie polsko brzmiącym nazwisku, banujesz
Najgorsze kółko wzajemnej adoracji jakie widział świat
Jest was coraz więcej
Ludzie się przekonują, nie tylko patusy
Mówisz: Macie czas, róbcie dzieci i o nic się nie martwcie
PiS hurrdurzy, ale to nic przy hurrdurzeniu reszty
Zaczynają Cię zapraszać do mediów
Na początek lokalna gazeta, lokalne radio, lokalne TV
Przychodzi czas na media krajowe
Na każde pytanie odpowiadasz bardzo zwięźle i ogólnie
Od razu przełączasz się na 1000 złotych na dziecko
Ludzie mają o to ogromny ból dupy
No, oprócz coraz większej rzeszy Twoich wyborców

Nadchodzą wybory
Organizujesz w każdej mieścinie: "Marsz 1000 złotych na dziecko"
Nie tylko MOPSy, teraz wszystko oblepiasz tymi plakatami
Rozkazujesz armii Grażyn wieszać to na balkonach
One to robią, bo w końcu hehe, 1000 złotych
Masz pierwszą całkowicie oddolną kampanię wyborczą
Idziesz na debatę
Krzyczysz o złodziejach, półśrodkach
Krzyczysz o 1000 złotych na dziecko
Wyciągasz sobie zza pleców ogromną flagę
Zasłaniasz wszystko
Śpiewasz hymn i nią machasz, zagłuszasz rozmówców
Wyprowadzają Cię z TV, na odchodne krzyczysz, by ludzie nie dali się 
zmanipulować propagandzie!


Po wyborach
Wygrałeś, nawet bardziej niż PiS poprzednio
Udało Ci się do Sejmu wprowadzić prawie trzystu posłów
W Senacie jeszcze lepiej
Mówisz, że przemówisz do Narodu
Wybierasz największy plac
Zjeżdżają się ludzie z całej Polski
Kochają Cię
Wielbią
Noszą Twoje zdjęcia, jak obrazy świętych na Boże Ciało
To jest ten moment
Wchodzisz na mównicę
Wznosisz ręce jak papież
Tłum wiwatuje
Bierzesz mikrofon
JEBAĆ ROSZCZENIOWĄ HOŁOTĘ!
Tłum wiwatuje, bo jeszcze nie załapał o co chodzi
JEBAĆ BIEDĘ
Wciąż wiwatują, ale myślą, że mówisz o czymś innym niż jest naprawdę
SPIERDALAJCIE
Cisza
Martwa cisza
Jest tak skondensowana i martwa, jak dżem z martwych płodów
A ty... Wtykasz w ten dżem nachosa
I opierdalasz go na ich oczach
ZAPIERDALAJCIE DO ROBOTY, OD PAŃSTWA NIE DOSTANIECIE NIC
JESTEŚCIE JEBANYMI ZŁODZIEJAMI
SOCJAL JEST NIEMORALNY
PODATKI TO KRADZIEŻ
ZA RUCHANIE NAJWYŻEJ AIDS DOSTANIECIE, NIE PIENIĄDZE
ANTYNATALIZM KURWY
A TAK W OGÓLE, TO WAMI GARDZĘ
ELO
Cisza trwa jeszcze trzy sekundy, wykorzystujesz je by sprężystym krokiem 
opuścić scenę i wejść do wozu opancerzonego

Siedzi w nim Rothbard i Mises
Dobra robota ziomuś, chwalą Cię
Thx
Skręcacie sobie blanta, a gdy minęła trzecia sekunda
BUM!
Bomba atomowa to nic, przy sile pękających w jednej chwili milionów odbytów
Zaczyna się wielka bitwa na ulicach
Z rozstawionych wszędzie głośników puszczasz "Ostatnia Niedziela"
Halo, wojsko? Mamy zamieszki w centrum Warszawy...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb8b22e1-522a-b6c1-b104-b002db6ae0ba%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL Asrock X99E_ITX_ac

2016-10-23 Thread Grzegorz Chodzicki

VT-x VT-D and EPT work, require enabling in BIOS beforehand

USB controllers require strictreset set to false in order to attach them 
to sys-usb.


Motherboard has one PS/2 connector, I don't know whether its a true PS/2 
controller or a converter connected internally to a USB controller, I'm 
waiting for AsRock cs team to reply to my query. Will update immediately.


