[qubes-users] Number of cores and other CPU characteristics

2017-02-02 Thread Vít Šesták
is integrated in QubesOS (which is not sure if it happens at all). 4. Is there anything else I should be aware of when looking at recent i7 (or maybe i5) CPUs? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users&q

Re: [qubes-users] Number of cores and other CPU characteristics

2017-02-02 Thread Vít Šesták
have external Ergo Ergodox keyboard), but this has already been mentioned in requirements. On AES-NI: I agree. ECC RAM: Good point. Unfortunately, those laptops I found with ECC are very very expensive, say $2000 (plus VAT) or more.  Regards, Vít Šesták 'v6ak' -- You received this message

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-02-26 Thread Vít Šesták
une in limitations. And prune seems to be much easier to implement. Ad performance: This does not correspond to my experience, but you are not the first complaining about Duplicity performance, so I'll mention it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscri

[qubes-users] Feedback request: Incremental file-based backup PoC

2017-02-26 Thread Vít Šesták
to some degree (using finally blocks etc.), but they are rarely reported to user in a friendly way. They usually bubble to the top level, so stacktrace is dumped. Regards, Vít Šesták -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To u

Re: [qubes-users] Can somebody explain me how install flux on Qubes OS 3.2 in a fedora Template ?

2017-02-26 Thread Vít Šesták
You can pass your approximate location to redshift-gtk parameters, which eliminates need for geoclue. Of course, this is not going to work well when travelling much… -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this

[qubes-users] Did 3.0 -> 3.1 proceed correctly?

2016-09-06 Thread Vít Šesták
-iname '*qubesc*' in dom0.) Where they are? * Command `yum list` never shows 3.0.* for Qubes packages, with few exceptions for templates and Windows tools. It this result correct? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "

Re: [qubes-users] Did 3.0 -> 3.1 proceed correctly?

2016-09-06 Thread Vít Šesták
ate > to manage in-VM configuration. OK, thanks. I haven't found it mentioned anywhere, so I thought it might be some half-done upgrade. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from th

Re: [qubes-users] USB controller after resume

2016-09-11 Thread Vít Šesták
On Sunday, September 11, 2016 at 11:13:51 PM UTC+2, Marek Marczykowski-Górecki wrote: > Interesting. Any errors in journalctl? Nothing interesting found there. But... Today, I started having a similar issue with NetVM. It does not start NetrowkManager after resume. It looks like the script is

Re: [qubes-users] USB controller after resume

2016-09-11 Thread Vít Šesták
oards (e.g. NumLock/CapsLock/ScrollLock state, which is usually not much interesting), but not keys. (It can forge keystrokes, though.) Is this correct? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsu

Re: [qubes-users] USB controller after resume

2016-09-11 Thread Vít Šesták
Qubes 3.2, essentially the same situation. Plus I am concerned also about dom0 USB, because I have external keyboard and touchpad. Since there are similar issues in dom0, which is more close to bare metal than domUs, I suspect that those are issues would not be mitigated by calling standard

Re: [qubes-users] USB controller after resume

2016-09-11 Thread Vít Šesták
On Sunday, September 11, 2016 at 8:17:54 PM UTC+2, Vít Šesták wrote: > In dom0, I've created /usr/lib64/pm-utils/sleep.d/53usb file and registered > it in /usr/lib/systemd/system/qubes-suspend.service Oops, forgot to include link to the files: https://gist.github.co

Re: [qubes-users] USB controller after resume

2016-09-11 Thread Vít Šesták
On Sunday, September 11, 2016 at 9:54:42 PM UTC+2, Marek Marczykowski-Górecki wrote: > AFAIR only *_pci modules are talking to the hardware, so removing them > should be enough. Can you check if your approach still works with only > *_pci? Got it, partially. The /usr/lib/qubes/prepare-suspend

Re: [qubes-users] USB controller after resume

2016-09-12 Thread Vít Šesták
Thank you for pointing in the right direction. It was my fault in the script for dom0. It failed in some way, causing other scripts not being called. I am sorry for that. Now, I have a quick fix, but I should make it more robust. On the keyboard: I had an idea about authenticated USB keyboard

[qubes-users] Re: Block device (LVM) as VM's disk image?

