Re: [qubes-users] modifying Qubes ISO

2022-04-02 Thread haaber

On 3/30/22 8:05 PM, Demi Marie Obenour wrote:


Does using the modesetting driver instead of the intel driver help?  If
not, please report this as an i915 kernel driver bug.


it does not. The bug report is open & unresolved for > 1year

https://github.com/QubesOS/qubes-issues/issues/6397

Thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf3dd1c2-382e-dbe8-b4fb-3c7e6aebb4be%40web.de.


Re: [qubes-users] modifying Qubes ISO

2022-03-30 Thread haaber

Hi Haaber,

I used to have similar freezing problems with 4.0 on my Dell laptop.
I found that it was due to an upgrade to the intel-i915 driver in X.
Replacing the new version with an older version cured it for me.

However, I've had no trouble with Qubes 4.1.

A search for "linux xorg driver for i915" gives some idea of the
problems, but it is all a bit confusing.


ah. I extracted

xorg-x11-drv-intel-2.99.917-26.20160929.fc25.x86_64.rpm  (year=2016)
xorg-x11-drv-intel-2.99.917-32.20171025.fc25.x86_64.rpm  (year=2017)

from old qubes ISO's. How did you install / exchange them in the running
qubes system?

alternatively, I could also place one of these inside the qubes-4.1 ISO,
where we find actually

/Packages/xorg-x11-drv-intel-2.99.917-49.20210126.fc32.x86_64.rpm

Replacing this file is certainly more easy than changing the kernel of
the ISO itself :) Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/454b0e7a-9d65-8b8b-1414-8a5b4cb5a29a%40web.de.


Re: [qubes-users] modifying Qubes ISO

2022-03-30 Thread haaber

On 3/29/22 22:55, 'awokd' via qubes-users wrote:

haaber:

I need help to modify the Q4.1 installer ISO file. I did learn how to
pack & unpack isos. That is fine. The idea is a new install on a larger
SSD of Q4.1 instead of risky "upgarde" tentatives that finish less
clean. (benefit: if it fails I can go back to running Q4.0)

1) I naïvely placed a new kernel in /extrakernels but that does not seem
to impress the boot-loader. I find no way to select which kernel to boot.


Not entirely sure what you are trying to accomplish here. A Qubes 4.1
install ISO with a newer kernel? Can't you install 4.1 with a recent
prebuilt ISO and update the kernel after? If it's due to hardware
incompatibilities, I've seen some install and update on one system, then
move the hard drive to the one with newer hardware.


Thanks for your reply! Badly enough, I rather need a "kernel downgrade":
any xen kernel 5.x will freeze my Q4.0 system between seconds and some
minutes (a curse on Intel and Dell at this point for selling shit at
high prices). So my qubes runs for one year now in a "disaster mode"
with a 4.19 kernel for xen, and normal 5.x kernels in guest VM's (mainly
debian).  The same happens when I try a fresh install with Q4.1: install
attempts with the std ISO fail 100% by system freeze before finishing
installand leave an unbootable SSD behind.

So, since Q4.0 works with this workaround, I'd like to do the same with
Q4.1 in an -otherwise- fresh install. It should it possible to replace
the kernel (which, after all, are just some executable files) by a
working one, right? Of course, the problem is that few people seem to
understand how exactly the boot-process works -- that has been
outsourced to 'savant scripts' long ago. At least I tried several dozens
of webpages on the subject, and I still don't see clear. Precise
documentation would be appreciable ...


If you're sure you need a custom ISO, I think you may need to build that
yourself. The 4.0 documentation is here
(https://www.qubes-os.org/doc/qubes-iso-building/), but 4.1 should be
similar. If you go this route, you'd have to figure out how the builder
determines which kernel to use and change it before completing the build.


I am afraid of that step. That would be the first time in my life that a
long build process actually finishes as planned ...

best, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc6a5c56-1aaf-f16d-e109-323ec9abeebc%40web.de.


[qubes-users] qvm-kill -- bug ???

2022-03-25 Thread haaber

Hi observed that killing sys-net will kill all VM's that depend on it as
well, which was not the case little time ago. I consider this a bug, but
it has maybe some intention?? Thanks for comments.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8ae547a-99ec-580a-5698-b8a9e37acea7%40web.de.


[qubes-users] modifying Qubes ISO

2022-03-25 Thread haaber

I need help to modify the Q4.1 installer ISO file. I did learn how to
pack & unpack isos. That is fine. The idea is a new install on a larger
SSD of Q4.1 instead of risky "upgarde" tentatives that finish less
clean. (benefit: if it fails I can go back to running Q4.0)

1) I naïvely placed a new kernel in /extrakernels but that does not seem
to impress the boot-loader. I find no way to select which kernel to boot.

2) Then I tried to boggle with grub.cfg -- no succes either.

3) I wonder if I can copy the vmlinuz and initrd file from my (working)
Q4.0 and simply overwrite the corresponding files in /isolinux?

Subquestion:  initrd-5.10.90-1.fc32.qubes.img has 77M, my Q4.0 initrd
file only 23M. That sounds weird...


Each test means: open case, remove ssd, put ssd, test Q4.1 install (it
fails), reopen case, put all back, but then BIOS does no longer
recognise UEFI, so boot a life debian, go to a ethernetcable, install
efiboomgr, repair UEFI, reboot good'ol qubes -- restart.

I lost hours and start to get desparate  please help!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd075c2f-bfbd-9004-868c-dd099c8dfa34%40web.de.


[qubes-users] sys-usb problem: Unable to reset PCI device

2022-01-04 Thread haaber

Dear qubes users, I suddenly experience the following problem: sys-usb
won't start any more. It ran smoothly on debain-10/11-minimal for years.
It says

Start failed: internal error: Unable to reset PCI device :00:14.0:
internal error: libxenlight failed.

Precise errors are below. Any hints, please? I am stuck.

Thank you.

2022-01-02 22:34:15.627+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/10/0
2022-01-02 22:34:15.668+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 10
2022-01-03 17:13:23.330+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-03 17:18:48.724+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-03 17:28:34.904+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-03 17:28:35.045+: libxl: libxl_pci.c:1520:do_pci_remove:
xc_physdev_unmap_pirq irq=16: Invalid argument
2022-01-04 20:01:03.071+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-04 20:05:01.984+: libxl:
libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
reset from sysfs for PCI device :00:14.0
2022-01-04 20:05:02.139+: libxl: libxl_pci.c:1520:do_pci_remove:
xc_physdev_unmap_pirq irq=16: Invalid argument
2022-01-04 20:06:52.453+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/14/backend/vif/15/0
2022-01-04 20:06:52.516+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 15
2022-01-04 20:06:54.686+: libxl:
libxl_device.c:983:libxl__initiate_device_generic_remove: backend
/local/domain/3/backend/vif/4/0 already removed, cleanup frontend only
2022-01-04 20:06:57.799+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/10/0
2022-01-04 20:06:57.850+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 10
2022-01-04 20:06:58.222+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/14/0
2022-01-04 20:06:58.270+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 14
2022-01-04 20:06:58.747+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/9/0
2022-01-04 20:06:58.794+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 9
2022-01-04 20:07:00.847+: libxl:
libxl_device.c:1099:device_backend_callback: unable to remove device
with path /local/domain/4/backend/vif/8/0
2022-01-04 20:07:00.883+: libxl: libxl.c:1669:devices_destroy_cb:
libxl__devices_destroy failed for 8
2022-01-04 20:07:13.887+: libxl:
libxl_device.c:983:libxl__initiate_device_generic_remove: backend
/local/domain/4/backend/vif/7/0 already removed, cleanup frontend only
2022-01-04 20:07:39.004+: libxl:
libxl_linux.c:155:libxl__loopdev_cleanup: unable to release device
/dev/loop0: No such device or address
2022-01-04 22:07:31.083+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/9/0 not ready
2022-01-04 22:07:31.092+: libxl:
libxl_pci.c:1364:libxl__add_pcidevs: libxl_device_pci_add failed: -3
2022-01-04 22:07:31.092+: libxl:
libxl_create.c:1517:domcreate_attach_devices: unable to add pci devices
2022-01-04 22:07:41.165+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/9/0 not ready
2022-01-04 22:08:49.315+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/11/0 not ready
2022-01-04 22:08:49.315+: libxl:
libxl_pci.c:1364:libxl__add_pcidevs: libxl_device_pci_add failed: -3
2022-01-04 22:08:49.315+: libxl:
libxl_create.c:1517:domcreate_attach_devices: unable to add pci devices
2022-01-04 22:08:59.390+: libxl:
libxl_device.c:1391:libxl__wait_for_backend: Backend
/local/domain/0/backend/pci/11/0 not ready

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/babdccf6-d34e-2e31-da31-8cddbe71d48b%40web.de.


Re: [qubes-users] Q: Thunderbird extension: "open URL in VM..."

2022-01-01 Thread haaber

On 1/1/22 9:54 AM, Andrew David Wong wrote:

As it seems, there is a Thunderbird extension (Qubes attachments)
allowing to open an attachment in a VM, but I'd like to have an
extension that allows to open an URL in a VMs web browser easily, too.


I'm not aware of an actual Thunderbird extension for it, but you can set
it up yourself by following the instructions here, for example:

https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/tips-and-tricks.md#opening-links-in-your-preferred-appvm




the text is slightly outdated by the fact that there is also the nice
command " qvm-open-in-dvm " - that is, I guess, what you want.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/483fc62a-3d51-5263-4c6c-94471253233d%40web.de.


Re: [qubes-users] How is the "update qube" selected/ how do I select it manually?

2021-12-21 Thread haaber

On 12/21/21 8:01 PM, r.wiesb...@web.de wrote:

it seems like the docs don't answer that, do they?

https://www.qubes-os.org/doc/how-to-update/

There is only a global setting for dom0 Updates, but how does it work
for other qubes?


Simply run the multiupdater.py script of Chris Laprise,
tas...@posteo.net, see  https://github.com/tasket

Frankly, to my point of view it outperforms the qubes updater.

best, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88635e4d-5288-89b4-1fbb-b11436803485%40web.de.


Re: [qubes-users] Re: usb keyboard not working on debian 11 template

2021-10-13 Thread haaber

Unman wrote:
qubes-input-proxy-sender is installed by default in the debian-11
template.
If you are using a minimal template, this is meant for advanced users,
but in any case, installation of qubes-input-proxy-sender is documented
at https://www.qubes-os.org/doc/templates/minimal/



Dear unman, do you suggest rather upgrading a debian-10-minimal to
debian-11-minimal, or re-installing a fresh one? In the 2nd case, what
is the preferred install command in dom0? I am a bit confused, since
there is good old qubes-dom0-update, there is salt, maybe another one.
Which is best/safest?   Cheers, Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c14a54c3-ad77-36ca-6162-f94a29dfa423%40web.de.


Re: [qubes-users] how to modify qubes-installer-ISO

2021-09-24 Thread haaber




I would like to modify the qubes-iso (add a different kernel, maybe add
a wireless driver). Did someone here solve that already? A brief google
on the subject reveals that modifying ISO's is not straightforward ...
and touching the kernel may add extra difficulties.


https://www.qubes-os.org/doc/qubes-iso-building/ covers building the iso.
Adding a different kernel would be difficult, but I think you could stage
the wireless driver in one of the template builds it contains.



It is relatively easy to build a custom iso, and certainly to include
alternate kernel builds and drivers in the templates. (I assume that
this is what you want.)
If you use the stock templates, then you can customise them simply
enough by adjusting the build parameters, and packages, in (e.g.) 
builder-debian.



Thank you, awokd and unman. So I cannot just take the std installer,
unpack the iso, add/replace a kernel, and repack it? That is certainly a
bit naïve as approach, but since I can do the same with a working
xen/qubes why is the installer so different?  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7422745b-2af8-1bf2-13ca-62ff4f4cf9e2%40web.de.


Re: [EXT] Re: [qubes-users] resume from suspend issue after QSB-070

2021-09-04 Thread haaber

On 9/3/21 11:41 PM, Marek Marczykowski-Górecki wrote:

[...]I'm confused. I was under the impression that Qubes OS (after the QSB-043
patches) automatically disables hyper-threading for you such that you don't
have to know anything, do anything, or read any past QSBs.

[]


There are (at least) two ways to disable hyper-threading:
1. In system BIOS (if there is such option)
2. In software - by disabling every second thread of each core.



The QSB-043 uses the second method. It has is drawbacks, as the logic to
bring up and down CPUs is quite complex. And yes, there are known
issues[1] affecting suspend. Disabling hyper-threading in BIOS, prevents
Xen from starting those secondary threads at all, and so it doesn't need
to bring them down.

[]
This is kind of similar issue as the one discussed here. That's why it's
better to disable HT in BIOS - to not show those 8 CPUs at all. But from
the OS level, we don't have other choice, and we prefer a secure
default - that's why we disable HT at Xen level, to provide safer option
regardless of what user has set in the BIOS.


Couldn't xen/qubes set a boot warning to users that rely only on (2) to
encourage more strongly to disable by BIOS (1)? That seems a logic
measure to me. best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c52d5e57-a3d3-fc55-ee67-d2032095fdd5%40web.de.


Re: [qubes-users] i915 driver problems

2021-09-02 Thread haaber


The current Intel driver, which does not work for me, is
xorg-x11-drv-intel-2.99.917-48.20200205.fc33.x86_64.rpm
Just use dnf to uninstall it.


actually Q4.0.4 ships with

xorg-x11-drv-intel-2.99.917-49.20210126.fc25.x86_64.rpm

which does not work for me either.



