[qubes-users] Re: [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

On 01/24/2018 07:51 AM, Ed wrote: > On 01/24/2018 04:29 AM, Andrew David Wong wrote: > >> ## Qubes 3.2 >> >> Previously, we had planned to release an update for Qubes 3.2 that would >> have made almost all VMs run in PVH mode by backporting support for this >> mode from Qubes 4.0. > > Out of

[qubes-users] Re: Qubes4.0 rc3 install error

On 12/04/2017 02:39 PM, Shashank wrote: > Thank you very much for the wonderful explanation of how it works. Would all > the files in /boot be deleted Incase I did a factory install on my machine? > i,e go back to factory settings. Or would I have to do the way you mentioned, > by mounting

[qubes-users] Re: Qubes4.0 rc3 install error

On 12/04/2017 02:16 PM, Reg Tiangha wrote: > On 12/04/2017 01:48 PM, Shashank wrote: >> Oh no probably i didn’t mention it in my initial post, sorry about that. I >> am actually dual booting on my system and set a partition of 80 gb on my >> hard drive. >> &g

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 11/25/2017 05:51 AM, Foppe de Haan wrote: > On Friday, November 24, 2017 at 6:00:37 PM UTC+1, Foppe de Haan wrote: >> On Friday, November 24, 2017 at 3:25:40 PM UTC+1, Frédéric Pierret (fepitre) >> wrote: >>> Le vendredi 24 novembre 2017 15:22:20 UTC+1, Foppe de Haan a écrit : On

[qubes-users] Re: Turn off quiet boot?

On 2017-10-11 5:42 PM, Ron Hunter-Duvar wrote: > Does anyone know how to turn off QubesOs' quiet boot (splash screen > instead of kernel messages)? > > I like to see the messages during boot (and shutdown). More than once > I've caught a lurking problem (although it scrolls by fast, those red "[

[qubes-users] Re: Qubes 3.2 dnsmasq update?

On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > Well, I did all this, and confirmed that the sys-* servicevms are all > using Fedora 25, but it still has dnsmasq version 2.76. According to > US-CERT, 2.78 is needed to get the vulnerability fixes. Which concerns > me, given the length of time

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 2017-10-01 10:21 AM, Frédéric Pierret (fepitre) wrote: > > Hi, just a small update of current kernel branches status: > > From our last commits with Reg, the last version of kernel 4.12.14 is > available and also I created the branch for devel-4.13 (currently version > 4.13.4). > > From

[qubes-users] Re: Hardened VM templates in Qubes

On 2017-09-25 6:42 AM, dhfgebenskzkwkwnd...@gmail.com wrote: > Hello, please tell me if there are guides to hardening VM templates? > Coldhak.ca is dead, is there anything else or use KSPP manually? > > Thanks. > Most of the KSPP options have been enabled in the most recent versions of the 4.9

[qubes-users] Re: New potential way of disabling ME

On 2017-08-28 11:36 PM, loke...@gmail.com wrote: > Apparently ME has a HAP mode that can be enabled, which disables most of the > ME functionality. > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > Yep. They're already looking into incorporating it into me_cleaner too.

[qubes-users] qubes-devel Google Group Web Interface: Banned Content Warning

FYI, trying to view the qubes-devel Google Group on a web browser currently displays this message: Banned Content Warning The group that you are attempting to view (qubes-devel) has been identified as containing spam, malware or other malicious content. Content in this group is now limited to

[qubes-users] Re: Qubes 3.2 Building an up to date dom0 3.18 Kernel

On 2017-08-27 9:10 AM, 'Vincent Adultman' via qubes-users wrote: > > Thanks for your time in replying Reg, something that interests me is the > necessity of building in a FC23 VM. Would you agree there's a > possibility of security issues whilst building as FC23 is EOL? (when > fetching or

[qubes-users] Re: Unofficial forward-ported grsec 4.9 Qubes kernel branch

On 2017-08-25 8:35 AM, nicholas roveda wrote: > Thanks for all the details. > > I've tested on the R4.0 rc1, so fc25, I'll try it soon on the R3.2 (fc23 and > fc24), so we can crosscheck the script. > > I saw both dom0 and vm rpms are generated, but is it better to generate > different rpms

