[qubes-users] Using Zoom in Qubes

2020-05-10 Thread Vít Šesták
The problem with Zoom is probably that it opens a transparent overlay, likely because of annotations. However, Qubes OS does not support transparency. There is a workaround that hides the overlay: xdotool selectwindow windowunmap Regards, Vít Šesták 'v6ak' -- You received this message

[qubes-users] Is a StandaloneVM equally secure as a AppVM that is created on it's own TemplateVM, and what is the difference between a StandaloneVM and a AppVM ?

2020-04-14 Thread Vít Šesták
, it depends on how you use it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.co

Re: [qubes-users] Re: [4.0] Intel Wi-Fi 6 AX200 adapter

2020-03-19 Thread Vít Šesták
Well, maybe it would be better to just compile some newer StubDom. Also, I have realized that there is some similar discussion on Github: https://github.com/QubesOS/qubes-issues/issues/5615 Regards, Vít Šesták 'v6ak' On Thursday, March 19, 2020 at 10:42:00 PM UTC+1, Ilpo Järvinen wrote

[qubes-users] Re: [4.0] Intel Wi-Fi 6 AX200 adapter

2020-03-19 Thread Vít Šesták
Šesták 'v6ak' On Wednesday, March 18, 2020 at 8:46:31 PM UTC+1, Vít Šesták wrote: > > Hello, > on a new laptop, I am trying to setup Qubes OS 4.0. I have installed the > latest point release (i.e., 4.0.3). I have bunch of issues, the most > important one is that I cannot connect to

[qubes-users] [4.0] Intel Wi-Fi 6 AX200 adapter

2020-03-18 Thread Vít Šesták
Internet connection on this laptop. I probably could transfer updates from the other laptop, but I don't think this would make a difference. * Use Debian. Due to the kernel version, it does not seem to be worth trying. Any ideas? Regards, Vít Šesták 'v6ak' -- You received this message

Re: [qubes-users] Re: Write-error on swap-device after having a full storage

2020-01-23 Thread Vít Šesták
Thank you! This has allowed me to mount the volume to a DVM, which has allowed me to fix the issue. Just running fsck in the DVM was enough to fix the issue. Maybe I should create an issue (or find an existing one) for that. Regards, Vít Šesták 'v6ak' -- You received this message because you

[qubes-users] Re: Write-error on swap-device after having a full storage

2020-01-22 Thread Vít Šesták
that? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web vi

[qubes-users] Re: Write-error on swap-device after having a full storage

2020-01-22 Thread Vít Šesták
that? Regards, Vít Šesták 'v6ak' On Wednesday, January 22, 2020 at 1:43:00 PM UTC+1, Vít Šesták wrote: > > Hello, > I have done this: > > 1. Started a template VM update. > 2. It seems to have run out of space during the update. > 3. I extended the storage. > > Expected result:

[qubes-users] Write-error on swap-device after having a full storage

2020-01-22 Thread Vít Šesták
from the last run, can it? Other TemplateVMs work correctly. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

Re: [qubes-users] Re: HCL - Dell Inspiron 15 5000 (5575) AMD Ryzen 5 2500U w/ Vega 8 Graphics

2020-01-03 Thread Vít Šesták
While comparing Qubes 4 to Fedora 25 might be tempting, it is not similar as it might seem. Qubes 4 is based on Fedora 25, but some parts including kernel are independent. So, seeing different kernel-related behavior in Fedora 25 and Qubes 4 is definitely not a surprise. Regards, Vít Šesták

Re: [qubes-users] Re: HCL - Dell Inspiron 15 5000 (5575) AMD Ryzen 5 2500U w/ Vega 8 Graphics

2019-12-22 Thread Vít Šesták
that the BIOS contains a newer microcode.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.co

Re: [qubes-users] HCL - Dell Inspiron 15 5000 (5575) AMD Ryzen 5 2500U w/ Vega 8 Graphics

2019-12-22 Thread Vít Šesták
I was able to find. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this