The one I installed using dnf is
xorg-x11-drv-intel-2.99.917-32.20171025.fc33.x86_64.rpm
and this does work OK.


this one is from Q4.0.1, qhereas Q4.0.0 ships

xorg-x11-drv-intel-2.99.917-26.20160929.fc25.x86_64.rpm


So you confirm that you install it in dom0 via

sudo dnf install xorg..whatever.rpm

(that requires deleting kernel-latest-qubes-vm, if present). Then you
need to do an update-grub or something similar to build the downgraded
version in the respective initramfs  ???

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d0e8fda-3077-3a24-0b81-490d33a7fa39%40web.de.


Re: [qubes-users] i915 driver problems

2021-09-01 Thread haaber

On 9/1/21 10:54 PM, Mike Keehan wrote:

On 9/1/21 8:29 PM, haaber wrote:

On 9/1/21 7:44 PM, Mike Keehan wrote:

On 9/1/21 1:36 PM, Bernhard wrote:

Hello, I wonder if some of you guys have the bad luck of an i915
graphics card and found some solutions.  For me, no >= 5.4 xen kernel
works (freezes). So I still run it on 4.19 :)


I think it is the recent i915 driver update that causes the problem.
I had to remove it and download and install the previous version.
then I blacklisted the i915 driver so that dom0 would not update it.




I downloaded the 4.0 Qubes iso and extracted the driver from there, as I
knew it had always worked until the update.

I think there is a way to see what updates Qubes has performed, but I
can't remember how.

The current Intel driver, which does not work for me, is
xorg-x11-drv-intel-2.99.917-48.20200205.fc33.x86_64.rpm
Just use dnf to uninstall it.

The one I installed using dnf is
xorg-x11-drv-intel-2.99.917-32.20171025.fc33.x86_64.rpm
and this does work OK.

If you don't blacklist the driver in dnf, it will update it next
time you update dom0.


Wicked! That is very smart, thank you for the lesson! I am fighting
since 7 months with it without having had that simple & brilliant idea
:-)  best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/618a6b84-82a4-2095-8117-47c151698556%40web.de.


Re: [qubes-users] i915 driver problems

2021-09-01 Thread haaber

On 9/1/21 7:44 PM, Mike Keehan wrote:

On 9/1/21 1:36 PM, Bernhard wrote:

Hello, I wonder if some of you guys have the bad luck of an i915
graphics card and found some solutions.  For me, no >= 5.4 xen kernel
works (freezes). So I still run it on 4.19 :)


I think it is the recent i915 driver update that causes the problem.
I had to remove it and download and install the previous version.
then I blacklisted the i915 driver so that dom0 would not update it.

Screen does not freeze anymore.

Only "problem" is that the "Qubes Update" widget thinks there is
always an update to be made.  Just have to ignore it.

Mike.



Sound worth a trial (easily reversible, right?) Which version did you
install? And how find out the version of firmware installed? Thx, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f16b5fb-7340-84cf-bb80-b4627d711f76%40web.de.


Re: [qubes-users] resume from suspend issue after QSB-070

2021-08-31 Thread haaber



 [Andrew]
 But shouldn't hyperthreading have already been disabled ever since
 QSB-043?

 https://www.qubes-os.org/news/2018/09/02/qsb-43/

>>> I admit that I missed that one as well. Shame on me. Is there some way
>>> to detect active hyperthreading on boot && print out a big red
warning ?
>>>
>>> That seems a reasonable measure, especially for new-comers how cannot
>>> reasonably be asked to read all old QSB's first :)
>>>

> [ Markek ]
> There are (at least) two ways to disable hyper-threading:
> 1. In system BIOS (if there is such option)
> 2. In software - by disabling every second thread of each core.
>
> The QSB-043 uses the second method. It has is drawbacks, as the logic to
> bring up and down CPUs is quite complex. And yes, there are known
> issues[1] affecting suspend. Disabling hyper-threading in BIOS, prevents
> Xen from starting those secondary threads at all, and so it doesn't need
> to bring them down.
>
> [1]
https://github.com/QubesOS/qubes-issues/issues/6066#issuecomment-901843312


Thank you Marek. I only now disabled it in BIOS (my fault), and my
question was that software could point a warning to the user in case of
software disabling. I would have done it much faster then :-)

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f94e84e-abfa-cad5-7aff-0630b0202514%40web.de.


Re: [qubes-users] resume from suspend issue after QSB-070

2021-08-30 Thread haaber




Kind of answering my own question, but disabling hyperthreading
happened to
be a workaround for the resume from suspend issue.


But shouldn't hyperthreading have already been disabled ever since QSB-043?

https://www.qubes-os.org/news/2018/09/02/qsb-43/


I admit that I missed that one as well. Shame on me. Is there some way
to detect active hyperthreading on boot && print out a big red warning ?

That seems a reasonable measure, especially for new-comers how cannot
reasonably be asked to read all old QSB's first :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e960a4c1-1d50-a348-1d2c-da98b0780523%40web.de.


[qubes-users] whonix - tbb - noscript problem.

2021-07-19 Thread haaber

For annoying reasons (out of this group-scope) TBB does not come with
any adblocker and relies only on noscript.

For another annoying reason, whonix ships  noscript in a
default="javascript on" mode (even in "safest" mode) which forces me to
change that at every anon-whonix boot by hand.

For a third annoying reason, whonix does not want me to load TBB in the
template to configure NoScript once and for all correctly.


Question: Is there any way out of that (i.e. *persistent*  noscript
settings)?  Thank you!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6bfc1f5b-0baf-4505-7d4d-87cebacb9293%40web.de.


Re: [qubes-users] The safest way to search in files on an external hard drive

2021-07-09 Thread haaber

On 7/9/21 12:01 PM, Michael Singer wrote:


After decryption, my file system presents itself to me as an ordinary directory 
that I find somewhere under /media/xy. The encryption program used works in a 
way that the device in /dev/xvdi is always encrypted. Only what is currently 
accessed in the /media/xy folder is decrypted. Consequently, it does not work 
if I use the following command to create a loop that I then mount in another 
qube, because it will not be decrypted there:

$disp1: sudo losetup -r /dev/loop0 /dev/xvdi


Why not

sudo losetup -r /dev/loop0 /media/xy

?? That is what I do alwys, at works fine.  After that, the widget (for
example) allows to attach /dev/loop0 to other qubes.  Best

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23caef27-cc3a-5a7c-6f21-2e73af155c20%40web.de.


Re: [qubes-users] Tried to install google earth pro to debian qube, need help understanding error message

2021-06-13 Thread haaber

On 6/13/21 7:04 PM, Chrome wrote:



On Saturday, June 12, 2021 at 11:18:33 AM UTC-4 haa...@web.de wrote:

On 6/11/21 9:16 PM, Chrome wrote:
 > I bolded the relevant terminal text
 > *N: Download is performed unsandboxed as root as file
 > '/home/user/Downloads/google-earth-pro-stable_current_amd64.deb'
 > couldn't be accessed by user '_apt'. - pkgAcquire::Run (13:
Permission
 > denied)*
 > *

if you want to split download & install, run apt-get download as USER
not as root. Then, later, install with apt -i ./my-unsafe-deb-file.deb
Do such things better in a separate VM :)

Thank you for your reply. I'm rather inexperienced with Linux and these
sorts of issues. Could you give me the format of the command I need to
input? Also, I did not download google earth pro with apt at all,
instead, I downloaded it manually off the website and then tried to
install it. Does that affect your advice at all? Thank you and be well.


you can install any .deb file like that. Download whatever (zoom,
google-earth..) deb file in your unsafe VM, then open terminal and launch

sudo apt  install some-path/filename.deb   (*)

(don't copy (*)). Technically you can do this in a templateVM (with some
extra complications since no netVM in templates), but unless you use the
software every day & reboot often that is not my favourite solution.
Instead, I run it *once* in the AppVM: now, often apt needs to install
dependencies along with it. Copy the list of needed packages (or write
them down) and install all of them with

apt-get install PACKAGE

in your templateVM. These library files are clean and safe (a priori).
Now, once you reboot your AppVM the App is gone, but re-installing it
with the command (*) takes 15 secs and you data (logins, config files)
will survive from one install to the next.

Advantage of this procedure: no template is possibly breached with the
unsafe .deb file. Disadvantage: you loose 15 secs at every reboot of the
AppVM for reinstalling. For me its worth the pain.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a5a0d87-177d-b0b3-be5e-bfad2b3c69d5%40web.de.


Re: [qubes-users] Tried to install google earth pro to debian qube, need help understanding error message

2021-06-12 Thread haaber

On 6/11/21 9:16 PM, Chrome wrote:

I bolded the relevant terminal text
*N: Download is performed unsandboxed as root as file
'/home/user/Downloads/google-earth-pro-stable_current_amd64.deb'
couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission
denied)*
*


if you want to split download & install,  run apt-get download as USER
not as root. Then, later, install with apt -i ./my-unsage-deb-file.deb
Do such things better in a separate VM :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2be74d3-3daf-b59f-a2b5-e31e855dfabe%40web.de.


Re: [EXT] [qubes-users] The safest way to search in files on an external hard drive

2021-06-09 Thread haaber

On 6/9/21 10:46 PM, Ulrich Windl wrote:

On 5/31/21 4:55 PM, Michael Singer wrote:

Dear Qubes community,

I am looking for a really secure way to use Qubes for searching not
only a hard drive for file names, but for text that is in files.

The goal is to avoid an exploit in the searched files leading to a
takeover of the hard drive by malware.


If your app is working on the disk device and the app only has read
access to it, it'll be quite unlikely that the disk device will be changed.
Likewise if you mount the filesystem read-only, and the user running the
app is unable to re-mount, it's also quite unlikely that the disk will
be changed. You could even try to combine both methods (read-only mount
a read-only block device). However not all filesystems work on a
write-protected block device.


A variant: mount it RO in AppVM1, then attach it to AppVM2 (which by no
means can "remount -rw" it unless interVM-barriers are breached (and
game is over anyways).

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5400f1ce-88dd-354f-2420-4bf6a4b28020%40web.de.


Re: [qubes-users] notify-send

2021-06-09 Thread haaber

you someone remind me which qubes package contains the "notify-send"
command? Thank you



Not Qubes package - libnotify



alright, thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa48c710-aad9-dc94-e9f0-5ebc431663af%40web.de.


[qubes-users] notify-send

2021-06-09 Thread haaber

Hello,

you someone remind me which qubes package contains the "notify-send"
command? Thank you

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/331ba714-f918-4e33-4a33-a12404740776%40web.de.


Re: [qubes-users] whonox update fails

2021-06-01 Thread haaber

On 6/1/21 3:22 AM, Andrew David Wong wrote:

On 5/31/21 1:56 PM, haaber wrote:

Updating whonix-gw-15
Error on updating whonix-gw-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-gw-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-gw-15: ERROR (exception list index out of range)

Updating whonix-ws-15
Error on updating whonix-ws-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-ws-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-ws-15: ERROR (exception list index out of range)


Any hints?  Thank you.



It might be this:

https://github.com/QubesOS/qubes-issues/issues/6642

I'm basing this on seeing "exception list index out of range" mentioned
there too, but beyond that, I'm not certain.



Thank you Andrew. But since their "solution" seems to use Fedora instead
of Debian, one could also suggest re-installing qubes first to see if
the error persists, or changing the computer -- I exaggerate to
illustrate that this can not even be called a workaround :-))

Anyways. Whonix still allows manual update in terminal, maybe the
qubes-updater is overestimated anyways ... there were some nice scripts
under 3.2 for automatically updating all templates. Just have to find
hem again.  Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06c91f5b-1596-1bce-dcff-7708103fb720%40web.de.


[qubes-users] whonox update fails

2021-05-31 Thread haaber

Updating whonix-gw-15
Error on updating whonix-gw-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-gw-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-gw-15: ERROR (exception list index out of range)

Updating whonix-ws-15
Error on updating whonix-ws-15: Command '['sudo', 'qubesctl',
'--skip-dom0', '--targets=whonix-ws-15', '--show-output', 'state.sls',
'update.qubes-vm']' returned non-zero exit status 1
whonix-ws-15: ERROR (exception list index out of range)


Any hints?  Thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6ec465c-c482-6669-4ffd-6e6d1ff2fa6d%40web.de.


Re: [EXT] [qubes-users] sys-net problems Intel 8265 / 8275

2021-05-26 Thread haaber

On 5/26/21 5:45 PM, Ulrich Windl wrote:


Do you have some hints how I could try to improve that? Best,  Bernhard



See what "journalctl -f" outputs in net-vm.


that gave an error message that helped to understand  that seemingly
mac-randomization-while-scanning and OpenWRT are a bad mixture ... I
deactivated it to test - and now it works. I guess that the
randomisation is a good thing as such, so I have to improve OpenWRT ?!

best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7bb30b0-c342-19e2-636e-98681b881ad1%40web.de.


Re: [qubes-users] Re: sys-net problems Intel 8265 / 8275

2021-05-25 Thread haaber

On 5/25/21 1:31 PM, Vít Šesták wrote:

Wi-Fi needs drivers and microcode. This might be source of some
troubles. Have you tried non-minimal template or Fedora template?


So here is something strange. Intel suggests on its webpage

https://www.intel.com/content/www/us/en/support/articles/05511/wireless.html

to install iwlwifi-8265-ucode-22.361476.0 but my debian-10 has another
version installed, namely

iwlwifi-8265-ucode-22.391740.0
iwlwifi-8265-ucode-36.9f0a2d68.0

That is very unusual: debian has a newer version than Intel ?? I am lost
now. Should I downgrade manually??  Best

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98f1ae42-b846-e7d3-0d28-3d72fb17d2f2%40web.de.