[qubes-users] Re: Unofficial forward-ported grsec 4.9 Qubes kernel branch

On 2017-08-24 9:23 AM, Sandy Harris wrote: > At some point, these patches may become unnecessary & perhaps some of > them already are. There is ongoing work aimed at getting related > patches into the mainline Linux kernel. > > Wiki:

[qubes-users] Re: Unofficial forward-ported grsec 4.9 Qubes kernel branch

On 2017-08-24 4:27 PM, nicholas roveda wrote: > I think Reg has done a great job and the porting its a must go path to force > the developers to throw away all the differences that slow down or prevent > the develop of a secure system. > To be fair, I don't forward port anything; it's @minipli

[qubes-users] Re: Network Manager: 'Device not ready' after suspend.

On 2017-08-23 3:08 PM, Andrew Morgan wrote: > I tried that kernel on sys-net with no change yes, but dom0's kernel has > not changed. > > Would it perhaps be an issue with xen's PCI passthrough functionality? > Could it be left in a broken state after a suspend and thus sys-net is > not able to

[qubes-users] Re: Unofficial forward-ported grsec 4.9 Qubes kernel branch

On 2017-08-23 9:01 AM, nicholas roveda wrote: > I'm trying to build your port, but I,ve actually had to to some changes to > `kernel.spec` because the script exits with an error at line 136: > `%_sourcedir/check-for-config-changes .config.orig .config`. > Actually, if you mean that 'make rpms'

[qubes-users] Re: Qubes 3.2 Building an up to date dom0 3.18 Kernel

built a Xenial template) using Qubes builder > and I notice Reg Tiangha has a repo with updated 3.18 kernel at > https://github.com/rtiangha/qubes-linux-kernel/ I notice Reg also > submits patches which are merged into the official qubes-linux-kernel > repo after review by Marek.

[qubes-users] Re: [qubes-devel] Re: Re: Request for feedback: 4.9 Kernel

On 06/29/2017 04:59 AM, 0spinbo...@gmail.com wrote: > fyi: this kernel built as-is will cause kernel panics on (some, common) Ryzen > motherboards. Issue is described here among other places: > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1671360 > This happens as soon as

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 06/27/2017 04:50 PM, 0spinbo...@gmail.com wrote: > It seems building works fine on fc23. Wonder what changed between 6/17 and > today that fc25 no longer compiles kernels, though. > > Wasn't using any patches from the hardening project. I just spun up a FC25 BuildVM and *no* kernels (I even

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 2017-06-27 1:53 PM, Reg Tiangha wrote: > On 2017-06-27 1:37 PM, > 0spinbo...@gmail.com wrote: > >> Thanks. Was already up to date, though, and all gzip-related options were >> enabled (as before). Only change was a new package req >> (elfutils-libelf-devel).

[qubes-users] Re: Screen brightness

On 06/26/2017 04:25 PM, Unman wrote: > On Mon, Jun 19, 2017 at 06:20:14PM -0700, Bob wrote: >> Is there any way to turn down screen brightness, either via terminal or >> system settings? The closest thing I can find is System Tools -- Power >> Manager --Display. That gives options regarding

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 06/27/2017 08:09 AM, Epitre wrote: > Le mardi 27 juin 2017 12:40:00 UTC+2, 0spin...@gmail.com a écrit : >> Anyone have an idea why, since 4.11.7, I am always getting a "initramfs not >> in gzip format" error? > Hi, same problem for me with 4.11.7. I also tried to select only AMD family > (my

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 2017-06-22 12:22 PM, motech man wrote: > OK, sounds straightforward, I'll give it a shot. > > As to the 4.11 offer, will that work for a kaby-lake system? Sound far older > than the 4.4 kernel in the current 3.2 Qubes ISO. Unless you mistyped the > version I suspect it would not work well. >

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 2017-06-22 11:49 AM, motech man wrote: > I just used the qubes-dom9-update cli cmd. Still not sure how to change > kernel config to tailor to my hardware. I have compiled any a Linux kernel > but not sure the proper "qubes" way to do it. I'm just a newb after all ;-/ It's not hard. If you're

[qubes-users] Re: Ubuntu Xenial Update Dependency Breakages

On 06/21/2017 06:23 AM, Unman wrote: > I'm assuming that you have added Qubes repositories to apt sources, and > specified Debian, although you are running Xenial. Qubes doesn't provide > repositories for Ubuntu packages, (as yet). I've been thinking about this. I assume part of the reason for

