[qubes-users] Re: wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-27 Thread ludwig jaffe


On Sunday, July 19, 2020 at 5:39:14 PM UTC, ludwig jaffe wrote:
>
> wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
> lock up, machine still running, but not usable.
>
>
> I have this machine:
>
>  qubes-hcl-report 
> Qubes release 4.0 (R4.0)
>
> Brand:Dell Inc.
> Model:Precision WorkStation T7500  
> BIOS:A17
>
> Xen:4.8.5-19.fc25
> Kernel:4.19.128-1
>
> RAM:98301 Mb
>
> CPU:
>   Intel(R) Xeon(R) CPU   L5638  @ 2.00GHz
> Chipset:
>   Intel Corporation 5520 I/O Hub to ESI Port [8086:3406] (rev 22)
> VGA:
>   Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
> 220] [1002:68fa] (prog-if 00 [VGA controller])
>   Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
> 220] [1002:68fa] (prog-if 00 [VGA controller])
>
> Net:
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Broadcom Limited NetXtreme BCM5761 Gigabit Ethernet PCIe (rev 10)
>
> SCSI:
>   Samsung SSD 860  Rev: 1B6Q
>   DVD+-RW DH-16ABS Rev: PD11
>
> HVM:Active
> I/O MMU:Active
> HAP/SLAT:Yes
> TPM:Device present
> Remapping:yes
>
> Qubes HCL Files are copied to: 'dom0'
> 
> Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7500__-20200719-172829.yml- 
> HCL Info
>
> ///
> lspci
> 00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22)
> 00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 1 (rev 22)
> 00:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 3 (rev 22)
> 00:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 7 (rev 22)
> 00:14.0 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub System 
> Management Registers (rev 22)
> 00:14.1 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub GPIO and Scratch 
> Pad Registers (rev 22)
> 00:14.2 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub Control Status 
> and RAS Registers (rev 22)
> 00:1a.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #4
> 00:1a.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #5
> 00:1a.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #6
> 00:1a.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
> Controller #2
> 00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio 
> Controller
> 00:1c.0 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
> Root Port 1
> 00:1c.5 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
> Root Port 6
> 00:1d.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #1
> 00:1d.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #2
> 00:1d.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #3
> 00:1d.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
> Controller #1
> 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 90)
> 00:1f.0 ISA bridge: Intel Corporation 82801JIR (ICH10R) LPC Interface 
> Controller
> 00:1f.2 SATA controller: Intel Corporation 82801JI (ICH10 Family) SATA 
> AHCI Controller
> 00:1f.3 SMBus: Intel Corporation 82801JI (ICH10 Family) SMBus Controller
> 01:00.0 PCI bridge: Pericom Semiconductor PCI Express to PCI-XPI7C9X130 
> PCI-X Bridge (rev 04)
> 02:00.0 PCI bridge: IBM PCI-X to PCI-X Bridge (rev 02)
> 03:04.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:04.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:06.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:06.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 04:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
> Cedar [Radeon HD 7350/8350 / R5 220]
> 04:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
> Audio [Radeon HD 5400/6300/7300 Series]
> 05:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
> Cedar [Radeon HD 7350/8350 / R5 220]
> 05:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
> Audio [Radeon HD 5400/6300/7300 Series]
> 06:00.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068E 
> PCI-Express Fusion-MPT SAS (rev

Re: [qubes-users] wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-21 Thread ludwig jaffe
I disabled hyper-threading, and the box feels more stable.
But I am not sure if it was the problem.

On Tuesday, July 21, 2020 at 1:35:01 PM UTC, ludwig jaffe wrote:
>
> Hi, the machine still crashed, so I need to give it a long memtest
> to see if it has any loose bits, but ECC memory should protect against
> such.
> Other suggestions?
>
>
>
> On Monday, July 20, 2020 at 6:36:24 AM UTC, ludwig jaffe wrote:
>>
>> So thanks for the tip, I have now put videoram min to 36000 and overhead 
>> to 0.
>> Lets see if the machine still bugs around.
>>
>> BTW, any thoughts on fighting the ME using qubes, so no more
>> complete disassembly of laptops, de-soldering flash chips,
>> soldering some small circuits to the south bridge and so on.
>>
>> Tricking around with the hw, is risky especially on a laptop, a honey pot
>> approach might be a solution against the ME, but it is ring -3, that evil 
>> beast.
>>
>> Cheers
>>
>> Ludwig
>>
>> On Sunday, July 19, 2020 at 10:29:19 PM UTC, Qubes wrote:
>>>
>>> On 7/19/20 7:39 PM, ludwig jaffe wrote: 
>>> > wired problems with 4 screens and 2 graphics boards: ps/2 mouse and 
>>> kbd 
>>> > lock up, machine still running, but not usable. 
>>>
>>> There is a page in the documentation that refers to 4K displays not 
>>> working correctly because not enough RAM gets allocated to the graphics 
>>> buffer. It could be that you may be experiencing this problem. 
>>>
>>> https://www.qubes-os.org/doc/gui-configuration-and-troubleshooting/ 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c67c134e-0136-44f9-8b2d-0c94b6708cefo%40googlegroups.com.


[qubes-users] Re: Package conflict in Fedora keeps showing Qubes Update symbol

2020-07-21 Thread ludwig jaffe
dependency hell, as usual with fedora, if you start to install packages 
from outside.


On Monday, July 20, 2020 at 10:16:13 PM UTC, qtpie wrote:
>
> Hi, 
>
> In fedora 32, an update is available for the libdav1d package. Because 
> other packages depend on the older version, the newer version can't be 
> installed. This causes a conflict when doing dnf upgrade. Because of 
> this, the Qubes Updater symbol (orange sun) keeps showing, which is 
> annoying. The --best and --allowerasing options do not solve this. 
>
> I'm aware that it is technically correct that the symbol keeps showing, 
> and that I could just wait until the dependencies get updated (which 
> might be a long time away). But does anyone have a more satisfying 
> solution for this? To my mind this could be either: 
>
> - solving the dependency problem (yes, technically a fedora problem) 
> - not showing the symbol for conclicted packages 
>
>
>
> Logs: 
>
>   Problem: package vlc-core-1:3.0.9.2-3.fc32.x86_64 requires 
> libdav1d.so.3()(64bit), but none of the providers can be installed 
>- cannot install both libdav1d-0.7.1-1.fc32.x86_64 and 
> libdav1d-0.5.2-2.fc32.x86_64 
>- cannot install both libdav1d-0.5.2-2.fc32.x86_64 and 
> libdav1d-0.7.1-1.fc32.x86_64 
>- cannot install the best update candidate for package 
> vlc-core-1:3.0.9.2-3.fc32.x86_64 
>- cannot install the best update candidate for package 
> libdav1d-0.5.2-2.fc32.x86_64 
> 
>  
>
>   Package   ArchitectureVersion   Repository 
> Size 
> 
>  
>
> Skipping packages with conflicts: 
> (add '--best --allowerasing' to command line to force their upgrade): 
>   libdav1d  x86_64  0.7.1-1.fc32  updates 
>376 k 
>
> Transaction Summary 
> 
>  
>
> Skip  1 Package 
>
> Nothing to do. 
> Complete! 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4671fcc-695b-4693-b6c9-d1897c0862e6o%40googlegroups.com.


Re: [qubes-users] wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-21 Thread ludwig jaffe
Hi, the machine still crashed, so I need to give it a long memtest
to see if it has any loose bits, but ECC memory should protect against
such.
Other suggestions?



On Monday, July 20, 2020 at 6:36:24 AM UTC, ludwig jaffe wrote:
>
> So thanks for the tip, I have now put videoram min to 36000 and overhead 
> to 0.
> Lets see if the machine still bugs around.
>
> BTW, any thoughts on fighting the ME using qubes, so no more
> complete disassembly of laptops, de-soldering flash chips,
> soldering some small circuits to the south bridge and so on.
>
> Tricking around with the hw, is risky especially on a laptop, a honey pot
> approach might be a solution against the ME, but it is ring -3, that evil 
> beast.
>
> Cheers
>
> Ludwig
>
> On Sunday, July 19, 2020 at 10:29:19 PM UTC, Qubes wrote:
>>
>> On 7/19/20 7:39 PM, ludwig jaffe wrote: 
>> > wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
>> > lock up, machine still running, but not usable. 
>>
>> There is a page in the documentation that refers to 4K displays not 
>> working correctly because not enough RAM gets allocated to the graphics 
>> buffer. It could be that you may be experiencing this problem. 
>>
>> https://www.qubes-os.org/doc/gui-configuration-and-troubleshooting/ 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3644f1c2-2d7f-4d3f-b21c-dd119efb1297o%40googlegroups.com.


[qubes-users] Re: WARNING: Thin volume qubes_dom0/img-Tails maps 8.00 GiB while the size is only 2.00 GiB.

2020-07-20 Thread ludwig jaffe
Hi,

*urgently* clean up the disks. If you get a full disk qubes is likely to 
crash since some
config files are not written properly. I experienced qubes rendered 
unusable while the disk
was full. So some config files which manage the VMs got corrupted, so I had 
to boot kali
to mount the disk images and to backup all my data and then to reinstall 
qubes,
because dom0 did not wanted to start any vm, and reported some python 
errors in line xyz.
So debug the scripts or just reinstall :-(
Maybe, there is a better way, to repair qubes, but I chose the 
archeological approach,
as the success was guaranteed beforehand.

feature request: backup all config files into 3 archives and rotate them, 
so one can simply
exchange a broken state with the state before, while loosing some changes 
to memory size, net vm
and so on, but the system stays stable
/feature request.

So never ever let qubes fill your disk(s) completely. Leave some room.

Cheers

Ludwig

On Sunday, June 14, 2020 at 9:52:11 PM UTC, Ulrich Windl wrote:
>
> Hi! 
>
> While experimenting with an image that didn't do what I wanted to I 
> ended up with this LVM warning: 
> WARNING: Thin volume qubes_dom0/img-Tails maps 8.00 GiB while the size 
> is only 2.00 GiB. 
>
> How can I "heal" LVM? 
> [root@dom0 master]# lvdisplay qubes_dom0/img-Tails 
>--- Logical volume --- 
>LV Path/dev/qubes_dom0/img-Tails 
>LV Nameimg-Tails 
>VG Namequbes_dom0 
>LV UUID4IwD50-xeKY-0PNs-FbB7-99aF-fGde-162Soq 
>LV Write Accessread/write 
>LV Creation host, time dom0, 2020-02-13 21:32:40 +0100 
>LV Pool name   pool00 
>WARNING: LV qubes_dom0/img-Tails maps 8.00 GiB while the size is only 
> 2.00 GiB. 
>LV Status  available 
># open 0 
>LV Size2.00 GiB 
>Mapped size100.00% 
>Current LE 512 
>Segments   1 
>Allocation inherit 
>Read ahead sectors auto 
>- currently set to 256 
>Block device   253:11 
>
> Ulrich 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c37e257-7b97-4d20-8427-a1f3a50c4ae0o%40googlegroups.com.


Re: [qubes-users] wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-20 Thread ludwig jaffe
Also I bought a new old graphics board. Lets see if a amd firepro w5100 with
4 dvi ports is better suitable, as here the graphics board supports 4 
screens
out of the box, so x11 does not need to use 2 different graphics boards.

btw how to make use of opencl in qubes?

