Re: [EXT] [qubes-users] Re: Qubes OS 4.1-rc3 has been released!

2022-01-22 Thread Ulrich Windl

On 1/15/22 18:22, Scat wrote:

Thanks all for the help...making progress...really appreciate the responses

As I continue to explore the new 4.1rc3 another issue comes up that I 
can't remember experiencing with 4.0 and it seems important:


When I try to back up my system and insert a WD external hard drive I 
get an error when I try to mount it, specifically "Error mounting 
/dev/sda1 at run/media/user/easystore: unknown filesystem type 'ntfs3,ntfs'


Backing up Qubes OS to NTFS seems a bad idea to me. Why not use a 
dedicated medium/partition formatted with a unix filesystem like xfs?




- I tried both USB ports, same error
- I tried multiple hard drives, including the one I used with my 4.0 
setup, same error
- I see the device in my sys-usb but the error comes when I try to mount 
the device
- I can mount a small USB drive and transfer files but when I put in a 
large disk the error occurs
- I tried backing up on a 32g thumb drive and it started to back up but 
then errored out with the following: "ERROR: Writing backup to VM 
failed: cat: write error: File too large (I use a dedicated VM for my 
email(Thunderbird) which has a lot of emails.

- Never had this problem with my 4.0 set up
- I googled and found similar issues but nothing with a solution

The above is my biggest issue right now but also had a few other questions:
- USB-C doesn't seem to work? Not a big deal but I can't mount a USB-C 
thumbdrive(in all fairness I was using a regular USB and used a dongle 
to convert to USB-C). I found an old thread that mentioned USB-C isn't 
supported in Qubes...
- My Thunderbird VM(dedicated VM to email) seems to constantly be 
downloading emails (I remember this from my 4.0 set up and it eventually 
stopped) but I have a large number of emails. Is there a better way to 
manage this? Can I some how save these emails with out deleting them? I 
changed "Private storage max size:" to 30g...not sure this is right but 
seems to make sense. I also changed Initial memory to 500MB and Max 
memory to 5000MB in an effort to add more resources to my email VM


The lack of being able to back-up is my biggest concern...


On Monday, January 10, 2022 at 10:30:10 AM UTC-6 stevenlc...@gmail.com 
wrote:




On Mon, Jan 10, 2022, 11:15 AM 'awokd' via qubes-users
 wrote:

Scat:

 > TPM: Device not found <---Is this Anti-Evil Maid" ?

Yes.

VT-D settings look OK. Qubes will warn on install if something
required
is missing.


Anybody try using a vTPM or TPM Simulator with Qubes?

My machine came with a "software TPM" which only works under Windows
apparently. I had previously looked at Xen vTPM but somehow could
not manage to get it to work under Qubes. I can't be the only one
out there without a TPM, so I just wanted to ask if anyone else had
looked into a virtual/software replacement yet.



--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a9c1224-7cb0-439c-91f5-8bf5acf2f870n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31de9786-60bf-1ca1-8157-01b8d534a3c0%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Qubes 4.0 with Intel(R) Core(TM) i7-8700T CPU @ 2.40GHz

2022-01-22 Thread Ulrich Windl

On 1/4/22 17:07, Peter wrote:
Am running 4.0, fully patched, with a CPU capable of 2.4GHz, but Qubes 
reports 800MHz.


xentop - 10:57:04   Xen 4.8.5-36.fc25
10 domains: 1 running, 9 blocked, 0 paused, 0 crashed, 0 dying, 0 shutdown
Mem: 33345840k total, 28558708k used, 4787132k free    CPUs: 6 @ 792MHz

How can I diagnose the issue, and see full utilization of the CPU?  I 
don't see this on other PC's with different CPU's, just this one with 
an Intel(R) Core(TM) i7-8700T CPU @ 2.40GHz.


I had never looked at it before, but I'm getting "CPUs: 4 @ 3997MHz" ;-)



Thanks,

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d46b0bb-054f-4bf1-8c62-c12d3517fd65n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/869d05fa-d50c-74bb-3bfa-b11131651dfe%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: HCL - Dell Precision M4800

2022-01-22 Thread Ulrich Windl

On 1/1/22 01:50, IX4 Svs wrote:



On 31 Dec 2021, at 23:42, IX4 Svs  wrote:


I have been using Qubes 4.0.x on this laptop for some time with no major issues 
(only sleep/wake doesn't work), so I thought I'd install 4.1-rc3 today.

First impression is that most things work (good resolution to external 49'' 
monitor, networking, USB mouse, USB camera and microphone) BUT there is 
something wrong probably with the display driver that makes the GUI very 
sluggish (it takes approx 3 seconds for the XFCE menu to highlight the menu 
item over which the mouse pointer is, dragging a window redraws the window with 
significant lag, I can type faster than the characters of this email can be 
displayed in the browser window...) - which didn't happen with 4.0.4.


Hate to say this, but after a reboot the display lag issues are gone and the 
system is working well. Some sort of xconfig sorcery must have taken place in 
the background. Anyway. Happy user of 4.1-rc3 so far, even sleep and resume 
seems to work, which is a welcome improvement from 4.0.4 on this hardware.

Alex



I wonder: Could it be as simple as initial cron jobs running an causing 
a high system (I/O) load (and in turn making other programs slow)?


Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/284c6773-ccf8-9c72-e1ad-7973ea6fcf43%40rz.uni-regensburg.de.


[qubes-users] Q: Thunderbird extension: "open URL in VM..."

2021-12-31 Thread Ulrich Windl

Hi!

As it seems, there is a Thunderbird extension (Qubes attachments) 
allowing to open an attachment in a VM, but I'd like to have an 
extension that allows to open an URL in a VMs web browser easily, too.


Is there one already?

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4d8990e-18f0-238b-8fdd-af74f7875182%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Qubes OS 4.1-rc3 has been released!

2021-12-31 Thread Ulrich Windl

On 12/29/21 12:20 PM, TheGardner wrote:
If you want to get the lastest version, just install/upgrade to 4.1rc3. 
This version is already working for most of the things and I'm sure, it 
will work for your daily things also. I wouldn't bother with 4.0.4 any 
more at this point of stage.


Actually for a "release candidate" I'm expecting that most things do 
work. ;-)

...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd2587c7-ab3b-94f5-779e-dd363cefa6f0%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Qubes OS 4.1-rc3 has been released!

2021-12-31 Thread Ulrich Windl

On 12/29/21 3:34 AM, Scat wrote:
...
(PS Just donated before year end to the Qubes project...keep going 
developers and community! You do great stuff!)

...

Me too ;-)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4d98eac-4126-d5bc-ebf0-4cd236309ccc%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] "Cannot connect to qrexec agent for 60 .." - how to change this timeout?

2021-12-31 Thread Ulrich Windl

On 12/20/21 3:37 AM, Oleg Artemiev wrote:

Re all.

I've slow disk on my qubes PC. Sometimes when I start VMs it tells
that it can't connect to qrexec & fails to start automatically - I've
to start again manually & then on the second time the disk reads
faster due to cache & it succeeds. Where can I change the timeout to
90 seconds or even more?



Hi!

As I've been there, too (originally staring with an "USB stick" to run 
Qubes OS, I found out that it's way too slow. Then I tried on external 
USB-connected hardddisk, and it still was slow occasionally. Finally I 
bought an external USB case for an NVME SSD and a fast NVME SSD.
I can only recommend that: It's *much* more fun using Qubes OS. VMs 
start in maybe 2-3 seconds instead of 30-40 seconds...


Regards,
Ulrich
P.S.: I'm using an external drive for Qubes because I have filled my 
four harddisks with other stuff already, and a fifth harddisk would 
would have bee an organizational challenge with the desktop case I have.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9964fc6c-6b4c-feab-a5c3-df554838ca26%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Upgrading debian instructions are wrong

2021-12-16 Thread Ulrich Windl

On 12/16/21 10:05 PM, frag wrote:

Hi Ulrich,

You should try the following commands:

$ sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list
$ sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/qubes-r4.list

And I recommand you to clone your qube first as described.


Hi!

thanks for the reply. In fact I found out later reading 
https://www.qubes-os.org/doc/template/debian/upgrade/#release-specific-notes
Maybe there should be anchors for each debian release, so the referrer 
could point to specific instructions.


Regards,
Ulrich



regards,

Fred.


On 12/16/21 8:43 PM, Ulrich Windl wrote:

Hi!

Following https://www.qubes-os.org/doc/template/debian/upgrade/ I read:
[user@debian- ~]$ sudo sed -i 's///g' 
/etc/apt/sources.list
[user@debian- ~]$ sudo sed -i 's///g' 
/etc/apt/sources.list.d/qubes-r4.list


Continuing the instructions the upgrade was amazingly fast, so I 
doubt, looking into the files:
ser@debian-11:~$ sudo sed -i 's/debian-10/debian-11/g' 
/etc/apt/sources.list
user@debian-11:~$ sudo sed -i 's/debian-10/debian-11/g' 
/etc/apt/sources.list.d/qubes-r4.list

user@debian-11:~$ sudo apt update
Hit:1 https://deb.debian.org/debian buster InRelease
Get:2 https://deb.debian.org/debian-security buster/updates InRelease 
[65.4 kB]

Hit:3 https://deb.qubes-os.org/r4.0/vm buster InRelease
Get:4 https://deb.debian.org/debian-security buster/updates/main amd64 
Packages [312 kB]
Get:5 https://deb.debian.org/debian-security buster/updates/main 
Translation-en [165 kB]

Fetched 543 kB in 1s (572 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
user@debian-11:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer 
required:
  gstreamer1.0-pulseaudio libjsoncpp1 lightning 
linux-headers-4.19.0-13-amd64

  linux-headers-4.19.0-13-common linux-headers-4.19.0-14-amd64
  linux-headers-4.19.0-14-common linux-headers-4.19.0-16-amd64
  linux-headers-4.19.0-16-common linux-headers-4.19.0-6-amd64
  linux-headers-4.19.0-6-common linux-image-4.19.0-13-amd64
  linux-image-4.19.0-14-amd64 linux-image-4.19.0-16-amd64
  linux-image-4.19.0-6-amd64 python-daemon python-dbus python-lockfile
  python-numpy python-olefile python-pil python-pkg-resources python-xdg
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
  libnss3
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,161 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 https://deb.debian.org/debian-security buster/updates/main amd64 
libnss3 amd64 2:3.42.1-1+deb10u4 [1,161 kB]

Fetched 1,161 kB in 1s (1,191 kB/s)
Reading changelogs... Done
(Reading database ... 220971 files and directories currently installed.)
Preparing to unpack .../libnss3_2%3a3.42.1-1+deb10u4_amd64.deb ...
Unpacking libnss3:amd64 (2:3.42.1-1+deb10u4) over (2:3.42.1-1+deb10u3) 
...

Setting up libnss3:amd64 (2:3.42.1-1+deb10u4) ...
Processing triggers for libc-bin (2.28-10) ...
user@debian-11:~$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer 
required:
  gstreamer1.0-pulseaudio libjsoncpp1 lightning 
linux-headers-4.19.0-13-amd64

  linux-headers-4.19.0-13-common linux-headers-4.19.0-14-amd64
  linux-headers-4.19.0-14-common linux-headers-4.19.0-16-amd64
  linux-headers-4.19.0-16-common linux-headers-4.19.0-6-amd64
  linux-headers-4.19.0-6-common linux-image-4.19.0-13-amd64
  linux-image-4.19.0-14-amd64 linux-image-4.19.0-16-amd64
  linux-image-4.19.0-6-amd64 python-daemon python-dbus python-lockfile
  python-numpy python-olefile python-pil python-pkg-resources python-xdg
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@debian-11:~$ cat /etc/apt/sources.list
deb https://deb.debian.org/debian buster main contrib non-free
#deb-src https://deb.debian.org/debian buster main contrib non-free

deb https://deb.debian.org/debian-security buster/updates main contrib 
non-free
#deb-src https://deb.debian.org/debian-security buster/updates main 
contrib non-free


user@debian-11:~$ cat /etc/apt/sources.list.d/qubes-r4.list
# Main qubes updates repository
deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm buster main
#deb-src https://deb.qubes-os.org/r4.0/vm buster main

# Qubes updates candidates repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm buster-testing main
#deb-src https://deb.qubes-os.org/r4.0/vm buster-testing main

# Qubes security updates testing repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm 
buster-securitytesting main

#deb-src https://deb.qubes-os.org/r4.0

[qubes-users] Upgrading debian instructions are wrong

2021-12-16 Thread Ulrich Windl

Hi!

Following https://www.qubes-os.org/doc/template/debian/upgrade/ I read:
[user@debian- ~]$ sudo sed -i 's///g' 
/etc/apt/sources.list
[user@debian- ~]$ sudo sed -i 's///g' 
/etc/apt/sources.list.d/qubes-r4.list


Continuing the instructions the upgrade was amazingly fast, so I doubt, 
looking into the files:

ser@debian-11:~$ sudo sed -i 's/debian-10/debian-11/g' /etc/apt/sources.list
user@debian-11:~$ sudo sed -i 's/debian-10/debian-11/g' 
/etc/apt/sources.list.d/qubes-r4.list

user@debian-11:~$ sudo apt update
Hit:1 https://deb.debian.org/debian buster InRelease
Get:2 https://deb.debian.org/debian-security buster/updates InRelease 
[65.4 kB]

Hit:3 https://deb.qubes-os.org/r4.0/vm buster InRelease
Get:4 https://deb.debian.org/debian-security buster/updates/main amd64 
Packages [312 kB]
Get:5 https://deb.debian.org/debian-security buster/updates/main 
Translation-en [165 kB]

Fetched 543 kB in 1s (572 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
user@debian-11:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer 
required:
  gstreamer1.0-pulseaudio libjsoncpp1 lightning 
linux-headers-4.19.0-13-amd64

  linux-headers-4.19.0-13-common linux-headers-4.19.0-14-amd64
  linux-headers-4.19.0-14-common linux-headers-4.19.0-16-amd64
  linux-headers-4.19.0-16-common linux-headers-4.19.0-6-amd64
  linux-headers-4.19.0-6-common linux-image-4.19.0-13-amd64
  linux-image-4.19.0-14-amd64 linux-image-4.19.0-16-amd64
  linux-image-4.19.0-6-amd64 python-daemon python-dbus python-lockfile
  python-numpy python-olefile python-pil python-pkg-resources python-xdg
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
  libnss3
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,161 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 https://deb.debian.org/debian-security buster/updates/main amd64 
libnss3 amd64 2:3.42.1-1+deb10u4 [1,161 kB]

Fetched 1,161 kB in 1s (1,191 kB/s)
Reading changelogs... Done
(Reading database ... 220971 files and directories currently installed.)
Preparing to unpack .../libnss3_2%3a3.42.1-1+deb10u4_amd64.deb ...
Unpacking libnss3:amd64 (2:3.42.1-1+deb10u4) over (2:3.42.1-1+deb10u3) ...
Setting up libnss3:amd64 (2:3.42.1-1+deb10u4) ...
Processing triggers for libc-bin (2.28-10) ...
user@debian-11:~$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer 
required:
  gstreamer1.0-pulseaudio libjsoncpp1 lightning 
linux-headers-4.19.0-13-amd64

  linux-headers-4.19.0-13-common linux-headers-4.19.0-14-amd64
  linux-headers-4.19.0-14-common linux-headers-4.19.0-16-amd64
  linux-headers-4.19.0-16-common linux-headers-4.19.0-6-amd64
  linux-headers-4.19.0-6-common linux-image-4.19.0-13-amd64
  linux-image-4.19.0-14-amd64 linux-image-4.19.0-16-amd64
  linux-image-4.19.0-6-amd64 python-daemon python-dbus python-lockfile
  python-numpy python-olefile python-pil python-pkg-resources python-xdg
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@debian-11:~$ cat /etc/apt/sources.list
deb https://deb.debian.org/debian buster main contrib non-free
#deb-src https://deb.debian.org/debian buster main contrib non-free

deb https://deb.debian.org/debian-security buster/updates main contrib 
non-free
#deb-src https://deb.debian.org/debian-security buster/updates main 
contrib non-free


user@debian-11:~$ cat /etc/apt/sources.list.d/qubes-r4.list
# Main qubes updates repository
deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm buster main
#deb-src https://deb.qubes-os.org/r4.0/vm buster main

# Qubes updates candidates repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm buster-testing main
#deb-src https://deb.qubes-os.org/r4.0/vm buster-testing main

# Qubes security updates testing repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm 
buster-securitytesting main

#deb-src https://deb.qubes-os.org/r4.0/vm buster-securitytesting main

# Qubes experimental/unstable repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm buster-unstable main
#deb-src https://deb.qubes-os.org/r4.0/vm buster-unstable main


# Qubes Tor updates repositories
# Main qubes updates repository
#deb [arch=amd64] 
tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm 
buster main
#deb-src 
tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm 
buster main


# Qubes updates candidates repository
#deb [arch=amd64] 

Re: [EXT] Re: [qubes-users] dnf remove lies to me (removing whonix-15 templates)

2021-11-30 Thread Ulrich Windl

On 11/21/21 9:39 PM, 'awokd' via qubes-users wrote:

Ulrich Windl:

qvm-template-postprocess: error: No Qube with this name exists


Maybe try to fake it out by cloning some other template to 
"whonix-ws-15", then run again?




Hmm: The template is no longer visible in Qubes Mangager (I think I had 
deleted it from there).


[master@dom0 ~]$ rpm -ql 
qubes-template-whonix-ws-15-4.0.1-201910102356.noarch

/var/lib/qubes/vm-templates/whonix-ws-15
/var/lib/qubes/vm-templates/whonix-ws-15/apps
/var/lib/qubes/vm-templates/whonix-ws-15/apps.tempicons
/var/lib/qubes/vm-templates/whonix-ws-15/apps.templates
/var/lib/qubes/vm-templates/whonix-ws-15/clean-volatile.img.tar
/var/lib/qubes/vm-templates/whonix-ws-15/icon.png
/var/lib/qubes/vm-templates/whonix-ws-15/netvm-whitelisted-appmenus.list
/var/lib/qubes/vm-templates/whonix-ws-15/private.img
/var/lib/qubes/vm-templates/whonix-ws-15/root.img
/var/lib/qubes/vm-templates/whonix-ws-15/root.img.part.00
/var/lib/qubes/vm-templates/whonix-ws-15/root.img.part.01
/var/lib/qubes/vm-templates/whonix-ws-15/root.img.part.02
/var/lib/qubes/vm-templates/whonix-ws-15/vm-whitelisted-appmenus.list
/var/lib/qubes/vm-templates/whonix-ws-15/volatile.img
/var/lib/qubes/vm-templates/whonix-ws-15/whitelisted-appmenus.list
[master@dom0 ~]$ rpm -V 
qubes-template-whonix-ws-15-4.0.1-201910102356.noarch

missing /var/lib/qubes/vm-templates/whonix-ws-15
missing /var/lib/qubes/vm-templates/whonix-ws-15/apps
missing /var/lib/qubes/vm-templates/whonix-ws-15/apps.tempicons
missing /var/lib/qubes/vm-templates/whonix-ws-15/apps.templates
missing /var/lib/qubes/vm-templates/whonix-ws-15/clean-volatile.img.tar
missing /var/lib/qubes/vm-templates/whonix-ws-15/icon.png
missing 
/var/lib/qubes/vm-templates/whonix-ws-15/netvm-whitelisted-appmenus.list

missing /var/lib/qubes/vm-templates/whonix-ws-15/root.img.part.00
missing /var/lib/qubes/vm-templates/whonix-ws-15/root.img.part.01
missing /var/lib/qubes/vm-templates/whonix-ws-15/root.img.part.02
missing 
/var/lib/qubes/vm-templates/whonix-ws-15/vm-whitelisted-appmenus.list
missing 
/var/lib/qubes/vm-templates/whonix-ws-15/whitelisted-appmenus.list


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/965ee31e-dbee-8a91-3f2f-63ed0f810317%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Verifying signatures

2021-11-30 Thread Ulrich Windl

On 11/30/21 12:32 PM, Andrew David Wong wrote:

On 11/29/21 12:06 PM, 'Rune Philosof' via qubes-users wrote:

When I follow the guide
on https://www.qubes-os.org/security/verifying-signatures/
I get the following result
```
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
   427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid   [ultimate] Qubes Master Signing Key
sig!3    DDFA1A3E36879494 2010-04-01  Qubes Master Signing Key

gpg: 1 good signature
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 
Signing Key"

pub   rsa4096 2017-03-06 [SC]
   5817A43B283DE5A9181A522E1848792F9E2795E9
uid   [ unknown] Qubes OS Release 4 Signing Key
sig!3    1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
gpg: Note: third-party key signatures using the SHA1 algorithm are 
rejected

gpg: (use option "--allow-weak-key-signatures" to override)
sig% DDFA1A3E36879494 2017-03-08  [Invalid digest algorithm]

gpg: 1 good signature
gpg: 1 signature not checked due to an error
```

Is it because the master key is old and the old defaults are now
considering too weak?


