[qubes-users] apropos: Dell DSA-2021-088

2021-05-05 Thread haaber

Hi, you probably saw this flaw that seems to be present on all Dell
machines >= 2009.

https://www.dell.com/support/kbdoc/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

it is not entirely clear if BIOS itself is flawed, but
 - the phrase " insufficient access control vulnerability"
 - a new BIOS update on April 27
suggest that a bit. Do you have some more detailed information? If so,
it touches many qubes users as well, which brings me to a more general
question:  Updating BIOS seems, generally, a security nightmare. Running
untrusted software from an untrusted OS on an USB-key enhances
likelihood of an evil-maid attack,  and, worse,  you are the maid !

I am curious on your comments / help suggestions.  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aac5d82a-ffb6-5acc-ae71-86090b2e1334%40web.de.


Re: [qubes-users] Computer freezes when using google maps.

2021-04-21 Thread haaber

Hello,
When I go to maps.google.com in Chrome the PC freezes up. I then have to
long press the power button and restart the PC.
This error is reproducible for me and happens every time I try to use
Google Maps.
It happens mostly when you turn your map to satellite view.
Computer windows 10 HP ZBook G3 intel Xeon E3-1505M v5 with intel
graphics P530 a,d Nvidia Quadro M200M
Does anyone have a solution for this.
Thanks


No clue. Some natural questions ou might ask/answer:

Which xen-kernel (uname -a in dom0 term)?
Which op-system in AppVM (linux? if so which? what kernel?
 or windows ??)
Does it happen in one specific OpSystem, did you test with others?
Does it happen with Firefox?
Does it happen with Chromium in debian/fedora ?

etc

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8f02a7d-0981-c4e0-4694-aa32b08cb7a0%40web.de.


Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-20 Thread haaber




The legacy 'file' storage driver just doesn't implement the required
functionality for 'qvm-volume revert' - one of the many reasons it
will be deprecated:

https://github.com/QubesOS/qubes-issues/issues/6399



Awesome! Thank yu for that hint. When/how will it be changed ?? That
seems quite troublesome to change the internal storage type within a
running system ... will need re-install in some further time??

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/305252a6-74a0-11ab-c826-6e9833086737%40web.de.


Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-18 Thread haaber

I lost a somewhat important file from a software crash in an appvm.



However, '-cow.img' files contain no filesystem, but "binary patch"
data, thus can't be mounted or read directly or without their
corresponding'.img' files.


These are real disc-image files! There is a filesystem, but it is not in
sector 1 :) The trick is to mount it with an offset (see mount command).
To get the right offset, fdisk the file (it should have an old-style
MBR). If fdisk does not accept files (I forgot), try either cfdisk or
simple loop it in a device:

  losetup  /dev/loop42  imagefile.img
  fdisk -p /dev/loop42
  losetup -d /dev/loop42

This gives the starting sector of the partition, that is than handeld
over to mount as offset. And then you can grab data. Good luck!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6842d36d-0588-5d15-1958-21156d7c5573%40web.de.


[qubes-users] tribler blocks/disables sys-firewall ?

2021-03-21 Thread haaber

Hi, I made a small test-vm running only tribler (see
https://www.tribler.org/ for this software). It seems to slow down
sys-firewall so drastcally (example: ping 8.8.8.8 from sys-net 16ms,
from sys-firewall > 4000ms) that de-facto all internet traffic is
blocked. I experimentally short-circuited the firewall (unsafely using
directly sys-net as tribler-netvm), and all is fine. When I switch back,
it blocks  again. This clearly shows that both, tribler and sys-firewall
generate problems. Any ideas / help how to bugfix this ??  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d53a868-ae5b-de01-5a48-042be75b9486%40web.de.


Re: [qubes-users] Replacing the wpa_supplicant wifi daemon with iwd

2021-03-18 Thread haaber

On 3/3/21 5:19 PM, 'qtpie' via qubes-users wrote:

Due to mysterious, unsolvable Wifi issues, I decided to replace the
wpa_supplicant wifi daemon with iwd.

  -- snip --

$ dnf remove wpa_supplicant
$ echo -e "[device] \nwifi.backend=iwd" | tee -a
/etc/NetworkManager/NetworkManager.conf
$ systemctl enable iwd.service
$ systemctl start iwd.service
$ systemctl restart NetworkManager


interesting. I tried that in my debian-minimal-net but I cannot start
iwd with systemctl. Errors similar to here

  https://bbs.archlinux.org/viewtopic.php?id=250220

but the proposed "solution" does not work. The thread suggests

  sudo cp /usr/lib/systemd/system/iwd.service /etc/systemd/system/

but that file does simply not exist, so I cannot copy it. So I stopped
that experiment for the moment. Maybe @unman has a suggestion for a
well-working debian-based 'minimal' solution without  networkmanager
and/or   wpa_applicant ?  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6331118-ec61-9e6d-dc28-f1c1220c317c%40web.de.


Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-17 Thread haaber

On 3/17/21 12:13 AM, Fabrizio Romano Genovese wrote:

Booting from a live version and switching to the old kernel solved it.
Has anyone else experienced something similar with kernel 5.11 or it is
just myself? I had a boot fuckup with kernel 5.10 as well a few weeks
ago, but I just waited for the next release and that solved it. I'd like
to understand if the situation is similar here or if it's a problem of
my machine, in which case I'll investigate deeper.


there are several issues. Like

https://github.com/QubesOS/qubes-issues/issues/6446
https://github.com/QubesOS/qubes-issues/issues/6397

but they might be unrelated, as well.




On Tuesday, March 16, 2021 at 5:29:53 PM UTC+1 rud...@rudd-o.com wrote:

You can mask the unit in the GRUB kernel command line with the
parameter:

systemd.mask=qube...@sys-net.service

And then you will be able to log in and fix the kernel issue
(without networking, of course).

You can also choose the older kernel in the GRUB menu.

On 16/03/2021 16.49, Fabrizio Romano Genovese wrote:

As the title says. I've upgraded to the latest kernel (5.11) on
qubes 4.0 and now boot is stuck. How do I get out of this? :)

Fab
--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/7ba1ae0f-4037-4a47-9bf4-aa9eae652a7dn%40googlegroups.com

.



--
 Rudd-O
 https://rudd-o.com/  

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/772e2a89-da21-4f87-8977-0e171526978fn%40googlegroups.com
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/653f2978-ba00-c38e-5d3a-e9ffce173137%40web.de.


Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-16 Thread haaber

On 3/16/21 4:49 PM, Fabrizio Romano Genovese wrote:

As the title says. I've upgraded to the latest kernel (5.11) on qubes
4.0 and now boot is stuck. How do I get out of this? :)



you go back: boot a life linux, mount your UEFI partition, search for
/efi/EFI/qubes/xen.cfg or  /efi/EFI/BOOT/xen.cfg and edit the first
line, by copying one of the available kernel-names from list below. It's
straightforward. Use nano editor, for example. Crtl-k cuts a line,
crtl-u pastes it back. A second crtl-u gives a clean second copy. that
way you avoid typing errors.  good luck

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40ac8c17-c7fe-969a-12f3-5002d8282407%40web.de.


[qubes-users] Re: Qubes OS 4.0.4 has been released!

2021-03-05 Thread haaber

Dear Andrew

thank you. My system (based on q4.0) is up-to-date. However I need to
test the

kernel-latest-5.10.16-1.3.fc32.qubes.x86_64.rpm

compile that marmarek put only in r4.1 repos. Could you push it please
into r4.0 as well or are they incompatible ??

cheers, Bernhard




Dear Qubes Community,

We're pleased to announce the release of Qubes OS 4.0.4! This is the
fourth stable release of Qubes 4.0. It includes many updates over the
initial 4.0 release, including:

- All 4.0 dom0 updates to date
- Fedora 32 TemplateVM
- Debian 10 TemplateVM
- Whonix 15 Gateway and Workstation TemplateVMs
- Linux kernel 5.4 by default

Qubes 4.0.4 is available on the downloads page:

https://www.qubes-os.org/downloads/


What is a point release?


A point release does not designate a separate, new version of Qubes OS.
Rather, it designates its respective major or minor release (in this
case, 4.0) inclusive of all updates up to a certain point. Installing
Qubes 4.0 and fully updating [1] it results in the same system as
installing Qubes 4.0.4.


What should I do?
-

If you installed Qubes 4.0, 4.0.1, 4.0.2, or 4.0.3 and have fully
updated [1], then your system is already equivalent to a Qubes
4.0.4 installation. No further action is required.

Regardless of your current OS, if you wish to install (or reinstall)
Qubes 4.0 for any reason, then the 4.0.4 ISO makes this more convenient
and secure, since it bundles all Qubes 4.0 updates to date. Please see
the installation guide [2] for detailed instructions.

Thank you to all the release candidate users for testing this release
and reporting issues [3]!


[1] https://www.qubes-os.org/doc/updating-qubes-os/
[2] https://www.qubes-os.org/doc/installation-guide/
[3] https://www.qubes-os.org/doc/reporting-bugs/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2021/03/04/qubes-4-0-4/



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/790a8d89-e94a-7904-56a7-bd6c31fd869f%40web.de.


Re: [qubes-users] Dom0 kernel panic

2021-03-04 Thread haaber

On 3/4/21 9:16 PM, frag face wrote:

Thanks for your answer Bernhard,

I wonder if I could make a  Qube-style backup of the qubes in my
hardrive instead of a rsync to restore/add them directly in the new
installed Qube system, kind of  lazy way ;)

BR


You can, with some extra work: The complete qubes-backup procdure is
explained online. It is, roughly speaking, a tar archive with special
checksum files to ensure pwds are correct.

I always to these backups by hand, to keep myself trained.

My method "sous-entend" that you "safe backup": in your life system
generate a container file (truncate -s 200G
/externalstorage/backup.luks), then losetup: (first losetup -f to get a
free slot, then bind it with losetup /dev/loopX
/externalstorage/backup.luks ), and cryptsetup luksFormat /dev/loopX
;cryptsetup luksOpen /dev/loopX BACKUP; mkfs.ext2 /dev/mapper/BACKUP ;
mount /dev/mapper/BACKUP /somemountpoint

For rsync'ing back inside qubes from subfolders you
- attach usb to dispVM1 (widget)
- lopsetup the container
- attach container mapper to dispVM2 (widget)
- there start same procedure as above at "luksOpen" step and then attach
the full decrypted backup to each VM with the widget, and rsync back the
correct subfolder in your home. You can use --exclude to avoid
"dot"-files ...   best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d54904c-68ee-6ecf-4d59-10cddbd8941c%40web.de.


Re: [qubes-users] What is the latest version of Qubes (on 23 February 2021)

2021-02-23 Thread haaber

On 2/23/21 12:58 PM, load...@gmail.com wrote:

I know about *'Qubes Release 4.0.3'* and *'**Qubes Release 4.0.4-rc2'*,
but I don't understand what is the version I have.


your "initial" qubes  release is marked in the file /etc/qubes-release


/kernel-qubes-vm.x86_64 1000:4.14.74-1.pvops.qubes
kernel-qubes-vm.x86_64  1000:4.19.15-1.pvops.qubes


these are outdated kernels. The stable kernels should be 5.x now, and if
they are 4.x it is certainly 4.19.(>150). I infer from this that
something is weird. Distinguish xen-kernel (package "kernel.x86_64") and
AppVM kernels containing "qubes-vm" it their name. They are different.


*So could anybody tell me is this the latest version of Qubes OS or
something happened with my update process?*



did you run as donoban suggested the update command
"sudo qubes-dom0-update --refresh"
inside a dom0-terminal ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab988faa-926c-fadc-2908-ae5276b1ab7c%40web.de.


Re: [qubes-users] Memory balancing very inefficient

2021-02-22 Thread haaber

Today I noticed that many VMs do get a lot more RAM than they actually
use. While using only about 200-300MB small vms like -net and -firewall
get gigabytes of memory and this seem to be the case even if memory is
running out (sum of all VMs approaches physical RAM size). Also dom0 is
using only about 700MB but gets 4GB.

1) does memory balancing take back memory from a VM at all?

apparently, as much as there is enough, each appVM gets MaxMem-size
(kernel param, usually 4G). When memory is gettng tight the qmemmman
manager does "balooning" whatever that is exactly.
This behaviour might be linked to errors (e.g. my qubes install does not
support 5.x xen kernels: crashes can be caused by "memory stress" and
even if not, they always finish by loads of qmemman log entries, before
deep freeze (not even a kernel panic, just sudden death)


2) how does it happen that VMS get assigned this ridiculously larger
amount of memory compare to their usage?

by design, as explained.


3) is there something that can be done besides manually setting limits
for all VMs?

Good question.


