[qubes-users] Re: Qubes better dove tailed for Journalists, and Human Rights Workers.

2020-05-09 Thread pixel fairy
You should look up Micah Lee. He's a journalist and programmer with a 
strong interest in privacy. Here is his yt 
https://www.youtube.com/channel/UCOslhuBKMmHrk_iHc0rgYuw

On Friday, May 8, 2020 at 4:12:57 PM UTC-7, Catacombs wrote:
>
> To be clear, the folks who have put together and developed QUBE's have 
> done a fantastic job.  A great accomplishment.   
>
> I bet this has been discussed before.   Much of what I have experienced is 
> that QUBE's users should be more like techy geeky people.  A Journalist or 
> a Human Rights investigator, I think are more comfortable with ease of use, 
> not secure.  
>
> So, I bet this has been talked about before.  As I was doing the upgrade 
> to Fedora 31, I realized a Journalist is not likely to be very happy doing 
> that.  After that, I had to search to find a Text Editor, (Gedit is what I 
> used)  A Journalist would expect that the things he/she does all the time 
> would be right there, ready for use.   I would think a Journalist would 
> have 12 different ongoing projects, which he might realize should be in 
> separate QUBE's, and might not have the presence of memory to realize what 
> to save, where, something an investigator would need to do often.   I would 
> think the investigator might not realize to create a number of encrypted 
> partitions, to further protect information distinct to a particular, 
> specific investigation.
>
> Then I tried to watch a Video.   Gee guys, a Journalist just expects this 
> stuff to work.  I , on the other hand, am concerned our mythical 
> investigator not realizing the possible security implications of opening 
> what kind of app, when.
>
> It is not my intention to provide a list of things to put in the basic OS 
> for an Investigator who is not what I would term, a techno geek, nor who 
> does not want to be.  It is to find out what has been discussed in the past 
> about this subject, and for some of you, who are more experienced with 
> QUBE's, and investigators, to put that list together, and perhaps build 
> that list into the basic Install of QUBE's.   
>
> Once again, I deeply respect what the QUBE's developers have 
> accomplished.  So this is not intended as a criticism of the folks who have 
> put in thousands of hours getting this project to this point.  Thank you 
> for what you have done.  
>
> Tech people do not think like Journalists of Human Rights Workers, nor 
> vice versa.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6df85b9e-1e7d-487b-beec-18aedb4ccd4c%40googlegroups.com.


Re: [EXT] [qubes-users] checking allocated disk space

2020-02-26 Thread pixel fairy


On Tuesday, February 18, 2020 at 11:52:46 PM UTC-8, Ulrich Windl wrote:
>
> >>> pixel fairy > schrieb am 18.02.2020 
> um 06:04 in Nachricht 
> <13889_1582002262_5E4B7056_13889_59_1_2104823c-c9c1-4fc9-aa9c-090863f09825@googl
>  
>
> groups.com>: 
> > trying to see how much space is allocated, not actually used in all the 
> > qubes. is there an easy command for this? something like qvm-volume info 
> > but for all the qubes? 
>
> What about "PFree" in output of "pvs"? 
>
>
not what i was looking for either. cant just add up all of lvs because of 
different kinds of ephemeral volumes. heres a script to just add up all the 
-root (for template) and -private volumes. 

#!/usr/bin/env python3

import subprocess

# older python doesnt have capture_output in subprocess.run
output = subprocess.check_output(['sudo','lvs'], universal_newlines=True)
lines = output.split('\n')

allocated = 0.0

for line in lines:
l = line.split()

# headers and the empty line at the end
if len(l) < 3:
continue

name = l[0]
size = l[3]

# we only care about vm- volumes
if name[:2] != "vm":
continue

# we only care about persistent volumes, -root and -private
if name[-5:] != "-root" and name[-8:] != "-private":
continue

# lop of the g at the end. check for G in case lvs output changes
if size[-1] != 'g' and size[-1] != 'G':
print(name,size,"size is not in gigs. rewrite script")
exit(1)

size = float(size[:-1])
allocated += size

print("{:7.2f} {}".format(size,name))

print("{:7.2f} total".format(allocated))





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0d6ae2c-388a-43e9-ab4d-8763c81a3ece%40googlegroups.com.


[qubes-users] checking allocated disk space

2020-02-17 Thread pixel fairy
trying to see how much space is allocated, not actually used in all the 
qubes. is there an easy command for this? something like qvm-volume info 
but for all the qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2104823c-c9c1-4fc9-aa9c-090863f09825%40googlegroups.com.


[qubes-users] Re: feature request

2020-01-25 Thread pixel fairy


On Saturday, January 25, 2020 at 9:56:17 AM UTC-8, pixel fairy wrote:
>
> On Saturday, January 25, 2020 at 3:15:36 AM UTC-8, haaber wrote:
>>
>> Hello, I have several virtual screens; I guess many user have. Is it 
>> possible to reserve one of them exclusively for dom0 and templateVM 
>> terminals -sort of a separated "admin screen"-  to avoid other 
>> appVM-windows popping up and being able to capture input from keyboard? 
>>Bernhard 
>>
>
> Simpler solution.  Q menu / system tools / settings manager / window 
> manager
> uncheck "New window focus"
>

KDE probably has something like this too. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22253799-734e-445c-9dbe-9091c2627604%40googlegroups.com.


[qubes-users] Re: feature request

2020-01-25 Thread pixel fairy
On Saturday, January 25, 2020 at 3:15:36 AM UTC-8, haaber wrote:
>
> Hello, I have several virtual screens; I guess many user have. Is it 
> possible to reserve one of them exclusively for dom0 and templateVM 
> terminals -sort of a separated "admin screen"-  to avoid other 
> appVM-windows popping up and being able to capture input from keyboard? 
>Bernhard 
>

Simpler solution.  Q menu / system tools / settings manager / window manager
uncheck "New window focus"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6382fb15-0a0b-4f8e-ab8b-14c1bc7f4227%40googlegroups.com.


[qubes-users] Re: How does Microsoft Office in a Windows VM work ?

2020-01-24 Thread pixel fairy
worked fine as of a couple years ago using this method.

https://groups.google.com/forum/#!msg/qubes-users/dB_OU87dJWA/X2WWa1y-BQAJ

havent tried since.

On Friday, January 24, 2020 at 7:14:27 AM UTC-8, M wrote:
>
> Now that it seems that several got Windows 10 running in a VM in Qubes OS, 
> I wonder what the experiences are with running Microsoft Office in that 
> Windows 10 VM ? 
>
> Does it runs nicely without any problems, almost, a little bit unstable, 
> quite unstable or is it completely terrible ? 
>
> Is there any functions that doesn’t work and if so which ? 
>
> I should probably admit that I’m totally new to Linux. I have only Windows 
> and Mac experience to compare with - where I’m also used to get errors when 
> working with WordMat.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5af6c4b-90f1-4390-b74f-15a24cab4d92%40googlegroups.com.


Re: [qubes-users] Re: has google- chrome slowed down for anyone else?

2019-12-16 Thread pixel fairy
On Mon, Dec 16, 2019 at 10:44 AM pixel fairy  wrote:

>
>
> On Saturday, December 14, 2019 at 4:05:12 AM UTC-8, Daniil Travnikov wrote:
>>
>> Actually the same problem I have in Brave Browser which use chromium.
>>
>> Try this:
>> 1. Open chrome://flags
>> 2. Change 'Override software rendering list' on 'Enabled'.
>>
>
> Thanks. seemed slightly better, but the problems still there. glad theres
> other browsers
>

i take that back, its much better, but still a little there.

>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACr%3DtZfdrazd4ppkiARu-fAoqjZVt0Zi5cw4kr7xG3StvFe_EA%40mail.gmail.com.


[qubes-users] Re: has google- chrome slowed down for anyone else?

2019-12-16 Thread pixel fairy


On Saturday, December 14, 2019 at 4:05:12 AM UTC-8, Daniil Travnikov wrote:
>
> Actually the same problem I have in Brave Browser which use chromium.
>
> Try this:
> 1. Open chrome://flags
> 2. Change 'Override software rendering list' on 'Enabled'.
>

Thanks. seemed slightly better, but the problems still there. glad theres 
other browsers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b50d3fbb-43ef-4f30-9602-7c134690a615%40googlegroups.com.


[qubes-users] Re: Can't install KVM in Qubes OS?

2019-12-12 Thread pixel fairy
Qubes-os uses xen, not kvm. Nested virtualization is disabled because of 
the added attack surface.

Ive installed qemu in a debian template in the past, but have not tried 
recently. instead i have another machine running kvm with nested 
virtualization enabled and run vagrant remotely on that one using 
virt-manager for desktop vms. 

I was also able to get the andrioid emulator running on just qemu, but that 
was painfully slow. Hope they make a container option. this was a couple 
years ago.

On Thursday, December 12, 2019 at 3:11:20 PM UTC-8, Tae Hwan Kim wrote:
>
> Hello!
> I need to install KVM for mobile development.(for android emulator).
> so I did try installing kvm like this
>
> sudo dnf  -y 
> install qemu-kvm libvirt virt-install bridge-utils 
>
> but my app vm shows me error like this.
>
> Error:
>  
>>
>>  Problem 1: package libvirt-daemon-driver-libxl-5.1.0-4.fc30.x86_64 
>> requires libxenlight.so.4.11()(64bit), but none of the providers can be 
>> installed
>>   - package libvirt-daemon-driver-libxl-5.1.0-4.fc30.x86_64 requires 
>> libxlutil.so.4.11()(64bit), but none of the providers can be installed
>>   - cannot install both xen-libs-2001:4.8.5-5.fc30.x86_64 and 
>> xen-libs-4.11.2-3.fc30.x86_64
>> 
>>
>>   - cannot install both xen-libs-2001:4.8.5-5.fc30.x86_64 and 
>> xen-libs-4.11.1-4.fc30.x86_64
>> 
>>
>>   - package xen-qubes-vm-2001:4.8.5-5.fc30.x86_64 requires 
>> libxenctrl.so.4.8()(64bit), but none of the providers can be 
>> installed  
>>   - package xen-qubes-vm-2001:4.8.5-5.fc30.x86_64 requires 
>> libxenguest.so.4.8()(64bit), but none of the providers can be 
>> installed 
>>   - package xen-qubes-vm-2001:4.8.5-5.fc30.x86_64 requires 
>> libxenlight.so.4.8.1()(64bit), but none of the providers can be 
>> installed   
>>   - package xen-qubes-vm-2001:4.8.5-5.fc30.x86_64 requires 
>> libxlutil.so.4.8()(64bit), but none of the providers can be 
>> installed   
>>   - problem with installed package 
>> xen-qubes-vm-2001:4.8.5-13.fc30.x86_64   
>>
>>
>>   - package xen-qubes-vm-2001:4.8.5-6.fc30.x86_64 requires xen-libs = 
>> 2001:4.8.5-6.fc30, but none of the providers can be 
>> installed
>>   - cannot install both xen-libs-2001:4.8.5-6.fc30.x86_64 and 
>> xen-libs-4.11.2-3.fc30.x86_64
>> 
>>
>>   - cannot install both xen-libs-2001:4.8.5-6.fc30.x86_64 and 
>> xen-libs-4.11.1-4.fc30.x86_64
>> 
>>
>>   - package libvirt-5.1.0-4.fc30.x86_64 requires 
>> libvirt-daemon-driver-libxl = 5.1.0-4.fc30, but none of the providers can 
>> be installed
>>   - conflicting requests 
>>   - package libvirt-5.1.0-9.fc30.x86_64 requires 
>> libvirt-daemon-driver-libxl = 5.1.0-9.fc30, but none of the providers can 
>> be installed
>>   - package libvirt-daemon-driver-libxl-5.1.0-9.fc30.x86_64 requires 
>> libxenlight.so.4.11()(64bit), but none of the providers can be installed
>>   - package libvirt-daemon-driver-libxl-5.1.0-9.fc30.x86_64 requires 
>> libxlutil.so.4.11()(64bit), but none of the providers can be installed
>>   - package xen-qubes-vm-2001:4.8.5-7.fc30.x86_64 requires xen-libs = 
>> 2001:4.8.5-7.fc30, but none of the providers can be 
>> installed
>>   - cannot install both xen-libs-2001:4.8.5-7.fc30.x86_64 and 
>> xen-libs-4.11.2-3.fc30.x86_64
>> 
>>
>>   - cannot install both xen-libs-2001:4.8.5-7.fc30.x86_64 and 
>> xen-libs-4.11.1-4.fc30.x86_64
>> 
>>
>>   - package xen-qubes-vm-2001:4.8.5-10.fc30.x86_64 requires xen-libs = 
>> 2001:4.8.5-10.fc30, but none of the providers can be 
>> installed  
>>   - cannot install both xen-libs-2001:4.8.5-10.fc30.x86_64 and 
>> xen-libs-4.11.2-3.fc30.x86_64
>>
>>
>>   - cannot install both xen-libs-2001:4.8.5-10.fc30.x86_64 and 
>> xen-libs-4.11.1-4.fc30.x86_64
>>
>>
>>   - package xen-qubes-vm-2001:4.8.5-12.fc30.x86_64 requires xen-libs = 
>> 

[qubes-users] Re: has google- chrome slowed down for anyone else?