2016-09-14 Thread Vít Šesták
Just noting two more pitfalls: 1) When you create a new device, you should overwrite all the content (standard mkfs is not enough) before attaching it to a VM. If you don't do so, the VM might get some old data leaked from another VM. Maybe thin LVs have a different behavior. 2) When booting

[qubes-users] Can DMA attacks work against Ethernet... or just WiFi/wireless...?

2016-09-12 Thread Vít Šesták
Attacker can use either a vulnerability in the card (if they know a suitable one), regardless it is Ethernet or wlan, or they also might try to exploit a legitimate feature. However, if you have VT-d supported by your CPU, motherboard and BIOS, you should be safe against such attacks. When

[qubes-users] Re: Can DMA attacks work against Ethernet... or just WiFi/wireless...?

2016-09-13 Thread Vít Šesták
4. It depends if you just disable Wi-Fi, or if you don't have the hardware. Removing wireless radio, microphone and camera might be hard on laptops, so it depends on hardware you have. I wanted to note that staying anonymous with whole physical (or even a virtual) machine compromised might be

Re: [qubes-users] Re: Is there any hope for Wayland?

2016-09-12 Thread Vít Šesták
Well, the points you have mentioned are also dubious for mainstream Linux environment, not only for Qubes, because they suppose a malicious app already installed in the system. Other point are, however, accidental interferences with lockscreen. For example, I sometimes see Thunderbird popup on

[qubes-users] Is there any hope for Wayland?

2016-09-11 Thread Vít Šesták
. At least unless a very restrictive (non-default) policy is applied. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: Is there any hope for Wayland?

2016-09-12 Thread Vít Šesták
This one might be the best reason for Wayland in Qubes, provided that Wayland is better. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] 3.2-rc3 Dom0 Update gives False Flags

2016-09-24 Thread Vít Šesták
The same issue for both GUI and qubes-dom0-update, even after a change of UpdateVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] detecting malicious usb devices

2016-10-25 Thread Vít Šesták
I am not sure if the devices can sniff both directions. I've believed that a device can sniff only inbound data and cannot communicate with other devices. I've tried to look for some document that would allow me to be sure about this, but I've found nothing. Well, the official documentation

Re: [qubes-users] detecting malicious usb devices

2016-10-25 Thread Vít Šesták
USB does not have DMA capabilities. If you have access to DMA, you have already got access to the controller or the usbvm. You probably can get into USBVM easily from an USB device by logging as root on the login screen. This, however, assumes that keystrokes are not captured by other means,

[qubes-users] Attaching a block to a DVM in dom0 script

2016-11-14 Thread Vít Šesták
. The best solution I've found so far is to call back to dom0 and verify some token. Which is… quite hacky. b. The qvm-trim-template does something in many ways similar. But it essentially uses a separate implementation of DVM. Is there a better way to do it? Regards, Vít Šesták 'v6ak

Re: [qubes-users] Attaching a block to a DVM in dom0 script

2016-11-15 Thread Vít Šesták
Thank you, it seems to do exactly what I was looking for. (I will probably use trap in order to ensure the DVM is destroyed.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this grou

Re: [qubes-users] Just Broke Debian-8 Template

2016-11-16 Thread Vít Šesták
of packages you have removed in /var/log/apt/term.log. One also could check what dependencies are typically removed when removing ImageMagick. (I can't do it right now because I am not on Qubes ATM.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed

[qubes-users] Re: selfsecure systems - redunancy?

2016-11-16 Thread Vít Šesták
suggested, it is not panacea. And it can also lower security if attacker uses a covert channel. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

[qubes-users] Cryptsetup Vulnerability affects QubesOS?

2016-11-16 Thread Vít Šesták
that there are some examples (e.g. ATM) where this can be a real issue. Even for those cases, I doubt this is a massive threat. Such devices have usually a fairly limited keyboard, which can make the vulnerability unusable. (I am assuming that attacker cannot attach a custom keyboard.) Regards, Vít Šesták 'v6ak

[qubes-users] selfsecure systems - redunancy?