I current think about limiting all small VMs to 256MB and dom0 to 2 GB
of RAM (by GRUB parameter) lacking any idea for a better approch.


Tell us if that works! My qubes has no grub. But you can set kernel
params in /boot/efi/EFI/qubes/xen.cfg

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67f3fd08-14a1-2766-1dff-6a46ff15c819%40web.de.


[qubes-users] kernel crashes (?) 5.10.13

2021-02-08 Thread haaber

I am testing the above xen kernel. I experience random freezes of the
system, with no significant "last words" in the logs, if it is not many
many  qmemman notices like these (sorry for the length). Is this a known
issue?? Any hints to stabilite the system?   Cheers!




Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4551340032.0, total_available_memory=11504979715.02)
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]: left_memory=1402107746
acceptors_count=3
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4592266444.8, total_available_memory=11464053302.2)
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]: left_memory=1456607746
acceptors_count=3
Feb 08 18:15:43 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4648645427.2, total_available_memory=11407674319.81)
Feb 08 18:15:43 dom0 qmemman.daemon.algo[2055]: left_memory=1530113766
acceptors_count=3
Feb 08 18:15:44 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4691084083.2, total_available_memory=11365235663.81)
Feb 08 18:15:44 dom0 qmemman.daemon.algo[2055]: left_memory=1584279066
acceptors_count=3
Feb 08 18:15:45 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4732670771.2, total_available_memory=11323648975.81)
Feb 08 18:15:45 dom0 qmemman.daemon.algo[2055]: left_memory=1636414622
acceptors_count=3
Feb 08 18:15:56 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4683198054.4, total_available_memory=11373121692.6)
Feb 08 18:15:56 dom0 qmemman.daemon.algo[2055]: left_memory=1574288232
acceptors_count=3
Feb 08 18:17:26 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4724763443.2, total_available_memory=11331556303.8)
Feb 08 18:17:26 dom0 qmemman.daemon.algo[2055]: left_memory=1485460405
acceptors_count=3
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '5'
act=2198308027 pref=488608972.8 last_target=2198308027
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '4'
act=1670913193 pref=334349516.8 last_target=1670913193
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '0'
act=4294967296 pref=1453227212.8 last_target=4294967296
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '7'
act=4194304000 pref=1386774937.601 last_target=4194304000
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '3'
act=33554432 pref=108003328 last_target=33554432
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '6'
act=3646632184 pref=953799475.2 last_target=3646632184
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: xenfree=70069415
memset_reqs=[('5', 2153453877), ('4', 1629753095), ('3', 33554432),
('0', 4294967296), ('7', 4194304000), ('6', 3732745
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 5 to
2153453877
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 4 to
1629753095
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 3 to 33554432
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 0 to
4294967296
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 7 to
4194304000
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 6 to
3732745262
Feb 08 18:17:35 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17542515,
total_mem_pref=4765301145.6, total_available_memory=11291019331.4)
Feb 08 18:17:35 dom0 qmemman.daemon.algo[2055]: left_memory=1400321867
acceptors_count=3
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '5'
act=2153453877 pref=488608972.8 last_target=2153453877
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '4'
act=1629753095 pref=334349516.8 last_target=1629753095
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '0'
act=4294967296 pref=1453227212.8 last_target=4294967296
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '7'
act=4194304000 pref=1386774937.601 last_target=4194304000
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '3'
act=33554432 pref=108003328 last_target=33554432
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '6'
act=3732745262 pref=994337177.6 last_target=3732745262
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: xenfree=69971315
memset_reqs=[('5', 2110991693), ('4', 1591745932), ('3', 33554432),
('0', 4294967296), ('7', 4194304000), ('6', 3813300
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 5 to
2110991693
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 4 to
1591745932
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 3 to 33554432
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 0 to
4294967296
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 7 to

Re: [qubes-users] Re: [PATCH v5.10] drm/i915/userptr: detect un-GUP-able pages early

2021-02-07 Thread haaber





No, but this patch has been superseded by the latest intel xorg driver.
To try it, just enable the current-testing repo and upgrade
xorg-x11-drv-intel to at least v2.99.917-49.20210126.

 sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing 
--action=upgrade xorg-x11-drv-intel

Discussion: 
https://github.com/QubesOS/qubes-issues/issues/6356#issuecomment-765952048


Hi, I get that type of message before complete qubes-crash, and I wonder
if it is linked. It happens almost sure in any video-conf, often while
browsing. And 5x day ...

Thank you!


Feb 07 11:06:45 dom0 kernel: [ cut here ]
Feb 07 11:06:45 dom0 kernel: i915 :00:02.0: drm_WARN_ON((val & (1 <<
30)) ==
 0)
Feb 07 11:06:45 dom0 kernel: WARNING: CPU: 3 PID: 3538 at
/home/user/rpmbuild/BU
ILD/kernel-latest-5.10.13/linux-5.10.13/drivers/gpu/drm/i915/display/intel_cdclk
.c:850 skl_get_cdclk+0x22b/0x2
Feb 07 11:06:45 dom0 kernel: Modules linked in: binfmt_misc loop
ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter vfat fat
snd_hda_codec_hdmi s
nd_soc_skl snd_soc_sst_ipc snd
Feb 07 11:06:45 dom0 kernel:  xen_acpi_processor xenfs ip_tables
dm_thin_pool dm
_persistent_data dm_bio_prison dm_crypt hid_multitouch rtsx_pci_sdmmc
mmc_core c
rct10dif_pclmul crc32_pclmul c
Feb 07 11:06:45 dom0 kernel: CPU: 3 PID: 3538 Comm: Xorg Tainted: G
   W
 5.10.13-1.fc25.qubes.x86_64 #1
Feb 07 11:06:45 dom0 kernel: Hardware name: Dell Inc. Latitude
7390/09386V, BIOS
 1.5.1 07/12/2018
Feb 07 11:06:45 dom0 kernel: RIP: e030:skl_get_cdclk+0x22b/0x2b0 [i915]
Feb 07 11:06:45 dom0 kernel: Code: 8b 6f 50 4d 85 ed 0f 84 88 00 00 00
e8 3e 57
56 c1 48 c7 c1 08 ac 3d c0 4c 89 ea 48 89 c6 48 c7 c7 a5 2b 40 c0 e8 e5
70 e0 c0
 <0f> 0b 8b 53 04 e9 11 fe ff
Feb 07 11:06:45 dom0 kernel: RSP: e02b:c90001ebb9e0 EFLAGS: 00010286
Feb 07 11:06:45 dom0 kernel: RAX:  RBX: c90001ebba0c
RCX: 00
27
Feb 07 11:06:45 dom0 kernel: RDX:  RSI: 888135cd8a80
RDI: 888135cd8a88
Feb 07 11:06:45 dom0 kernel: RBP: 888107ca R08: 0003
R09: 0001
Feb 07 11:06:45 dom0 kernel: R10:  R11: c90001ebb7d8
R12: 888107ca0808
Feb 07 11:06:45 dom0 kernel: R13: 888100da3350 R14: 
R15: 888107ca
Feb 07 11:06:45 dom0 kernel: FS:  78d3e66a9a40()
GS:888135cc() knlGS:
Feb 07 11:06:45 dom0 kernel: CS:  e030 DS:  ES:  CR0:
80050033
Feb 07 11:06:45 dom0 kernel: CR2: 7e6aae2db518 CR3: 00012049e000
CR4: 00050660
Feb 07 11:06:45 dom0 kernel: Call Trace:
Feb 07 11:06:45 dom0 kernel:  gen9_disable_dc_states+0x67/0x260 [i915]
Feb 07 11:06:45 dom0 kernel:  intel_power_well_enable+0x3e/0x50 [i915]
Feb 07 11:06:45 dom0 kernel:
__intel_display_power_get_domain.part.24+0x6f/0x90 [i915]
Feb 07 11:06:45 dom0 kernel:  intel_display_power_get+0x49/0x60 [i915]
Feb 07 11:06:45 dom0 kernel:  __gt_unpark+0x2c/0x70 [i915]
Feb 07 11:06:45 dom0 kernel:  __intel_wakeref_get_first+0x3b/0x80 [i915]
Feb 07 11:06:45 dom0 kernel:  i915_gem_do_execbuffer+0x170a/0x1e80 [i915]
Feb 07 11:06:45 dom0 kernel:  ? unix_stream_read_generic+0x97e/0xa00
Feb 07 11:06:45 dom0 kernel:  ? kmem_cache_free+0x2bd/0x2e0
Feb 07 11:06:45 dom0 kernel:  ? unix_stream_read_generic+0x97e/0xa00
Feb 07 11:06:45 dom0 kernel:  ? kmem_cache_free+0x2bd/0x2e0
Feb 07 11:06:45 dom0 kernel:  i915_gem_execbuffer2_ioctl+0xea/0x200 [i915]
Feb 07 11:06:45 dom0 kernel:  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0 [i915]
Feb 07 11:06:45 dom0 kernel:  drm_ioctl_kernel+0xb6/0x100 [drm]
Feb 07 11:06:45 dom0 kernel:  drm_ioctl+0x329/0x3b0 [drm]
Feb 07 11:06:45 dom0 kernel:  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0 [i915]
Feb 07 11:06:45 dom0 kernel:  __x64_sys_ioctl+0x8e/0xd0
Feb 07 11:06:45 dom0 kernel:  ? syscall_trace_enter.isra.18+0x163/0x1b0
Feb 07 11:06:45 dom0 kernel:  do_syscall_64+0x33/0x40
Feb 07 11:06:45 dom0 kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Feb 07 11:06:45 dom0 kernel: RIP: 0033:0x78d3e3d3d6a7
Feb 07 11:06:45 dom0 kernel: Code: 00 00 00 48 8b 05 e1 27 2c 00 64 c7
00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8
10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3
Feb 07 11:06:45 dom0 kernel: RSP: 002b:7fff95e584a8 EFLAGS: 0246
ORIG_RAX: 0010
Feb 07 11:06:45 dom0 kernel: RAX: ffda RBX: 000e
RCX: 78d3e3d3d6a7
Feb 07 11:06:45 dom0 kernel: RDX: 7fff95e584e0 RSI: 40406469
RDI: 000e
Feb 07 11:06:45 dom0 kernel: RBP: 7fff95e584e0 R08: 000c
R09: 78d3e6770020
Feb 07 11:06:45 dom0 kernel: R10: 3fd0 R11: 0246
R12: 78d3dd779000
Feb 07 11:06:45 dom0 kernel: R13: 1000 R14: 7fff95e584e0
R15: 021b9730
Feb 07 11:06:45 dom0 kernel: ---[ end trace 528bf252a0c1a39e ]---

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To 

[qubes-users] BIG instability problems of qubes

2021-02-03 Thread haaber

Dear qubes community, I use qubes since its version 3, with many up's
and downs (more up's, happily). Since its version 4 it worked quite
stable, but this changed since some months. I am obliged to hard-reboot
my machine 5-10 times per day, versus a scheduled reboot every two-three
weeks before.

- Somehow the 5.4.x kernels (for xen) are instable on my machine. They
run smoothly my debian appvm's. No clue if the kernel its crashes, but
after 2-15   min the systems becomes unusable: the screen "hangs" and no
other way out than hard reboot. I have a rather std i7, I mention. HCL
attached. My problems:

- The last upgrade removed my last 4.9 xen kernel which would work fine
(how can I get that one back??) so I switched to 5.10 directly. The last
one braught by update won't work: under 5.10.11 kernel, NO WAY to boot a
debian-vm. Journalctl says:


Jan 29 21:39:55 dom0 qubesd[2087]: Start failed: internal error:
libxenlight failed to create new domain 'sys-net'
Jan 29 21:39:55 dom0 qmemman.daemon.algo[2095]:
balance_when_enough_memory(xen_free_memory=12370411092,
total_mem_pref=779203379.2, total_available_memory=15886175008.8)
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: stat: dom '0'
act=4294967296 pref=779203379.2 last_target=4294967296
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: stat:
xenfree=12422839892 memset_reqs=[('0', 4294967296)]
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: mem-set domain 0 to
4294967296



- when running zoom with 5.10.5 xen kernel inside a dedicated zoom-vm
(debian-10) inside firefox (no custom app). The system "hangs" screen
hangs, sound loops over last second, and that's it. I do not see any
special before the problem occurs (see down) but  there is something
strange while boot. It is displayed for each CPU separately.