2019-12-12 Thread pixel fairy
Whatever it is does not affect chromium. probably just a bug in chrome

On Wednesday, December 11, 2019 at 10:56:27 PM UTC-8, pixel fairy wrote:
>
> after the last dom0 update (and, i think a chrome one) chrome has been 
> really slow, to the point where some sites just freeze up for a bit, though 
> the browser still takes input so you can keep typing and just wait for it 
> to catch up. firefox seems fine, but the sites that need chrome are the 
> heavy js ones. dont know what dom0 would have to do with it, just noticed 
> that at the same time. maybe an input / refresh thing?
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4244bef0-a42d-44e8-9622-6b769790c748%40googlegroups.com.


[qubes-users] has google- chrome slowed down for anyone else?

2019-12-11 Thread pixel fairy
after the last dom0 update (and, i think a chrome one) chrome has been 
really slow, to the point where some sites just freeze up for a bit, though 
the browser still takes input so you can keep typing and just wait for it 
to catch up. firefox seems fine, but the sites that need chrome are the 
heavy js ones. dont know what dom0 would have to do with it, just noticed 
that at the same time. maybe an input / refresh thing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d549aec6-b5b9-47dc-86c1-a7aa66edcddb%40googlegroups.com.


[qubes-users] Re: Help sending multiple files using qrexec

2019-12-04 Thread pixel fairy
qvm-copy. 

if this done often between trusted qubes, you can pre approve the file copy 
in /etc/qubes-rpc/policy/qubes.Filecopy with a line like

srcvm destvm allow

On Tuesday, December 3, 2019 at 5:40:29 PM UTC-8, pr...@tutanota.de wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> I am trying to send mutliple files using qrexec by catting the files using 
> the
> following scripts:
>
> Script one on the client:
>
> echo "$#"
> while [ $1 ]; do
> echo $(wc -l $1)
> cat $1
> shift
> done
>
>
> Script two on the server:
>
> read NUMFILES
> READFILES=0
> while [ $READFILES -lt $NUMFILES ]; do
> read CATFILESIZE CATFILENAME
> head -n $CATFILESIZE > "$CATFILENAME"
> ((READFILES++))
> done
>
>
> This successfully sends the first file, but not the second, can anyone help
> with this or should I be using qvm-copy?
>
> Thanks for reading
> -BEGIN PGP SIGNATURE-
>
> iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXecNwhIccHJhZ29AdHV0
> YW5vdGEuZGUACgkQPPHARjGwCFiw0gD/TPKyOcTLN94aJYJd8oaf+4ciHy1jKZ9W
> XBlIif0fJHMA/jy3LS32Ed21PcbACGz0RZIIGYGFoSptsyLQM5SH9fNd
> =F4IQ
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/02d539f4-5821-4b17-8c28-19105b7e2774%40googlegroups.com.


[qubes-users] Re: How do I get Started?

2019-12-04 Thread pixel fairy
On Monday, December 2, 2019 at 8:43:51 PM UTC-8, Qubes User wrote:
>
> I just installed Qubes on a new laptop. I'm trying to do some basic things 
> not listed on https://www.qubes-os.org/getting-started/
>
> 1. How do I get connected to my wi-fi?
> 2. How do I use an external display with HDMI? (just plugging it in 
> doesn't work for me)
> 3. How do I reduce the lag on my USB mouse?
>

What laptop do you have? what mouse do you have? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7cb3b1fd-69d9-4266-b81c-abad242d79b9%40googlegroups.com.


[qubes-users] Re: second sys-usb

2019-11-29 Thread pixel fairy
Did you click on "configure strict reset for pci devices" in the devices 
settings of both VMs? Thats all i can think of.

On Friday, November 29, 2019 at 11:50:47 AM UTC-8, haaber wrote:
>
> Hi there, I re-ask my problem differently. For flashing with unsecure 
> software via usb, I would like to exchange sys-usb temporarily with a 
> sys-flashing, say. I set up a debian-10 appvm in HVM mode and gave it 
> access to the usb-controller (as my true sys-usb). However, this qubes 
> will not start: 
>
> "internal error: unable to reset PCI device :00:14.0: no FLR, PM 
> reset or bus reset available. " 
>
> anyone knows what that means, please? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ef33ff5-d62c-43d9-ba44-7c843a4bd7ae%40googlegroups.com.


Re: [qubes-users] Is Qubes partnered with Whonix and is Whonix just as secure as Qubes if you're only using the computer for web stuff?

2019-08-30 Thread pixel fairy
Just from what you say here, qubes does provide a significant advantage in 
the pw setup with keepassx running in its own appvm. other than that, it 
depends on how hard your adversaries are trying. another advantage of qubes 
is ease of disposable vms. with whonix youd have to make a template whonix 
workstation for the same effect, but thats a one time step that you'll 
probably do anyway.

qubes uses xen, which has a smaller attack surface and much better track 
record for vm escape vulns. if you cant use that, make sure you keep up to 
date on virtualbox. if you dont like virtualbox, you might be able to 
import whonix to libvirt / kvm. 
https://www.redhat.com/en/blog/importing-vms-kvm-virt-v2v 

you will be fingerprinted as a whonix, and possibly virtualbox / kvm user. 

On Friday, August 30, 2019 at 9:17:48 AM UTC-7, O K wrote:
>
> Ok but for my purpose of being online and wanting my traffic and hardware 
> info isolated (and that's all I'm worried about - mainly anything that can 
> identify me personally), in your opinion do you think Qubes will provide me 
> with significant advantages for my particular needs vs. Whonix?  Thanks.
>
> On Friday, August 30, 2019 at 11:56:48 AM UTC-4, unman wrote:
>>
>> On Fri, Aug 30, 2019 at 08:06:25AM -0700, O K wrote: 
>> > I am ONLY using my computer for web stuff, no sensitive files or info 
>> on my 
>> > computer (other than passwords in some sort of secure PW service, that 
>> I'll 
>> > set up).  If I'm running Whonix in a VM, is that as secure as using 
>> Qubes 
>> > for this purpose only? 
>> > 
>>
>> No, it isnt, if you are looking at Whonix running under Virtualbox or 
>> KVM. 
>> Qubes provides the best compartmentalisation of available options. 
>> There's a comparison of available options on the Whonix wiki. 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90c863de-25b6-4eac-82b0-9b23a0fcdac1%40googlegroups.com.


Re: [qubes-users] Done with Qubes

2019-08-29 Thread pixel fairy
didnt think you were still on this thread.

when im stuck on hardware or a workload that qubes doesnt work for, i 
usually do vagrant with virtualbox or kvm depending. its not as good, of 
course, so still be careful. use packer to make your vagrant boxes. 

github has a lot of great starting points to work from. when making your 
vagrant boxes, make sure you set the mic off in virtualbox, and, of course, 
disable clipboard sharing. you can temp make it single direction when 
copying passwords. you can script it with vagrant ssh and X11 commands 
(xsel / xclip). just make sure your using X11 and not wayland. eventually 
you'll have to adapt to wayland. they're may be a way to script it with 
vboxmanage. or virsh if your using kvm.

also remember to disable sym links with vboxsf, 
VAGRANT_DISABLE_VBOXSYMLINKCREATE=1 in shells start up files should work. 

firejail will be great with wayland. right now, working around x11 is a 
pain. i used xnest (xephyr) and that seemed ok. xpra was took flakey but 
maybe its better now. was years ago.

if you just want it for tor browser, heres their notes on using 
apparmor https://www.whonix.org/wiki/AppArmor#Maintain_Tor_Browser_Functionality

if you go with vagrant-libvirt, you can run vagrant/virtualbox in it with 
nested virtualization in case anyone sends you a virtualbox vagrant file. 
outside of nesting, the two tend to not play well together. should also 
work with vmware which is pretty solid in nesting.

On Tuesday, August 27, 2019 at 11:39:06 AM UTC-7, O K wrote:
>
> You mean I create a VM with Whonix OS installed (using virtualbox I'm 
> guessing)?  I will have to research that, but yes I do need to use a VM, or 
> multiple VM's.  I'd also like to find a way to use Firejail to sandbox 
> whatever browser I'm using, if that's possible.
>
> On Friday, August 23, 2019 at 6:03:55 PM UTC-4, Jackie wrote:
>>
>> O K: 
>> > Thanks for all the help but I've been trying to figure out how to get 
>> Qubes 
>> > running for months and I've decided it's just a giant waste of my time 
>> > because every time I get one bug fixed, two more show up to take it's 
>> > place.  I think it's a brilliant idea but it needs a lot of work and 
>> > streamlining before it's ready for public use.  It's a shame because my 
>> > privacy and anonymity online are a matter of my personal safety and it 
>> > would be nice to have a secure OS.  TAILS is not a fully usable system 
>> > either.  I will have to install Ubuntu.  Good luck, everyone. 
>>
>> Hi, 
>>
>> Qubes definitely has a learning curve, but i think it's worth it (and 
>> i'm definitely no linux expert). 
>>
>> But if you don't want to use qubes, one thing you can do for better 
>> security and privacy is install debian/ubuntu and use non-qubes whonix 
>> (you can use virtualbox, which is pretty easy to use). You can have 
>> multiple whonix workstations, and you can create other VMs like debian 
>> as well to compartmentalize your workflows. A solution like this is more 
>> insecure than qubes, but definitely less insecure than just using bare 
>> metal debian/ubuntu for everything. You still get the benefits of 
>> virtualization and compartmentalization, but without the extra security 
>> features of qubes (i'd recommend not using the host os for anything 
>> directly, and doing everything in VMs). 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be537c0e-b591-4853-84f4-8fb28abdb38b%40googlegroups.com.


[qubes-users] Re: whonix ws cant reach tor "Tor's Control Port could not be reached!"

2019-07-21 Thread pixel fairy
Tried on different wifi, same issue

Tried setting sys-whonix as the gateway for a dispvm and running firefox. 
couldnt reach anything (this used to work in an older version of whonix)

Tried tor-browser-launcher in a fedora-30 based dispvm. that worked. 