If you have any questions regarding the motherboard, feel free to ask.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa8a444a-dbcc-4ac9-d200-099bd09754be%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASRock-X99E_ITX_ac-20161023-161505.yml
Description: application/yaml


[qubes-users] Re: Windows tools - vanishing displays

2016-09-19 Thread grzegorz . chodzicki
W dniu poniedziałek, 19 września 2016 04:48:11 UTC+2 użytkownik Drew White 
napisał:
> Hi folks,
> 
> I'm currently running seamless mode on Win7 with the latest Windows Tools on 
> Q3.2R1 (fully updated).
> 
> I set the seamless GUI in the settings and the window displays, and then it 
> shifts and vanishes after flickering.
> 
> I uncheck the box and click ok and nothing happens, I don't get the display 
> up, I don't get the windows back, I don't get anything.
> 
> Has anything changed in the tools recently to cause this issue to occur?
> 
> Or is it something in Windows causing this?

Are you running dual monitors or a high dpi one? I remember a bug that caused 
seamless Windows to not work on these displays.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8269c7ed-3928-4353-98f2-4f77c08325a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread grzegorz . chodzicki
W dniu sobota, 3 września 2016 14:11:04 UTC+2 użytkownik Andrew David Wong 
napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> > W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> > fairy napisał:
> >> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
> >> grzegorz@gmail.com wrote:
> >>> I know that QubesOS is developed mostly with notebook use in 
> >>> mind, however some users, me included, opt to run it on
> >>> desktop computers. The question is, is there any advantage of
> >>> building a Qubes-dedicated machine on workstation/server
> >>> components?
> >> 
> >> mostly ecc ram. its a shame non-ecc is so prevalent. in practice,
> >> i dont think the difference is worth it. there are many more 
> >> important variables.
> >> 
> >>> Will Qubes be able to take advantage of higher core count in
> >>> Xeon processors? Or two processors if a user decides to build
> >>> a dual-CPU rig? Does the system performance scale with the
> >>> number of available cores/ clock speed?
> >> 
> >> yes.
> >> 
> >>> Can it take advantage of ECC RAM? Server hardware that is few 
> >>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
> >>> cores and costs about 75$).
> >> 
> >> it will benefit the same as any another machine from ecc ram.
> >> 
> >>> I'll be upgrading from my current PC and I'm seriously 
> >>> considering building a rig around a Xeon processor and a 
> >>> motherboard with ECC RAM but if there is no real benefit then 
> >>> what's the point?
> >> 
> >> apparently price is the advantage, but think of your ears!
> >> server hardware is loud.
> >> 
> >> if your willing to spend more on good hardware, go for a good
> >> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
> >> attacks start showing up.
> >> 
> >> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
> ory-501898.shtml
> >
> >>
> >> 
> > Xeon it is then. As for the rowhammering attack as far as I know
> > ECC RAM is not vulnereable to that.
> 
> Unfortunately, that's not true:
> 
> "Tests show that simple ECC solutions, providing single-error
> correction and double-error detection (SECDED) capabilities, are not
> able to correct or detect all observed disturbance errors because some
> of them include more than two flipped bits per memory word."
> 
> https://en.wikipedia.org/wiki/Row_hammer#Mitigation
> 
Back to the drawing board it is then. What other precautions can we take to 
mitigate this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f72fb0a3-ac5a-4057-bf7e-3931a7a3ad83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread grzegorz . chodzicki
W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel fairy napisał:
> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, grzegorz@gmail.com 
> wrote:
> > I know that QubesOS is developed mostly with notebook use in mind, however 
> > some users, me included, opt to run it on desktop computers. The question 
> > is, is there any advantage of building a Qubes-dedicated machine on 
> > workstation/server components? 
> 
> mostly ecc ram. its a shame non-ecc is so prevalent. in practice, i dont 
> think the difference is worth it. there are many more important variables.
> 
> > Will Qubes be able to take advantage of higher core count in Xeon 
> > processors? 
> > Or two processors if a user decides to build a dual-CPU rig? 
> > Does the system performance scale with the number of available cores/ clock 
> > speed?
> 
> yes.
> 
> > Can it take advantage of ECC RAM?
> > Server hardware that is few years old can be bought for dirt cheap (Xeon 
> > E5-2670 has 8 cores and costs about 75$).
> 
> it will benefit the same as any another machine from ecc ram. 
> 
> > I'll be upgrading from my current PC and I'm seriously considering building 
> > a rig around a Xeon processor and a motherboard with ECC RAM but if there 
> > is no real benefit then what's the point?
> 
> apparently price is the advantage, but think of your ears! server hardware is 
> loud. 
> 
> if your willing to spend more on good hardware, go for a good ssd, and good 
> ddr4 ram (G.Skill or Geil) in case bitflipping attacks start showing up. 
> 
> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-memory-501898.shtml

Xeon it is then. As for the rowhammering attack as far as I know ECC RAM is not 
vulnereable to that. t's a shame that the more powerful Xeon CPUs don't come 
with a built in GPU, I'll have to make do with a current one. Added benefit 
here is that pretty much all Xeons support technologies necessary for Qubes 4.0 
compliance. Wonder why they aren't more popular among desktop users.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac34c4c8-22ba-461d-a428-cd7cdfa0b8f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread grzegorz . chodzicki
I know that QubesOS is developed mostly with notebook use in mind, however some 
users, me included, opt to run it on desktop computers. The question is, is 
there any advantage of building a Qubes-dedicated machine on workstation/server 
components? 
Will Qubes be able to take advantage of higher core count in Xeon processors? 
Or two processors if a user decides to build a dual-CPU rig? 
Does the system performance scale with the number of available cores/ clock 
speed?
Can it take advantage of ECC RAM?
Server hardware that is few years old can be bought for dirt cheap (Xeon 
E5-2670 has 8 cores and costs about 75$).