I take it you're referring to the message about SHA1. I'm not certain, 
but we do have a related open issue, which the devs are working on now:


https://github.com/QubesOS/qubes-issues/issues/6470

Also see the comments on this issue, which are even more specific to 
your question:


https://github.com/QubesOS/qubes-issues/issues/4378

In particular, Marek commented (on #4378):

"In general, it may be a good idea to create new signature using SHA256 
or such, to ease the use with weak-digest SHA1 option enabled. But in 
practice, in the current state SHA1 problems doesn't affect security of 
the key itself, because there are no known pre-image attacks.

New signatures are made with SHA256 hash function."


If so, why not distribute a new one?



It's not that simple. As Marek recently pointed out to me, "The current 
QMSK is well known and published in a lot of places (easing its 
verification), including various conference videos, physical t-shirts we 
sold, some stickers etc. With every new QMSK it will take time until it 
will be comparably easy to independently verify."


But isn't that exactly the advantage of the "web of trust"?: You can 
sign the new key with your old key, and people will (have the chance to) 
trust the new key as well.




Having said that, we do have an open issue for generating a new QMSK:

https://github.com/QubesOS/qubes-issues/issues/2818

We likely will at some point, but it's not an action to be taken lightly.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50280468-944c-348a-794f-a6b1b1c4dc86%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] XSAs released on 2021-11-23

2021-11-30 Thread Ulrich Windl

On 11/27/21 11:03 AM, 'awokd' via qubes-users wrote:

Qubes:

Is there Qubes documentation outlining the steps to increase the size 
of /boot, or does one follow general disk management, with tools like 
using GParted for example. Although the disk is a LUKS encrypted 
volume. Can one decrypt, use GParted to resize, and then encrypt again?


Note that /boot itself is not encrypted, but you're right, you would 


Since GRUB can load LUKS-encrypted /boot, one could even encrypt /boot, 
but a part of GRUB is also encrypted then, it seems. At least there 
isn't much GRUB functionality until the LUKS volume is unlocked.
And it seems you only have one attempt to enter the passphrase 
correctly. Also GRUB decryption seems much slower than kernel decryption...


have to decrypt the rest to resize it. No Qubes specific docs. Procedure 
you describe should work, but might be further ahead by backing up your 
VMs to a removable encrypted drive, doing a fresh install of R4.1 (rc2 
last I saw) and adjusting the boot partition size on the installer 
screen, then restoring?




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/492c9a9c-e566-38c1-bb6d-81fd792282db%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] XSAs released on 2021-11-23

2021-11-30 Thread Ulrich Windl

On 11/26/21 3:47 PM, Qubes wrote:

'awokd' via qubes-users wrote:

Qubes:


And that is it. When I run update from CLI I get this,

"Error Summary
-
Disk Requirements:
    At least 33MB more space needed on the /boot filesystem."

Is that normal behavior? The disk /boot lives on is not full, the 
complaint is with /boot specific.


What does "df -h" say about /boot? If it's full and you've been 
updating the system for a while, check for old EFI images that haven't 
been cleaned up.




df -h shows /boot is full, 100% used.

I am not sure how to fix this, can you please give me advice?

Looking at ls -l for /boot I can see a lot of old images, but I guess 
that is because I have set my system to keep 15 kernels. However, I have 


Interestingly I see three kernels (and corresponding initramfs) here, 
but only one Xen version. So it seems kernels have versioning, but not Xen.

Of my 700MB /boot 41% (283MB) are used.

been on the 5.xxx kernel now since it was launched so I can safely 
remove the 4. kernels. How does one clean this up properly. If I 
just delete the files from /boot the system may still think they are 
there, is there a built-in process/procedure to follow for this?




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b6775ba-b76d-5908-3ffc-e0c1013b8984%40rz.uni-regensburg.de.


[qubes-users] dnf remove lies to me (removing whonix-15 templates)

2021-11-20 Thread Ulrich Windl

Hi!

Following the instructions how to remove obsolete templates, I have a 
problem with both old whonix templates. The problem goes like this:

[master@dom0 ~]$ rpm -qa qubes-template-\*
qubes-template-debian-10-4.0.1-201912251612.noarch
qubes-template-whonix-ws-15-4.0.1-201910102356.noarch
qubes-template-whonix-gw-16-4.0.6-20210921.noarch
qubes-template-whonix-gw-15-4.0.1-201910102356.noarch
qubes-template-whonix-ws-16-4.0.6-20210921.noarch
[master@dom0 ~]$ sudo dnf remove qubes-template-whonix-ws-15
Dependencies resolved.

 Package Arch 
Version Repository Size


Removing:
 qubes-template-whonix-ws-15 noarch 
4.0.1-201910102356  @anaconda 2.1 G


Transaction Summary

Remove  1 Package

Installed size: 2.1 G
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
usage: qvm-template-postprocess [--verbose] [--quiet] [--help] [--really]
[--skip-start] [--keep-source]
{post-install,pre-remove} name dir
qvm-template-postprocess: error: No Qube with this name exists
error: %preun(qubes-template-whonix-ws-15-4.0.1-201910102356.noarch) 
scriptlet failed, exit status 2

Error in PREUN scriptlet in rpm package qubes-template-whonix-ws-15
Error in PREUN scriptlet in rpm package qubes-template-whonix-ws-15
qubes-template-whonix-ws-15-4.0.1-201910102356.noarch was supposed to be 
removed but is not!
  Verifying   : qubes-template-whonix-ws-15-4.0.1-201910102356.noarch 
1/1


Removed:
  qubes-template-whonix-ws-15.noarch 4.0.1-201910102356 



Complete!
[master@dom0 ~]$

Specifically: Even when saying "Removed: ...", the package was *not* 
removed.


Same for the "whonix-gw-15" package.

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/60609ffd-a0e6-f4c7-e94a-bd21c77c674a%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] headset recommendation for video conferencing with good audio quality

2021-11-20 Thread Ulrich Windl

On 11/16/21 11:38 PM, lik...@gmx.de wrote:


Hi!

I'd like to ask for recommendations for headset for video conferencing. It has 
been said that my bluetooth headset with slack or microsoft teams do have much 
worse audio quality with qubes than with windows.


The issue with modern bluetooth headsets is typically not quality but 
latency. The good old cable-type headset is probably still the best.




Any recommendations from the community? Bonus for bluetooth headsets.

Thanks!



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f91d60f-97fb-80fe-cc0c-c4438d06e550%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] video conferencing: high dom0 cpu load by pulseaudio

2021-11-20 Thread Ulrich Windl

On 11/15/21 11:35 AM, Peter Palensky wrote:
I use a video VM for MS Teams, Zoom, etc. and dom0 top shows >10% cpu 
load for pulseaudio and pacat-simple-vchan (associated with that video VM).


Is that normal? It drains my battery (Dell XPS13, kernel 5.4.88-1, Qubes 
4.0) really quickly.


Even outside of Qubes-OS I feel video conferencing software is highly 
inefficient. When I had a Webex session on my old AMD Phenom 2 Quad 
Core, the CPU fan got louder and louder...




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c881090e-18a9-4618-86ff-8ec310f6021fn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e325960-ad37-83f9-e3b8-ee52218bf60e%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Installation start text leads to a blank screen.

2021-11-04 Thread Ulrich Windl

On 11/2/21 1:15 AM, 'awokd' via qubes-users wrote:

Shadow Wolf:
Hi.  I'm trying to install Qubes on my laptop, but everytime I load 
the USB

drive it spawns a bunch of text followed by a blank screen.  I tried
partitioning the ISO at 4 GB as recommended by the trouble shooting page,
but sadly, no luck.  I have pictures of the text I took with my phone, 
but

unfortunatly, they are a bit blurry and need a bit of close up to see the
text properly since the picture is a bit blurry. Because of their 
size

I can't yet upload both.  Instead I uploaded the first  [image:
20211031_161610.jpg]

Update your BIOS if you haven't already, and check if VT-d is enabled in 
BIOS settings. Also, sometimes it can help to see what workarounds 
others with similar models have had to do in the HCL 
(https://www.qubes-os.org/hcl/). Don't see any Dell G5s, but maybe 
compare against other Dell models from the same time-frame.


Another idea would be trying an external monitor in case the video 
timing is out of bound for the built-in panel (I had such an issue with 
my monitor).




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17b5ebae-7a5a-f96c-d7b0-abf61d545932%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Installation start text leads to a blank screen.

2021-11-04 Thread Ulrich Windl

On 10/31/21 10:32 PM, Shadow Wolf wrote:
Hi.  I'm trying to install Qubes on my laptop, but everytime I load the 
USB drive it spawns a bunch of text followed by a blank screen.  I tried 
partitioning the ISO at 4 GB as recommended by the trouble shooting 
page, but sadly, no luck.  I have pictures of the text I took with my 
phone, but unfortunatly, they are a bit blurry and need a bit of close 
up to see the text properly since the picture is a bit blurry.  Because 
of their size I can't yet upload both.  Instead I uploaded the first 
20211031_161610.jpg


Well, most mobile cams allow setting the resolution; if not, you could 
still use software like GIMP to downscale the images or use a JPEG 
quality less than 99. That should result in images of reasonable size.

Despite of that you could try to "unsharp mask" blurry images.
Even better maybe: Hold the mobily steady before when you expect to make 
a shot. Then just make the shot...




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/682e08e0-2486-4ed3-bfb1-239525d80337n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86122b60-e25e-5d32-6458-e8791c354ae4%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Qubes does not boot any more. Very abruptly. Who can help?

2021-11-04 Thread Ulrich Windl

On 10/30/21 9:01 PM, 'awokd' via qubes-users wrote:

Michael Singer:

I have just solved the problem; the system starts up normally again. 
The solution was to overwrite the second and faulty installation on 
the pcie nvme disk. I do not understand why my working sata 
installation scans the pci mass storage device at startup. Wait, I 
just remembered that I read a long time ago that something like this 
can happen with Qubes and Xen. Is there maybe a way to prevent pci 
mass storage devices from being automatically scanned and mounted in 
dom0 afterwards?


Strange it broke without any changes, but glad it's working now. One way 
to avoid scan finding anything might be to use different encryption 
passwords between installations. Seems like there should be some way to 
blacklist specific mass storage devices from scan, though.


Some people forget to change IDs when cloning disks.
GPT has GUIDs, LVM used GUIDS, filesystems use GUIDs, etc.
When mounting via GUID and the GUID is non-unique, you are heading for 
trouble.






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b44348f2-d3bd-d066-a408-29ad0db420c3%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Extract image file from Qubes 4.x

2021-11-04 Thread Ulrich Windl

On 10/25/21 11:28 AM, r.wiesb...@web.de wrote:

In Qubes 4.x the images are no longer ordinary files accessible from the
dom0 file system. So how can I extract them as VM images (.img files in
Q 3.x) in Qubes 4.x? In the wiki I only find how to delete, but not how
to extract an image fom LVM. Thank you.


Try "kpartx -va /dev/qubes-dom0/vm-..." for your favorite VM. That 
creates device files for each partition, so you could mount those 
(read-only).


See "man kpartx".





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/45d708b4-cc9e-83f9-5253-bf33ea098778%40rz.uni-regensburg.de.


[qubes-users] Q: Anybody running Qubes-OS on TUXEDO Nano Pro?

2021-11-04 Thread Ulrich Windl

Hi!

I'm wondering: Does anybody run Qubes OS on a TUXEDO Nano Pro - Gen11 
(e.g. with AMD Ryzen 7 4800U)?


Maybe this configuration (see 
https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Computers-/-PCs/AMD-Systems/TUXEDO-Nano-Pro-Gen11.tuxedo#):

Current Configuration
Product No.: 1226

32 GB (1x 32GB) 3200MHz CL22 Samsung ( +150,00 EUR)
AMD Ryzen 7 4800U (8x 1.80-4.20 GHz, Eight-Core, 16 Threads, 12 MB 
Cache, 10-25 W TDP) ( +300,00 EUR)

1000 GB Samsung 860 EVO (M.2 SATAIII) ( +95,00 EUR)
without mass-storage
Intel Wi-Fi 6 AX200 Series (802.11ax | 2,4 & 5 GHz | Bluetooth 5.2)
without Linux
without Windows
24 months / 2 years warranty
Assembled within 2 weeks when in stock

1.185,00 EUR

Looks like a nice small box.

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d1f383b-e0c6-6f0a-8519-841da26c1a1a%40rz.uni-regensburg.de.


Antw: [EXT] [qubes-users] Q: Problem updating whonix-gw (sdwdate)

2021-10-06 Thread Ulrich Windl
>>> Ulrich Windl  schrieb am 06.10.2021 um 
>>> 00:31
in Nachricht <12f193b4-b6de-96fc-b6a1-de237e4de...@rz.uni-regensburg.de>:
> Hi!
> 
> Upgrading the whonix-gw template resulted in an unexpected error:
> 
> Updating Qubes App Menus and advertising features...
> Processing triggers for desktop-file-utils (0.23-4) ...
> Processing triggers for tex-common (6.16) ...
> Running updmap-sys. This may take some time... done.
> Running mktexlsr /var/lib/texmf ... done.
> Building format(s) --all.
>   This may take some time... done.
> W: APT had planned for dpkg to do more than it reported back (570 vs 575).
> Affected packages: texlive-latex-base:amd64
> + true 'INFO: Install pre release upgrade of dependency packages (2/2)...'
> + apt-get-noninteractive --yes --no-install-recommends install sdwdate
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>   sdwdate : Depends: helper-scripts but it is not going to be installed
> E: Unable to correct problems, you have held broken packages.
> + true 'ERROR: An error was encountered during download of dependency 
> packages. Recommendation:
> Fix network connection and retry.'
> + exit 1
> 
> I'm kind of clueless what to do. The recommended fix did not work:
> ser@host:~$ sudo apt-get-noninteractive --yes --no-install-recommends 
> install sdwdate
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>   sdwdate : Depends: helper-scripts but it is not going to be installed
> E: Unable to correct problems, you have held broken packages.
> 
> Ideas?
> 
> Regards,
> Ulrich

Unfortunately, as it turned out later, whonix-gw has not network for updates 
any more (while tor seems operational), and whonix-ws also has no network any 
more.
It seems something went very wrong while updating.
Unfortunately I have very little experience how to fix Qubes networking.

Regards,
Ulrich


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/615D57A002A100044423%40gwsmtp.uni-regensburg.de.


[qubes-users] Q: Problem updating whonix-gw (sdwdate)

2021-10-05 Thread Ulrich Windl

Hi!

Upgrading the whonix-gw template resulted in an unexpected error:

Updating Qubes App Menus and advertising features...
Processing triggers for desktop-file-utils (0.23-4) ...
Processing triggers for tex-common (6.16) ...
Running updmap-sys. This may take some time... done.
Running mktexlsr /var/lib/texmf ... done.
Building format(s) --all.
This may take some time... done.
W: APT had planned for dpkg to do more than it reported back (570 vs 575).
   Affected packages: texlive-latex-base:amd64
+ true 'INFO: Install pre release upgrade of dependency packages (2/2)...'
+ apt-get-noninteractive --yes --no-install-recommends install sdwdate
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 sdwdate : Depends: helper-scripts but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
+ true 'ERROR: An error was encountered during download of dependency 
packages. Recommendation:

Fix network connection and retry.'
+ exit 1

I'm kind of clueless what to do. The recommended fix did not work:
ser@host:~$ sudo apt-get-noninteractive --yes --no-install-recommends 
install sdwdate

Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 sdwdate : Depends: helper-scripts but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

Ideas?

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12f193b4-b6de-96fc-b6a1-de237e4de387%40rz.uni-regensburg.de.


[qubes-users] Q: Upgrading whonix-ws, auto-remove packages?

2021-10-05 Thread Ulrich Windl

Hi!

Following the instructions, my upgrade ended with this message:
The following packages were automatically installed and are no longer 
required:

  acl anon-iceweasel-warning apt-file binaries-freedom bsdmainutils bsdtar
  command-not-found cpp-8 curl-scripts dctrl-tools dkms firejail
  firejail-profiles firetools fonts-droid-fallback fonts-noto-mono
  gpl-sources-download grub2-common initramfs-tools initramfs-tools-core
  klibc-utils libapt-pkg-perl libasan5 libavdevice58 libavfilter7
  libbasicusageenvironment1 libbind9-161 libboost-iostreams1.67.0
  libboost-system1.67.0 libbotan-2-9 libc-ares2 libcdio-cdda2
  libcdio-paranoia2 libcdio18 libcdio19 libcodec2-0.8.1 libcroco3 
libcrypto++6

  libcrystalhd3 libcupsfilters1 libcupsimage2 libcwidget3v5 libdc1394-22
  libdns1104 libdns1110 libdouble-conversion1 libdvdread4 libebml4v5
  libegl1-mesa libenchant1c2a libev4 libevent-2.1-6 libexo-1-0 
libexo-helpers

  libexporter-tiny-perl libfluidsynth1 libgroupsock8 libgs9 libgs9-common
  libgssdp-1.0-3 libgupnp-1.0-4 libhavege1 libicu63 libijs-0.35 
libilmbase23

  libirs161 libisc1100 libisc1105 libisccc161 libisccfg163 libisl19
  libjsoncpp1 libkf5sonnet5-data libkf5sonnetcore5 libkf5sonnetui5 libklibc
  liblist-moreutils-perl liblist-moreutils-xs-perl liblivemedia64 libllvm7
  liblwres161 libmatroska6v5 libmicrodns0 libmpdec2 libmpx2 libmysofa0
  libnfs12 libopenexr23 libperl5.28 libpgm-5.2-0 libpipewire-0.2-1 
libplacebo7

  libpocketsphinx3 libpoppler82 libpotrace0 libprotobuf-lite17 libpython2.7
  libpython3.7 libpython3.7-minimal libpython3.7-stdlib libreadline7
  libregexp-assemble-perl librubberband2 libsphinxbase3 libsqlcipher0
  libtoxcore2 libusageenvironment3 libvidstab1.1 libvpx5 libx264-155
  libx265-165 libxcb-util0 libxdot4 linux-base onionshare perl-modules-5.28
  python-apt-common python-pkg-resources python3-apt python3-asn1crypto
  python3-flask python3-flask-httpauth python3-gevent python3-greenlet
  python3-guimessages python3-itsdangerous python3-jinja2 
python3-markupsafe
  python3-psutil python3-pycryptodome python3-simplegeneric 
python3-werkzeug
  python3-zope.event python3.7-minimal qtox 
qubes-core-agent-passwordless-root

  qubes-core-agent-thunar qubes-input-proxy-sender qubes-kernel-vm-support
  qubes-usb-proxy rsyslog scurl telnet tor-ctrl usb.ids usbutils vim-common
  vim-tiny virt-what
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ true 'INFO: Setting a list of traditional dummy packages to automatically
installed so these can be removed the next time the user runs apt 
autoremove.'
+ apt-mark auto e2fslibs gnupg2 libcomerr2 mime-support 
libgdk-pixbuf2.0-0 libiptc0 cryptsetup-run

+ true 'INFO: Running sanity test...'
+ dpkg-noninteractive --audit
+ true 'INFO: Running sanity test...'
+ dpkg-noninteractive --configure -a
+ true 'INFO: Restart whonix-legacy service...'
+ service whonix-legacy restart
+ true 'INFO: Running sanity test...'
+ dpkg-noninteractive --audit
+ true 'INFO: Running sanity test...'
+ dpkg-noninteractive --configure -a
+ true 'INFO: OK. (release-upgrade version: 1.4) Release upgrade success.'
user@host:~$


I'm wondering whether those qubes packages may actually be removed.
I'm afraid to break my system when doing so.

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a51a754-18da-3213-760d-d92bfc1bbaa3%40rz.uni-regensburg.de.


[qubes-users] Re: QSB-069: Multiple Xen and Intel issues

2021-06-09 Thread Ulrich Windl

On 6/9/21 3:06 AM, Andrew David Wong wrote:
...