On Monday, July 20, 2020 at 6:36:24 AM UTC, ludwig jaffe wrote:
>
> So thanks for the tip, I have now put videoram min to 36000 and overhead 
> to 0.
> Lets see if the machine still bugs around.
>
> BTW, any thoughts on fighting the ME using qubes, so no more
> complete disassembly of laptops, de-soldering flash chips,
> soldering some small circuits to the south bridge and so on.
>
> Tricking around with the hw, is risky especially on a laptop, a honey pot
> approach might be a solution against the ME, but it is ring -3, that evil 
> beast.
>
> Cheers
>
> Ludwig
>
> On Sunday, July 19, 2020 at 10:29:19 PM UTC, Qubes wrote:
>>
>> On 7/19/20 7:39 PM, ludwig jaffe wrote: 
>> > wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
>> > lock up, machine still running, but not usable. 
>>
>> There is a page in the documentation that refers to 4K displays not 
>> working correctly because not enough RAM gets allocated to the graphics 
>> buffer. It could be that you may be experiencing this problem. 
>>
>> https://www.qubes-os.org/doc/gui-configuration-and-troubleshooting/ 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d6856d5-8c32-4e87-a818-91b5982dd699o%40googlegroups.com.


Re: [qubes-users] wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-20 Thread ludwig jaffe
So thanks for the tip, I have now put videoram min to 36000 and overhead to 
0.
Lets see if the machine still bugs around.

BTW, any thoughts on fighting the ME using qubes, so no more
complete disassembly of laptops, de-soldering flash chips,
soldering some small circuits to the south bridge and so on.

Tricking around with the hw, is risky especially on a laptop, a honey pot
approach might be a solution against the ME, but it is ring -3, that evil 
beast.

Cheers

Ludwig

On Sunday, July 19, 2020 at 10:29:19 PM UTC, Qubes wrote:
>
> On 7/19/20 7:39 PM, ludwig jaffe wrote: 
> > wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
> > lock up, machine still running, but not usable. 
>
> There is a page in the documentation that refers to 4K displays not 
> working correctly because not enough RAM gets allocated to the graphics 
> buffer. It could be that you may be experiencing this problem. 
>
> https://www.qubes-os.org/doc/gui-configuration-and-troubleshooting/ 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af56024b-b1a0-457f-b8bc-85b3a47b273bo%40googlegroups.com.


[qubes-users] Re: pen testing / port forwarding guide?

2020-07-19 Thread ludwig jaffe
Feature Request:

Kali template VM with qubes-os secialities like cut installed.

Cheers,

Ludwig

On Tuesday, July 14, 2020 at 3:54:43 PM UTC, jm wrote:
>
> hi, 
>
> Has anyone written a guide to setting up a Kali vm in Qubes for 
> pen testing? 
>
> I'm studying for the OSCP, and the Qubes firewall port forwarding 
> guide suggests a fragile and finicky setup that I'm reluctant to 
> rely on. Punching holes from sys-net to sys-firewall to vpn-vm to 
> an an appvm just to run `nc -nlvp ` seems... like a kludge, at 
> best. 
>
> Issue #4028 tracks this problem. 
>
> The alternatives seem to be 1) create a HVM with direct access 
> to hardware--no sys-net or firewall-vm--or 2) purchase a 
> dedicated laptop for this use case. 
>
> Any suggestions? 
>
> thanks, 
>
> jmp 
>
> -- 
> J.M. Porup 
> www.JMPorup.com 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e0e7250-540e-4f62-a226-c82bc830b8e5o%40googlegroups.com.


[qubes-users] Re: wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-19 Thread ludwig jaffe
btw just for reference the machine takes about 250W while running some vms.


On Sunday, July 19, 2020 at 5:39:14 PM UTC, ludwig jaffe wrote:
>
> wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
> lock up, machine still running, but not usable.
>
>
> I have this machine:
>
>  qubes-hcl-report 
> Qubes release 4.0 (R4.0)
>
> Brand:Dell Inc.
> Model:Precision WorkStation T7500  
> BIOS:A17
>
> Xen:4.8.5-19.fc25
> Kernel:4.19.128-1
>
> RAM:98301 Mb
>
> CPU:
>   Intel(R) Xeon(R) CPU   L5638  @ 2.00GHz
> Chipset:
>   Intel Corporation 5520 I/O Hub to ESI Port [8086:3406] (rev 22)
> VGA:
>   Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
> 220] [1002:68fa] (prog-if 00 [VGA controller])
>   Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
> 220] [1002:68fa] (prog-if 00 [VGA controller])
>
> Net:
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Broadcom Limited NetXtreme BCM5761 Gigabit Ethernet PCIe (rev 10)
>
> SCSI:
>   Samsung SSD 860  Rev: 1B6Q
>   DVD+-RW DH-16ABS Rev: PD11
>
> HVM:Active
> I/O MMU:Active
> HAP/SLAT:Yes
> TPM:Device present
> Remapping:yes
>
> Qubes HCL Files are copied to: 'dom0'
> 
> Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7500__-20200719-172829.yml- 
> HCL Info
>
> ///
> lspci
> 00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22)
> 00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 1 (rev 22)
> 00:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 3 (rev 22)
> 00:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 7 (rev 22)
> 00:14.0 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub System 
> Management Registers (rev 22)
> 00:14.1 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub GPIO and Scratch 
> Pad Registers (rev 22)
> 00:14.2 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub Control Status 
> and RAS Registers (rev 22)
> 00:1a.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #4
> 00:1a.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #5
> 00:1a.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #6
> 00:1a.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
> Controller #2
> 00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio 
> Controller
> 00:1c.0 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
> Root Port 1
> 00:1c.5 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
> Root Port 6
> 00:1d.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #1
> 00:1d.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #2
> 00:1d.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #3
> 00:1d.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
> Controller #1
> 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 90)
> 00:1f.0 ISA bridge: Intel Corporation 82801JIR (ICH10R) LPC Interface 
> Controller
> 00:1f.2 SATA controller: Intel Corporation 82801JI (ICH10 Family) SATA 
> AHCI Controller
> 00:1f.3 SMBus: Intel Corporation 82801JI (ICH10 Family) SMBus Controller
> 01:00.0 PCI bridge: Pericom Semiconductor PCI Express to PCI-XPI7C9X130 
> PCI-X Bridge (rev 04)
> 02:00.0 PCI bridge: IBM PCI-X to PCI-X Bridge (rev 02)
> 03:04.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:04.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:06.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:06.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 04:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
> Cedar [Radeon HD 7350/8350 / R5 220]
> 04:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
> Audio [Radeon HD 5400/6300/7300 Series]
> 05:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
> Cedar [Radeon HD 7350/8350 / R5 220]
> 05:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
> Audio [Radeon HD 5400/6300/7300 Series]
> 06:00.0 SCSI storage controll

[qubes-users] Re: wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-19 Thread ludwig jaffe
I would suggest having a mgetty on dom0 attached to a serial interface like 
/dev/tty0 to be able to gracefilly restart the machine if
it locks up like that. I need to get a small dos laptop with vt220 
emulation for just that purpose, to last resort log into the box.



On Sunday, July 19, 2020 at 5:39:14 PM UTC, ludwig jaffe wrote:
>
> wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
> lock up, machine still running, but not usable.
>
>
> I have this machine:
>
>  qubes-hcl-report 
> Qubes release 4.0 (R4.0)
>
> Brand:Dell Inc.
> Model:Precision WorkStation T7500  
> BIOS:A17
>
> Xen:4.8.5-19.fc25
> Kernel:4.19.128-1
>
> RAM:98301 Mb
>
> CPU:
>   Intel(R) Xeon(R) CPU   L5638  @ 2.00GHz
> Chipset:
>   Intel Corporation 5520 I/O Hub to ESI Port [8086:3406] (rev 22)
> VGA:
>   Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
> 220] [1002:68fa] (prog-if 00 [VGA controller])
>   Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
> 220] [1002:68fa] (prog-if 00 [VGA controller])
>
> Net:
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
>   Broadcom Limited NetXtreme BCM5761 Gigabit Ethernet PCIe (rev 10)
>
> SCSI:
>   Samsung SSD 860  Rev: 1B6Q
>   DVD+-RW DH-16ABS Rev: PD11
>
> HVM:Active
> I/O MMU:Active
> HAP/SLAT:Yes
> TPM:Device present
> Remapping:yes
>
> Qubes HCL Files are copied to: 'dom0'
> 
> Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7500__-20200719-172829.yml- 
> HCL Info
>
> ///
> lspci
> 00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22)
> 00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 1 (rev 22)
> 00:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 3 (rev 22)
> 00:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
> Root Port 7 (rev 22)
> 00:14.0 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub System 
> Management Registers (rev 22)
> 00:14.1 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub GPIO and Scratch 
> Pad Registers (rev 22)
> 00:14.2 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub Control Status 
> and RAS Registers (rev 22)
> 00:1a.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #4
> 00:1a.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #5
> 00:1a.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #6
> 00:1a.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
> Controller #2
> 00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio 
> Controller
> 00:1c.0 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
> Root Port 1
> 00:1c.5 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
> Root Port 6
> 00:1d.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #1
> 00:1d.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #2
> 00:1d.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
> Controller #3
> 00:1d.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
> Controller #1
> 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 90)
> 00:1f.0 ISA bridge: Intel Corporation 82801JIR (ICH10R) LPC Interface 
> Controller
> 00:1f.2 SATA controller: Intel Corporation 82801JI (ICH10 Family) SATA 
> AHCI Controller
> 00:1f.3 SMBus: Intel Corporation 82801JI (ICH10 Family) SMBus Controller
> 01:00.0 PCI bridge: Pericom Semiconductor PCI Express to PCI-XPI7C9X130 
> PCI-X Bridge (rev 04)
> 02:00.0 PCI bridge: IBM PCI-X to PCI-X Bridge (rev 02)
> 03:04.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:04.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:06.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 03:06.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
> Controller (rev 01)
> 04:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
> Cedar [Radeon HD 7350/8350 / R5 220]
> 04:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
> Audio [Radeon HD 5400/6300/7300 Series]
> 05:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 

[qubes-users] wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd lock up, machine still running, but not usable.

2020-07-19 Thread ludwig jaffe
wired problems with 4 screens and 2 graphics boards: ps/2 mouse and kbd 
lock up, machine still running, but not usable.


I have this machine:

 qubes-hcl-report 
Qubes release 4.0 (R4.0)

Brand:Dell Inc.
Model:Precision WorkStation T7500  
BIOS:A17

Xen:4.8.5-19.fc25
Kernel:4.19.128-1

RAM:98301 Mb

CPU:
  Intel(R) Xeon(R) CPU   L5638  @ 2.00GHz
Chipset:
  Intel Corporation 5520 I/O Hub to ESI Port [8086:3406] (rev 22)
VGA:
  Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
220] [1002:68fa] (prog-if 00 [VGA controller])
  Advanced Micro Devices, Inc. [AMD/ATI] Cedar [Radeon HD 7350/8350 / R5 
220] [1002:68fa] (prog-if 00 [VGA controller])

Net:
  Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
  Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
  Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
  Intel Corporation 82546EB Gigabit Ethernet Controller (rev 01)
  Broadcom Limited NetXtreme BCM5761 Gigabit Ethernet PCIe (rev 10)

SCSI:
  Samsung SSD 860  Rev: 1B6Q
  DVD+-RW DH-16ABS Rev: PD11

HVM:Active
I/O MMU:Active
HAP/SLAT:Yes
TPM:Device present
Remapping:yes

Qubes HCL Files are copied to: 'dom0'

Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7500__-20200719-172829.yml- 
HCL Info