I'll be upgrading from my current PC and I'm seriously considering building a 
rig around a Xeon processor and a motherboard with ECC RAM but if there is no 
real benefit then what's the point?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46064a78-8838-4508-91d0-a0741f5c9474%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Making screenshots of Installation..

2016-09-03 Thread grzegorz . chodzicki
W dniu piątek, 2 września 2016 23:52:43 UTC+2 użytkownik Fabian Wloch napisał:
> Hello,
> I have the following problem: I want to make some screenshots during the 
> installation / record the installation process on video, but I can't boot 
> into the installer at all.
> My reason for this is to make some screenshots/video for an installation 
> guide.
> 
> 
> I tried with Qubes 3.2-RC2 and 3.2-RC3 Image, none of these work.
> Qubes 3.1 works, but the installer in 3.1 is quite "outdated".
> 
> What I tested:
> Booting Qubes ISO in VirtualBox on Windows Host
> Booting Qubes ISO in in Qubes as Host
> Booting USB Drive with Qubes ISO on Qubes as Host (ISO written with dd)
> Booting USB Drive with Qubes ISO on Qubes as Host (ISO written with Rufus)
> Booting DVD with Qubes ISO on Qubes as Host
> 
> ISO checksums / signatures are fine. Checking the installation files before 
> installing (The boot option "Check installation files & install" from the 
> Image) doesn't work because the error appears before the actual check is 
> performed.
> 
> I always get the same error:
> https://i.imgur.com/W5R9Evv.png
> 
> Can anyone confirm this / has anyone a hint how I can get it work?
> 
> I also tried other ISO files, like Fedora 24, Debian or Tails. All working 
> fine.
> 
> By the way, I also tried the Screenshot-Feature from Anaconda when installing 
> it onto my hard drive, it always results into a black screen imminently after 
> pressing the key-combo, which does not disappear. I always need to restart 
> the system after trying.
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/sect-adminoptions-screenshots.html
> 
> -Fabian

IIRC the screenshots from the installation process that are in the 
documentation were made by running Qubes inside virtualbox. If all else fails 
try a hrdware video grabber.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ec3753f-1ef8-4344-9bf5-084b1e74c705%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: making hvm iso to block device?

2016-09-03 Thread grzegorz . chodzicki
Why would You want to do that? You can pass the .iso file as an rgument of the 
--drive or --cdrom arguments for the qvm-start script

If the iso resides in a vm all You need to do is do it like this (assuming the 
VM which holds the iso is named test and the hvm is named test2)

qvm start test2 --drive=:test\path\to\.iso

Remember to put \ character if You have spaces in the directory path or rename 
the files\catalogues so the names don't have spaces.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c13e82d-2770-4021-8c75-90d703bac3b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: epoxy on ram to prevent cold boot attacks?

2016-08-31 Thread grzegorz . chodzicki
W dniu środa, 31 sierpnia 2016 18:25:33 UTC+2 użytkownik pixel fairy napisał:
> poured some epoxy over where the ram connects to the motherboard, and where 
> the clips are that you would use to take it out. the chips themselves dont 
> have any, just the surrounding pcb.
> 
> this was couple days ago. so far its survived 2 reinstalls of test qubes 
> releases, and is doing one of rc3. 
> 
> i have this feeling im about to find out theres some simple way around this 
> and its not really a protection against cold boot attacks. i know some 
> laptops have easy bios resets, so thats one way.

An actual protection would be some kind of a chemical that would destroy the 
ram chips if they ever reach certain (lower than room) temperature.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37b7279f-2f8b-4f74-97d7-46171c02a7b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: installing Signal on Qubes mini-HOWTO

2016-08-21 Thread grzegorz . chodzicki
W dniu niedziela, 21 sierpnia 2016 20:32:34 UTC+2 użytkownik pixel fairy 
napisał:
> > We'll probably have to repeat the same steps in a Chrome OS VM.
> 
> where would you get one? you mean chromiumos?

i meant this:
http://getchrome.eu/download.php

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb789516-7846-4fd6-8fe7-76d96c229745%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: installing Signal on Qubes mini-HOWTO