User action required
=

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.0, in dom0:
  - Xen packages, version 4.8.5-34
  - Linux kernel packages, versions 5.12.9-1 (for users of the "latest"
    kernel flavor)
  - microcode_ctl package, version 2.1-33.qubes1 (for Intel CPU users)


After updating today no kernel was offered; I still have:
# rpm -qa kernel\*
kernel-5.4.88-1.qubes.x86_64
kernel-5.4.98-1.fc25.qubes.x86_64
kernel-qubes-vm-5.4.98-1.fc25.qubes.x86_64
kernel-5.4.107-1.fc25.qubes.x86_64
kernel-qubes-vm-5.4.107-1.fc25.qubes.x86_64
kernel-qubes-vm-5.4.88-1.qubes.x86_64

Somehow I'm missing instructions to get that kernel...

My repositories are:

 Package   Arch   Version  Repository 
Size


Upgrading:
 python3-qubesimgconverter x86_64 4.0.33-1.fc25 
qubes-dom0-current  26 k
 python3-xen   x86_64 2001:4.8.5-32.fc25 
qubes-dom0-current  59 k
 qubes-libvchan-xenx86_64 4.0.9-1.fc25 
qubes-dom0-current  19 k
 qubes-mgmt-salt-base-topd noarch 4.0.2-1.fc25 
qubes-dom0-current  29 k
 qubes-release noarch 4.0-10 
qubes-dom0-current  50 k
 qubes-release-notes   noarch 4.0-10 
qubes-dom0-current 7.7 k
 qubes-utils   x86_64 4.0.33-1.fc25 
qubes-dom0-current  23 k
 qubes-utils-libs  x86_64 4.0.33-1.fc25 
qubes-dom0-current  27 k
 xen   x86_64 2001:4.8.5-32.fc25 
qubes-dom0-current  23 k
 xen-hvm   x86_64 2001:4.8.5-32.fc25 
qubes-dom0-current 7.3 M
 xen-hypervisorx86_64 2001:4.8.5-32.fc25 
qubes-dom0-current 6.2 M
 xen-libs  x86_64 2001:4.8.5-32.fc25 
qubes-dom0-current 515 k
 xen-licenses  x86_64 2001:4.8.5-32.fc25 
qubes-dom0-current  42 k
 xen-runtime   x86_64 2001:4.8.5-32.fc25 
qubes-dom0-current 6.4 M



Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4703ea5f-bf9a-5f5f-3edf-1bb2982dfb30%40rz.uni-regensburg.de.


[qubes-users] Re: QSB-068: Disconnecting a video output can cause XScreenSaver to crash

2021-06-09 Thread Ulrich Windl

On 6/5/21 2:42 AM, Andrew David Wong wrote:

...

User action required
=

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

   For Qubes 4.0, in dom0:
   - xscreensaver 5.45-5

   For Qubes 4.1, in dom0:
   - xscreensaver 5.45-5


...

When updating today, there was no update selected; only these:
  Upgrading   : xen-licenses-2001:4.8.5-32.fc25.x86_64 


   1/28
  Upgrading   : xen-libs-2001:4.8.5-32.fc25.x86_64 


   2/28
  Upgrading   : qubes-libvchan-xen-4.0.9-1.fc25.x86_64 


   3/28
  Upgrading   : qubes-utils-libs-4.0.33-1.fc25.x86_64 


   4/28
  Upgrading   : xen-hypervisor-2001:4.8.5-32.fc25.x86_64 


   5/28
  Upgrading   : xen-runtime-2001:4.8.5-32.fc25.x86_64 


   6/28
  Upgrading   : python3-qubesimgconverter-4.0.33-1.fc25.x86_64 


   7/28
  Upgrading   : qubes-utils-4.0.33-1.fc25.x86_64 


   8/28
  Upgrading   : xen-hvm-2001:4.8.5-32.fc25.x86_64 


   9/28
  Upgrading   : xen-2001:4.8.5-32.fc25.x86_64 


  10/28
  Upgrading   : python3-xen-2001:4.8.5-32.fc25.x86_64 


  11/28
  Upgrading   : qubes-release-notes-4.0-10.noarch 


  12/28
  Upgrading   : qubes-release-4.0-10.noarch 


  13/28
  Upgrading   : qubes-mgmt-salt-base-topd-4.0.2-1.fc25.noarch 


  14/28

What could be wrong?

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e4b95de-76de-22bd-6bed-bae62278602b%40rz.uni-regensburg.de.


[qubes-users] Re: [HCL] ThinkPad T430

2021-06-09 Thread Ulrich Windl

On 6/4/21 1:28 AM, Sven Semmler wrote:

A dream has come true!

* ThinkPad T430
* Coreboot/Heads with TOTP & HOTP (Nitrokey)
* ME cleaned & disabled
* Qubes OS R4.0.4 all debian-minimal, memory optimized

Upgrades:

* i7-3740QM
* 16 GB RAM
* 2 TB SSD
* Intel Wireless 7260
* 1080p display


Hmm...: How many $$$ (€)?



I'll be using this machine for a long long time. :-)

/Sven



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9323948d-62a4-a913-b244-fc1f092b3151%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] The safest way to search in files on an external hard drive

2021-06-09 Thread Ulrich Windl

On 5/31/21 4:55 PM, Michael Singer wrote:

Dear Qubes community,

I am looking for a really secure way to use Qubes for searching not only a hard 
drive for file names, but for text that is in files.

The goal is to avoid an exploit in the searched files leading to a takeover of 
the hard drive by malware.


If your app is working on the disk device and the app only has read 
access to it, it'll be quite unlikely that the disk device will be changed.
Likewise if you mount the filesystem read-only, and the user running the 
app is unable to re-mount, it's also quite unlikely that the disk will 
be changed. You could even try to combine both methods (read-only mount 
a read-only block device). However not all filesystems work on a 
write-protected block device.

You could also try to find a hardware solution setting the drive read-only.



The total size of all my files is too large for me to put them all in one qube 
before searching for text in them.

Would it perhaps be possible to mount only a single partition of the hard drive 
into a qube, but not with write permissions, only read permissions?

I would do the search on command line, using "grep" for plain text files, 
"pdfgrep" for PDFs, and something for table files, databases, etc.

Is my idea feasible? And how secure would it be?

Best regards
Michael Singer



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2f3b92e-6e55-1f8e-52ea-a6d7b23a300e%40rz.uni-regensburg.de.


Re: [qubes-users] How to use qvm-open-in-vm?

2021-06-09 Thread Ulrich Windl

On 5/31/21 5:12 AM, Sven Semmler wrote:

On 5/30/21 12:37 AM, Adam Mercer wrote:

this opens a dialog asking me to select a target domain


check your /etc/qubes-rpc/policy/qubes.OpenURL

If you want your example to work add this line before all others:

$anyvm browser allow


Curious:
Does the line
$anyvm  $dispvm allow
mean it'll be allowed for any disposable VM?



The first is the source qube ... the one calling qvm-open-in-vm.
The second is the target 'browser' in your example. The third is either 
'deny', 'ask' or 'allow'


/Sven



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12e9c980-f627-a497-8c74-6665003aaf35%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] MS Office 365 in Qubes

2021-06-09 Thread Ulrich Windl

On 5/26/21 11:20 PM, William Oliver wrote:

On Wed, 2021-05-26 at 15:53 +0200, Ulrich Windl wrote:



Office 365 _without_ MS-Windows? Are you kidding? Maybe Microsoft
provides it for other platforms, but _why_ would one use the
Microsoft
product? (I'm using OpenOffice/LibreOffice for years, and it's OK for
me)



I use LibreOffice or Calligra for almost everything except...
  PowerPoint presentations that I have to give to someone else.  I
frequently speak at meetings where I have to provide a PPTX file of my
presentation weeks in advance, and I *have* to use whatever audiovisual
setup they have (often dictated by the venue).  I have found that
presentations made in LibreOffice format incorrectly in PowerPoint for
at least one slide over 80% of the time.  It gets worse when there are
videos and animations.


OK, just let me add some more thoughts:
I think both Microsoft Office and OpenOffice/Libre Office have some 
advantages _and_ deficits over the other.
I had been using Word for Windows (with Windows 3.11) shortly after it 
came out. At that time OpenOffice was still named StarOffice.
Around that time Microsoft wanted more than 500€ for a license, 
completely unaffordable for one who writes maybe 15 letters a year.


One day I had spend almost the whole day updating a larger document 
(still less than 100 pages). Before saving I thought I'll do hyphenation 
and spell-checking as final touch-up. Eventually, when I wanted to save, 
there was a message like "there's not enough memory to complete the task".
At that moment I was tempted to throw the whole computer out of the 
window...


With StarOffice/OpenOffice/LibreOffice I never had such a bad experience 
(also using it for at least 20 years now).


Also Microsoft often claims they'll protect your investment. Well, I 
have WinWord documents from 1993 that a current Word cannot read!
So I would need one (or more) older versions to load and re-save those 
files.


(Oh well, I also have files created with Ventura Publisher; the 
PostScript output at that time was considered to be too large to 
archive. If I had known what will happen, I would have saved those...)


Maybe for contrast: I also have a demo CD with Adobe Acrobat 1.0 (I 
think from 1994). Those PDF files can still be loaded and displayed 
correctly.




Normally, I create the presentation in LibreOffice and then take it to
a place that runs Windows at work and fix the presentation there.  I
retired from my normal job recently, so I can't do that any more, even
though I still do presentations.  At the moment, my church is letting
me use their computers for this, but I don't know that it will go on
forever.


I agree that Impress could be much more user-friendly.



billo



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ea52fc1-1698-40e8-07a2-4ba6cc655a1b%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] qubes-dom0-update (https://github.com/QubesOS/qubes-issues/issues/6581)

2021-05-26 Thread Ulrich Windl

On 5/26/21 5:23 PM, unman wrote:

On Wed, May 26, 2021 at 04:22:39PM +0200, Ulrich Windl wrote:

Hi!

I know that the issue is marked fixed already, but I wonder if there should
have been some more popular notice for this surprising change in the update
mechanism.

Today I saw there (before installing updates):
[master@dom0 ~]$ sudo qubes-dom0-update
Using sys-firewall as UpdateVM to download updates for Dom0; this may take
some time...
warning: Converting database from bdb to sqlite backend
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
Configuration: OptionBinding with id "failovermethod" does not exist
Warning: Enforcing GPG signature check globally as per active RPM security
policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this message)

Today's updates were:
pm-plugin-systemd-inhibit-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
CEST
rpm-plugin-selinux-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 PM
CEST
qubes-rpm-oxide-0.2.2-1.fc25.x86_64   Wed 26 May 2021 03:34:19 PM
CEST
qubes-mgmt-salt-dom0-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:19 PM
CEST
qubes-core-dom0-linux-kernel-install-4.0.30-1.fc25.x86_64 Wed 26 May 2021
03:34:19 PM CEST
qubes-core-dom0-linux-4.0.30-1.fc25.x86_64Wed 26 May 2021 03:34:19 PM
CEST
python3-rpm-4.14.2.1-5.fc25.x86_64Wed 26 May 2021 03:34:19 PM
CEST
python2-rpm-4.14.2.1-5.fc25.x86_64Wed 26 May 2021 03:34:19 PM
CEST
rpm-sign-libs-4.14.2.1-5.fc25.x86_64  Wed 26 May 2021 03:34:12 PM
CEST
rpm-libs-4.14.2.1-5.fc25.x86_64   Wed 26 May 2021 03:34:12 PM
CEST
rpm-build-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 PM
CEST
rpm-4.14.2.1-5.fc25.x86_64Wed 26 May 2021 03:34:12 PM
CEST
qubes-mgmt-salt-config-4.0.25-1.fc25.noarch   Wed 26 May 2021 03:34:12 PM
CEST
qubes-mgmt-salt-base-config-4.0.2-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
CEST
qubes-mgmt-salt-base-4.0.4-1.fc25.noarch  Wed 26 May 2021 03:34:12 PM
CEST
qubes-mgmt-salt-admin-tools-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:12 PM
CEST
qubes-mgmt-salt-4.0.25-1.fc25.noarch  Wed 26 May 2021 03:34:12 PM
CEST

When re-trying after those updates, (most of) the message is still there:
Using sys-firewall as UpdateVM to download updates for Dom0; this may take
some time...
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration:
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo;
Configuration: OptionBinding with id "failovermethod" does not exist
Warning: Enforcing GPG signature check globally as per active RPM security
policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this message)
Last metadata expiration check: 0:41:44 ago on Wed May 26 15:33:47 2021.
Dependencies resolved.
=
  PackageArchVersion Repository
Size
=

Re: [EXT] Re: [qubes-users] Dom0 update error (Converting database from bdb to sqlite backend)

2021-05-26 Thread Ulrich Windl

On 5/26/21 4:40 PM, unman wrote:

On Wed, May 26, 2021 at 04:11:44PM +0200, Ulrich Windl wrote:

On 5/14/21 3:22 PM, unman wrote:

On Fri, May 14, 2021 at 05:30:30AM -0700, load...@gmail.com wrote:

On Wednesday, May 12, 2021 at 10:00:16 PM UTC+3 awokd wrote:


load...@gmail.com:

On Monday, May 10, 2021 at 10:06:10 PM UTC+3 awokd wrote:



In dom0, check the files in /etc/yum.repos.d for the problem value.
Could possibly be copying them from there.



I removed the value it's complaining about (failovermethod=priority). And
nothing changed, the same error. Everytime when I save and try update again
I see this 'failovermethod=priority' in the file 'yum.repos.d'.

So I tried the fresh sys-firewall and tried to change UpdateVM on sys-net
and nothing changed :(



Then you simply have not deleted the entry from every file in dom0.

In any case it's a warning and harmless. Also a fix is in the pipeline.
It's always good practive to check that your problem isnt already covered
- it **has** been covered here the Forum, and also at github in the
issue tracker - #6581, and comes up with a trivial search.


After reading this, I tried to find the issue, starting at the Qubes OS main
page. Unfortunately you'll have to follow several links starting from the
"Team" link until you get there.


I wouldn't start from there.

ddg "qubes issues failovermethod" takes me straight to it, as does
"failovermethod=priority error".

"failovermethod=priority" takes you directly to the Red Hat bugzilla
where the issue is discussed and resolved.




I wonder:
* Is it possible to add some more direct links for "Search known issues"?
* Maybe also add shortcuts for "Issues recently reported", "Issues recently
fixed", and maybe "'popular' issues" (like those being opened many times;
unsure if that's possible)



Where do you think these links would be helpful?


Close to the home page; maybe in the top navigation bar under "Support" 
(does not exist yet, but could target at 
https://www.qubes-os.org/support/), even though people might be afraid 
of the traffic it may create ;-)






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df1731a4-134d-6f56-6de9-850d55e95458%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] MS Office 365 in Qubes

2021-05-26 Thread Ulrich Windl

On 5/26/21 4:24 PM, Sven Semmler wrote:

On 5/26/21 8:53 AM, Ulrich Windl wrote:

On 5/13/21 2:36 PM, 'taran1s' via qubes-users wrote:
due to my work assignment, I will need to use MS Office 365 and I 
would like to keep using my Qubes laptop.


IMHO running Office 365 from Qubes OS makes very little sense


The entire idea of Qubes OS is to compartmentalize your information, so
malicious code in one qube cannot damage the rest of your system.
Arguably it makes more sense to run Windows/O365 in Qubes OS then it
does bare metal.


At least Office 365 cannot affect the other VMs.




Will Office work without OneDrive?


Of course.

Does that work (e.g. copying text in a non-X11 application to paste it 
into some X11 application)?


Yes, in both cases: Windows qube with QWT or using Cross-Over (Win API 
emulated in X11)



Does Office/365 support Windows 7?


Yes it does. I have used it this way myself.


Wow, I'm impressed: As Microsoft continuously updates Office 365, they 
still support Windows 7 being an obsolete OS?




Ulrich, I found this particular post of yours remarkably uninformed and 
not constructive. It's not like the OP or myself advocate the use of 
O365, but there are circumstances where one HAS to use something in the 
context of earning money. Everyone outside of academia should be 
familiar with that situation.


Well, you are correct that I don't know enough about Office 365, but 
AFAIK the German BSI said you cannot use Office 365 for confidential 
data (that's what made me wonder about the combination of Office 365 and 
Qubes OS). Link like this: 
https://sharepoint360.de/bsi-analyse-deckt-neue-datenlecks-bei-der-office-telemetrie-auf-und-liefert-blockier-tipps/


On OneDrive: I never used Office 365, but when I tried to use OneNote, 
it said it will only work with OneDrive. And obviously: Microsoft wants 
you to use their cloud services.


Also don't conclude from my E-Mail address that I'm "in academica"; most 
spammers want "to buy our products" ;-) Still we are not able to use 
Office 365.  Well that might change in the future, but at least we had 
30 years without being attacked successfully...


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e765465-b671-249b-7b5c-18ed19690f44%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] sys-net problems Intel 8265 / 8275

2021-05-26 Thread Ulrich Windl

On 5/24/21 9:09 PM, haaber wrote:

I have an build-in Intel 8265 / 8275 wireless controller, and my
(debian-10-minimal based) sys-net has more and more problems to connect.
It starts to connect and then hangs. That is strange since it used to
run perfectly 2 years ago. But now it takes 1-5 minutes, sometime a
qvm-kill forced reboot (I use the std config with wpa_supplicant).
Usually 5Ghz networks do never finish the connection.

Do you have some hints how I could try to improve that? Best,  Bernhard



See what "journalctl -f" outputs in net-vm.
You could also try (in net-vm)
"watch iwconfig wlan0"
"watch ip route show"
etc.

Then report back some more details ;-)
Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ffb67e8-7295-4fa9-efc9-206c6e37dcda%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Hotspots

2021-05-26 Thread Ulrich Windl

On 5/20/21 4:00 PM, '[ NOTIFICATION]' via qubes-users wrote:
*_Does Qubes have automated features to conceal tether data as mobile 
under a tether?_*


Why should it when I use WLAN to connect my Smartphone and then share 
that connection via USB (or Bluetooth)?




See: https://bit.ly/343Q14h 



FOOTER

Per procurationem

 Express Actual Notice: This message is deemed private or 
confidential. Unless for criticism or news-report or research or 
scholarship or teaching or comment or opinion, this message may also be 
deemed copyright. Due to existence of sophisticated data collection 
programs globally, assume or presume by default that all digital data 
associated with this account is subject to intercepts, storage, 
surveillance or monitoring by intelligence systems and agencies, anytime 
or anywhere regardless of privacy or security or encryption (EO10995). 
Sender(s) or agent(s) nonassumpsit or accepts no liability for any 
message(s) or its attachment(s). All typing errors are not intended or 
intentional. Keep sent attachment size less than inbox size of 1 GB. 
Without Prejudice. All Rights Reserved. Special Deposit. †



 You are receiving this may due to possible time zone conflicts & to 
reduce and save forever paper, ink, phone minutes, fax, travel fuel and 
national-international mail postage expenses, excluding incurred data 
costs. ️



Sent with ProtonMail  Secure Email.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EScvJ0zS4R5glF_aY3zekm-UB-ZJ41b-ltEOVj48_3HqdpTNMWwhBMaQlNmpM0pCPF5om8Gee9hOd02mEAnzkcaAJnVFtUQlWnDXG4OdTIw%3D%40protonmail.ch 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9dd9ab1-534e-952a-8fe8-58e10daf50d9%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Is swap necessary?

2021-05-26 Thread Ulrich Windl

On 5/19/21 5:43 PM, TheGardner wrote:
For me, it would be necessary, if you're running Qubes with 4-8GB of 
RAM. But with 16,32 or even 64 GB of RAM a swap partition may be useless...


What about the "swappiness" kernel parameter? Here I see 
vm.swappiness=60 (default)


Having 16GB RAM and only 5 VMs running, no paging happened, even after I 
had set swappiness to 90 in Dom0:

[root@dom0 master]# free
  totalusedfree  shared  buff/cache 
available
Mem:3962388  817404 2410848   13412  734136 
2950516

Swap:  10485756   010485756


According to https://linuxhint.com/understanding_vm_swappiness/:
* 0: swap is disable
* 1: minimum amount of swapping without disabling it entirely
* 10: recommended value to improve performance when sufficient memory 
exists in a system

* 100: aggressive swapping

So I even set swappiness to 100, just top see what happens, and I still 
did not see any paging.