Re: [qubes-users] Re: sys-net problems Intel 8265 / 8275

2021-05-25 Thread haaber

On 5/25/21 1:31 PM, Vít Šesták wrote:

Wi-Fi needs drivers and microcode. This might be source of some
troubles. Have you tried non-minimal template or Fedora template?


Yes, to my knowledge firmware-iwlwifi in debian, and that is installed &
up to date. The same template did work, long while ago. It seems to have
"degraded through updates", even if that sounds not plausible.

Best

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0932423-f06f-2abf-149d-39ff979343a6%40web.de.


[qubes-users] sys-net problems Intel 8265 / 8275

2021-05-24 Thread haaber

I have an build-in Intel 8265 / 8275 wireless controller, and my
(debian-10-minimal based) sys-net has more and more problems to connect.
It starts to connect and then hangs. That is strange since it used to
run perfectly 2 years ago. But now it takes 1-5 minutes, sometime a
qvm-kill forced reboot (I use the std config with wpa_supplicant).
Usually 5Ghz networks do never finish the connection.

Do you have some hints how I could try to improve that? Best,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05b0a1f4-e360-ae28-2fe1-241d4e6f39c8%40web.de.


[qubes-users] bug ?

2021-05-17 Thread haaber

Hello, I followed a link in my mailVM-thunderbird, which configured to
open links inside a new tempVM. When I reboot the parent mailVM, the
child-disp-VM dies with it. This is not what I expected.

Is it some wanted behaviour or a bug? Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f831b553-deab-60ee-8b80-ba1d5cd8acca%40web.de.


[qubes-users] apropos: Dell DSA-2021-088

2021-05-05 Thread haaber

Hi, you probably saw this flaw that seems to be present on all Dell
machines >= 2009.

https://www.dell.com/support/kbdoc/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

it is not entirely clear if BIOS itself is flawed, but
 - the phrase " insufficient access control vulnerability"
 - a new BIOS update on April 27
suggest that a bit. Do you have some more detailed information? If so,
it touches many qubes users as well, which brings me to a more general
question:  Updating BIOS seems, generally, a security nightmare. Running
untrusted software from an untrusted OS on an USB-key enhances
likelihood of an evil-maid attack,  and, worse,  you are the maid !

I am curious on your comments / help suggestions.  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aac5d82a-ffb6-5acc-ae71-86090b2e1334%40web.de.


Re: [qubes-users] Computer freezes when using google maps.

2021-04-21 Thread haaber

Hello,
When I go to maps.google.com in Chrome the PC freezes up. I then have to
long press the power button and restart the PC.
This error is reproducible for me and happens every time I try to use
Google Maps.
It happens mostly when you turn your map to satellite view.
Computer windows 10 HP ZBook G3 intel Xeon E3-1505M v5 with intel
graphics P530 a,d Nvidia Quadro M200M
Does anyone have a solution for this.
Thanks


No clue. Some natural questions ou might ask/answer:

Which xen-kernel (uname -a in dom0 term)?
Which op-system in AppVM (linux? if so which? what kernel?
 or windows ??)
Does it happen in one specific OpSystem, did you test with others?
Does it happen with Firefox?
Does it happen with Chromium in debian/fedora ?

etc

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8f02a7d-0981-c4e0-4694-aa32b08cb7a0%40web.de.


Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-20 Thread haaber




The legacy 'file' storage driver just doesn't implement the required
functionality for 'qvm-volume revert' - one of the many reasons it
will be deprecated:

https://github.com/QubesOS/qubes-issues/issues/6399



Awesome! Thank yu for that hint. When/how will it be changed ?? That
seems quite troublesome to change the internal storage type within a
running system ... will need re-install in some further time??

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/305252a6-74a0-11ab-c826-6e9833086737%40web.de.


Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-18 Thread haaber

I lost a somewhat important file from a software crash in an appvm.



However, '-cow.img' files contain no filesystem, but "binary patch"
data, thus can't be mounted or read directly or without their
corresponding'.img' files.


These are real disc-image files! There is a filesystem, but it is not in
sector 1 :) The trick is to mount it with an offset (see mount command).
To get the right offset, fdisk the file (it should have an old-style
MBR). If fdisk does not accept files (I forgot), try either cfdisk or
simple loop it in a device:

  losetup  /dev/loop42  imagefile.img
  fdisk -p /dev/loop42
  losetup -d /dev/loop42

This gives the starting sector of the partition, that is than handeld
over to mount as offset. And then you can grab data. Good luck!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6842d36d-0588-5d15-1958-21156d7c5573%40web.de.


[qubes-users] tribler blocks/disables sys-firewall ?

2021-03-21 Thread haaber

Hi, I made a small test-vm running only tribler (see
https://www.tribler.org/ for this software). It seems to slow down
sys-firewall so drastcally (example: ping 8.8.8.8 from sys-net 16ms,
from sys-firewall > 4000ms) that de-facto all internet traffic is
blocked. I experimentally short-circuited the firewall (unsafely using
directly sys-net as tribler-netvm), and all is fine. When I switch back,
it blocks  again. This clearly shows that both, tribler and sys-firewall
generate problems. Any ideas / help how to bugfix this ??  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d53a868-ae5b-de01-5a48-042be75b9486%40web.de.


Re: [qubes-users] Replacing the wpa_supplicant wifi daemon with iwd

2021-03-18 Thread haaber

On 3/3/21 5:19 PM, 'qtpie' via qubes-users wrote:

Due to mysterious, unsolvable Wifi issues, I decided to replace the
wpa_supplicant wifi daemon with iwd.

  -- snip --

$ dnf remove wpa_supplicant
$ echo -e "[device] \nwifi.backend=iwd" | tee -a
/etc/NetworkManager/NetworkManager.conf
$ systemctl enable iwd.service
$ systemctl start iwd.service
$ systemctl restart NetworkManager


interesting. I tried that in my debian-minimal-net but I cannot start
iwd with systemctl. Errors similar to here

  https://bbs.archlinux.org/viewtopic.php?id=250220

but the proposed "solution" does not work. The thread suggests

  sudo cp /usr/lib/systemd/system/iwd.service /etc/systemd/system/

but that file does simply not exist, so I cannot copy it. So I stopped
that experiment for the moment. Maybe @unman has a suggestion for a
well-working debian-based 'minimal' solution without  networkmanager
and/or   wpa_applicant ?  Best,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6331118-ec61-9e6d-dc28-f1c1220c317c%40web.de.


Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-17 Thread haaber

On 3/17/21 12:13 AM, Fabrizio Romano Genovese wrote:

Booting from a live version and switching to the old kernel solved it.
Has anyone else experienced something similar with kernel 5.11 or it is
just myself? I had a boot fuckup with kernel 5.10 as well a few weeks
ago, but I just waited for the next release and that solved it. I'd like
to understand if the situation is similar here or if it's a problem of
my machine, in which case I'll investigate deeper.


there are several issues. Like

https://github.com/QubesOS/qubes-issues/issues/6446
https://github.com/QubesOS/qubes-issues/issues/6397

but they might be unrelated, as well.




On Tuesday, March 16, 2021 at 5:29:53 PM UTC+1 rud...@rudd-o.com wrote:

You can mask the unit in the GRUB kernel command line with the
parameter:

systemd.mask=qube...@sys-net.service

And then you will be able to log in and fix the kernel issue
(without networking, of course).

You can also choose the older kernel in the GRUB menu.

On 16/03/2021 16.49, Fabrizio Romano Genovese wrote:

As the title says. I've upgraded to the latest kernel (5.11) on
qubes 4.0 and now boot is stuck. How do I get out of this? :)

Fab
--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/7ba1ae0f-4037-4a47-9bf4-aa9eae652a7dn%40googlegroups.com

.



--
 Rudd-O
 https://rudd-o.com/  

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/772e2a89-da21-4f87-8977-0e171526978fn%40googlegroups.com
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/653f2978-ba00-c38e-5d3a-e9ffce173137%40web.de.


Re: [qubes-users] A start job is running for Start Qubes VM sys-net. FOREVER.

2021-03-16 Thread haaber

On 3/16/21 4:49 PM, Fabrizio Romano Genovese wrote:

As the title says. I've upgraded to the latest kernel (5.11) on qubes
4.0 and now boot is stuck. How do I get out of this? :)



you go back: boot a life linux, mount your UEFI partition, search for
/efi/EFI/qubes/xen.cfg or  /efi/EFI/BOOT/xen.cfg and edit the first
line, by copying one of the available kernel-names from list below. It's
straightforward. Use nano editor, for example. Crtl-k cuts a line,
crtl-u pastes it back. A second crtl-u gives a clean second copy. that
way you avoid typing errors.  good luck

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40ac8c17-c7fe-969a-12f3-5002d8282407%40web.de.


[qubes-users] Re: Qubes OS 4.0.4 has been released!

2021-03-05 Thread haaber

Dear Andrew

thank you. My system (based on q4.0) is up-to-date. However I need to
test the

kernel-latest-5.10.16-1.3.fc32.qubes.x86_64.rpm

compile that marmarek put only in r4.1 repos. Could you push it please
into r4.0 as well or are they incompatible ??

cheers, Bernhard




Dear Qubes Community,

We're pleased to announce the release of Qubes OS 4.0.4! This is the
fourth stable release of Qubes 4.0. It includes many updates over the
initial 4.0 release, including:

- All 4.0 dom0 updates to date
- Fedora 32 TemplateVM
- Debian 10 TemplateVM
- Whonix 15 Gateway and Workstation TemplateVMs
- Linux kernel 5.4 by default

Qubes 4.0.4 is available on the downloads page:

https://www.qubes-os.org/downloads/


What is a point release?


A point release does not designate a separate, new version of Qubes OS.
Rather, it designates its respective major or minor release (in this
case, 4.0) inclusive of all updates up to a certain point. Installing
Qubes 4.0 and fully updating [1] it results in the same system as
installing Qubes 4.0.4.


What should I do?
-

If you installed Qubes 4.0, 4.0.1, 4.0.2, or 4.0.3 and have fully
updated [1], then your system is already equivalent to a Qubes
4.0.4 installation. No further action is required.

Regardless of your current OS, if you wish to install (or reinstall)
Qubes 4.0 for any reason, then the 4.0.4 ISO makes this more convenient
and secure, since it bundles all Qubes 4.0 updates to date. Please see
the installation guide [2] for detailed instructions.

Thank you to all the release candidate users for testing this release
and reporting issues [3]!


[1] https://www.qubes-os.org/doc/updating-qubes-os/
[2] https://www.qubes-os.org/doc/installation-guide/
[3] https://www.qubes-os.org/doc/reporting-bugs/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2021/03/04/qubes-4-0-4/



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/790a8d89-e94a-7904-56a7-bd6c31fd869f%40web.de.


Re: [qubes-users] Dom0 kernel panic

2021-03-04 Thread haaber

On 3/4/21 9:16 PM, frag face wrote:

Thanks for your answer Bernhard,

I wonder if I could make a  Qube-style backup of the qubes in my
hardrive instead of a rsync to restore/add them directly in the new
installed Qube system, kind of  lazy way ;)

BR


You can, with some extra work: The complete qubes-backup procdure is
explained online. It is, roughly speaking, a tar archive with special
checksum files to ensure pwds are correct.

I always to these backups by hand, to keep myself trained.

My method "sous-entend" that you "safe backup": in your life system
generate a container file (truncate -s 200G
/externalstorage/backup.luks), then losetup: (first losetup -f to get a
free slot, then bind it with losetup /dev/loopX
/externalstorage/backup.luks ), and cryptsetup luksFormat /dev/loopX
;cryptsetup luksOpen /dev/loopX BACKUP; mkfs.ext2 /dev/mapper/BACKUP ;
mount /dev/mapper/BACKUP /somemountpoint

For rsync'ing back inside qubes from subfolders you
- attach usb to dispVM1 (widget)
- lopsetup the container
- attach container mapper to dispVM2 (widget)
- there start same procedure as above at "luksOpen" step and then attach
the full decrypted backup to each VM with the widget, and rsync back the
correct subfolder in your home. You can use --exclude to avoid
"dot"-files ...   best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d54904c-68ee-6ecf-4d59-10cddbd8941c%40web.de.


Re: [qubes-users] What is the latest version of Qubes (on 23 February 2021)

2021-02-23 Thread haaber

On 2/23/21 12:58 PM, load...@gmail.com wrote:

I know about *'Qubes Release 4.0.3'* and *'**Qubes Release 4.0.4-rc2'*,
but I don't understand what is the version I have.


your "initial" qubes  release is marked in the file /etc/qubes-release


/kernel-qubes-vm.x86_64 1000:4.14.74-1.pvops.qubes
kernel-qubes-vm.x86_64  1000:4.19.15-1.pvops.qubes


these are outdated kernels. The stable kernels should be 5.x now, and if
they are 4.x it is certainly 4.19.(>150). I infer from this that
something is weird. Distinguish xen-kernel (package "kernel.x86_64") and
AppVM kernels containing "qubes-vm" it their name. They are different.


*So could anybody tell me is this the latest version of Qubes OS or
something happened with my update process?*



did you run as donoban suggested the update command
"sudo qubes-dom0-update --refresh"
inside a dom0-terminal ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab988faa-926c-fadc-2908-ae5276b1ab7c%40web.de.