[qubes-users] Re: Any release schedule for Qubes 4.0

On 2017-06-20 9:06 AM, Swâmi Petaramesh wrote: > Hi there, > > I've been googling here and there, and couldn't find any release > schedule for the upcoming qubes 4.0... > > Any clue anybody ? > > ॐ > They haven't released one yet and it will be done when it's done. Personally, I'd rather

[qubes-users] Re: [UP] Qubes and USB Ethernet adapter

On 2017-06-19 10:12 AM, Swâmi Petaramesh wrote: > Hi, > > Does anybody here have an idea about this ? > > Le 16/06/2017 à 08:28, Swâmi Petaramesh a écrit : >> Hi, >> >> I have a new Asus laptop which comes with no integrated Ethernet, but an >> USB Gigabit Ethernet adapter. >> >> I wonder if

[qubes-users] Re: support of encrypted Linux- and Windows-VMs?

On 2017-06-19 9:41 AM, josefh.ma...@hushmail.com wrote: > Hello List > > > Does Qubes support encrypted Linux- and Windows-VMs? > > As in Linux VMs encrypted with something like LUKS and Windows with Bitlocker? I don't see why not. Certainly if those VMs are set up as HVMs, although I'm not

[qubes-users] Re: certified laptop delivery to Russia

On 2017-06-19 12:56 AM, taii...@gmx.com wrote: > I don't care how much cash they give to the devs purism is a scam plain > and simple, don't buy from them. > https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/ > Your news is old. The latest hardware

[qubes-users] Re: Is there a mechanism that stops qube os from starting if the drive is unplugged?

On 2017-06-18 6:49 PM, carr...@gmail.com wrote: > I ask because I plan to hot swap my qube os drive out with my windows drive. > When I swap back in the qube os drive it does not boot. I installed anti-evil > maid and encrypted the drive but no tpm. > By "hot swap," do you mean actually

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 06/15/2017 03:02 PM, Reg Tiangha wrote: > On 06/15/2017 02:51 PM, Zrubi wrote: >> Do we already have any git issues about 4.9 and its currently known >> problems? >> > Nothing centralized that tracks all 4.9 issues/regressions that I'm > aware of, outside of this m

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 06/15/2017 01:53 PM, Zrubi wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 06/15/2017 06:34 PM, Reg Tiangha wrote: > >> Curious: For those apps that exhibit that behavior, are they >> running on Debian 9 or Fedora 25 templates? > Nope. &g

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 06/15/2017 10:34 AM, Reg Tiangha wrote: > On 06/15/2017 05:40 AM, Zrubi wrote: >> My Lenovo T450 working fine with kernel 4.4 >> Jut tried the latest 4.9.31 and has some interesting graphic related >> issues: >> >> Under KDE, the application icons in the taskb

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 06/15/2017 05:40 AM, Zrubi wrote: > My Lenovo T450 working fine with kernel 4.4 > Jut tried the latest 4.9.31 and has some interesting graphic related > issues: > > Under KDE, the application icons in the taskbar are messed up. Means > broken application images are displayed. Broken means some

[qubes-users] Re: Weird SSL issues

On 06/07/2017 08:43 AM, Bernhard wrote: >> Hello Qubes community! >> >> I have a weird issue with SSL (HTTPS) access. >> >> Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal sys-firewall. >> Any app-vm running Fedora 24 or Debian 9 (have not tested any other) have >> issues

[qubes-users] Re: HCL - Lenovo s230u "Twist"

On 06/03/2017 10:35 AM, Reg Tiangha wrote: > On 06/03/2017 03:35 AM, > wordswithn...@gmail.com wrote: >> Upgrading to kernel 4.9.29-17 (from the testing repo) fixed the mouse and >> keyboard issues! >> >> It has apparently caused my Intel PCIe WiFi card to crash w

[qubes-users] Re: HCL - Lenovo s230u "Twist"

On 06/03/2017 03:35 AM, wordswithn...@gmail.com wrote: > Upgrading to kernel 4.9.29-17 (from the testing repo) fixed the mouse and > keyboard issues! > > It has apparently caused my Intel PCIe WiFi card to crash when returning from > suspend, requiring a reboot of sys-net. That'll be addressed