On Friday, July 12, 2019 at 4:40:30 PM UTC-7, pixel fairy wrote:
>
> running whonix 15 on qubes 4.
>
> whonixcheck seems to work on sys-whonix. tor control panel indicates a 
> connection. nyx on sys-whonix says "Relaying Disabled"
>
> whoninxcheck on a whonix-ws-15 backed vm says 
>
> ERROR: Tor Connection Result: 
> Tor's Control Port could not be reached! 
>
> Troubleshooting: 
> - Confirm that Whonix-Gateway is running. 
> - Run whonixcheck on Whonix-Gateway and confirm success. 
> - Rerun whonixcheck here in this Whonix-Workstation. 
>
> (Technical information:) 
> (tor_circuit_established_check_exit_code: 277) 
> (tor_bootstrap_timeout_type: ) 
> (tor_bootstrap_status: ) 
> (check_socks_port_open_test: 28) 
> (Tor Circuit: not established)
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/478f6e7f-0380-4ade-ac0a-3863418dfc1a%40googlegroups.com.


[qubes-users] whonix ws cant reach tor "Tor's Control Port could not be reached!"

2019-07-12 Thread pixel fairy
running whonix 15 on qubes 4.

whonixcheck seems to work on sys-whonix. tor control panel indicates a 
connection. nyx on sys-whonix says "Relaying Disabled"

whoninxcheck on a whonix-ws-15 backed vm says 

ERROR: Tor Connection Result: 
Tor's Control Port could not be reached! 

Troubleshooting: 
- Confirm that Whonix-Gateway is running. 
- Run whonixcheck on Whonix-Gateway and confirm success. 
- Rerun whonixcheck here in this Whonix-Workstation. 

(Technical information:) 
(tor_circuit_established_check_exit_code: 277) 
(tor_bootstrap_timeout_type: ) 
(tor_bootstrap_status: ) 
(check_socks_port_open_test: 28) 
(Tor Circuit: not established)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fd9d0d6-1a12--82e8-4e6e0f7ffa83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] qubes-dom0-update keep showing the same already downloaded packages.

2019-06-14 Thread pixel fairy
On Friday, June 14, 2019 at 6:18:39 PM UTC-7, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 14/06/2019 8.16 PM, pixel fairy wrote:
> > every time i run qubes-dom0-update, it keeps re downloading a set of 
> > packages that seem to already be installed. this doesnt seem to prevent 
> > actual updates, but it does mean somethings wrong. ive tried clean packages 
> > in dom0 and sys-firewall, but that doesnt help. any ideas? here what it 
> > looks like right after running it, rebooting, and running it again. any 
> > idea what caused this, and how to clear it?

> 
> Try `sudo dnf reinstall `. Details:
> 
> https://github.com/QubesOS/qubes-issues/issues/4792

thanks. that worked for everything except kernel and kernel-qubes-vm. how do 
you get the kernel ones with .rpm? qubes is already past the kernel versions 
that are stuck still downloading, so dnf --reinstall kernel says nothing to do, 
and rpm --reinstall (without the .rpm as the thread specified) fails because 
the newer one is already installed. should this thread continue on that issues 
page?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8971e12-54fa-4997-9f1a-4913eb5a396e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: usb keyboards

2019-06-14 Thread pixel fairy
If this is a desktop with more than one usb controller, you can take one of 
those out of sys-usb and use that one for the keyboard (and AEM, maybe even the 
mouse). of course, its not ideal, but its better than giving up sys-usb 
entirely.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1c29490-4193-4e91-9ff0-7d8a732ac547%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes-dom0-update keep showing the same already downloaded packages.

2019-06-14 Thread pixel fairy
every time i run qubes-dom0-update, it keeps re downloading a set of packages 
that seem to already be installed. this doesnt seem to prevent actual updates, 
but it does mean somethings wrong. ive tried clean packages in dom0 and 
sys-firewall, but that doesnt help. any ideas? here what it looks like right 
after running it, rebooting, and running it again. any idea what caused this, 
and how to clear it?

[user@dom0 ~]$ sudo qubes-dom0-update
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some 
time...
Fedora 25 - x86_64 - Updates1.8 MB/s |  24 MB 00:13
Fedora 25 - x86_64  1.8 MB/s |  50 MB 00:27
Qubes Dom0 Repository (updates) 933 kB/s |  11 MB 00:11
determining the fastest mirror (15 hosts).. done..6 kB/s | 2.7 kB 00:00 ETA
Qubes Templates repository  4.1 kB/s |  12 kB 00:03
Last metadata expiration check: 0:00:01 ago on Fri Jun 14 14:46:13 2019.
Dependencies resolved.

 PackageArch   Version Repository  Size

Installing:
 kernel x86_64 1000:4.14.119-2.pvops.qubes qubes-dom0-current  46 M
 kernel-qubes-vmx86_64 1000:4.14.119-2.pvops.qubes qubes-dom0-current  64 M
Reinstalling:
 anaconda-core  x86_64 1000:25.20.9-14.fc25qubes-dom0-current 1.5 M
 anaconda-gui   x86_64 1000:25.20.9-14.fc25qubes-dom0-current 386 k
 anaconda-tui   x86_64 1000:25.20.9-14.fc25qubes-dom0-current 186 k
 anaconda-widgets   x86_64 1000:25.20.9-14.fc25qubes-dom0-current 119 k
 garcon x86_64 1000:0.5.0-1.fc25   qubes-dom0-current 179 k
 python3-blivet noarch 2:2.1.6-5.fc25  qubes-dom0-current 1.0 M
 python3-kickstart  noarch 1000:2.32-4.fc25qubes-dom0-current 370 k
 qubes-anaconda-addon
noarch 4.0.9-1.fc25qubes-dom0-current  34 k
 xfwm4  x86_64 1000:4.12.4-1.fc25  qubes-dom0-current 636 k
Removing:
 kernel x86_64 1000:4.14.103-1.pvops.qubes @System239 M
 kernel-qubes-vmx86_64 1000:4.14.103-1.pvops.qubes @System272 M

Transaction Summary

Install  2 Packages
Remove   2 Packages

Total download size: 115 M
DNF will only download packages for the transaction.
Downloading Packages:
(1/11): anaconda-tui-25.20.9-14.fc25.x86_64.rpm 411 kB/s | 186 kB 00:00
(2/11): anaconda-widgets-25.20.9-14.fc25.x86_64 636 kB/s | 119 kB 00:00
(3/11): anaconda-gui-25.20.9-14.fc25.x86_64.rpm 515 kB/s | 386 kB 00:00
(4/11): garcon-0.5.0-1.fc25.x86_64.rpm  616 kB/s | 179 kB 00:00
(5/11): python3-kickstart-2.32-4.fc25.noarch.rp 704 kB/s | 370 kB 00:00
(6/11): qubes-anaconda-addon-4.0.9-1.fc25.noarc 582 kB/s |  34 kB 00:00
(7/11): python3-blivet-2.1.6-5.fc25.noarch.rpm  786 kB/s | 1.0 MB 00:01
(8/11): anaconda-core-25.20.9-14.fc25.x86_64.rp 686 kB/s | 1.5 MB 00:02
(9/11): xfwm4-4.12.4-1.fc25.x86_64.rpm  776 kB/s | 636 kB 00:00
(10/11): kernel-4.14.119-2.pvops.qubes.x86_64.r 1.1 MB/s |  46 MB 00:40
(11/11): kernel-qubes-vm-4.14.119-2.pvops.qubes 1.2 MB/s |  64 MB 00:55

Total   2.0 MB/s | 115 MB 00:58 
Complete!
The downloaded packages were saved in cache until the next successful 
transaction.
You can remove cached packages by executing 'dnf clean packages'.
Qubes OS Repository for Dom0168 MB/s | 227 kB 00:00
[user@dom0 ~]$ 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbe0b6eb-b555-4a2c-910b-1edfeecb6545%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Lenov X390

2019-05-20 Thread pixel fairy
On Wednesday, May 15, 2019 at 8:08:15 AM UTC-7, roger...@protonmail.com wrote:
> Hi there
> 
> Anybody tried to install Qubes 4 on a Lenovo X390? I used the same usb stick 
> that I used for a Carbon Gen1 and Carbon Gen4, it worked for the Carbon but 
> there is no Gui on the X390, some line output and than exits the setup.
> 
> Any ideas? :) 

for some troublesome machines, its easier to install qubes on a different one, 
then transfer the drive. if the drive is hard to physically get to, you may 
have to dd it. but lenovo is usually good about that. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aaa53345-0f43-43c8-b6ca-597f25dd447b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] command line tools work when the gui does not

2019-03-31 Thread pixel fairy
most of the time, the usb icon on the top right seems kinda useless. it will 
tell you whats available sometimes soon after the system booted. past that, you 
have to use qvm-usb and qvm-block on the command line for all that. ive tried 
rebooting sys-usb, but that doesnt help. rebooting the laptop does work, at 
least at first.

even the update notification only occasionally pops up something about a 
template that needs updating, but its always false when i check. ive given up 
on that notification. now i just use a script with qvm-run to update all 
templates at once.

this seems to be more of a qubes 4.0 thing, dont remember these issues in qubes 
3, but maybe i didnt notice. the update notification in qubes 3.x also always 
seemed to work. 

does everyone else just use the command line and never notice?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa554d41-849c-47e6-b4f0-1515d84e67f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] transient appvm failed to start

2019-03-11 Thread pixel fairy
just got a pop up notification 

Qube Status: myvm
Domain myvem has failed to start: internal error: libexenlight failed to create 
new domain 'myvm'

myvm has existed and started fine for many months. trying it again worked. 

is this a known issue? should it be reported? if so, anything besides the logs 
in /var/log/qubes worth providing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5edd0472-709c-4508-81e6-2cfc51603944%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Best ideal laptop for Qubes?

2019-02-25 Thread pixel fairy
On Sunday, February 24, 2019 at 11:13:41 PM UTC-8, dexint...@gmail.com wrote:
> On Sunday, February 24, 2019 at 6:04:01 PM UTC-8, pixel fairy wrote:

> > dont know why, but you can make another netvm for sys-ethernet, but keeping 
> > both interfaces in the same netvm doesnt seem to work.
> > 
...

> does this pertain to the X1C6 laptops? I haven't had a problem with sys-net 
> starting.

that issue is specific to the system76 galago pro

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d723c5ae-12d7-49fe-96ad-8fae598b6329%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Best ideal laptop for Qubes?

2019-02-24 Thread pixel fairy
On Saturday, February 23, 2019 at 12:19:04 AM UTC-8, pixel fairy wrote:
> On Wednesday, February 20, 2019 at 4:49:27 PM UTC-8, dexint...@gmail.com 
> wrote:
> > I've been spending hours and hours looking at laptop configs from dell to 
> > lenovo and I still have yet to make a decision. I'm hoping you guys can 
> > help me. 
> > 
> > Uses:
> > 
> > - Programming
> > - Web Dev
> > - Tor
> > - Screen real estate
> > - Regular web surfing and videos
> > - Some video and photo editing but I have a PC for that 
> > 
> > I'd like to keep cost as low as possible but my budget is very flexible if 
> > I need to stretch it. I want something that will last me 3-5 years.
> 
> https://system76.com/laptops/galago one of the few that you can get with 4 
> real cores instead of just 2 with hyper threading. at least as of a few 
> months ago when i got a few for work. the 4 core thing is important because 
> those speculative execution blunders mean you cant use HT anymore. 
> 
> using the 1080p version with a 4k display. they also have a hidpi version, 
> but the screens only 13". may or may not fit your need for screen estate.
> 
> everything works and its great up until you want to watch youtube full screen 
> at 4k. then it starts getting choppy. blender is fluid, for at least the 
> small scenes ive done. so, video editing shouldnt be a problem. just remember 
> to give your editing appvm lots of ram, and all the cores.
> 
> if your photo editing for print, you might need to keep that pc. you could 
> try the plasma (kde) desktop and see if it can take an icc profile. never 
> tried it.

forgot to mention, you will need to tweak your netvm. when you first install, 
it wont be able to start sys-net. go into sys-nets settings/devices and remove 
the ethernet controller. then click on "Configure strict reset for PCI 
devices", the big button at the bottom of that tab. 

dont know why, but you can make another netvm for sys-ethernet, but keeping 
both interfaces in the same netvm doesnt seem to work.

also tried a purism librem 13. the laptop itself was broken, but dont remember 
any compatibility issues with it. couldnt test the mic, as that was one of the 
broken parts.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb577cd7-891f-40d1-807c-b53c73dfe1e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: tor with ipv6 leak, what is this threat modle?