///
lspci
00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22)
00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
Root Port 1 (rev 22)
00:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
Root Port 3 (rev 22)
00:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
Root Port 7 (rev 22)
00:14.0 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub System Management 
Registers (rev 22)
00:14.1 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub GPIO and Scratch 
Pad Registers (rev 22)
00:14.2 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub Control Status 
and RAS Registers (rev 22)
00:1a.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
Controller #4
00:1a.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
Controller #5
00:1a.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
Controller #6
00:1a.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
Controller #2
00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio 
Controller
00:1c.0 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
Root Port 1
00:1c.5 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express 
Root Port 6
00:1d.0 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
Controller #1
00:1d.1 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
Controller #2
00:1d.2 USB controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI 
Controller #3
00:1d.7 USB controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI 
Controller #1
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 90)
00:1f.0 ISA bridge: Intel Corporation 82801JIR (ICH10R) LPC Interface 
Controller
00:1f.2 SATA controller: Intel Corporation 82801JI (ICH10 Family) SATA AHCI 
Controller
00:1f.3 SMBus: Intel Corporation 82801JI (ICH10 Family) SMBus Controller
01:00.0 PCI bridge: Pericom Semiconductor PCI Express to PCI-XPI7C9X130 
PCI-X Bridge (rev 04)
02:00.0 PCI bridge: IBM PCI-X to PCI-X Bridge (rev 02)
03:04.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
Controller (rev 01)
03:04.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
Controller (rev 01)
03:06.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
Controller (rev 01)
03:06.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet 
Controller (rev 01)
04:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
Cedar [Radeon HD 7350/8350 / R5 220]
04:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
Audio [Radeon HD 5400/6300/7300 Series]
05:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
Cedar [Radeon HD 7350/8350 / R5 220]
05:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cedar HDMI 
Audio [Radeon HD 5400/6300/7300 Series]
06:00.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068E 
PCI-Express Fusion-MPT SAS (rev 08)
07:00.0 Ethernet controller: Broadcom Limited NetXtreme BCM5761 Gigabit 
Ethernet PCIe (rev 10)
08:0a.0 FireWire (IEEE 1394): Texas Instruments TSB43AB22A IEEE-1394a-2000 
Controller (PHY/Link) [iOHCI-Lynx]
20:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
Root Port 3 (rev 22)
20:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express 
Root Port 7 (rev 22)
20:09.0 PCI bridge: Intel Corporation 7500/5520/5500/X58 I/O Hub PCI 
Express Root Port 9 (rev 22)
20:14.0 PIC: Intel Corporation 7500/5520/5500/X58 I/O Hub System Management 
Registers (rev 22)
20:14.1 PIC: Intel Corporation 

[qubes-users] missing support for sd card reader in qubes4 kernel

2019-01-02 Thread ludwig jaffe
Hi all, I have a dell note book that includes the following sd controller.
Which is supported in other linux kernels.
Please include support for this controller in the kernel and modules which
is shipped with qubes-os 4.0.

Thanks in advance


Ludwig

lspci -v



00:07.0 SD Host controller: O2 Micro, Inc. SD/MMC Card Reader Controller
(rev 01) (prog-if 01)
Subsystem: Dell SD/MMC Card Reader Controller
Physical Slot: 7
Flags: fast devsel, IRQ 44
Memory at f2026000 (32-bit, non-prefetchable) [size=4K]
Memory at f2027000 (32-bit, non-prefetchable) [size=4K]
Capabilities: 
Kernel modules: sdhci_pci

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrJWeNv_17d3H%3DOv3bUWhcgExFLkKWyNBFs1PVGK3bDJjw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - DELL M6800

2018-11-04 Thread ludwig jaffe
Unfortunately this computer has ME in the firmware.
Most modern BIOS is A23

I am running the old BIOS A16, but plan to update when I found out
how to disable or disturb ME firmware w/o bricking the laptop.
I know there is me_cleaner.
I have fear to update the bios as it could prevent me from down dating
if I need it.

ME is vulnerable in A16 BIOS, I use at the moment.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrJhoT%3DSvBBn-SeiUQsfLqvqOaXDAeeRsxCcDjraKXNBqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Precision_M6800-20181104-103921.yml
Description: application/yaml


Re: [qubes-users] Re: qubes 3.2: qubes-vm-manager not consistent

2018-01-29 Thread ludwig jaffe
Hi thanks,

I edited
/var/lib/qubes/qubes.xml
and removed the lines with the names of the VMs I deleted by hand before,
and needed to kill qubes-manager and to restart it, so the file gets read
and parsed.

Now my system behaves like before.

But there should be a warning if one configures the private.img size bigger
than the disk array holding the /var/lib/qubes stuff.
So qubes-manager should summarize the space used by the private.img and
warn the user not to take more space then the disk array can provide.


On Mon, Jan 29, 2018 at 6:01 PM, awokd <aw...@danwin1210.me> wrote:

> On Mon, January 29, 2018 10:53 pm, ludwig jaffe wrote:
> > Yes, I want to repair my qubes-vm-manager.
>
> Did you In Qubes Manager, go to the View menu and click Show/Hide Inactive
> VMs?
>
> > made a back-up and I want to modify config files by hand so the tools do
> > what they should do. So I need to de-register the vms I deleted by hand,
> > and I need to tell qubes-vm-manager which vms are there. I wonder if it
> > uses the tools qvm- in order to do its work.
>
> If you are sure you want to manually edit the qubes config, it's in
> /var/lib/qubes/qubes.xml. Make sure to make a backup of it first.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrJnbbXyhjmCPWjMTj8%3DA1gyrQ2xZkR8erJ5SGeTUYGjmQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: qubes 3.2: qubes-vm-manager not consistent

2018-01-29 Thread ludwig jaffe
Oh thank you I am a bit stupid,
I did not try the show hide button! Shame on me :-)

But still I have that zombie-VMs that I removed the hard way.
So I need to de-register them.

Ok I found the file, backed it up and want to edit it.
Do you know an xml ediitor with folding to edit this with more comfort,
as there is no  in the xml, just spaghetti.
A vim for xml with folding or something like that with curses text gui woud
be best.


On Mon, Jan 29, 2018 at 6:01 PM, awokd <aw...@danwin1210.me> wrote:

> On Mon, January 29, 2018 10:53 pm, ludwig jaffe wrote:
> > Yes, I want to repair my qubes-vm-manager.
>
> Did you In Qubes Manager, go to the View menu and click Show/Hide Inactive
> VMs?
>
> > made a back-up and I want to modify config files by hand so the tools do
> > what they should do. So I need to de-register the vms I deleted by hand,
> > and I need to tell qubes-vm-manager which vms are there. I wonder if it
> > uses the tools qvm- in order to do its work.
>
> If you are sure you want to manually edit the qubes config, it's in
> /var/lib/qubes/qubes.xml. Make sure to make a backup of it first.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7Jdr%2BMGrtPu0CXe0EJks1Ago_HzZ3bE6BA9HXGnNc22kG3%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: qubes 3.2: qubes-vm-manager not consistent

2018-01-29 Thread ludwig jaffe
Yes, I want to repair my qubes-vm-manager.
When I say at dom0:
qvm-ls, then I see my VMs also the vms that I deleted in order to get space
by saying rm -rf /var/lib/qubes/appvm/asterisk-now (some stupid appliance,
I tested,
and wanted to dispose, in order to free up space, which was not successfull
because
of file system errors.
So I cleaned the file system and made a back-up and I want to modify config
files
by hand so the tools do what they should do.
So I need to de-register the vms I deleted by hand,
and I need to tell qubes-vm-manager which vms are there. I wonder if it
uses the tools qvm- in order to do its work.

So I want to fix my old qubes 3.2 and then see if qubes 4 is really stable.
So any help is welcome on fixing my qubes 3.2 to give it the last polish to
remove the last traces of the disaster

Thanks,

Ludwig


On Mon, Jan 29, 2018 at 5:43 PM, awokd <aw...@danwin1210.me> wrote:

> On Mon, January 29, 2018 10:25 pm, ludwig jaffe wrote:
> > On Monday, January 29, 2018 at 9:14:38 AM UTC-5, Yuraeitha wrote:
> >
> >> On Monday, January 29, 2018 at 1:06:13 PM UTC+1, ludwig jaffe wrote:
>
> >>> The Qubes-VM-Manager only shows running VMs and not all the VMs that
> >>> are there, but from the menue button one can start the shells of these
> >>> VMs,
> >>> which causes the vms to be started.
> >>>
> >>> Also I can not change the disk size of private.img in the shutdown
> >>> personal vm. And maybe others.
>
> > Hi, as there is RC-4 of something, it is clever to stick with qubes3.2
> > until there will be 4.1. Also I would like to know how the qubes manager
> > works, in order to fix it my self (maybe, I need to edit some XML), if
> > nobody wants to help.
>
> I'm sticking with 3.2 on my primary system until 4.0 is released, but rc4
> is looking like it will be pretty close to ready.
>
> Are you talking about your two questions above?
> In Qubes Manager, go to the View menu and click Show/Hide Inactive VMs.
> If you are trying to enter a smaller number to shrink it, I don't think
> you can. Back up the personal VM's data, delete the VM, create a new one,
> and restore the data.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrK35L0OjNTTPuibRvm7SKyTYa7s5fFqwcLjiAu62Lv9mQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: qubes 3.2: qubes-vm-manager not consistent

2018-01-29 Thread ludwig jaffe
On Monday, January 29, 2018 at 9:14:38 AM UTC-5, Yuraeitha wrote:
> On Monday, January 29, 2018 at 1:06:13 PM UTC+1, ludwig jaffe wrote:
> > Problem after some diskfull errors:
> > see my post: "data panic (disc full) / want to mount nas with nfs and 
> > backup all in /var/lib/cubes", where I managed to recover the data and to 
> > repair the file systems.
> > --
> > the box is up and running, but 
> > --
> > The Qubes-VM-Manager only shows running VMs and not all the VMs that are
> > there, but from the menue button one can start the shells of these VMs,
> > which causes the vms to be started.
> > 
> > Also I can not change the disk size of private.img in the shutdown 
> > personal vm. And maybe others.
> > 
> > What happened to qubes-vm manager?
> > -> Disk got full and maybe, it could not write configs correncty
> > -> I deleted some not needed VMs by hand 
> > rm -rf /var/lib/qubes/appvm/some_stupid_appliance in order to get space,
> > before I started the recovery with the nas and kali linux
> > 
> > 
> > so could be, that qubes vm manager did not like this.
> > 
> > How to fix qubes vm manager?!
> 
> Now I know you're talking about Qubes 3.2. here, but this issue might 
> possibly be related to Qubes 4. The Qubes VM Manager was originally planned 
> to be out-phased in Qubes 4 and was supposed to become a relic of the past. 
> But due to many people having an easier time having a visual GUI that the VM 
> Manager provides, the Qubes developers brought it back recently in Qubes 4. 
> However it still needs some updates and fixes before it can run a bit more 
> smooth.
> 
> So here's thhe thing. Due to limited time and busy schedules to make 
> everything for Qubes, I suspect that some of the updates designed for Qubes 4 
> has also arrived and mixed in with Qubes 3.2. to some extent. For example 
> updates in qvm-usb, updates to the Qubes-tools, and so forth.
> 
> Now that doesn't mean all packages that resides on both Qubes 3.2. and Qubes 
> 4 are equally updated. All I'm suspecting here, is that "some" might slip 
> through to Qubes 3.2.
> 
> Basically, in Qubes 4 the Qubes mechanics has become so different, that the 
> VM-Manager will take major re-work to make it work properly again. However 
> it's already been brought back to a state where it's useful, albeit a bit 
> slow. But the cool thing with the Qubes 4 VM-Manager is that the window now 
> can be re-sized, although it doesn't yet remember the previous window size, 
> but hopefully that's fixed sometime soon.
> 
> Either way, this could be a possible explanation, but I'm no expert, and this 
> is only and merely a suspicion. Qubes 4 required a lot of work, and they're 
> not quite done yet either. They're busy with it, and it's probably taken 
> longer than anyone ever expected, although it has brought about some really 
> good results so it's imho been well worth it.
> 
> Thing is though, Qubes 3.2. was probably not meant to be around this long, 
> and it might be starting to show. But that's just be postulating, there might 
> be another possible explanation.
> 
> But for what it's worth, having used Qubes 4 since RC-2, it's actually become 
> quite stable now. If RC-4 is not out soon, then maybe upgrade to Qubes 4 
> RC-3? Also updates meant for RC-4 has been posted to Qubes 4 RC-3 
> current-testing too. Although it reamins to be seen whether a re-install is 
> recommended between RC-3 and the yet to be released RC-4, the developers will 
> tell us on the release day in the release news article, if any of the 
> previous releases procedures is to go by.