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 06/01/2017 06:55 AM, Pablo Di Noto wrote: > Oh, yeah... I have started experiencing quite annoying internet connectivity > issues, very, very difficulty to troubleshot. Symptoms are: > > - Web browsing fails with ERR_EMPTY_RESPONSE, pages load partially never > reaching some of the content. >

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 2017-06-01 6:55 AM, Pablo Di Noto wrote: > Hello, > >> 1) Hardware that used to work with 4.4 or 4.8 no longer works with 4.9. > > Using it on a Lenovo X250 (i3-5010U), and other desktops. > > Experiencing consistently the "no wifi after resume" which was working fine > with 4.4.x There's

[qubes-users] Re: debian 8 grsec vs thunderbird

On 2017-05-31 1:04 PM, haaber wrote: >> and if grsec is killing processes you actually want to run, you can look >> at the logs, see what protection is being triggered, and can use >> paxctl/paxctld to disable it just for that executable or library. > > I tried, but I dd not learn anything

[qubes-users] Re: debian 8 grsec vs thunderbird

On 2017-05-31 12:34 PM, haaber wrote: > Thank you very much Reg! That solves miraculously the problem. I was > playing with -E instead and it did not help me. At least I learned some > minimal experience with paxctl that way :)) Bernhard Lower case letters disable the specific protection and

[qubes-users] Re: debian 8 grsec vs thunderbird

On 05/31/2017 04:59 AM, haaber wrote: > Some update : the same happens with 4.9.20.grsec. The reason seems > visible in ulimit -a: > > core file size (blocks, -c) 0 > > whereas thunderbird requests 4096 (whatsoever unit). Remains to > understand /etc/security/limits.conf > > Bernhard systemd

[qubes-users] Re: Booting USB Quebes across multiple machines?

On 05/29/2017 06:59 AM, Dave C wrote: > * I have a laptop which boots incredibly slowly. There is a roughly 2 minute > delay in the boot process. I suspect it is waiting for PS/2, but the machine > has none. Although I'm not sure, and not sure how to troubleshoot. If you weren't aware, you

[qubes-users] Re: Maccchanger, debian9 template, Screensave

On 05/28/2017 02:20 PM, Finsh wrote: > thanks, ive already made a fed25 template(not tested so far) I followed the > instructiosn on the documentation site, what are the differences to your > methode? > If your fedora-25 template already works properly, then there's no difference. I copy/pasted

[qubes-users] Re: Maccchanger, debian9 template, Screensave

On 05/28/2017 02:00 PM, Reg Tiangha wrote: > On 05/28/2017 01:14 PM, Finsh wrote: >> oh ok, thanks.well, that is very unfortunate.so i will have to use the >> debian-9 template for sys-net. > > Well, that's not exactly true. You could take that fedora-24 (or > fedora-24-

[qubes-users] Re: Maccchanger, debian9 template, Screensave

On 05/28/2017 01:14 PM, Finsh wrote: > oh ok, thanks.well, that is very unfortunate.so i will have to use the > debian-9 template for sys-net. Well, that's not exactly true. You could take that fedora-24 (or fedora-24-minimal) template, clone it, and then upgrade the clone to Fedora 25.

[qubes-users] Re: Maccchanger, debian9 template, Screensave

On 05/28/2017 12:19 PM, Finsh wrote: > thanks, that makes sense. can anybody explain to me how to update the > Networkmanager in Fedora-24? > > dnf --showduplicates list NetworkManager only shows older versions... > > > greetings. > Again, the version of Network Manager that properly

[qubes-users] Re: Maccchanger, debian9 template, Screensave

On 05/28/2017 10:43 AM, Finsh wrote: > Wy is the Macchanger method in the documentaion the way you should use to > change the maccadress? > It looks a lot easyer to me just to update Networkmanager in fedora and use > this Methode? Because the version of NetworkManager that supports

[qubes-users] Re: Windows 7 Install

On 05/25/2017 11:36 AM, James Chi wrote: > Here is where I am: > > 1. I attached usb drive to sys-usb > 2. Went to sys-usb: Files, Other Locations, then into the USB drive > 3. Copied windows 7 iso file to other AppVM (ie, win7 VMName) > 4. Found windows 7 iso in win7 VM using search. I then