2016-08-21 Thread grzegorz . chodzicki
W dniu sobota, 20 sierpnia 2016 02:07:17 UTC+2 użytkownik Gaijin napisał:
> On 2016-08-17 16:08, Chris Laprise wrote:
> > On 08/17/2016 11:35 AM, johnyju...@sigaint.org wrote:
> >> On the Signal matter, just some personal paranoia Re: Signal and 
> >> Google
> >> Play Services:
> >> 
> >> I've been the subject of some rather intense and ongoing hacking 
> >> (iPhone,
> >> iPad, Android phone/tablet, PC, MacBook, cable modem connection, you 
> >> name
> >> it).
> >> 
> >> On the Android phone, I wiped it several times, and switched to 
> >> Cyanogen,
> >> but the "weirdness" kept coming back.  (Seeing stuff being recorded,
> >> logged, queued to upload etc., when scrutinizing the filesystem with 
> >> adb.)
> >>   The issues often seemed to dance around Google Play Services.
> >> 
> >> The problem kept coming back, until last time, when I wiped the phone 
> >> yet
> >> again, but didn't install Google Play Store (and thus no Google Play
> >> Services).  Things *appear* to be stable and secure now, with no
> >> logging/recording/uploading weirdness showing up on the filesystem.
> >> 
> >> I'd like to install and use Signal for obvious reasons, but I honestly
> >> don't trust Google Store/Services enough to take the risk.
> >> 
> >> (I have a psycho ex with some crooked cop buddies, so I half suspect 
> >> some
> >> law enforcement/government hook might be present in Google Play 
> >> Services.
> >> Speculation of course.  But I'll personally stay clear for now.  I'm 
> >> not
> >> doing anything illegal, but with crooked cops it really doesn't matter
> >> much.  :) )
> >> 
> >> I did get a copy of Signal from apkmirror, but I expect it might not 
> >> work
> >> without Play Services, and I'm not sure it'd be smart to implicitly 
> >> trust
> >> apkmirror, either.  So I'll keep my SmartPhone as a DumbPhone for now.
> >> 
> >> I was kind of excited to hear about Signal for Chromium, but 
> >> disappointed
> >> to find it relied upon you also having it installed on your 
> >> smartphone.
> >> 
> >> Aand then there's this:
> >> http://arstechnica.com/security/2015/06/not-ok-google-chromium-voice-extension-pulled-after-spying-concerns/
> >> 
> >> Not cool, Google.
> >> 
> >> Cheers.  :)
> >> 
> > 
> > I have to say I don't understand the logic of tying an app like Signal
> > to Google, meaning the user is attached to Google at the hip.
> > Especially when an app like Ring.cx operates without a browser or even
> > a server, which seems far less risky.
> > 
> > Chris
> 
> But Google just announced their end of support for Chrome apps on 
> Windows, Mac, and Linux in early 2018.
> https://blog.chromium.org/2016/08/from-chrome-apps-to-web.html
> Won't that kill the Signal app?

We'll probably have to repeat the same steps in a Chrome OS VM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5e5495f-95e9-44ac-827f-4233bfb62355%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

2016-08-03 Thread grzegorz . chodzicki
W dniu środa, 3 sierpnia 2016 06:15:38 UTC+2 użytkownik Manuel Amador (Rudd-O) 
napisał:
> On 08/02/2016 06:10 PM, grzegorz.chodzi...@gmail.com wrote:
> >
> > Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g 
> > gaming motherboards can update itself over Ethernet connection, reinstall 
> > itself from scratch and sometimes contains a built-in mini-linux. If you do 
> > not need such bonuses then legacy BIOS will do just fine.
> >
> 
> How do you / how can I identify these malevolent mobos?
> 
> 
> -- 
> Rudd-O
> http://rudd-o.com/

Pretty much any motherboard made by MSI, Asus, Asrock or Gigabyte, especially 
the ones marketed for gamers. Workstation/server motherboards should be fine 
though. iPMI is less of an issue on ws/server mobos since it usually runs only 
over its own separate ethernet controller.
Funny story, few weeks ago I helped my friend put together a gaming PC. The 
motherboard didn't even POST correctly until we connected the ethernet cable so 
it could update itself. Utterly terrifying.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82dec981-224d-421f-845c-7985950fee33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