Feb 02 16:14:43 dom0 kernel: [ cut here ]
Feb 02 16:14:43 dom0 kernel: WARNING: CPU: 1 PID: 0 at
/home/user/rpmbuild/BUILD/kernel-latest-5.10.5/linux-5.10.5/arch/x86/xen/enlighten_pv.c:660
get_trap_addr+0x81/0x90
Feb 02 16:14:43 dom0 kernel: Modules linked in: loop ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter vfat fat
snd_hda_codec_hdmi snd_soc_skl snd_soc_sst_ipc snd_soc_sst_dsp
Feb 02 16:14:43 dom0 kernel:  xen_acpi_processor xenfs ip_tables
dm_thin_pool dm_persistent_data dm_bio_prison dm_crypt hid_multitouch
nvme rtsx_pci_sdmmc mmc_core crct10dif_pclmul crc32_pcl
Feb 02 16:14:43 dom0 kernel: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G
W 5.10.5-1.qubes.x86_64 #1
Feb 02 16:14:43 dom0 kernel: Hardware name: Dell Inc. Latitude
7390/09386V, BIOS 1.5.1 07/12/2018
Feb 02 16:14:43 dom0 kernel: RIP: e030:get_trap_addr+0x81/0x90
Feb 02 16:14:43 dom0 kernel: Code: b0 c4 e1 82 48 89 07 b8 01 00 00 00
85 f6 74 04 84 c0 75 16 b8 01 00 00 00 c3 48 8b 42 08 48 89 07 0f b6 42
10 83 f0 01 eb e2 <0f> 0b 31 c0 c3 cc cc cc cc
Feb 02 16:14:43 dom0 kernel: RSP: e02b:c9abfe08 EFLAGS: 00010002
Feb 02 16:14:43 dom0 kernel: RAX: 0001 RBX: 830d41d0
RCX: 82625558
Feb 02 16:14:43 dom0 kernel: RDX: 82625558 RSI: 0005
RDI: c9abfe10
Feb 02 16:14:43 dom0 kernel: RBP: 830da0f0 R08: 0001
R09: 
Feb 02 16:14:43 dom0 kernel: R10: 8249f900 R11: 82744648
R12: 830d9f20
Feb 02 16:14:43 dom0 kernel: R13: 001d R14: 8249f440
R15: 001d
Feb 02 16:14:43 dom0 kernel: FS:  ()
GS:888135c4() knlGS:
Feb 02 16:14:43 dom0 kernel: CS:  1e030 DS: 002b ES: 002b CR0:
80050033
Feb 02 16:14:43 dom0 kernel: CR2: 720f340010c6 CR3: 0261
CR4: 00050660
Feb 02 16:14:43 dom0 kernel: Call Trace:
Feb 02 16:14:43 dom0 kernel:  cvt_gate_to_trap+0x50/0xa0
Feb 02 16:14:43 dom0 kernel:  ? asm_exc_double_fault+0x30/0x30
Feb 02 16:14:43 dom0 kernel:  xen_convert_trap_info+0x60/0xa0
Feb 02 16:14:43 dom0 kernel:  xen_load_idt+0x46/0xa0
Feb 02 16:14:43 dom0 kernel:  load_current_idt+0x11/0x20
Feb 02 16:14:43 dom0 kernel:  cpu_init+0x148/0x410
Feb 02 16:14:43 dom0 kernel:  cpu_bringup+0x10/0x90
Feb 02 16:14:43 dom0 kernel:  xen_pv_play_dead+0x38/0x60
Feb 02 16:14:43 dom0 kernel:  do_idle+0x1c9/0x2b0
Feb 02 16:14:43 dom0 kernel:  cpu_startup_entry+0x19/0x20
Feb 02 16:14:43 dom0 kernel:  asm_cpu_bringup_and_idle+0x5/0x1000
Feb 02 16:14:43 dom0 kernel: ---[ end trace 011f03ca1c0f295f ]---
Feb 02 16:14:43 dom0 kernel: cpu 1 spinlock event irq 131
Feb 02 16:14:43 dom0 kernel: ACPI: \_PR_.PR01: Found 3 idle states
Feb 02 16:14:43 dom0 kernel: CPU1 is up
Feb 02 16:14:43 dom0 kernel: installing Xen timer for CPU 2
Feb 02 16:14:43 dom0 kernel: [ cut here ]

[IN RED COLOUR]
Feb 02 16:15:22 dom0 qmemman.systemstate[2401]: Xen free = 142013308 too
small for satisfy assignments! assigned_but_unused=117851537,
domdict={'6': {'no_progress': False, 'id': '6', 'mem_us


Feb 02 16:19:58 dom0 qmemman.daemon.algo[2401]:

SOLVED. Re: Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-31 Thread haaber


It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda
-
Thank you very much Donoban. I tried:
root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d
/dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot"
efibootmgr: ** Warning ** : Boot0002 has same label Qubes
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: ,0001
Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1
  PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700)
Boot0002* Qubes
  
HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder
 /mapbs /noexitboot
Boot0006* CD/DVD/CD-RW Drive    BBS(CDROM,CD/DVD/CD-RW Drive,0x0)
Boot0007* Onboard NIC    BBS(Network,IBA CL Slot 00FE v0112,0x0)
Boot* Qubes
  
HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder
 /mapbs /noexitboot
what you see is that Qubes was still in the UEFI "line" now at position
0002. I will have to try a reboot - don't like it, because it is a pain
in the neck to re-install wireless on debian; I hope that I downloaded
all packages I need on /boot of my life system ... otherwise I will
become silent for a while!    Cheers


I tried a reboot after an extra-emergeny backup (luks-by-hand training:)
and your efibootmgr command worked. qubes is back!  Thank you so much.

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d127edb5-6ecc-e4cf-814d-dbf602c30907%40web.de.


Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-30 Thread haaber
 

 
 

Gesendet: Samstag, 30. Januar 2021 um 10:28 Uhr
Von: "donoban" 
An: qubes-users@googlegroups.com
Betreff: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

Hi,

On 1/30/21 8:43 AM, haa...@web.de wrote:
> I am surprised by the sizes -- files seem small. Do the seem correct?? 
> Are there files missing?? Could maybe someone check these md5sums, please?
>  

Probably the initramfs differ due different hardware or configuration.
vmlinuz image seems fine.

> (3) I could try the " efibootmgr " commands mentioned in UEFI
troubleshooting, but I do not understand them, and I am afraid to f*ck
it up even worse. If my harddrive-boot partition is mounted on /BOOT
instead of /boot , how would the command read, please??

It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda
-

 

 

Thank you very much Donoban. I tried:

 

root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot"
efibootmgr: ** Warning ** : Boot0002 has same label Qubes
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: ,0001
Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1    PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700)
Boot0002* Qubes    HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot
Boot0006* CD/DVD/CD-RW Drive    BBS(CDROM,CD/DVD/CD-RW Drive,0x0)
Boot0007* Onboard NIC    BBS(Network,IBA CL Slot 00FE v0112,0x0)
Boot* Qubes    HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot
 

 

what you see is that Qubes was still in the UEFI "line" now at position 0002. I will have to try a reboot - don't like it, because it is a pain in the neck to re-install wireless on debian; I hope that I downloaded all packages I need on /boot of my life system ... otherwise I will become silent for a while!    Cheers

 






-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-559faab6-63c7-4cbe-bf49-42f2e860cf2b-1612026841940%403c-app-webde-bap06.


[qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-29 Thread haaber
The main line is in the title. I did a dom0 upgrade that installed kernel-latest. After reboot I got the freaky message

"No bootable device found, press F1... F2 .. F5.." -- it does not really say where it comes from, but it sounds like a BIOS message.

 

I have no idea where to start, so I give all I have here and ask for help. Please read quickly over it, any hint is appreciated.

(1) I did boot my computer with a live linux.

(2) The boot partition does exist. The qubes folder reads like this

 


-rwxr-xr-x 1 root root  24M Jan 29 17:57 initramfs-5.10.11-1.fc25.qubes.x86_64.img
-rwxr-xr-x 1 root root  24M Jan 12 15:27 initramfs-5.10.5-1.qubes.x86_64.img
-rwxr-xr-x 1 root root  23M Jan 24 09:41 initramfs-5.10.8-1.qubes.x86_64.img
-rwxr-xr-x 1 root root  24M Jan 24 09:39 initramfs-5.4.91-1.fc25.qubes.x86_64.img
-rwxr-xr-x 1 root root 7.9M Jan 29 17:57 vmlinuz-5.10.11-1.fc25.qubes.x86_64
-rwxr-xr-x 1 root root 7.9M Jan 12 15:27 vmlinuz-5.10.5-1.qubes.x86_64
-rwxr-xr-x 1 root root 7.9M Jan 24 09:41 vmlinuz-5.10.8-1.qubes.x86_64
-rwxr-xr-x 1 root root 6.9M Jan 24 09:39 vmlinuz-5.4.91-1.fc25.qubes.x86_64
-rwxr-xr-x 1 root root 2.0M Jan  4 00:43 xen-4.8.5-29.fc25.efi
-rwxr-xr-x 1 root root 1.4K Jan 29 20:57 xen.cfg
-rwxr-xr-x 1 root root 2.0M Jan  4 00:43 xen.efi

 

I am surprised by the sizes -- files seem small. Do the seem correct??  Are there files missing?? Could maybe someone check these md5sums, please?

 

1ff66a646f443da650caca5a71d14dc9  initramfs-5.10.11-1.fc25.qubes.x86_64.img
0ed0b625599395686c950b11ca626659  initramfs-5.10.5-1.qubes.x86_64.img
66ad105adc1bcf8543fde0be5e1cffa9  initramfs-5.10.8-1.qubes.x86_64.img
aa03e2e037aa2a173c4f9a2db6dd9096  initramfs-5.4.91-1.fc25.qubes.x86_64.img
36993c5ea1f93a37c548f8ac32b18baf  vmlinuz-5.10.11-1.fc25.qubes.x86_64
9669c095819240d8117f208748707b4c  vmlinuz-5.10.5-1.qubes.x86_64
3db1a8bdd97a608a5459ac5521052ab8  vmlinuz-5.10.8-1.qubes.x86_64
0834cc9a9bfbacb9cfc420f3b879bca7  vmlinuz-5.4.91-1.fc25.qubes.x86_64

 

If these files were corrupt, other error messages should appear, so it is, probably, somthing else. But still!

Next, my actual xen.cfg reads like this

 


[global]
default=5.4.91-1.fc25.qubes.x86_64

[5.10.5-1.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.10.5-1.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.10.5-1.qubes.x86_64.img
[5.4.91-1.fc25.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.4.91-1.fc25.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.4.91-1.fc25.qubes.x86_64.img
[5.10.11-1.fc25.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.10.11-1.fc25.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.10.11-1.fc25.qubes.x86_64.img

 

these all look OK, a part from 5.10.8. being present as files, but not in the boot menu, which is strange.

 
 


(3) I could try the " efibootmgr " commands mentioned in UEFI troubleshooting, but I do not understand them, and I am afraid to f*ck it up even worse. If my harddrive-boot partition is mounted on /BOOT instead of /boot  , how would the command read, please??


 

 

 

Thank you very much,  Bernhard





-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-9fc2348b-403a-4b48-a530-bda38d1047d6-1611992631199%403c-app-webde-bap08.


[qubes-users] Re: Qubes OS 4.0.4-rc2 has been released!

2021-01-24 Thread haaber

I have a kernel question. With last updates I have 3 kernels 5.4.x
installed and one 5.10.x (kernel-latest). It happens that the
5.4.x-kernels provoque freezes & sponaneous reboots. So I would like to
ask qubes to disregard these (5.4.x) and keep at least two 5.9.x or
5.10.x kernels when upgrading (and maybe some stable 4.x kernel as
backup in case). How can I do that?  Cheers.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08712453-a8b6-4cb0-b09a-26e834743915%40web.de.


Re: [EXT] Re: [qubes-users] wireless " intruder "

2021-01-07 Thread haaber

On 1/6/21 6:11 PM, Ulrich Windl wrote:

On 1/3/21 2:24 PM, haaber wrote:
...

Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.


Are there logs (the famous "last words")?


(my) mirage does not log. It has a fixed size of 32 MB, not much space
for logging .. and dom0 has no useful info on that incident.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/881aa0f7-a368-bf82-e556-f098c01ada07%40web.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2021-01-07 Thread haaber

I'm not sure exactly what you mean, but there's:


I mean: It seems you need the file manager to open the file just to
register it as handler; is there an alternative not using the file manager?


not that I know. But you can register it "by hand" by creating a .dsktop
file yourself (as I explained earlier). Put these lines

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/user/.local/bin/send-to-vm.sh %f
Name=Send a screenshot to VM
Comment=Custom definition for send-to-vm.sh

in a new file in ~/.local/share/applications/userapp-screenshot.desktop

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc5559fd-e70b-de8c-f81d-390b5f59c4c5%40web.de.


