Re: [qubes-users] Risk on secondhand equipment

2018-04-27 Thread brendan . hoar
On Friday, April 27, 2018 at 7:18:37 AM UTC-4, mstv...@gmail.com wrote: > Is a second-hand CPU safe? > Is second-hand RAM safe? Are second-hand keyboards safe? Second-hand mouses? Second-hand SSDs? Second-hand optical-drives? Second-hand power-management chips? Second-hand displays? Is any

[qubes-users] Re: Deleting Disposable VMs / Qubes Docs / Warning

2018-05-25 Thread brendan . hoar
On Thursday, May 24, 2018 at 6:35:42 PM UTC-4, pon...@keemail.me wrote: > Just a little warning: > > The typing error > > [user@dom0 ~]$ QUBES[instead of qvm]-prefs default_disp "" > > in the section »Deleting Disposable VM«  > on https://www.qubes-os.org/doc/dispvm-customization > > can cost

[qubes-users] Qubes R4.0rc4 - qvm-create's option --root-copy-from -> qubesd protocol error

2018-02-01 Thread brendan . hoar
Hi folks, Installed Qubes R4.0rc3, updated dom0/templates. Added the testing repository, updated dom0/templates so I am now at R4.0rc4 (qubes manager returns, huzzah!). The problem is that I am trying to import a raw root.img file (converted from vmdk using qemu tools) while creating a new

[qubes-users] Re: Qubes R4.0rc4 - qvm-create's option --root-copy-from -> qubesd protocol error

2018-02-01 Thread brendan . hoar
Mea culpa and apologies to all: the properties for "--class" or "--c" are case sensitive. Substituting 'StandaloneVM' for 'standalonevm' fixed the problem. Thanks, Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

[qubes-users] Clarification on "Include in memory balancing" checkbox

2018-02-08 Thread brendan . hoar
I did not find any reference to this flag in qvm-prefs. From the source code it appears this checkbox mostly does some automatic enabling/disabling of meminfo-writer checkbox in the service tab. Is that primarily what it does? This checkbox is the equivalent of $ qvm-service [vmname]

[qubes-users] Re: Clarification on "Include in memory balancing" checkbox

2018-02-08 Thread brendan . hoar
On Thursday, February 8, 2018 at 3:32:56 PM UTC-5, Tim W wrote: > Yes mostly that makes sense. I am not cealr on your last part but may be > reading it incorrectly. If checking the box should automatically check to > ensure mem is included in the services list and if not add it then why would

Re: [qubes-users] How to set/hange propterty 'Qubes.default_dispvm'?

2018-02-12 Thread brendan . hoar
I had to reread the thread three times to realize that qvm-prefs and qubes-prefs were different. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?

2018-02-13 Thread brendan . hoar
On Tuesday, February 13, 2018 at 2:06:59 PM UTC-5, brenda...@gmail.com wrote: > On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fällman wrote: > > > Does the issue still occur after You change the default Windows user in > > > Qubes settings? qvm-prefs -s windows default_user admin ? > >

[qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?

2018-02-13 Thread brendan . hoar
On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fällman wrote: > > > > Does the issue still occur after You change the default Windows user in > > Qubes settings? qvm-prefs -s windows default_user admin ? > > Just tried it, yep. This is strange! > > //MLF. Hi Martin - were you ever

[qubes-users] Re: R4 rc4 - Whonix System Time Error

2018-02-14 Thread brendan . hoar
On Wednesday, February 14, 2018 at 5:33:03 AM UTC-5, sebuq wrote: > The virgin whonix templates issue with official Qubes R4 rc4 downloads > did not result in errors via whonixcheck. However after updating the > whonix-gw template a get the following system time error: > > ERROR: Systemd Clock

Re: [qubes-users] Re: Win7, qvm-copy-to-vm, QubesIncoming location?