Even when starting three additional VMs, I could not see paging in Dom0:
[root@dom0 master]# vmstat 5
procs ---memory-- ---swap-- -io -system-- 
--cpu-
 r  b   swpd   free   buff  cache   si   sobibo   in   cs us sy 
id wa st
 0  0  0 2406852  55696 68186400   272   331 1101 1033  1 
1 97  0  1
 0  0  0 2406592  55696 6819320026   198 5320 5075  1 
1 97  0  1
 0  0  0 2406576  55704 6819400013   103 5164 4973  1 
1 97  0  1
 0  0  0 2406624  55704 6818600013   122 5217 5015  1 
1 97  0  1
 0  0  0 2405616  55708 6818760013   139 7042 6530  1 
1 96  0  1
 0  0  0 2406144  55716 6818880038   283 7819 7319  2 
1 95  0  2
 1  0  0 2408128  55716 68192400 1   118 7081 6661  1 
1 96  0  1
 1  0  0 2291836  55836 6823960079   366 8030 7576  7 
6 83  0  3
 0  0  0 2388740  54800 69263200 20717  2839 14237 12176  4 
 5 81  0  9
 3  0  0 2268800  54916 69455600 72948  6978 22038 21880  7 
10 69  0 14
 1  0  0 2332968  54916 70492000 12738 12858 13951 12536  6 
 6 71  0 17
 2  0  0 2259164  56068 70606800 12377  5766 13037 12304 10 
 9 64  1 17
 1  0  0 2263504  55040 71751200 47908  9822 17386 16391  3 
 6 75  0 15
 3  0  0 1950336  55048 71888400 50536 14435 20932 20627  4 
 6 69  1 21
 0  0  0 1789084  55056 71950400 22490  6858 12711 12202  2 
 3 84  0 10
 0  0  0 1821772  55064 71953200   275   433 6988 6579  3 
2 93  0  2
 1  0  0 1814452  55072 71949600   230   918 5477 5370  1 
1 94  0  3
 0  0  0 1712640  55080 71966000  4551 18286 8909 8085  2 
3 86  0  9
 0  0  0 2131492  56152 70911600  1826  5031 10883 9946  5 
 8 72  3 12
 4  0  0 2259808  56164 69880400  1322  7122 9417 8659  2 
3 88  0  6
 0  0  0 2333696  56224 69815600  1862  2295 9031 8399  4 
8 76  4  7
 0  0  0 2362572  56284 68670800   676  1020 7809 7022  4 
8 75  7  5
 0  0  0 2383836  56296 6864840013   374 5142 4777  2 
1 96  0  1
 0  0  0 2384740  56304 68646400 0   218 5131 4880  1 
1 97  0  1
 0  0  0 2385496  56304 68637200 0   124 4637 4471  1 
1 97  0  1

^C

Regards,
Ulrich



abra...@protonmail.com schrieb am Mittwoch, 19. Mai 2021 um 10:28:48 UTC+2:

The Qubes installer says swap is important. I did a Google search
and it turned out that Qubes hardly even uses swap. Specifically, I
found this:

https://www.reddit.com/r/Qubes/comments/86evqe/swap_is_useless_on_qubes/dz32iof/?context=8=9




Is it at all important to install Qubes with a swap partition?
Currently I have it running without swap.


Sent with ProtonMail Secure Email.


--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10e71535-cb7b-4a84-b345-b2494da020c1n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc596ea7-c16e-ee0b-ead5-ef9ab55a5a0a%40rz.uni-regensburg.de.


[qubes-users] qubes-dom0-update (https://github.com/QubesOS/qubes-issues/issues/6581)

2021-05-26 Thread Ulrich Windl

Hi!

I know that the issue is marked fixed already, but I wonder if there 
should have been some more popular notice for this surprising change in 
the update mechanism.


Today I saw there (before installing updates):
[master@dom0 ~]$ sudo qubes-dom0-update
Using sys-firewall as UpdateVM to download updates for Dom0; this may 
take some time...

warning: Converting database from bdb to sqlite backend
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: 
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: 
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: 
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; 
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; 
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; 
Configuration: OptionBinding with id "failovermethod" does not exist
Warning: Enforcing GPG signature check globally as per active RPM 
security policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this 
message)


Today's updates were:
pm-plugin-systemd-inhibit-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 
03:34:19 PM CEST
rpm-plugin-selinux-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:19 
PM CEST
qubes-rpm-oxide-0.2.2-1.fc25.x86_64   Wed 26 May 2021 03:34:19 
PM CEST
qubes-mgmt-salt-dom0-4.0.25-1.fc25.noarch Wed 26 May 2021 03:34:19 
PM CEST
qubes-core-dom0-linux-kernel-install-4.0.30-1.fc25.x86_64 Wed 26 May 
2021 03:34:19 PM CEST
qubes-core-dom0-linux-4.0.30-1.fc25.x86_64Wed 26 May 2021 03:34:19 
PM CEST
python3-rpm-4.14.2.1-5.fc25.x86_64Wed 26 May 2021 03:34:19 
PM CEST
python2-rpm-4.14.2.1-5.fc25.x86_64Wed 26 May 2021 03:34:19 
PM CEST
rpm-sign-libs-4.14.2.1-5.fc25.x86_64  Wed 26 May 2021 03:34:12 
PM CEST
rpm-libs-4.14.2.1-5.fc25.x86_64   Wed 26 May 2021 03:34:12 
PM CEST
rpm-build-libs-4.14.2.1-5.fc25.x86_64 Wed 26 May 2021 03:34:12 
PM CEST
rpm-4.14.2.1-5.fc25.x86_64Wed 26 May 2021 03:34:12 
PM CEST
qubes-mgmt-salt-config-4.0.25-1.fc25.noarch   Wed 26 May 2021 03:34:12 
PM CEST
qubes-mgmt-salt-base-config-4.0.2-1.fc25.noarch Wed 26 May 2021 03:34:12 
PM CEST
qubes-mgmt-salt-base-4.0.4-1.fc25.noarch  Wed 26 May 2021 03:34:12 
PM CEST
qubes-mgmt-salt-admin-tools-4.0.25-1.fc25.noarch Wed 26 May 2021 
03:34:12 PM CEST
qubes-mgmt-salt-4.0.25-1.fc25.noarch  Wed 26 May 2021 03:34:12 
PM CEST


When re-trying after those updates, (most of) the message is still there:
Using sys-firewall as UpdateVM to download updates for Dom0; this may 
take some time...
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: 
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: 
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora.repo; Configuration: 
OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; 
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; 
Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in 
/var/lib/qubes/dom0-updates/etc/yum.repos.d/fedora-updates.repo; 
Configuration: OptionBinding with id "failovermethod" does not exist
Warning: Enforcing GPG signature check globally as per active RPM 
security policy (see 'gpgcheck' in dnf.conf(5) for how to squelch this 
message)

Last metadata expiration check: 0:41:44 ago on Wed May 26 15:33:47 2021.
Dependencies resolved.
=
 PackageArchVersion 
Repository   Size

=
Upgrading:
 python2-rpmx86_64  4.14.2.1-5.fc25 
qubes-dom0-current  118 k
 

Re: [EXT] Re: [qubes-users] Dom0 update error (Converting database from bdb to sqlite backend)

2021-05-26 Thread Ulrich Windl

On 5/14/21 3:22 PM, unman wrote:

On Fri, May 14, 2021 at 05:30:30AM -0700, load...@gmail.com wrote:

On Wednesday, May 12, 2021 at 10:00:16 PM UTC+3 awokd wrote:


load...@gmail.com:

On Monday, May 10, 2021 at 10:06:10 PM UTC+3 awokd wrote:



In dom0, check the files in /etc/yum.repos.d for the problem value.
Could possibly be copying them from there.



I removed the value it's complaining about (failovermethod=priority). And
nothing changed, the same error. Everytime when I save and try update again
I see this 'failovermethod=priority' in the file 'yum.repos.d'.

So I tried the fresh sys-firewall and tried to change UpdateVM on sys-net
and nothing changed :(



Then you simply have not deleted the entry from every file in dom0.

In any case it's a warning and harmless. Also a fix is in the pipeline.
It's always good practive to check that your problem isnt already covered
- it **has** been covered here the Forum, and also at github in the
issue tracker - #6581, and comes up with a trivial search.


After reading this, I tried to find the issue, starting at the Qubes OS 
main page. Unfortunately you'll have to follow several links starting 
from the "Team" link until you get there.


I wonder:
* Is it possible to add some more direct links for "Search known issues"?
* Maybe also add shortcuts for "Issues recently reported", "Issues 
recently fixed", and maybe "'popular' issues" (like those being opened 
many times; unsure if that's possible)






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c367515a-70d5-da54-415e-905d18d075e0%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Corrupt sys-usb after VeraCrypt accident

2021-05-26 Thread Ulrich Windl

On 5/14/21 12:49 PM, 'Cody Smith' via qubes-users wrote:

Hey all,

I'm going to love anyone who can assist me. So I have VeraCrypt 
installed on my sys-usb VM so I can mount my encrypted hard drives and 
usb sticks. I was encrypting a new USB drive (well I thought it was my 
USB drive) and then VeraCrypt crashed and sys-usb won't open any apps.


Here is what I know:

  * I selected a disk called /x***/ mounted to /rw on VeraCrypt it
was 50GB same as USB (similar so I assumed that was it)
  * It encrypted and formatted that disk 100%
  * I noticed the USB was not formatted, so I figured something was wrong
  * VeraCrypt crashed
  * Now I can't open any app on sys-usb "files" "terminal" etc
  * sys-usb still works for k and anything I attach to it.

Is there a easy way of repairing sys-usb or resetting it?


Welcome to the club: Once I had plugged in to USB sticks, wanting to 
backup one to another, when I actually overwrite the original...


In openSUSE Linux there is a rather useful "lscsi" command that gives a 
good summary of your (not just "SCSI") block devices (without partitions 
or logical devices such as LVM LVs, MD-RAIDs, etc.).




I looked through all the help and couldn't find any similar issues or 
request. Any help would be appreciated, thank you all.


I'm afraid there's nothing left to "repair"; it seems you musr 
"re-create" instead.





Regards,
Cody


--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oxfr3yIhSJFturMijOJ8ifgaXWTz1InOweUQcc_FgBJcMYqX_pKArmtd2UWf_V3O-vDfWM73mtQiAER3qD3D0MpsvMQKhFXm0Son0ZSjE3s%3D%40protonmail.ch 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5679d400-4904-100e-9061-fd296d2e1a8c%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] MS Office 365 in Qubes

2021-05-26 Thread Ulrich Windl

On 5/13/21 2:36 PM, 'taran1s' via qubes-users wrote:
I am using Qubes as my main OS and now it seems that due to my work 
assignment, I will need to use MS Office 365 and I would like to keep 
using my Qubes laptop.


IMHO running Office 365 from Qubes OS makes very little sense (as you 
publish all your data to Microsoft basically). It's abit like runniing 
TOR browser and then fill in some form with all your personal data.




I will need to use the MS Office 365 ideally with/without the following 
features:


- no need to have internet connection


Is that possible for a longer time?


- no need to have win apps other than the MS Office 365 are needed now


Will Office work without OneDrive?


- need to copy and paste text in between win-AppVMs and non-win-AppVMs


Does that work (e.g. copying text in a non-X11 application to paste it 
into some X11 application)?


- need to file sharing between win-AppVMs and non-win-AppVMs (copy and 
move)
- need to ideally be able to open the MS Office 365 files in various 
separate AppVMs, but it is not a killer and I can live without it if it 
complicates the situation too much.


My question is, if there is some workaround other than necessity to 
install whole Windows OS in my Qubes.


Office 365 _without_ MS-Windows? Are you kidding? Maybe Microsoft 
provides it for other platforms, but _why_ would one use the Microsoft 
product? (I'm using OpenOffice/LibreOffice for years, and it's OK for me)




If the Windows OS installation is a necessity in this case, would you 
consider the WIN7 or WIN10 as better, less troublesome option? Could you 
point me to a how to guide? There is this guide 


The question is: Does Office/365 support Windows 7? I doubt that.

https://www.qubes-os.org/doc/windows/. Is there any other one you would 
propose for this case?





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f8b9e6a-4bff-bf11-ecdb-513690aca528%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Re: Fedora 32 approaching EOL

2021-05-26 Thread Ulrich Windl

On 5/13/21 2:36 AM, Steve Coleman wrote:



On Wed, May 12, 2021, 5:52 PM Ulrich Windl 
<mailto:ulrich.wi...@rz.uni-regensburg.de>> wrote:


On 4/30/21 1:31 AM, Andrew David Wong wrote:
 > Dear Qubes Community,
 >
 > Fedora 32 is scheduled to reach EOL (end-of-life [1]) on 2021-05-25.

I have a question on
https://www.qubes-os.org/doc/template/fedora/upgrade/
<https://www.qubes-os.org/doc/template/fedora/upgrade/>:

Towards the end of the update procedure "Detailed instructions for
standard Fedora TemplateVMs" there is the command
[user@dom0 ~]$ sudo dnf remove qubes-template-fedora-

However I wonder: I did not install a fedora- template per
instructions, and I wonder about this asymmetry.


When you installed Qubes the default templates were installed for you. 
Because the fedora-32 came onto your system as an rpm it can only be 
removed by removing that rpm. To remove it, if you wish, you need to 
change all AppVMs to use some other template, to remove any qubes 
dependencies, then you remove the rpm.


If you want to see all the default rpm templates you can do: "dom0> rpm 
-qa | grep qubes-template". Those templates need to be removed via dnf 


"rpm -qa qubes-template\*" might be a bit more efficient. ;-)

or rpm rather than just deleting it from the qube-manager or the qvm-* 
command line tool. When you clone a template it will not have an rpm 
file associated with it, so it can be removed easily using qube-manager.


I always clone all the rpm templates then remove the rpm's, and then 
rename the clones to the name I actually want. If I ever need a fresh 
copy I can always reinstall the rpm and clone it to start over.


So cloning actually duplicates the rpm-installed template so it's safe 
to remove the RPM package afterwards?




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
<mailto:qubes-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ5FDngFUjOQKS4nVAVLLVb-3ULJj1RyQOupXgi-BdYY%3D8u0bQ%40mail.gmail.com 
<https://groups.google.com/d/msgid/qubes-users/CAJ5FDngFUjOQKS4nVAVLLVb-3ULJj1RyQOupXgi-BdYY%3D8u0bQ%40mail.gmail.com?utm_medium=email_source=footer>.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fd799a4-6895-d6ce-6c55-a24e3b18f512%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] RAID6 as secondary storage and thin pool

2021-05-12 Thread Ulrich Windl

On 5/5/21 12:56 AM, Thorsten Schierer wrote:
I'm currently evaluating the possibility of moving my workstation to 
Qubes OS and ran into a problem.
It's using an SSD for Qubes OS, but I want to use HDDs with RAID6 to 
hold qubes data.
I've been using the secondary storage guide and slightly altered it for 
RAID6:


I ran "sudo cryptsetup luksFormat --hash=sha512 --key-size=512 
--cipher=aes-xts-plain64 --verify-passphrase /dev/sdx" for 5 test HDDs.


I'm not an expert on this, but why do you cryptsetup each HDD instead of 
cryptsetup the RAID device? The data on HDD still should be encrypted. ;-)



Then I added their UUID to /etc/crypttab and rebooted.
After than I ran "sudo pvcreate /dev/mapper/luks-[UUID]" for the 5 drives.
I created a volume group with "sudo vgcreate qubeshd0 
/dev/mapper/luks-UUID1 /dev/mapper/luks-UUID2 "


Then I did this:

sudo lvcreate -i 3 --type raid6 -L 10G -n poolhd0 qubeshd0
sudo lvconvert --thinpool qubeshd0/poolhd0
sudo lvextend -l +100%FREE qubeshd0/poolhd0

This seems to give me a RAID6 thin pool with the correct size. I created 
VMs and used this pool for data storage and everything seems to work 
fine. So far so good.
After that I wanted to go through some other scenarios like adding HDDs 
to the RAID (growing it) or replacing faulty hdds.


I was able to add a new HDD to the volume group but after that I got 
stuck, since I was unable to add the new free space to the RAID6.


You want to extend the RAID, , i.e. the PV, not add a single HDD as PV, 
right?


Everything I tried gave me an error. One of them was that thin pool did 
not support the operation. I also tried it without converting to thin 
pool but still was unable to extend the RAID6.


I think you must reserve "RAID slots" (number of disks to expect" when 
creating the RAID. Maybe you can tune that later, but I'm unsure.




Things like this are the reason why I wanted to simulate/evaluate 
everything first before actually moving everything.


How can I extend the 5 hdd RAID6 to 6 hdds (and higher)? Over time the 
final target would be to grow the RAID to around 10-12 HDDs.
Was that even correct how I implemented it? What would be the best way 
to accomplish it?


--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d172d18-ac61-4ee7-aa6c-7a4219ff9d45n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa80367c-6683-694f-1389-93698ba3415c%40rz.uni-regensburg.de.


[qubes-users] Re: Fedora 32 approaching EOL

2021-05-12 Thread Ulrich Windl

On 4/30/21 1:31 AM, Andrew David Wong wrote:

Dear Qubes Community,

Fedora 32 is scheduled to reach EOL (end-of-life [1]) on 2021-05-25.


I have a question on https://www.qubes-os.org/doc/template/fedora/upgrade/:

Towards the end of the update procedure "Detailed instructions for 
standard Fedora TemplateVMs" there is the command

[user@dom0 ~]$ sudo dnf remove qubes-template-fedora-

However I wonder: I did not install a fedora- template per 
instructions, and I wonder about this asymmetry.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1f62f83e-10de-0a83-26f8-97de85408708%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Black Screen when trying install on Lenovo E15 Gen 2

2021-04-26 Thread Ulrich Windl

On 4/14/21 6:01 PM, 'awokd' via qubes-users wrote:

Ulrich Windl:

Hi!

Just a short note: Both Qubes-R4.0.4-x86_64.iso and 
Qubes-R4.1.0-alpha20201014-x86_64.iso produce a black screen after Xen 
loads the kernel on a Lenovo E15 Gen 2 with an AMD Ryzen 4700 (8 
cores, Radeon graphics) CPU.


Also Qubes 4.1 requires secure Boot to be disabled. Maybe time to 
change the boot loader?


Might need to disable noexitboot and mapbs per 
https://www.mail-archive.com/qubes-users@googlegroups.com/msg36528.html.




Thanks for the hint! I wonder why other live-systems work out of the box.
However to be honest: There is a problem with the display not turning on 
again after hibernate/resume, and the special function keys (like WLAN, 
microphone, volume, brightness) don't work either.
I was lucky to get that hardware; they say next shipment will be in 
October! Maybe it's just corona-homeoffice-madness, I don't know...


Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69f1b334-6564-f412-bca3-70dddc3a38c0%40rz.uni-regensburg.de.


[qubes-users] Black Screen when trying install on Lenovo E15 Gen 2

2021-04-13 Thread Ulrich Windl
Hi!

Just a short note: Both Qubes-R4.0.4-x86_64.iso and 
Qubes-R4.1.0-alpha20201014-x86_64.iso produce a black screen after Xen loads 
the kernel on a Lenovo E15 Gen 2 with an AMD Ryzen 4700 (8 cores, Radeon 
graphics) CPU.

Also Qubes 4.1 requires secure Boot to be disabled. Maybe time to change the 
boot loader?

Regards,
Ulrich

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6075590102A10004060B%40gwsmtp.uni-regensburg.de.


[qubes-users] Partitioning of the Qubes-R4.0.4 ISO

2021-04-13 Thread Ulrich Windl
Hi!

I put the Qubes-R4.0.4 ISO on a memory card (it boots). However when I inspect 
the partitions, I'm quite surprised:
# fdisk -l /dev/sdg
Disk /dev/sdg: 7.4 GiB, 7969177600 bytes, 15564800 sectors
Disk model: STORAGE DEVICE  
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x501be065
Device Boot Start  End  Sectors  Size Id Type
/dev/sdg1  *0 10156031 10156032  4.9G  0 Empty
/dev/sdg210286137560348 29.5M ef EFI (FAT-12/16/32)

So the EFI partition is not marked bootable (active), and it overlaps the other 
partition?
I wouldn't be surprised if some BIOS complained...

I see other images also don't mark the EFI as bootable, but they don't use 
overlapping partitions.

Regards,
Ulrich



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/607537E102A1000405D4%40gwsmtp.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] https://www.qubes-os.org/news/2021/03/19/qsb-067/

2021-04-07 Thread Ulrich Windl

On 4/5/21 3:01 PM, qubes...@go-bailey.com wrote:

Try running the commands separately:

sudo qubesctl --skip-dom0 --templates state.sls update.qubes-vm

followed by:

sudo qubesctl --skip-dom0 --standalones state.sls update.qubes-vm

That worked on this end when I got the same error.