Re: [qubes-users] USB stick issue

2021-01-07 Thread haaber

Maybe it's related to recent updates, or my computer is starting to die:
Anyway: Today I had plugged in my USB stick and attached it successfully
to "vault". I had opened a file from it. The suddenly within one second,
I saw the stick being disconnected and reconnected, and the "vault"
failed to write the file.


that happens also when a "bad electrical connection" happens (worn out
usb plug, for example). Then the usb-"attach" breaks, but the virtual
device number (xvd..) i still blocked, so a reconnect increases the
number (from i to j to k). etc. That is not "expected" but happens.

I would power down sys-usb and vault and try again. And I would not take
data from usb into vault, rather from usb into a dispVM first, if you
need to grab data into vault: There you can still perform (integrity)
checks before copying them to vault...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5070d2c3-ecba-09ab-bf65-b93bce764862%40web.de.


Re: [qubes-users] Re: HCL -- Intel NUC10i7 issues with kernel-latest

2021-01-04 Thread haaber

On 1/4/21 11:39 PM, 'awokd' via qubes-users wrote:

tv.f...@gmail.com:


How did you install the 5.8.16 kernel? When I do something like

$ qubes-dom0-update kernel-lateat-5.8.16

it shows me the package, downloads it, but then it tells me "no package
kernel-latest-5.8.16 available" so I'm a bit confused.


EXAMPLE:

sudo qubes-dom0-update  kernel-latest-1000:5.9.14-1.qubes.x86_64
--enablerepo=qubes-dom0-unstable

simply change numbers to your wanted kernel version.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d746624b-301d-b079-4410-9a12369d6243%40web.de.


Re: [qubes-users] wireless " intruder "

2021-01-03 Thread haaber

On 1/3/21 1:04 PM, David Hobach wrote:

On 1/3/21 12:43 PM, haaber wrote:

Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:

When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall!  That is
fancy. The network structure is

sys-net - mirage-firewall -qubes-firewall - dispVM

and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us!    Cheers,  Bernhard


Your firewalls might interfere with the nmap replies and thus everything
is shown as filtered.

I did it in sys-net but they remain "filtered". That is not a
firewall-artefact.



Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.



P.S:  I will see if I can use my phone as AP honypot using the same SSID
& pwd to find that antenna using signal strength (the idea is that I can
move it), but usually that is very hard, due to natural "shadows" and
reflections.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42a9d26b-764e-3806-6dc1-93c7385a8e17%40web.de.


[qubes-users] wireless " intruder "

2021-01-03 Thread haaber

Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:

When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall!  That is
fancy. The network structure is

sys-net - mirage-firewall -qubes-firewall - dispVM

and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us!Cheers,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05b44784-2fd3-4241-7e52-4afbfda7d036%40web.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2020-12-29 Thread haaber

On 12/29/20 7:02 PM, Ulrich Windl wrote:

Better:  create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".


When trying, it seems my Dom0 does not have a file manager in the menu.
I had to run "thunar" manually from the terminal.

you are right.


Also: Wouldn't qvm-move-to-vm be preferrable (also replacing "Send" with
"Move")?

you are right again. It was a "proof of concept" code. Thank you for the
correction!



This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.

Or write it by hand: like
 ~/.local/share/applications/userapp-screenshot.desktop  containing

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/user/.local/bin/send-to-vm.sh %f
Name=Send a screenshot to VM
Comment=Custom definition for SCREENSHOT.sh


cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/723ac154-6fb1-3469-b43e-9e960a0d630f%40web.de.


Re: [qubes-users] Disable lock screen / screenshot question

2020-12-23 Thread haaber

On 12/22/20 10:18 PM, Jarrah wrote:



How do you disable the automatic screen lock? I have the screensaver
disabled and the lock screen option unchecked but it still locks after a
few minutes.



For me, there is a "presentation mode" on the battery icon (which shows
on both desktop and laptop) that disables the screen lock.


Also when using the screenshot function in system tools, is it possible to
save to the AppVM file system you are currently using rather than to Dom0?
Or how do I access it once it is saved to Dom0?



You should be able to get them to your AppVM using `qvm-copy-to-vm  `  from the terminal.


Better:  create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".
This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16a62446-060f-1faf-8cb8-daedeb67d440%40web.de.


Re: [EXT] [qubes-users] crontab backups?

2020-12-21 Thread haaber

>
> Thank you for the response. It actually ended up that cron did not like
> executing a script, I just put the exact same line from the script
> directly into cron.cron is not anti-script as such. I experienced
problems using pipes (I guess a pipe spawns off a new thread, that does
not necessarily run under the same user)
> Now I just need to understand how to setup things to delete backups
> older than X

using "find". to find *files* "f" (in contrast with "d") older than 30
days that are called backup*.luks, it would be

  find   /path  -type f  -iname   backup\*.luks   -mtime +30   -print

the word "-print"   displays them.

Rem1: The first "*" must be backslashed in the find command, you don't
  want bash to expand it!

Rem2: careful with auto-delete (don't complain :)
  you replace -print by -delete



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4d46e1f-8f20-3a44-33fa-751d1afc6ef6%40web.de.


Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-21 Thread haaber

On 12/21/20 1:08 AM, Ulrich Windl wrote:

On 12/20/20 4:17 PM, Morten Eyrich wrote:

Okay so if I have been using a https connection, then it's no
problem... ?


If they use a wrong certificate for a MITM attack they might decode your
connection... It means nobody between you and the "next endpoint" can
read your password, but how to ensure what the "next endpoint" really is?


Ulrich is right. First, look at the "certificate story". These are meant
ensuring that you can trust your endpoint. Certificates are
pre-installed in your browser, and one should check (and rarely does)
which ones to trust (and how much). Invented examples: If they are owned
by chinese or russian  telecom company, do you trust it? State agencies
could intervene. Or british telecom (5eyes??). The actually used
hierarchical trust model might be a failure by design.

And then there are exploits. Example: some years ago Moxi Marlinspike
found the funny zero-byte error due to string handling: He proved that
you could buy for example the domain "com",0,"mand.org" and have the
trusted instances sign your subdomain  google.com",0",mand.org" which
any firefox (at least) did recognise as valid certificate for google.com
since they considered the 0 byte as "end of string". You are not safe
from such type of exploits.

Conclusion as usual: if your life depends on it, do not trust https.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c487860-2a84-1a50-a3ed-29e47597011e%40web.de.


Re: [qubes-users] crontab backups?

2020-12-17 Thread haaber

On 12/17/20 2:32 PM, Stumpy wrote:

I havent played with crontab in forever, and I cant code at all, but I
really wanted to try to automate my backups a wee bit.

I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix
centos-7-minimal email chat work personal

and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup
will run but when i try to do it via cron then nada?

The crond seems to be running and crontab -l shows the schedule I pasted
above, Is there a reason this shouldn't work?


I am no cron-expert, but in my exoerience cron and scripts often mess.
One reason seems " pipes " in scripts that usually fail when cron'ed.
Have a look at these "|" in the script and re-code them pipe-free -- to
my opinion that would be a good starting point. cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e709611-53eb-c474-b795-2af5b440a18f%40web.de.


Re: [qubes-users] Re: QSB-063: Multiple Xen issues (XSA-115, XSA-325,XSA-350)

2020-12-16 Thread haaber

On 12/16/20 10:55 AM, 'Ilpo Järvinen' via qubes-users wrote:

On Wed, 16 Dec 2020, haaber wrote:


Dear Andrew,


    For Qubes 4.0:
    - Xen packages, version 4.8.5-28
    - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1


how do I fetch 4.19.163-1 for example? I tried

sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64

but this gives "no package available". Same happens for 5.9.14-1. Also

sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64

fails. What am I missing??  Thank you.


The packages are likely still in security testing, not in the stable repo.
You need the enablerepo parameter. From the original announcement:


  For updates from the security-testing repository:
  $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing


right! Thank you. That brought indeed 4.19.163. But still

 sudo qubes-dom0-update --action=install
kernel-1000:5.9.14-1.qubes.x86_64 --enablerepo=qubes-dom0-security-testing

does not work. The main question seems: how do you get the correct
package name? Since a simple "update" does not install 5.9.14  but only
5.4.83 I have to ask for it "by hand", it seems.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f2ce1f4-2ee9-35bc-428f-14877aba6617%40web.de.


[qubes-users] Re: QSB-063: Multiple Xen issues (XSA-115, XSA-325, XSA-350)

2020-12-16 Thread haaber

Dera Andrew,


   For Qubes 4.0:
   - Xen packages, version 4.8.5-28
   - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1


how do I fetch 4.19.163-1 for example? I tried

sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64

but this gives "no package available". Same happens for 5.9.14-1. Also

sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64

fails. What am I missing??  Thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3eec0af-ca6a-8e98-239f-857222e2a385%40web.de.


[qubes-users] new xen kernel 5.xx

2020-12-16 Thread haaber

I have still instabilities with the xen kernels 5.x (sudden system
freeze). I also have a small /boot and hold only the last 3 kernels.
They are right now:

vmlinuz-4.19.155-1.pvops.qubes.x86_64
vmlinuz-5.4.78-1.qubes.x86_64
vmlinuz-5.4.83-1.qubes.x86_64

I would like to mark the (for me very stable) kernel 4.19.155 as "do not
erase while updating" and remove the (for me) useless kernel
vmlinuz-5.4.78-1.qubes.x86_64. How can I do that, please?  I fear to
make a mess when just "playing around". I also want to keep 5.x kernels
for appVM's (they work well).   Thank you!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c453cf15-c69f-8b5f-f7c6-64ce6742e588%40web.de.


Re: [qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2

2020-11-29 Thread haaber

I detected neither issues, all is working well. I'll continue to test
with my daily usage and report again in 2 days with more tests.

For users who want to test, the complete command is:

[xxx@dom0 ~]$ sudo qubes-dom0-update --action=upgrade
--enablerepo=qubes-dom0-current-testing kernel kernel-qubes-vm


I experienced regular complete freezes of xen (after 5-30 minues xen
would be dead) -- I had to downgrade the xen kernel back to 4.19.155 -
to be able to write this mail. HCL report attached.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e42ea8ad-86b6-a490-583f-e6808cbf506c%40web.de.


Qubes-HCL-Dell_Inc_-Latitude_7390-20201129-212036.yml
Description: application/yaml


Re: [qubes-users] Re: Are "smart" monitors/TVs a security issue?

2020-11-26 Thread haaber

For "native" thunderbolt monitors there certainly could be an issue! For
HDMI/DP, honestly, do not know how much a malicious device could do.


For "smart"-tv's please notice existence of ethernet-over-hdmi :) Often
these machines have microphones (for vocal commands). As well as the STB
that decodes your ip-TV. Better you own your hardware ... and harden
the linux on it :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/264cccae-bab2-3ba9-8094-0de5e60e8160%40web.de.


Re: [qubes-users] ARM in Qubes OS

2020-11-18 Thread haaber

On 11/16/20 3:55 PM, load...@gmail.com wrote:

*So, the question is the same: Are there plans to support ARM processors
in Qubes OS in the future?


no woman, no cry - and no xen, no qubes :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fee9e809-4159-bd4e-6163-907ff42c1e6f%40web.de.


Re: [qubes-users] QSB #61 Information leak via power sidechannel (XSA-351)

2020-11-14 Thread haaber

Hello,  Marek wrote in the QSB


   For Qubes 4.0: Xen packages, version 4.8.5-26
   For updates from the security-testing repository:
   $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing


I found out an unexpected behaviour. I always ran the command

sudo qubes-dom0-update --enablerepo=qubes-dom0-*-testing

to update the system, believing that "*" it would include the case
"security". This seems not the case!  After running the update with *
the xen state was still 4.8.25:

dnf list |grep xen
libvirt-daemon-driver-xen.x86_64   3.3.0-10.fc25
@qubes-dom0-cached
libvirt-daemon-xen.x86_64  3.3.0-10.fc25
@qubes-dom0-cached
python3-xen.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
qubes-libvchan-xen.x86_64  4.0.8-1.fc25
@qubes-dom0-cached
xen.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-hvm.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-hvm-stubdom-linux.x86_64   1.0.10-1.fc25
@qubes-dom0-cached
xen-hypervisor.x86_64  2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-libs.x86_642001:4.8.5-25.fc25
@qubes-dom0-cached
xen-licenses.x86_642001:4.8.5-25.fc25
@qubes-dom0-cached
xen-runtime.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached

Only running explicitly the command as Marek suggests, * replaced by
security would upgrade to 4.8.26. That is odd, isn't it?

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4237dc93-27d2-d785-31a3-53fa3e3e19e1%40web.de.


Re: [qubes-users] Re: device widget sends "device removed" / "device available" at random times

2020-11-10 Thread haaber

On 11/10/20 11:32 AM, Alex Smirnoff wrote:

I have random disconnects like that with cheap chinese USB hub i ordered
on Aliexpress. Never seen with built-in USB ports :)


Me neither. BadUSB in action ???