[qubes-users] SystemTap in dom0 – kernel debug symbols

2019-10-29 Thread Vít Šesták
nning debuginfo-install kernel-4.19.79-1.pvops.qubes.x86_64, but it uses DNF/YUM internally, so it cannot work. Is there any way to get kernel debug symbols in dom0? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users"

[qubes-users] Re: Panic Button in Dom0

2019-10-29 Thread Vít Šesták
reading. So, some quick reboot can help there, BIOS should do the rest, at least in theory. Regards, Vít Šesták 'v6ak' On Friday, May 17, 2019 at 9:55:08 PM UTC+2, Daniil Travnikov wrote: > > Did anyone use software like Punic Button? > > I mean for example you need to turn off your compu

[qubes-users] Re: Why is there no option to save VM state?

2019-10-29 Thread Vít Šesták
. Regards, Vít Šesták 'v6ak' *) Well, it can improve security by making administration easier. Without that, it would be easy to make some infrequently-used VM outdated. When you would start the VM after some time, you would risk various attacks sooner or lated. -- You received this message

Re: [qubes-users] Qubes does not recover from crashed X11 (related to shmoverride and GUID)

2019-08-25 Thread Vít Šesták
runnng VMs also hang indefinitely and cannot even respond to qvm-run -p vm-name ls. V6 On Thursday, August 22, 2019 at 3:08:41 PM UTC+2, David Hobach wrote: > > On 8/21/19 11:59 PM, Vít Šesták wrote: > > Hello, > > sometimes, Intel driver makes my X11 crash (see X11-crash.l

[qubes-users] Qubes does not recover from crashed X11 (related to shmoverride and GUID)

2019-08-21 Thread Vít Šesták
. I don't think there is a corruption of the SHM, as some similar situation happened on OOM kill. So maybe it is just about some final cleaning missing there. Do you have some further idea? Regards, Vít Šesták 'v6ak' *) Well, I hit a kind of antiheisenbug. GUID does not work when I run

[qubes-users] Messages in boot console

2019-07-21 Thread Vít Šesták
Hello, Qubes OS used to allow me to show startup console by pressing escape. After a recent upgrade, Qubes shows nothing there. Is it intentional? Can I reenable it? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users&q

[qubes-users] Recommendation for on-screen keyboard

2019-06-22 Thread Vít Šesták
reason. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group,

[qubes-users] R4: Graphics issues: flashbacks and rendering freezes

2019-05-26 Thread Vít Šesták
iet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles $ uname -r 4.19.43-1.pvops.qubes.x86_64 Do you have any idea what to do with it? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this g

[qubes-users] Alt+Tab not redirected in AppVM

2019-04-09 Thread Vít Šesták
In some cases, Alt+Win+Tab is not handled by dom0 (at least with Kwin) and the remote VM handles it as Alt+Tab (AFAIR at least Windows and Unity). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving

Re: [qubes-users] [4.0] Kernel panic in HVM

2019-03-18 Thread Vít Šesták
, Vít Šesták 'v6ak' On March 18, 2019 2:00:48 AM GMT+01:00, "Marek Marczykowski-Górecki" wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 > >On Sun, Mar 17, 2019 at 04:02:31PM -0700, Vít Šesták wrote: >> Hello, >> I have tried to boot Fedora 29 Silverblue

[qubes-users] [4.0] Kernel panic in HVM

2019-03-17 Thread Vít Šesták
Hello, I have tried to boot Fedora 29 Silverblue in a HVM from the official ISO. I have noticed that there is some kernel panic before the HVM shuts down. The problem is that I cannot read it. Is there any way to read it, e.g., by disabling the automatic reboot somehow? Regards, Vít Šesták

Re: [qubes-users] Re: Android-x86 7.1-r2 with GAPPS installation guide

2019-02-26 Thread Vít Šesták
them… Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group,

[qubes-users] Re: What is the state of automatic updates?