Re: [qubes-users] Memory balancing very inefficient

2021-02-22 Thread haaber

Today I noticed that many VMs do get a lot more RAM than they actually
use. While using only about 200-300MB small vms like -net and -firewall
get gigabytes of memory and this seem to be the case even if memory is
running out (sum of all VMs approaches physical RAM size). Also dom0 is
using only about 700MB but gets 4GB.

1) does memory balancing take back memory from a VM at all?

apparently, as much as there is enough, each appVM gets MaxMem-size
(kernel param, usually 4G). When memory is gettng tight the qmemmman
manager does "balooning" whatever that is exactly.
This behaviour might be linked to errors (e.g. my qubes install does not
support 5.x xen kernels: crashes can be caused by "memory stress" and
even if not, they always finish by loads of qmemman log entries, before
deep freeze (not even a kernel panic, just sudden death)


2) how does it happen that VMS get assigned this ridiculously larger
amount of memory compare to their usage?

by design, as explained.


3) is there something that can be done besides manually setting limits
for all VMs?

Good question.


I current think about limiting all small VMs to 256MB and dom0 to 2 GB
of RAM (by GRUB parameter) lacking any idea for a better approch.


Tell us if that works! My qubes has no grub. But you can set kernel
params in /boot/efi/EFI/qubes/xen.cfg

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67f3fd08-14a1-2766-1dff-6a46ff15c819%40web.de.


[qubes-users] kernel crashes (?) 5.10.13

2021-02-08 Thread haaber

I am testing the above xen kernel. I experience random freezes of the
system, with no significant "last words" in the logs, if it is not many
many  qmemman notices like these (sorry for the length). Is this a known
issue?? Any hints to stabilite the system?   Cheers!




Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4551340032.0, total_available_memory=11504979715.02)
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]: left_memory=1402107746
acceptors_count=3
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4592266444.8, total_available_memory=11464053302.2)
Feb 08 18:15:40 dom0 qmemman.daemon.algo[2055]: left_memory=1456607746
acceptors_count=3
Feb 08 18:15:43 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4648645427.2, total_available_memory=11407674319.81)
Feb 08 18:15:43 dom0 qmemman.daemon.algo[2055]: left_memory=1530113766
acceptors_count=3
Feb 08 18:15:44 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4691084083.2, total_available_memory=11365235663.81)
Feb 08 18:15:44 dom0 qmemman.daemon.algo[2055]: left_memory=1584279066
acceptors_count=3
Feb 08 18:15:45 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4732670771.2, total_available_memory=11323648975.81)
Feb 08 18:15:45 dom0 qmemman.daemon.algo[2055]: left_memory=1636414622
acceptors_count=3
Feb 08 18:15:56 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4683198054.4, total_available_memory=11373121692.6)
Feb 08 18:15:56 dom0 qmemman.daemon.algo[2055]: left_memory=1574288232
acceptors_count=3
Feb 08 18:17:26 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17640615,
total_mem_pref=4724763443.2, total_available_memory=11331556303.8)
Feb 08 18:17:26 dom0 qmemman.daemon.algo[2055]: left_memory=1485460405
acceptors_count=3
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '5'
act=2198308027 pref=488608972.8 last_target=2198308027
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '4'
act=1670913193 pref=334349516.8 last_target=1670913193
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '0'
act=4294967296 pref=1453227212.8 last_target=4294967296
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '7'
act=4194304000 pref=1386774937.601 last_target=4194304000
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '3'
act=33554432 pref=108003328 last_target=33554432
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: dom '6'
act=3646632184 pref=953799475.2 last_target=3646632184
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: stat: xenfree=70069415
memset_reqs=[('5', 2153453877), ('4', 1629753095), ('3', 33554432),
('0', 4294967296), ('7', 4194304000), ('6', 3732745
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 5 to
2153453877
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 4 to
1629753095
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 3 to 33554432
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 0 to
4294967296
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 7 to
4194304000
Feb 08 18:17:26 dom0 qmemman.systemstate[2055]: mem-set domain 6 to
3732745262
Feb 08 18:17:35 dom0 qmemman.daemon.algo[2055]:
balance_when_enough_memory(xen_free_memory=17542515,
total_mem_pref=4765301145.6, total_available_memory=11291019331.4)
Feb 08 18:17:35 dom0 qmemman.daemon.algo[2055]: left_memory=1400321867
acceptors_count=3
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '5'
act=2153453877 pref=488608972.8 last_target=2153453877
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '4'
act=1629753095 pref=334349516.8 last_target=1629753095
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '0'
act=4294967296 pref=1453227212.8 last_target=4294967296
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '7'
act=4194304000 pref=1386774937.601 last_target=4194304000
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '3'
act=33554432 pref=108003328 last_target=33554432
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: dom '6'
act=3732745262 pref=994337177.6 last_target=3732745262
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: stat: xenfree=69971315
memset_reqs=[('5', 2110991693), ('4', 1591745932), ('3', 33554432),
('0', 4294967296), ('7', 4194304000), ('6', 3813300
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 5 to
2110991693
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 4 to
1591745932
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 3 to 33554432
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 0 to
4294967296
Feb 08 18:17:35 dom0 qmemman.systemstate[2055]: mem-set domain 7 to

Re: [qubes-users] Re: [PATCH v5.10] drm/i915/userptr: detect un-GUP-able pages early

2021-02-07 Thread haaber





No, but this patch has been superseded by the latest intel xorg driver.
To try it, just enable the current-testing repo and upgrade
xorg-x11-drv-intel to at least v2.99.917-49.20210126.

 sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing 
--action=upgrade xorg-x11-drv-intel

Discussion: 
https://github.com/QubesOS/qubes-issues/issues/6356#issuecomment-765952048


Hi, I get that type of message before complete qubes-crash, and I wonder
if it is linked. It happens almost sure in any video-conf, often while
browsing. And 5x day ...

Thank you!


Feb 07 11:06:45 dom0 kernel: [ cut here ]
Feb 07 11:06:45 dom0 kernel: i915 :00:02.0: drm_WARN_ON((val & (1 <<
30)) ==
 0)
Feb 07 11:06:45 dom0 kernel: WARNING: CPU: 3 PID: 3538 at
/home/user/rpmbuild/BU
ILD/kernel-latest-5.10.13/linux-5.10.13/drivers/gpu/drm/i915/display/intel_cdclk
.c:850 skl_get_cdclk+0x22b/0x2
Feb 07 11:06:45 dom0 kernel: Modules linked in: binfmt_misc loop
ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter vfat fat
snd_hda_codec_hdmi s
nd_soc_skl snd_soc_sst_ipc snd
Feb 07 11:06:45 dom0 kernel:  xen_acpi_processor xenfs ip_tables
dm_thin_pool dm
_persistent_data dm_bio_prison dm_crypt hid_multitouch rtsx_pci_sdmmc
mmc_core c
rct10dif_pclmul crc32_pclmul c
Feb 07 11:06:45 dom0 kernel: CPU: 3 PID: 3538 Comm: Xorg Tainted: G
   W
 5.10.13-1.fc25.qubes.x86_64 #1
Feb 07 11:06:45 dom0 kernel: Hardware name: Dell Inc. Latitude
7390/09386V, BIOS
 1.5.1 07/12/2018
Feb 07 11:06:45 dom0 kernel: RIP: e030:skl_get_cdclk+0x22b/0x2b0 [i915]
Feb 07 11:06:45 dom0 kernel: Code: 8b 6f 50 4d 85 ed 0f 84 88 00 00 00
e8 3e 57
56 c1 48 c7 c1 08 ac 3d c0 4c 89 ea 48 89 c6 48 c7 c7 a5 2b 40 c0 e8 e5
70 e0 c0
 <0f> 0b 8b 53 04 e9 11 fe ff
Feb 07 11:06:45 dom0 kernel: RSP: e02b:c90001ebb9e0 EFLAGS: 00010286
Feb 07 11:06:45 dom0 kernel: RAX:  RBX: c90001ebba0c
RCX: 00
27
Feb 07 11:06:45 dom0 kernel: RDX:  RSI: 888135cd8a80
RDI: 888135cd8a88
Feb 07 11:06:45 dom0 kernel: RBP: 888107ca R08: 0003
R09: 0001
Feb 07 11:06:45 dom0 kernel: R10:  R11: c90001ebb7d8
R12: 888107ca0808
Feb 07 11:06:45 dom0 kernel: R13: 888100da3350 R14: 
R15: 888107ca
Feb 07 11:06:45 dom0 kernel: FS:  78d3e66a9a40()
GS:888135cc() knlGS:
Feb 07 11:06:45 dom0 kernel: CS:  e030 DS:  ES:  CR0:
80050033
Feb 07 11:06:45 dom0 kernel: CR2: 7e6aae2db518 CR3: 00012049e000
CR4: 00050660
Feb 07 11:06:45 dom0 kernel: Call Trace:
Feb 07 11:06:45 dom0 kernel:  gen9_disable_dc_states+0x67/0x260 [i915]
Feb 07 11:06:45 dom0 kernel:  intel_power_well_enable+0x3e/0x50 [i915]
Feb 07 11:06:45 dom0 kernel:
__intel_display_power_get_domain.part.24+0x6f/0x90 [i915]
Feb 07 11:06:45 dom0 kernel:  intel_display_power_get+0x49/0x60 [i915]
Feb 07 11:06:45 dom0 kernel:  __gt_unpark+0x2c/0x70 [i915]
Feb 07 11:06:45 dom0 kernel:  __intel_wakeref_get_first+0x3b/0x80 [i915]
Feb 07 11:06:45 dom0 kernel:  i915_gem_do_execbuffer+0x170a/0x1e80 [i915]
Feb 07 11:06:45 dom0 kernel:  ? unix_stream_read_generic+0x97e/0xa00
Feb 07 11:06:45 dom0 kernel:  ? kmem_cache_free+0x2bd/0x2e0
Feb 07 11:06:45 dom0 kernel:  ? unix_stream_read_generic+0x97e/0xa00
Feb 07 11:06:45 dom0 kernel:  ? kmem_cache_free+0x2bd/0x2e0
Feb 07 11:06:45 dom0 kernel:  i915_gem_execbuffer2_ioctl+0xea/0x200 [i915]
Feb 07 11:06:45 dom0 kernel:  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0 [i915]
Feb 07 11:06:45 dom0 kernel:  drm_ioctl_kernel+0xb6/0x100 [drm]
Feb 07 11:06:45 dom0 kernel:  drm_ioctl+0x329/0x3b0 [drm]
Feb 07 11:06:45 dom0 kernel:  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0 [i915]
Feb 07 11:06:45 dom0 kernel:  __x64_sys_ioctl+0x8e/0xd0
Feb 07 11:06:45 dom0 kernel:  ? syscall_trace_enter.isra.18+0x163/0x1b0
Feb 07 11:06:45 dom0 kernel:  do_syscall_64+0x33/0x40
Feb 07 11:06:45 dom0 kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Feb 07 11:06:45 dom0 kernel: RIP: 0033:0x78d3e3d3d6a7
Feb 07 11:06:45 dom0 kernel: Code: 00 00 00 48 8b 05 e1 27 2c 00 64 c7
00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8
10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3
Feb 07 11:06:45 dom0 kernel: RSP: 002b:7fff95e584a8 EFLAGS: 0246
ORIG_RAX: 0010
Feb 07 11:06:45 dom0 kernel: RAX: ffda RBX: 000e
RCX: 78d3e3d3d6a7
Feb 07 11:06:45 dom0 kernel: RDX: 7fff95e584e0 RSI: 40406469
RDI: 000e
Feb 07 11:06:45 dom0 kernel: RBP: 7fff95e584e0 R08: 000c
R09: 78d3e6770020
Feb 07 11:06:45 dom0 kernel: R10: 3fd0 R11: 0246
R12: 78d3dd779000
Feb 07 11:06:45 dom0 kernel: R13: 1000 R14: 7fff95e584e0
R15: 021b9730
Feb 07 11:06:45 dom0 kernel: ---[ end trace 528bf252a0c1a39e ]---

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To 

[qubes-users] BIG instability problems of qubes

2021-02-03 Thread haaber

Dear qubes community, I use qubes since its version 3, with many up's
and downs (more up's, happily). Since its version 4 it worked quite
stable, but this changed since some months. I am obliged to hard-reboot
my machine 5-10 times per day, versus a scheduled reboot every two-three
weeks before.

- Somehow the 5.4.x kernels (for xen) are instable on my machine. They
run smoothly my debian appvm's. No clue if the kernel its crashes, but
after 2-15   min the systems becomes unusable: the screen "hangs" and no
other way out than hard reboot. I have a rather std i7, I mention. HCL
attached. My problems:

- The last upgrade removed my last 4.9 xen kernel which would work fine
(how can I get that one back??) so I switched to 5.10 directly. The last
one braught by update won't work: under 5.10.11 kernel, NO WAY to boot a
debian-vm. Journalctl says:


Jan 29 21:39:55 dom0 qubesd[2087]: Start failed: internal error:
libxenlight failed to create new domain 'sys-net'
Jan 29 21:39:55 dom0 qmemman.daemon.algo[2095]:
balance_when_enough_memory(xen_free_memory=12370411092,
total_mem_pref=779203379.2, total_available_memory=15886175008.8)
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: stat: dom '0'
act=4294967296 pref=779203379.2 last_target=4294967296
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: stat:
xenfree=12422839892 memset_reqs=[('0', 4294967296)]
Jan 29 21:39:55 dom0 qmemman.systemstate[2095]: mem-set domain 0 to
4294967296



- when running zoom with 5.10.5 xen kernel inside a dedicated zoom-vm
(debian-10) inside firefox (no custom app). The system "hangs" screen
hangs, sound loops over last second, and that's it. I do not see any
special before the problem occurs (see down) but  there is something
strange while boot. It is displayed for each CPU separately.