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 05/24/2017 12:37 PM, cyrinux wrote: > Hi, > > I have a T450s, and it works well, just this: > > Seems to have a problem for me, i often miss wireless after suspend. > I need to stop firewall and wlan vm to reload iwlwifi driver. > No easy to unload iwlwifi, faster to stop and start. > I don't

[qubes-users] Unofficial forward-ported grsec 4.9 Qubes kernel branch

Just because the baton was dropped doesn't mean that others weren't willing to pick it up. There are a few groups now that are forward porting the last grsecurity release (4.9.24) to work with newer kernels in the 4.9 branch. This is the one that the Hardened Kernel Community Project links to:

[qubes-users] Re: error starting VM : invalid argument: network device with mac 00:16:00:00:00:00 already exists when starting sys-whonix

On 05/23/2017 10:01 PM, Reg Tiangha wrote: > On 05/23/2017 09:57 PM, Reg Tiangha wrote: >> On 05/23/2017 08:10 PM, yreb-lm wrote: >>> error starting VM : invalid argument: network device with mac >>> 00:16:00:00:00:00 already exists when starting sys-whonix >>&g

[qubes-users] Re: error starting VM : invalid argument: network device with mac 00:16:00:00:00:00 already exists when starting sys-whonix

On 05/23/2017 09:57 PM, Reg Tiangha wrote: > On 05/23/2017 08:10 PM, yreb-lm wrote: >> error starting VM : invalid argument: network device with mac >> 00:16:00:00:00:00 already exists when starting sys-whonix >> >> I was getting this in sys-net also, but I r

[qubes-users] Re: error starting VM : invalid argument: network device with mac 00:16:00:00:00:00 already exists when starting sys-whonix

On 05/23/2017 08:10 PM, yreb-lm wrote: > error starting VM : invalid argument: network device with mac > 00:16:00:00:00:00 already exists when starting sys-whonix > > I was getting this in sys-net also, but I removed one of the network > controllers, and it seems to have stopped > > in sys-net

[qubes-users] Re: Help regarding installing CUBES

On 05/23/2017 01:34 PM, Martin Bak wrote: > On Tuesday, May 23, 2017 at 5:25:35 PM UTC+2, Reg Tiangha wrote: >> On 05/23/2017 04:06 AM, Martin Bak wrote: >>> I have a Dell XPS 9350 i7 U6500 laptop... I have bought a Sandisk Extreme >>> SDHC UHS-II PRO 32GB SD card

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 05/23/2017 01:16 PM, Foppe de Haan wrote: > On Tuesday, May 23, 2017 at 6:40:47 PM UTC+2, Reg Tiangha wrote: >> On 05/23/2017 10:37 AM, Foppe de Haan wrote: >>> It failed to load that module on my PC. (That is, modprobe gave a 'not >>> found' error, and keyboard

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 05/23/2017 10:37 AM, Foppe de Haan wrote: > It failed to load that module on my PC. (That is, modprobe gave a 'not found' > error, and keyboard didn't work.) Would you be willing to compile the version found here and help test to see if it also occurs with this version of the tree:

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 05/23/2017 09:59 AM, Foppe de Haan wrote: > mouse+kb connected through sys-usb, yes. I have a ps/2 keyboard for > 'emergencies', but since it's shit, I prefer not to use it. :) > Anyway, have rebuilt my own kernel with the option Marek mentioned enabled, > and now it's working as intended.

[qubes-users] Re: Help regarding installing CUBES

On 05/23/2017 04:06 AM, Martin Bak wrote: > I have a Dell XPS 9350 i7 U6500 laptop... I have bought a Sandisk Extreme > SDHC UHS-II PRO 32GB SD card (300MB/sec) and i have used Rufus to write the > CUBES OS ISO file to the SD card (in DD mode)... > > When i boot CUBES OS - the menu shows...but

[qubes-users] Re: Request for feedback: 4.9 Kernel

On 05/23/2017 04:41 AM, Foppe de Haan wrote: > Done and did run into something somewhat important (usb keyboard/mouse > pass-through no longer functioning properly). I have the same issue with my > own kernel/vm-kernel builds, not yet figured out what's causing this. > Do you use a sys-usb and

[qubes-users] Re: How to close the CVE-2015-0565 security gap for any RAM-type?