2016-11-14 Thread Vít Šesták
be a viable way, ask yourself: Isn't there an even cheaper way for reaching the goal? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

Re: [qubes-users] Android development under QubesOS

2016-10-15 Thread Vít Šesták
Well, you can select ARM in the emulator. While it reduces performance (you need to actually emulate the instructions), it works. I've also tried installing Android in a HVM, it worked somehow, but it was not very usable. Most notably, there was a problem with mapping touches to mouse. (Well,

Re: [qubes-users] Android development under QubesOS

2016-10-15 Thread Vít Šesták
The security of ADB over USB is rather a mystery. Since some Android version (Jelly Bean?), Android needs confirmation of fingerprint of the host when connecting over USB (!). Sure, even authentication of USB host has some merit, which I am not going to discuss right now. However, when enabling

Re: [qubes-users] Re: How to backup an iPhone under Qubes

2016-12-07 Thread Vít Šesták
considering it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this g

[qubes-users] Re: How to backup an iPhone under Qubes

2016-12-04 Thread Vít Šesták
sniffing etc.) Maybe none of those concerns is a thread for you, but you have been warned. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails fro

Re: [qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

2017-01-05 Thread Vít Šesták
cing less risks. Regards, Vít Šesták 'v6ak' *) I am not stating there is not any reasonable argument. There might be one I haven't realized. But if there is any, it should be mentioned in a proper way. -- You received this message because you are subscribed to the Google Groups &quo

Re: [qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

2017-01-04 Thread Vít Šesták
arguments on both sides, so maybe it depends. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@google

[qubes-users] External GPU for just one VM or OpenSWR

2017-03-23 Thread Vít Šesták
is a complete nonsense. This is not crucial for me at the moment, but: * I'd like to know if there is something worth considering (e.g., Thunderbolt) when buying a new laptop * some others might find the ideas useful Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed

Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?

2017-03-28 Thread Vít Šesták
to switch back… Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this g

[qubes-users] How much important is TPM?

2017-03-28 Thread Vít Šesták
, I don't know much about TPM/AEM/TXT. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.co

[qubes-users] Grabbing mouse pointer

2017-03-28 Thread Vít Šesták
-capable laptop. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this g

Re: [qubes-users] again usb problems

2017-03-28 Thread Vít Šesták
What about the target (“private”) VM? Does it have qubes-usb-proxy installed? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] again usb problems

2017-03-28 Thread Vít Šesták
What about the target (“private”) VM? Does it have qubes-usb-proxy installed? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: External GPU for just one VM or OpenSWR

2017-03-24 Thread Vít Šesták
rendered – in AppVMs, or in stubdoms? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.co

[qubes-users] Grabbing mouse pointer

2017-03-28 Thread Vít Šesták
some seconds (maybe 10s or 20s) to complete, although I see the device in the target VM even before it completes. While it might be unrelated, it is worth to be mentioned. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-

[qubes-users] Re: External GPU for just one VM or OpenSWR

2017-03-25 Thread Vít Šesták
not sure if graphical output rendering is done in VM (at least in default Linux templates) or in the stubdom. Well, since Marek has suggested killing the stubdom after some boot stage, I guess that rendering will happen in VM itself. Regards, Vít Šesták 'v6ak' -- You received this message

Re: [qubes-users] How much important is TPM?

2017-03-31 Thread Vít Šesták
Thanks for your responses. p In this thread, I'd like to discuss how much can it help (i.e., how hard is it to bypass). On self-encrypting devices: I generally don't trust those implementations to be well-reviewed and well-designed, so SED is not a use case for me. Regards, Vít Šesták 'v6ak

Re: [qubes-users] Re: can we have debian-minimal?

2017-03-23 Thread Vít Šesták
not been altered. It would be even better to use either https;// URL or SSH URL, as they authenticate the transport. This can somehow mitigate attacker providing you an old version with known vulnerabilities. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-20 Thread Vít Šesták
%20wanted Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group,

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-20 Thread Vít Šesták
%20wanted Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group,

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-20 Thread Vít Šesták
Forgot to mention: The Merkle-tree-based storage will be an incompatible format change. On the positive side, I plan creating a migration script. I know this is going to be pain a bit, but the later I do it, the worse… Regards, Vít Šesták 'v6ak' -- You received this message because you

Re: [qubes-users] Re: is it better to have just standaloneVMs?