2016-08-02 Thread grzegorz . chodzicki
W dniu poniedziałek, 1 sierpnia 2016 00:41:08 UTC+2 użytkownik Stephen Moreno 
napisał:
> Hi,
> 
> 
> 
> I'm looking to build a new desktop system for Qubes. In an ideal world I 
> would use a motherboard with a Libreboot open source BIOS, however this is 
> currently not practical.
> 
> 
> 
> I am therefore intending to use a motherboard with an AMD AM3 chipset, to at 
> least avoid the AMD PSP and Intel ME technologies. This would either contain 
> a proprietary legacy BIOS or a newer UEFI BIOS. My question is, what would be 
> most preferable for a secure Qubes system?
> 
> 
> 
> It is my current understanding that once a legacy BIOS has finished 
> initializing the hardware, it hands off to the OS and no longer executes. In 
> contrast, a UEFI BIOS has runtime services that continue to execute while the 
> OS is running.
> 
> 
> 
> I was therefore coming to the conclusion that if the BIOS was compromised 
> (and it could potentially be compromised before I received it), then a system 
> that could only run a legacy BIOS would be preferable, as it could 
> theoretically do less damage.
> 
> 
> 
> The Wikipedia page on UEFI also states, “UEFI can support remote diagnostics 
> and repair of computers, even with no operating system installed”. 
> (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface)
> 
> This has me further concerned about UEFI in a proprietary form.
> 
> 
> 
> Are there any benefits of a UEFI BIOS that would outweigh my concerns?
> 
> 
> 
> Any input on this topic would be much appreciated.

Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g 
gaming motherboards can update itself over Ethernet connection, reinstall 
itself from scratch and sometimes contains a built-in mini-linux. If you do not 
need such bonuses then legacy BIOS will do just fine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c36d44aa-90ca-43a2-baff-1b0f0b6603c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: What do you think about the idea of a FileVM?

2016-07-29 Thread grzegorz . chodzicki
W dniu piątek, 29 lipca 2016 03:42:07 UTC+2 użytkownik epic...@gmail.com 
napisał:
> A fileVM would be a mountable filesystem that 2 or more AppVMs can share.
> 
> A fileVM could be a normal partition like MSDOS/FAT32, an encrypted 
> filesystem, or even a distributed or cloud filesystem.
> 
> There are numerous uses for this, for example, installing Dropbox on a Linux 
> AppVM and sharing the dropbox folder with a Windows AppVM that has Microsoft 
> Office installed so you can edit docx files. You would create one DOS/FAT32 
> partition that would be attached to both the Linux and Windows AppVM. 
> Currently you would have to install dropbox on both the Windows and Linux 
> AppVMs doubling storage requirements.
> 
> As long as the two AppVMs share the same risk tolerance there doesn't seem to 
> be any reason not to allow this in my mind?
> 
> The current system of having to manually transfer individual files from one 
> AppVM to another is a productivity bottleneck and to many makes QubesOS 
> undesirable as a primary OS. 
> 
> I understand there are many reasons to enforce the manual transfer in certain 
> AppVM domains depending upon their nature, and this should be the default, 
> but we also need a way to intelligently share large amounts of files between 
> AppVMs in the same security domain.

If I remember correctly this is already doable by attaching a block device to 
two VMs at once.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20a68704-36ac-4bd7-9454-6225916962d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: using Arduino development environment with Qubes OS

2016-07-21 Thread grzegorz . chodzicki
W dniu poniedziałek, 18 lipca 2016 05:40:46 UTC+2 użytkownik pe...@peabo.com 
napisał:
> I'm converting a machine I used for Arduino development to use Qubes.
> 
> The docs indicate support for USB stick, keyboard, and mouse.
> 
> I'm wondering if I can gain access to /dev/ttyACM0 or similar devices in a 
> specific VM?  This is a usual USB-to-serial interface used by Arduino.
> 
> Peter Olson

Have You tried passing the USB controller to the VM? This should work pretty 
well.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab72165b-693a-482d-9447-e2e66d4efe16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Suggestion: Inform users about documentation changes