Hi, as there is RC-4 of something, it is clever to stick with qubes3.2 until 
there will be 4.1.
Also I would like to know how the qubes manager works, in order to fix it my 
self (maybe, I need to edit some XML), if nobody wants to help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57e31bba-5070-49d1-87fb-03a58e58e987%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: qubes 3.2: qubes-vm-manager not consistent

2018-01-29 Thread ludwig jaffe
On Monday, January 29, 2018 at 7:06:13 AM UTC-5, ludwig jaffe wrote:
> Problem after some diskfull errors:
> see my post: "data panic (disc full) / want to mount nas with nfs and backup 
> all in /var/lib/cubes", where I managed to recover the data and to repair the 
> file systems.
> --
> the box is up and running, but 
> --
> The Qubes-VM-Manager only shows running VMs and not all the VMs that are
> there, but from the menue button one can start the shells of these VMs,
> which causes the vms to be started.
> 
> Also I can not change the disk size of private.img in the shutdown 
> personal vm. And maybe others.
> 
> What happened to qubes-vm manager?
> -> Disk got full and maybe, it could not write configs correncty
> -> I deleted some not needed VMs by hand 
> rm -rf /var/lib/qubes/appvm/some_stupid_appliance in order to get space,
> before I started the recovery with the nas and kali linux
> 
> 
> so could be, that qubes vm manager did not like this.
> 
> How to fix qubes vm manager?!

Also there is a bug in the qubes-vm manager:
The dom0 disk can become full, as one can set a size for private.img that is 
bigger then the size of dom0 disk!
So if one is not careful, a bigger download in one of the app-vms can render
the qubes-os box unusable and one has to recover the data using kali and 
mounting the file system images.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1bb83b5-ed91-4d97-b3f1-5a16619c5b69%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 3.2: qubes-vm-manager not consistent

2018-01-29 Thread ludwig jaffe
Problem after some diskfull errors:
see my post: "data panic (disc full) / want to mount nas with nfs and backup 
all in /var/lib/cubes", where I managed to recover the data and to repair the 
file systems.
--
the box is up and running, but 
--
The Qubes-VM-Manager only shows running VMs and not all the VMs that are
there, but from the menue button one can start the shells of these VMs,
which causes the vms to be started.

Also I can not change the disk size of private.img in the shutdown 
personal vm. And maybe others.

What happened to qubes-vm manager?
-> Disk got full and maybe, it could not write configs correncty
-> I deleted some not needed VMs by hand 
rm -rf /var/lib/qubes/appvm/some_stupid_appliance in order to get space,
before I started the recovery with the nas and kali linux


so could be, that qubes vm manager did not like this.

How to fix qubes vm manager?!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/898f33b2-a936-4256-9efc-92b63f5f6504%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: PANIC!!! data panic (disc full) / want to mount nas with nfs and backup all in /var/lib/cubes

2018-01-29 Thread ludwig jaffe
On Sunday, January 28, 2018 at 12:26:44 PM UTC-5, ludwig jaffe wrote:
> Hi some systems got too big and now my dom0 is full.
> 
> data panic (disc full) / want to mount nas with nfs and backup all in 
> /var/lib/cubes
> 
> In a normal system I would setup an insulated air gap network and take a big 
> nas server mount nfs to the root-fs of dom0 and say as root cp -a 
> /var/lib/cubes /net/nas/bck.
> And then I would clean up and remove some VMs with rm -rf as I could undo it 
> when I got the VMs booted and cleaned of all the shit that got downloaded.
> 
> Now I can not connect the dom0 to a nic.
> Is there a trick to do it?
> booting a rescue linux from a stick would be a way but I first want to try 
> using qubes-os and changing a thing in the configs.
> 
> Thanks for your help.

Now I fixed nearly all. 
I did as follows:
boot kali-linux (or some other linux with enough tools -> Kali)  
from usb stick

cryptsetup  luksOpen /dev/sda3  greensda was the disk with the system and 
sda3 holds the encrypted qubes-os installation.

and mount /dev/dm-blabla  /mnt/8  (I have always mount points /mnt/{0-9} ready)

also I mounted my nas to nfs (no file security) in air gapped network
mount 192.0.123:/bigsasdrives/bakup /net/nas
and copied /var/lib/cubes to it
cp -av /var/lib/qubes /net/nas

this is running.

The disk to full problem is found:
I went to
/var/lib/qubes/personal
said file private.img
and file was so nice to tell me that private.img needs fsck.

but as there is important data on this private.img,
I first copy it to the nas and then say e2fsck private.img

so after back-up of the important stuff, i said e2fsck -f private.img
for all the app-vms and service-vms in the directory structure of 
/var/lib/qubes/

then I went to the vms like
cd /var/lib/qubes/appvms/banking1
said
mount -o loop,ro,noatime private.img /mnt/9
and I copied the important stuff here to the encrypted nas

in /var/lib/qubes/appvms/personal
I also copied the important stuff to the encrypted nas, and then I
deleted all the bloody videos I downloaded from the private.img in
personal and there is now room on the disk.

Videos are to be watched from nas from now on :-)

--
Only one Problem remains:
The Qubes-VM-Manager only shows running VMs and not all the VMs that are
there, but from the menue button one can start the shells of these VMs,
which causes the vms to be started.

Also I can not change the disk size of private.img in the shutdown 
personal vm. And maybe others.

How to fix qubes vm manager?!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b384e53-bdbb-429b-91b1-5a79b737bafd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] PANIC!!! data panic (disc full) / want to mount nas with nfs and backup all in /var/lib/cubes

2018-01-28 Thread ludwig jaffe
private.img is too big, the file system says its really big but it can not
be that big. I guess 4x of the size it should have as I feel it.
But I back it up to my big nas and then I say fsck.ext2 just to be sure
not to loose a thing.


On Sun, Jan 28, 2018 at 3:08 PM, ludwig jaffe <ludwig.ja...@gmail.com>
wrote:

> it is qubes 3.2
>
> Now I found a way:
> I booted kali from usb stick,
> then I did
> cryptsetup  luksOpen /dev/sda3  green
> and mount /dev/dm-blabla  /mnt/8
>
> also I mounted my nas to nfs (no file security) in air gapped network
> mount 192.0.123:/bigsasdrives/bakup /net/nas
> and copied /var/lib/cubes to it
> cp -av /var/lib/qubes /net/nas
>
> this is running.
>
> The disk to full problem is found:
> I went to
> /var/lib/qubes/personal
> said file private.img
> and file was so nice to tell me that private.img needs fsck.
>
> but as there is important data on this private.img,
> I first copy it to the nas and then say e2fsck private.img
>
> So this a way to repair your cubes without using the idiotic
> tools of qubes :-)
>
>
>
> On Sun, Jan 28, 2018 at 2:42 PM, awokd <aw...@danwin1210.me> wrote:
>
>> On Sun, January 28, 2018 5:26 pm, ludwig jaffe wrote:
>> > Hi some systems got too big and now my dom0 is full.
>> >
>> >
>> > data panic (disc full) / want to mount nas with nfs and backup all in
>> > /var/lib/cubes
>> >
>> >
>> > In a normal system I would setup an insulated air gap network and take a
>> > big nas server mount nfs to the root-fs of dom0 and say as root cp -a
>> > /var/lib/cubes /net/nas/bck.
>> > And then I would clean up and remove some VMs with rm -rf as I could
>> undo
>> > it when I got the VMs booted and cleaned of all the shit that got
>> > downloaded.
>> >
>> > Now I can not connect the dom0 to a nic.
>> > Is there a trick to do it?
>> > booting a rescue linux from a stick would be a way but I first want to
>> try
>> >  using qubes-os and changing a thing in the configs.
>>
>> 4.0? I think the "Qubes way" would be to boot from your install media,
>> pick Rescue mode, and get enough free space to be able to boot the full
>> system. 3.2 I guess you'd have to use a live image; can't remember if
>> there's a rescue mode.
>>
>> I honestly can't tell you how you'd go about attaching a NIC to dom0. USB
>> might be an easier choice, but same there- not something I've ever looked
>> into!
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrKneaZrhfb5safsfgt-YPf6qCP6-JG0Lr25qqZOmpE2hQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] PANIC!!! data panic (disc full) / want to mount nas with nfs and backup all in /var/lib/cubes

2018-01-28 Thread ludwig jaffe
it is qubes 3.2

Now I found a way:
I booted kali from usb stick,
then I did
cryptsetup  luksOpen /dev/sda3  green
and mount /dev/dm-blabla  /mnt/8

also I mounted my nas to nfs (no file security) in air gapped network
mount 192.0.123:/bigsasdrives/bakup /net/nas
and copied /var/lib/cubes to it
cp -av /var/lib/qubes /net/nas

this is running.

The disk to full problem is found:
I went to
/var/lib/qubes/personal
said file private.img
and file was so nice to tell me that private.img needs fsck.

but as there is important data on this private.img,
I first copy it to the nas and then say e2fsck private.img

So this a way to repair your cubes without using the idiotic
tools of qubes :-)



On Sun, Jan 28, 2018 at 2:42 PM, awokd <aw...@danwin1210.me> wrote:

> On Sun, January 28, 2018 5:26 pm, ludwig jaffe wrote:
> > Hi some systems got too big and now my dom0 is full.
> >
> >
> > data panic (disc full) / want to mount nas with nfs and backup all in
> > /var/lib/cubes
> >
> >
> > In a normal system I would setup an insulated air gap network and take a
> > big nas server mount nfs to the root-fs of dom0 and say as root cp -a
> > /var/lib/cubes /net/nas/bck.
> > And then I would clean up and remove some VMs with rm -rf as I could undo
> > it when I got the VMs booted and cleaned of all the shit that got
> > downloaded.
> >
> > Now I can not connect the dom0 to a nic.
> > Is there a trick to do it?
> > booting a rescue linux from a stick would be a way but I first want to
> try
> >  using qubes-os and changing a thing in the configs.
>
> 4.0? I think the "Qubes way" would be to boot from your install media,
> pick Rescue mode, and get enough free space to be able to boot the full
> system. 3.2 I guess you'd have to use a live image; can't remember if
> there's a rescue mode.
>
> I honestly can't tell you how you'd go about attaching a NIC to dom0. USB
> might be an easier choice, but same there- not something I've ever looked
> into!
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7Jdr%2BLWj5Gs0VQ0bSOOa_VebuRJwncA0TE2qfZOrH74YUnvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] PANIC!!! data panic (disc full) / want to mount nas with nfs and backup all in /var/lib/cubes

2018-01-28 Thread ludwig jaffe
Hi some systems got too big and now my dom0 is full.

data panic (disc full) / want to mount nas with nfs and backup all in 
/var/lib/cubes

In a normal system I would setup an insulated air gap network and take a big 
nas server mount nfs to the root-fs of dom0 and say as root cp -a 
/var/lib/cubes /net/nas/bck.
And then I would clean up and remove some VMs with rm -rf as I could undo it 
when I got the VMs booted and cleaned of all the shit that got downloaded.

Now I can not connect the dom0 to a nic.
Is there a trick to do it?
booting a rescue linux from a stick would be a way but I first want to try 
using qubes-os and changing a thing in the configs.