On 05/21/2017 02:34 PM, xet7 wrote: > Can anvil kernel module protections for rowhammer be added to Qubes? > > https://news.ycombinator.com/item?id=12822490 > So I've skimmed through the whitepaper (https://iss.oy.ne.ro/ANVIL.pdf) and because it says that it uses hardware performance counters to

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/21/2017 11:31 AM, Reg Tiangha wrote: > Actually, I think I may have found another way to address this in the > kernel (basically, disabling power management in the Intel wifi driver, > since the general consensus is that it's still buggy and everyone on > other distros with this

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/21/2017 07:19 AM, Reg Tiangha wrote: > On 05/21/2017 07:00 AM, Reg Tiangha wrote: >> On 05/21/2017 05:39 AM, Dominique St-Pierre Boucher wrote: >>> Same Kernel!!! 4.9.28-16.pvops.qubes.x86_64 >>> >>> Dominique >> There is one thing I can think of try

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

On 05/20/2017 12:48 PM, Vít Šesták wrote: > Few Qubes-unrelated notes: > > * It does not have numpad, even the Fn does not allow pressing numbers on > numpad. You have to rely on number row (or external keyboard). Question: Does this work on stock Fedora 25? I'm looking at the Qubes kernel

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/21/2017 07:00 AM, Reg Tiangha wrote: > On 05/21/2017 05:39 AM, Dominique St-Pierre Boucher wrote: >> Same Kernel!!! 4.9.28-16.pvops.qubes.x86_64 >> >> Dominique > There is one thing I can think of trying that may help, but it would > require testing. Do you feel co

[qubes-users] Re: Wireless Adapter Issues

On 05/21/2017 06:30 AM, steven.a.wal...@gmail.com wrote: > Qubes is not detecting my network adapter. It is a panda wireless pau05. The > system is detecting it via lsusb, but it is not loading it into the system. > Does anyone know how I can fix this and get it running. Do you have a sys-usb

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/21/2017 05:39 AM, Dominique St-Pierre Boucher wrote: > Same Kernel!!! 4.9.28-16.pvops.qubes.x86_64 > > Dominique There is one thing I can think of trying that may help, but it would require testing. Do you feel comfortable in compiling your own kernel? If so, I can add the *possible* fix to

[qubes-users] Re: Suitability for an application testing scenario

On 05/21/2017 02:22 AM, Vít Šesták wrote: > Getting rid of seamless mode: HVM is one approach, loopback VNC or Xvfb is > another one. > > On pausing VMs: Actually, even if you just suspend and resume the whole > system, all VMs get unpaused. > > Xen actually has some restore capability, at least

[qubes-users] Re: Suitability for an application testing scenario

On 05/21/2017 12:02 AM, David Seaward wrote: > Hi, > > Previously I've used type II VMs like VirtualBox for application > testing: install application on the base OS, test features (including > GUI features, shell integration and system integration), discard > changes. Additional steps might

[qubes-users] Re: Desktop shell choices & integration on dom0

On 05/20/2017 11:58 PM, Reg Tiangha wrote: > On 05/20/2017 11:51 PM, David Seaward wrote: >> Hi, >> >> Is it possible to change the desktop shell for dom0, for example from >> XFCE to GNOME? >> >> Additionally, I'm used to getting some degree of applicat

[qubes-users] Re: Desktop shell choices & integration on dom0

On 05/20/2017 11:51 PM, David Seaward wrote: > Hi, > > Is it possible to change the desktop shell for dom0, for example from > XFCE to GNOME? > > Additionally, I'm used to getting some degree of application/shell > integration: notifications, tray icons, widgets (e.g. a controller for > the music

[qubes-users] Re: Why should I clone a template?