2018-02-14 Thread brendan . hoar
On Wednesday, February 14, 2018 at 3:32:18 AM UTC-5, Ivan Mitev wrote: > On 02/13/2018 10:34 PM, Brendan Hoar wrote: > > On Tuesday, February 13, 2018 at 2:06:59 PM UTC-5, brenda...@gmail.com > > wrote: > >> On Friday, March 3, 2017 at 1:36:35 PM UTC-5, Martin L. Fä

[qubes-users] Re: Yubico FIDO U2F Security Key and Qubes

2018-02-20 Thread brendan . hoar
On Tuesday, February 20, 2018 at 2:58:18 PM UTC-5, Yuraeitha wrote: > wait hold on, just to be sure we're on the same page here. > Why would you bring up sys-usb? Putting a USB controller in sys-usb is > normally for the purpose to use qvm-usb/widget to virtually pass it to > multiple of other

Re: [qubes-users] qubes on ssd may not be secure on encryption

2018-02-16 Thread brendan . hoar
On Friday, February 16, 2018 at 2:31:38 PM UTC-5, Chris Laprise wrote: > On 02/16/2018 01:44 PM, ron w wrote: > > Qubes should investigate if it is not secure to > > use a ssd because the software which runs > > the ssd may nullify any piece of encrypted > > data on the ssd. > > > >

Re: [qubes-users] Re: Qubes 4.0 sluggish feel

2018-08-10 Thread brendan . hoar
On Friday, August 10, 2018 at 12:49:05 AM UTC-4, Outback Dingo wrote: > On Fri, Aug 10, 2018 at 6:18 AM John S.Recdep wrote: > > I blame intel speedstep for everything in your local uefi , and dingos :) > > great but how do we resolve it... its makes Qubes itself really unuseable Maybe try

[qubes-users] Re: New CPU Bug Found

2018-08-14 Thread brendan . hoar
On Monday, August 13, 2018 at 7:44:18 PM UTC-4, jonbrown...@gmail.com wrote: > New CPU backdoor has been found with code available here: > https://github.com/xoreaxeaxeax/rosenbridge > > Anyone mind checking if Thinkpad 230 is affected? As per earlier in the thread, this only applies to some

Re: [qubes-users] Re: yubikey password

2018-08-14 Thread brendan . hoar
On Monday, August 13, 2018 at 5:47:06 PM UTC-4, joev...@gmail.com wrote: > Are you sure they are using Yubikey's "Static Password" slot? That is the > only component that enumerates as a USB keyboard. The normal yubikey setup > enumerates as a Smartcard, which is how the challenge/response

[qubes-users] Re: Incredible HD thrashing on 4.0

2018-08-16 Thread brendan . hoar
On Thursday, August 16, 2018 at 3:21:27 PM UTC-4, Marcus Linsner wrote: > The good news is that I've realized that the OOM triggering was legit: I had > firefox set to use 12 cores at once and 14GiB of RAM was clearly not enough! > (8 and no ccache was good though - did compile it twice like so)

Re: [qubes-users] Qubes 4.0 SSD Encryption

2018-08-23 Thread brendan . hoar
On Thursday, August 23, 2018 at 10:30:17 AM UTC-4, Jonathan Seefelder wrote: > If you keep wear-leveling in mind, and encrypt the ssd before you fill > it with sensitive data, id suggest an ssd. Ideally, you should encrypt > /boot also. I've posted recommendations on how to add hardware drive

Re: [qubes-users] Qubes 4.0 SSD Encryption

2018-08-24 Thread brendan . hoar
On Friday, August 24, 2018 at 5:42:16 AM UTC-4, awokd wrote: > On Thu, August 23, 2018 8:03 pm, tai...@gmx.com wrote: > > There is no reason to use an SED drive. > > I think that's a bit over-broad. It depends on threat model, which varies > from person to person. Agreed. I'll just add a few

Re: [qubes-users] Qubes-R4.0 : missing argument to qvm-create

2018-08-31 Thread brendan . hoar
On Thursday, August 30, 2018 at 4:43:42 PM UTC-4, GDRUB wrote: > Thank you for those explanations. > > However, Windows 10 fails with error code : 0xc225 "a required > device isn't connected or can't be accessed". > > win10.raw = 96.6 GB > > How to fix this error ? > > > Le 30/08/2018 à

Re: [qubes-users] bash autocomplete

2018-03-12 Thread brendan . hoar
On Sunday, March 11, 2018 at 9:11:07 AM UTC-4, haaber wrote: > Thank you Holger, > I don't know what this 3D-thing, is I'll learn it. I have, in the > meanwhile, tested the attached file, that distinguishes also running, > paused and halted VM's. For the moment this is completely sufficient for >

Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??