Thanks for your help.





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9dedca4-2135-4f83-81a2-fc429d60a069%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Anti Evil Maid (AEM) - SRK password strength? Sane to use same password as for full disk encryption?

2017-11-08 Thread ludwig jaffe
On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote:
> How strong should the SRK password strength be? Should it be as strong
> as a password for full disk encryption?
> 
> Is it sane to use same password as SRK password as well as for full disk
> encryption?
> 
> Cheers,
> Patrick

Another analog thing: one can exchange your laptop into a similar model and 
place it into your room and you type your password into "your" computer, but 
this one captures it and reports it to $agencies.
So paint your laptop with glitter paint and make a photo in a secure 
environment. So faking the random distribution of the particles is impossible, 
so one can just compare the pictures to be sure to have your machine.
Just to be sure, and it looks cool :-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a256f60d-d27b-4d4d-ba6c-4ef7ccceb35a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Anti Evil Maid (AEM) - SRK password strength? Sane to use same password as for full disk encryption?

2017-11-08 Thread ludwig jaffe
On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote:
> How strong should the SRK password strength be? Should it be as strong
> as a password for full disk encryption?
> 
> Is it sane to use same password as SRK password as well as for full disk
> encryption?
> 
> Cheers,
> Patrick

Think about the attack surface. Evil maid needs to come into your room and has 
about 2 hours to attack your machine.
The disk encryption needs to be much stronger. You take a flight to a country 
with some "security needs" and your laptop is shipped 2 days after your landing 
to your hotel.
The $agencies copied your harddisk and modified your bios (ME, UEFI) and you 
shop for a new laptop of the same series, pay cash and migrate your harddisk to 
the new machine.
So the $agencies are sad as they can not capture your key strokes but they can 
work years with your harddisk image.
The evil maid has not so much time, also she can not prepare much.
So if you have problems, maybe, you can decrease the security of SRK password,
but be sure to have enough entropy in a password.

Cheers.
As all have nothing to hide, we will not need to buy a new laptop on holidays 
:-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5661490d-8fe7-43b4-a7e7-d399b717357d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 3.2 flaw with wifi stoping to work after power safe mode (laptop lid closed)

2017-11-08 Thread ludwig jaffe
Hi, I bought a new cheap laptop, Lenovo 110 that uses an SOC with i3.
The wifi is
00:01.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821AE 802.11ac 
PCIe Wireless Network Adapter

After a while of using wifi, it just stops to work and sometimes reconnecting 
the wifi works sometimes one need to reboot the net-vm and sometimes this also 
does not help and one needs to reboot the whole machine in order to get wifi 
working again.
I saw such flaws once with kali but never investigated too much on it.

Any ideas on this problem?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06e73458-f1f8-43e0-9a3e-9e094af20580%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] build usb-vm and net-vm using openbsd?

2017-11-08 Thread ludwig jaffe
Hi, I saw that the linux kernel has some flaws 
(http://www.openwall.com/lists/oss-security/2017/11/06/8) in the usb stack, so 
I am
thinking about security against common errors, I would suggest to use
OpenBSD as USB-VM. Maybe, as Net-VM one could use open-bsd.
But how to integrate open-bsd with qubes and the virtual network inside qubes?

Has anyone tried such?

Cheers

Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3a9d418-1c96-4976-a4f7-9576c669a8f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: bug: qubes vm-manager qubes 3.2 current: Unable to rename VM to "ReactOS-Reference"

2017-11-02 Thread ludwig jaffe
On Thursday, November 2, 2017 at 11:52:29 AM UTC-4, ludwig jaffe wrote:
> bug: qubes vm-manager qubes 3.2 current: Unable to rename VM to 
> "ReactOS-Reference"
> 
> Problem:
> I installed reactos into a new standalone template vm and thought I could 
> derive user vms as in linux based. But this did not work, maybe I dont know 
> howto do.
> So as a work-around I wanted to make a reference reactos and clone it for 
> different tasks.
> So renaming it to "ReactOS-Reference" failed!
> The /var/lib/qubes/vm-templates/ReactOS-Reference folder
> got renamed properly but the Qube VM Manager did not find the VM 
> and threw an error.
> "Errno 2 No such file or directory"
> "
> fill_apps_list line no.:71
> ...appmenu_select.py"
> and some more.
> 
> 
> To get it running again one had to rename the directory 
> var/lib/qubes/vm-templates/ReactOS-Reference to the original name displayed 
> in Qubes VM Manager.
> 
> So the directory listing should be enhanced to parse more complicated 
> directory names, or renaming should be masked in order not to allow "illegal" 
> directory names.
> 
> Cheers,
> 
> Ludwig

too quick: rename did not help, as there are uuids which are double and some
xml based config files.
So make a new vm and copy over the images as editing xml with vim is a pain.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06301bb5-7bd9-4eab-b360-a45aa48f30fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] bug: qubes vm-manager qubes 3.2 current: Unable to rename VM to "ReactOS-Reference"

2017-11-02 Thread ludwig jaffe
bug: qubes vm-manager qubes 3.2 current: Unable to rename VM to 
"ReactOS-Reference"

Problem:
I installed reactos into a new standalone template vm and thought I could 
derive user vms as in linux based. But this did not work, maybe I dont know 
howto do.
So as a work-around I wanted to make a reference reactos and clone it for 
different tasks.
So renaming it to "ReactOS-Reference" failed!
The /var/lib/qubes/vm-templates/ReactOS-Reference folder
got renamed properly but the Qube VM Manager did not find the VM 
and threw an error.
"Errno 2 No such file or directory"
"
fill_apps_list line no.:71
...appmenu_select.py"
and some more.


To get it running again one had to rename the directory 
var/lib/qubes/vm-templates/ReactOS-Reference to the original name displayed in 
Qubes VM Manager.

So the directory listing should be enhanced to parse more complicated directory 
names, or renaming should be masked in order not to allow "illegal" directory 
names.

Cheers,

Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3d25028-5403-43cf-9001-3816b8e6f7ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] unikernel-firewall: anyone tried this / anyone who wants to help/ already hvm template to download?

2017-11-01 Thread ludwig jaffe
Hi I found an interesting approach of having a small unikernel firewall,
that does not eat up too much RAM, especially useful for a laptop and also
as there is a different ip-stack than in Linux one has an advantage against
common errors:
(if there is a flaw in the linux kernel it affects sys-net and sys-firewall,
if there is a flaw in uni-kernel-firewall it only affects the firewall and if
there is a flaw in the kernel then it affects sys-net and not sys-firewall!)

look here for the project:
http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ 
https://github.com/talex5/qubes-mirage-firewall.git


would be nice to have the mirage-os based firewall as an install option,
by downloading a signed template with a tested mirage-os based firewall.

Is there anyone who has experience with it?
I would like to try it and help developing it further. Who else wants?

Cheers,

Ludwig


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47b87496-5a00-4ec0-b699-a08ef956911b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] fixed problems with destorted sound with pulseaudio on qubes 3.2 -> change request for config file

2017-11-01 Thread ludwig jaffe
Hi I use qubes 3.2 and sometimes I listend to music using youtube on a 
user vm.
Now I had the following problems:
the sound was often distorted, sounded like overdriven pre amplifier,
but if one stops the sound source (youtube in browser, press pause) there was
a trailing 1 second of destorted sound. Like if there was a buffer that was not
served in time and wants to empty out.

So I looked around and found that there is a configuration to be changed:

take a terminal in dom0:

sudo su
(now I am root)
vi /etc/pulse/default.pa

find a section and modify like I did:
### Automatically load driver modules depending on the hardware available
.ifexists module-udev-detect.so
##modified 01.11.17
#load-module module-udev-detect
##against glitches 
load-module module-udev-detect tsched=0
##-end-modified 01.11.17


So add tsched=0, this disables PulseAudio's timer-based scheduling
 and uses the classic interrupt-driven approach
why? see: http://0pointer.de/blog/projects/pulse-glitch-free.html

now say :wq to your vi
then in your root shell of dom0 say
pkill pulseaudio and it restarts, now without distortion or glitches.

My audio hw is:
Creative Labs EMU20K1 (Soundblaster X-Fi Series)
Having a decent sound board one wants no lowfi destorted sound...

So have fun with better audio.
@qubes-os developer. Maybe, you should patch the file
/etc/pulse/default.pa for dom0 accordingly.

Cheers,

Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/872ee463-9812-4383-9f5a-6c96a953072f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Build a power efficent and silent desktopsystem for Qubes-OS

2017-08-16 Thread ludwig jaffe
Am Mittwoch, 16. August 2017 06:30:39 UTC-4 schrieb bored lord:
> Hello Guys,
> 
> i sitting here next to a Desktop PC which is almost as loud as a freaking 
> datacenter. Due to my old gaming habbits its not supposed to be silent, nor 
> energyefficent.
> 
> I am in love with qubes-os for my daily struggles and tasks ;-).
> 
> But, i'd appreciate to have a system which won't start up every fan possible 
> once i start another vm.
> 
> So i am looking forward to build a small, energyefficent and silent system, 
> which will run qubes-os ootb without any problems.
> 
> As i happen to be a dad now, busy splitting my time between family, projects 
> and work. I'd appreciate your guys help for building a micro/miniATX PC for 
> Qubes OS
> 
> Specs:
> 
> - +16GB RAM
> - +512GB SSD
> - if possible a small nvidia-card for cuda and some occasional gaming. (not 
> mandatory), 
> - Dual-Head-Graphics (uHD) is Mandatory
> - WIFI (Mandatory)
> 
> i'd love to build it by using a case comparable to the Thermaltake 
> CA-1D5-00S1WN-00 Black SPCC Micro ATX 
> (https://www.newegg.com/Product/Product.aspx?Item=9SIA2F84EA2140)
> 
> 
> Any ideas? i'd really appreciate your help.

MORE RAM!

16GB is not enough.
Have 32GB or more as there are many VMs to play with. All of them eat a lot of 
RAM.
Think about 4GB per VM if you use 64Bit OS. The 64Bit systems are more wasteful
with memory as most things are now 8-byte aligned, so any variable uses 8-byte 
even if it is shorter like char or uint32. Maybe there are some space-optimized 
libraries but for performance reasons, as 64bit machine works with bigger 
natural address spacing, the data in RAM will be aligned for the 64bit machine, 
eating almost double of it!
Or use 32bit VM Guests for some minor stuff.

Memory is like engine displacement it can only be substituted by more engine 
displacement or more memory, respectively

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4a6f1f9-5d26-44ec-8539-e4f092c5c49a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: *critical* xen hypervisor vulnarabilities, are there updates to dom0? There should be ...

2017-08-16 Thread ludwig jaffe
I am lame, as I did not look at the qubes-os home page
there it is:
https://www.qubes-os.org/news/2017/08/15/qsb-32/


On Wed, Aug 16, 2017 at 11:04 PM, ludwig jaffe <ludwig.ja...@gmail.com>
wrote:

> Hi,
>
> I found news about xen vulnarabilities and looked if I can update dom0,
> but there are no updates at the time. Maybe, it has already been fixed (I
> did not look at it in detail), but I guess there is no fix in the Qubes-OS
> distribution at the moment.
> Just to keep you alert!
>
> https://xenbits.xen.org/xsa/advisory-226.html
> https://xenbits.xen.org/xsa/advisory-227.html
> https://xenbits.xen.org/xsa/advisory-228.html
> https://xenbits.xen.org/xsa/advisory-229.html
> https://xenbits.xen.org/xsa/advisory-230.html
>
> Would be nice to read that these vulnarabilities have been patched in
> Qubes-OS.
>
> Be warned not to play with malware in VMs until these *severe* problems
> have been fixed.
>
>
> Cheers
>
>
> Ludwig
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7Jdr%2BTpwWpmLCHPFzM%2Bpj1Y8dZGRnmhWFX0OTU0Y2i_K5y%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] *critical* xen hypervisor vulnarabilities, are there updates to dom0? There should be ...