On 05/20/2017 06:43 PM, Todd Lasman wrote: > The dogma, as I understand it, is that it's safer to clone a template, > make changes to the clone, then base your AppVM's off of that cloned > template. > > - From the Qubes website: > "It is highly recommended to clone the original template, and make

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/20/2017 04:53 PM, Reg Tiangha wrote: > On 05/20/2017 08:23 AM, Dominique St-Pierre Boucher wrote: >> Hello Qubes users >> >> Everything was working fine until updates were installed a couples of week >> back. I was unable to get wifi access back after

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/20/2017 08:23 AM, Dominique St-Pierre Boucher wrote: > Hello Qubes users > > Everything was working fine until updates were installed a couples of week > back. I was unable to get wifi access back after a sleep. My sys-net vm use a > minimal debian stretch template and I never had a sleep

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

On 05/20/2017 01:51 PM, Vít Šesták wrote: >> I am wondering if Haswell and newer is more tightly >> bound to the Intel ME to the point where those machines actually need >> the driver enabled to work correctly. I don't think that's the case, but >> a sanity check would be useful. > It it just

[qubes-users] Request for feedback: 4.9 Kernel

People may not have noticed, but there is now a 4.9 kernel in current-testing (4.9.28 to be specific). If the release schedule holds, then that should be migrated to stable soon, however, before that happens, some feedback on that kernel would be useful before it gets pushed to the majority of

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

On 05/20/2017 12:48 PM, Vít Šesták wrote: > Hello, > I am sending the HCL report. > > I am not sure what model number to use, because the commonly used 15-5578 > refers to various configuration. But when I use TN-5578-N2-711S, it seems to > refer to very specific piece of hardware (with

[qubes-users] Re: Swap space and reducing memory usage?

On 05/20/2017 10:51 AM, Gaiko Kyofusho wrote: > I have a 16gb mem system which can't be upgraded any further to my > knwoledge. I had thought this would be enough but I am running into > memory errors more often than I would like. I admittedly open maybe > 7-12 appvms so the obvious answer to my

[qubes-users] Re: Intel AMT Vulnerability CVE-2017-5689

On 2017-05-11 10:57 AM, Dimitri wrote: > The 'Intel Management Engine' is something like God on your CPU. > Unfortunately its creators were quite human. This manifests in imperfections, > also known as bugs. CVE-2017-5689 is one of those > (https://www.ssh.com/vulnerability/intel-amt/).

Re: [qubes-users] [3.2] Issues with Intel® HD Graphics 620 after update of clean installation

On 2017-05-04 10:17 PM, Vít Šesták wrote: > I can try updating everything to current-testing, but I doubt it helps. > Specifically, the issue occurs even in lightdm and dom0 windows, so we can't > blame GUID which is not even running. > > On premilinary HW support: It is actually there by

Re: [qubes-users] [3.2] Issues with Intel® HD Graphics 620 after update of clean installation

On 2017-05-04 3:28 PM, Vít Šesták wrote: > Well, found that. I can edit /boot/efi/EFI/qubes/xen.cfg. It does not look > like there is something like Grub menu, though. > > * Downgrade to the previous kernel version fixes the issue, but in a quite > different way I thought: All symptoms (missing

Re: [qubes-users] [3.2] Issues with Intel® HD Graphics 620 after update of clean installation

On 2017-05-04 11:16 AM, Vít Šesták wrote: > My other idea was to boot Qubes with the old kernel. But I don't know how to > do it with UEFI boot. With Legacy boot, there is a Grub menu where I can > choose an old kernel, edit kernel cmdline etc. With UEFI boot, I can see > nothing like it. Just

[qubes-users] Re: Slimming Down the dom0 Kernel

On 05/02/2017 02:27 PM, cooloutac wrote: > I never even looked a a cryptography section man tyvm! yes would be very > awesome to know which ones to disable. very interesting. and what hardware > etc of course, and we can then just copy our config over when building the > next one. I think

[qubes-users] Re: Slimming Down the dom0 Kernel

On 05/02/2017 01:40 PM, cooloutac wrote: > you lost me SCSI subsystem, you mean like firmware drivers? and > cryptopgraphy system? no idea. but sounds very interesting, I appreciate > your time. > > Also if I install all that stuff in my system. Shouldn't I then make sure to > uninstall it

[qubes-users] Re: Intel ME exploitable

On 05/02/2017 01:36 PM, cooloutac wrote: > What do you mean by pocket router? Is this like a cheap little router to > dongle off your pc? it seems interesting because I definitely can't trust my > home router at all... > I mean something like this:

[qubes-users] Re: Slimming Down the dom0 Kernel

On 05/02/2017 12:41 PM, cooloutac wrote: > I too would have trouble compiling kernel for fedora too.I only know how > to do it with debian using make-kpkg which is much easier. > The Qubes kernel build scripts actually make it very easy; assuming you have all the software dependencies