Feb 02 16:14:43 dom0 kernel: [ cut here ]
Feb 02 16:14:43 dom0 kernel: WARNING: CPU: 1 PID: 0 at
/home/user/rpmbuild/BUILD/kernel-latest-5.10.5/linux-5.10.5/arch/x86/xen/enlighten_pv.c:660
get_trap_addr+0x81/0x90
Feb 02 16:14:43 dom0 kernel: Modules linked in: loop ebtable_filter
ebtables ip6table_filter ip6_tables iptable_filter vfat fat
snd_hda_codec_hdmi snd_soc_skl snd_soc_sst_ipc snd_soc_sst_dsp
Feb 02 16:14:43 dom0 kernel:  xen_acpi_processor xenfs ip_tables
dm_thin_pool dm_persistent_data dm_bio_prison dm_crypt hid_multitouch
nvme rtsx_pci_sdmmc mmc_core crct10dif_pclmul crc32_pcl
Feb 02 16:14:43 dom0 kernel: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G
W 5.10.5-1.qubes.x86_64 #1
Feb 02 16:14:43 dom0 kernel: Hardware name: Dell Inc. Latitude
7390/09386V, BIOS 1.5.1 07/12/2018
Feb 02 16:14:43 dom0 kernel: RIP: e030:get_trap_addr+0x81/0x90
Feb 02 16:14:43 dom0 kernel: Code: b0 c4 e1 82 48 89 07 b8 01 00 00 00
85 f6 74 04 84 c0 75 16 b8 01 00 00 00 c3 48 8b 42 08 48 89 07 0f b6 42
10 83 f0 01 eb e2 <0f> 0b 31 c0 c3 cc cc cc cc
Feb 02 16:14:43 dom0 kernel: RSP: e02b:c9abfe08 EFLAGS: 00010002
Feb 02 16:14:43 dom0 kernel: RAX: 0001 RBX: 830d41d0
RCX: 82625558
Feb 02 16:14:43 dom0 kernel: RDX: 82625558 RSI: 0005
RDI: c9abfe10
Feb 02 16:14:43 dom0 kernel: RBP: 830da0f0 R08: 0001
R09: 
Feb 02 16:14:43 dom0 kernel: R10: 8249f900 R11: 82744648
R12: 830d9f20
Feb 02 16:14:43 dom0 kernel: R13: 001d R14: 8249f440
R15: 001d
Feb 02 16:14:43 dom0 kernel: FS:  ()
GS:888135c4() knlGS:
Feb 02 16:14:43 dom0 kernel: CS:  1e030 DS: 002b ES: 002b CR0:
80050033
Feb 02 16:14:43 dom0 kernel: CR2: 720f340010c6 CR3: 0261
CR4: 00050660
Feb 02 16:14:43 dom0 kernel: Call Trace:
Feb 02 16:14:43 dom0 kernel:  cvt_gate_to_trap+0x50/0xa0
Feb 02 16:14:43 dom0 kernel:  ? asm_exc_double_fault+0x30/0x30
Feb 02 16:14:43 dom0 kernel:  xen_convert_trap_info+0x60/0xa0
Feb 02 16:14:43 dom0 kernel:  xen_load_idt+0x46/0xa0
Feb 02 16:14:43 dom0 kernel:  load_current_idt+0x11/0x20
Feb 02 16:14:43 dom0 kernel:  cpu_init+0x148/0x410
Feb 02 16:14:43 dom0 kernel:  cpu_bringup+0x10/0x90
Feb 02 16:14:43 dom0 kernel:  xen_pv_play_dead+0x38/0x60
Feb 02 16:14:43 dom0 kernel:  do_idle+0x1c9/0x2b0
Feb 02 16:14:43 dom0 kernel:  cpu_startup_entry+0x19/0x20
Feb 02 16:14:43 dom0 kernel:  asm_cpu_bringup_and_idle+0x5/0x1000
Feb 02 16:14:43 dom0 kernel: ---[ end trace 011f03ca1c0f295f ]---
Feb 02 16:14:43 dom0 kernel: cpu 1 spinlock event irq 131
Feb 02 16:14:43 dom0 kernel: ACPI: \_PR_.PR01: Found 3 idle states
Feb 02 16:14:43 dom0 kernel: CPU1 is up
Feb 02 16:14:43 dom0 kernel: installing Xen timer for CPU 2
Feb 02 16:14:43 dom0 kernel: [ cut here ]

[IN RED COLOUR]
Feb 02 16:15:22 dom0 qmemman.systemstate[2401]: Xen free = 142013308 too
small for satisfy assignments! assigned_but_unused=117851537,
domdict={'6': {'no_progress': False, 'id': '6', 'mem_us


Feb 02 16:19:58 dom0 qmemman.daemon.algo[2401]:

SOLVED. Re: Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-31 Thread haaber


It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda
-
Thank you very much Donoban. I tried:
root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d
/dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot"
efibootmgr: ** Warning ** : Boot0002 has same label Qubes
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: ,0001
Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1
  PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700)
Boot0002* Qubes
  
HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder
 /mapbs /noexitboot
Boot0006* CD/DVD/CD-RW Drive    BBS(CDROM,CD/DVD/CD-RW Drive,0x0)
Boot0007* Onboard NIC    BBS(Network,IBA CL Slot 00FE v0112,0x0)
Boot* Qubes
  
HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder
 /mapbs /noexitboot
what you see is that Qubes was still in the UEFI "line" now at position
0002. I will have to try a reboot - don't like it, because it is a pain
in the neck to re-install wireless on debian; I hope that I downloaded
all packages I need on /boot of my life system ... otherwise I will
become silent for a while!    Cheers


I tried a reboot after an extra-emergeny backup (luks-by-hand training:)
and your efibootmgr command worked. qubes is back!  Thank you so much.

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d127edb5-6ecc-e4cf-814d-dbf602c30907%40web.de.


Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-30 Thread haaber
 

 
 

Gesendet: Samstag, 30. Januar 2021 um 10:28 Uhr
Von: "donoban" 
An: qubes-users@googlegroups.com
Betreff: Re: [qubes-users] HELP! after update dom0 "no bootable device found"

Hi,

On 1/30/21 8:43 AM, haa...@web.de wrote:
> I am surprised by the sizes -- files seem small. Do the seem correct?? 
> Are there files missing?? Could maybe someone check these md5sums, please?
>  

Probably the initramfs differ due different hardware or configuration.
vmlinuz image seems fine.

> (3) I could try the " efibootmgr " commands mentioned in UEFI
troubleshooting, but I do not understand them, and I am afraid to f*ck
it up even worse. If my harddrive-boot partition is mounted on /BOOT
instead of /boot , how would the command read, please??

It seems it ignores your mountpoint, you pass directly the hard disk and
EFI partition number (which should be the first) so in:
efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1
"placeholder /mapbs /noexitboot"

You only have to worry about /dev/sda
-

 

 

Thank you very much Donoban. I tried:

 

root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot"
efibootmgr: ** Warning ** : Boot0002 has same label Qubes
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: ,0001
Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1    PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700)
Boot0002* Qubes    HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot
Boot0006* CD/DVD/CD-RW Drive    BBS(CDROM,CD/DVD/CD-RW Drive,0x0)
Boot0007* Onboard NIC    BBS(Network,IBA CL Slot 00FE v0112,0x0)
Boot* Qubes    HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot
 

 

what you see is that Qubes was still in the UEFI "line" now at position 0002. I will have to try a reboot - don't like it, because it is a pain in the neck to re-install wireless on debian; I hope that I downloaded all packages I need on /boot of my life system ... otherwise I will become silent for a while!    Cheers

 






-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-559faab6-63c7-4cbe-bf49-42f2e860cf2b-1612026841940%403c-app-webde-bap06.


[qubes-users] HELP! after update dom0 "no bootable device found"

2021-01-29 Thread haaber
The main line is in the title. I did a dom0 upgrade that installed kernel-latest. After reboot I got the freaky message

"No bootable device found, press F1... F2 .. F5.." -- it does not really say where it comes from, but it sounds like a BIOS message.

 

I have no idea where to start, so I give all I have here and ask for help. Please read quickly over it, any hint is appreciated.

(1) I did boot my computer with a live linux.

(2) The boot partition does exist. The qubes folder reads like this

 


-rwxr-xr-x 1 root root  24M Jan 29 17:57 initramfs-5.10.11-1.fc25.qubes.x86_64.img
-rwxr-xr-x 1 root root  24M Jan 12 15:27 initramfs-5.10.5-1.qubes.x86_64.img
-rwxr-xr-x 1 root root  23M Jan 24 09:41 initramfs-5.10.8-1.qubes.x86_64.img
-rwxr-xr-x 1 root root  24M Jan 24 09:39 initramfs-5.4.91-1.fc25.qubes.x86_64.img
-rwxr-xr-x 1 root root 7.9M Jan 29 17:57 vmlinuz-5.10.11-1.fc25.qubes.x86_64
-rwxr-xr-x 1 root root 7.9M Jan 12 15:27 vmlinuz-5.10.5-1.qubes.x86_64
-rwxr-xr-x 1 root root 7.9M Jan 24 09:41 vmlinuz-5.10.8-1.qubes.x86_64
-rwxr-xr-x 1 root root 6.9M Jan 24 09:39 vmlinuz-5.4.91-1.fc25.qubes.x86_64
-rwxr-xr-x 1 root root 2.0M Jan  4 00:43 xen-4.8.5-29.fc25.efi
-rwxr-xr-x 1 root root 1.4K Jan 29 20:57 xen.cfg
-rwxr-xr-x 1 root root 2.0M Jan  4 00:43 xen.efi

 

I am surprised by the sizes -- files seem small. Do the seem correct??  Are there files missing?? Could maybe someone check these md5sums, please?

 

1ff66a646f443da650caca5a71d14dc9  initramfs-5.10.11-1.fc25.qubes.x86_64.img
0ed0b625599395686c950b11ca626659  initramfs-5.10.5-1.qubes.x86_64.img
66ad105adc1bcf8543fde0be5e1cffa9  initramfs-5.10.8-1.qubes.x86_64.img
aa03e2e037aa2a173c4f9a2db6dd9096  initramfs-5.4.91-1.fc25.qubes.x86_64.img
36993c5ea1f93a37c548f8ac32b18baf  vmlinuz-5.10.11-1.fc25.qubes.x86_64
9669c095819240d8117f208748707b4c  vmlinuz-5.10.5-1.qubes.x86_64
3db1a8bdd97a608a5459ac5521052ab8  vmlinuz-5.10.8-1.qubes.x86_64
0834cc9a9bfbacb9cfc420f3b879bca7  vmlinuz-5.4.91-1.fc25.qubes.x86_64

 

If these files were corrupt, other error messages should appear, so it is, probably, somthing else. But still!

Next, my actual xen.cfg reads like this

 


[global]
default=5.4.91-1.fc25.qubes.x86_64

[5.10.5-1.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.10.5-1.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.10.5-1.qubes.x86_64.img
[5.4.91-1.fc25.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.4.91-1.fc25.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.4.91-1.fc25.qubes.x86_64.img
[5.10.11-1.fc25.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off
kernel=vmlinuz-5.10.11-1.fc25.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-5efeb9ad-e2a2-47ae-b8e2-d12180464e33 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet rd.qubes.hide_all_usb plymouth.ignore-serial-consoles
ramdisk=initramfs-5.10.11-1.fc25.qubes.x86_64.img

 

these all look OK, a part from 5.10.8. being present as files, but not in the boot menu, which is strange.

 
 


(3) I could try the " efibootmgr " commands mentioned in UEFI troubleshooting, but I do not understand them, and I am afraid to f*ck it up even worse. If my harddrive-boot partition is mounted on /BOOT instead of /boot  , how would the command read, please??


 

 

 

Thank you very much,  Bernhard





-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-9fc2348b-403a-4b48-a530-bda38d1047d6-1611992631199%403c-app-webde-bap08.


[qubes-users] Re: Qubes OS 4.0.4-rc2 has been released!

2021-01-24 Thread haaber

I have a kernel question. With last updates I have 3 kernels 5.4.x
installed and one 5.10.x (kernel-latest). It happens that the
5.4.x-kernels provoque freezes & sponaneous reboots. So I would like to
ask qubes to disregard these (5.4.x) and keep at least two 5.9.x or
5.10.x kernels when upgrading (and maybe some stable 4.x kernel as
backup in case). How can I do that?  Cheers.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08712453-a8b6-4cb0-b09a-26e834743915%40web.de.


Re: [EXT] Re: [qubes-users] wireless " intruder "

2021-01-07 Thread haaber

On 1/6/21 6:11 PM, Ulrich Windl wrote:

On 1/3/21 2:24 PM, haaber wrote:
...

Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.


Are there logs (the famous "last words")?


(my) mirage does not log. It has a fixed size of 32 MB, not much space
for logging .. and dom0 has no useful info on that incident.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/881aa0f7-a368-bf82-e556-f098c01ada07%40web.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2021-01-07 Thread haaber

I'm not sure exactly what you mean, but there's:


I mean: It seems you need the file manager to open the file just to
register it as handler; is there an alternative not using the file manager?


not that I know. But you can register it "by hand" by creating a .dsktop
file yourself (as I explained earlier). Put these lines

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/user/.local/bin/send-to-vm.sh %f
Name=Send a screenshot to VM
Comment=Custom definition for send-to-vm.sh

in a new file in ~/.local/share/applications/userapp-screenshot.desktop

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc5559fd-e70b-de8c-f81d-390b5f59c4c5%40web.de.