2017-08-16 Thread ludwig jaffe
Hi,

I found news about xen vulnarabilities and looked if I can update dom0, but
there are no updates at the time. Maybe, it has already been fixed (I did
not look at it in detail), but I guess there is no fix in the Qubes-OS
distribution at the moment.
Just to keep you alert!

https://xenbits.xen.org/xsa/advisory-226.html
https://xenbits.xen.org/xsa/advisory-227.html
https://xenbits.xen.org/xsa/advisory-228.html
https://xenbits.xen.org/xsa/advisory-229.html
https://xenbits.xen.org/xsa/advisory-230.html

Would be nice to read that these vulnarabilities have been patched in
Qubes-OS.

Be warned not to play with malware in VMs until these *severe* problems
have been fixed.


Cheers


Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrLsPboOTbfJs%2BoEmc%3DKjKaawVrqesw4rTo%3DKbjdvS0UFg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - Surface Pro 3 (i5-4300U 4Gb)

2017-04-08 Thread ludwig jaffe
Am Samstag, 19. November 2016 21:48:31 UTC-5 schrieb Johannes Zipperer:
> I tested Qubes 3.2 with the Fedora 24 template for about 5 hours intensely.
> 
> Installation: No problems during install. Bootable USB is only accepted 
> when the Secure Boot keys are removed (hit ESC or DEL during boot for 
> uefi). TPM Module seems not to be identified but I did put not much 
> effort into diagnosing the problem. 
> 
> Connect wifi: After some trouble of finding the network manager in the 
> sys-net qube I successfully connected. Oddly the reception bars are red 
> while there is no issue using the web.
> 
> Whonix: Following the installation wiki for whonix it worked out of the 
> box to connect to the TOR network verified by check.torproject.org. I 
> was able to watch a youtube clip with smooth playback and with working 
> sound. HighDPI scaling has to be configured manually. The performance 
> concerning web browsing is not much worse from firefox from the 
> fedora-24 template.
> 
> Windows: using in dom0 the command qvm-start Windows-10 
> --cd-rom=fedora-24:/home/user/Downloads/Windows.iso was not successful. 
> So I gave up for now on that.
> 
> Touchscreen and stylus: both work out of the box. Stylus connected not 
> very reliably, but drawing lines and writing after that is fine. 
> Onscreen keyboard is missing and I didn't get florence to type anything. 
> Annotating PDFs works fairly well in Okular. Volume rocker and power button 
> works out of the box
> 
> USB-Devices and microSD: Mounted a FAT formatted USB drive successfully. 
> Cherry DW5000 works out of the box but media keys and super key need 
> configuring. I have no original type or touch cover to test. exFAT 
> microSD didn't work. But the same microSD card worked in the built-in 
> reader when formatted in NTFS (tested transfering and opening a JPG). 
> Using a USB hub with SD cardreader worked out of the box.
> 
> High DPI scaling: works generally well for touch control. Firefox opens 
> first time after restart with too big UI elements and text. Icons in 
> some applications like in Gimp are not scaled and kind of small. The 
> dom0 and template applications are generally not scaled.
> 
> Audio and Video: sound output works out of the box, playing mp3 in vlc 
> as well, mp4 in vlc in software decoding mode very choppy. youtube 
> videos are more fluid but no fullscreen support. streaming youtube 
> videos in vlc didn't work. Recording audio from the microphone with 
> pulsecaster works out of the box.
> 
> installing software: I was able to install and use vlc, Okular, 
> LibreOffice, Inkscape (bad stylus support), Gimp (better stylus 
> support), Thunderbird, Darktable, I changed the language and keyboard 
> layout to german sucessfully. Since I installed, tested and configured 
> everything in the template I have to say something about the use inside 
> a qube. I didn't test the pulsecaster, florence, Okular successfully in 
> the "personal" qube.
> 
> suspend reboot and shutdown: shutdown works, but is slow. device shows 
> black screen after suspending and wakes up when a key is pressed, but I 
> don't know if it really gets into the lower C states inbetween. reboot 
> does not work.
> 
> File manager: starting the file manager needs a second click in 50% of 
> the cases when I wanted to start it. Copying files works.
> 
> Performance and battery life: I assume that it is all rendered in 
> software, so considering that, I think the performance is decent, maybe 
> as a 1,3 GHz quad core Android phone regarding application start and tabbed 
> browsing (sorry for the comparison =/). Battery life is lower 
> than under windows, I didn't find the brightness controls and the 
> brightness sensor did not work out of the box, so my battery life was 
> only around 3 hours.
> 
> Reverting back to windows: I successfully tested installing again Windows 10, 
> which was previously tied to this device on a certain Microsoft account 
> (important because of the license server, that works without keys). It was 
> installed by a USB stick previously formatted by the media creation tool. The 
> risk is not so high to try Qubes, although I recommend getting accustomed 
> before using it in production. I hope this helps others.   
> 
> Life is good, Jesus is better!
>  Johannes

Nice, but what do you do with only 4GB of RAM.
Qubes is a RAM eater, my old workstation got pimped with 40GB of RAM
and is now nice to use. 
I started with 8GB which it had in the beginning before installing Qubes
and decided to go for 4 bars of 8GB, as 8GB is not useable at all if one has 
more then 2 or three machines running at a time.
So a M$ surface is the wrong machine as the memory can not be extended, as
I guess. How to open that thing an plug more RAM?

Qubes is an evil memory eating paranoid system ;-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from 

[qubes-users] SSD and normal HDD as RAID1 (HW-Raid LSI)

2017-03-19 Thread ludwig jaffe
Hi,

I think about improving speed of my box.
I have SAS-Disks of 698GB as RAID1 on my LSI
SAS-RAID-Controller.
So what about replacing one of the Disks with an
SSD by SAMSUNG e.g. 850 series?

So if the SSD drops some electrons the HDD will keep 
up with data and the SSD will be quicker then the HDD
while reading.

Will this work?

Are there any people who tried such a raid1?

Cheers,


Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/beaf5c4e-286b-4a6f-af59-8404b2e0ab49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - DELL Precision Workstation T7400

2017-03-18 Thread ludwig jaffe
TPM is "present"
but hw report does not put this into file.



On Sat, Mar 18, 2017 at 5:37 PM, ludwig jaffe <ludwig.ja...@gmail.com>
wrote:

> So having Bios A11 and the most recent Qubes-OS3.2 the problem at
> https://groups.google.com/d/msg/qubes-users/gjsM2FShN3A/t8XF6MSRAQAJ
> is resolved.
>
> My box runs fine with 2 xeons E5440@2.83 GHz and 40GB RAM  (max 64GB)
> possible
> without riser boards
>
> I use only 1 of two possible monitors at the moment.
>
> To fight against noise of a turbo jet starting install i8k
> and have the following in
> /etc/rc.local
>
> i8kfan speed 1 1
>
> this sets the speed of cpu and chassis fan to lower speed.
>
> Also one can disable the big fan that sits on the RAM modules. By
> unplugging.
> The box will scream at boot-up about "compromised" thermal solution,
> but one can press F1 and boot.
> The RAM has its own heat sink and the other fans will blow enough I guess.
>
> So at least my box did not die of over temperaure.
>
> Have fun.
>
>
>
>
> On Sat, Mar 18, 2017 at 4:56 PM, ludwig jaffe <ludwig.ja...@gmail.com>
> wrote:
>
>> here the edited version, forget to fill fixme.
>>
>>
>>
>> On Sat, Mar 18, 2017 at 4:50 PM, ludwig jaffe <ludwig.ja...@gmail.com>
>> wrote:
>>
>>> BIOS A11  04/30/2012  (newest version)
>>>
>>> BIOS A02 had problems with IOMMU
>>>
>>> ---
>>> So update that beast to A11 using T7400A11.exe
>>> and an usb stick booting freedos without drivers.
>>>
>>> Have fun!
>>>
>>>
>>> Ludwig
>>>
>>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrKX3QR%3DX2BisAWRK9WJ1PgA1nyVdvrLzbTm1v%2Bg8Y1pmw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - DELL Precision Workstation T7400

2017-03-18 Thread ludwig jaffe
So having Bios A11 and the most recent Qubes-OS3.2 the problem at
https://groups.google.com/d/msg/qubes-users/gjsM2FShN3A/t8XF6MSRAQAJ
is resolved.

My box runs fine with 2 xeons E5440@2.83 GHz and 40GB RAM  (max 64GB)
possible
without riser boards

I use only 1 of two possible monitors at the moment.

To fight against noise of a turbo jet starting install i8k
and have the following in
/etc/rc.local

i8kfan speed 1 1

this sets the speed of cpu and chassis fan to lower speed.

Also one can disable the big fan that sits on the RAM modules. By
unplugging.
The box will scream at boot-up about "compromised" thermal solution,
but one can press F1 and boot.
The RAM has its own heat sink and the other fans will blow enough I guess.

So at least my box did not die of over temperaure.

Have fun.




On Sat, Mar 18, 2017 at 4:56 PM, ludwig jaffe <ludwig.ja...@gmail.com>
wrote:

> here the edited version, forget to fill fixme.
>
>
>
> On Sat, Mar 18, 2017 at 4:50 PM, ludwig jaffe <ludwig.ja...@gmail.com>
> wrote:
>
>> BIOS A11  04/30/2012  (newest version)
>>
>> BIOS A02 had problems with IOMMU
>>
>> ---
>> So update that beast to A11 using T7400A11.exe
>> and an usb stick booting freedos without drivers.
>>
>> Have fun!
>>
>>
>> Ludwig
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrJn8CS4ap-zUCcaMQSLw3PEETkmJ9z6jf%3D%2Bj32JCqLwXg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - DELL Precision Workstation T7400

2017-03-18 Thread ludwig jaffe
here the edited version, forget to fill fixme.



On Sat, Mar 18, 2017 at 4:50 PM, ludwig jaffe <ludwig.ja...@gmail.com>
wrote:

> BIOS A11  04/30/2012  (newest version)
>
> BIOS A02 had problems with IOMMU
>
> ---
> So update that beast to A11 using T7400A11.exe
> and an usb stick booting freedos without drivers.
>
> Have fun!
>
>
> Ludwig
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrKCG00kkAqf%2BwqEG%3Dc3uufFFKrw5q%2BXOsywMrsmMr9xXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7400__-20170318-164205_edit.yml
Description: application/yaml


[qubes-users] HCL - DELL Precision Workstation T7400

2017-03-18 Thread ludwig jaffe
BIOS A11  04/30/2012  (newest version)

BIOS A02 had problems with IOMMU

---
So update that beast to A11 using T7400A11.exe
and an usb stick booting freedos without drivers.

Have fun!


Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7Jdr%2BTe1BoByGjZ5ZmX5odHrCPjQKikHNDKPn1G2_zpA1fng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7400__-20170318-161105.yml
Description: application/yaml


Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7400__-20170318-161105.yml
Description: application/yaml


Re: [qubes-users] HCL - CF-31 Mk1

2016-11-28 Thread ludwig jaffe
On Monday, November 28, 2016 at 4:20:42 PM UTC+1, 
599w67+3ew...@guerrillamail.com wrote:
> > VT-d- Chipset has this capability according to intel 
> > (http://ark.intel.com/products/43544/Intel-Core-i5-540M-Processor-3M-Cache-2_53-GHz).
> >  Examination of BIOS shows no chipset option; assumption- motherboard does 
> > not support.
> 
> Should be capable... Motherboard should have QM57 chip set and page 99 of the 
> reference manual lists VT-d in the CPU configuration submenu.
> 
> 
> 
> 
> 
> 
> Sent using Guerrillamail.com
> Block or report abuse: 
> https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D

Hi I run qubes 3.1 on cf19adn
i5-2520M cpu , 2nd gen core proc family northbridge

So it should work with your heavy cf31 also ...