2018-03-13 Thread brendan . hoar
If you bypass the onboard/whitelisted Ethernet and WiFi controllers and use USB connected networking, don’t you strongly mitigate remote access via Intel ME? It cannot use hardware it doesn’t have code to communicate with, right? B -- You received this message because you are subscribed to

Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??

2018-03-13 Thread brendan . hoar
If I pull the WiFi card out and don’t connect the Ethernet port to anything, then I configure qubes to use only a usb WiFi adapter (as I indicated above), I’m pretty sure that the ME engine won’t be able to use any of the three network interfaces to phone home. For ME to work over a network, it

[qubes-users] Re: Qubes 4.0: Can't connect to network over Ethernet

2018-04-07 Thread brendan . hoar
On Friday, April 6, 2018 at 7:04:38 PM UTC-4, hdct...@gmail.com wrote: > THANK YOU! That fixed the problem. > > I'm sorry for my slow reply, I had skipped the debian-9 template during the > install so I had to reinstall a couple of times (due to mistakes on my part) > to get it. > > Once I

Re: [qubes-users] Re: desktop recommendations?

2018-04-07 Thread brendan . hoar
On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote: > On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion wrote: > > You seem to have misunderstood. Ivy bridge and beyond on the Intel side > > will provide you with SLAT capabilities, IOMMU and virtualization, which is > > all

Re: [qubes-users] Re: desktop recommendations?

2018-04-07 Thread brendan . hoar
On Saturday, April 7, 2018 at 9:03:39 AM UTC-4, Thierry Laurion wrote: > Le sam. 7 avr. 2018 08:26, a écrit : > On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote: > > I only went on what I was told. I have Ivy Bridge, and they don't have SLAT. > > Which CPU in

[qubes-users] Re: Issues with Yubikey 4 input

2018-04-07 Thread brendan . hoar
There’s one more thing I just learned; by default, usb keyboards are blocked from all VMs. You have to modify /etc/qubes-rpc/policy/qubes.InputKeyboard to allow the Yubikey to be connected to a specific VM if the classic yubico otp slots are enabled...because they mimic a keyboard. Brendan --

Re: [qubes-users] Issues with Yubikey 4 input

2018-03-22 Thread brendan . hoar
On Wednesday, March 21, 2018 at 2:38:25 PM UTC-4, Jon R. wrote: > Just a brief update on this -- I snagged a few Yubikey FIDO specific devices > and they seem to work fine and as you'd expect. The issue seems to be > isolated to the Yubikey 4 / the ones that support smart card features / >

[qubes-users] Re: QWT issues with USB device and copy to vm

2018-03-04 Thread brendan . hoar
On Sunday, March 4, 2018 at 7:24:28 PM UTC-5, Glen H wrote: > 1) When I try to use Nautilus to move a file over to `win7` it seems to work > (even starting win7 if it isn't running already), but I can't find the folder > for where it is on the Windows side. If I try copying to the win7 vm again I

Re: Re: AW: Re: [qubes-users] Installing Chrome

2018-02-26 Thread brendan . hoar
On Monday, February 26, 2018 at 7:21:11 PM UTC-5, [799] wrote: > An 27. Feb. 2018, 00:59, Yuraeitha schrieb: > > It is by no means a complete guide as you > > make it sound though, it's relying overly much > > on closed code, and Chromium is no good > > here to look into Google Chrome. I wouldn't

Re: [qubes-users] Re: Can't install Qubes, Rebooting after loading initrd.img

2018-02-26 Thread brendan . hoar
On Monday, February 26, 2018 at 5:30:15 PM UTC-5, patel...@gmail.com wrote: > I wanted to go with a Lenova from 2008 or prior, a freedom fighting > association > out of the UK puts them together and sells them and claims that they are > pretty > much the freest thing you can get. Lenovo

[qubes-users] vault color (black?) & window decorations

2018-10-15 Thread brendan . hoar
Hi folks, Regarding the default R4 color scheme... ...does anyone else find that the default color for vault (black?) makes it nearly impossible to see the window titles and/or windows controls (close, maximize, minimize)? Why does that color scheme set the window title (and controls) to

[qubes-users] Moving Qubes R4 between two machines on regular basis

2018-10-15 Thread brendan . hoar
Hi folks, My understanding is that modern linux distros *mostly* perform device configuration on boot (as opposed to during installation) with the exception of X11 configuration and passing custom kernel parameters (e.g. blacklisting problematic hardware). Correct me if I am wrong about this.