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d173577-41c0-1c41-d3dc-99f425e0a04e%40web.de.


[qubes-users] device widget sends "device removed" / "device available" at random times

2020-11-09 Thread haaber

I have some (apparently usb-based) bluetooth adapter that I never use.
Since some days, I get these messages every x second from my device
widget that device 8087_0a2b is removed, then comes again that it is
available, to be removed, and available again. At random times,
inclusive long gaps and faster oscillations. My sys-usb runs on a
minimal stable debian template.

Is this a (new) software bug or does it indicate a lose cable somewhere?
If I was alone on earth to encounter such things I would tend towards
the cable hypothesis; on the other hand side, moving / shaking the
laptop does not "produce these messages" : it may well be  a software
problem. Any observations / help available?  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54a84c71-6766-9d25-c6f0-7e1809e67277%40web.de.


Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-30 Thread haaber

On 10/29/20 11:06 PM, evado...@gmail.com wrote:

Proof of Concept.

github.com/evadogstar/qubes-sleepkeeper

Qubes-Sleepkeeper protects you from physical attack when the attacker
force you to enter the password of your Qubes after it wakeup from sleep
or from password guessing after wakeup. The attacker have very limited
time to do so or Qubes will shutdown automaticaly.


Interesting but threat model unclear. If the attacker can force you to
enter one password after suspend, why would he not force you to enter
LUKS and user password 5 minutes later? Please explain. Rather an evil
maid "attempt detection" (not protection) by "laptop is down instead of
sleeping"? I think it really could help as additional data protection in
case of normal, criminal theft...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d82a76a4-cb86-ebf8-25c7-f6556ba750d5%40web.de.


Re: [qubes-users] Securety: Auto shutdown pc after wakeup if no password.

2020-10-27 Thread haaber

Any ideas how to start shutdown process after wake up from sleep if user
will not unlock pc in expected time period (e.g. 30-60 seconds).

Maybe run some script before PC goes to sleep with timer and after it
wake up timer will continue and only user will have access to click
"cancel" when he will unlock the screen?

Where can I add this script on dom0? Can Qubes trigger(run) my script
before sleep action or wakeup action?

Or any other suggestions or ideas?



I have a similar question/idea, which would be auto-shutdown after 3 (or
any other number) false password attempts. The idea is to add a second
(luks) password layer if any stupid attempts are made.

My idea is to hook in the screensaver mechanism. In my install that
would be   /etc/pam.d/xscreeensaver were system-auth is mentioned, so I
guess, I have to include a line in /etc/pam.d/system-auth  to count
wrong pwd attempts and do some action if necessary. I guess something like

accountrequired pam_exec.so debug  /path/to/wrongpasswordscript.sh

in the system-auth could do the job, but I am not sure. Manipulating
unwisely these files may end with a lock-out of my system, so I'd like
some advice if this sounds correct to you, the qubes-community.


Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7856673-4e64-ebb6-4c87-8c091345369c%40web.de.


[qubes-users] best dns practice

2020-10-20 Thread haaber

Hi out there. I was wondering if there is some information gathered
concerning dns safety : how  dns & qubes work is part of the doc, but I
miss additional hints on good practice: setup free (like freedom) dns
services, security of dns services (protection against dns poisoning),
probably locally caching of dns answers to avoid too much useless
queries, maybe setting up warnings if certain addresses like debian,
fedora, my-home-bank, etc. should change their IP, maybe
correlation-free cross-checking of the local DNS-cache via TOR ETC.

This seems a complex subject to me and I would be grateful for any help.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0327602a-cb7c-1738-bb26-28cd87fe988c%40web.de.


[qubes-users] networkmanager / keyring

2020-09-27 Thread haaber

Hello,
a long time ago I did set a pwd for the keyring in sys-net. By too
little use, I forgot it. So now I can no longer register new networks,
which means at every laptop-lid open.close I have to enter it again, and
again. Editing /etc/Networkmanager/system-connections/wireless-name
files by hand is ignored, even if I put there pwd=whatever
Is there a way to solve this (either by destroy keyring, or make
NetworkManager read its own config files??)  Thanks !

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/705c0f9c-b967-cb28-35da-ea0c538a5322%40web.de.


[qubes-users] keeping wireless passwords in vault rather than sys-net ?

2020-08-24 Thread haaber

Hello, is there some (understandable) way to store wireless passwords
away in some vault VM ? I ask that question since I managed to forget my
sys-net gnome-wallet password that I used to rarely: I will have to
reset things properly anyways :((   best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d526fc5e-386c-8136-953e-cbd94ce73b79%40web.de.


[qubes-users] add-ons in torbrowser

2020-07-30 Thread haaber

Hi this may be a double-post, but I could not find an appropiate help
page. I like to add an adblocker (u-block) to my TBB, since I consider
any browser without adblocking useless, meaning that I will not use it
anyways. So here is my approach:

download .xpi file in anon-whonix, qvm-move it to whonix-gw and there I
would (have liked to) install it. But the torbrowser does not want to be
run in  the template-VM. How procede then? Re-Install the .xpi file at
each reboot   Cheers!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f719128-9281-3dec-d9d6-0f20053c5414%40web.de.


Re: [qubes-users] Fetching updates after disabling qubes-update-check in clearnet qubes

2020-07-14 Thread haaber

>  <<--snip-->>

Though it's not clear to me whether this is actually an issue, I figured
I'd do it anyways. My question is, if I wanted to disable
qubes-update-check service, how would I go about updating my templates
over tor? Do I create debian and fedora templates linked to sys-whonix
just to get updates?


AFAIK the updates themselves run over sys-whonix by default. So, if you
run e.g. "apt-get update" on your debian-10 template, this connection
goes over tor. However, the notification about updates to run (yellow
update wheel widget in the right top corner) goes by standard over
the AppVM and so, most of the time over the clear (as your clock, that
updates over sys-net).

Since user-action is required (by running the update widget, or, as me,
doing it all by hand), the notification is rather uncorrelated to the
download action, I second Marek here.

It is, as always, a convenience-vs-security question. You may uninstall
the qubes-update-check service and run (checks for) updates by hand (or
script) periodically in your template-VMs. The gain is small, the pain
is high, so most people don't do it. That is my pov, maybe there is some
contradicting one?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ab1b814-fbc3-7828-7fe5-b7e9505e0fad%40web.de.


Re: [qubes-users] QSB #058: Insufficient cache write-back under VT-d (XSA-321)

2020-07-08 Thread haaber

On 7/8/20 5:58 PM, taran1s wrote:



Chris Laprise:

On 7/7/20 9:57 AM, Andrew David Wong wrote:

Only Intel systems are affected. AMD systems are not affected.


Per usual!



Is actually the XSA-321 a security issue only if one has HVM present in
the Qubes system, or it is a general issue even if there is no HVM?

Are there any security advices or a good practice to follow before the
patch is available?


I am not an expert on this, but I believe for sys-usb and sys-net you
have no real choice in most of the systems: PCI passthrough requires "no
PVH".

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d60972a-695b-b04e-caed-bec10e5e1bd2%40web.de.


Re: [qubes-users] Getting to the bottom of screenshots in Qubes OS

2020-07-08 Thread haaber

On 7/8/20 2:39 AM, Manuel Amador (Rudd-O) wrote:

On 20/06/2020 10.29, Logan wrote:

Hi Everyone,

Speaking with a colleague earlier today, I heard "Qubes is great, but
the no screenshots problem makes it a 'hard' no for me".

As a Qubes user and advocate, this stung.


Yeah, it's hard.

Honestly, in my humble opinion, the secure copy and paste keyboard
shortcuts should work with image data as well, not just text data.  That
way the screenshot problem is solved -- I can screenshot in one VM, copy
directly from that app (usually Firefox), and paste in another VM at will.



A solution discussed here some months ago: in dom0 have 2 files:
1.) screenshot.sh

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


2) and userapp.screenshot.desktop

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/put-your-username-here/screenshot.sh %f
Name=screeenshot.sh
Comment=Sends screenshot directly to a given AppVM


after hitting PrintScr, check "open with" and select screenshot.sh,
(will be memorised for next time). Then type the destination AppVM & its
there. No autocomplete offered, sorry.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20103a9e-f80a-ab25-23d1-c0e40b408791%40web.de.


Re: [qubes-users] LUKS passphrase failures

2020-07-05 Thread haaber



I have tried this process with the other kernel options available as
well, to no avail.

Any help or advice (successful or not) is appreciated.


sounds daunting. So did you use a live-linux that has luks 'onboard'
(like tails) ? That way you could distinguish between luks problems and
qubes problems. It would also allow emergency backups before trying to
unbug the actual qubes installation (for that question I cannot help).
Do not play around before data is safe, or, if you can't resist, don't
complain; If you need help with emergency-backup pm me, please.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/059d8730-0120-a645-d2c1-07b473eb30c2%40web.de.


Re: [qubes-users] imagemagick in debian-minimal ?

2020-07-01 Thread haaber

haaber:

I discoverd with a little surprise that my 3 debian-minimal templates
(used for firewall, usb, net) have imagemagick installed.


https://github.com/QubesOS/qubes-issues/issues/5009#issuecomment-489357218


Thx!! That page suggests: problem known, but no solution in sight? My
minimal templates are minimal service ones (net,usb,firewall):  they
need no icons, no gv, no BS, just an xterm and basic things are
required. Somehow, I can live with a "broken" vm in the sense that the
convert command fails for some icons, no? So the question is: how remove
imagemagick without losing qubes-stuff? Is there maybe an empty
convert-dummy package?   Thanks!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bb6f173-6863-fa41-9ad6-5b19dabe36f0%40web.de.


[qubes-users] imagemagick in debian-minimal ?

2020-07-01 Thread haaber

I discoverd with a little surprise that my 3 debian-minimal templates
(used for firewall, usb, net) have imagemagick installed. I guess these
are not really necessary for their respective usage; however, asking
aptitude an uninstall of these packages would lead to remove

qubes-core-agent
qubes-core-agent-networkmanager
qubes-core-agent-networking
..

and some other qubes-* despite them all being marked as "manual" (using
apt-mark manual '^qubes' ). I seem to miss a point somewhere, maybe one
of you can explain it to me? Cheers.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2524513a-e311-01c4-d997-ef9d8f6b9048%40web.de.


Re: [qubes-users] DisposableVM Closing/Stopping Unexpectedly

2020-06-29 Thread haaber

On 6/29/20 9:25 PM, Qubes wrote:

On 6/29/20 3:42 PM, Qubes wrote:

If I try to open a terminal in a dvm, I have tried in both the dvm's
that are installed by default (Disposable: fedora-31-dvm and
Disposable: whonix-ws-15-dvm) and one that I created on my own by just
creating a qube and setting the "Disposable VM Template" flag.

When I open a terminal in any of these the new disposable VM gets
created, is started, and the terminal opens briefly, but then closes
immediately after and the disposable VM gets deleted.

Which log should I look at to troubleshoot?

If I open anything else in any of the 3 dvm's, for example Firefox or
Krusader, it opens.


I do experience the same with debian-10 disp-vm's. So I start a firefox
first, to open a terminal. After that, I can close firefox again. Very odd.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf4affd1-d8b4-950a-9395-462a8567ceec%40web.de.


[qubes-users] wacom tablets

2020-06-10 Thread haaber

Hi, has someone experience with wacom tablets / qubes ? I guess since it
is USB it simply boils down to installing prooer firmware in the appVM,
but I'd like to be sure before purchase. Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db118a7d-aaac-8157-8e96-aec16f3c90e4%40web.de.


Re: [qubes-users] Dell Latitude E5470 running Qubes 4.0.3 - no web cam...

2020-06-09 Thread haaber

On 6/9/20 2:07 PM, Andrew Sullivan wrote:

As per the Subject, I have installed 4.0.3 on my Latitude E5470.
Everything seems to work, except the webcam.  If I fire up Cheese, it
just says "No device found". The camera works fine in Windows 10 and
Linux Mint.  Running lsusb in a Dom0 terminal shows the following entry:

Bus 001 Device 002: ID 1bcf:28b8 Sunplus Innovation Technology Inc.

So Qubes can sort of see it.  What am I missing?


You use sys-usb (->make sure it is started, otherwise you don not see
usb devices). Since you see your cam, I presume that is OK.
Then you only need to attach the webcam to your cheese-running VM !! Use
the widget on right top corner of your screen for that.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/91fde4fd-2f05-e836-02da-8c697cbb7792%40web.de.


Re: [qubes-users] Accessing files on a different SSD on the same laptop...