Cheers

Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf672ae8-13da-4a36-87f3-147daae37cb2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: qubes 3.2 windows 10 as "template vm" does not boot anymore. How to do forensics on the image

2016-11-28 Thread ludwig jaffe
On Monday, November 28, 2016 at 9:48:10 PM UTC+1, ludwig jaffe wrote:
> Hi, I run qubes 3.2 on a dell desktop (core4duo gen xeon),
> and it was happpy with running windows10 as a guest without any
> special windows-tools for qubes.
> Then one day, I did not change anything besides updating qubes 3.2 when
> there were updates, the windows10 guest does not start anymore.
> 
> As there are production data on the windows10 I want to know how to do
> forensics here and recover the data.
> There are no mountable file images. What to do?
> I installed win10 as a "template vm" as I was not sure what to take, 
> but then ended up using 3 "templates" seperately. I do not think that
> templates in windows10 are made like linux templates that share somehow a
> file system.
> 
> Any ideas?
> -boot?
> -forensics (at least)?
> 
> Cheers Ludwig

core2quad gen xeon. :-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea334335-b910-44c4-86d7-ff0cff28b0d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 3.2 windows 10 as "template vm" does not boot anymore. How to do forensics on the image

2016-11-28 Thread ludwig jaffe
Hi, I run qubes 3.2 on a dell desktop (core4duo gen xeon),
and it was happpy with running windows10 as a guest without any
special windows-tools for qubes.
Then one day, I did not change anything besides updating qubes 3.2 when
there were updates, the windows10 guest does not start anymore.

As there are production data on the windows10 I want to know how to do
forensics here and recover the data.
There are no mountable file images. What to do?
I installed win10 as a "template vm" as I was not sure what to take, 
but then ended up using 3 "templates" seperately. I do not think that
templates in windows10 are made like linux templates that share somehow a
file system.

Any ideas?
-boot?
-forensics (at least)?

Cheers Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fc672eb-0e66-4495-a7af-577deb14e6bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to destroy files without leaving any traces ?

2016-10-27 Thread ludwig jaffe
dd if=/dev/urandom  of=/home/noob/myporn.jpg

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e0c5e02-9875-46dd-a23c-4fe61ef6ba7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - DELL PRECISION T7400

2016-10-27 Thread ludwig jaffe
updated hcl file.


On Thu, Oct 27, 2016 at 11:23 AM, ludwig jaffe <ludwig.ja...@gmail.com>
wrote:

> One mistake:
>
> the command is i8kfan speed 1 1
>
> Also I did not check if VT-d enabled works now with the current version
> (including current updates) of qubes 3.2, as I was lazy.
> I will check later and read the bios first with a flash programmer just to
> be sure not to destroy anything. But the machine boots,
> why updating the bios. I will do it later...
>
>
>
> Have fun.
>
>
>
> On Thu, Oct 27, 2016 at 11:18 AM, ludwig jaffe <ludwig.ja...@gmail.com>
> wrote:
>
>> Hi, I am running Qubes 3.2 on my Dell-Monster.
>> 2 flaws:
>> 1st: if I enable VT-d the machine crashes while or after booting the
>> xen-kernel
>> (I experienced it with the older kernel the one prior 4.4.14-11!) I also
>> run old BIOS A2 instead of A11 as I fear upgrade, as
>> it could brick the machine if this gets wrong.
>> 2nd: the fans are sometimes *really* noisy,
>> like a starting concorde, but the processer is quite cool.
>> So one needs to run
>> ik2fan speed 1 1 to get it quite silent. One small fan still
>> is to loud. I need to find it. I guess it is the nvidia graphics
>>  fan.
>>
>> Important: It should be possible to install additional software
>> to dom0 with more comfort!
>> Doing yumdownload (some package) and then copy it using the
>> command line tools as they are nice but ugly to use w/o cut and
>> paste to dom0 :-(
>>
>> Maybe, you should include these packages to the dom0 repository
>> as there are also noisy dell laptops around...
>>
>> What I did to get the fans more silent is to make sure to have lm_sensors
>> (was provided in dom0 repository, thanks, installed by default?)
>>
>> Then I did the more unpleasent stuff:
>> yumdownlod of the packages in personal vm, of course...
>>
>> on dom0:
>>
>> qvm-run --pass-io personal 'cat 
>> /home/user/dell/i8kutils-1.33.-8.fc22.x86_64.rpm'
>> > /home//i8kutils-1.33.-8.fc22.x86_64.rpm
>> qvm-run --pass-io personal 'cat /home/user/dell/tk-8.6.4-2.fc23.x86_64'
>> > /home//tk-8.6.4-2.fc23.x86_64
>> qvm-run --pass-io personal 'cat /home/user/dell/tk-8.6.4-2.fc23.x86_64.rpm'
>> > /home//tk-8.6.4-2.fc23.x86_64.rpm
>> qvm-run --pass-io personal 'cat /home/user/dell/tcl-8.6.4-1.fc23.x86_64.rpm'
>> > /home//tcl-8.6.4-1.fc23.x86_64.rpm
>> qvm-run --pass-io personal 'cat 
>> /home/user/dell/i8kutils-1.33.-8.fc22.x86_64.rpm'
>> > /home//i8kutils-1.33.-8.fc22.x86_64.rpm
>> qvm-run --pass-io personal 'cat 
>> /home/user/dell/i8kutils-1.33-8.fc22.x86_64.rpm'
>> > /home//i8kutils-1.33-8.fc22.x86_64.rpm
>> qvm-run --pass-io personal 'cat 
>> /home/user/dell/gkrellm-2.3.7-2.fc23.x86_64.rpm'
>> > /home//gkrellm-2.3.7-2.fc23.x86_64.rpm
>> qvm-run --pass-io personal 'cat 
>> /home/user/dell/libntlm-1.4-4.fc23.x86_64.rpm'
>> > /home//libntlm-1.4-4.fc23.x86_64.rpm
>>
>> sudo dnf install tk-8.6.4-2.fc23.x86_64.rpm
>> sudo dnf install tcl-8.6.4-1.fc23.x86_64.rpm
>> sudo dnf install libntlm-1.4-4.fc23.x86_64.rpm
>> sudo dnf install gkrellm-2.3.7-2.fc23.x86_64.rpm
>> sudo dnf install i8kutils-1.33-8.fc22.x86_64.rpm
>>
>> all w/o cut and paste :-(
>>
>> But now there is silence:
>>
>> ik8fan
>> 1 1
>>
>> As it was loud it said:
>> ik8fan
>> 3 3
>>
>> to get it silent type
>> ik8fan 1 1
>>
>> ik8fan 2 2 is a acceptable loud.
>>
>>
>> check the temperature with sensors. And also open the case
>> to feel the two cooler blocks, to check if the computer lies to you.
>>
>>
>> So thats all, for now, thanks for qubes, it is cool on such
>> an old machine as the machine is cheap and ddr2 ecc memory
>> is quite cheap.
>> This box can theoretically pimped upto 128GB.
>> 2 CPUs with 4 cores each and 40GB are enough for the moment.
>>
>>
>> Have fun
>>
>> Ludwig
>>
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrJFo2c%3DRiS%3DD7fRP5HhaNoXrLS4xN8rfEP83jyqHyorgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7400__-20161027-104558.yml
Description: application/yaml


[qubes-users] HCL - DELL PRECISION T7400

2016-10-27 Thread ludwig jaffe
Hi, I am running Qubes 3.2 on my Dell-Monster.
2 flaws:
1st: if I enable VT-d the machine crashes while or after booting the
xen-kernel
(I experienced it with the older kernel the one prior 4.4.14-11!) I also
run old BIOS A2 instead of A11 as I fear upgrade, as
it could brick the machine if this gets wrong.
2nd: the fans are sometimes *really* noisy,
like a starting concorde, but the processer is quite cool.
So one needs to run
ik2fan speed 1 1 to get it quite silent. One small fan still
is to loud. I need to find it. I guess it is the nvidia graphics
 fan.

Important: It should be possible to install additional software
to dom0 with more comfort!
Doing yumdownload (some package) and then copy it using the
command line tools as they are nice but ugly to use w/o cut and
paste to dom0 :-(

Maybe, you should include these packages to the dom0 repository
as there are also noisy dell laptops around...

What I did to get the fans more silent is to make sure to have lm_sensors
(was provided in dom0 repository, thanks, installed by default?)

Then I did the more unpleasent stuff:
yumdownlod of the packages in personal vm, of course...

on dom0:

qvm-run --pass-io personal 'cat
/home/user/dell/i8kutils-1.33.-8.fc22.x86_64.rpm' >
/home//i8kutils-1.33.-8.fc22.x86_64.rpm
qvm-run --pass-io personal 'cat /home/user/dell/tk-8.6.4-2.fc23.x86_64' >
/home//tk-8.6.4-2.fc23.x86_64
qvm-run --pass-io personal 'cat /home/user/dell/tk-8.6.4-2.fc23.x86_64.rpm'
> /home//tk-8.6.4-2.fc23.x86_64.rpm
qvm-run --pass-io personal 'cat
/home/user/dell/tcl-8.6.4-1.fc23.x86_64.rpm' >
/home//tcl-8.6.4-1.fc23.x86_64.rpm
qvm-run --pass-io personal 'cat
/home/user/dell/i8kutils-1.33.-8.fc22.x86_64.rpm' >
/home//i8kutils-1.33.-8.fc22.x86_64.rpm
qvm-run --pass-io personal 'cat
/home/user/dell/i8kutils-1.33-8.fc22.x86_64.rpm' >
/home//i8kutils-1.33-8.fc22.x86_64.rpm
qvm-run --pass-io personal 'cat
/home/user/dell/gkrellm-2.3.7-2.fc23.x86_64.rpm' >
/home//gkrellm-2.3.7-2.fc23.x86_64.rpm
qvm-run --pass-io personal 'cat
/home/user/dell/libntlm-1.4-4.fc23.x86_64.rpm' >
/home//libntlm-1.4-4.fc23.x86_64.rpm

sudo dnf install tk-8.6.4-2.fc23.x86_64.rpm
sudo dnf install tcl-8.6.4-1.fc23.x86_64.rpm
sudo dnf install libntlm-1.4-4.fc23.x86_64.rpm
sudo dnf install gkrellm-2.3.7-2.fc23.x86_64.rpm
sudo dnf install i8kutils-1.33-8.fc22.x86_64.rpm

all w/o cut and paste :-(

But now there is silence:

ik8fan
1 1

As it was loud it said:
ik8fan
3 3

to get it silent type
ik8fan 1 1

ik8fan 2 2 is a acceptable loud.


check the temperature with sensors. And also open the case
to feel the two cooler blocks, to check if the computer lies to you.


So thats all, for now, thanks for qubes, it is cool on such
an old machine as the machine is cheap and ddr2 ecc memory
is quite cheap.
This box can theoretically pimped upto 128GB.
2 CPUs with 4 cores each and 40GB are enough for the moment.


Have fun

Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7Jdr%2BU03YL44vBSEkm3fsG3-p_iOUcsGNj8DM7G%3DeMyn-ZVQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Precision_WorkStation_T7400__-20161027-104558.yml
Description: application/yaml


[qubes-users] DELL T7400 Suspend to RAM: Machine did not awake

2016-09-18 Thread ludwig jaffe
Hi,

I tried to klick the suspend to RAM function in order to save energy,
and store the session, so I clicked top right "Suspend" and the machine 
suspended, the powerbutton blinked,
but the machine did not awake after pressing the power button. It had to be 
killed by pressing long.