2017-03-17 Thread Vít Šesták
need to reuse it? a. If yes, I create a TemplateVM. b. If no, create a StandaloneVM. c. If not sure, try to guess. ☺ Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop

Re: [qubes-users] Keyboard layouts with multiple keyboards

2017-03-15 Thread Vít Šesták
…), but I can try changing 00-keyboard.conf. Regards, Vít Šesták 'v6ak' P.S.: Why I got confused: I use CShack layout (see http://xakru.com/cshack/), which is derived from US layout, but adds support for diactiric characters (Czech, Slovak, German, Spain) and various typographic characters

[qubes-users] USB Headset

2017-04-01 Thread Vít Šesták
if they are resoolved or not. * PCI pass-through currently requires VT-d support or usage of PVMs. Note that PVMs cannot be used with Windows, so you will probably need VT-d. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users&q

[qubes-users] HDMI-related threats in Qubes OS

2017-04-01 Thread Vít Šesták
reasonable provided you respect the level of trust of the screen. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

[qubes-users] Create Firewall Rules like *.DOMAIN.COM

2017-04-04 Thread Vít Šesták
allow also some other random domains. This is not to say that firewall is completely useless, I am just pointing out what are the limitations of the firewall. There seem to be some threats that firewall can prevent, including some less sophisticated attacks. Regards, Vít Šesták 'v6ak' -- You

[qubes-users] Re: External GPU for just one VM or OpenSWR

2017-04-03 Thread Vít Šesták
trying on newer CPU, but I doubt it will perform well in games. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-09 Thread Vít Šesták
by QubesOS does not necessarily prevent processing of the input by some parsers running with absolute privileges, either dom0 or DMA-enabled device handled by dom0. QubesOS will hardly fix them and I consider it to be outside of QubesOS responsibilities. Regards, Vít Šesták 'v6ak' -- You

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-10 Thread Vít Šesták
On Sunday, April 9, 2017 at 8:49:47 PM UTC+2, Jean-Philippe Ouellet wrote: > On Sun, Apr 9, 2017 at 9:42 AM, Vít Šesták > <…@v6ak.com> > wrote: > > > > * DDC (PIN 15+16) – needed for getting the resolution etc., present even in > > current version of VGA. W

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-10 Thread Vít Šesták
up some privacy > regardless of Qubes. Mostly true, but a bit vague. But the situation is the same as with monitors – choose your level of trust and then behave accordingly. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups &

Re: [qubes-users] How much important is TPM?

2017-04-04 Thread Vít Šesták
of the SSD and copy all data there, effectively disabling the Opal protection. But maybe if attacker has enough time to perform such tampering, you are already out of luck, since she can instal keyloggers etc. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed

[qubes-users] Re: External GPU for just one VM or OpenSWR

2017-03-31 Thread Vít Šesták
by OpenSWR. Or maybe I've hit some edge cases where OpenSWR performs worse. Or maybe OpenSWR is not as good in reality as they suggest. Not sure. OTOH, the llvmpipe looks mostly good enough now. Yes, it eats much CPU in some cases. Regards, Vít Šesták 'v6ak' -- You received this message because

[qubes-users] Grabbing mouse pointer

2017-03-31 Thread Vít Šesták
the need of extra X11 instance and VNC at all. I, however, like the better fullscreen support with the VNC. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving e

[qubes-users] Re: USB Headset

2017-04-02 Thread Vít Šesták
Note that even having multiple USB controllers does not imply a win. Some controllers might be just internal (for integrated webcam, touchscreen etc.) and some might be needed for another purposes (e.g., keyboard attached to dom0, phone attached to sys-usb, …). -- You received this message

[qubes-users] Re: USB Headset

2017-04-02 Thread Vít Šesták
Forgot to mention: AFAIR, Qubes 4.0 will have Linux-based stubdoms. Maybe they will support USB passthrough or even sound directly. I am not 100% sure about it, but Linux-based stubdom seems to be a step towards those features. Regards, Vít Šesták 'v6ak' -- You received this message because

[qubes-users] Installation from a tarball: any Qubes OS particulars?

2017-04-02 Thread Vít Šesták
source. Maybe DVM could resolve some of those problems. Unfortunately, this is going to be slow if the DVM is based on the currently running template. Qubes 4 will have redesigned DVMs that seem to avoid this issue. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-02 Thread Vít Šesták
wiki/HDMI, emphasis is mine) My notes on this: 1. Compressed audio is not what I want for Audio return channel :(. 2. The [6](§C) links to Appendix C of HDMI spec (see http://www.microprocessor.org/HDMISpecification13a.pdf ), which defines *bidirectional* compatibility level between HDMI and DVI. Reg

Re: [qubes-users] How much important is TPM?

2017-04-01 Thread Vít Šesták
. It is really worth the limited protection? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@google

[qubes-users] Re: Anbox?