2020-06-07 Thread haaber

On 6/7/20 1:04 PM, Andrew Sullivan wrote:



On Sunday, 7 June 2020 07:12:23 UTC+1, haaber wrote:

they will be inserted in the appvm-qube as /dev/xvdi, /dev/xvdk ...
[vd = virtual device, I guess]. The existence of a device does not mean
mounting it. I do that by hand: in a terminal, type

     sudo mount /dev/xvdi /media

will mount the attached device to /media and allow file access. If
it is
a luks-encrypted system, do

     sudo crypsetup luksOpen  /dev/xvdi  MYSSDVOL
     sudo mount  /dev/mapper/MYSSDVOL    /media

     cheers


Many thanks for that, works exactly as described!  Seems a bit strange
that the partition isn't mounted at the time it was attached (not sure
why you'd want to attach it if you didn't plan to read or write to
it?).   Anyways...


like any device that lurks in your machine(say a WIN partition. Unless
you ask for mounting in fstab it won't be done.


Is there any way the attachment and mounting can be made permanent?

no clue. never tried that.


Next challenge - access files on another Linux laptop on the same network!


use scp to copy individual files  and use

rsync -auv --rsh=ssh user@anotherlinuxmachine:path/  new-qubes-path/

is your friend to mass-copy data.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/392f510b-512c-48aa-759a-09a9111d9698%40web.de.


Re: [qubes-users] Accessing files on a different SSD on the same laptop...

2020-06-07 Thread haaber

On 6/6/20 6:33 PM, Andrew Sullivan wrote:


If you use qvm-block in dom0 can you see the disk/partitions?


      Don't know, I'll give it a try and post back.


OK, if I click on the  Devices widget I can indeed see all the
partitions on my internal SSD, with an arrow next to each.  If I click
the arrow I get a list of qubes, which I believe allows me to attach the
selected partition to where I want.  However, when I do this I can't
find the partition in the Files application in the qube.  Think I'm
still missing something...  Also, am I correct that this attachment will
only persist until I close the qube?


they will be inserted in the appvm-qube as /dev/xvdi, /dev/xvdk ...
[vd = virtual device, I guess]. The existence of a device does not mean
mounting it. I do that by hand: in a terminal, type

   sudo mount /dev/xvdi /media

will mount the attached device to /media and allow file access. If it is
a luks-encrypted system, do

   sudo crypsetup luksOpen  /dev/xvdi  MYSSDVOL
   sudo mount  /dev/mapper/MYSSDVOL/media

   cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ab43a05-0672-d51d-1496-43a435d9cff9%40web.de.


Re: [qubes-users] Qubes won't boot

2020-06-04 Thread haaber


qvm-run -p HELPERVM "sudo cat /dev/mapper/qubes_dom0-vm--VMOLD--private" | sudo 
dd conv=sparse of=/dev/mapper/qubes_dom0-vm--VMNEW--private



how do you use  qvm-run  if qubes won't boot? First step is a always
proper backup, on some external drive. That is what I wrote in my other
answer.


dd = disk destroyer.
I there is the slightest chance of error, don't use it.


that is really overly pessimistic, you can completely destroy your
system with pretty much any tool when used the wrong way.
yes, even with firefox.


Correct, but with dd it is much more easy :) If the qubesbootingdrama
was as experienced and skilled as you, he would not have asked, right?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8db0e622-2068-0e37-ee58-f0c1916ed4dd%40web.de.


Re: [qubes-users] Qubes won't boot

2020-06-04 Thread haaber

On 6/3/20 6:47 AM, Boot problems wrote:

I tried all that in my new ssd but could not make it work, however I made an 
Ubuntu live CD and it worked like a charm, I can mount and see the files on 
each vm, so at least my files are not lost forever, but you said that the Attr 
should not have an -a- and it does in every single one, is that a problem?

At this point I think is better for me to save the files I really need and 
forget about the restoring the vms


That is exact. If you can boot a live linux, first step is ALWAYS data
recovery. Repair attempts come second. You could use an external drive
for that. In this case, the emergency backup procedure is:

cd /externaldrive
  (go to mounted external vlume)
truncate -s 200G backup.luks
  (where 200G means 200 giga, change appropriately)
losetup /dev/loop0 backup.luks
  (make the file a device)
cryptsetup luksCreate /dev/loop0
  (setup crypto, you may use your qubes disc-pwd.)
cryptsetup luksOpen /dev/loop0 BACKUP
  (open it)
mkfs.ext2 /dev/mapper/BACKUP
  (generate easy fs for backup purposes)
mkdir /backup
  (make backup path)
mount /dev/mapp/BACKUP  /backup
  (mount it)

Then create a subfolder for each VM and save all data in the right subdir.

rsync -auv  /path-to-vm//backup/vm-name/

THINK TO PUT the final "/" at both paths!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/160fa5e5-4720-c80c-1946-0e746b45708e%40web.de.


Re: [qubes-users] Qubes won't boot

2020-06-04 Thread haaber

On 6/3/20 10:58 PM, Boot problems wrote:

How do I restore a mounted vm using dd?


dd = disk destroyer.

I there is the slightest chance of error, don't use it.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abfc262d-2158-b604-a802-650232eea8a0%40web.de.


Re: [qubes-users] Re: docker install problems on debian-10

2020-05-31 Thread haaber

I tried to find a simpler workaround, but it looks like it's a problem
with kernel support, so either switch to a distro with aufs support(such
as Debian 9/Jessie), or downgrade your kernel.

 << --snip -->

Thank you! I removed my debian-9 template long ago (surprised?), but I
could re-install one for building. Just to evaluate the time-cost: how
would "downgrade" work?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48902821-d718-33bf-4e09-f0727758e760%40web.de.


Re: [qubes-users] Updating sys-usb template

2020-05-29 Thread haaber

On 5/29/20 10:04 PM, dhorf-hfref.4a288...@hashmail.org wrote:

On Thu, May 28, 2020 at 09:26:34AM +0200, Zbigniew Łukasiak wrote:

My sys-usb uses a very old template. I tried some googling - but
failed to find any advice about update it without locking me out of
the system.


disable sys-usb autostart. and reboot.
now you can replace the sys-usb template.
and try to start sys-usb with the new template.
if that fails, you will have to reboot again, and retry.

but basicly this reduces the problem from "locked out and need a
recovery disk" to "additional unplanned reboots" (which are not
that critical if you shut down all other VMs first)


maybe "lock out" refers to a USB keyboard ? That is how I read the
question. We let Zbigniew explain.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b9bfbb5-5858-c36c-ae0d-5a7fa2b8a926%40web.de.


Re: [qubes-users] docker install problems on debian-10

2020-05-27 Thread haaber

Hey, I experience trouble while trying to install docker accordingly to
https://docs.docker.com/engine/install/debian/ on debian-10. It apprears
that aufs.ko (whatever that is) makes trouble

Building initial module for 4.19.120-1.pvops.qubes.x86_64
Error! Bad return status for module build on kernel:
4.19.120-1.pvops.qubes.x86_64 (x86_64)
Consult /var/lib/dkms/aufs/4.19+20190211/build/make.log for more
information.
dpkg: error processing package aufs-dkms (--configure):
  installed aufs-dkms package post-installation script subprocess
returned error exit status 10
Errors were encountered while processing:
  aufs-dkms
E: Sub-process /usr/bin/dpkg returned an error code (1)

Could someone help me, with a hint, please? Cheers, Bernhard


I append my own question by a detail: Since I am asked to consult the
make.log file, here is why it fails. I have no way to fix that without
some help. Maybe sme headers missing ??


from /var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/sbinfo.c:23:
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:134:2: error:
unknown type name ‘vfs_readf_t’
  vfs_readf_t  si_xread;
  ^~~
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:135:2: error:
unknown type name ‘vfs_writef_t’
  vfs_writef_t  si_xwrite;
  ^~~~
In file included from
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/branch.h:33,
 from
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/aufs.h:38,
 from
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/module.c:25:
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:134:2: error:
unknown type name ‘vfs_readf_t’
  vfs_readf_t  si_xread;
  ^~~
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:135:2: error:
unknown type name ‘vfs_writef_t’
  vfs_writef_t  si_xwrite;
  ^~~~

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80923647-7a7b-d615-fbd0-baefa47d8d77%40web.de.


[qubes-users] docker install problems on debian-10

2020-05-27 Thread haaber

Hey, I experience trouble while trying to install docker accordingly to
https://docs.docker.com/engine/install/debian/ on debian-10. It apprears
that aufs.ko (whatever that is) makes trouble

Building initial module for 4.19.120-1.pvops.qubes.x86_64
Error! Bad return status for module build on kernel:
4.19.120-1.pvops.qubes.x86_64 (x86_64)
Consult /var/lib/dkms/aufs/4.19+20190211/build/make.log for more
information.
dpkg: error processing package aufs-dkms (--configure):
 installed aufs-dkms package post-installation script subprocess
returned error exit status 10
Errors were encountered while processing:
 aufs-dkms
E: Sub-process /usr/bin/dpkg returned an error code (1)

Could someone help me, with a hint, please? Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb0cb755-f152-2d62-8bdd-fae78d16cee7%40web.de.


Re: [qubes-users] which OCR software, address database and e-mail program run with the Qubes-OS operating system - welche OCR Software, Adressdatenbank sowie E-Mail- Programm mit dem Betriebssystem Qu

2020-05-25 Thread haaber

Hi,

I don't know what to do now because I want to switch to the Qubes OS
operating system soon, that's why I'm asking you!

Because I suspect that you can no longer use them with Qubes OS.
That's why I'm interested in whether there is such software in Qubes OS.


I second the other answers, especially Sven Semmler's. If you have only
"consumer experience" with  windows, the change can be quite rough, so
if you have only ONE working machine, then  *do not even think of*
installing qubes on that. Use a second machine, get used to it, first.

Before wiping windows, make backups: often user data is spread in
windows machines, over folders & partitions and it is hard to find all
of it. So do a *full* backup. Otherwise, I suggest you write on a piece
of paper "I acknowledge that all my data may be lost", so you can't tell
yourself afterwards you did not know.

If you are worried about OCR, have a look at "tesseract". It is free &
one of the best anyways. Consider a donation, if you are happy with it,
instead of buying the first one you see.


Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d1e14a44-034c-c887-b0a2-6434d1900238%40web.de.


[qubes-users] feature request: qvm-print command

2020-05-19 Thread haaber

Hello there, I was thinking about the usefulness of a qvm-print command
that takes an input file, sends it to the "printing-VM" (defined in some
config file), and launches there a document viewer (defined in the
config file) in order to control parameters like duplexing, grayscale..)
or just runs plain "lp". After succesful printing it should clean up &
remove the file in the QubesIncoming folder.

Did someone construct such a thing already? Could be a nice feature, to
my point of view.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b5d0139-51da-8718-f157-7cd6dc7d988d%40web.de.


[qubes-users] some remarks on dom0 updates (current-testing)

2020-05-14 Thread haaber

Since ever I run my qubes on current-testing; Sometimes problems occur,
but that is a way of learning more on qubes. Anyways. I observed since
the begin of the year 2020 a strange behaviour that bothers me: after
any dom0 update & reboot (there were 3-4), the laptop-lid close/open
will finish with a black screen, no password entry possible, and force a
reboot. No log info neither. Alright, that is annoying, but happens.

But it is worse: after 4-5 reboots, this odd behaviour disappears and
the machine runs as expected. To be honest, such non-deterministic
behaviour bothers me even more than any dysfunction (especially since I
won't complain since I run, as said, "testing"). Does someone share this
strange experience ???  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f39ff8a7-963a-9973-3582-16619018665c%40web.de.


[qubes-users] webcam questions

2020-05-07 Thread haaber

I was wondering if I could "redirect" a static picture as a virtual
webcam, or, more fancy, run a webcam through a filter (transform me in a
comic figure for example :) before forwarding to a video-conference
appVM . Did someone play with that? The static picture should be easy, no?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb746b89-e3b2-7d02-c169-3556d40a128e%40web.de.


Re: [qubes-users] template and dependent qube show different behaviour

2020-05-07 Thread haaber

On Thu, May 07, 2020 at 08:30:14AM -0300, Franz wrote:

I installed into Fedora 31 template a proprietary banking rpm
application/plugin/extension which is supposed to work with the browsers
during banking tasks. This is called warsaw_setup_fedora_64.rpm


this sounds like a terrible idea unless you make a separate template
just for that task.


I second that. What you could do, if you are space-limited for cloning
templateVM's is to install the *dependencies* of your app in the
template (using dnf yum, whatsoever) and then redo the "rpm install" of
the warsaw file in the appVM at each boot. With dep. solved that is
really fast.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37842def-b0d5-1233-9dd5-c2a44a8405d1%40web.de.