Re: [qubes-users] USB stick issue

2021-01-07 Thread haaber

Maybe it's related to recent updates, or my computer is starting to die:
Anyway: Today I had plugged in my USB stick and attached it successfully
to "vault". I had opened a file from it. The suddenly within one second,
I saw the stick being disconnected and reconnected, and the "vault"
failed to write the file.


that happens also when a "bad electrical connection" happens (worn out
usb plug, for example). Then the usb-"attach" breaks, but the virtual
device number (xvd..) i still blocked, so a reconnect increases the
number (from i to j to k). etc. That is not "expected" but happens.

I would power down sys-usb and vault and try again. And I would not take
data from usb into vault, rather from usb into a dispVM first, if you
need to grab data into vault: There you can still perform (integrity)
checks before copying them to vault...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5070d2c3-ecba-09ab-bf65-b93bce764862%40web.de.


Re: [qubes-users] Re: HCL -- Intel NUC10i7 issues with kernel-latest

2021-01-04 Thread haaber

On 1/4/21 11:39 PM, 'awokd' via qubes-users wrote:

tv.f...@gmail.com:


How did you install the 5.8.16 kernel? When I do something like

$ qubes-dom0-update kernel-lateat-5.8.16

it shows me the package, downloads it, but then it tells me "no package
kernel-latest-5.8.16 available" so I'm a bit confused.


EXAMPLE:

sudo qubes-dom0-update  kernel-latest-1000:5.9.14-1.qubes.x86_64
--enablerepo=qubes-dom0-unstable

simply change numbers to your wanted kernel version.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d746624b-301d-b079-4410-9a12369d6243%40web.de.


Re: [qubes-users] wireless " intruder "

2021-01-03 Thread haaber

On 1/3/21 1:04 PM, David Hobach wrote:

On 1/3/21 12:43 PM, haaber wrote:

Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:

When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall!  That is
fancy. The network structure is

sys-net - mirage-firewall -qubes-firewall - dispVM

and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us!    Cheers,  Bernhard


Your firewalls might interfere with the nmap replies and thus everything
is shown as filtered.

I did it in sys-net but they remain "filtered". That is not a
firewall-artefact.



Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.

I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.



P.S:  I will see if I can use my phone as AP honypot using the same SSID
& pwd to find that antenna using signal strength (the idea is that I can
move it), but usually that is very hard, due to natural "shadows" and
reflections.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42a9d26b-764e-3806-6dc1-93c7385a8e17%40web.de.


[qubes-users] wireless " intruder "

2021-01-03 Thread haaber

Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:

When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall!  That is
fancy. The network structure is

sys-net - mirage-firewall -qubes-firewall - dispVM

and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us!Cheers,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05b44784-2fd3-4241-7e52-4afbfda7d036%40web.de.


Re: [EXT] Re: [qubes-users] Disable lock screen / screenshot question

2020-12-29 Thread haaber

On 12/29/20 7:02 PM, Ulrich Windl wrote:

Better:  create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".


When trying, it seems my Dom0 does not have a file manager in the menu.
I had to run "thunar" manually from the terminal.

you are right.


Also: Wouldn't qvm-move-to-vm be preferrable (also replacing "Send" with
"Move")?

you are right again. It was a "proof of concept" code. Thank you for the
correction!



This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.

Or write it by hand: like
 ~/.local/share/applications/userapp-screenshot.desktop  containing

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/user/.local/bin/send-to-vm.sh %f
Name=Send a screenshot to VM
Comment=Custom definition for SCREENSHOT.sh


cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/723ac154-6fb1-3469-b43e-9e960a0d630f%40web.de.


Re: [qubes-users] Disable lock screen / screenshot question

2020-12-23 Thread haaber

On 12/22/20 10:18 PM, Jarrah wrote:



How do you disable the automatic screen lock? I have the screensaver
disabled and the lock screen option unchecked but it still locks after a
few minutes.



For me, there is a "presentation mode" on the battery icon (which shows
on both desktop and laptop) that disables the screen lock.


Also when using the screenshot function in system tools, is it possible to
save to the AppVM file system you are currently using rather than to Dom0?
Or how do I access it once it is saved to Dom0?



You should be able to get them to your AppVM using `qvm-copy-to-vm  `  from the terminal.


Better:  create in dom0 a file containing:

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


Save that as an executable script, such as "~/.local/bin/send-to-vm.sh".
Then, open dom0 file manager, right click any png, click open with other
application, and under "use a custom command" enter "send-to-vm.sh %s".
This "registers" the script in the application list.

Then, when you take a screenshot, instead of choosing "save", choose
"open with..." and see if your script shows up in the list of available
applications. If still not, you might have to write a simple .desktop
file in ~/.local/share/applications in order for it to show
up as an option.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16a62446-060f-1faf-8cb8-daedeb67d440%40web.de.


Re: [EXT] [qubes-users] crontab backups?

2020-12-21 Thread haaber

>
> Thank you for the response. It actually ended up that cron did not like
> executing a script, I just put the exact same line from the script
> directly into cron.cron is not anti-script as such. I experienced
problems using pipes (I guess a pipe spawns off a new thread, that does
not necessarily run under the same user)
> Now I just need to understand how to setup things to delete backups
> older than X

using "find". to find *files* "f" (in contrast with "d") older than 30
days that are called backup*.luks, it would be

  find   /path  -type f  -iname   backup\*.luks   -mtime +30   -print

the word "-print"   displays them.

Rem1: The first "*" must be backslashed in the find command, you don't
  want bash to expand it!

Rem2: careful with auto-delete (don't complain :)
  you replace -print by -delete



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4d46e1f-8f20-3a44-33fa-751d1afc6ef6%40web.de.


Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-21 Thread haaber

On 12/21/20 1:08 AM, Ulrich Windl wrote:

On 12/20/20 4:17 PM, Morten Eyrich wrote:

Okay so if I have been using a https connection, then it's no
problem... ?


If they use a wrong certificate for a MITM attack they might decode your
connection... It means nobody between you and the "next endpoint" can
read your password, but how to ensure what the "next endpoint" really is?


Ulrich is right. First, look at the "certificate story". These are meant
ensuring that you can trust your endpoint. Certificates are
pre-installed in your browser, and one should check (and rarely does)
which ones to trust (and how much). Invented examples: If they are owned
by chinese or russian  telecom company, do you trust it? State agencies
could intervene. Or british telecom (5eyes??). The actually used
hierarchical trust model might be a failure by design.

And then there are exploits. Example: some years ago Moxi Marlinspike
found the funny zero-byte error due to string handling: He proved that
you could buy for example the domain "com",0,"mand.org" and have the
trusted instances sign your subdomain  google.com",0",mand.org" which
any firefox (at least) did recognise as valid certificate for google.com
since they considered the 0 byte as "end of string". You are not safe
from such type of exploits.

Conclusion as usual: if your life depends on it, do not trust https.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c487860-2a84-1a50-a3ed-29e47597011e%40web.de.


Re: [qubes-users] crontab backups?

2020-12-17 Thread haaber

On 12/17/20 2:32 PM, Stumpy wrote:

I havent played with crontab in forever, and I cant code at all, but I
really wanted to try to automate my backups a wee bit.

I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix
centos-7-minimal email chat work personal

and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup
will run but when i try to do it via cron then nada?

The crond seems to be running and crontab -l shows the schedule I pasted
above, Is there a reason this shouldn't work?


I am no cron-expert, but in my exoerience cron and scripts often mess.
One reason seems " pipes " in scripts that usually fail when cron'ed.
Have a look at these "|" in the script and re-code them pipe-free -- to
my opinion that would be a good starting point. cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e709611-53eb-c474-b795-2af5b440a18f%40web.de.


Re: [qubes-users] Re: QSB-063: Multiple Xen issues (XSA-115, XSA-325,XSA-350)

2020-12-16 Thread haaber

On 12/16/20 10:55 AM, 'Ilpo Järvinen' via qubes-users wrote:

On Wed, 16 Dec 2020, haaber wrote:


Dear Andrew,


    For Qubes 4.0:
    - Xen packages, version 4.8.5-28
    - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1


how do I fetch 4.19.163-1 for example? I tried

sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64

but this gives "no package available". Same happens for 5.9.14-1. Also

sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64

fails. What am I missing??  Thank you.


The packages are likely still in security testing, not in the stable repo.
You need the enablerepo parameter. From the original announcement:


  For updates from the security-testing repository:
  $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing


right! Thank you. That brought indeed 4.19.163. But still

 sudo qubes-dom0-update --action=install
kernel-1000:5.9.14-1.qubes.x86_64 --enablerepo=qubes-dom0-security-testing

does not work. The main question seems: how do you get the correct
package name? Since a simple "update" does not install 5.9.14  but only
5.4.83 I have to ask for it "by hand", it seems.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f2ce1f4-2ee9-35bc-428f-14877aba6617%40web.de.


[qubes-users] Re: QSB-063: Multiple Xen issues (XSA-115, XSA-325, XSA-350)

2020-12-16 Thread haaber

Dera Andrew,


   For Qubes 4.0:
   - Xen packages, version 4.8.5-28
   - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1


how do I fetch 4.19.163-1 for example? I tried

sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64

but this gives "no package available". Same happens for 5.9.14-1. Also

sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64

fails. What am I missing??  Thank you.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3eec0af-ca6a-8e98-239f-857222e2a385%40web.de.


[qubes-users] new xen kernel 5.xx

2020-12-16 Thread haaber

I have still instabilities with the xen kernels 5.x (sudden system
freeze). I also have a small /boot and hold only the last 3 kernels.
They are right now:

vmlinuz-4.19.155-1.pvops.qubes.x86_64
vmlinuz-5.4.78-1.qubes.x86_64
vmlinuz-5.4.83-1.qubes.x86_64

I would like to mark the (for me very stable) kernel 4.19.155 as "do not
erase while updating" and remove the (for me) useless kernel
vmlinuz-5.4.78-1.qubes.x86_64. How can I do that, please?  I fear to
make a mess when just "playing around". I also want to keep 5.x kernels
for appVM's (they work well).   Thank you!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c453cf15-c69f-8b5f-f7c6-64ce6742e588%40web.de.


Re: [qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2

2020-11-29 Thread haaber

I detected neither issues, all is working well. I'll continue to test
with my daily usage and report again in 2 days with more tests.

For users who want to test, the complete command is:

[xxx@dom0 ~]$ sudo qubes-dom0-update --action=upgrade
--enablerepo=qubes-dom0-current-testing kernel kernel-qubes-vm


I experienced regular complete freezes of xen (after 5-30 minues xen
would be dead) -- I had to downgrade the xen kernel back to 4.19.155 -
to be able to write this mail. HCL report attached.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e42ea8ad-86b6-a490-583f-e6808cbf506c%40web.de.


Qubes-HCL-Dell_Inc_-Latitude_7390-20201129-212036.yml
Description: application/yaml


Re: [qubes-users] Re: Are "smart" monitors/TVs a security issue?

2020-11-26 Thread haaber

For "native" thunderbolt monitors there certainly could be an issue! For
HDMI/DP, honestly, do not know how much a malicious device could do.


For "smart"-tv's please notice existence of ethernet-over-hdmi :) Often
these machines have microphones (for vocal commands). As well as the STB
that decodes your ip-TV. Better you own your hardware ... and harden
the linux on it :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/264cccae-bab2-3ba9-8094-0de5e60e8160%40web.de.


Re: [qubes-users] ARM in Qubes OS

2020-11-18 Thread haaber

On 11/16/20 3:55 PM, load...@gmail.com wrote:

*So, the question is the same: Are there plans to support ARM processors
in Qubes OS in the future?


no woman, no cry - and no xen, no qubes :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fee9e809-4159-bd4e-6163-907ff42c1e6f%40web.de.


Re: [qubes-users] QSB #61 Information leak via power sidechannel (XSA-351)

2020-11-14 Thread haaber

Hello,  Marek wrote in the QSB


   For Qubes 4.0: Xen packages, version 4.8.5-26
   For updates from the security-testing repository:
   $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing


I found out an unexpected behaviour. I always ran the command

sudo qubes-dom0-update --enablerepo=qubes-dom0-*-testing

to update the system, believing that "*" it would include the case
"security". This seems not the case!  After running the update with *
the xen state was still 4.8.25:

dnf list |grep xen
libvirt-daemon-driver-xen.x86_64   3.3.0-10.fc25
@qubes-dom0-cached
libvirt-daemon-xen.x86_64  3.3.0-10.fc25
@qubes-dom0-cached
python3-xen.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
qubes-libvchan-xen.x86_64  4.0.8-1.fc25
@qubes-dom0-cached
xen.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-hvm.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-hvm-stubdom-linux.x86_64   1.0.10-1.fc25
@qubes-dom0-cached
xen-hypervisor.x86_64  2001:4.8.5-25.fc25
@qubes-dom0-cached
xen-libs.x86_642001:4.8.5-25.fc25
@qubes-dom0-cached
xen-licenses.x86_642001:4.8.5-25.fc25
@qubes-dom0-cached
xen-runtime.x86_64 2001:4.8.5-25.fc25
@qubes-dom0-cached

Only running explicitly the command as Marek suggests, * replaced by
security would upgrade to 4.8.26. That is odd, isn't it?

Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4237dc93-27d2-d785-31a3-53fa3e3e19e1%40web.de.