2019-02-24 Thread Vít Šesták
Why? I suggest having updates as automated as possible – for security reasons. It allows you to have all the latest security updates as soon as possible. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To u

[qubes-users] Android-x86 7.1-r2 with GAPPS installation guide

2019-02-24 Thread Vít Šesták
. Just use the private disk image (which is typically /rw) for /data. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-02-14 Thread Vít Šesták
On February 14, 2019 6:18:47 PM GMT+01:00, "Marek Marczykowski-Górecki" wrote: >On Thu, Feb 14, 2019 at 05:58:09PM +0100, Vít Šesták wrote: >> When I update dom0 and then Debian/Whonix without restarting the Qube >Manager or Update “widget”*, is it enough? Or I need to re

[qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-02-13 Thread Vít Šesták
Since Qubes 4.0.1 was released [1] before your message and before the DSA [2], I assume it is not a good idea to install Debian and Whonix from the 4.0.1 installation media, is it? If it is right, then I suggest adding a note on the download page [3] until 4.0.2 release. Regards, Vít Šesták

[qubes-users] OS rescue in Q4.0.1

2019-02-13 Thread Vít Šesták
and mount root from there. But I wonder why it does not work straightforwardly. Regards, Vít Šesták 'v6ak' *) Have you tried Googling for “anaconda rescue”? ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this grou

[qubes-users] Keyboard backlight color based on active qube

2018-12-20 Thread Vít Šesták
So, you have found an ancient UNIX command to be useful for fuzzy testing: cat. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Re: Qubes OS screensharing

2018-10-18 Thread Vít Šesták
, we will probably see a Github comment.) If you are supereager, you can compile it yourself  Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails fro

Re: [qubes-users] Re: Qubes OS screensharing

2018-02-11 Thread Vít Šesták
understand the linked source code much. No, I don't have a solution. I have few intermediate results that might be useful for someone to find something more. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group.

Re: [qubes-users] Re: Qubes OS screensharing

2018-02-10 Thread Vít Šesták
is slower than producer). I am not sure if VNC is designed for that, but Wireshark capture of session with -ViewOnly on client-side looks still a bit chatty. There are many Authentication Response messages for some time (WTF?) and many Fence messages (hmm, probably synchronization). Regards, Vít

Re: [qubes-users] Re: Qubes OS screensharing

2018-02-10 Thread Vít Šesták
: https://gist.github.com/v6ak/1678244cd71a0ebd019531d02a149c8f Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

[qubes-users] Re: [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-02-08 Thread Vít Šesták
On Thursday, February 1, 2018 at 10:31:14 AM UTC+1, Vít Šesták wrote: > I have also seen one strange change (not sure about the timing, but it might > be related to the update) that might affect security of those who use some > pseudo-DVM for sys-usb. When I remove USB „mouse“* a

Re: [qubes-users] Re: [qubes-project] Hosting for OpenQA instance

2018-02-08 Thread Vít Šesták
Hello, what's the current status? If it has not been resolved, I'd like to ask if you require the hardware to have VT-d. This is a requirement for Q4, but maybe this is not a requirement when it runs under KVM with virtualized hardware. (Not sure.) Regards, Vít Šesták 'v6ak' -- You received

Re: [qubes-users] reboot sys-net

2018-02-02 Thread Vít Šesták
sys-net is shut dows from the VM itself. You can do the same for both sys-net and sys-firewall at once. The qvm-shutdown command accepts multiple VM names. For qvm-start, you can just request start of sys-firewall, because the sys-net VM is started automatically in such case. Regards, Vít Šest

Re: [qubes-users] Re: Qubes OS screensharing

2018-02-01 Thread Vít Šesták
ments that X11 is not designed for isolation and some those statements look like this is possible generally by design. I was able to neither confirm nor deny it in a short time. Regards, Vít Šesták 'v6ak' Maybe top-posting is bad. However, quoting whole message (including quotes of quotes and

Re: [qubes-users] Running Windows from Qubes VM ?