Thanks!







--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca185b00-c16f-cfcf-a700-1bda32200e3a%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Poor battery life running Qubes

2021-04-03 Thread Ulrich Windl

On 4/2/21 9:11 PM, Jonathan Budd wrote:
Hi and thanks for the response. I ran the commands you mentioned and got 
the following:


[jonathan@dom0 ~]$ lsmod | grep xen_acpi_processor
xen_acpi_processor 20480 0

[jonathan@dom0 ~]$ xenpm get-cpufreq-para
cpu id   : 0
affected_cpus    : 0
cpuinfo frequency    : max [2701000] min [40] cur [270]
scaling_driver   : acpi-cpufreq
scaling_avail_gov    : userspace performance powersave ondemand
current_governor : ondemand
   ondemand specific  :
     sampling_rate    : max [1000] min [1] cur [2]
     up_threshold : 80
scaling_avail_freq   : 2701000 270 250 220 190 160 
130 100 70 *40

scaling frequency    : max [270] min [40] cur [40]
turbo mode   : enabled

[CPU1] failed to get cpufreq parameter


I'm not running on battery, but I also see those "failed to get cpufreq 
parameter":


[master@dom0 ~]$ xenpm get-cpufreq-para
cpu id   : 0
affected_cpus: 0
cpuinfo frequency: max [4001000] min [80] cur [400]
scaling_driver   : acpi-cpufreq
scaling_avail_gov: userspace performance powersave ondemand
current_governor : ondemand
  ondemand specific  :
sampling_rate: max [1000] min [1] cur [2]
up_threshold : 80
scaling_avail_freq   : 4001000 400 *380 350 330 310 
290 260 240 220 190 170 150 130 100 
80

scaling frequency: max [4001000] min [80] cur [380]
turbo mode   : enabled

[CPU1] failed to get cpufreq parameter
cpu id   : 2
affected_cpus: 2
cpuinfo frequency: max [4001000] min [80] cur [400]
scaling_driver   : acpi-cpufreq
scaling_avail_gov: userspace performance powersave ondemand
current_governor : ondemand
  ondemand specific  :
sampling_rate: max [1000] min [1] cur [2]
up_threshold : 80
scaling_avail_freq   : 4001000 400 380 350 330 310 
290 260 240 220 190 170 150 130 100 
*80

scaling frequency: max [4001000] min [80] cur [80]
turbo mode   : enabled

[CPU3] failed to get cpufreq parameter



Appreciate any help in interpreting the above!

Best


Jonathan


On Thursday, April 1, 2021 at 8:48:29 PM UTC+1 Josef Johansson wrote:

Hi,

Just curious, is xen-acpi-processor module loaded in dom0 (lsmod /
modprobe xen-acpi-processor) and what does xenpm get-cpufreq-para
tell you?

On Monday, 29 March 2021 at 16:07:53 UTC+2 jonath...@gmail.com wrote:

Hi there

I've been using Qubes for about 18 months now, and it's great.
My only complaint is the poor battery life I get. I've followed
various recommendations within qubes-users about using powertop
and tlp, but nothing seems to address the rapid decline in power
I experience when running on battery.

Some system information:

Kernel Version     Linux version 5.4.88-1.qubes.x86_64
System Name     PurismLibrem 15 v44.0 (Pureboot)
CPU Information     2 Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
OS Information     Qubes release 4.0 (R4.0)

Probably the biggest clue I have received was from running tlp
stat, which suggests:

"Reconfigure your Linux kernel with PM_RUNTIME=y to reduce your
laptop's power consumption."

This seems to be reinforced by the following output from powertop:

Untunable Software Issues
Description
I2C Adapter i2c-3 has no runtime power management
I2C Adapter i2c-4 has no runtime power management

Optimal Tuned Software Settings
Description
NMI watchdog should be turned off
Enable SATA link power management for host0
Enable SATA link power management for host1
Enable Audio codec power management
Runtime PM for I2C Adapter i2c-1 (i915 gmbus dpb)
Runtime PM for I2C Adapter i2c-2 (i915 gmbus dpd)
Runtime PM for I2C Adapter i2c-0 (i915 gmbus dpc)
Runtime PM for I2C Adapter i2c-5 (SMBus I801 adapter at efa0)
Runtime PM for PCI Device Samsung Electronics Co Ltd Device a808
Runtime PM for PCI Device Intel Corporation Xeon E3-1200
v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem
Runtime PM for PCI Device Qualcomm Atheros AR9462 Wireless
Network Adapter
Runtime PM for PCI Device Intel Corporation Device 9d24
Runtime PM for PCI Device Intel Corporation Device 9d30
Runtime PM for PCI Device Intel Corporation Sunrise Point-LP HD
Audio
Runtime PM for PCI Device Intel Corporation Xeon E3-1200 v6/7th
Gen Core Processor Host Bridge/DRAM Registers
Runtime PM for PCI Device Intel Corporation Device 9d4e
Runtime PM for PCI Device Intel Corporation Sunrise 

[qubes-users] https://www.qubes-os.org/news/2021/03/19/qsb-067/

2021-04-03 Thread Ulrich Windl

Hi!

Following https://www.qubes-os.org/news/2021/03/19/qsb-067/, the command
sudo qubesctl --skip-dom0 --templates --standalones state.sls 
update.qubes-vm


does not work here:
[master@dom0 ~]$ sudo qubesctl --skip-dom0 --templates --standalones 
state.sls update.qubes-vm

usage: qubesctl [-h] [--show-output] [--force-color] [--skip-dom0]
[--max-concurrency MAX_CONCURRENCY]
[--targets TARGETS | --templates | --standalones | 
--app | --all]

...
qubesctl: error: argument --standalones: not allowed with argument 
--templates


Am I confused? What's wrong?

Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6bf1f6df-dd8e-54f6-20f7-0e91738c9859%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: cannot verify signatures R4.0.4

2021-03-27 Thread Ulrich Windl

On 3/27/21 2:50 AM, Franz wrote:



On Fri, Mar 26, 2021 at 9:10 AM Franz <169...@gmail.com 
> wrote:


Hello,
everything seems to work fine:

gpg2 --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
       5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
sig!         DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key
gpg: 2 good signatures

gpg2 -k "Qubes OS Release"
pub   rsa4096 2014-11-19 [SC]
       C52261BE0A823221D94CA1D1CB11CA1D03FA5082
uid           [  full  ] Qubes OS Release 3 Signing Key
pub   rsa4096 2017-03-06 [SC]
       5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key

but when I try to verify get unexpected error, even after
downloading two times the files, and even after trying with Fedora
and Debian:

gpg2 -v --verify qubes-release-4-signing-key.asc
Qubes-R4.0.4-x86_64.iso
gpg: verify signatures failed: Unexpected error


I found the problem: I downloaded
Qubes release signing key
rather than
Detached PGP signature

Well frankly, IMO the name of the wrong file seems more appropriate than 
the right one.
How is  "Detached PGP signature" supposed to be easy to understand? :-) 


PGP/GPG basics: Normally when signing a file, the file is changed 
(signature appended (basically)). With a detached signature, the signed 
file is unchanged, and the signature is a separate "detached" file. 
That's a detached signature.


Of course to check a signature you need the signing key as well as the 
detached signature.


Detached from what? Well, I am sure it is detached from something, but I 
lost hours for nothing and other users may simply avoid verifying the 
iso if it is too complicated.
Once there was only one file that could be downloaded. Well I understand 
the additional files may have some additional use, but there are a lot 
of people that are not interested in that and just need an easy and fast 
way to get it going.
So perhaps it may be more appropriate to add to the detached file also 
the wording "use this file to follow the Qubes verification tutorial"

Best
Franz

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qA8vf%2BmzbNk7Jtx3geszJ6AGn7FOT8Eyos4qrfgbhgEww%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd0f26c5-d0b7-ce74-f5ef-d0811678fce3%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] HCL - SuperMicro X11SRA

2021-03-27 Thread Ulrich Windl

On 3/27/21 12:59 AM, Gaijin wrote:

Legacy boot in BIOS allows installation of R4.0.4


I wonder: Isn't it time for UEFI boot? I heard recent hardware does not 
longer offer legacy boot...




Some overall system stability issues using 5.x Linux kernel (frequent
crashes). Performance is stable with a 4.x kernel.

sys-net (Fedora 33) will not connect to wired LAN if the kernel is set
to 5.x. A 4.x kernel is stable.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f4d8dbc-ced9-bce4-f3a5-79686791b7df%40rz.uni-regensburg.de.


Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-27 Thread Ulrich Windl

On 3/16/21 5:29 PM, Manuel Amador (Rudd-O) wrote:

You can mask the unit in the GRUB kernel command line with the parameter:

systemd.mask=qubes-vm@sys-net.service


I think this should go into the Qubes OS FAQ (like "boot parameters for 
troubleshooting")!




And then you will be able to log in and fix the kernel issue (without 
networking, of course).


You can also choose the older kernel in the GRUB menu.

On 16/03/2021 16.49, Fabrizio Romano Genovese wrote:
As the title says. I've upgraded to the latest kernel (5.11) on qubes 
4.0 and now boot is stuck. How do I get out of this? :)


Fab
--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ba1ae0f-4037-4a47-9bf4-aa9eae652a7dn%40googlegroups.com 
.



--
 Rudd-O
 https://rudd-o.com/

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbc147a8-4fa0-2f74-9227-23f24b1a19ce%40rudd-o.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/584b32a7-44c6-3b73-8a30-8ad020d04c08%40rz.uni-regensburg.de.


Re: [qubes-users] Custom LAN Network with dhcpd

2021-03-27 Thread Ulrich Windl

On 3/16/21 4:59 PM, Manuel Amador (Rudd-O) wrote:

I have the treat for you!

https://github.com/Rudd-O/qubes-arbitrary-network-topology


Sounds nice, but maybe the README should contain shot instructions how 
to undo "attach-network-to".




I'm updating the readme in the next few minutes.  More info there.

On 15/03/2021 12.40, 'Nyx' via qubes-users wrote:

Hello,

I am trying to implement an internal Qubes LAN with HVMs that receive 
dhcp from a netvm using dhcpd. A classical network layout sort of 
speak. Reading Xen Networking makes it look possible but Qubes auto 
configuring the VM networking is being a bit troublesome for what I am 
trying to setup. Note that the entire network will be on Qubes only 
with no internet access.


The reason I am trying to set this up is I have some HVMs that are not 
getting an ip through dhcp and I cannot access them to set ip manually 
(they are vulnhub vms). I was thinking of just running an hvm with 
virtualbox but the limits of emulation only wont work. I read that 
qubes can be recompiled to enable nested virtualization to get that 
working but if there is a way to create a custom network that would be 
preferred.


Is there a way to allow a set of HVMs to get ip from a netvm running 
dhcp and communicate like a classic network?

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/IUbiSSRQZ-eNLCIZh5y-81UZrPRnit3Onx2J81ZIoyhYIs0tFpNLfCPuarHsrZ2WYDKBPYpQlKCXm_-xZ5-rXJfC36oAzaMUB3Sa24YLkyk%3D%40protonmail.com 
.



--
 Rudd-O
 https://rudd-o.com/

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1b435e4-c2ac-17e6-f5e4-42d2d8ab64bd%40rudd-o.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34e40c5f-2dc4-770e-6d81-edc31544c12e%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-27 Thread Ulrich Windl

On 3/16/21 4:49 PM, Fabrizio Romano Genovese wrote:
As the title says. I've upgraded to the latest kernel (5.11) on qubes 
4.0 and now boot is stuck. How do I get out of this? :)


Last time I had this (outside of Qubes OS) was when I had configured a 
disk device that did not exist. For some reason Xen tried again and 
again instead of quitting. I found the problem by inspecting the Xen logs.
Anyway I'd guess systemd will timeout the VM start at some time 
(allowing the boot to continue). Did you try to be patient?




Fab

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ba1ae0f-4037-4a47-9bf4-aa9eae652a7dn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bc2ab26-a245-4ec2-38af-69bfc51932b9%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Memory issue

2021-03-13 Thread Ulrich Windl

On 3/12/21 9:10 PM, thefifthseason via qubes-users wrote:

The quick:

Dom0 Task Manager shows memory usage percent as always increasing. 
Closing Virtual Machines does not seem to free up any memory by 
displayed memory usage percent.


Could it be you are confused with "used" vs. "free" ignoring cache and 
buffers? Usually Linux minimizes "free" that is unused memory.




The questions:

Are there any advice on what I should do with this situation?

Should I clean out Qubes memory buffer/catch? If so, what safe command 
should be used?
Or, if that isn’t the issue, what should I look for? What more 
information do you good elves need to help the issue?


The slow:

I noticed this situation a good week ago when I looked at Dom0 task 
manager. It showed my memory usage to be around 95%, that is a lot. The 
computers total memory capacity is 32gig. My normal memory usage tend to 
be around 35-40%, a fairly steady level measured over long time. After 
seeing my memory maxing out I attempted to close down one virtual 
machine after the other, but it did not appear to make any difference in 
terms of freeing up memory. So I decided to restart my computer and that 
made everything back to normal—for a little while. Starting my normal 
virtual machines and got to the normal memory usage level. But then it 
just kept adding on, a disposable machine opened and closed and the 
memory usage increased, another virtual machine opened and the memory 
increased, closing it did not affect the memory level. And so it kept 
adding on more and more memory usage as I did my normal computing things 
like browsing and so on. In writing moment I’ve reached 93% of memory 
capacity.


The extra:

Please, treat me as a newbie. Although I’ve been using Qubes OS for 
several years (its pretty cool operating system, thank you creators and 
maintainers <3) without being knowledgeable about command line interface 
(avoiding it when possible), I remain a GUI person and don’t really want 
a cure for it.


Thank you for your time.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20210312201043.070C58106A3%40smtp.hushmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9683e92b-d4fa-a0e2-2cf7-c9be8b240d94%40rz.uni-regensburg.de.


[qubes-users] Re: Qubes Canary 026

2021-03-13 Thread Ulrich Windl

On 3/11/21 2:06 PM, Andrew David Wong wrote:

Dear Qubes Community,

*Note:* When preparing the announcement for this canary, we discovered
a typographical error in the title (the canary number "025" had not been
updated to "026"). However, one of the canary signers is not available


Can you add an automated check for the future?


to re-sign an updated canary before the canary deadline. Rather than
invalidate this signer's signature by updating the canary text
immediately, we have decided to proceed with this announcement with the
existing canary text, accompanied with this note explaining the error.
As soon as all signers are available, the error will be fixed, and the
updated canary will be re-signed by all parties. Thank you for your
understanding.

We have published Qubes Canary 026. The text of this canary is
reproduced below.

This canary and its accompanying signatures will always be available in
the Qubes Security Pack (qubes-secpack).

View Qubes Canary 026 in the qubes-secpack:

https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-026-2020.txt 



Learn about the qubes-secpack, including how to obtain, verify, and
read it:

https://www.qubes-os.org/security/pack/

View all past canaries:

https://www.qubes-os.org/security/canaries/

```


     ---===[ Qubes Canary 025 ]===---


Statements
---

The Qubes core developers who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is March 7, 2021.

2. There have been 66 Qubes Security Bulletins published so far.

3. The Qubes Master Signing Key fingerprint is:

     427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).

5. We plan to publish the next of these canary statements in the first
two weeks of June 2021. Special note should be taken if no new canary
is published by that time or if the list of statements changes without
plausible explanation.

Special announcements
--

None.

Disclaimers and notes
--

We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently
compromised.  This means that we assume NO trust in any of the servers
or services which host or provide any Qubes-related data, in
particular, software updates, source code repositories, and Qubes ISO
downloads.

This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other
means, like blackmail or compromising the signers' laptops, to coerce
us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to demonstrate
that this canary could not have been created prior to the date stated.
It shows that a series of canaries was not created in advance.

This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to
anybody. None of the signers should be ever held legally responsible
for any of the statements made here.

Proof of freshness
---

Sun, 07 Mar 2021 14:11:21 +

Source: DER SPIEGEL - International 
(https://www.spiegel.de/international/index.rss)
Monitoring the Right Wing: German Officials Seek to Turn up the Heat on 
the AfD

John Bolton on Halkbank: “Trump Wanted To Make an Impression on Erdoğan”
RT Germany: Berlin Fears Growing Influence of Russian Propaganda Platform
Generation Lockdown: Schoolchildren Around the World Face a Steep Uphill 
Battle

Boom in Somaliland: A Miracle on the Horn of Africa

Source: NYT > World News 
(https://rss.nytimes.com/services/xml/rss/nyt/World.xml)

Colombia Seeks Justice for War Atrocities Via New Court
In Hong Kong, Foreign Tourists Are Replaced by a Local Variety
Pope Francis Meets Iraq’s Top Ayatollah as Both Urge Peace
Chloé Zhao, ‘Nomadland’ Director, Encounters a Backlash in China
In a Land Dominated by Ex-Rebels, Kosovo Women Find Power at the Ballot Box

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Pope Francis visits regions of Iraq once held by Islamic State
Uighurs: Chinese foreign minister says genocide claims 'absurd'
Nazanin Zaghari-Ratcliffe released but faces new court date
Myanmar coup: Party official dies in custody after security raids
US pastor on leave after Melania Trump 'trophy wife' comments

Source: Blockchain.info
00021d96387dc5ac0d7b6b5567119ab8ae32de4351700136

Footnotes
--

[1] This file should be signed in two ways: (1) via detached PGP
signatures by each of the signers, distributed together with this
canary in the qubes-secpack.git repo, and (2) via digital signatures
on the corresponding qubes-secpack.git repo tags. [2]

[2] Don't just trust the contents of this file blindly! 

Re: [EXT] Re: [qubes-users] Opening applications using qvm-run

2021-03-13 Thread Ulrich Windl

On 2/28/21 11:46 PM, tetrahedra via qubes-users wrote:
On Sun, Feb 28, 2021 at 08:03:47PM +0100, airelemental via qubes-users 
wrote:

Try:

$ qvm-run --service anon qubes.StartApp+janondisttorbrowser
$ qvm-run --service untrusted qubes.StartApp+firefox
$ qvm-run --service personal qubes.StartApp+thunderbird


Thanks, that did the trick!

Two questions:

1. Is there any way to pass arguments?


What about reading the manual page?
   --service
  Start  RPC  service instead of shell command. Specify 
name of the service in place of COMMAND argument. You can also specify 
service argument, appending it

  to the service name after + character.



2. for some applications the name I have to pass to qubes.StartApp is 
not the same as the command used on the command line (e.g 
`janondisttorbrowser` instead of `torbrowser`). How do I find out the 
correct name for an arbitrary application? is it always the same as the 
name of the .desktop file in /usr/share/applications?




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a687f559-0db9-633f-07fc-3b2d4a09b570%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] What is the latest version of Qubes (on 23 February 2021)

2021-03-13 Thread Ulrich Windl

On 2/23/21 12:58 PM, load...@gmail.com wrote:


Hi everyone,

I know about *'Qubes Release 4.0.3'* and *'**Qubes Release 4.0.4-rc2'*, 
but I don't understand what is the version I have.


I am getting this result already 8 month and nothing changes when I am 
trying to update Dom0:

/$ sudo qubes-dom0-update
Using sys-firewall as UpdateVM to download updates for Dom0; this may 
take some time...

Fedora 25 - x86_64 - Updates    5.8 MB/s |  24 MB 00:04
Fedora 25 - x86_64  8.3 MB/s |  50 MB 00:06
determining the fastest mirror (15 hosts).. done.--  B/s |   0  B 
--:-- ETA

Qubes Templates repository  3.5 kB/s | 5.6 kB 00:01
Last metadata expiration check: 0:00:01 ago on Tue Feb 23 14:49:03 2021.
Dependencies resolved.
Nothing to do.
Complete!
No packages downloaded
Qubes OS Repository for Dom0 25 MB/s |  26 kB 00:00


/_In Qubes Manager >> About >> Qubes OS
I see 'Qubes release 4.0 (R4.0)_


*When I am clicking on Version Information I see this:*

/xen_version    : 4.8.5
Linux 4.19.15-1.pvops.qubes.x86_64

Installed Packages: /


Maybe try "rpm -qa --last |less" to see your latest update.
Mine is:
qubes-core-dom0-4.0.57-1.fc25.x86_64  Sat 13 Mar 2021 06:44:38 
PM CET





/kernel-qubes-vm.x86_64
1000:4.14.74-1.pvops.qubes
kernel-qubes-vm.x86_64
1000:4.19.15-1.pvops.qubes

python2-qubesadmin.noarch     4.0.25-0.1.fc25
python2-qubesimgconverter.x86_64      4.0.23-1.fc25
python3-qubesadmin.noarch     4.0.25-0.1.fc25
python3-qubesdb.x86_64        4.0.10-1.fc25
python3-qubesimgconverter.x86_64      4.0.23-1.fc25
qubes-anaconda-addon.noarch       4.0.9-1.fc25
qubes-artwork.noarch      4.0.1-2.fc25
qubes-core-admin-addon-whonix.noarch      4.0.2-1.fc25
qubes-core-admin-client.noarch        4.0.25-0.1.fc25
qubes-core-dom0.x86_64        4.0.41-1.fc25
qubes-core-dom0-linux.x86_64      4.0.18-1.fc25
qubes-core-dom0-linux-kernel-install.x86_64
qubes-db.x86_64       4.0.10-1.fc25
qubes-db-dom0.x86_64      4.0.10-1.fc25
qubes-db-libs.x86_64      4.0.10-1.fc25
qubes-desktop-linux-common.noarch     4.0.17-1.fc25
qubes-desktop-linux-manager.noarch        4.0.15-1.fc25
qubes-gpg-split-dom0.x86_64       2.0.35-1.fc25
qubes-gui-dom0.x86_64     4.0.9-1.fc25
qubes-img-converter-dom0.x86_64       1.2.6-1.fc25
qubes-input-proxy.x86_64      1.0.14-1.fc25
qubes-libvchan-xen.x86_64     4.0.5-1.fc25
qubes-manager.noarch      4.0.28-1.fc25
qubes-menus.noarch        4.0.17-1.fc25
qubes-mgmt-salt.noarch        4.0.15-1.fc25
qubes-mgmt-salt-admin-tools.noarch        4.0.15-1.fc25
qubes-mgmt-salt-base.noarch       4.0.3-1.fc25
qubes-mgmt-salt-base-config.noarch        4.0.1-1.fc25
qubes-mgmt-salt-base-overrides.noarch     4.0.2-1.fc25
qubes-mgmt-salt-base-overrides-libs.noarch
qubes-mgmt-salt-base-topd.noarch      4.0.1-1.fc25
qubes-mgmt-salt-config.noarch     4.0.15-1.fc25
qubes-mgmt-salt-dom0.noarch       4.0.15-1.fc25
qubes-mgmt-salt-dom0-qvm.noarch       4.0.7-1.fc25
qubes-mgmt-salt-dom0-update.noarch        4.0.6-1.fc25
qubes-mgmt-salt-dom0-virtual-machines.noarch
qubes-pdf-converter-dom0.x86_64       2.1.6-1.fc25
qubes-release.noarch      4.0-7
qubes-release-notes.noarch        4.0-7
qubes-template-debian-10.noarch       4.0.1-201910230150
qubes-template-debian-10-minimal.noarch
qubes-template-debian-9.noarch        4.0.1-201812091508
qubes-template-fedora-29.noarch       4.0.1-201812180316
qubes-template-fedora-30.noarch       4.0.1-201904301131
qubes-template-whonix-gw-14.noarch        4.0.1-201811291216
qubes-template-whonix-ws-14.noarch        4.0.1-201811291216
qubes-usb-proxy-dom0.noarch       1.0.20-1.fc25
qubes-utils.x86_64        4.0.23-1.fc25
qubes-utils-libs.x86_64       4.0.23-1.fc25
qubes-windows-tools.noarch        4.0.1-3
xfce4-settings-qubes.x86_64       4.0.3-1.fc25/


*So could anybody tell me is this the latest version of Qubes OS or 
something happened with my update process?*



Thank you!
//

--
You received this 

Re: [EXT] Re: [qubes-users] Memory balancing very inefficient

2021-03-13 Thread Ulrich Windl

grep -i qubes  /boot/grub2/grub.cfg
On 2/23/21 11:36 AM, Bernhard wrote:

This behaviour might be linked to errors (e.g. my qubes install does not
support 5.x xen kernels: crashes can be caused by "memory stress" and
even if not, they always finish by loads of qmemman log entries, before
deep freeze (not even a kernel panic, just sudden death)

What does "your qubes install" mean? Mine has been auto-updated to
kernel 5.4.88-1


mine too. But since this kernel crashes after 2-30 minutes I downgraded
(xen!) kernel back to 4.19.163. That works, at least. My App-VM's run
smoothly on 5.x kernels, even kernel-latest does fine.


I current think about limiting all small VMs to 256MB and dom0 to 2 GB
of RAM (by GRUB parameter) lacking any idea for a better approch.


Tell us if that works! My qubes has no grub. But you can set kernel
params in /boot/efi/EFI/qubes/xen.cfg


Again: What is special about "my qubes" ?

that is a poor try on non-violent communication. I have no grub
installed: qubes (4.0) came out of the box like that (using UEFI, as did
qubes 3.x before). I am surprised that qubes uses grub in other settings
:))


??? Qubes??? Qubes is using GRUB, and UEFI is part of the BIOS."
Try "grep -i qubes  /boot/grub2/grub.cfg".




I modified /boot/grub2/grub.cfg (changing all dom0_mem=max:4096M values)
and this works as expected. After a few hours I could not figure out
limitations having the limits in place.

  very good news, thank you. Bernhard



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bea40c24-330f-a6d5-069e-3a96dec85fb4%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] How to edit Qubes R4.0.3 ISO image file in Windows 10 system

2021-02-22 Thread Ulrich Windl

On 2/16/21 8:51 AM, Data Eight wrote:
Hello Qubes Google Group Members (who are gave their suggenstions to my 
post):

Thanks all for your help and support regarding editing Qubes ISO image.

I referred the UEFI Troubleshooting web page and installed the QUBES OS 
in my Dell Inspiron and started to learn to work with QUBES.

Thanks once again.

The exact problem I have is system get freezed when the system get 
reboot after successful QUBES OS installation. So, as per UEFI 
troubleshooting instruction for UEFI system, I have included some kernal 
line changes in xen.cfg file using vi editor, before selecting reboot 
after Qubes install.


The procedure I followed for this modification is as follows:
1. dont select reboot after successful installation of Qubes OS
2. press /ctrl+alt+f2/
3. type: /vi /mnt/sysimage/boot/efi/EFI/qubes/xen.cfg/
4. remove the following from the first line: /smt=off /and insert 
/efi=attr=uc/

5. then enter the following: /:wq/


I think (especially on QWERTY layouts) that "Shift+ZZ" is more handy ;-)


6. press ctrl+alt+f6
7. select reboot.

Thats it. Now the black screen problem what I have faced was gone. I 
posted what I followed to resolve this problem. The above procedure will 
be helpful for someone. The windows 10 word in the help requested post, 
is actually not relevant to be used to ask suggession.  So sorry for it.


Thanks once again Group Users who are responded.


On Monday, December 21, 2020 at 5:02:38 AM UTC+5:30 Ulrich Windl wrote:

On 12/14/20 7:42 PM, Data Eight wrote:
 > I am trying to install "Qubes-R4.0.3-x86-64 OS" on Windows 10 UEFI
 > system. Using Rufus created bootable media (DD image option
selected).
 > The installation is done (till the message that qubes successfully
 > installed and ready to go) but after first reboot, the black
screen not
 > proceed further.

If you ever messed with grub2's boot menu, I could suggest to remove
the
"quiet" option. So there should be some messages when booting, and
maybe
sone message is the last one, so you may get a clue...

 >
 > I found to add two lines (bootnoexit=1; mapbs=1) in each kernel
section
 > within bootx64.cfg  file within EFI folder.
 >
 > But it is not working in Windows 10. Since I am a New user to
Qubes OS,
 > I request help in this issue (Can't logging to Qubes).

What Do you mean with "in Windows 10"?: Run as VM in Windows 10?

 >
 > Thanks in advance for your help.
 >
 > --
 > You received this message because you are subscribed to the Google
 > Groups "qubes-users" group.
 > To unsubscribe from this group and stop receiving emails from it,
send
 > an email to qubes-users...@googlegroups.com
 > <mailto:qubes-users...@googlegroups.com>.
 > To view this discussion on the web visit
 >

https://groups.google.com/d/msgid/qubes-users/CALdk6vJ1-4ZNAYZ-viJfKyiHdBwpXiM4uF-hLKXsb3Ygwh%2BBtw%40mail.gmail.com

<https://groups.google.com/d/msgid/qubes-users/CALdk6vJ1-4ZNAYZ-viJfKyiHdBwpXiM4uF-hLKXsb3Ygwh%2BBtw%40mail.gmail.com>

 >

<https://groups.google.com/d/msgid/qubes-users/CALdk6vJ1-4ZNAYZ-viJfKyiHdBwpXiM4uF-hLKXsb3Ygwh%2BBtw%40mail.gmail.com?utm_medium=email_source=footer

<https://groups.google.com/d/msgid/qubes-users/CALdk6vJ1-4ZNAYZ-viJfKyiHdBwpXiM4uF-hLKXsb3Ygwh%2BBtw%40mail.gmail.com?utm_medium=email_source=footer>>.


--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
<mailto:qubes-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e39bd90-be0d-476c-b81b-eb8601292048n%40googlegroups.com 
<https://groups.google.com/d/msgid/qubes-users/9e39bd90-be0d-476c-b81b-eb8601292048n%40googlegroups.com?utm_medium=email_source=footer>.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9287d12a-a243-3ef5-4a41-7e472c4dd29a%40rz.uni-regensburg.de.


Re: [qubes-users] Qubes Manager Feature Requests: Connect to not-running NetVM, restart NetVM with connected machines, force-restart a NetVM

2021-02-22 Thread Ulrich Windl

On 2/15/21 8:51 PM, donoban wrote:

Hi,

On 2/15/21 12:44 PM, r.wiesb...@web.de wrote:

Hello fellow Qubes users,

I have 3 feature requests today regarding Qubes Manager:

1) Connect to not-running NetVM
If a not-running NetVM is chosen there should not be an error message
but a choice between "Start NetVM" and "Abort"


This is already done in R4.1 version.


2) restart netVM with connected machines
Sometimes NetVMs have issues that are easily solved by a restart.
Nastily Qubes prevents restarting the netVM if VMs are connected. What
should optionally happen is either that the connected VMs are
disconnected, the NetVM is restarted and the VMs are reconnected (that
is what I do manually whenever this is needed) or alternatively that all
connected VMs are restarted as well.


Respect this there is a "Cascade shutdown" that will power off all the
connected VM's in recursive mode. I understand that is not what you
mean, you want a option for restart this VM without touching any others...

I understand that you find it helpful for some kind of hardware problem
(sleep / wake up?) but it seems more a hack than a real solution.


Well, actually: Is there an internal management problem when restarting 
the NetVM (or Firewall VM) while dependent VMs are running? If not I'd 
expect some temporary "network outage" until those VMs are restarted,
Actually I feel it would be nice to restart Net or firewall while other 
VMs are open.





3) force-reboot a VM
Users can kill a VM, but this way the user has to wait until the VM was
terminated and then start the machine again (kill + start). It would be
useful to have a single option for both tasks. That happens to me almost
daily with the USB-VM.


Uhm more than a force-reboot option, ideally the restart option should
trigger a timeout and if it expires ask you if you want to kill it or
keep waiting (same that shutdown option). Is it not the current behavior?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e833518d-1624-6403-3a1f-41af1581b7cd%40rz.uni-regensburg.de.


Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-02-01 Thread Ulrich Windl
You could try to boot the kernel installed using: 
https://www.supergrubdisk.org/super-grub2-disk/


On 1/30/21 11:28 AM, donoban wrote:

Hi,

On 1/30/21 8:43 AM, haa...@web.de wrote:

I am surprised by the sizes -- files seem small. Do the seem correct??
Are there files missing?? Could maybe someone check these md5sums, please?
  
1ff66a646f443da650caca5a71d14dc9  initramfs-5.10.11-1.fc25.qubes.x86_64.img

0ed0b625599395686c950b11ca626659  initramfs-5.10.5-1.qubes.x86_64.img
66ad105adc1bcf8543fde0be5e1cffa9  initramfs-5.10.8-1.qubes.x86_64.img
aa03e2e037aa2a173c4f9a2db6dd9096  initramfs-5.4.91-1.fc25.qubes.x86_64.img
36993c5ea1f93a37c548f8ac32b18baf  vmlinuz-5.10.11-1.fc25.qubes.x86_64
9669c095819240d8117f208748707b4c  vmlinuz-5.10.5-1.qubes.x86_64
3db1a8bdd97a608a5459ac5521052ab8  vmlinuz-5.10.8-1.qubes.x86_64
0834cc9a9bfbacb9cfc420f3b879bca7  vmlinuz-5.4.91-1.fc25.qubes.x86_64
  


[user@dom0 boot]$ sudo md5sum initramfs-5.*
9026c8b1f9d4ba3da856197e6a864f87  initramfs-5.10.11-1.fc25.qubes.x86_64.img
7b37ca7152c6a13d43c8786b309781af  initramfs-5.10.7-1.qubes.x86_64.img
037caef7ad5ffae014c02174f9d32ec8  initramfs-5.10.8-1.qubes.x86_64.img
4ab81d0bd949b982bc1d4c8624e6ed97  initramfs-5.4.83-1.qubes.x86_64.img
0167631c01c4a8e48f231e93adbc30dc  initramfs-5.4.88-1.qubes.x86_64.img
ad56a62721d0953e9b7547b6e0f34c8e  initramfs-5.4.91-1.fc25.qubes.x86_64.img

[user@dom0 boot]$ md5sum vmlinuz-5.*
36993c5ea1f93a37c548f8ac32b18baf  vmlinuz-5.10.11-1.fc25.qubes.x86_64
55e0df9ec8fa8e5b812a2e0bf9794094  vmlinuz-5.10.7-1.qubes.x86_64
3db1a8bdd97a608a5459ac5521052ab8  vmlinuz-5.10.8-1.qubes.x86_64
0834cc9a9bfbacb9cfc420f3b879bca7  vmlinuz-5.4.91-1.fc25.qubes.x86_64


Probably the initramfs differ due different hardware or configuration.
vmlinuz image seems fine.


(3) I could try the " efibootmgr " commands mentioned in UEFI

troubleshooting, but I do not understand them, and I am afraid to f*ck
it up even worse. If my harddrive-boot partition is mounted on /BOOT
instead of /boot  , how would the command read, please??

It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda

You only need to worry about /dev/sda, if you are afraid about breaking
it more try using a different label like "-L TryingQubesRescue".



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10416cfb-c4f7-4842-51af-b1f6c822dd2c%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Updating a new installation

2021-02-01 Thread Ulrich Windl

On 1/27/21 7:44 AM, Shawn Creighton wrote:
What is the quickest and most secure way to update the entire system 
including Dom0 on the first boot of a new install? I've noticed that it 
takes awhile for the updates to populate to the qubes updater when first 
connected to the net even though there are obviously updates available. 
Is there a way to expedite the process?


I think you can always run the dom0 updater to get the updates, and for 
the VMs it seems that starting one reduces the time until updates for 
the corresponding template are found.

Still I'd like an explicit "check for updates"...



--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABF_mq1OTL78t%3DHfeOGkGrdyCogJPWOQ1sLW-qf5WgLa6n7TiQ%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6f28ed0-9743-4ffb-f892-711e93a0d2ed%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Can't access flash drive

2021-02-01 Thread Ulrich Windl

On 1/16/21 4:40 PM, Shawn Creighton wrote:


I have a Sandisk Cruzer 8GB flash drive I've had for a few years, when I 
plug it in to Qubes it shows up in the available devices but when I 
connect it to any appvm it's not rshowing up in the file manager. Other 
newer flash drives work fine. Any ideas?


What's the output of (Dom0):
* blkid /dev/your-stick
* fdisk -l /dev/yopur-stick

?



--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f458ab4-ce5f-4efa-afd8-6aeb6e5fe410n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7f184dd-d41b-43ba-dbe1-ccd90be052f7%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Q: Installing additional software

2021-02-01 Thread Ulrich Windl

On 1/16/21 2:39 AM, unman wrote:

On Fri, Jan 15, 2021 at 06:35:13PM -0600, Sven Semmler wrote:

On 1/15/21 6:10 PM, unman wrote:

at the expense of security, since all AppVMs based on that template
will have a large number of applications/libraries which may be ripe
for exploit.


Could you please elaborate? I am not sure I understand.


Many attacks rely on chaining exploits and loopholes in an assortment of
applications and libraries.
You see this very often in "capture the flag" contests, and in real
world attacks.
If you use a single template and load it with software (and therefore
associated libraries) you have significantly broadened the attack
surface: this is particularly so if you install "recommended and
suggested" packages.
By contrast, if you use a minimal template and install a single
application, the attack surface is smaller.
If you have a template loaded with file viewers, office applications and
drawing software, it will undoubtedly be extremely useful. But the
attack surface is large. If you use that template as the basis for your
mail reader, for example, then there is scope for an attack using a crafted
email attachment.
But if you use a minimal template with a good mail reader like mutt,
and open all the attachments in an offline disposable VM based on that
extensive template, the risk to your mail reader, and by extension
your Qubes system, is reduced. (Note, reduced but nor removed.)

In my system, almost *all* my working qubes are based on adapted minimal
templates, and most of them, including my mail qubes, are offline.
This may be why I have an unholy number of templates.


So you don't base AppVMs on the minimal template, but have multiple 
"adjusted" almost-minimal templates? And you make AppVMs from those or 
disposable VMs?
I guess you have a special update cache also, as otherwise you spend 
hours with updating.

Can you explain a bit more?


File storage qubes are exactly that - they store files. If I want to
view, or edit, I do it in an offline qube: I *have* to do it in another
qube, because the storage qubes don't have the capacity for anything
except plain text editing (and imagemagick, and some python and).
Are there risks? Of course.




I'm not altogether clear on what you mean here.


I understood

1) AppVM based on debian-10 and install gimp in AmpVM. The OP might or might
not be aware of binds/persistence.


I didnt hear this in what OP wrote.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a17165f-479b-0d19-6810-c961755e124a%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Q: Installing additional software

2021-02-01 Thread Ulrich Windl

On 1/16/21 1:10 AM, unman wrote:

On Sat, Jan 16, 2021 at 12:41:04AM +0100, Ulrich Windl wrote:

Hi!

I have a question about installing additional software (e.g. GIMP in
debian-10):