2016-07-13 Thread grzegorz . chodzicki
W dniu środa, 13 lipca 2016 20:32:19 UTC+2 użytkownik Andrew David Wong napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-07-13 10:32, grzegorz.chodzi...@gmail.com wrote:
> > W dniu środa, 13 lipca 2016 17:25:56 UTC+2 użytkownik Andrew David Wong
> > napisał: On 2016-07-13 08:18, Andrew David Wong wrote:
>  On 2016-07-13 06:56, grzegorz.chodzi...@gmail.com wrote:
> > It would be a nice feature if entries in the Qubes Docs showed the
> > date of the last update or a tag (preferably bright and colorful)
> > showing which of the docs were updated within the last 3 days, a
> > week, a month etc. This will prevent users from missing out on
> > useful information because it was added to an entry that has
> > already been read by users.
>  
>  
>  You can already view this easily by clicking the "View Page Source"
>  link on any documentation page. That will show you the last commit
>  (near the top of the page), and you can see the rest of the available
>  commit history by clicking the "History" button.
>  
> > 
> > You can also view all the changes to the qubes-doc repo by looking at the 
> > commit log:
> > 
> > https://github.com/QubesOS/qubes-doc/commits/master
> > 
> > 
> > 
> >>> You can already view this easily by clicking the "View Page Source"
> >>> link on any documentation page. That will show you the last commit
> >>> (near the top of the page), and you can see the rest of the available
> >>> commit history by clicking the "History" button.
> > 
> > That requires opening a specific doc entry page instead of the general Docs
> > page, and
> > 
> >> You can also view all the changes to the qubes-doc repo by looking at
> >> the commit log:
> >> 
> >> https://github.com/QubesOS/qubes-doc/commits/master
> > 
> > This solution is a little more convenient but still requires the user to
> > leave the doc page.
> > 
> 
> You should understand that the website is just one of many possible frontends
> for accessing the documentation. The qubes-doc git repo is the documentation
> "in itself." It can be accessed through qubes-os.org, github.com, and (soon),
> offline within Qubes OS, but it is independent of all of those. As a git repo,
> the ability to track and view changes is an inherent feature of the
> documentation that already necessarily exists.
> 
> Nonetheless, I'm opening an issue for your suggestion as a website 
> enhancement:
> 
> https://github.com/QubesOS/qubes-issues/issues/2169
> 
> (You actually made two separate suggestions in your OP, so I'm choosing the
> title based on the first one. Also, your subject line is actually conveying a
> different idea than the two suggestions you make. If you simply want to be
> informed about documentation changes, you can also subscribe to an RSS feed of
> the git log via GitHub.)
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXhokqAAoJENtN07w5UDAw4TkP/1naTMFiKUADQLjvtJ2M+0Ie
> h7akO2HaCN3t5YM+p+Y2Ed7Cbd8b8WqsI3XXNkSAnN8Wo7urQI7qFJeONCxS9I72
> Aqwoe+His33uUTF0fuWWpL/cZBveUmLZTUNNZhYddWO5SE9C2AUVQO90sPK7FnZv
> JjvfdRcbWQnt3Gh8HD3hsoC9xE7QNDDtgo8qf7lSGXFXus2gsFIfhwYkrwmXYZ1R
> oAq3WuhUDircSSwl32IA8NUXyTFhJFWEvfD7nkYK9oxr5z7tB6pv4JNhkykV5WsT
> nJKVZyUpWw8+sJu66OMiyk2LpoMf4CjpRUaewq7cH9y9tId8TNn/ejbgL61PPysh
> KUD+v9HPiA0qm0IOml03XMOivNo1dtiaPU7E/MNMuaZjOe4Y2MMv+HtdOY4LE9Qi
> TSyq0EEPK4I+FQbwEdlS2j7/z0X+g2oVZYzS5BuGHd0RqhdpuDxWC5DItmbMNzUm
> wjzvA8sTyQY2V6tpT1DDTYyh+Jsk0jw8HkVqQBsgy6Vg/b7rf2+Li6KWx1PG5DGJ
> NobSRShS0fuGW2oDatEM9iv/pXCBEaILIMjcxPyhcihnVrvFimJ6Y1Y7yc0soG7m
> s2Ak3WzU1D/cYxUN3lxwFkvcOEm6+O0R5rFIT0pjmmAtwtr+1qlwZX2q7yk5qlgU
> 4K5Qu4AYGqDjyBkE886T
> =vTIP
> -END PGP SIGNATURE-

Sorry about the confusion. The subject line was meant to suggest a general idea 
while the post itself described the way such mechanism could possibly work 
based on my experiences with other docs/wikis etc. I feel that the current 
github title accurately reflects what I hope would be done.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28e0e4d3-8951-489a-8965-920477a1c4be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Suggestion: Inform users about documentation changes