2018-02-01 Thread Vít Šesták
On Saturday, January 13, 2018 at 9:24:49 AM UTC+1, msg...@gmail.com wrote: > Maybe there is no bootloader on /dev/sdc1? Try to boot from livecd and fix > bootloader. This is very likely. Bootloader is usually installed on whole drive (e.g., /dev/sdc) rather than on its partition (e.g.,

[qubes-users] Re: [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-02-01 Thread Vít Šesták
is that this does not apply for USB keyboard, although the input proxy works virtually the same. So, before adding an untrusted device, it is not enough to disconnect USB keyboard/touchpad. I also have to reboot the sys-usb VM. Regards, Vít Šesták 'v6ak' *) I have two USB „mice“, none of them

Re: [qubes-users] Re: Qubes OS screensharing

2018-01-28 Thread Vít Šesták
verified unless you verify it from some other source. Regards, Vít Šesták 'v6ak' General note: Maybe top-posting is bad. However, quoting whole message (including quotes of quotes and quotes of quotes of quotes etc.) before your message is even worse. Please don't let others scroll extensively. --

[qubes-users] Save virtual machine state?

2018-01-25 Thread Vít Šesták
, it would be probably technically feasible (though maybe not easy), but hard for UX. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email

[qubes-users] Re: "Qubes Air: Generalizing the Qubes Architecture" by Joanna Rutkowska

2018-01-25 Thread Vít Šesták
rry Pi has no persistent storage outside of the SD card. * MicroSD card cannot be hacked (e.g., Raspberry Pi cannot overwrite the firmware). * Your laptop is not configured to parse anything from the card. (If it is not that case, it could try to compromise your laptop.) Regards, Vít Šesták 'v6ak' -- Yo

Re: [qubes-users] Re: GPU?

2018-01-25 Thread Vít Šesták
inux kernel is considered as quite weaker than Xen in terms of attack surface, so exploits in Linux kernel are more likely. AppArmor might mitigate *some* of them, but not all. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-use

Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-25 Thread Vít Šesták
There actually is a GUI for checking dom0 updates. In Qubes VM manager, select dom0 and click the update button in top toolbar. Or you can also use the context menu. OTOH, in this case, the main benefit of the GUI are the notifications. The update process itself is usually more friendly from

[qubes-users] Re: Qubes OS screensharing

2018-01-25 Thread Vít Šesták
. Run the screensharing app of your choice in the same X11 session. 4. Make the screensharing video fullscreen. Of course, this would make some fractal effect when the VNC client is visible on screen ☺ I haven't tried it yet, but it seems Regards, Vít Šesták 'v6ak' -- You received this message

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-21 Thread Vít Šesták
On Thursday, January 18, 2018 at 2:06:08 AM UTC+1, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Sun, Jan 14, 2018 at 03:24:04AM -0800, Vít Šesták wrote: > > But it could be useful to use 32-bit stubdoms for those reasons. They

Re: [qubes-users] GPU?

2018-01-20 Thread Vít Šesták
solution for all Qubes users, because external monitors often connected to the dedicated GPU*. Not mentioning laptops with just one GPU. (Those can be more common for Linux and Qubes users.) I foresee a GPUVM in VM settings (like today's NetVM in VM settings). Regards, Vít Šesták 'v6ak' *) I

[qubes-users] Re: GPU?

2018-01-18 Thread Vít Šesták
On Thursday, January 18, 2018 at 10:00:19 PM UTC+1, Alex Dubois wrote: > You can use GPU computing in Dom0 with the assumption that: > - You trust the software you plan on using >- 3D design software such as Blender >- GPU compute such as CUDA libs, Tensorflow, Keras, etc.. > - You only

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-18 Thread Vít Šesták
On Thursday, January 18, 2018 at 7:00:42 PM UTC+1, Nik H wrote: > On Jan 16, 2018, at 2:56 AM, Vít Šesták <…@v6ak.com> wrote: > > > > * If an application does not mitigate Spectre and attacker finds useful > > entry point, attacker can read memory of the ap

[qubes-users] Re: GPU?