The options I see are:
1) Install it in some AppVM based on debian-10
2) Clone debian-10 template and install software there. Create some AppVM
based on that template

I'd guess 1) needs less space, but for 2) I'm not sure what happens when
updates are applied to both, the template and the AppVM.

Regards,
Ulrich



1. needs less space, but at the expense of security, since all AppVMs
based on that template will have a large number of
applications/libraries which may be ripe for exploit.

I'm not altogether clear on what you mean here. You then have two


Sorry for the late response: I mean if I install e.g. GIMP in an AppVM 
based on debian 10, what happens if I update the AppVM first (updating 
some parts of debian 10 and GIMP) and later I update the debian10 
template: Couldn't there be conflicts between the updates in the AppVM 
and the template? If not, wouldn't that waste space by keeping some 
updates more than once?



templates which will need updating - unless you are using a caching
proxy instead of the standard tinyproxy, this is going to take time and
suck up bandwidth.
You can, naturally, update the AppVM separately from the template, as
usual, but updates will be lost on reboot. (I do this sometimes when I am
checking on updates/installs or configuration changes: one of the great
things about Qubes.)


If the AppVM is not a disposable one, the updates are still lost? 
Wouldn't that mean any (e.g.) update for GIMP would be lost as well?


Regards,
Ulrich





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7936589e-7197-400f-afa3-7fc3c69fa6d0%40rz.uni-regensburg.de.


[qubes-users] Q: Installing additional software

2021-01-15 Thread Ulrich Windl

Hi!

I have a question about installing additional software (e.g. GIMP in 
debian-10):

The options I see are:
1) Install it in some AppVM based on debian-10
2) Clone debian-10 template and install software there. Create some 
AppVM based on that template


I'd guess 1) needs less space, but for 2) I'm not sure what happens when 
updates are applied to both, the template and the AppVM.


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/988afcb4-0c8e-7553-eba1-8570f29b6dd9%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Qubes boots to grey screen, mouse frozen

2021-01-15 Thread Ulrich Windl

On 1/11/21 12:07 PM, TheCrispyToast wrote:
Was able to disable whonix from startup, that didn't seem to do 
anything. That's assuming I was supposed to restart after that and try 
to boot as normal right? Is there a way to then exit terminal and 
continue signing in with GUI?


I tried to disable firewall/net VM and then got a watchdog error, i'd 
imagine this is a security feature of qubes?


For me it looks like some kind of hardware problem.


Sorry it's a photo and not text!
IMG_3283.JPG

On Sunday, January 10, 2021 at 7:13:16 PM UTC awokd wrote:

TheCrispyToast:
 > On Sunday, January 10, 2021 at 12:18:54 AM UTC awokd wrote:
 >
 >> This seems like it could be a hardware or disk corruption issue.
Try
 >> hitting ctrl-alt-F5 to switch to a text terminal when you are at
the
 >> grey screen. Should hopefully be able to login there and pull
logs. If
 >> your disk was close to filling up, that could point more towards
drive
 >> corruption.
 >>
 >> My disk was definitley not close to filling up, but it may have
been one
 > of the VM partitions that was close to filling up. I have managed
to get
 > into the dom0 terminal upon bootup. Excuse my ignorance, but
could you
 > asssit with the proper commands for pulling logs and/or turning
certain VMs
 > off from startup? I think itd be better to start a boot with only
dom0
 > running. As I said before, sometimes it will let me even get
logged in and
 > then once whonix appears to start the whole system freezes.
 >
"sudo journalctl -b" might be helpful. If you can get into dom0,
"qvm-prefs sys-whonix autostart false" will do that. Might also set
sys-firewall and sys-net autostart to false.

-- 
- don't top post

Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69542577-dfae-44f7-b23d-1b9d98ac846en%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d84f863-800b-322b-a42b-0f7358b6a19b%40rz.uni-regensburg.de.


[qubes-users] USB stick issue

2021-01-06 Thread Ulrich Windl

Hi!

Maybe it's related to recent updates, or my computer is starting to die: 
Anyway: Today I had plugged in my USB stick and attached it successfully 
to "vault". I had opened a file from it. The suddenly within one second, 
I saw the stick being disconnected and reconnected, and the "vault" 
failed to write the file.


Questions:
1) Is that disconnect expected?
2) Is it expected the a disconnect/reconnect uses a different disk (xvdj 
vs. xvdi)?
3) Is it expected that the partitions appear twice in the file manager 
(see attachment)?


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/79bcb932-1749-447b-04a5-358d31e0972d%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] wireless " intruder "

2021-01-06 Thread Ulrich Windl

On 1/3/21 2:24 PM, haaber wrote:
...

Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.


Are there logs (the famous "last words")?

...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e4159f4-8341-24cd-6cd7-141dd045da1c%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2021-01-06 Thread Ulrich Windl

On 1/2/21 9:31 PM, Andrew David Wong wrote:

On 1/2/21 9:05 AM, Ulrich Windl wrote:

On 12/30/20 8:20 AM, Andrew David Wong wrote:

On 12/29/20 10:02 AM, Ulrich Windl wrote:

[...]
When trying, it seems my Dom0 does not have a file manager in the 
menu. I had to run "thunar" manually from the terminal.


This is by design. Using a file manager in dom0 is a security risk 
and is therefore discouraged:


https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md#dom0-precautions 



So is there an alternative that gets the user script registered for 
saving a screenshot?




I'm not sure exactly what you mean, but there's:


I mean: It seems you need the file manager to open the file just to 
register it as handler; is there an alternative not using the file manager?




https://github.com/QubesOS/qubes-issues/issues/953


Unfortunately the issue is quite long, and you are not referring to a 
specific comment...






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8b2a8fe-d908-6c88-5eeb-a6f7c33564b7%40rz.uni-regensburg.de.


[qubes-users] Q: attaching a partition to a VM vs. attaching the whole disk

2021-01-02 Thread Ulrich Windl

Hi!

I have an effect I'm wondering about:
May USB stick has partitions on it, one being FAT having a KeePass DB in it.
When I attach that partition to a VM (eg. vault) and try to access the 
partition, I see no mountable disk in the file manager (e.g. from 
KeePassXC).
However when I attach the whole stick to the VM, I see all partitions 
being offered to mount in the file manager under "Other locations".


Is this the way it should be? I'd like to attach only the partition 
needed, but usability forces me to attach the whole stick...


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9cabd6b-38ff-9c88-86a8-de8be8e86cee%40rz.uni-regensburg.de.


[qubes-users] Q: console messages booting debian-10 (switch_root: failed to mount moving /dev to /sysroot/dev: Invalid argument)

2021-01-02 Thread Ulrich Windl

Hi!

Looking at the boot messages on console for debuan-10, I see these:

...
Waiting for /dev/xvda* devices...
Qubes: Doing R/W setup for TemplateVM...
[1.279270]  xvdc: xvdc1 xvdc3
Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)
no label, UUID=924589a7-5fee-4ed3-a7b2-fa46cbf7fcde
Qubes: done.
[1.309503] EXT4-fs (xvda3): mounted filesystem with ordered data 
mode. Opts: (null)

Waiting for /dev/xvdd device...
mount: /dev/xvdd is write-protected, mounting read-only
[1.317358] EXT4-fs (xvdd): mounting ext3 file system using the ext4 
subsystem
[1.323196] EXT4-fs (xvdd): mounted filesystem with ordered data 
mode. Opts: (null)
[1.568749] clocksource: tsc: mask: 0x max_cycles: 
0x733fdf79392, max_idle_ns: 881590829533 ns

[2.202412] EXT4-fs (xvda3): re-mounted. Opts: (null)
switch_root: failed to mount moving /dev to /sysroot/dev: Invalid argument
switch_root: forcing unmount of /dev
switch_root: failed to mount moving /proc to /sysroot/proc: Invalid argument
switch_root: forcing unmount of /proc
switch_root: failed to mount moving /sys to /sysroot/sys: Invalid argument
switch_root: forcing unmount of /sys
switch_root: failed to mount moving /run to /sysroot/run: Invalid argument
switch_root: forcing unmount of /run
[2.323383] systemd[1]: systemd 241 running in system mode. (+PAM 
+AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP 
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN 
-PCRE2 default-hierarchy=hybrid)

...


Are those "failed to mount moving ..." error messages expected?

Happy new year, BTW ;-)
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01b4ca99-e4ab-0a1a-4f0d-a35f56e7a422%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Re: qvm-run multimedia nautilus nothing happens

2021-01-02 Thread Ulrich Windl

On 1/2/21 12:28 AM, Franz wrote:



On Fri, Dec 25, 2020 at 3:44 PM Steve Coleman 
mailto:stevenlcolema...@gmail.com>> wrote:




On Tue, Dec 22, 2020, 5:12 AM Franz <169...@gmail.com
> wrote:


 > No, checking again if I put multimedia dependent from
another template
 > works, so the problem is the template.
 >
 > Last thing I did with the template was install a custom
disposable VM
 > connected with the template. I did not know that this may
end damaging the
 > template.
 >
Disposable VM settings shouldn't affect the template. What
happens if
you try to run nautilus from a terminal session to
"multimedia"? If it
doesn't start, that's the issue.


Cannot test it because neither gnome-terminal nor term start,
so?  Anyway I prepared a new template, reinstalled everything,
even the printer, and it works, but now I am scared by the
custom dvm thing.


The way to test things like this is to use "qvm-run -p 
program-name" and watch what errors bome back through that pipe.
Usually you will see something like "program not found" or some
error finding some basic resource that is required.

With dvm's this *is* more of a problem, but doing that same command
against its base templatevm might also give some insightful clues.


Thanks Steve,
I already tried qvm-run at the beginning of this thread, but it gives to 
reply, no error, nothing. it just froze trying to do that. Only CTRL c 
works to go on. Now tried to add -p as you suggested, but the result is 
the same.


Tried xterm, term, gnome-terminal, nothing works. Well the problem is 
solved because I prepared a new template, but it is good to remember to 
make a copy of the template before doing things that can break it.


I wonder: What happens if you run "journalctl -b -f" in multimedia while 
you try executing the commands?




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qDedCFemHP8etSiC%2BZsOq67JbKwpTH9fLXwOde%3DAxPN%2BQ%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cb4ecce-d630-ac40-7bca-af0eb0068324%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2021-01-02 Thread Ulrich Windl

On 12/30/20 8:20 AM, Andrew David Wong wrote:

On 12/29/20 10:02 AM, Ulrich Windl wrote:

[...]
When trying, it seems my Dom0 does not have a file manager in the 
menu. I had to run "thunar" manually from the terminal.


This is by design. Using a file manager in dom0 is a security risk and 
is therefore discouraged:


https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md#dom0-precautions 



So is there an alternative that gets the user script registered for 
saving a screenshot?






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b64ceae-b135-2b3f-d8b5-087ae8a0e6da%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2020-12-29 Thread Ulrich Windl

On 12/23/20 9:14 AM, haaber wrote:

On 12/22/20 10:18 PM, Jarrah wrote:



How do you disable the automatic screen lock? I have the screensaver
disabled and the lock screen option unchecked but it still locks after a
few minutes.



For me, there is a "presentation mode" on the battery icon (which shows
on both desktop and laptop) that disables the screen lock.

Also when using the screenshot function in system tools, is it 
possible to
save to the AppVM file system you are currently using rather than to 
Dom0?

Or how do I access it once it is saved to Dom0?



You should be able to get them to your AppVM using `qvm-copy-to-vm  `  from the terminal.


Better:  create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".


When trying, it seems my Dom0 does not have a file manager in the menu. 
I had to run "thunar" manually from the terminal.


Also: Wouldn't qvm-move-to-vm be preferrable (also replacing "Send" with 
"Move")?



This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a897236-c7da-4780-af9e-69e2900ad208%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Q: Kernel being used in VM

2020-12-29 Thread Ulrich Windl

On 12/21/20 1:45 PM, Mike Keehan wrote:

On 12/21/20 12:23 AM, Ulrich Windl wrote:

Hi!

I wonder: What sense is in updating the kernel in a VM (e.g. 
fedora-32) when that kernel isn't used when booting the VM?




The VM's package manager can be told not to update specified packages,
if that is what you want.


No, specifically for sys-net I wonder what the great support for newer 
hardware is worth when an old kernel is being used.




Mike.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e118528-0bd2-f214-206f-3059406d3071%40rz.uni-regensburg.de.


[qubes-users] Q: Kernel being used in VM

2020-12-20 Thread Ulrich Windl

Hi!

I wonder: What sense is in updating the kernel in a VM (e.g. fedora-32) 
when that kernel isn't used when booting the VM?


For example:
user@sys-firewall ~]$ rpm -qa kernel\*
kernel-core-5.9.11-100.fc32.x86_64
kernel-5.9.12-100.fc32.x86_64
kernel-modules-5.9.14-100.fc32.x86_64
kernel-modules-5.9.11-100.fc32.x86_64
kernel-headers-5.9.13-100.fc32.x86_64
kernel-devel-5.9.11-100.fc32.x86_64
kernel-debug-devel-5.9.11-100.fc32.x86_64
kernel-modules-5.9.12-100.fc32.x86_64
kernel-devel-5.9.12-100.fc32.x86_64
kernel-devel-5.9.14-100.fc32.x86_64
kernel-core-5.9.12-100.fc32.x86_64
kernel-5.9.14-100.fc32.x86_64
kernel-core-5.9.14-100.fc32.x86_64
kernel-debug-devel-5.9.14-100.fc32.x86_64
kernel-5.9.11-100.fc32.x86_64
kernel-debug-devel-5.9.12-100.fc32.x86_64
[user@sys-firewall ~]$ uname -a
Linux sys-firewall 4.19.155-1.pvops.qubes.x86_64 #1 SMP Mon Nov 9 
06:37:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ce2c3b5-220c-8d0f-b49e-17bbf8ed6baa%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-20 Thread Ulrich Windl

On 12/21/20 1:08 AM, Ulrich Windl wrote:

On 12/20/20 4:17 PM, Morten Eyrich wrote:
Okay so if I have been using a https connection, then it's no 
problem... ?


If they use a wrong certificate for a MITM attack they might decode your 
connection... It means nobody between you and the "next endpoint" can 
read your password, but how to ensure what the "next endpoint" really is?


Well actually they could construct a terribly poor or well-known 
"secret" key so that the encryption is "pre-broken" (can easily be 
decrypted).






Den søn. 20. dec. 2020 kl. 14.35 skrev unman 
mailto:un...@thirdeyesecurity.org>>:


    On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
 > Lets say I have a compromised router/networkconnection.
 >
 > I use a Qubes OS pc to go on the internet through the compromised
 > router/networkconnection.
 >
 > Is it then possible for the intruder to see the passwords that I
    enter and
 > is being sent through the compromised router/networkconnection ?
 >

    Yes, but only if you send the password in the clear.
    Don't do this. In fact don't do *anything* in the clear.
    Only use encrypted connections - https for web sites, TLS or other
    encryption methods for
    SMTP/POP/IMAP to get mail, ssh, etc, etc.
    Encrypt any valuable data.
    Trust nothing.

    --     You received this message because you are subscribed to the 
Google

    Groups "qubes-users" group.
    To unsubscribe from this group and stop receiving emails from it,
    send an email to qubes-users+unsubscr...@googlegroups.com
    <mailto:qubes-users%2bunsubscr...@googlegroups.com>.
    To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org 


<https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org>. 



--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
<mailto:qubes-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com 
<https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com?utm_medium=email_source=footer>. 





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86730e53-7ed7-8e9c-28f3-63d0fa549d0f%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-20 Thread Ulrich Windl

On 12/20/20 4:17 PM, Morten Eyrich wrote:

Okay so if I have been using a https connection, then it's no problem... ?


If they use a wrong certificate for a MITM attack they might decode your 
connection... It means nobody between you and the "next endpoint" can 
read your password, but how to ensure what the "next endpoint" really is?




Den søn. 20. dec. 2020 kl. 14.35 skrev unman >:


On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
 > Lets say I have a compromised router/networkconnection.
 >
 > I use a Qubes OS pc to go on the internet through the compromised
 > router/networkconnection.
 >
 > Is it then possible for the intruder to see the passwords that I
enter and
 > is being sent through the compromised router/networkconnection ?
 >

Yes, but only if you send the password in the clear.
Don't do this. In fact don't do *anything* in the clear.
Only use encrypted connections - https for web sites, TLS or other
encryption methods for
SMTP/POP/IMAP to get mail, ssh, etc, etc.
Encrypt any valuable data.
Trust nothing.

-- 
You received this message because you are subscribed to the Google

Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org

.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94fd64c2-3695-aba2-92c7-c977c25930b8%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] How do you stream and whatch mp4-video's in your Firefox Browser ?

2020-12-20 Thread Ulrich Windl

On 12/20/20 11:43 AM, ME wrote:

How do you stream and whatch mp4-video's in your Firefox Browser ?


"your" firefox browser? What's that?



--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5290bec5-d65e-41d4-953e-9493180d3abfn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4cdc976-4f4b-62c8-4992-773e6e87f104%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?

2020-12-20 Thread Ulrich Windl

On 12/20/20 10:59 AM, ME wrote:
Why isn't it possible to manually control if the pc should enable 
networking and wi-fy at login or not ?


You CAN switch sys-net to manual start, and you can disconnect any VM 
from the network.




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d2f8d5e-c7af-4f4d-b643-051b5a404fbbn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f2738863-de98-6d99-1292-3cf620942373%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-20 Thread Ulrich Windl

On 12/20/20 10:27 AM, ME wrote:
Lets say I have a USB storage device which has a virus on it that will 
infect a Linux pc when it is inserted.


If I insert the USB storage device in my Qubes OS pc after login to 
Qubes OS, is it then possible for the virus to infect my pc immediately 
after I have plugged it in before or after attaching the device to a VM ?


I think it depends on how the virus works. For example if it could cause 
code execution by overflowing the SCSI vendor/model buffer (I'm not 
saying that this is possible, BTW), it could cause execution even before 
anything is mounted...




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/365aebf3-1118-7ca0-e7c2-f70044537a74%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] crontab backups?

2020-12-20 Thread Ulrich Windl

On 12/17/20 3:14 PM, Stumpy wrote:

On 12/17/20 8:47 AM, haaber wrote:

On 12/17/20 2:32 PM, Stumpy wrote:

I havent played with crontab in forever, and I cant code at all, but I
really wanted to try to automate my backups a wee bit.

I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix
centos-7-minimal email chat work personal

and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup
will run but when i try to do it via cron then nada?

The crond seems to be running and crontab -l shows the schedule I pasted
above, Is there a reason this shouldn't work?


I am no cron-expert, but in my exoerience cron and scripts often mess.
One reason seems " pipes " in scripts that usually fail when cron'ed.
Have a look at these "|" in the script and re-code them pipe-free -- to
my opinion that would be a good starting point. cheers



Thanks!
I didnt realize that cron and scripts didnt mix, I just put one long 
line into cron and it has started up!

Much appreciated!


??? Your script was executable using "she-bang" (#!/bin/my_shell)?





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/684f5b80-1adf-9747-f51f-2e5d5bc1205b%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] crontab backups?

2020-12-20 Thread Ulrich Windl

On 12/17/20 2:32 PM, Stumpy wrote:
I havent played with crontab in forever, and I cant code at all, but I 
really wanted to try to automate my backups a wee bit.


I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file 
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix 
centos-7-minimal email chat work personal


and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup 
will run but when i try to do it via cron then nada?


Checked the syslog? Did you use "crontab -e" to setup the crontab?



The crond seems to be running and crontab -l shows the schedule I pasted 
above, Is there a reason this shouldn't work?




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/100cd61e-42ba-1117-452a-f79a61b67fa0%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] new xen kernel 5.xx

2020-12-20 Thread Ulrich Windl

On 12/16/20 9:32 AM, haaber wrote:

I have still instabilities with the xen kernels 5.x (sudden system
freeze). I also have a small /boot and hold only the last 3 kernels.


I can (outside of Qubes OS) trigger a kernel freeze when the kernel 
starts swapping on a thin-provisioned LV. I think I wrote that to this 
list some time ago. You could also find some details at kernel.org's 
bugzilla.



They are right now:

vmlinuz-4.19.155-1.pvops.qubes.x86_64
vmlinuz-5.4.78-1.qubes.x86_64
vmlinuz-5.4.83-1.qubes.x86_64

I would like to mark the (for me very stable) kernel 4.19.155 as "do not
erase while updating" and remove the (for me) useless kernel
vmlinuz-5.4.78-1.qubes.x86_64. How can I do that, please?  I fear to
make a mess when just "playing around". I also want to keep 5.x kernels
for appVM's (they work well).   Thank you!


I think you'll have to find out what actually makes your kernel freeze 
(if it freezes at all).