2019-02-23 Thread pixel fairy
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com 
wrote:
> Hi All,
> 
> 
> Recently I noticed ipv6-test website can see tor browser’s ipv6 address
> 
> though it might not be necessaiyly my own ipv6, but that does somehow put me 
> on alart and to post a question at here,
> 
> I do see other people asked this question at stackexchange before, but I 
> don't quite get the answer for the question of mine.
> https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com
> 
> So I like to know if it's secure to check webmail thought tor, since if exit 
> node's ipv6 can be identified,
> there is a chance to track further back to other nodes as well.
> 
> you can say mac address can be changed, but it's not difficult to find out 
> the real one as well.
> 
> So should we use tor to check webmails? especially tor+VPN make it more 
> obviours on tor network, 
> does this make it actually wraker than just use firefox+vpn?
> 
> if you are a qubes user, what browser do you use to check w
>  ebmails?
> 
> really want know how you think, thank you

just checked it, and it looks like its using the exit nodes ipv6, not yours. so 
if there was a bug, it seems to be fixed. just in case, you should check it 
against the ipv6 in sys-net.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3674428b-0bba-4d8f-9d0b-67e7c2fb9ff1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: tor with ipv6 leak, what is this threat modle?

2019-02-23 Thread pixel fairy
On Saturday, February 23, 2019 at 12:25:27 AM UTC-8, pixel fairy wrote:
> On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com 
> wrote:
> > Hi All,
> > 
> > 
> > Recently I noticed ipv6-test website can see tor browser’s ipv6 address
> > 
> > though it might not be necessaiyly my own ipv6, but that does somehow put 
> > me on alart and to post a question at here,
> > 
> > I do see other people asked this question at stackexchange before, but I 
> > don't quite get the answer for the question of mine.
> > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com
> > 
> > So I like to know if it's secure to check webmail thought tor, since if 
> > exit node's ipv6 can be identified,
> > there is a chance to track further back to other nodes as well.
> > 
> > you can say mac address can be changed, but it's not difficult to find out 
> > the real one as well.
> > 
> > So should we use tor to check webmails? especially tor+VPN make it more 
> > obviours on tor network, 
> > does this make it actually wraker than just use firefox+vpn?
> > 
> > if you are a qubes user, what browser do you use to check w
> >  ebmails?
> > 
> > really want know how you think, thank you
> 
> can you disable ipv6 or ipv6 forwarding in sys-whonix?
> 
> try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all 
> and either echo 0 > forwarding or 1 into disable_ipv6
> 
> hopefully that will working until upstream fixes it.

this change is not persistent across reboots. for that youd need to run that 
everything time you start sys-whonix or make the change in /etc/sysctl.conf and 
make that file persistent https://www.qubes-os.org/doc/bind-dirs/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7073c0a8-9c38-4f2b-b078-1a0fea385a43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: tor with ipv6 leak, what is this threat modle?

2019-02-23 Thread pixel fairy
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com 
wrote:
> Hi All,
> 
> 
> Recently I noticed ipv6-test website can see tor browser’s ipv6 address
> 
> though it might not be necessaiyly my own ipv6, but that does somehow put me 
> on alart and to post a question at here,
> 
> I do see other people asked this question at stackexchange before, but I 
> don't quite get the answer for the question of mine.
> https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com
> 
> So I like to know if it's secure to check webmail thought tor, since if exit 
> node's ipv6 can be identified,
> there is a chance to track further back to other nodes as well.
> 
> you can say mac address can be changed, but it's not difficult to find out 
> the real one as well.
> 
> So should we use tor to check webmails? especially tor+VPN make it more 
> obviours on tor network, 
> does this make it actually wraker than just use firefox+vpn?
> 
> if you are a qubes user, what browser do you use to check w
>  ebmails?
> 
> really want know how you think, thank you

can you disable ipv6 or ipv6 forwarding in sys-whonix?

try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all and 
either echo 0 > forwarding or 1 into disable_ipv6

hopefully that will working until upstream fixes it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/724c8c40-e2ac-4059-ac1f-d0dcb2959a0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Best ideal laptop for Qubes?

2019-02-23 Thread pixel fairy
On Wednesday, February 20, 2019 at 4:49:27 PM UTC-8, dexint...@gmail.com wrote:
> I've been spending hours and hours looking at laptop configs from dell to 
> lenovo and I still have yet to make a decision. I'm hoping you guys can help 
> me. 
> 
> Uses:
> 
> - Programming
> - Web Dev
> - Tor
> - Screen real estate
> - Regular web surfing and videos
> - Some video and photo editing but I have a PC for that 
> 
> I'd like to keep cost as low as possible but my budget is very flexible if I 
> need to stretch it. I want something that will last me 3-5 years.

https://system76.com/laptops/galago one of the few that you can get with 4 real 
cores instead of just 2 with hyper threading. at least as of a few months ago 
when i got a few for work. the 4 core thing is important because those 
speculative execution blunders mean you cant use HT anymore. 

using the 1080p version with a 4k display. they also have a hidpi version, but 
the screens only 13". may or may not fit your need for screen estate.

everything works and its great up until you want to watch youtube full screen 
at 4k. then it starts getting choppy. blender is fluid, for at least the small 
scenes ive done. so, video editing shouldnt be a problem. just remember to give 
your editing appvm lots of ram, and all the cores.

if your photo editing for print, you might need to keep that pc. you could try 
the plasma (kde) desktop and see if it can take an icc profile. never tried it. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dce1fe83-b026-4ce9-9a81-ed555d5d1f93%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - Librem 13 V3

2019-02-06 Thread pixel fairy
On Wednesday, February 6, 2019 at 1:58:24 AM UTC-8, m...@militant.dk wrote:

> These faults are actually a dealbreaker for me. I can't live with this device 
> anymore, so I'm looking to switch it out with a mac mini size device or 
> something similar, that can run 4k @ 60Hz, like normal machines, claiming to 
> support 4k, should.
> 
> Enjoy

im pretty happy with system76 galago. 4k at 60Hz over display port. think it 
was 30Hz over hdmi, which was still usable. 

the only issue is if you start an appvm in single display mode, then plug in 
the display port, apps in that vm wont take input when on the external display 
until you restart that vm. dont remember having that problem with hdmi. also, 
in xfce, plugging and unplugging display port seemed to reset the display, so 
it would always shuffle windows around and ask you to reconfigure the displays. 
in kde, this isnt a problem. it remembers how you set it up before. but, the 
window input issue is still there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8dd456d6-a287-421e-9895-5e031ab0bc08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes friendly audio / video and 2d animation apps?

2019-02-01 Thread pixel fairy
anyone here do any a/v or 2d animation (motion graphics, not making cartoons) 
in qubes? blender works for now, and i may just use the old version for a 
while, but now seems like a good time to look at alternatives.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49266822-f074-48e2-aac3-79e7b6c2cc74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-24 Thread pixel fairy
On Thursday, January 24, 2019 at 7:35:59 PM UTC-8, Andrew David Wong wrote:

> pixel fairy, please let us know of fully removing the old template first
> doesn't fix the problem.

thats what i ended up doing. i had to reinstall to delete them. then it worked. 

then, with whonix, sys-firewall was full. changed the templates system storage 
max size to 20G. that problems hit me a few times before, but i think this 
should fix it. dnf clean all was not enough, probably because of how much is 
installed in the template.
 
> >> Why would using
> >> qubes*testing instead fix whatever is causing that command to fail?
> >> Would that somehow force cache busting for some reason?
> > 
> > No. But it would be easier - no need to think in which repository given
> > template is. In this particular case, it should be fine as given
> > template is only in one of those repositories.
> > 
> 
> Sure, I can see it being easier. I'd specify it as
> `qubes-templates*testing` to be safe, though. Otherwise, user error
> could easily lead to pulling updates from `qubes-dom0-current-testing`
> that they didn't mean to get and aren't prepared to deal with.
> 
> >>> Also, using the 'upgrade' action is a lot less confusing. The official
> >>> steps are needlessly painful.
> > 
> >> Would it be worth updating the QSB? (CC: Marek)
> > 
> 
> PR: https://github.com/QubesOS/qubes-secpack/pull/26
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKhAcACgkQ203TvDlQ
> MDBmVQ//dSU4Jyi/Cg2m7+YkdGyjJB3W8TmS1HFDrGEFlVKsTl5WL8TSxjNPb0tS
> yHMRlOzDDA5POiTBPmLAPk6zwUDkiDSMt+DQ1GZ5b7NIxcnKNZjHM5EMOCzcCoW2
> 7DB/wYpp5AndG+3pHM8TWcCTOC7cSAqMxj5pgqUMnOOunG5Ic8nVnUEU1YdBSM51
> uPJuXeR7/sZ33eWUKN5QrRP/Yb4TLORYjouWR6tI60j8ReE7xyYre5TpTBnroIZE
> Aq4+IYBrjqqSZcBJRhqcshtgDF6A2/AUhLeZZpokA9eL7KDxCG2L1QVjiO6c6DhM
> ARc0SxsKhAOzxRUj1PqHQvtQCEhX5MvjkjgfwY7aDD9IGMmZU7/7+CR8QrilMICq
> p4dJQWyiMmvwyQS0xBJEPEkUuHO89CTZ7VNs8/S1jhPwyo6myDwekKhmAS7Nc/Iz
> G71YjwrV3+C7I31JiEEwe2y30RLncZdn9t+oySoCeznrvwtoK8cFzeJ9616As5Yz
> smXgoGKQmyKnRw7WIto1MuLbvVr8NUGzY7PWCOmPASDu2UAnWgkIn6aTrJd9KWPB
> 4TZHhu+YVHVahkqugZSQ8g7aoaJ/7aURERlURASz1yDEPsmbmLt+4oI4PZUpCjHC
> 2fpXTSCqOPK1GqX1Hyxi5EnldbBCyoMbU+LwikD+8k+zc02U/iY=
> =DiKo
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d5de408-2582-411a-934b-17dde3d5cc1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: vault color (black?) & window decorations

2019-01-23 Thread pixel fairy
On Monday, October 15, 2018 at 5:38:56 AM UTC-7, Brendan Hoar wrote:
> Hi folks,
> 
> Regarding the default R4 color scheme...
> 
> ...does anyone else find that the default color for vault (black?) makes it 
> nearly impossible to see the window titles and/or windows controls (close, 
> maximize, minimize)? 

have you tried a different display? or your monitor settings? i just looked on 
my laptop and an external display, and i see a dark gray background and light 
gray or black title depending on focus. both are easy to read, but its close 
enough that going from unfocused to focused does make it "disappear" in my eyes 
for a sec.

or just change it to gray. problem solved.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a8c6fae-2414-43af-ab58-a5b0594a9a7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread pixel fairy
On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote:
 
> The Whonix packages are in qubes-templates-community-testing.


$ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing 
qubes-template-whonix-gw-14 
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some 
time...
Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019.
No match for argument: qubes-template-whonix-gw-14
Error: Unable to find a match

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/832a3574-1531-4fbf-93df-a5b0c55b423d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread pixel fairy
is whonix in the repo? i keep getting "Error: Unable to find a match"
tried copy/pasting from the command to delete the templates to make sure 
they're spelled right. tried qubes-templates-itl and 
qubes-templates-itl-testing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b29c776f-2da3-4d04-932a-ae6387576130%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] dom0 downloads, but does not update packages

2019-01-13 Thread pixel fairy
heres the output of qubes-dom0-update. it just stops after downloading. done 
this for at least a week. 

Fedora 25 - x86_64  913 kB/s |  50 MB 00:56
Qubes Dom0 Repository (updates) 686 kB/s | 8.0 MB 00:11
determining the fastest mirror (15 hosts).. done..5 kB/s | 2.7 kB 00:00 ETA
Qubes Templates repository  1.7 kB/s |  10 kB 00:06
Last metadata expiration check: 0:00:01 ago on Sun Jan 13 12:53:10 2019.
Dependencies resolved.

 Package  Arch   Version   Repository  Size

Reinstalling:
 anaconda-corex86_64 1000:25.20.9-14.fc25  qubes-dom0-current 1.5 M
 anaconda-gui x86_64 1000:25.20.9-14.fc25  qubes-dom0-current 386 k
 anaconda-tui x86_64 1000:25.20.9-14.fc25  qubes-dom0-current 186 k
 anaconda-widgets x86_64 1000:25.20.9-14.fc25  qubes-dom0-current 119 k
 python3-blivet   noarch 2:2.1.6-5.fc25qubes-dom0-current 1.0 M
 python3-kickstartnoarch 1000:2.32-4.fc25  qubes-dom0-current 370 k
 qubes-anaconda-addon noarch 4.0.9-1.fc25  qubes-dom0-current  34 k
 xorg-x11-drv-ati x86_64 18.0.1-1.fc25 qubes-dom0-current 168 k
 xorg-x11-drv-intel   x86_64 2.99.917-32.20171025.fc25 qubes-dom0-current 696 k

Transaction Summary


Total download size: 4.4 M
Installed size: 4.4 M
DNF will only download packages for the transaction.
Downloading Packages:
(1/9): anaconda-tui-25.20.9-14.fc25.x86_64.rpm  136 kB/s | 186 kB 00:01
(2/9): anaconda-widgets-25.20.9-14.fc25.x86_64. 709 kB/s | 119 kB 00:00
(3/9): anaconda-gui-25.20.9-14.fc25.x86_64.rpm  231 kB/s | 386 kB 00:01
(4/9): python3-blivet-2.1.6-5.fc25.noarch.rpm   914 kB/s | 1.0 MB 00:01
(5/9): python3-kickstart-2.32-4.fc25.noarch.rpm 367 kB/s | 370 kB 00:01
(6/9): qubes-anaconda-addon-4.0.9-1.fc25.noarch 585 kB/s |  34 kB 00:00
(7/9): anaconda-core-25.20.9-14.fc25.x86_64.rpm 543 kB/s | 1.5 MB 00:02
(8/9): xorg-x11-drv-ati-18.0.1-1.fc25.x86_64.rp 512 kB/s | 168 kB 00:00
(9/9): xorg-x11-drv-intel-2.99.917-32.20171025. 1.1 MB/s | 696 kB 00:00

Total   860 kB/s | 4.4 MB 00:05 
Complete!
The downloaded packages were saved in cache until the next successful 
transaction.
You can remove cached packages by executing 'dnf clean packages'.
Qubes OS Repository for Dom0   27 MB/s |  37 kB 00:00   
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c68169b-c9f7-422c-a389-7421a4b27d4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] icon stacks in kde?

2019-01-11 Thread pixel fairy
On Thursday, January 10, 2019 at 4:27:51 AM UTC-8, unman wrote:
> On Thu, Jan 10, 2019 at 02:19:24AM -0800, pixel fairy wrote:
> > playing with kde. the one feature i miss from xfce is making stacks of 
> > icon. by that i mean a separate panel on the bottom, kinda like os x, where 
> > you put a launcher and add multiple apps to it so you get a little arrow 
> > menu for all the extras.
> > 
> > with kde, the closest thing i can find is pinning an app to the panel, but 
> > you cant group them arbitrarily like that. is there a way to get the same 
> > effect in kde?
> > 
> > funny thing about qubes is you end up with far more "favorites" than i 
> > think the kde devs anticipated. 
> > 
> 
> Try using the application launcher, and setting favourites. This gives
> something like the effect you're looking for.
> You can either add the launcher(Add widgets - Application launcher), or
> use it instead of the application menu - Right click on Menu icon,
> select alternatives, application launcher.
> I'd recommend adding the launcher as separate item and pinning
> favourites there.

clunky! but will have to do. not brave enough to find a widget and install it 
to dom0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/404d45c8-6bcb-4ac1-b5dc-829645aeacc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] icon stacks in kde?

2019-01-10 Thread pixel fairy
playing with kde. the one feature i miss from xfce is making stacks of icon. by 
that i mean a separate panel on the bottom, kinda like os x, where you put a 
launcher and add multiple apps to it so you get a little arrow menu for all the 
extras.

with kde, the closest thing i can find is pinning an app to the panel, but you 
cant group them arbitrarily like that. is there a way to get the same effect in 
kde?

funny thing about qubes is you end up with far more "favorites" than i think 
the kde devs anticipated. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99cd0330-056a-4283-a383-8a3e23637763%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] fail to install qubes-template-fedora-29 "Failed writing body"

2019-01-07 Thread pixel fairy
On Thursday, January 3, 2019 at 4:51:12 PM UTC-8, 799 wrote:
> Am Fr., 4. Jan. 2019, 01:46 hat pixel fairy  geschrieben:
> $ sudo qubes-dom0-update qubes-template-fedora-29
> [...]
> 
> Downloading Packages:
> 
> [MIRROR] qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm: Curl error 
> (23): Failed writing received data to disk/application for 
> https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
>  [Failed writing body (8615 != 16384)]
> 
> [FAILED] qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm: Curl error 
> (23): Failed writing received data to disk/application for 
> https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
>  [Failed writing body (8615 != 16384)]
> [...]
> 
> 
> Do you have enough free space in sys-firewall (df -h)
> 
> 
> - O

That was the problem. made a clone of the template, gave it more system 
storage, and used that for sys-firewall, which worked. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ed02210-2cad-495b-82b6-77ab8c8ab50a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] fail to install qubes-template-fedora-29 "Failed writing body"

2019-01-03 Thread pixel fairy
$ sudo qubes-dom0-update qubes-template-fedora-29
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some 
time...
sys-firewall: command failed with code: 1
Fedora 25 - x86_64 - Updates2.5 MB/s |  24 MB 00:09
Fedora 25 - x86_64  2.1 MB/s |  50 MB 00:24
Qubes Dom0 Repository (updates) 1.1 MB/s | 7.7 MB 00:06
determining the fastest mirror (8 hosts).. done.
Qubes Templates repository   82 kB/s |  10 kB 00:00
Last metadata expiration check: 0:00:00 ago on Thu Jan  3 16:35:37 2019.
Dependencies resolved.

 Package  Arch   Version  Repository   Size

Installing:
 qubes-template-fedora-29 noarch 4.0.1-201812091508   qubes-templates-itl 1.3 G

Transaction Summary

Install  1 Package

Total download size: 1.3 G
Installed size: 1.3 G
DNF will only download packages for the transaction.
Downloading Packages:
[MIRROR] qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm: Curl error 
(23): Failed writing received data to disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
 [Failed writing body (8615 != 16384)]
[FAILED] qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm: Curl error 
(23): Failed writing received data to disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
 [Failed writing body (8615 != 16384)]

The downloaded packages were saved in cache until the next successful 
transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
  Curl error (23): Failed writing received data to disk/application for 
https://mirrors.edge.kernel.org/qubes/repo/yum/r4.0/templates-itl/rpm/qubes-template-fedora-29-4.0.1-201812091508.noarch.rpm
 [Failed writing body (8615 != 16384)]
sys-firewall: command failed with code: 1

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89e71077-b2ab-4a36-826a-40578d2f5f54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] old version of xscreensaver

2019-01-02 Thread pixel fairy
xscreensaver complains about being an old version. doubt this matters, but 
might scare some users.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7090547a-5ce8-43a5-9ef1-20cbb15763e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Failed to synchronize cache for repo 'updates' in fedora-28 template

2018-12-21 Thread pixel fairy
On Monday, November 26, 2018 at 2:05:30 PM UTC-8, pixel fairy wrote:
> $ sudo dnf -y update
> Error: Failed to synchronize cache for repo 'fedora-cisco-openh264'
> 
> tried disabling fedora-cisco-openh264 and got
> 
> Error: Failed to synchronize cache for repo 'updates'
> 
> same error on the distro template, which only has updates applied, and my 
> clone of it, which i use.

fedora templates use sys-net. i made a sys-ethernet which i was using instead, 
so the proxy could not connect. the debian based templates didnt have this 
limitation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97fc321a-0f60-4f6a-b784-e78c51624958%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Failed to synchronize cache for repo 'updates' in fedora-28 template

2018-11-26 Thread pixel fairy
$ sudo dnf -y update
Error: Failed to synchronize cache for repo 'fedora-cisco-openh264'

tried disabling fedora-cisco-openh264 and got

Error: Failed to synchronize cache for repo 'updates'

same error on the distro template, which only has updates applied, and my clone 
of it, which i use.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61ce38a3-9cbf-4ce9-b25c-ebab0c424327%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: About X.Org vulnerability and Qubes

2018-10-30 Thread pixel fairy
you can always clone a template and try such changes.

Each vm runs its own X server, which is already distrusted by dom0, so the 
chain would have to include an attack that works over vchan.

Future versions of qubes might default to wayland instead of X11, only because 
fedora probably will, and there wont be any reason to change that. appvms will 
probably continue to use X for a long time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/72fa4988-0b44-4913-9df7-4ffcb5192711%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Android Studio AVD emulate

2018-10-08 Thread pixel fairy
On Thursday, September 13, 2018 at 9:27:09 AM UTC-7, Andrzej Andrzej wrote:
> Any idea?

If you really want to do it on your own host, AVD manager / create virtual 
device / choose device / select system image / Other Images / click "download" 
on an android image and finish.

but thats very slow and tends to be error prone. take advantage of our 
networked world, and run a vagrant server. host os linux, with vagrant-libvirt 
(which uses kvm) and make sure nested virtualization is enabled, which is why 
your not going to use virtualbox for this. then grab this script, 
https://gist.github.com/xahare/1db2970b7b684c0d54c0c15cc32afb98 and set a 
VAGRANTHOST in your .bashrc
also, vagrant plugin install vagrant-sshfs

you can install virt-manager in the fedora-28 templatevm, and set it to your 
vagranthost. you'll have to remove its connection to localhost (xen).


in my case, i added src to .gitignore (so it doesnt get clobbered) and rsync 
that code as needed. rvagrant uses .gitignore, but you dont need a git repo 
there. you can make your git repos in your studio projects instead.

if you do a vagrant halt and up, (like after software updates) run vagrant 
provision to fix the permissions of /dev/kvm (it will complain about snap 
installing an existing package. you can ignore that)

the first time the emulator runs, it will be slow, but after that, its fast 
enough that all this trouble is worth it.

heres my Vagrantfile. my vagrant host only has 2 cores, but i suggest 4 if you 
have the hardware. and yes, you really want 10 gigs of ram in it. android 
studio is a hog.