[qubes-users] Re: Intel ME exploitable

On 05/02/2017 11:37 AM, David Hobach wrote: > > > On 05/02/2017 07:25 AM, Vít Šesták wrote: >> * I wonder what does “exploitable locally” mean. If physical access >> is required, I am not sure what would attacker gain (AEM bypass at >> most, I guess). If it allows unprivileged user to elevate

[qubes-users] Re: Slimming Down the dom0 Kernel

On 05/02/2017 12:57 AM, Eva Star wrote: > All of this sounds very good. But most of us not so advanced unix > users to compile kernel and install it. Maybe, somebody (as I) can > try, but there is no readme on your repository how to do this and > install it :) > > p.s. Maybe you forget about

[qubes-users] Re: Intel ME exploitable

On 05/01/2017 11:25 PM, Vít Šesták wrote: > Some notes: > > * Applying the patch probably requires BIOS update (and MoBo vendor releasing > the update), I guess. > * I wonder what is the technical distinction between home and SMB/Enterprise. > Is it vPro? > * I am not sure how can I check the

[qubes-users] Re: Intel ME exploitable

On 05/01/2017 02:48 PM, 'Lolint' via qubes-users wrote: > Confirmation by Shintel: > https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf > > -- > You

[qubes-users] Re: Intel ME exploitable

On 05/01/2017 12:19 PM, Reg Tiangha wrote: > On 05/01/2017 12:04 PM, cooloutac wrote: >> On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote: >>> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then >>> the particular CPU is safe. But I am

[qubes-users] Re: Intel ME exploitable

On 05/01/2017 12:04 PM, cooloutac wrote: > On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote: >> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then >> the particular CPU is safe. But I am not 100% confident in vPro and related >> technologies, so I might be

[qubes-users] Re: Intel ME exploitable

On 05/01/2017 11:14 AM, Reg Tiangha wrote: > On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote: >> *Sigh*... Yep. We were right to be concerned (of course). And now we >> have something other than our tin foil hats to point at too: >> >> https://semiaccurate.com

[qubes-users] Re: Intel ME exploitable

On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote: > *Sigh*... Yep. We were right to be concerned (of course). And now we > have something other than our tin foil hats to point at too: > > https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ > > I want my RISC-V

[qubes-users] Slimming Down the dom0 Kernel

OK, so I think I've taken this personal project of mine to see how much I could trim down the dom0 kernel as far as I can on my own (or rather, I've found a set of settings that work for the hardware I own, but I'm not sure how it'll perform on other people's hardware) so I'm ready to share the

[qubes-users] Re: Graphics Problem after updating Dom0

On 2017-04-30 9:31 AM, Mystic Buyer wrote: > On Sunday, April 30, 2017 at 4:34:25 AM UTC-4, foo4 wrote: >> Mystic Buyer: >>> Hi guys >>> >>> I hope someone will be able to help me out on this. So I just installed >>> Qubes 3.2 on my Dell xps 15 9560. Things worked perfectly until I updated >>>

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 04/28/2017 11:56 PM, Foppe de Haan wrote: > the update wasn't built for the fc23-vm: > https://github.com/QubesOS/updates-status/issues/17 > That's really weird, since it came out for dom0, which is essentially fc23. And it looks like the fc24 and 25 versions never transferred over from

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 04/28/2017 11:20 PM, gho...@gmail.com wrote: >> I don't know why it wouldn't work for you, unless you're running a >> version of Qubes older than R3.2 or using an unsupported Fedora template. >> >> As a last resort, you can replace your /usr/src/u2mfn-3.2.3/u2mfn.c file >> with this one here:

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 04/28/2017 10:25 PM, gho...@gmail.com wrote: >> You need to update the qubes-kernel-vm-support package in the Fedora VM >> that you're trying to compile this in. A compatible version (3.2.4) >> should has been pushed out to the stable repositories so running sudo >> dnf upgrade should pull it

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

On 04/28/2017 09:03 PM, gho...@gmail.com wrote: > Hello, > > I am following your instructions and trying to compile devel-4.10. I am > getting the following error. This error also occurs on stable-4.9. Any idea > how i can fix this. > > Thanks. > > /home/user/qubes-linux-kernel/u2mfn/u2mfn.c:

  1   2   >