2017-04-15 Thread Vít Šesták
IIUC, for pvgrub, you need to choose it as kernel for the particular AppVM. Have you done so? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations

2017-04-14 Thread Vít Šesták
. In some other scenario, just compromising a ProxyVM (e.g., TorVM) might be enough. This is not to say Qubes can never be affected, just my brief research suggests it is not so severe in QubesOS and chained exploitation (probably to TemplateVM) sounds unlikely. Regards, Vít Šesták 'v6ak' -- You

Re: [qubes-users] Re: How to handle untrusted applications?

2017-04-20 Thread Vít Šesták
Issue related to Flatpak and Snapd: https://github.com/QubesOS/qubes-issues/issues/2766 It seems that Flatpak is better for this purpose, as it allows per-user installation. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

[qubes-users] Re: Anbox?

2017-04-15 Thread Vít Šesták
) Maybe it is caused by my partially broken Xenial installation, maybe it is some Anbox bug (which cannot be surprising in such early stage) and maybe Anbox is not satisfied with llvmpipe (which would be unfortunate for Qubes users in general). Regards, Vít Šesták 'v6ak' -- You received

Re: [qubes-users] Re: Anbox?

2017-04-14 Thread Vít Šesták
“missing OpenGL”) when trying to run Android apps in Chromium, but I haven't seen such problem in any other case, including those that surely do use OpenGL. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users&q

[qubes-users] Windows Guest hides interface because qrexec installed.

2017-04-14 Thread Vít Šesták
Just enable debug mode. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.co

[qubes-users] Re: Anbox?

2017-04-16 Thread Vít Šesták
db later. Specifically for busybox, its installation consists of just two steps: 1. Copy it to some directory on $PATH. 2. Install symlinks (IIRC by the following command: busybox --install /directory/to/install) Regards, Vít Šesták 'v6ak' -- You received this message because you are su

[qubes-users] Re: Anbox?

2017-04-16 Thread Vít Šesták
. Maybe some lowlevel approach bypasses the mesa library, which can decide to use llvmpipe. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, sen

Re: [qubes-users] Re: How to handle untrusted applications?

2017-04-18 Thread Vít Šesták
You are right with the local installation in /rw, except that you might miss automated updates (including security updates) then. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it,

[qubes-users] Running Qubes as A HVM under another Type 1 Hypervisor

2017-04-18 Thread Vít Šesták
remember, this is officially unsupported setup. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

[qubes-users] Re: Anbox?

2017-04-19 Thread Vít Šesták
. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send emai

Re: [qubes-users] Re: How to handle untrusted applications?

2017-04-20 Thread Vít Šesták
the software would be missing for some time. It also would mean that qvm-run -a vm the-additional-software would be a kind of race condition. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-03 Thread Vít Šesták
backend. 4. Have good support for StandaloneVMs, Windows and other OSes. I believe this corresponds not only to my needs, but also to needs of many others. I am generally not against implementing something that has lower priority for me, especially if there is a pull request. ☺ Regards, Vít

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-04 Thread Vít Šesták
and will not continue. This is intentional: It will never overwrite existing VM by default. (In future, --force will probably overwrite the existing VM.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubs

[qubes-users] Keyboard layouts with multiple keyboards

2017-03-14 Thread Vít Šesták
, but it was obsolete version that time, so I decided to wait for now that time. But I periodically encounter this issue even on Qubes 3.2. Does anybody else encounter this issue? Desktop environment: Xfce with Kwin. Regards, Vít Šesták -- You received this message because you are subscribed to the Google

[qubes-users] Re: is it better to have just standaloneVMs?

2017-03-14 Thread Vít Šesták
How much is a threat installed software you don't use? * If the package install script is malicious, it is a threat. * However, if you are concerned just about vulnerabilities, they are often not applicable if you don't use the software. So, it depends on your threat model. Regards, Vít Šesták

[qubes-users] RAM for Qubes OS

2017-03-11 Thread Vít Šesták
-upgradable 4GiB RAM as a new hardware for QubesOS. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

[qubes-users] Nvidia Optimus mode not possible?