2016-07-13 Thread grzegorz . chodzicki
W dniu środa, 13 lipca 2016 17:25:56 UTC+2 użytkownik Andrew David Wong napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-07-13 08:18, Andrew David Wong wrote:
> > On 2016-07-13 06:56, grzegorz.chodzi...@gmail.com wrote:
> >> It would be a nice feature if entries in the Qubes Docs showed the date
> >> of the last update or a tag (preferably bright and colorful) showing
> >> which of the docs were updated within the last 3 days, a week, a month
> >> etc. This will prevent users from missing out on useful information
> >> because it was added to an entry that has already been read by users.
> > 
> > 
> > You can already view this easily by clicking the "View Page Source" link
> > on any documentation page. That will show you the last commit (near the top
> > of the page), and you can see the rest of the available commit history by 
> > clicking the "History" button.
> > 
> 
> You can also view all the changes to the qubes-doc repo by looking at the
> commit log:
> 
> https://github.com/QubesOS/qubes-doc/commits/master
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXhl18AAoJENtN07w5UDAwhjMP/jyTcku1hZE9WbK9CB3wRpi6
> rLEF911DWpCjt3Gv4N4wWgNf1VEOrqJBiXWLxgsy4cNAcYyEt8soR3gG7CPn9jzO
> Mm/8ogqQYoSiurPvJ84N34VJTxcuJaaVmtmJEooNY6S5fqERI0FFSnPxyN9MQnC6
> n4ltDDPzhjq+kU1mX11K5+cFbhgDrZ45D0vtStopHboKr7Hi+fq5cV8nVywKdh99
> 0moo9XP2LT4MLyNqllAmVQFWPab752nffRgn0B1DjPKUe4vDl5N/Y/Iq2QxlNn8l
> b/KqXlnPA45KMvhhykJC6ipghAHoEAwKGsT3uhdHhRChGVaacfhTtuEoFPH7qx8h
> Dod7hB24Qyzzfle3OakM8Nk4vcCHIRIhirfNP+WKW4SjDismdBOTx2qkna97LvaZ
> 3dvTJTL/RLnL/IksdCosC7by4KoH8hZrAJQxlp/ggqwjTlTaz5ft9v3J6gbDF9Hj
> M3dAcyL16DGbXP2RUBrmYLV6nWKRJVceUFa1pA28hbjkEDMLV2qLDy9xb47qU3EU
> EVKKOBYKtL/C8GipAMy+gNCp06tAthMLqhWlOR6DcRzUAK6e7Dc4uOSAB7MRnDX9
> RbliL01Y8ExnYuaCZpPgy9vxD4KCJm6vDAe/+/AaCo7eezMxUiAtYlsxSw6LVl6U
> suoBvi9Xy2W+BIFF3dd+
> =AQUu
> -END PGP SIGNATURE-


> > You can already view this easily by clicking the "View Page Source" link
> > on any documentation page. That will show you the last commit (near the top
> > of the page), and you can see the rest of the available commit history by 
> > clicking the "History" button.

That requires opening a specific doc entry page instead of the general Docs 
page, and

> You can also view all the changes to the qubes-doc repo by looking at the
> commit log:
> 
> https://github.com/QubesOS/qubes-doc/commits/master

This solution is a little more convenient but still requires the user to leave 
the doc page.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a8e30ce-e30e-4998-8f4b-bbbcdb3617fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes OS running under Hyper-V

2016-07-10 Thread grzegorz . chodzicki
With the release of Qubes 3.0 hypervisor abstraction layer was introduced, 
theoretically allowing Qubes to run under any hypervisor, nut just Xen. So my 
question is: can Qubes in its current state be run under Hyper-V and if not, 
will it be possible in the not-too-distant future?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83336fc9-5154-423d-8203-b7bc8d62dd2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: how to run Windows quest vm in Qubes on hw without required features (vt-d)?

2016-07-05 Thread grzegorz . chodzicki
W dniu wtorek, 5 lipca 2016 10:46:02 UTC+2 użytkownik thinkpad user napisał:
> more specific - Lenovo Y580 is listed in hcl as having no proper hw 
> features.(vt-d)
> 
> what for?
> 1) using Qubes instead of non-hypervisor based OS is more safer, even without 
> features like hardware virtualization. .
> 2) using hypervisor is more convenient than using virtualization soft like 
> VirtualBox

It's possible to run Windows-based qube without VT-d. Please keep in mind 
though that it will not be possible to attach external devices to that qube.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28e3e75f-2125-445d-9fab-7092cd6b0de9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once