Re: [qubes-users] Re: device widget sends "device removed" / "device available" at random times

2020-11-10 Thread haaber

On 11/10/20 11:32 AM, Alex Smirnoff wrote:

I have random disconnects like that with cheap chinese USB hub i ordered
on Aliexpress. Never seen with built-in USB ports :)


Me neither. BadUSB in action ???

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d173577-41c0-1c41-d3dc-99f425e0a04e%40web.de.


[qubes-users] device widget sends "device removed" / "device available" at random times

2020-11-09 Thread haaber

I have some (apparently usb-based) bluetooth adapter that I never use.
Since some days, I get these messages every x second from my device
widget that device 8087_0a2b is removed, then comes again that it is
available, to be removed, and available again. At random times,
inclusive long gaps and faster oscillations. My sys-usb runs on a
minimal stable debian template.

Is this a (new) software bug or does it indicate a lose cable somewhere?
If I was alone on earth to encounter such things I would tend towards
the cable hypothesis; on the other hand side, moving / shaking the
laptop does not "produce these messages" : it may well be  a software
problem. Any observations / help available?  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54a84c71-6766-9d25-c6f0-7e1809e67277%40web.de.


Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-30 Thread haaber

On 10/29/20 11:06 PM, evado...@gmail.com wrote:

Proof of Concept.

github.com/evadogstar/qubes-sleepkeeper

Qubes-Sleepkeeper protects you from physical attack when the attacker
force you to enter the password of your Qubes after it wakeup from sleep
or from password guessing after wakeup. The attacker have very limited
time to do so or Qubes will shutdown automaticaly.


Interesting but threat model unclear. If the attacker can force you to
enter one password after suspend, why would he not force you to enter
LUKS and user password 5 minutes later? Please explain. Rather an evil
maid "attempt detection" (not protection) by "laptop is down instead of
sleeping"? I think it really could help as additional data protection in
case of normal, criminal theft...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d82a76a4-cb86-ebf8-25c7-f6556ba750d5%40web.de.


Re: [qubes-users] Securety: Auto shutdown pc after wakeup if no password.

2020-10-27 Thread haaber

Any ideas how to start shutdown process after wake up from sleep if user
will not unlock pc in expected time period (e.g. 30-60 seconds).

Maybe run some script before PC goes to sleep with timer and after it
wake up timer will continue and only user will have access to click
"cancel" when he will unlock the screen?

Where can I add this script on dom0? Can Qubes trigger(run) my script
before sleep action or wakeup action?

Or any other suggestions or ideas?



I have a similar question/idea, which would be auto-shutdown after 3 (or
any other number) false password attempts. The idea is to add a second
(luks) password layer if any stupid attempts are made.

My idea is to hook in the screensaver mechanism. In my install that
would be   /etc/pam.d/xscreeensaver were system-auth is mentioned, so I
guess, I have to include a line in /etc/pam.d/system-auth  to count
wrong pwd attempts and do some action if necessary. I guess something like

accountrequired pam_exec.so debug  /path/to/wrongpasswordscript.sh

in the system-auth could do the job, but I am not sure. Manipulating
unwisely these files may end with a lock-out of my system, so I'd like
some advice if this sounds correct to you, the qubes-community.


Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7856673-4e64-ebb6-4c87-8c091345369c%40web.de.


[qubes-users] best dns practice

2020-10-20 Thread haaber

Hi out there. I was wondering if there is some information gathered
concerning dns safety : how  dns & qubes work is part of the doc, but I
miss additional hints on good practice: setup free (like freedom) dns
services, security of dns services (protection against dns poisoning),
probably locally caching of dns answers to avoid too much useless
queries, maybe setting up warnings if certain addresses like debian,
fedora, my-home-bank, etc. should change their IP, maybe
correlation-free cross-checking of the local DNS-cache via TOR ETC.

This seems a complex subject to me and I would be grateful for any help.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0327602a-cb7c-1738-bb26-28cd87fe988c%40web.de.


[qubes-users] networkmanager / keyring

2020-09-27 Thread haaber

Hello,
a long time ago I did set a pwd for the keyring in sys-net. By too
little use, I forgot it. So now I can no longer register new networks,
which means at every laptop-lid open.close I have to enter it again, and
again. Editing /etc/Networkmanager/system-connections/wireless-name
files by hand is ignored, even if I put there pwd=whatever
Is there a way to solve this (either by destroy keyring, or make
NetworkManager read its own config files??)  Thanks !

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/705c0f9c-b967-cb28-35da-ea0c538a5322%40web.de.


[qubes-users] keeping wireless passwords in vault rather than sys-net ?

2020-08-24 Thread haaber

Hello, is there some (understandable) way to store wireless passwords
away in some vault VM ? I ask that question since I managed to forget my
sys-net gnome-wallet password that I used to rarely: I will have to
reset things properly anyways :((   best, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d526fc5e-386c-8136-953e-cbd94ce73b79%40web.de.


[qubes-users] add-ons in torbrowser

2020-07-30 Thread haaber

Hi this may be a double-post, but I could not find an appropiate help
page. I like to add an adblocker (u-block) to my TBB, since I consider
any browser without adblocking useless, meaning that I will not use it
anyways. So here is my approach:

download .xpi file in anon-whonix, qvm-move it to whonix-gw and there I
would (have liked to) install it. But the torbrowser does not want to be
run in  the template-VM. How procede then? Re-Install the .xpi file at
each reboot   Cheers!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f719128-9281-3dec-d9d6-0f20053c5414%40web.de.


Re: [qubes-users] Fetching updates after disabling qubes-update-check in clearnet qubes

2020-07-14 Thread haaber

>  <<--snip-->>

Though it's not clear to me whether this is actually an issue, I figured
I'd do it anyways. My question is, if I wanted to disable
qubes-update-check service, how would I go about updating my templates
over tor? Do I create debian and fedora templates linked to sys-whonix
just to get updates?


AFAIK the updates themselves run over sys-whonix by default. So, if you
run e.g. "apt-get update" on your debian-10 template, this connection
goes over tor. However, the notification about updates to run (yellow
update wheel widget in the right top corner) goes by standard over
the AppVM and so, most of the time over the clear (as your clock, that
updates over sys-net).

Since user-action is required (by running the update widget, or, as me,
doing it all by hand), the notification is rather uncorrelated to the
download action, I second Marek here.

It is, as always, a convenience-vs-security question. You may uninstall
the qubes-update-check service and run (checks for) updates by hand (or
script) periodically in your template-VMs. The gain is small, the pain
is high, so most people don't do it. That is my pov, maybe there is some
contradicting one?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ab1b814-fbc3-7828-7fe5-b7e9505e0fad%40web.de.


Re: [qubes-users] QSB #058: Insufficient cache write-back under VT-d (XSA-321)

2020-07-08 Thread haaber

On 7/8/20 5:58 PM, taran1s wrote:



Chris Laprise:

On 7/7/20 9:57 AM, Andrew David Wong wrote:

Only Intel systems are affected. AMD systems are not affected.


Per usual!



Is actually the XSA-321 a security issue only if one has HVM present in
the Qubes system, or it is a general issue even if there is no HVM?

Are there any security advices or a good practice to follow before the
patch is available?


I am not an expert on this, but I believe for sys-usb and sys-net you
have no real choice in most of the systems: PCI passthrough requires "no
PVH".

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d60972a-695b-b04e-caed-bec10e5e1bd2%40web.de.


Re: [qubes-users] Getting to the bottom of screenshots in Qubes OS

2020-07-08 Thread haaber

On 7/8/20 2:39 AM, Manuel Amador (Rudd-O) wrote:

On 20/06/2020 10.29, Logan wrote:

Hi Everyone,

Speaking with a colleague earlier today, I heard "Qubes is great, but
the no screenshots problem makes it a 'hard' no for me".

As a Qubes user and advocate, this stung.


Yeah, it's hard.

Honestly, in my humble opinion, the secure copy and paste keyboard
shortcuts should work with image data as well, not just text data.  That
way the screenshot problem is solved -- I can screenshot in one VM, copy
directly from that app (usually Firefox), and paste in another VM at will.



A solution discussed here some months ago: in dom0 have 2 files:
1.) screenshot.sh

#!/bin/bash
qvm-copy-to-vm $(zenity --entry --title='Send to VM' --text='Destination
VM') "${BASH_ARGV[@]}"


2) and userapp.screenshot.desktop

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec=/home/put-your-username-here/screenshot.sh %f
Name=screeenshot.sh
Comment=Sends screenshot directly to a given AppVM


after hitting PrintScr, check "open with" and select screenshot.sh,
(will be memorised for next time). Then type the destination AppVM & its
there. No autocomplete offered, sorry.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20103a9e-f80a-ab25-23d1-c0e40b408791%40web.de.


Re: [qubes-users] LUKS passphrase failures

2020-07-05 Thread haaber



I have tried this process with the other kernel options available as
well, to no avail.

Any help or advice (successful or not) is appreciated.


sounds daunting. So did you use a live-linux that has luks 'onboard'
(like tails) ? That way you could distinguish between luks problems and
qubes problems. It would also allow emergency backups before trying to
unbug the actual qubes installation (for that question I cannot help).
Do not play around before data is safe, or, if you can't resist, don't
complain; If you need help with emergency-backup pm me, please.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/059d8730-0120-a645-d2c1-07b473eb30c2%40web.de.


Re: [qubes-users] imagemagick in debian-minimal ?

2020-07-01 Thread haaber

haaber:

I discoverd with a little surprise that my 3 debian-minimal templates
(used for firewall, usb, net) have imagemagick installed.


https://github.com/QubesOS/qubes-issues/issues/5009#issuecomment-489357218


Thx!! That page suggests: problem known, but no solution in sight? My
minimal templates are minimal service ones (net,usb,firewall):  they
need no icons, no gv, no BS, just an xterm and basic things are
required. Somehow, I can live with a "broken" vm in the sense that the
convert command fails for some icons, no? So the question is: how remove
imagemagick without losing qubes-stuff? Is there maybe an empty
convert-dummy package?   Thanks!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bb6f173-6863-fa41-9ad6-5b19dabe36f0%40web.de.


[qubes-users] imagemagick in debian-minimal ?

2020-07-01 Thread haaber

I discoverd with a little surprise that my 3 debian-minimal templates
(used for firewall, usb, net) have imagemagick installed. I guess these
are not really necessary for their respective usage; however, asking
aptitude an uninstall of these packages would lead to remove

qubes-core-agent
qubes-core-agent-networkmanager
qubes-core-agent-networking
..

and some other qubes-* despite them all being marked as "manual" (using
apt-mark manual '^qubes' ). I seem to miss a point somewhere, maybe one
of you can explain it to me? Cheers.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2524513a-e311-01c4-d997-ef9d8f6b9048%40web.de.


Re: [qubes-users] DisposableVM Closing/Stopping Unexpectedly

2020-06-29 Thread haaber

On 6/29/20 9:25 PM, Qubes wrote:

On 6/29/20 3:42 PM, Qubes wrote:

If I try to open a terminal in a dvm, I have tried in both the dvm's
that are installed by default (Disposable: fedora-31-dvm and
Disposable: whonix-ws-15-dvm) and one that I created on my own by just
creating a qube and setting the "Disposable VM Template" flag.

When I open a terminal in any of these the new disposable VM gets
created, is started, and the terminal opens briefly, but then closes
immediately after and the disposable VM gets deleted.

Which log should I look at to troubleshoot?

If I open anything else in any of the 3 dvm's, for example Firefox or
Krusader, it opens.


I do experience the same with debian-10 disp-vm's. So I start a firefox
first, to open a terminal. After that, I can close firefox again. Very odd.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf4affd1-d8b4-950a-9395-462a8567ceec%40web.de.


[qubes-users] wacom tablets

2020-06-10 Thread haaber

Hi, has someone experience with wacom tablets / qubes ? I guess since it
is USB it simply boils down to installing prooer firmware in the appVM,
but I'd like to be sure before purchase. Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db118a7d-aaac-8157-8e96-aec16f3c90e4%40web.de.


Re: [qubes-users] Dell Latitude E5470 running Qubes 4.0.3 - no web cam...

2020-06-09 Thread haaber

On 6/9/20 2:07 PM, Andrew Sullivan wrote:

As per the Subject, I have installed 4.0.3 on my Latitude E5470.
Everything seems to work, except the webcam.  If I fire up Cheese, it
just says "No device found". The camera works fine in Windows 10 and
Linux Mint.  Running lsusb in a Dom0 terminal shows the following entry:

Bus 001 Device 002: ID 1bcf:28b8 Sunplus Innovation Technology Inc.

So Qubes can sort of see it.  What am I missing?


You use sys-usb (->make sure it is started, otherwise you don not see
usb devices). Since you see your cam, I presume that is OK.
Then you only need to attach the webcam to your cheese-running VM !! Use
the widget on right top corner of your screen for that.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/91fde4fd-2f05-e836-02da-8c697cbb7792%40web.de.


Re: [qubes-users] Accessing files on a different SSD on the same laptop...

2020-06-07 Thread haaber

On 6/7/20 1:04 PM, Andrew Sullivan wrote:



On Sunday, 7 June 2020 07:12:23 UTC+1, haaber wrote:

they will be inserted in the appvm-qube as /dev/xvdi, /dev/xvdk ...
[vd = virtual device, I guess]. The existence of a device does not mean
mounting it. I do that by hand: in a terminal, type

     sudo mount /dev/xvdi /media

will mount the attached device to /media and allow file access. If
it is
a luks-encrypted system, do

     sudo crypsetup luksOpen  /dev/xvdi  MYSSDVOL
     sudo mount  /dev/mapper/MYSSDVOL    /media

     cheers


Many thanks for that, works exactly as described!  Seems a bit strange
that the partition isn't mounted at the time it was attached (not sure
why you'd want to attach it if you didn't plan to read or write to
it?).   Anyways...


like any device that lurks in your machine(say a WIN partition. Unless
you ask for mounting in fstab it won't be done.