2018-01-15 Thread Vít Šesták
It might be possible, just no one has implemented it in a way that does not require complex processing by trusted parts of system. There is an attempt called XenGT (for Intel iGPUs), but I am not sure about its state and at least it is not integrated to Qubes yet. Regards, Vít Šesták 'v6ak

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-15 Thread Vít Šesták
n others aren't. * Lowlevel components might need additional work because of assembly code. * Microcode update is needed only for some variants of patches. But retpoline might be preferred for both performance reasons and not need of microcode update. Regards, Vít Šesták 'v6ak' -- You received this mess

[qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-15 Thread Vít Šesták
On Monday, January 15, 2018 at 2:15:34 AM UTC+1, Nik H wrote: > Thanks, this is good info. I found instructions to update microcode in linux > - seems very simple. Xen instructions seem simple as well but where do I > enter this? In the Dom0 terminal? I am a bit unclear as to how Dom0 and Xen >

[qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-14 Thread Vít Šesták
: https://wiki.xenproject.org/wiki/XenParavirtOps/microcode_update Regards, Vít Šesták 'v6ak' *) Some μcode updates can be loaded even runtime, but this is not so general and I don't recommend it. As far as I understand, the result of runtime patching might vary on what instructions have been used

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-14 Thread Vít Šesták
ble to use 32-bit stubdom on a 64-bit system? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@goo

[qubes-users] Re: GPU?

2018-01-14 Thread Vít Šesták
get it somehow working on my old laptop, but it used to crash X11. HDMI through additional GPU will reportedly get better with Wayland, but we are not there yet. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-user

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-13 Thread Vít Šesták
o until it gets fixed than something that shoul be smooth and user friendly. IMHO it is just a coincidence that Qubes Manager was reintroduced those days. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To un

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-13 Thread Vít Šesták
that QEMU in dom0 – however horrible it looks – might be acceptable in this special case. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

Re: [qubes-users] Re: memory management in dom0 ?

2018-01-13 Thread Vít Šesták
hose issues persist after Qmemman restart or even after system reboot? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qube

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-13 Thread Vít Šesták
> There are two shims: PV-in-HVM aka Vixen and PV-in-PVH aka Comet. Both have limitations making them incompatible (or at least suboptimal) in Qubes Marek, thanks for the clarification. So, IIUC, Vixien's shim is no-go and Comet's shim would do the same (but at higher cost) as migration to PVH

[qubes-users] Re: memory management in dom0 ?

2018-01-11 Thread Vít Šesták
requirements. * Where does your “1.3 GB is in use” claim come from? * How much of memory does the AppVM use? What is the memory limit for the AppVM? See VM settings » Advanced » Initial memory. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google

Re: [qubes-users] Re: porting to ARM

2018-01-11 Thread Vít Šesták
Qubes is a desktop OS*, so it does not make much sense to target ARM servers. *) I remember this has been emphasized by its authors somewhere. Of course, you can use it on server, but it if far from the intended usage. -- You received this message because you are subscribed to the Google

[qubes-users] Re: porting to ARM

2018-01-10 Thread Vít Šesták
it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send emai

Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks

2018-01-10 Thread Vít Šesták
for stubdoms, which sounds as a nice side effect of Meltdown fix. Spectre is harder to mitigate and you might need microcode update. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this grou

Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread Vít Šesták
Second, some backdoors can look like a regular vulnerability. Those are even worse. Good backdoor can be abused by few people, maybe it requires digital signature. That's not good, but regular (pseudo-)vulnerabilities are even worse, because they can be abused by much broader set of people. But

Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

2018-01-08 Thread Vít Šesták
for AMD: https://www.phoronix.com/scan.php?page=news_item=AMD-PSP-Disable-Option But it is still matter of trust. Not having PSP/IME does not mean there cannot be any backdoor. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups &quo

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

2017-12-30 Thread Vít Šesták
touchpad that is rotated, so its autoconfiguration by this script is not welcome. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

[qubes-users] Re: Touchscreen not working on Qubes 3.2

2017-12-30 Thread Vít Šesták
and clicks*), while touchscreen reports just touches. Third, touchscreen might report multiple pointers. For those reasons, touchscreen needs a different proxy, which is not implemented yet. Regards, Vít Šesták 'v6ak' *) Scrolling is AFAIK a specific type of button. -- You received this message

Re: [qubes-users] Pointer lock API

2017-12-25 Thread Vít Šesták
I have encountered such issue and I have found a semi-solution. I usually don't use mouse (just mousekeys and touchpad), but for games, I do. There is an exiting input proxy mechanism. It was originally intended for sys-usb->dom0, but other combinations can work, too. As far as I remember, it

[qubes-users] Re: Touchscreen not working on Qubes 3.2

2017-12-25 Thread Vít Šesták
AFAIK this is related to kernel option rd.qubes.hide_all_usb, not to Xfce vs. KDE. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: How to hide all except one USB controller?