2016-07-03 Thread grzegorz . chodzicki
W dniu sobota, 2 lipca 2016 15:44:38 UTC+2 użytkownik Andrew David Wong napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-07-02 02:50, Grzesiek Chodzicki wrote:
> > The users who are connected to the network are assumed to be
> > authorized. The firewall restriction is not meant to protect the
> > share against malicious users, it is supposed to protect against
> > untrusted AppVMs.
> 
> What's the difference between a malicious user and a malicious AppVM?
> 
> > Moreover password based authentication could be used by malicious
> > AppVMs in a Denial-Of-Service scenario where AppVMs send
> > authentication requests to exhaust server resources.
> > 
> 
> Ok, but isn't it the server's responsibility to protect itself from
> that sort of attack? What if you have other, non-Qubes machines on
> your network, and one or more of them gets compromised and tries to
> DoS the server?
> 
> Certainly if we're talking about a home network using a consumer
> router, the network should be regarded as untrusted. (Even more so if
> the network is shared with anyone else.)
> 
> 
> P.S. - Please avoid top posting.
> 
> > 2016-07-02 4:08 GMT+02:00 Andrew David Wong :
> > 
> > On 2016-07-01 11:04, Grzesiek Chodzicki wrote:
>  @Andrew
>  
>  A user has a network share on the internal network. This
>  share does not require the user to provide any extra
>  credentials to access it (for the same reason Qubes uses
>  passwordless sudo). The user creates a separate AppVM in
>  order to access the share and, in Qubes Firewall, allows the
>  AppVM to connect to the share. However unless the user
>  specifically forbids every other VM access to the share they
>  can connect to it too (due to Qubes NAT all AppVMs use the
>  same LAN IP and MAC address so the share cannot
>  differentiate between the AppVM that is supposed to access it
>  and AppVMs that aren't). Because every AppVM can connect to
>  the share they can now use it as a covert communications
>  channel.
>  
>  I tried to be as clear as I could with this one I hope You 
>  understand what I'm trying to convey.
>  
> > 
> > Why not require a password to access the network share, then only 
> > type/paste that password in the authorized AppVM? The reason for 
> > passwordless sudo in Qubes is that it provides no extra security,
> > but it seems like requiring a password to access your network share
> > would provide some security in this situation (unless, of course,
> > the authentication mechanism can be trivially bypassed for some
> > reason).
> > 
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXd8U9AAoJENtN07w5UDAwx2YP/2UgTlkKtoWUYrPGfHKQssDa
> S1Ml5NuwSL7vM+YuavJA/vlk9JZGq6A0JtNXtq4hkavwbZbezkwGmnC4TqeV5tUv
> PF6HHUXRmuUvukbLy6drlPBJEzjylNCfNfL6ef54zJwWgCiX4Y0G5TOJIqN2ANGt
> sFNQ5wN9qn9JxO9iTCOXBTinxA+aAP9uxUzFaMxxGq47aUwwFTJmra1JvCj7XtF2
> 2DZmk9P+NyYTRADIVITXGuStEvA7CdCIli6rECe4ObRwOUpWb0yI/4bgUMvGeNm9
> ZnhaX3+V4mWVT3dYc/5SLgEXwGdMrU+a9tEeAv1DDGlTT1o3arolTmUh+C6oCxFi
> vgqsqjjIMqYDhw9snFZTn3ggS9D9/DnwW42bV2BNTxsQujnJMIAoKqz0QueBb8fz
> unMoGwe0bfL4DotVVHcGai3rMQeuFdvhCnUcOhIxtyiZpat/u0OCpCOiZFOAMdVn
> ngX2hQbDjvfjjNKzoTnB7A4yUEJMp2Dh6MQjLw2ybCbH/zqQEL8OeeKZ9QtBkCvu
> 5FZX1/wREGP+S+LKcTFFr1su0kOvG3i+GM8fxLM3CUUJjfTNf8dFoNPE10bxdUtr
> mSUSW4+UN2adEn88wH9wdP4mNN6G16TVKgT4ra/4ZobeJViMgZiee+ahTgjbq8ri
> YQiuDsOoOdCumQ+UqpsU
> =5+uP
> -END PGP SIGNATURE-

Sorry about top-posting I clicked on reply-to-all.

>What's the difference between a malicious user and a malicious AppVM?

Even if AppVM becomes malicious, its network access is restricted by the Qubes 
firewall (unless the AppVM can somehow escape the sandbox but that's beside the 
scope of the discussion). A malicious user would have unrestricted control over 
his/her system.

>Ok, but isn't it the server's responsibility to protect itself from
>that sort of attack? What if you have other, non-Qubes machines on
>your network, and one or more of them gets compromised and tries to
>DoS the server?

>Certainly if we're talking about a home network using a consumer
>router, the network should be regarded as untrusted. (Even more so if
>the network is shared with anyone else.)

It most certainly is the server's responsibility but it wouldn't hurt if the 
attack surface was reduced by restricting VMs access to it.

I understand that this is a very low priority issue however I feel that it 
would help users easily enforce the least-access policy in their Qubes 
instances.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

[qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once

2016-06-30 Thread grzegorz . chodzicki

Preamble
Qubes OS offers an option to restrict network traffic within a VM to a specific 
address/domain/website which is a very useful feature as it allows the user to 
control networking within VMs.


Issue
However if the user wants to be 100% sure only the dedicated VM can access a 
specific web resource, they need not only to allow the dedicated VM access to a 
said resource, they also need to deny access to said resource for every other 
VM they use. As the number of VMs grow larger this task will get more and more 
mundane.

Suggestion
Allow users to apply firewall rules to several VMs at once. This mechanism 
could be implemented either in Qubes Manager GUI or as a separate GUI 
application.

Sample options

Make exclusive - allowing access to a specific resource automatically denies 
access to said resource for all other VMs except for the system VMs

Apply to all - allowing access to a specific resource grants all other VMs 
access to said resource

Apply to selected - additional checkbox would appear in QM allowing the user to 
select VMs to which the rule would apply

Apply to all from the same TemplateVM - self-explanatory

I believe such a feature would greatly improve the efficiency as well as 
minimize the risk of user error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82e6a0cd-598a-40b2-9120-134dc680564d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.