Is there any way the attachment and mounting can be made permanent?

no clue. never tried that.


Next challenge - access files on another Linux laptop on the same network!


use scp to copy individual files  and use

rsync -auv --rsh=ssh user@anotherlinuxmachine:path/  new-qubes-path/

is your friend to mass-copy data.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/392f510b-512c-48aa-759a-09a9111d9698%40web.de.


Re: [qubes-users] Accessing files on a different SSD on the same laptop...

2020-06-07 Thread haaber

On 6/6/20 6:33 PM, Andrew Sullivan wrote:


If you use qvm-block in dom0 can you see the disk/partitions?


      Don't know, I'll give it a try and post back.


OK, if I click on the  Devices widget I can indeed see all the
partitions on my internal SSD, with an arrow next to each.  If I click
the arrow I get a list of qubes, which I believe allows me to attach the
selected partition to where I want.  However, when I do this I can't
find the partition in the Files application in the qube.  Think I'm
still missing something...  Also, am I correct that this attachment will
only persist until I close the qube?


they will be inserted in the appvm-qube as /dev/xvdi, /dev/xvdk ...
[vd = virtual device, I guess]. The existence of a device does not mean
mounting it. I do that by hand: in a terminal, type

   sudo mount /dev/xvdi /media

will mount the attached device to /media and allow file access. If it is
a luks-encrypted system, do

   sudo crypsetup luksOpen  /dev/xvdi  MYSSDVOL
   sudo mount  /dev/mapper/MYSSDVOL/media

   cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ab43a05-0672-d51d-1496-43a435d9cff9%40web.de.


Re: [qubes-users] Qubes won't boot

2020-06-04 Thread haaber


qvm-run -p HELPERVM "sudo cat /dev/mapper/qubes_dom0-vm--VMOLD--private" | sudo 
dd conv=sparse of=/dev/mapper/qubes_dom0-vm--VMNEW--private



how do you use  qvm-run  if qubes won't boot? First step is a always
proper backup, on some external drive. That is what I wrote in my other
answer.


dd = disk destroyer.
I there is the slightest chance of error, don't use it.


that is really overly pessimistic, you can completely destroy your
system with pretty much any tool when used the wrong way.
yes, even with firefox.


Correct, but with dd it is much more easy :) If the qubesbootingdrama
was as experienced and skilled as you, he would not have asked, right?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8db0e622-2068-0e37-ee58-f0c1916ed4dd%40web.de.


Re: [qubes-users] Qubes won't boot

2020-06-04 Thread haaber

On 6/3/20 6:47 AM, Boot problems wrote:

I tried all that in my new ssd but could not make it work, however I made an 
Ubuntu live CD and it worked like a charm, I can mount and see the files on 
each vm, so at least my files are not lost forever, but you said that the Attr 
should not have an -a- and it does in every single one, is that a problem?

At this point I think is better for me to save the files I really need and 
forget about the restoring the vms


That is exact. If you can boot a live linux, first step is ALWAYS data
recovery. Repair attempts come second. You could use an external drive
for that. In this case, the emergency backup procedure is:

cd /externaldrive
  (go to mounted external vlume)
truncate -s 200G backup.luks
  (where 200G means 200 giga, change appropriately)
losetup /dev/loop0 backup.luks
  (make the file a device)
cryptsetup luksCreate /dev/loop0
  (setup crypto, you may use your qubes disc-pwd.)
cryptsetup luksOpen /dev/loop0 BACKUP
  (open it)
mkfs.ext2 /dev/mapper/BACKUP
  (generate easy fs for backup purposes)
mkdir /backup
  (make backup path)
mount /dev/mapp/BACKUP  /backup
  (mount it)

Then create a subfolder for each VM and save all data in the right subdir.

rsync -auv  /path-to-vm//backup/vm-name/

THINK TO PUT the final "/" at both paths!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/160fa5e5-4720-c80c-1946-0e746b45708e%40web.de.


Re: [qubes-users] Qubes won't boot

2020-06-04 Thread haaber

On 6/3/20 10:58 PM, Boot problems wrote:

How do I restore a mounted vm using dd?


dd = disk destroyer.

I there is the slightest chance of error, don't use it.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abfc262d-2158-b604-a802-650232eea8a0%40web.de.


Re: [qubes-users] Re: docker install problems on debian-10

2020-05-31 Thread haaber

I tried to find a simpler workaround, but it looks like it's a problem
with kernel support, so either switch to a distro with aufs support(such
as Debian 9/Jessie), or downgrade your kernel.

 << --snip -->

Thank you! I removed my debian-9 template long ago (surprised?), but I
could re-install one for building. Just to evaluate the time-cost: how
would "downgrade" work?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48902821-d718-33bf-4e09-f0727758e760%40web.de.


Re: [qubes-users] Updating sys-usb template

2020-05-29 Thread haaber

On 5/29/20 10:04 PM, dhorf-hfref.4a288...@hashmail.org wrote:

On Thu, May 28, 2020 at 09:26:34AM +0200, Zbigniew Łukasiak wrote:

My sys-usb uses a very old template. I tried some googling - but
failed to find any advice about update it without locking me out of
the system.


disable sys-usb autostart. and reboot.
now you can replace the sys-usb template.
and try to start sys-usb with the new template.
if that fails, you will have to reboot again, and retry.

but basicly this reduces the problem from "locked out and need a
recovery disk" to "additional unplanned reboots" (which are not
that critical if you shut down all other VMs first)


maybe "lock out" refers to a USB keyboard ? That is how I read the
question. We let Zbigniew explain.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b9bfbb5-5858-c36c-ae0d-5a7fa2b8a926%40web.de.


Re: [qubes-users] docker install problems on debian-10

2020-05-27 Thread haaber

Hey, I experience trouble while trying to install docker accordingly to
https://docs.docker.com/engine/install/debian/ on debian-10. It apprears
that aufs.ko (whatever that is) makes trouble

Building initial module for 4.19.120-1.pvops.qubes.x86_64
Error! Bad return status for module build on kernel:
4.19.120-1.pvops.qubes.x86_64 (x86_64)
Consult /var/lib/dkms/aufs/4.19+20190211/build/make.log for more
information.
dpkg: error processing package aufs-dkms (--configure):
  installed aufs-dkms package post-installation script subprocess
returned error exit status 10
Errors were encountered while processing:
  aufs-dkms
E: Sub-process /usr/bin/dpkg returned an error code (1)

Could someone help me, with a hint, please? Cheers, Bernhard


I append my own question by a detail: Since I am asked to consult the
make.log file, here is why it fails. I have no way to fix that without
some help. Maybe sme headers missing ??


from /var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/sbinfo.c:23:
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:134:2: error:
unknown type name ‘vfs_readf_t’
  vfs_readf_t  si_xread;
  ^~~
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:135:2: error:
unknown type name ‘vfs_writef_t’
  vfs_writef_t  si_xwrite;
  ^~~~
In file included from
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/branch.h:33,
 from
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/aufs.h:38,
 from
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/module.c:25:
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:134:2: error:
unknown type name ‘vfs_readf_t’
  vfs_readf_t  si_xread;
  ^~~
/var/lib/dkms/aufs/4.19+20190211/build/fs/aufs/super.h:135:2: error:
unknown type name ‘vfs_writef_t’
  vfs_writef_t  si_xwrite;
  ^~~~

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80923647-7a7b-d615-fbd0-baefa47d8d77%40web.de.


[qubes-users] docker install problems on debian-10

2020-05-27 Thread haaber

Hey, I experience trouble while trying to install docker accordingly to
https://docs.docker.com/engine/install/debian/ on debian-10. It apprears
that aufs.ko (whatever that is) makes trouble

Building initial module for 4.19.120-1.pvops.qubes.x86_64
Error! Bad return status for module build on kernel:
4.19.120-1.pvops.qubes.x86_64 (x86_64)
Consult /var/lib/dkms/aufs/4.19+20190211/build/make.log for more
information.
dpkg: error processing package aufs-dkms (--configure):
 installed aufs-dkms package post-installation script subprocess
returned error exit status 10
Errors were encountered while processing:
 aufs-dkms
E: Sub-process /usr/bin/dpkg returned an error code (1)

Could someone help me, with a hint, please? Cheers, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb0cb755-f152-2d62-8bdd-fae78d16cee7%40web.de.


Re: [qubes-users] which OCR software, address database and e-mail program run with the Qubes-OS operating system - welche OCR Software, Adressdatenbank sowie E-Mail- Programm mit dem Betriebssystem Qu

2020-05-25 Thread haaber

Hi,

I don't know what to do now because I want to switch to the Qubes OS
operating system soon, that's why I'm asking you!

Because I suspect that you can no longer use them with Qubes OS.
That's why I'm interested in whether there is such software in Qubes OS.


I second the other answers, especially Sven Semmler's. If you have only
"consumer experience" with  windows, the change can be quite rough, so
if you have only ONE working machine, then  *do not even think of*
installing qubes on that. Use a second machine, get used to it, first.

Before wiping windows, make backups: often user data is spread in
windows machines, over folders & partitions and it is hard to find all
of it. So do a *full* backup. Otherwise, I suggest you write on a piece
of paper "I acknowledge that all my data may be lost", so you can't tell
yourself afterwards you did not know.

If you are worried about OCR, have a look at "tesseract". It is free &
one of the best anyways. Consider a donation, if you are happy with it,
instead of buying the first one you see.


Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d1e14a44-034c-c887-b0a2-6434d1900238%40web.de.


[qubes-users] feature request: qvm-print command

2020-05-19 Thread haaber

Hello there, I was thinking about the usefulness of a qvm-print command
that takes an input file, sends it to the "printing-VM" (defined in some
config file), and launches there a document viewer (defined in the
config file) in order to control parameters like duplexing, grayscale..)
or just runs plain "lp". After succesful printing it should clean up &
remove the file in the QubesIncoming folder.

Did someone construct such a thing already? Could be a nice feature, to
my point of view.  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b5d0139-51da-8718-f157-7cd6dc7d988d%40web.de.


[qubes-users] some remarks on dom0 updates (current-testing)

2020-05-14 Thread haaber

Since ever I run my qubes on current-testing; Sometimes problems occur,
but that is a way of learning more on qubes. Anyways. I observed since
the begin of the year 2020 a strange behaviour that bothers me: after
any dom0 update & reboot (there were 3-4), the laptop-lid close/open
will finish with a black screen, no password entry possible, and force a
reboot. No log info neither. Alright, that is annoying, but happens.

But it is worse: after 4-5 reboots, this odd behaviour disappears and
the machine runs as expected. To be honest, such non-deterministic
behaviour bothers me even more than any dysfunction (especially since I
won't complain since I run, as said, "testing"). Does someone share this
strange experience ???  Cheers

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f39ff8a7-963a-9973-3582-16619018665c%40web.de.


[qubes-users] webcam questions

2020-05-07 Thread haaber

I was wondering if I could "redirect" a static picture as a virtual
webcam, or, more fancy, run a webcam through a filter (transform me in a
comic figure for example :) before forwarding to a video-conference
appVM . Did someone play with that? The static picture should be easy, no?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb746b89-e3b2-7d02-c169-3556d40a128e%40web.de.


Re: [qubes-users] template and dependent qube show different behaviour

2020-05-07 Thread haaber

On Thu, May 07, 2020 at 08:30:14AM -0300, Franz wrote:

I installed into Fedora 31 template a proprietary banking rpm
application/plugin/extension which is supposed to work with the browsers
during banking tasks. This is called warsaw_setup_fedora_64.rpm


this sounds like a terrible idea unless you make a separate template
just for that task.


I second that. What you could do, if you are space-limited for cloning
templateVM's is to install the *dependencies* of your app in the
template (using dnf yum, whatsoever) and then redo the "rpm install" of
the warsaw file in the appVM at each boot. With dep. solved that is
really fast.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37842def-b0d5-1233-9dd5-c2a44a8405d1%40web.de.


Re: [qubes-users] Salt worm

2020-05-06 Thread haaber

did any of you actually bother to look at the problem?
because i am 99% sure this doesnt apply to qubes. at all.
(also you are several days late on this...)

this seems to be the original source and contains a fairly
good writeup:

https://labs.f-secure.com/advisories/saltstack-authorization-bypass


Thanks for the source. How do you infer that this "doesn't apply" (and
maybe "did never apply") to qubes? Recall my question:  where does salt
appear "under the hood" in qubes? This question seems relevant, since at
least I (almost) never invoke salt by hand. Is that not a reasonable
question? Explain.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbec1bf2-f789-d2d9-0eb7-15524ace0992%40web.de.


Re: [qubes-users] Salt worm

2020-05-06 Thread haaber

Qubes uses Salt, and there's something nasty going around:
https://saltexploit.com/


   Risk = (probability of an event)  x   (consequences of the event).

At which levels is salt used in qubes? I remember my last "active" use
>1 year ago to get hopefully clean templates after the apt-"crisis".
But maybe is is "under the hood" at each qubes-dom0-update? If it were
to be used "by hand only" we could enforce risk = 0 by the above formula
and keeping fingers off salt for a while.   Thanks!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7418a43e-c4da-994a-5730-778a92b8d654%40web.de.


  1   2   3   4   >