2017-12-24 Thread Vít Šesták
Actually, having a malicious hardware attached at boot time is something hard to defend. Even if Xen does not attach the hardware to dom0, there is some pre-Xen phase of boot – BIOS/UEFI. Qubes cannot affect this phase of boot. If you have attached a malicious device that for example pretends

Re: Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

2017-12-22 Thread Vít Šesták
an't truncate LVM volume to zero bytes, so this will require some elaboration. The VM sys-firewall could utilize the same hack unless you have some scripts there. VM sys-net probably cannot utilize this (at least not that straightforwardly) because of network config you have there. Regard

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

2017-12-17 Thread Vít Šesták
. The hardest part of the installation was disconnecting the battery from MoBo, because the connector is very stiff. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving e

Re: [qubes-users] R3.2: Debian 9 template fails to update 50% of the time

2017-12-09 Thread Vít Šesták
to start. When you call stop command, I believe it lets the aready running command to commplete. Then, you are not likely to run TemplateVM for a day, so it is not likely to start again. You should not need to mask the units, at least in theory. Regards, Vít Šesták 'v6ak' -- You received

[qubes-users] When transferring file between Qubes, MD5 changes.

2017-11-17 Thread Vít Šesták
Is it random, or deterministic? Do you observe any signs of unstable system (e.g., freezes, app crashes, VM crashes, system crashes…)? If you do, it might be a faulty RAM. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-

Re: [qubes-users] Qubes & Quantum decryption Immunity

2017-11-13 Thread Vít Šesták
exponentially faster computer. You get a computer with more memory. Such computer can process larger tasks, e.g., factorize larger numbers. But once you have enough memory, adding more qubits make AFAIU no improvement. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscr

Re: [qubes-users] Qubes & Quantum decryption Immunity

2017-11-11 Thread Vít Šesták
to be secure against QC. But those aren't widely used yet. It could be useful to use them together with some old schemes like RSA or ECC. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this grou

[qubes-users] Reasonably secure laptop with touchscreen and enough ram for dictation in Windows App-VM?

2017-10-15 Thread Vít Šesták
like a mouse input. As far as I know, there is no support for passing touch events to VMs in other way than mouse movements and clicks. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

Re: [qubes-users] How to change / swap behavior of Ctrl, Alt, Win, and fn keys?

2017-08-07 Thread Vít Šesták
looks the closest to the desired result. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@google

Re: [qubes-users] Copying between VMs from dom0

2017-06-29 Thread Vít Šesták
I feel this to be controversial. It is right as long as you implement it carefully (How would you handle the separator being present in the content of the file? How would you sanitize the filenames? And so on…) AND you don't exceed the complexity of tar format. Regards, Vít Šesták 'v6ak

Re: [qubes-users] switch to integrated Intel graphic

2017-06-29 Thread Vít Šesták
i915» do? If it proceeds, then the driver doesn't recognize the GPU. If it doesn't, then the driver recognizes GPU, but there is something wrong with config or with the driver. You might also try checking if the same issue happens in Fedora 23. Regards, Vít Šesták 'v6ak' -- You received

[qubes-users] How much inital and max memory for sys and template VMs?