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f000fb31-a46a-18f2-3e2a-39e0c102e7e0%40rz.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] qubes-os // stand-alone reactos fails

2020-12-20 Thread Ulrich Windl

On 12/15/20 5:40 PM, ser...@da.matta.nom.br wrote:
Thank you Unman. I do not use React-OS anymore. It worked fine on Qubes 
3. But I really think it was a bad decision to support only xvda. It is 
not only Android, React-os, Chrome-Os and others. It is about Qubes 
users.  I will keep using Qubes-OS 4 even with his limitations, but I 
hope Qubes-os chooses to be  easier to his users, in the future.


Some stupid question: Isn't it the kernel that boots in the VM that 
assigns the name? If so, it's not Xen that assigns the name...




Em terça-feira, 15 de dezembro de 2020 às 00:21:31 UTC-3, unman escreveu:

On Mon, Dec 14, 2020 at 01:05:59PM -0800, ser...@da.matta.nom.br wrote:
 > Dear Unman,
 > Please, why Qubes chooses to use /dev/xvda differently then the
other
 > softwares are expecting?
 > Since there is already a patch, it should be permanent to
minimize problems.
 > Thank you
 > Em domingo, 13 de dezembro de 2020 ??s 21:54:58 UTC-3, unman
escreveu:
 >
 > > On Sun, Dec 13, 2020 at 03:07:06PM -0800, ludwig...@gmail.com
wrote:
 > > > Hi I am trying to install reactos 0.4.13 as stand alone with
16G system
 > > and
 > > > 16g private.
 > > > I know, way too much.
 > > > Reactos fails with blue screen and red print: "Setup could
not find a
 > > > harddisk"
 > > > Enter = Reboot computer.
 > > >
 > > > So why there is no harddisk in the vm?
 > > > Is there an editor to configure more options to the vm? So I
would like
 > > > to see if the devices are there.
 > > >
 > > > BTW: If someone could contribute a reactos template with common
 > > > tools like peazip and sumatrapdf it would be nice for all to
play with
 > > some
 > > > old windows stuff.
 > > >
 > > > Regards
 > > >
 > > > Ludwig
 > > >
 > >
 > > This has come up a number of times on the list, both for
ReactOS and
 > > Android installs.
 > > The issue is that ReactOS *has* to see a disk at /dev/sda or
/dev/hda,
 > > whereas Qubes presents disks at /dev/xvda etc.
 > > Take a look at
https://github.com/unman/notes/blob/master/disks_in_Qubes

 > > If you look at https://github.com/unman/change_disk
 you'll see a
 > > possible solution: how to use those files is explained at
 > > https://github.com/unman/notes/blob/master/InstallingAndroid.md

 > >
 > > Basically, you redefine the disks so that they are presented as
disks
 > > that ReactOS will accept. Then you can just install to /dev/sda
 > >
 > > If you need help, just ask.
 > >
 >

Qubes is based on Xen, and Xen decided many moons ago to using xvdX for
block devices, instead of sdX. You might ask why ReactOS and Android
are
so hidebound in their expectations for block devices.
This is more of a hack than a patch, so I think it unlikely it will be
incorporated in to Qubes.

On the issue of a template, you can install reactos as a template HVM,
and spawn other qubes off it. I could point you to an example if that
would be helpful.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23460d00-e1ed-4cb6-b007-119841e2ad16n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f147f24d-8a6b-b33e-b2ba-ac04533d6b47%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] How to edit Qubes R4.0.3 ISO image file in Windows 10 system

2020-12-20 Thread Ulrich Windl

On 12/14/20 7:42 PM, Data Eight wrote:
I am trying to install "Qubes-R4.0.3-x86-64 OS" on Windows 10 UEFI 
system. Using Rufus created bootable media (DD image option selected). 
The installation is done (till the message that qubes successfully 
installed and ready to go) but after first reboot, the black screen not 
proceed further.


If you ever messed with grub2's boot menu, I could suggest to remove the 
"quiet" option. So there should be some messages when booting, and maybe 
sone message is the last one, so you may get a clue...




I found to add two lines (bootnoexit=1; mapbs=1) in each kernel section 
within bootx64.cfg  file within EFI folder.


But it is not working in Windows 10. Since I am a New user to Qubes OS, 
I request help in this issue (Can't logging to Qubes).


What Do you mean with "in Windows 10"?: Run as VM in Windows 10?



Thanks in advance for your help.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CALdk6vJ1-4ZNAYZ-viJfKyiHdBwpXiM4uF-hLKXsb3Ygwh%2BBtw%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32c6c692-58f4-a1d2-1207-4902166e378d%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Upgrading primary HD size

2020-12-20 Thread Ulrich Windl

On 12/12/20 1:16 AM, 'keyandthegate' via qubes-users wrote:

Oops, I forgot I'm using btrfs.


Well, it's not specific to Qubes OS, but maybe you'd like to read this:
Setting up a HA cluster using Xen PVMs recently, I found a bug that 
activated one VM on two nodes at the same time... The VM was using BtrFS 
as root / boot filesystem with many subvolumes and automatic snapshots 
before each software update.
As a result the BtrFS was corrupted, and there was NO way to recover any 
of the snapshots or subvolumes. Maybe keep this in mind. In the past I'd 
traditionally use separate ext2/3 filesystems for things like /, /boot, 
/var, etc. And the changes to recover something are probably higher than 
with BtrFS... Anyway: I just wanted to tell.


Regards,
Ulrich



‐‐‐ Original Message ‐‐‐
On Friday, December 11, 2020 11:14 AM, keyandthegate 
 wrote:


Hi I recently upgraded to a new primary HD and these are the steps 
I've taken:

1. plug the new HD in via USB
2. boot from debian live
3. use dd to copy my entire old HD to new HD
4. use gdisk to convert from MBR to GPT
5. use gparted to move the swap partition to the end of the drive, and 
resize the primary partition to use the remaining space

6. swap in the new HD

I read I need to resize the LVM thin pool but, I'm not seeing the 
right output from lvs.

Existing threads:
https://groups.google.com/g/qubes-users/c/D-on-hSX1Dc/m/Q3rbYGyvAAAJ 

https://groups.google.com/g/qubes-users/c/w9CIDaZ3Cc4/m/0xvtMUrIAgAJ 



I also have a second 2TB drive with a second pool.

lsblk output:
nvme0n1  
259:0    0   7.3T  0 disk
├─nvme0n1p3 
259:3    0  15.4G  0 part
│ └─luks-[...]
253:1    0  15.4G  0 crypt [SWAP]
├─nvme0n1p1 
259:1    0 1G  0 part  /boot
└─nvme0n1p2 
259:2    0   7.3T  0 part
  └─luks-[..]  
253:0    0   7.3T  0 crypt /

[...]
sda   
8:0    0   1.8T  0 disk
└─luks-[...]
253:2    0   1.8T  0 crypt
  ├─qubes-poolhd0_tdata 
253:4    0   1.8T  0 lvm
  │ └─qubes-poolhd0-tpool   
253:5    0   1.8T  0 lvm

[... my qubes on second HD]
  └─qubes-poolhd0_tmeta 
253:3    0   120M  0 lvm
    └─qubes-poolhd0-tpool   
253:5    0   1.8T  0 lvm

[... my qubes on second HD]
[...]

$ qvm-pool -l
NAME   DRIVER
varlibqubes    file-reflink
linux-kernel   linux-kernel
poolhd0_qubes  lvm_thin

$ sudo lvs -a
  LV  VG    Attr   LSize   
Pool    Origin  Data%  Meta%  Move 
Log Cpy%Sync Convert

  [lvol0_pmspare] qubes ewi--- 120.00m
  poolhd0 qubes twi-aotz--   
1.82t 69.41  43.01

  [poolhd0_tdata] qubes Twi-ao   1.82t
  [poolhd0_tmeta] qubes ewi-ao 120.00m
[... my qubes on second HD]

Where have my Qubes on the first HD gone? They still work, but I don't 
see them in the output of these commands.


--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/HA2V2H7xCHTxhIlQ7HvG9BdLmlOdOsZRfYJeFCkDQANMLsLwg5qBofGGTY388Wg709VswBrbt4f01UylsHfpXSqF2AkqFGYACWxrsnGf8lA%3D%40protonmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/536a5877-91d1-b719-35e5-20e836a5765f%40rz.uni-regensburg.de.


Re: [qubes-users] Re: Can no longer copy text from xterm by default

2020-12-20 Thread Ulrich Windl

On 12/11/20 3:48 AM, Andrew David Wong wrote:

On 12/10/20 12:23 PM, Ulrich Windl wrote:

On 12/10/20 3:49 AM, Andrew David Wong wrote:
I used to be able to be able to do the following to copy text from 
xterm in Fedora and Debian VMs:


1. Select/highlight the desired text, thereby inserting it into the 
PRIMARY buffer.


2. Press  in order to bring up a menu (I 
think it was the "VT Options" menu).


3. In this menu, select the option to copy text from the PRIMARY 
buffer to that VM's local clipboard.


4. Press  to copy text to the Qubes inter-VM 
clipboard and proceed as usual.


However, some time ago, step 2 suddenly stopped working, and I have 
no idea why. Pressing  in xterm now does 
nothing, as far as I can tell. I've checked my trackpad/mouse 
settings, and everything seems fine and unchanged. I've tried 
pressing the left and right mouse buttons simultaneously instead, but 
nothing.


I know that I can probably create custom xterm settings that will 
allow me to copy text, but I'd still like to know whether there's a 
way to do it by default for cases in which the VM is uncustomized. 
Does anyone know if there is such a way?


I never used that, but here for the fedora-32 template it works.
I think you can override bindings inside the app via X resources, but 
my suspect is that the window manager "captures" the mouse or key 
event, so it does not arrive at the terminal any more.




I'm confused. You say it's working in the Fedora 32 template for you, 
yet you also say the key event is captured, so it's not arriving at the 
terminal anymore. How can it be working for you if the key event is 
being captured by the window manager?


You missed something: I' not the one who had the problem; I'm one who 
tried to help / explain.






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c535869d-6b13-fbb7-fd27-53c2ee03d47e%40rz.uni-regensburg.de.


[qubes-users] Re: Can no longer copy text from xterm by default

2020-12-10 Thread Ulrich Windl

On 12/10/20 3:49 AM, Andrew David Wong wrote:
I used to be able to be able to do the following to copy text from xterm 
in Fedora and Debian VMs:


1. Select/highlight the desired text, thereby inserting it into the 
PRIMARY buffer.


2. Press  in order to bring up a menu (I 
think it was the "VT Options" menu).


3. In this menu, select the option to copy text from the PRIMARY buffer 
to that VM's local clipboard.


4. Press  to copy text to the Qubes inter-VM clipboard 
and proceed as usual.


However, some time ago, step 2 suddenly stopped working, and I have no 
idea why. Pressing  in xterm now does 
nothing, as far as I can tell. I've checked my trackpad/mouse settings, 
and everything seems fine and unchanged. I've tried pressing the left 
and right mouse buttons simultaneously instead, but nothing.


I know that I can probably create custom xterm settings that will allow 
me to copy text, but I'd still like to know whether there's a way to do 
it by default for cases in which the VM is uncustomized. Does anyone 
know if there is such a way?


I never used that, but here for the fedora-32 template it works.
I think you can override bindings inside the app via X resources, but my 
suspect is that the window manager "captures" the mouse or key event, so 
it does not arrive at the terminal any more.


Regards,
Ulrich


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab18f043-3355-ca0a-4a42-e0e16b209cc8%40rz.uni-regensburg.de.


Re: [EXT] [qubes-users] How to attach private storage from one AppVM to another AppVM (LVM)?

2020-12-10 Thread Ulrich Windl

On 12/7/20 3:56 PM, 'heinrich...@googlemail.com' via qubes-users wrote:
 From one AppVM I need to temporarily access a large amount of files 
from another AppVM. Can this be done without copying the files around?


_Background: _
I have a large amount of files stored in AppVM "BIG". That's hundreds of 
GB in a separate pool on a spinning HDD.
I also have a small AppVM "SMALL" running a program that needs to access 
files from "BIG". This AppVM resides on a small SSD.


In the past I copied files from BIG to SMALL. But this takes time and I 
need to sort the files beforehand because there is not enough space on 
the SSD. I don't want to do that anymore. It would be okay to allow 
AppVM "SMALL" to access files from "BIG"'s private storage directly.


Googling around tells me to mount "private.img", but I'm using LVM so 
that's not an option. But how can this be done? Can it be done? (Or is 
there even a better "file sharing" approach for this amount of data 
without having to revert to a NAS?)


Any tips are appreciated.


Actually I have not done it, but it feels like you should have an NFS 
server on BIG with a network only accessible from inside qubes, and 
specifically from SMALL. Still it will have to transfer the file 
contents, but you benefit from any application that only reads parts of 
the files.


When not wanting to copy I guess you'll have to mount a snapshot of 
BIG's data as the LV should be mounted only once (AFAIK).


Regards,
Ulrich



(I'm on Qubes OS v4 latest)

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d42e07f-9170-4504-bbc4-d638d2403cfcn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cba7cb41-5a2e-e283-e941-96c8db156d19%40rz.uni-regensburg.de.


[qubes-users] Need Help: Ruined my installation via PCI pass through

2020-12-08 Thread Ulrich Windl
Hi!

Trying to get my WLAN adapter into sys-net, I made a fatal mistake: The USB 
host added also has the boot device (and mouse) connected. Now as soon as 
sys-net starts (maybe even earlier) the PV for qubes becomes inaccessible.

Mounting the device in another Linux system, I tried to prevent the start of 
sys-net by renaming the systemd link for multi-user target, but that did not 
help.  The kernel panics shortly after boot.
Before I had tried to find (and edit) the settings that cause the problem, but 
could not find them.

My idea was to prevent start of sys-net, then use the qubes manager to undo my 
bad setting.
Unfortunately I don't get that far.

Any help appreciated!

Regards,
Ulrich

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCFFA3F02A10003D674%40gwsmtp.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Qubes OS: .onion and links

2020-12-06 Thread Ulrich Windl
On 12/1/20 6:22 PM, TheGardner wrote:
> What happens, if you have set "Prioritize .onion sites when known." to 
> ALWAYS under Privacy & Security - Browser Privacy ?

That was not the question: The page exists; otherwise I wouldn't have asked.

> 
> Cheers :)
> 
> Ulrich Windl schrieb am Montag, 30. November 2020 um 21:16:31 UTC+1:
> 
> Hi!
> 
> I noticed when I click the link "upgrading Fedora TemplateVMs" found on
> the onion version of the page (using the tor browser of whonix), you
> are
> directed to a non-onion page
> (https://www.qubes-os.org/doc/template/fedora/upgrade/
> <https://www.qubes-os.org/doc/template/fedora/upgrade/>), and you'll
> have
> to switch to onion again.
> 
> In contrast when I click news items on
> 
> http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/
> 
> <http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/>
> 
> I remain on onion sites.
> 
> Regards,
> Ulrich
> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to qubes-users+unsubscr...@googlegroups.com 
> <mailto:qubes-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/e6d5020b-5d5d-483f-8816-53b98ef90a0an%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/qubes-users/e6d5020b-5d5d-483f-8816-53b98ef90a0an%40googlegroups.com?utm_medium=email_source=footer>.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCD805002A10003D54A%40gwsmtp.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Qubes OS: .onion and links

2020-12-06 Thread Ulrich Windl
On 12/1/20 7:35 PM, 'disrupt_the_flow' via qubes-users wrote:
> On November 30, 2020 8:15:14 PM UTC, Ulrich Windl 
>  wrote:
> 
> Hi!
> 
> I noticed when I click the link "upgrading Fedora TemplateVMs" found on
> the onion version of the page (using the tor browser of whonix), you are
> directed to a non-onion page
> (https://www.qubes-os.org/doc/template/fedora/upgrade/),  
> <https://www.qubes-os.org/doc/template/fedora/upgrade/),>  and you'll have
> to switch to onion again.
> 
> In contrast when I click news items on
> 
> http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/
> I remain on onion sites.
> 
> Regards,
> Ulrich
> 
> 
> Hello Ulrich. What page exactly? I can't find such a page on the QubesOS 
> website.

http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/2020/06/30/fedora-32-templates-available/

> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to qubes-users+unsubscr...@googlegroups.com 
> <mailto:qubes-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/1FED7E54-AEAF-4D88-A2FD-A43CD3A2AD3F%40pretty.Easy.privacy
>  
> <https://groups.google.com/d/msgid/qubes-users/1FED7E54-AEAF-4D88-A2FD-A43CD3A2AD3F%40pretty.Easy.privacy?utm_medium=email_source=footer>.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCD803702A10003D544%40gwsmtp.uni-regensburg.de.


Re: [EXT] [qubes-users] Qubes Installer needs update (Part 1 of 3)

2020-12-06 Thread Ulrich Windl
On 12/5/20 10:17 PM, Ulrich Windl wrote:
> Hi!
> 
> The Qubes Installer for 4.0.3 has some severe bugs (it seems to me):
> I installed Quebes OS 4.0 for the third time, so I should have a littel 
> experience by now:
> The only difference from last install I could remember was:
> 1) I installed on a M.2 SSD instead of a harddisk
> 2) I put the German keyboard on top of the English
> 
> Installation succeeded quikly without a problem, but when booting, the system 
> does not come up. Most notably because it does not ask for the password of 
> the LUKS partition that holds the VG.
> 
> I'll attach screen shots that show what the user can see. My suspect is that 
> it's the German keyboard that is missing in the initrd, failing the password 
> input.
> 
> First I capture what can be seen when no password prompt appears; catching 
> the actual error was trickier. After the repeating dracut messages there 
> didn't seem to happen anything more.
> 
> Regards,
> Ulrich
> 
> 

Hi!

Eventually I could solve the problem (using another Linux System):
For reasons completely unknown to me the partitions I had created 
manually were not retained (I had a small second partition, and I had 
erased both partitions created a second larger partition and two more):
However after successful installation the old partitions were back AND 
LVM complained that the physical volume inside the LUKS is larger than 
the partition. That was the clue I needed! So I checked the partitions 
and found the partition was not what I had created (but the PV was the 
one I had created). I could suspect anaconda reading the partition table 
first, and then writing it back for no good reason (I said _I_ will 
provide partitions).
Well the fix was (time consuming): I created the partitions from the 
"other" Linux, then booted the installer again and did yet another 
install. Now it booted! From SSD. Now really fast 8-)

So Qubes OS did not give a good error message when encountering that bug!

Regards,
Ulrich


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCD800802A10003D53E%40gwsmtp.uni-regensburg.de.


Re: [EXT] Re: [qubes-users] Qubes OS: .onion and links

2020-12-06 Thread Ulrich Windl
On 12/1/20 7:35 PM, 'disrupt_the_flow' via qubes-users wrote:
> On November 30, 2020 8:15:14 PM UTC, Ulrich Windl 
>  wrote:
> 
> Hi!
> 
> I noticed when I click the link "upgrading Fedora TemplateVMs" found on
> the onion version of the page (using the tor browser of whonix), you are
> directed to a non-onion page
> (https://www.qubes-os.org/doc/template/fedora/upgrade/),  
> <https://www.qubes-os.org/doc/template/fedora/upgrade/),>  and you'll have
> to switch to onion again.
> 
> In contrast when I click news items on
> 
> http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/
> I remain on onion sites.
> 
> Regards,
> Ulrich
> 
> 
> Hello Ulrich. What page exactly? I can't find such a page on the QubesOS 
> website.

http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/2020/06/30/fedora-32-templates-available/

> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to qubes-users+unsubscr...@googlegroups.com 
> <mailto:qubes-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/1FED7E54-AEAF-4D88-A2FD-A43CD3A2AD3F%40pretty.Easy.privacy
>  
> <https://groups.google.com/d/msgid/qubes-users/1FED7E54-AEAF-4D88-A2FD-A43CD3A2AD3F%40pretty.Easy.privacy?utm_medium=email_source=footer>.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCD7FB502A10003D536%40gwsmtp.uni-regensburg.de.


Re: [EXT] [qubes-users] Re: Qubes OS: .onion and links

2020-12-06 Thread Ulrich Windl
On 12/1/20 6:22 PM, TheGardner wrote:
> What happens, if you have set "Prioritize .onion sites when known." to 
> ALWAYS under Privacy & Security - Browser Privacy ?

That was not the question: The page exists; otherwise I wouldn't have asked.

> 
> Cheers :)
> 
> Ulrich Windl schrieb am Montag, 30. November 2020 um 21:16:31 UTC+1:
> 
> Hi!
> 
> I noticed when I click the link "upgrading Fedora TemplateVMs" found on
> the onion version of the page (using the tor browser of whonix), you
> are
> directed to a non-onion page
> (https://www.qubes-os.org/doc/template/fedora/upgrade/
> <https://www.qubes-os.org/doc/template/fedora/upgrade/>), and you'll
> have
> to switch to onion again.
> 
> In contrast when I click news items on
> 
> http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/
> 
> <http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/>
> 
> I remain on onion sites.
> 
> Regards,
> Ulrich
> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to qubes-users+unsubscr...@googlegroups.com 
> <mailto:qubes-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/e6d5020b-5d5d-483f-8816-53b98ef90a0an%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/qubes-users/e6d5020b-5d5d-483f-8816-53b98ef90a0an%40googlegroups.com?utm_medium=email_source=footer>.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCD7F9502A10003D530%40gwsmtp.uni-regensburg.de.


[qubes-users] Qubes Installer needs update (Part 3 of 3)

2020-12-05 Thread Ulrich Windl
Final Hi!

As can be seen from the issues reported before, it's _very_ hard for the 
average or beginning user to diagnose when installation or boot fails.
Therefore (knowing it's bad security and privacy wise) I suggest an addition 
"blackbox log" debugging aid:
Can't a log be written on the EFI partition (during install or during boot).
Then in theory one could read that log using some common operating system and 
send them for inspection.

Frustrated,
Ulrich

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5FCBFBAF02A10003D504%40gwsmtp.uni-regensburg.de.


[qubes-users] Qubes OS: .onion and links

2020-11-30 Thread Ulrich Windl

Hi!

I noticed when I click the link "upgrading Fedora TemplateVMs" found on 
the onion version of the page (using the tor browser of whonix), you are 
directed to a non-onion page 
(https://www.qubes-os.org/doc/template/fedora/upgrade/), and you'll have 
to switch to onion again.


In contrast when I click news items on 
http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/ 
I remain on onion sites.


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef044f4f-2c42-f0e7-12d9-13c89524c7a6%40rz.uni-regensburg.de.


  1   2   >