Re: [qubes-users] Salt worm

2020-05-06 Thread haaber

did any of you actually bother to look at the problem?
because i am 99% sure this doesnt apply to qubes. at all.
(also you are several days late on this...)

this seems to be the original source and contains a fairly
good writeup:

https://labs.f-secure.com/advisories/saltstack-authorization-bypass


Thanks for the source. How do you infer that this "doesn't apply" (and
maybe "did never apply") to qubes? Recall my question:  where does salt
appear "under the hood" in qubes? This question seems relevant, since at
least I (almost) never invoke salt by hand. Is that not a reasonable
question? Explain.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbec1bf2-f789-d2d9-0eb7-15524ace0992%40web.de.


Re: [qubes-users] Salt worm

2020-05-06 Thread haaber

Qubes uses Salt, and there's something nasty going around:
https://saltexploit.com/


   Risk = (probability of an event)  x   (consequences of the event).

At which levels is salt used in qubes? I remember my last "active" use
>1 year ago to get hopefully clean templates after the apt-"crisis".
But maybe is is "under the hood" at each qubes-dom0-update? If it were
to be used "by hand only" we could enforce risk = 0 by the above formula
and keeping fingers off salt for a while.   Thanks!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7418a43e-c4da-994a-5730-778a92b8d654%40web.de.


Re: Antw: [EXT] [qubes-users] To the Qubes developers (German translation) - An die Qubes Entwickler (Übersetzung auf Deutsch)

2020-05-04 Thread haaber


... and it would be fun finding out what the fixed points of those
translations are.

I agree that a full translation would be an awful lot of work.
But for starters I'd be happy with a translation of the qubes manager
and of application names in the qubes menu (e.g. "document viewer").
That is all my wife is going to see once I set her up a qubes machine.
Of course it is horrible to have an OS which is a mixture of two
languages. But translating the bits you deal with most often would aid
usability tremendously, wouldn't it?


I'd be ready to share a part of the translation work. One of the
questions is wether standard linux-messages could be "imported" from
other linux language-packs into qubes - to build a starting set. That
would solve the overwhelming part of the texts, to my belief: there is
not so much completely qubes-specific, is there??

Alles Gute, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0036ac17-364b-cc6c-b5be-30e4fc7c323a%40web.de.


[qubes-users] disp-vm firefox addons

2020-04-30 Thread haaber

Hello, I consider that a disp-vm should start with a fully equipped
firefox, say having  noscript & some ad-blocker installed. But I am not
sure how to do so: am I supposed to install them, say, inside my
debian-10 template? Is that safe? Template-vm's have no direct i-net
acces, so am I required to ship the .xpi file into in with qvm-copy?
Something else / better to think of?  Cheers,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f242c230-7a83-346d-6cce-c2a00cd38423%40web.de.


Re: [qubes-users] USB Device attach failed: Attach timeout,

2020-04-25 Thread haaber

On 4/24/20 11:18 PM, Mike Keehan wrote:


Device attach failed: Attach timeout, check kernel log for details. VM:
"video-conference" File: "/usr/lib/qubes/usb-import" Version Control:
https://github.com/QubesOS/qubes-app-linux-usb-proxy/blob/master/src/usb-import

>> <--snip-->

Rather something qubes-specific seems to mess.  Cheers, Bernhard



There is a known problem with Linux usbip not handling reset properly I
believe.  I don't think it's a Qubes problem.

I use a usb connected camera, and that thread helped me get it working
with some programs.  But I still have to disconnect and reconnect the
camera to make a second video connection.  Sometimes it takes a
number of disconnects, pauses and reconnects before it works.  Along
with the occasional "attach timeout" problems from qubes.  And some
programs just don't work no matter what I try.


Got it working by putting the video-conference VM to HVM. Maybe that
helps in your case as well?  Cheers,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4c0e376-7ad8-a885-5643-cba5e416e273%40web.de.


Re: [qubes-users] USB Device attach failed: Attach timeout,

2020-04-24 Thread haaber

On 4/24/20 7:30 PM, Mike Keehan wrote:

On 4/24/20 4:54 PM, haaber wrote:

Here is my problem:  I attach a Philips USB camera, and try to use it. I
get the error (unimportant whether in dom0 with qvm-usb attach or via
usb widget).

Device attach failed: Attach timeout, check kernel log for details. VM:
"video-conference" File: "/usr/lib/qubes/usb-import" Version Control:
https://github.com/QubesOS/qubes-app-linux-usb-proxy/blob/master/src/usb-import


The webcam is ~10y old .. any hints where this may come from / how to
get it working?    Cheers,  B.



Read the thread which contains this message :-

https://groups.google.com/d/msgid/qubes-users/c55518b4-f5f8-4691-b278-fb8f18f307dd%40googlegroups.com



Thanks Mike. The thread you point to, gives however, little information
on my problem:  the described procedure (first start call, then connect)
does indeed work for jitsi and the laptop built-in camera (sometimes
even requiring a sys-usb reboot between two sessions), but the procedure
does not work for my external USB webcam.  I planned to "abuse" from
this for its small size to have a look into some very narrow spaces in
my house, behind a drywall:).
Anyways, this timeout message is new to me and does not seem to have an
answer. By the way: the webcam runs smoothly in a std non-qubes debian
10. By which I conclude that it is not the camera itself that is buggy.
Rather something qubes-specific seems to mess.  Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be0282bd-d5c4-4c70-39e7-1ac162697197%40web.de.


[qubes-users] USB Device attach failed: Attach timeout,

2020-04-24 Thread haaber

Here is my problem:  I attach a Philips USB camera, and try to use it. I
get the error (unimportant whether in dom0 with qvm-usb attach or via
usb widget).

Device attach failed: Attach timeout, check kernel log for details. VM:
"video-conference" File: "/usr/lib/qubes/usb-import" Version Control:
https://github.com/QubesOS/qubes-app-linux-usb-proxy/blob/master/src/usb-import

The webcam is ~10y old .. any hints where this may come from / how to
get it working?Cheers,  B.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/588c7904-fef7-c482-9df2-6997d5612eb9%40web.de.


Re: [qubes-users] Hardware Report & "fast SSD" Question

2020-03-25 Thread haaber

On 3/25/20 9:08 AM, tsc.v...@gmail.com wrote:

Hi - I didn't see my laptop in the list so looked everything up. It
seems the Lenovo Ideapad 131 151KB supports everything but SSD. I assume
I would have to replace my internal hard drive with the SSD since an
external SSD would, I assume, get bottlenecked by any USB connection to
the motherboard. I need Qubes for only a few select simple tasks that
require few resources, so my question is - could I get by under these
conditions or is SSD considered absolutely necessary? Thanks for any advice!


Hi qubes does work without ssd (my first installs did not have one). But
speed, especially booting-times (xen & vm's) are 3-4 times longer. If
you open a temporary vm every minute, that is annoying, but for 'normal'
use no ssd is required to my best knowedge. Just a bit of patience :)
Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b15febc-8dbe-787c-1369-1d1f19f2a4c2%40web.de.


Re: [qubes-users] How can I recover my Qube'sVM if I cannot boot anymore ?

2020-03-22 Thread haaber

[Initial question: snipped ]

I cannot boot on Qubes anymore but I can access the file system. When
I mount my qubes partition, it give me a huge mess of small 2g
partition and bigger ones.


[Chris' answer -- snipped ]


Assuming you didn't make backups before the crash: You need to have a
running Qubes system to backup VMs the normal way.


Does that mean Chris, that in case of a disaster, there is no way to
backup your data "by hand" (booting a live linux, opening the luks ..)
because of a "thin pool" mess? That sounds in first hand like a strong
argument against the use of thin pools! As you know a lot about thin
pools, could you please comment on that, Chris?  thx, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/471d3179-5ddc-c7a8-bfbf-aa5b0c43c29d%40web.de.


Re: [qubes-users] Help please recover boot of my Qubes

2020-02-19 Thread haaber

Strange this that I do at bios is visiting "boot options" bios menu. It
give access to navidate to qubes xen.efi file, but not edit. Anyway, not
something is broken. First I through that I broke "xen.efi", but I
investigate it from other distro live usb and it is on it own place and
not empty.  <... snip ...>


My first advise if you run in such kind of trouble is to backup your
data. You can use your favourite live-linux on usb to do that ("tails"
is a good idea). After that, play around. I am not an expert on differnt
boot <-> bios configs, but "legacy" is "old-style" meaning that there is
a pre-1980 partition table in sector 0 of your disk. The setor ends with
55FF and the 4 times 0x10 byte give the partition data. That is easy to
check by hand, and with any kind of software (fdisk, etc). UEFI is
different, I never looked at byte structure on disc. You will find a
partition in VFAT that you can mount. It contains a folder EFI which
contains a folder qubes .. etc. Checking that, you know which install
you have.  Then you can go back to bios & configure it to match your
disc structure.  Good luck!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e59f18d9-b4e7-2478-b56a-9a7eabbf%40web.de.


[qubes-users] lid close = system dead.

2020-02-09 Thread haaber

Hi experience (as well) problems since that last dom0 update. Journalctl
mentions

dom0 systemd-sleep: suspending system ...
dom0 kernel: PM : suspend entry (deep)
-- reboot --

which suggests that lid-open does not awake the system. Did someone
already find a solution to that? It did work perfectly until last
dom0-update

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22d38b64-ed70-4d75-09ca-695f64ba33ba%40web.de.


Re: [qubes-users] screenshot: send to VM ??

2020-02-08 Thread haaber

Hi, when I press PrintScreen (under xfce), I get several options, among
which save-in-dom0. It would be nice to be able to send it directly to a
VM. Can this be done? Cheers, Bernhard


I haven't tested it, but try something like this:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination VM') 
"${BASH_ARGV[@]}"

Save that as an executable script, such as "~/.local/bin/send-to-vm.sh". Then, open dom0 file manager, right click any 
png, click open with other application, and under "use a custom command" enter "send-to-vm.sh %s". Then, when 
you take a screenshot, instead of choosing "save", choose "open with..." and see if your script shows up in 
the list of available applications. If not, you might have to write a simple .desktop file in ~/.local/share/applications in 
order for it to show up as an option.

Again, this is just an idea off the top of my head and totally untested.


Thank you. Of course I can do a second step after PrintScreen: change to
my dom0 terminal to run qvm-copy-to-vm. That is what I do since ever. My
question is rather how to integrate a new "send-to-VM" function  in  the
screenshot application so that it is only one step: PrintScreen & select
destination appVM ... I guess the PrintScreen "app" is a simple  script,
hidden somewhere, as well? I'd like to extend it.   Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7601b176-772c-f44c-d4f4-f087851121f8%40web.de.


[qubes-users] screenshot: send to VM ??

2020-02-08 Thread haaber

Hi, when I press PrintScreen (under xfce), I get several options, among
which save-in-dom0. It would be nice to be able to send it directly to a
VM. Can this be done? Cheers,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a19c179-6b87-f199-9f87-cd8350c2a8bb%40web.de.


Re: [qubes-users] Problem updating dom0

2020-01-25 Thread haaber

On 1/25/20 12:28 PM, 799 wrote:

Hello,

I'm trying to upgrade dom0 but run into a SKIPPED message:



This happens to me if I do not reboot after an upgrade and run the
upgrade command once more. Is this your case?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/70af1780-183f-670a-7a29-c6edf6e4ce17%40web.de.


[qubes-users] feature request

2020-01-25 Thread haaber

Hello, I have several virtual screens; I guess many user have. Is it
possible to reserve one of them exclusively for dom0 and templateVM
terminals -sort of a separated "admin screen"-  to avoid other
appVM-windows popping up and being able to capture input from keyboard?
  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c4a6f80-6f85-f1c1-4995-dc5f0cb0ab2b%40web.de.


Re: [qubes-users] Pass control to secure VM to enter+hash passwords?

2020-01-05 Thread haaber

On 1/5/20 8:34 PM, Emma Borhanian wrote:

Hi, I was thinking about writing an application to do spaced repetition
of passwords for my rarely-accessed backup drives etc.

I've read qubes-wiki/data-leaks
 and while I could just store
hashed passwords, the VM that runs my password spaced repetition
software could still exfiltrate data when I enter the passwords.

What if I could have a secure modal pop up in a separate VM, ask me for
the password, hash it, and then pass it back to the VM running my spaced
repetition software, is something like that possible?


Nice question. The passthrough is certainly not a problem, although I
have no ready script for you. But the software you use must then accept
hashed passwords, right? Is this the case? Also, if the hashed pwd is
enough to decode whatever, what is the pwd good for? I mean, the hash
has then the same "leaking value" as the pwd itself! This means that you
need a more sophisticated protocol of "proving that you know something"
without revealing it.