2017-03-06 Thread Vít Šesták
an output wired to Nvidia GPU, Optimus could be useful to handle this output. I had a limited luck using intel-virtual-output with opensource Nvidia drivers (added a second screen, but the system was rather unusable then). Maybe I would have more luck with proprietary drivers. Regards, Vít Šesták 'v6ak

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-06 Thread Vít Šesták
the testing process is not described elsewhere.  Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@goo

[qubes-users] New User, First Time Install - Have I lost everything?

2017-03-06 Thread Vít Šesták
on usual Linux distributions. (You need NTFS drivers installed.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-user

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-03-05 Thread Vít Šesták
On backup backends: I'd like to move the discussion to GitHub. I've summed up what we need and created some comparison table: https://github.com/v6ak/qubes-incremental-backup-poc/issues/35 Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-02-28 Thread Vít Šesták
/f9291b3fbec459cbc2f44279f7a31a3613a49811/qubesvmtools.py#L29-L38L86-L109 https://github.com/v6ak/qubes-incremental-backup-poc/blob/f9291b3fbec459cbc2f44279f7a31a3613a49811/qubesvmtools.py#L29-L38L86-L109 Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users&q

Re: [qubes-users] Nvidia Optimus mode not possible?

2017-03-07 Thread Vít Šesták
laptops.  Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group,

Re: [qubes-users] Upgrading from Qubes 3 to 4.

2017-03-07 Thread Vít Šesták
to install 3.2 on the new laptop and perform full reinstall in few weeks/months. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to q

[qubes-users] Re: New User, First Time Install - Have I lost everything?

2017-03-07 Thread Vít Šesták
Now, I am not sure if I understand you. Were you able to access the files or not? Do you try it from console, or from some GUI. If you use a GUI, what app are you using? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-02 Thread Vít Šesták
is that this may be turned in a feature rather than a problem Sure, it is a double-edged sword. Actually, I originally wondered if HDMI could be used for connecting mouse and keyboard without having an extra USB controller. But then I realized that such feature cam be used also for attacks. Regards,

Re: [qubes-users] Qubes 3 MacOSX

2017-04-02 Thread Vít Šesták
solved by licencing the software under a different license – provided that the vendor wishes to do so. But the key question is, how hard is it to get the license. I doubt Apple will give the license to anyone who asks. If they did, why would they put the restrictions on the standard license? Regard

[qubes-users] Re: Anbox?

2017-04-18 Thread Vít Šesták
. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send emai

Re: [qubes-users] Copying between VMs from dom0

2017-06-28 Thread Vít Šesták
command returns some arbitrary shell commands, you are close to be totally compromised by a malicious sys-net. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving e

[qubes-users] How much inital and max memory for sys and template VMs?

2017-06-28 Thread Vít Šesták
probably apply to sys-firewall and sys-usb. If you are not so tight, I'd recommend slightly more, like 250MiB or 300MiB. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop

Re: [qubes-users] switch to integrated Intel graphic

2017-06-29 Thread Vít Šesták
i915» do? If it proceeds, then the driver doesn't recognize the GPU. If it doesn't, then the driver recognizes GPU, but there is something wrong with config or with the driver. You might also try checking if the same issue happens in Fedora 23. Regards, Vít Šesták 'v6ak' -- You received

Re: [qubes-users] Copying between VMs from dom0

2017-06-29 Thread Vít Šesták
I feel this to be controversial. It is right as long as you implement it carefully (How would you handle the separator being present in the content of the file? How would you sanitize the filenames? And so on…) AND you don't exceed the complexity of tar format. Regards, Vít Šesták 'v6ak

Re: [qubes-users] How to change / swap behavior of Ctrl, Alt, Win, and fn keys?

2017-08-07 Thread Vít Šesták
looks the closest to the desired result. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@google

Re: [qubes-users] Re: Laptop with discrete graphics card, any chance it'll work?

2017-05-17 Thread Vít Šesták
With external GPU, be careful about additional outputs (HDMI/DVI/DP/VGA). They might be wired to the dedicated GPU, which can cause various problems with your setup. First, it is generally poorly supported with Linux. (It should be reportedly better soon, but it might require Wayland, which you

[qubes-users] Re: Windows Disposable VM

2017-05-17 Thread Vít Šesták
I guess HVMs aren't supported as DVMs (yet). Wait until Qubes 4, you will probably be able to do it. I can't promise it will work with Windows, but Qubes 4 will move towards HVMs instead of PVs and it will have reworked DVMs. So according to my best guess, it will work even with Windows under

  1   2   3   >