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

setup = <<-SCRIPT
apt-get -y install vim-gtk3 git openjdk-8-jdk openjdk-8-jre 
snap install android-studio --classic
chgrp vagrant /dev/kvm
chmod g+rw /dev/kvm
SCRIPT

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "peru/ubuntu-18.04-desktop-amd64"
  config.vm.synced_folder "src", "/home/vagrant/src", type: "sshfs"
  config.vm.provider "libvirt" do |lv|
lv.nested = true
lv.cpus = 2
lv.memory = 10240
  end
  config.vm.provision "shell", inline: setup
end

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d5dc716-8234-4526-930a-d8bbbcfc658e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: QSB #43: L1 Terminal Fault speculative side channel (XSA-273)

2018-09-03 Thread pixel fairy
On Monday, September 3, 2018 at 1:21:27 AM UTC-7, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Mon, Sep 03, 2018 at 01:46:11AM -0500, Andrew David Wong wrote:
> > On 2018-09-02 22:22, pixel fairy wrote:
> > > is it still necessary to disable hyper threading after upgrading
> > > in qubes 4?
> > > 
> > 
> > Hyper-threading should be disabled in Xen after you install the updates.
> > It should not be necessary for you to take any further action to
> > disable it there.
> > 
> > If you're asking whether you should also disable it in your BIOS
> > settings, then I'm not sure (CCing Marek).
> 
> There is no need to additionally disable it in BIOS. Xen's smt=off
> option means it won't be used even if BIOS reports its availability.

Is this something that can eventually be resolved, allowing safe re-enabling of 
hyperthreading? or is that even known yet?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56ca3f03-24bc-410d-af1f-ef92db60b208%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: QSB #43: L1 Terminal Fault speculative side channel (XSA-273)

2018-09-02 Thread pixel fairy
is it still necessary to disable hyper threading after upgrading in qubes 4? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba013801-b748-4cf0-8cd2-de3983fe435d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] screen randomly blanking on 4k with hdmi, onboard intel graphics card

2018-08-17 Thread pixel fairy
qubes-os 4.0 system76 lemur7 (i7 skylake) the hdmi port seems to only work well 
at hdmi. any other resolution and it randomly blanks the screen. tried running 
the ubuntu (pop-os) installer for about an hour watching youtube and the screen 
was fine. dont know if that was luck or a qubes-os problem.

does anyone else do 4k out of hdmi with the onboard intel grahpics?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62c0094b-a4c1-4c89-b6f7-c7d5a83d9f63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - Purism Librem 13v2

2018-08-05 Thread pixel fairy
On Saturday, August 4, 2018 at 1:44:41 PM UTC-7, Max Andersen wrote:
> Major issues with Coreboot, crashes, etc.
> 
> -
> https://forums.puri.sm/t/building-coreboot-from-source-official-script/1264/113
> 
> - https://github.com/QubesOS/qubes-issues/issues/3753
> 
> After several updates, install went fine. Now only minor issues:
> 
> Rattling fan noise, due to bios version. Will maybe get fixed:
> https://militant.dk/Ny%20optagelse%203.m4a?dl=0
> 
> Pipe not recognized properly:
> To make change permanent a workaround is required:
> https://forums.puri.sm/t/keyboard-layout-unable-to-recognize-pipe/2022/3?u=max4
> 
> Having issues with danish keyboard layout and the '@' sign. Also having
> issues with keyboard layout in qubes has to be default and not danish,
> since copy paste fails to work.
> 
> Can not recommend this laptop for Qubes usage. I even ordered it with
> qubes installed, but PureOS was installed and I had a battle to get
> things right. Took forever and is actually not worth it, in my book.
> Read about it here, if you like:
> https://www.militant.dk/2018/02/22/ordering-a-purism-librem-13v2-to-run-qubes-4-0rc4/
> 
> Sincerely
> 
> Max

damn! thanks for the heads up!

(still looking forward the phone though) 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1820cab-ad3a-4de2-863b-ead6abf75101%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4 - Windows Guest Tools

2018-05-21 Thread pixel fairy
On Saturday, May 19, 2018 at 5:50:43 AM UTC-7, donoban wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Hi
> 
> Is there windows guest tools package for Qubes 4?
> 
> I've tried:
> 
> 'sudo qubes-dom0-update qubes-windows-tools'
> and also enabling qubes-dom0-current-testing
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlsAHZkACgkQFBMQ2OPt
> CKWsVw//VrbUiz2mHW6OM+YSsccCGsZaXFzumYAMPwzlrJFjhYrazJnp4S5rY8NK
> 9rXD+BWjaPGNigRaZ399eARZiYRWxq6bTgUC35Jf1swOO5n6eIT/M2Nq0ztKIkXA
> SfURJIEse42QcJdOLrPf0IBDM8/T6R5xO2hTCKPqBeFXHUPlhRsIUwM9RyIiXk6K
> 4jxRE0FdlJfB0o0mGNT8TZPoIDR23ALzYvp8REv/luxYXCY6MOo/EmElnFKNsUfj
> KCppEApFuc9E7dtE/3O7uslXSJJPQ+znk/QS7XtbTVwD/LCxk5tbguAIE4U8kGJL
> NA1242acXfGm4S0R9pXKaix7HH/EpnYS/O/Vtdg5VwGJtY/8AsfF2Vw7EA1gI02K
> LhodRVhQtx6XIUBgrXvEZ25bHOO+xT6X2xPrw4BF9RxRpfDLxupKZBrTMcgUuv0K
> AVFSek5XqYTFCq9TJy6+tyKKPZLcnod9gs8KxvDKHlXFbPvmvD/jfdSpZasTV1jR
> gwmUBh4VoLib0GlSlhgkArJydoC6/Fe8EbP0tmqU7RyTy9s9KmlAYyQ4/roEXIxg
> k5tibc9IKW6O1riw3ivKv9Af5utt1M8ZnKUqLALGXdfNJQGG+CDv4LKs7vFmiR3u
> buKtpJBl6G+2ZXcH/PQogMO917SuGkZ+B40rYgcBhQVoFMOxMMI=
> =K4SR
> -END PGP SIGNATURE-

for now, you can get a similar effect by using rdp to a proxy appvm, 
https://groups.google.com/forum/#!topic/qubes-users/dB_OU87dJWA

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fde7d7b0-c43e-4f0a-955f-6efadf93e35f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Desperately want Qubes, but can't install on Asus Sabertooth x79

2018-05-12 Thread pixel fairy
Another thing you could try, install it on a working system. then transfer the 
hard drive. ive had to do this for a couple laptops with older versions.

or, install linux on a different drive, maybe also hanging off usb, run the 
qubes installer in kvm from there. i havent tried getting qubes working on kvm, 
but others in the list have mentioned getting it to work. qemu/kvm can also be 
a fickle beast, so this would be a last resort.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/497be5ff-9a24-4a84-8e5c-23f250e8da96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] X11 forwarding stopped working in fedora-26, still works in debian-9

2018-05-10 Thread pixel fairy
sometime in the last couple days, ssh -X stopped working in fedora-26 
templates, at least on my box. still works from debian-9. 

anyone else notice this? anything change?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b567e4c-3838-44e3-83c7-d258ded406f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Qubes Os4 very slowly comparing to Qubes 3.2

2018-05-01 Thread pixel fairy
this may seem silly, but try reinstalling. there was one RC of qubes-4 that was 
really slow for me. even after updating to the final one, it was still slow, 
but re installing the final one fixed it for me. still slower than 3.2, but 
only like half its speed instead of nearly unusable. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84a8a62c-ce5d-4f18-9cbc-ce28a7fa8286%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] AMD? threadripper / ryzen?

2018-05-01 Thread pixel fairy
On Monday, April 30, 2018 at 8:13:55 PM UTC-7, tai...@gmx.com wrote:

> I would get a KCMA-D8 ($315) or KGPE-D16 ($415) they check all your
> boxes and more - they are what all the experts use, leah rowe from
> libreboot paid for them to be ported to coreboot-libre a few years ago.
> D16 max 192GB RAM with 32 cores, and it also has OpenBMC support, two
> separate usb controllers (btw you need breakout cables for second
> controller/more ports) etc.

thanks. it was hard to wade through AMDs docs on this. but it uses ddr3 ram. do 
you know if these are subject to rowhammer (bit flipping) attacks? is this the 
hardware you use? didnt think to mention it because all modern hardware uses 
ddr4.

> I would get a unicomp keyboard with trackpad, as then you have input
> devices where the firmware can't be internally flashed like most
> keyboards can.

how hard is it to maliciously flash a mouse or keyboard? my concern was other 
malicious devices being plugged in when im not looking. or other devices, like 
someone elses thumb drive etc. stuff i dont want touching dom0. 

> > and before anyone suggests it, no, im not porting xen to talon.
> *Talos 2
> It seems you have read my other posts? in that case why do you ask? I
> have already answered all these questions many times.

the subject of porting qubes to talos comes up often in these threads. 

if anything, arm is probably more viable. its cheaper in both cost and power 
usage, and more versatile. arm laptops are finally being pushed by microsoft. 
they'll probably lock these to windows, but it means other vendors can take 
advantage of the manufacturing scale to make cheap open hardware. 
 
> I am pleased you are smart enough to avoid the fraudulent companies out
> there.

i think of it more as conflicting interests. spewing bs about it even though 
ITL and google keep calling them out on this is still better for their bottom 
line than disabling or open sourcing. why? we may never know. but if they're 
not going to tell us, then they deserve all the speculation they get :)

cant wait till technology progresses to the point where we can just print out 
our own hardware. of course, then we have to trust the printer. trusting trust 
and countering not trusting trust? theres a riddle in there somewhere 
https://www.schneier.com/blog/archives/2006/01/countering_trus.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09fd717c-9642-4026-b445-add31743e790%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] AMD? threadripper / ryzen?

2018-04-30 Thread pixel fairy
ready to ditch intel on desktop (and maybe laptop if anyone has a good 
recommendation) 

my understanding is that some amd lines dont have PSP or any such equivalent to 
intelME or AMT. about to jump down the rabbit hole of figuring this out. 

has anyone tried ryzen or threadripper? is there another line worth looking at?

what im looking for,

* no psp, ME, amt etc
* no speculative execution vulnerabilities (at least no known ones)
* at least 32gigs of ram (yes, i actually use that)
* at least 8 cores or threads.
* ps2 mouse/keyboard or more than 1 usb bus. 

gpu support for tensorflow would be nice, but will probably make a second, 
dedicated box when that time comes.

free bios support (coreboot, libreboot etc) would be nice too.

and before anyone suggests it, no, im not porting xen to talon.

a laptop like the above would be awsome if its light and has good battery life, 
but thats not something im going to hold my breath for.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31b8ee2d-393b-4e5c-a9ab-6788002432f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is Template concept unique to Qubes?