Often, loopback is you friend. Here is an example, I guess qubes-backup
works essentially that way internally:

1) attach and mount a physical device to appVM1
   (so sys-usb / net won't see anymore what you do with the data)
2) in AppVM1, do losetup /dev/loopX  your-encrypted-container-file
   then attach that loopback device to a special decrypt-APPVM
   (that has no network, of course). in decrypt-VM use
   cryptsetup luksOpen to "open" it there.
   This gives a /dev/mapper/SOMENAME file
3) attach that last one to a user-VM.

The user can read/write data, but never sees/enters a pwd. sys-usb only
sees encrypted data-flow, appVM1 as well (this one may be a temporary
one, as well as decrypt-VM).  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a1d8f3a-0f15-f501-af54-346b060a750b%40web.de.


Re: [qubes-users] Qubes OS 4.0.2 has been released!

2020-01-03 Thread haaber

On 1/3/20 3:21 AM, Andrew David Wong wrote:

Dear Qubes Community,

We're pleased to announce the release of Qubes 4.0.2! This is the second
stable point release of Qubes 4.0. It includes many updates over the
initial 4.0 release, in particular:

- - All 4.0 dom0 updates to date
- - Fedora 30 TemplateVM
- - Debian 10 TemplateVM
- - Whonix 15 Gateway and Workstation TemplateVMs
- - Linux kernel 4.19 by default

Qubes 4.0.2 is available on the Downloads page:

> ...

Dear Andrew (and other users), thanks and a happy new year! I observe
since one week, that my usual update command

sudo qubes-dom0-update --enablerepo=qubes*testing

shows "no new updates available", despite this announcement and a
previous QSB announcement by Marek. Is this normal? Should I worry?
Thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a5aa093-dadf-b2dc-1604-277315016aa5%40web.de.


Re: [qubes-users] Has anybody gotten increased scrutiny at an international checkpoint because of having qubes installed?

2019-12-09 Thread haaber

Is there actually anyone working on the hidden OS option for the
linux? Would be very much appreciated.


What's about this: take a harddrive, make a dd copy of your first 128 GB
data on it. Encrypt it additionally (symmetric cipher), if you wish to
avoid any luks or other headers. Hide it, if you wish. Now make a 100GB
partition, (thereby overwriting qubes), install std linux on it, give it
some plausibility data and pass the frontier. Once passed, you pull out
your harddrive, and dd qubes back.

Or: host your HD-content encrypted attached to your favourite raspberry
@home, re-install a vanilla-debian, and pass border. Once there, install
a fresh qubes form iso, fetch your data over internet and import it.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68f7efb6-622a-9908-f4f7-7907b90cd1c7%40web.de.


Re: [qubes-users] Has anybody gotten increased scrutiny at an international checkpoint because of having qubes installed?

2019-12-09 Thread haaber


Carry another then, that's the safest.

The easy solution (if you accept some "risks") that works as well is a
micro-usb & some std linux on it, that is already booted. Give it a
family picture background with sweet kids & some green :) And two or
three non-sense documents that you can open.


I agree with this.

Also, the lack of understanding by border agents how digital devices
work amazes me. What the heck are they even expecting to achieve by
trying to search someone's device? Hunt for serious criminals? LOL.


I always encountered idiots. But if you go the the excited states be
careful. They are as idiotic s others but use powerful tools they do not
understand. A single "I take this with me for a routine check" and you
better are able to run some serious anti-AEM measures afterwards.


If some person wanted to smuggle data (i.e. child porno) into the
country, he would simply have to upload an encrypted ZIP container to a
remote server, enter the country with a blank device and redownload it
once inside. It's not even that difficult to do even for an average user.

I will give no help to carry forbidden and unethical data, but please
never use zip when security matters.


So I really don't see a legitimate reason to search electronic devices
at borders. Data smuggling is just too easy. The worst thing they can do
someone who knows what he's doing is be an annoyance.

They infect your device. You don't necessarily see it, and they don't
know that they actually do it. That's their job.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bcf217a-f675-ea03-d854-649d5057082e%40web.de.


Re: [qubes-users] Has anybody gotten increased scrutiny at an international checkpoint because of having qubes installed?

2019-12-08 Thread haaber

I I will be doing some international travel in the upcoming months.  In

the past, I have had to turn on my laptop, and once I had to bring the
system fully up and allow people to see my desktop -- though nobody has
actually seized and gone through my computer as yet.  Has anybody gotten
increased scrutiny because they were running an enhanced security OS
such as qubes when entering a country?  If qubes is a "red flag," then
I'll carry a different laptop.


Carry another then, that's the safest.

The easy solution (if you accept some "risks") that works as well is a
micro-usb & some std linux on it, that is already booted. Give it a
family picture background with sweet kids & some green :) And two or
three non-sense documents that you can open.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2880077-0186-46c7-abf7-76de6e4264b1%40web.de.


Re: [qubes-users] Help sending multiple files using qrexec

2019-12-04 Thread haaber

This successfully sends the first file, but not the second, can anyone help
with this or should I be using qvm-copy?


I don't say what you should, or should not, but what I think is more
easy: recall that qvm-copy or qvm-move take certainly multiple files.
The question is more intriguing if the list of files is produced by a
find command, or a for loop in bash.
Then you don't want to click each time on the  "target qube" window that
dom0 will present. In such a case, to avoid loosing time, I would simply
write the list of all files in a small file (no newlines, just blanks)
and then use qvm-copy command on that list once. Or you through
everything in a non-comressed tar file and push that one over. Not
elegant, but fast & easy.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d5cd631-bb53-ab66-31dc-142ce3a1d5b5%40web.de.


Re: [qubes-users] How do I get Started?

2019-12-04 Thread haaber

When I click the applet, I see:
Ethernet Network
device not managed
VPN Connections >
I don't see my WiFi networks. When I launch network manager in sys-net,
I tried
to manually input the information for my WiFi (with the SSID and
WPA2/Personal),
but it doesn't connect after.


Try lspci in dom0 and look for your wireless adapter (try "lspci |grep
-i wireless" if you are lazy). Then go in the sys-net template (! not
sys-net itself) and verify the firmware for your hardware is installed.
Then reboot sys-net and have a look again. Also check that the hardware
is accessible to sys-net via the "devices" tab of the qubes settings.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f734aa6-9019-9359-18f0-3dae118629b1%40web.de.


Re: [qubes-users] attach /dev/ttyUSB0 to some qube

2019-11-30 Thread haaber

Hi, I try to play with an programmable esp32 (pretty much like arduino,
but with wireless on board). The problem I have arises from sys-usb: the
usb widget spills out the odd error "QubesException - device attach
failed: no device info received. Connection faild. Check backend for
details". No clue what that means. In sys-usb this device appears as
/dev/ttyUSB0 .  What do I have to do to attach that successfully to a
"esp-flashing qube" that I specially designed for that? Cheers! Bernhard


Try using qvm-usb instead. If that doesn't work, try using it directly
from sys-usb (which is not ideal).


Did not work either. The (maybe only) way I found so far is a "second
sys-usb" that I use for flashing, and that I power down afterwards. That
way, I isolate as much as I can in the moment. Cheers!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2eb2ee75-0112-919a-ae53-f59501d3f11a%40web.de.


Re: [qubes-users] Re: second sys-usb

2019-11-30 Thread haaber

Hi there, I re-ask my problem differently. For flashing with unsecure
software via usb, I would like to exchange sys-usb temporarily with a
sys-flashing, say. I set up a debian-10 appvm in HVM mode and gave it
access to the usb-controller (as my true sys-usb). However, this qubes
will not start:

"internal error: unable to reset PCI device :00:14.0: no FLR, PM
reset or bus reset available. "

anyone knows what that means, please?



> Did you click on "configure strict reset for pci devices" in the
> devices settings of both VMs? Thats all i can think of.
>

That was exactly right. Thank you so much. That solves my issue!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/434fe43f-5a6a-6ed5-b61d-4a3c1d85cced%40web.de.


[qubes-users] second sys-usb

2019-11-29 Thread haaber

Hi there, I re-ask my problem differently. For flashing with unsecure
software via usb, I would like to exchange sys-usb temporarily with a
sys-flashing, say. I set up a debian-10 appvm in HVM mode and gave it
access to the usb-controller (as my true sys-usb). However, this qubes
will not start:

"internal error: unable to reset PCI device :00:14.0: no FLR, PM
reset or bus reset available. "

anyone knows what that means, please?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8abeae9d-1f98-e716-6280-210a76ce2add%40web.de.


Re: [qubes-users] Recovering data from secondary drive

2019-11-28 Thread haaber

I recently copied my AppVMs (and some custom templates) onto my
secondary drive according to this guide [1].
Now that I have reinstalled my QubesOS onto my main drive and unlocked
my secondary drive, I can't access the AppVMs saved. Yes, I should have
backed it up and restored it correctly, but I didn't. The private data
is still there, pvs and lvs confirm it. Is there a way to rebuild my
AppVMs and Templates (or even just make new AppVMs with the remaining
private data)?


Can you still acces the data? Then backup-up it first manually please,
to avoid crying:

truncate -s 200G container.luks
losetup /dev/loop42 container.luks
cryptsetup luksFormat /dev/loop42
cryptsetup luksOpen /dev/loop42 BACKUP
mkfs.ext2 /dev/mapper/BACKUP
mkdir /backup
mount /dev/mappper/BACKUP /backup
rsync -auv /source/   /backup/subdir/

Then umount, cryptsetup luksClose, and losetup -f /dev/loop42.

After that, I would probably setup the qubes again, but I am not expert
on that. Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0588908-2390-36a7-4215-2667aad2ae30%40web.de.


[qubes-users] attach /dev/ttyUSB0 to some qube

2019-11-28 Thread haaber

Hi, I try to play with an programmable esp32 (pretty much like arduino,
but with wireless on board). The problem I have arises from sys-usb: the
usb widget spills out the odd error "QubesException - device attach
failed: no device info received. Connection faild. Check backend for
details". No clue what that means. In sys-usb this device appears as
/dev/ttyUSB0 .  What do I have to do to attach that successfully to a
"esp-flashing qube" that I specially designed for that? Cheers! Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/536224dc-771d-5897-3b02-84c8924893c1%40web.de.


[qubes-users] laptop lid close -> qubes dead.

2019-11-28 Thread haaber

since my last updates using --enablerepo=qubes*testing I have some
reproducible problem: each time I close the laptop lid, it seems I have
to reboot my machine. Problem known? Any cure known? Where/How to find
out more? Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d8776d6-b518-29f0-7d7a-9c917784d944%40web.de.


Re: [qubes-users] sys-net

2019-11-27 Thread haaber

On 9/18/19 2:43 PM, unman wrote:

today I had a look in logs of my router, and discovered that it logs my
qubes machine as "sys-net". I did not change anything in my
"out-of-the-box" sys-net, so I presume that the observed behaviour is
common to all standard qubes installs.
Q: is it a wanted feature that all wireless networks immediately know
that I use qubes? I think that this is a bad idea, and that some "dummy
name" suggesting a standard linux system would be a better choice.


Some Alternatives :
Dont use NM - its' horrible anyway.

I agree. But what are the (better) alternatives? Is there some
qubes-specific doc online?


Use a throwaway random name (like Windows-PC-2456) for whatever you use
for sys-net. You can set up a simple script to do this each time you
start your Qubes box,providing you have disabled relevant autostarts. I
think this is best practice.

Could you share such a script, please? Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf18735b-5bed-ebda-6e28-78b51ff6cdf3%40web.de.


Re: [qubes-users] 2 new Intel vulnerabilites

2019-11-14 Thread haaber

Just a small comprehension question to the microkerel update shipped in
the last xen update: are these microkernels "flashed" into some cpu
memory, or are they re-run / setup at each boot again? Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eda58fcc-eb54-2caf-fa56-6dfdd0c2f5fa%40web.de.


[qubes-users] sys-usb in trouble

2019-10-01 Thread haaber

after recent updates my buster based sys-usb is in trouble. I can still
attach a device (say, a camera, usb stick), but first it will be
attached as /dev/sda and no longer /dev/xvd[i-z] and worse, it will be
removed immediately. Someone had / solved this problem already? Cheers,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94b97bdf-22e3-3136-39ec-c7c299695c62%40web.de.


[qubes-users] sys-net

2019-09-18 Thread haaber

today I had a look in logs of my router, and discovered that it logs my
qubes machine as "sys-net". I did not change anything in my
"out-of-the-box" sys-net, so I presume that the observed behaviour is
common to all standard qubes installs.
Q: is it a wanted feature that all wireless networks immediately know
that I use qubes? I think that this is a bad idea, and that some "dummy
name" suggesting a standard linux system would be a better choice. That
keeps an epsilon more anonymity and reduces attack surface about
epsilon^2 (since target system unclear). Some comments? Hints how to
change that?

Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e88cfeaa-5339-96e9-f3b3-a7ed33329ea1%40web.de.


  1   2   3   4   >