Has anybody used suspend to ram sucessfully on Qubes 3.2-rc3?

Cheers,  Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a02e5f1-f893-43b5-9f98-9c5de46a2f31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to attach Ethernet to a VM other than sys-net..?

2016-09-18 Thread ludwig jaffe
On Saturday, September 17, 2016 at 11:10:02 PM UTC-4, neilh...@gmail.com wrote:
> If I type "ifconfig" in "sys-net", it's clear that Ethernet is attached to 
> the "sys-net" VM.
> 
> I would like to attach the Ethernet to the Whonix VM, so that I can use it as 
> a Tor router to route the Tor connection into a 2nd laptop.
> 
> How do you attach Ethernet to a particular VM..? Does anyone know..?
> 
> Thanks

Hi, thats a good Idea, to do this.
Also I have another approach, what do you think to add the tor routing to a 
router like openwrt, so one does not waste too much energy (E.G. XEON CPU and 
16GB RAM) for implementing this network infrastructure.
It would be great to move the networking approach of qubes-os out to a 
*networking-subssystem*
Such a subsystem could be a cheap atom based computer with a bunch of 
gbit-interfaces (or if space is a problem /old laptop/ just one that produces 
vlan-tags for a vlan switch).

So my idea would be a cubes-net-box that has some interfaces for external 
connections and that serves 1gbit line with different vlan numbers to one or 
more qubes-os boxes of a group. So this line can also go to a stupid layer2 
switch (no vlan) and be distributed to all qubes-os computers.
This tagged lan contains the different internal networks of a qubes-os computer 
today.
So the personal vms or work vms could share a common network! So people in an 
organization can work together with qubes.
Private lines could still exist in the machine if needed for special anonymity.
For the other cases the qubes-net in the computers could just "subscribe" to 
the vlan-tags of the qubes-net, in order to get the personal-vm-net, torified 
net-whonix (one trusts his organization here to share a torified net). If one 
dioes not trust she just does not subscribe to the vlan of the torified net.


I would like it to have easier access to the net behind the internal nat. 
(printing, scanning via ethernet e.g.)
  
What do you think?
Is it a good idea?

Ludwig

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc5565d6-aa27-46d1-8186-5e6cf5e45c7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes Windows 10?

2016-09-18 Thread ludwig jaffe
On Saturday, September 17, 2016 at 3:55:58 AM UTC-4, Pawel Debski wrote:
> Folks,
> 
> I have Qubes 3.2 up, updated &
> running like a charm. Now the Microsoft challenge. The doc @
> https://www.qubes-os.org/doc/windows-appvms/ instructs to use
> Windows 7. Do you suggest to stick with version 7 or go ahead to
> 10 / 8?
> 
>   
> 
> -- 
> 
>   
> 
> Z powazaniem / Best Regards
> 
> Mit freundlichen Gruessen / Meilleures salutations
> 
> Pawel Debski

Hi I run windows10 w/o windows tools and I replace cut and paste with an editor 
to generate a file and then I ssh to the other machines.
Also files I can tar.gz and ssh.

Here it is good to install cygwin on the windows10, and 
also you want to install classic shell and remove cortana, the spy.
I did this and it works

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e904bc1-563b-4236-9e78-993e397d3805%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: screen blocks screen, destroys screen update

2016-09-18 Thread ludwig jaffe
On Sunday, September 18, 2016 at 10:28:08 AM UTC-4, ludwig jaffe wrote:
> Hi, I use Qubes 3.2-RC3 and have 6 virtual desktops, running a windows10 vm 
> and some linux fedora-23 and debian 8 vms.
> 
> So when I go away from the computer the screen locks, and I type my 
> user password. But somehow the other screens did not get the news, and 
> when I switch the desktop and back after some time, I see the unlock screen,
> which is not respoonsive and the applications below on the desktop are
> visible as it would be with a bad screen update.
> If one moves the mouse on the screen, the sections where the mouse was
> become visible and usable.
> So screenlock/xscreen saver (looks like xlock of good old times :-) does
> not lock and provide problems with usability.
> 
> Are there others who experience the same problems?
> 
> 
> Machine Dell T7400, 12GB DDR2 ECC, 4 core xeon.

I found a work around to use the machine if the problem arises:
Move the mouse at the top of the screen and grap the small icons of the 
applications in the desktop switcher and move them (the windows) to a different 
desktop. 
After moving the screen update problem diappeared on *all* desktops.
Strange.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bc3af63-2e42-4e2e-bd38-81083fcb1d0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] screen blocks screen, destroys screen update

2016-09-18 Thread ludwig jaffe
Hi, I use Qubes 3.2-RC3 and have 6 virtual desktops, running a windows10 vm and 
some linux fedora-23 and debian 8 vms.

So when I go away from the computer the screen locks, and I type my 
user password. But somehow the other screens did not get the news, and 
when I switch the desktop and back after some time, I see the unlock screen,
which is not respoonsive and the applications below on the desktop are
visible as it would be with a bad screen update.
If one moves the mouse on the screen, the sections where the mouse was
become visible and usable.
So screenlock/xscreen saver (looks like xlock of good old times :-) does
not lock and provide problems with usability.

Are there others who experience the same problems?


Machine Dell T7400, 12GB DDR2 ECC, 4 core xeon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30a67471-6bf3-464d-9763-282cf53e6527%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Using virt-viewer for remote systems

2016-09-14 Thread ludwig jaffe
On Monday, September 12, 2016 at 2:06:19 PM UTC+2, Konstantin Ryabitsev wrote:
> Greetings:
> 
> I need to be able to use virt-viewer to access remote systems (e.g. 
> virt-viewer --connect qemu+ssh://some.host/system vm-name), and it would 
> appear that it's impossible to install due to conflicts:
> 
> # dnf install virt-viewer
> Error: package virt-viewer-2.0-2.fc23.x86_64 requires libvirt.so.0()(64bit), 
> but none of the providers can be installed
> (try to add '--allowerasing' to command line to replace conflicting packages)
> 
> If I do add --allowerasing it will want to remove qubes-gui-vm and 
> xen-qubes-vm, which seems like it would do bad things.
> 
> Any suggestions how I could get virt-viewer installed without clobbering 
> other stuff?
> 
> -K
>From a user point of view:
Just send the red framed applications to another remote user to display them 
there, after the user authenticated to the machine and his role allow him to 
see red framed applications of the red VM only.

This would be cool for colaboration.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c5efcb0-b419-41ee-bdd3-95d4adf5d678%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: 4.0 ETA?

2016-09-14 Thread ludwig jaffe
Am Montag, 12. September 2016 19:09:31 UTC+2 schrieb Jan Betlach:
> I am about to reinstall my Qubes. Does it make sense to wait for 4.0 release 
> (obviously depends on its ETA) or should I install current 3.2 and upgrade to 
> 4.0 later. The question is how difficult it is to upgrade if possible at all.


Is it possible to down-patch the 4.0 to use older CPUs?
So I guess only the version of XEN used, is the critical component that locks 
out the older CPUs.
Right?
I would like to suggest to make a fork to support older CPUs. So one can build 
an old-version 4.0. What would be needed to do so?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4912a6f-bce1-4c15-bda9-1379ff52fe91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS 3.2 rc3: can not boot with VT-d enabled on DELL T7400 (XEON E5440, Intel 5400 chipset)

2016-09-14 Thread ludwig jaffe
Am Dienstag, 13. September 2016 09:57:53 UTC+2 schrieb ludwig jaffe:
> Qubes OS 3.2 rc3: can not boot with VT-d enabled on DELL T7400 (XEON E5440, 
> Intel 5400 chipset)
> 
> Hi all, I can NOT boot on my machine, Dell T7400 (XEON E5440, Intel 5400 
> chipset, LSI HW-RAID1 "DELL SAS6" and 4GB RAM - will become more) with VT-d 
> enabled. 
> When I disable VT-d in bios, the machine boots and can run several VMs.
> 
> VT-d is needed to assign certain pci-devices to VMs (e.g. scsi-controller to 
> vm with some proprietary scanner application running windows).
> 
> How does it behave?
> 
> The grub screen is loaded, and one can select the options, here I edit to 
> remove quiet as I want to see.
> 
> So grub loads, XEN, vmlinuz, initrd.img,
> and then it crashes on the spot, causing the machine to reboot.
> 
> No debug output can be seen.
> 
> Any Ideas?
> 
> 
> Thanks,
> 
> 
> Ludwig

Hi, I tried to change this in grub while booting:
press esc and edit the line  with the kernel parameters and I removed "quiet"
and added "console=com1 com1=115200,8n1
loglvl=all"
Also I tried with com2 as my fat DELL T7400 has 2 real serial interfaces.
I used a 0 modem cable and minicom with a linux laptop that also has a real 
serial interface.
But maybe, I made a mistake (wrong /dev/tty or cable problem) and I will check 
again and redo it.
But the console output was still written to the screen (I guess it is the 
output of grub while it boots). After grub finishes loading XEN, KERNEL, 
initrd.img, the machine crashes on the spot with VT-d enabled, and reboots.
So I guess the initial code that gets executed after grub, which should be the 
xen, causes the machine to crash.
Any Ideas? 
Is there a debug-version of xen that qubes-os uses. 
The parameters in grub where I remove this stupid "quiet" are just for the 
kernel, that gets executed later, after xen!
I do not see any screen output, even no flicker with text. 
Just after grub finishes a blank black screen and then the machine reboots.
So xen should at least write some hello world stuff to the screen.

Quite strange. How to debug xen?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7723282e-b530-44ef-90b4-8d34ada72176%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Can DMA attacks work against Ethernet... or just WiFi/wireless...?

2016-09-13 Thread ludwig jaffe
Am Montag, 12. September 2016 01:29:14 UTC+2 schrieb neilh...@gmail.com:
> Qubes uses VT-D to protect against DMA attacks on things such as WiFi chip.
> 
> But are there any proven DMA attacks against wired networking, i.e. 
> Ethernet..?
> 
> Hackers can exploit a buffer overflow on the network card's firmware, and use 
> that to take control of the network card, and issue a DMA attack to take 
> control of the entire host computer.
> 
> I previously posted a thread about this on qubes-users ("Question on DMA 
> attacks")
> ... and Marek mentioned WiFi when speaking of DMA attacks.
> 
> Is Ethernet also vulnerable...? Or just WiFi..?
> 
> I say this because I wanted to build a Tor router that sits between Qubes and 
> my main router... so that even if Qubes gets hacked, they can only see what 
> I'm doing, and not WHO I am. The theory being, that there are no exploits for 
> Tor itself, and only for the Firefox browser. Thus, the IP address is always 
> obscured behind the Tor router.
> 
> So my router box is going to have Ethernet only, because if my Qubes is 
> hacked, then it could just use WiFi to scan for nearby routers, including my 
> own WiFi router, and thus identify me.
> 
> So, wired networking is a must.
> 
> And thus, I wanted to know if Ethernet is vulnerable to DMA attacks, because 
> if it is, then I would have to use Qubes for the Tor box in the middle.. or 
> at least, use some OS that supports VT-D, even if it's not Qubes.
> 
> Qubes has high system requirements, thus I'd prefer to have a cheap computer 
> as the Tor router in the middle.. But if there truly are exploits against 
> Ethernet, then I'll just have to use Qubes.

VT-d can do memory insulation, and should assign a memory range (pci-address 
space of a pci device) exclusively to one VM, so the attacker of that hw can do 
DMA into that VM, if done properly.
But there is that evil ME in the Northbridge. How does the ME-processor behave 
regarding VT-d? Can it be assigned exclusively to a honey-pot-vm that runs 
windows2000?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6197ee2d-d60c-4d33-b26f-618ab23e5eac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.