2018-03-28 Thread pixel fairy
On Sunday, March 25, 2018 at 8:08:19 PM UTC-7, franc...@tutamail.com wrote:
> Security considerations aside, it's so convenient having shared root 
> filesystems that can be updated once for multiple child-VMs.  Is this feature 
> unique to Qubes or is something like this often replicated when using other 
> hypervisor systems?
> 
> Specifically, I want to run a **not**-secure bleeding edge testbox that has 
> gpu acceleration in dom0. (Example: archlinux + KVM). I know 
> thin-provisioning (COW?) will allow one copy of OS on the filesystem to be 
> re-used but is it possible to base multiple VM's on a single template like 
> Qubes? Thanks for reading.

docker and vagrant come to mind. you could also do this yourself the same way 
qubes does it with a root template and machine specific home disk, or some 
shared storage if that doesnt work. vagrant has a way to update and rebox 
existing vagrant boxes so you dont have to rebuild it every time you want to 
update. so theres that, or scripting it yourself with virsh or one of its 
bindings.

heres some notes on using kvmgt with libvirt, 
https://github.com/TobleMiner/KVMGT

if you do this, dont forget to make a usb canary, and maybe use the iommu to 
wall of other scary ports.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c5337ef-1020-4d99-9549-e07785ca3524%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: DispVM Firefox through TOR

2018-02-21 Thread pixel fairy
On Wednesday, February 21, 2018 at 3:18:34 PM UTC-8, pixel fairy wrote:
> On Wednesday, February 21, 2018 at 2:15:56 PM UTC-8, klausd...@mail2tor.com 
> wrote:
> > Is it possible to root a Firefox instance of a DispVM trough Tor?
> > 
> > Were can i change the netsys to sys-whonix for Disp´VM?
> > 
> > Thank you very much :)
> 
> just set the network vm in the vm settings basic tab. in qubes 3.2, this is 
> in the qubes manager. in 4.0 its in the Q menu on the top left.

correction, when using disposable VMs in qubes-4, you have to use the "Q" menu 
on the top RIGHT, not left.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16c20591-23e1-4a53-b313-a95d1adfa792%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: DispVM Firefox through TOR

2018-02-21 Thread pixel fairy
On Wednesday, February 21, 2018 at 2:15:56 PM UTC-8, klausd...@mail2tor.com 
wrote:
> Is it possible to root a Firefox instance of a DispVM trough Tor?
> 
> Were can i change the netsys to sys-whonix for Disp´VM?
> 
> Thank you very much :)

just set the network vm in the vm settings basic tab. in qubes 3.2, this is in 
the qubes manager. in 4.0 its in the Q menu on the top left.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a6756b0-6572-49dd-851f-aa689160ce7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-16 Thread pixel fairy
On Friday, February 16, 2018 at 4:07:10 PM UTC-8, Marek Marczykowski-Górecki 
wrote:

> Yes, there is "xpti=false" option for Xen command line (xen.gz option in
> grub, or options= line in xen.cfg for UEFI).

tried that by editing the multiboot /xen-4.8.3.gz line while booting. no 
change. maybe its a different change between rc3 and rc4. seems like a stretch, 
but one that only affects supermicro c7z motherboards?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f3f5438-a930-4abb-9435-06adf92359e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-14 Thread pixel fairy
pvh. the hvm ones took even longer. looked at a couple systemd-analyze, one of 
them had 10s for dkms and 40 for qubes-update-check, even though that one only 
took 25s to boot, at least according to dom0. could whatever tells dom0 a guest 
is up have run before that?

will play with this more and get back to you.

turns out the qvm-pref debug doesnt matter in boot time. its hvm that takes 
around 40 seconds, and pvh that takes around 25.

a standalone hvm with no os installed took 16 seconds to "start"

this started happening after installing 4.0rc4 over 4.0rc3. had to qvm-prefs 
the restored vms to pvh. at first i thought it was just the performance hit 
from mitigating speculation vulnerabilities, but others were reporting better 
performance in rc4 than rc3.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e15ed300-e888-4cbc-99a7-5ecc82323d8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-14 Thread pixel fairy
On Wednesday, February 14, 2018 at 4:58:06 PM UTC-8, pixel fairy wrote:
> Fedora. just tried debian. 44.286s seconds.

Forgot the hardware. 

i7-6700, 64gigs ddr4, supermicro c7z170-sq, onboard intel graphics.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7cc90ae0-f905-4f99-beef-90c3fc4dbc09%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-14 Thread pixel fairy
Fedora. just tried debian. 44.286s seconds.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a025ca67-8aa1-4097-a096-372ec3e41fe3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-14 Thread pixel fairy
[user@dom0 ~]$ time qvm-start personal

real0m23.517s
user0m0.182s
sys 0m0.065s
[user@dom0 ~]$ time qvm-start alpha

real0m23.801s
user0m0.191s
sys 0m0.056s
[user@dom0 ~]$ time qvm-start alphax

real0m32.831s
user0m0.193s
sys 0m0.059s

starting with debug turned on takes 46 seconds. it shows a console window with

SeaBIOS
Machine UUID
Booting from ROM...
Probing EDD...

15 seconds for the console window to come up, with the first 3 lines
8 seconds later for Probing EDD to come up
23 seconds after that for the VM to start and the console window to go blank.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a49c3481-a3c1-4147-8efe-47277079974e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: performance hit with 4.0rc4

2018-02-07 Thread pixel fairy
On Wednesday, February 7, 2018 at 6:54:32 PM UTC-8, pixel fairy wrote:
> reinstalled over 4.0rc3 and vms take much longer to start now. it usually 
> takes a few seconds before getting the notification that an app vm is 
> starting.  
> 
> firefox performs fine, including youtube in full screen (1080p)
> 
> chrome is a bit jumpy in most use, but plays video fine as long as it not 
> full screen
> 
> blender is noticeably slower, but still usable for small scenes.

If theres any strait forward way to debug this id love to.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c1757531-2f67-4c9e-bc10-f687cd03d4ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] performance hit with 4.0rc4

2018-02-07 Thread pixel fairy
reinstalled over 4.0rc3 and vms take much longer to start now. it usually takes 
a few seconds before getting the notification that an app vm is starting.  

firefox performs fine, including youtube in full screen (1080p)

chrome is a bit jumpy in most use, but plays video fine as long as it not full 
screen

blender is noticeably slower, but still usable for small scenes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e4aee63-30bb-4329-a45d-5a7ab232a67c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] noscript xss warning on qubes os site

2018-02-01 Thread pixel fairy
On Thursday, February 1, 2018 at 3:31:45 AM UTC-8, awokd wrote:

> Not seeing this in Tor Browser 7.5 with Noscript 5.1.8.4 when I browse to
> https://www.qubes-os.org. Where are you seeing it?

firefox on fedora-26. install noscript, look at the qubes site. go to other 
sites. maybe restart the browser, and you get that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cce8b631-04df-4560-bb62-301ae04df78a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] noscript xss warning on qubes os site

2018-02-01 Thread pixel fairy
noscript, the firefox extention, pops up the following about the qubes site,

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://www.qubes-os.org.

Suspicious data:

window.name

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/799216a9-386d-45e2-a05f-17b045a4645d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please

2018-01-31 Thread pixel fairy
you need the device entry of the cdrom, usually /dev/sr0 or /dev/cdrom. if you 
mount the cdrom, and type "mount" you should it in the first column. its been a 
long time since doing this. you can also download the windows 7 installer from 
microsoft here, https://www.microsoft.com/en-us/software-download/windows7

the first command below makes the iso file, with sudo meaning "so this as root" 
(kinda like administrator in windows) and the second gives the iso back to you, 
cause otherwise its owned by root.

sudo dd if=/dev/cdrom of=windows7.iso
sudo chown user.user windows7.iso

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe69c271-7036-42e0-a15a-91dc7b53a00f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS 4.0-rc4 has been released!

2018-01-31 Thread pixel fairy
Can you clarify which specter variants will be mitigated and how?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f9d0226-8d12-4789-bbf6-51daf2dcdea6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: which linux works well as a standalone hvm in qubes-4.0?

2018-01-25 Thread pixel fairy
On Wednesday, January 24, 2018 at 7:25:50 PM UTC-8, pixel fairy wrote:
> has anyone gotten a linux desktop with more than 800x600 in hvm in qubes-4?

For anyone looking, fedora-26 works with a few resolutions.couldnt get the 
fedora-27 installer to boot, but you can update from 26 just fine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ff7dced-e17d-4d4f-b530-82c801cbf4a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] which linux works well as a standalone hvm in qubes-4.0?

2018-01-24 Thread pixel fairy
has anyone gotten a linux desktop with more than 800x600 in hvm in qubes-4?

ive tried the linux-HVM-tips. with ubuntu, X -configure usually crashes weather 
or not its run from console. even then, modding the file and putting it in 
/etc/X11 seems to have no effect. the installer for ubuntu 17.10.1 runs in 
1280x720, but goes back to 800x600 after installation.

Fedora27s installer wont boot.

before i got trying a million distros, has anyone else gotten this to work?

my goal is to run virt-manager for windows displays on a remote vagrant-libvirt 
box. vmm wont run in an appvm due to conflicting xen libraries with a fedora-26 
or debian-9 template, though this did work with debian-9 and qubes-3.2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf86d7bd-89df-45de-be4d-7bd6c9ece1db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 4.0 hvm crashes on boot after probing EDD

2018-01-24 Thread pixel fairy
starting a standalone hvm with

qvm-start myhvm --cdrom=myappvm:/home/user/Downloads/linux.iso

the bootscreen quits just after 

Probing EDD (edd=off to disable)... ok

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/caa2c6a1-d6d7-4a10-90d0-cfe48af776b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] help, trying to make custom launchers

2018-01-21 Thread pixel fairy
qubes 4.0rc3

Id like to make custom launchers for two purposes

1. easily run apps from custom dispvms. using shell scripts for now.

2. make alternate launchers with different icons. for example, the twitter bird 
icon in a twitter app-vm. 

tried making desktop files in ~/.local/share/applications, but they dont show 
up in menus. what else does one need to do?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3dd5f9d3-0a95-41db-853a-b75092983596%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 4.0, fedora-26 template, intermittent trouble opening an appvms file manager

2018-01-21 Thread pixel fairy
qubes 4.0 rc3 fedora-26 template

running the file manager from a menu will always start an appvm if its not 
running. but it wont always run the file manager. running terminal, or any 
other apps always works. running nautilus from terminal always works too. just 
not the file manager. but, sometimes, the file manager will work from the menu. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68257294-7626-46d0-9920-232cc8cc78a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Another "Best Hardware" 4 VMs setup question.

2018-01-21 Thread pixel fairy
On Saturday, January 20, 2018 at 10:51:54 AM UTC-8, Stumpy wrote:
> I have been reading through the forum about the various recommendations 
> for hardware. The general consensus seems to be "more mem and ssd 
> drive". I am running 3.2, have 16gb mem, and a Samsung ssd drive and it 
> still takes 10 sec (timed it) to put up a terminal in a new vm. While I 

i have much faster hardware, takes 11 seconds to start an appvm, and a new 
terminal in it. 16 gigs is the sweet spot for most average uses. 8 gigs is 
tight. 

> can tolerate that I'm really wanting to explore options that can give me 
> a faster start up for apps (and appvms). Its been awhile since I bought 
> my CPU so I can't remember what it is beyond a i5, if the /proc/cpuinfo 
> is right (its a bit confusing for me as I don't understand if its 
> showing the nfo for the proc or a virtual proc?) then I have a Intel 
> Core i5-4570 CPU @ 3.20GHz and it displays for processor 0 and processor 
> 1 so I will go out on a limb and assume its a dual core?

its a 4 core,4 thread. 
https://ark.intel.com/products/75043/Intel-Core-i5-4570-Processor-6M-Cache-up-to-3_60-GHz

this shows in /proc/cpuinfo in dom0 (qubes 4). appvms default to 2 virtual 
cpus. thats what your seeing.