2017-06-28 Thread Vít Šesták
probably apply to sys-firewall and sys-usb. If you are not so tight, I'd recommend slightly more, like 250MiB or 300MiB. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop

Re: [qubes-users] Copying between VMs from dom0

2017-06-28 Thread Vít Šesták
command returns some arbitrary shell commands, you are close to be totally compromised by a malicious sys-net. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving e

[qubes-users] Weird graphical error on a i5 2500k integrated graphics

2017-06-17 Thread Vít Šesták
any other occurrence of it on this mailinglist), I guess it is related to driver version. I suggest trying to update kernel to version from qubes-dom0-current-testing. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users"

Re: [qubes-users] Re: Xen high CPU usage, but nothing is running in the VM

2017-06-17 Thread Vít Šesták
Interesting, I'd expect kswapd to be capable of performing I/O berserk, nou CPU berserk. The only CPU-intensive part should be dm-crypt, but it runs in dom0, not in standard AppVMs (unless you adjust it accordingly). Regards, Vít Šesták 'v6ak' -- You received this message because you

[qubes-users] Xen high CPU usage, but nothing is running in the VM

2017-06-17 Thread Vít Šesták
. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send emai

[qubes-users] Re: Request for feedback: 4.9 Kernel

2017-06-16 Thread Vít Šesták
Not using i915 driver on new CPU is my experience with i7-7500U (Intel HD graphics 620). But Haswell is not so new and I believe even Skylakes should be covered by i915.preliminary_hw_support=1. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google

Re: [qubes-users] Re: Question(s) regarding Qubes minimal templates

2017-06-14 Thread Vít Šesták
Fedora 23 has EOLed, Fedora 24 should EOL in about two months. When Fedora is EOLed, it receives no security updates. So, looking to near future, I'd upgrade to Fedora 25 rather than to Fedora 24. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google

Re: [qubes-users] X.org failure preventing boot, Intel graphics

2017-06-10 Thread Vít Šesták
etc. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group,

[qubes-users] Re: The more cores the merrier?

2017-06-10 Thread Vít Šesták
when looking for high-end laptop without dedicated GPU. If it is a desktop computer, you're in a bit easier position with QubesOS and high-end hardware. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubs

Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root

2017-06-08 Thread Vít Šesták
I've traced the issue a bit. Maybe the race condition is not true. The VM updates works in has root's shell configured to bash instead of zsh. But that's still strange: * user with bash: OK * user with zsh: OK * root with bash: OK * root with zsh: environment issues I've also tried updating to

[qubes-users] Re: Question(s) regarding Qubes minimal templates

2017-06-08 Thread Vít Šesták
feeds kernel RNG. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to thi

Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root

2017-06-07 Thread Vít Šesták
variables. So, maybe either some load or delay in rc.local causes the race condition to be won. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root

2017-06-07 Thread Vít Šesták
in some other VMs based on the template. I have no idea why it behaves this way… Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

[qubes-users] Splitshark – split Wireshark setup prototype

2017-06-05 Thread Vít Šesták
pecially shark) must be harmed! Moreover, no shark shall be brought to Croatia.[4] Regards, Vít Šesták 'v6ak' [1] https://www.wireshark.org/security/ [2] https://wiki.wireshark.org/Security [3] https://wiki.wireshark.org/SSL#Using_the_.28Pre.29-Master-Secret [4] https://en.wikipedia.org/wiki/Spl

[qubes-users] Re: Installing a .deb file

2017-06-05 Thread Vít Šesták
The information linked by Francesco is general and not related to a specific software. I am sorry for the offtopic, but why are you using unsupported Qubes 2.0? See https://www.qubes-os.org/doc/supported-versions/ for supported versions. Regards, Vít Šesták 'v6ak' -- You received

[qubes-users] Weird graphical error on a i5 2500k integrated graphics

2017-06-03 Thread Vít Šesták
monitor? * Is the cable connected well on both sides? * When using PrintScreen, do you see the artefact here? * Do you see the same issue in, say, BIOS menu? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To u

[qubes-users] Re: Rmove templates complitly

2017-05-31 Thread Vít Šesták
I got the same issue with another template. Installing it back (sudo qubes-dom0-install) and uninstalling it again is maybe not an elegant solution, but it did the trick. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

2017-05-31 Thread Vít Šesták
Forgot to add: When will this appear on https://www.qubes-os.org/hcl/ ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

2017-05-31 Thread Vít Šesták
So far: * I've observed just one freeze on resume. It looks better than before. At the time, I plugged HDMI connector just before the resume, but it might be unrelated. * I've observed one sudden reboot, but I am not sure if this can be related to software. * Other than this, it's OK. -- You

  1   2   3   >