> 
> Considering my current setup, and the fact that I wholly plan on 
> upgrading to qubes v4 once its stable, and that I am willing to fork out 
> for a new system (though with a pretty limited budget ~500) could anyone 
> make suggestions on the most logical route to take? (hopefully not "grin 
> and bear it").
> Cheers

wait till this speculative execution mess (meltdown, specter etc) is cleared up 
before choosing or buying new hardware. 

> PS I have 30 VMs BUT don't usually run more than 10 at a time (due to 
> mem i guess) but would probably run about 15 regularly if I could.

16 gigs of ram should be ok for that, but id go for 32.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23d4d86b-1ad5-4be0-960d-cc4027d0b4b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Lenovo ThinkPad, won't boot

2018-01-15 Thread pixel fairy
On Monday, January 15, 2018 at 3:23:55 PM UTC-8, demio...@gmail.com wrote:
> My Lenovo ThinkPad fails to boot after installing Qubes.  I had to boot the 
> USB drive via legacy boot for Qubes to install at all, but the EFI setup 
> doesn't happen.

what model?

If its new, you'll probably have more luck with 4.x. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc3c0e95-d24e-4849-adf7-06ad3dc9018b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-14 Thread pixel fairy
what about the cpu microcode? can a package be backported for it? or does that 
have to be done through xen?

fedora 26 has some (theoretical?) protection against meltdown, maybe qubes-4 
should update dom0 to that in the rc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e166d5cb-5635-4647-8bbf-bebb463120fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes app menu keeps old template vm entries

2018-01-06 Thread pixel fairy
The qubes app menu (top left of screen by default) keeps entries for template 
vms. is there a way to get rid of them?

running 3.2 with the default xfce

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b13b9e5-1dec-48f7-a5e0-f03b5d2eb57c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes app menu keeps old templatevm entries.

2018-01-06 Thread pixel fairy
The app menu, top left, keeps entries for old template VMs. is there a way to 
get rid of them?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c5aacdf-98b1-4ccd-83db-aa77ccba1bc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] specter, meltdown, and dom0

2018-01-03 Thread pixel fairy
Since someone has to start this thread,

Does dom0 matter here, or would patching xen fix this? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bde033de-dcc0-4f24-bada-19c9f6baa4a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Installing Virtualbox within Qubes

2017-12-18 Thread pixel fairy
Heres one way to run vagrant on qubes.

https://gist.github.com/xahare/0f2078fc8c52e7ddece1e5ba70c6d5fc

But this is slow. You could also make a vagrant server and use that, or even 
share it with your co workers. heres a convenience script for that,

https://gist.github.com/xahare/1db2970b7b684c0d54c0c15cc32afb98

If your going the virtualbox route, and you want gui desktop access, you can 
enable vrde in your vagrantfile. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb8f846b-b252-4107-a72a-06dfc2843094%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: new Desktop build recommendation

2017-12-07 Thread pixel fairy
On Thursday, December 7, 2017 at 12:23:18 PM UTC-8, Wael Nasreddine wrote:
> Hello,
> 
> I'm looking to build a new Desktop specifically for Qubes OS, so my most 
> important requirement is compatibility. I currently have 64GB (4 x 16GB) 
> 288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
> looking for a recommendation for the motherboard and CPU. Preferably a 6+ 
> cores CPU. What do you guys use?
> 
> I'm aware of the HCL page, but I'm mostly interested in knowing your personal 
> experience with your current hardware.

im using a super micro c7z170sq, which mostly works, but ive never gotten the 
ps2 ports to work, so no sys-usb. the cpu is a 4 core skylake.

> [0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f38f9f56-0b7c-4d6d-8e82-0d21ed27a712%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Windows 10 on Qubes (freeRDP)

2017-12-02 Thread pixel fairy
How well does it work just installing in a standalone hvm? can you pass usb 
devices? if not the qubes filtered "filesystem only" etc flavor, then raw usb 
pass through?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4677f24-514f-4f35-b065-4c5070e7d480%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: guid.conf for disposable VMs

2017-12-02 Thread pixel fairy
On Saturday, December 2, 2017 at 9:26:36 AM UTC-8, tech...@tutanota.com wrote:
> Hi,
> 
> I understand generally how to customize guid options via the 
> /etc/qubes/guid.conf file in Dom0 as per 
> https://www.qubes-os.org/doc/full-screen-mode
> 
> My question is, if I want this to effect disposable vms only, not globally, 
> what do use for the VM name in the VM: {} block in the file?
> 
> Thanks.

You should be able to get full screen regardless with ALT+F11

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a303512-1aa9-4555-9faa-12280ab5db08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] changing icons for specific app VMs

2017-11-18 Thread pixel fairy
I use custom launchers on a bottom panel for some apps, kinda like the os x 
dock. Some appvms are dedicated to a certain site, so id like those icons to 
make it easy. 

How would one change the app icon that would go into that? Or would it be 
easier to make an alias app with its own icon?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58f7e2e4-2e44-47d1-900e-03302a7ae3fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Does VT-d protect against this?

2017-11-10 Thread pixel fairy
On Friday, November 10, 2017 at 3:45:07 PM UTC-8, David Schissler wrote:
> Researchers find almost EVERY computer with an Intel Skylake and above CPU 
> can be owned via USB
> https://thenextweb.com/security/2017/11/09/researchers-find-almost-every-computer-intel-skylake-cpu-can-owned-via-usb/?amp=1

No.

You can read the actual paper here, 
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf

The update since then is access to IME. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0cf52be-0ec7-4124-baa3-8cd48f82f1f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes 4.0 whonix updates, which netvm? none or sys-whonix?

2017-10-31 Thread pixel fairy
the default netvm of the whonix-ws and gw templates is "none", but when you try 
to update them a pop up tells you to set it to sys-whonix. which is it? if it 
is sys-whonix, why not make that the default?

does this work with qubes network filtering of templatevms? has that changed in 
4.x?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9569175-52b9-4e65-b778-47117aa1f904%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: best mini pc for qubes os

2017-10-31 Thread pixel fairy
Just installed 4.0rc2 on an intel NUC7i5BNH. It comes with a special back plate 
for mounting. qubes installed with no issues. sound only works out of the 
headphone jack, but not the hdmi port. ethernet and wifi both work. youtube is 
good fullscreen at 1080p. 

no ps2 ports and only one usb controller, so no usbvm. dont use this if 
malicious usb devices are in your threat model.

This is brand new hardware, so it may have trouble with qubes 3.2. 

if your going to also run windows on this, i suggest putting qubes on the 
external one. that way, when you boot windows, it wont have a chance to mess 
with your qubes drive. or even better, swapping the drives so you dont risk 
accidentally booting windows with your qubes disk still in.

If your photoshop and illustrator files are not too demanding, you can run 
windows in qubes and save yourself that effort. ive never tried it, only seen a 
coworker do it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9021a036-b0b3-46a7-a3c1-9f87316faf02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Multufactor auth vm

2017-10-19 Thread pixel fairy
On Wednesday, October 18, 2017 at 3:37:37 AM UTC-7, Roy Bernat wrote:

> 
> Good point .  drifting is known issue ... so what is the solution? :)

if it drifts, reboot the auth vm, time will be resynced.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c68dee8-954d-49f4-b61a-862e20721c3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Docker & dev embbeded on Qubes OS on P51

2017-10-19 Thread pixel fairy
heres how to run docker in qubes 3.2, same method should work in 4.0

https://gist.github.com/xahare/6b47526354a92f290aecd17e12108353

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb4ad5e1-db2e-4c56-b877-a1d38cc1ba3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to export (H)VMs from Qubes/Xen to VMware vSphere

2017-10-15 Thread pixel fairy
On Thursday, October 12, 2017 at 10:20:30 PM UTC-7, [799] wrote:
> Hello,
> 
> Currently I still need to run a 2nd OS to use VMware Workstation to 
> prepare/test VMs/Setup for customers.
> 
> I'd like to prepare VMs in Qubes and then migrate/export them to the 
> customers environment which are mostly based on VMware vSphere/ESXi.

have you tried running vmware on a dedicated machine and using the vmware 
workstation binary as a remote interface?

I also need nested virtualization for developing hypervisor management 
software. this is how i get around it, only with virt-manager instead of vmware.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7840a16f-dc56-4d96-9b04-ccec41872022%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Impressions of the Purism Librem 15v3 for Qubes

2017-09-25 Thread pixel fairy
On Mon, Sep 25, 2017 at 1:40 PM Sean wrote:
On Mon, Sep 25, 2017 at 12:54:54PM -0700, pixel fairy wrote:
> > is suspend and resume reliable?
>
> Kinda, although some further debugging etc is needed like the hibernate
> problem.
>
> So closing the laptop suspends (so far so good) and opening resumes.
> However if you spend too long in suspend it seems it reboots when you
> open (at the moment).
>
> Probably fixable, haven't tried yet.
>
> "Too long" needs some further experimentation but empirically a bath is
> definitely too long.
>
> Sean

thanks, you saved me the cost of one. my lemur7(system76) has the same 
behavior. For now i just set it to lock the screen instead of suspend when the 
lids closed. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d740e3c-9fbd-4dc2-8025-ca083ffa9fb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Impressions of the Purism Librem 15v3 for Qubes

2017-09-25 Thread pixel fairy
is suspend and resume reliable?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1584e7d0-8450-4333-86df-bbbc3d8a5bf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-25 Thread pixel fairy
i would find a list of annoyances with qubes 4 on a librem 15 helpful. im 
thinking of getting one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99e8ad7f-c101-437f-89e9-1298c8054eb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] how to make a docker host templatevm

2017-09-22 Thread pixel fairy
On Friday, September 22, 2017 at 8:43:13 AM UTC-7, One7two99 wrote:
> 
> Definitely, can't wait to try this out.
> I would even be more interested running Atomic to run containers:
> https://www.projectatomic.io/

>From glancing at the getting started guide, this looks like it would be an 
>expansion of the above, just adding flannel and kubernetes. and, of course, 
>doing it in fedora instead. 

The trick is using bind-dirs for persistent storage. as long as you know which 
dirs to bind, it should be possible. 

If not, you can always make a stand alone vm and clone that as needed.

> 
> Anyone tried to do so?
> 
> -=/799/=-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0327a216-50f1-48c4-853a-723b59576724%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] how to make a docker host templatevm

2017-09-22 Thread pixel fairy
heres how to make a docker host templatevm. have fun.

https://gist.github.com/xahare/6b47526354a92f290aecd17e12108353

Should this be added to the qubes docs?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6376afba-abae-411f-a1f3-89b76afbf83e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Additional VPN destinations via CLI config?

2017-09-13 Thread pixel fairy
On Wednesday, September 13, 2017 at 12:21:03 AM UTC-7, qubester wrote:
> proxyVM rather fwiw
> 
> btw, how or why does one "check their MTU settings?"

ip a

look for a line like this,

2: eth0:  mtu 1500 qdisc mq state UP group 
default qlen 1000






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccd0664b-9248-43a2-ad56-0bc74963d72d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - Lemur7

2017-09-12 Thread pixel fairy
reliably, as of today (with the recent xen upgrade to 4.6.6-30), disabling an 
external display hangs the system.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7abf7f3f-aa92-407b-83c7-c00d8b5c4a55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - HP Pavilion

2017-09-11 Thread pixel fairy
On Monday, May 22, 2017 at 10:55:03 AM UTC-7, Michael wrote:
> I bought a new laptop and just took the SSD drive out of the old laptop
> and put it into the new laptop.  I turned the laptop on and booted up
> like nothing had changed...  Worked seamlessly

can you try installing to a usb drive to see if it works?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4e105ad-99a1-46ca-a456-e115b26f60d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


  1   2   3   >