[qubes-users] Re: Keyboard backlight color based on active qube

2018-10-13 Thread brendan . hoar
On Thursday, October 11, 2018 at 1:01:12 PM UTC-4, Marek Marczykowski-Górecki wrote: > Hi, > > I've published the first post on my blog: > https://blog.marmarek.net/blog/2018/10/11/keyboard-backlight-color-qubes.html That's pretty great! I'm fairly certain I read about a CIA, NSA or DOD

Re: [qubes-users] Replacement for Lenovo x230 (coreboot'able + high res)

2018-10-28 Thread brendan . hoar
On Sunday, October 28, 2018 at 5:21:06 PM UTC-4, brenda...@gmail.com wrote: > I'm fairly certain I've heard of x230s with FHD intalled by 51nb. > > Google says... http://www.cnmod.cn/x330/ My bad, that's a new display *and* more recent, custom motherboard in the old shell. B -- You received

Re: [qubes-users] Replacement for Lenovo x230 (coreboot'able + high res)

2018-10-28 Thread brendan . hoar
On Sunday, October 28, 2018 at 3:25:42 PM UTC-4, 799 wrote: > Hello all, > The W5x0 series is to big for me as I need something more mobile and because > I own already a W540 (running Qubes with a stock rom/not coreboot'able). > The T4x0 series was what I was looking for, but they also don't

[qubes-users] SSD hardware encryption vulnerabilities (Radbound University)

2018-11-05 Thread brendan . hoar
[Note: my position is that hardware disk encryption is useful for protecting against opportunistic attacks, whereas software disk encryption is best for protecting against targeted attacks. Use both.] 1. PR Notice:

Re: [qubes-users] Re: SSD hardware encryption vulnerabilities (Radbound University)

2018-11-06 Thread brendan . hoar
On Tuesday, November 6, 2018 at 10:13:38 AM UTC-5, Holger Levsen wrote: > On Tue, Nov 06, 2018 at 07:09:52AM -0800, jonbrx...@gmail.com wrote: > > Does this effect Qubes OS? > > no. (Qubes OS uses software encryption. You can however manually enable > hardware encryption like you can on any

Re: [qubes-users] session managers for VMs?

2018-10-05 Thread brendan . hoar
On Friday, October 5, 2018 at 12:13:42 AM UTC-4, Manuel Amador (Rudd-O) wrote: > On 2018-09-22 07:13, Daniel Allcock wrote: > > Even better would be to "hibernate" a qube by suspending it to disk, > > but I know the qubes team has other priorities. I'm hoping per-vm > > session management is

[qubes-users] Re: Lenovo P52

2018-10-05 Thread brendan . hoar
On Thursday, October 4, 2018 at 3:05:00 PM UTC-4, Achim Patzner wrote: > I just tried installing Qubes 4.0 on a Lenovo P52 (out of the box, no > firmware updates) and it didn't even boot the distribution media off > USB (after trying several USB ports; there are at least three separate >

[qubes-users] Re: Qubes and Mega Cloud App using

2018-10-09 Thread brendan . hoar
On Tuesday, October 9, 2018 at 4:39:54 AM UTC-4, myblackc...@gmail.com wrote: > Hello guys, > > Since the Windows 7 HVM machine unfortunately does not recognize any external > drives, I was forced to upload my documents to the Mega Cloud. > > Unfortunately, I always get a script error when

[qubes-users] Re: Update/Removal

2018-10-11 Thread brendan . hoar
On Thursday, October 11, 2018 at 1:05:52 AM UTC-4, lion...@gmail.com wrote: > Now here's the problem, qubes R4 iso file is not up to date and i have no > clue why the team doesn't take the time to update it, rather then force every > new person, to install a version that needs to be fully

Re: [qubes-users] hplib complaint with fedora-28 qube manager update , what to do?

2018-12-31 Thread brendan . hoar
On Monday, December 31, 2018 at 5:07:06 AM UTC-5, unman wrote: > On Sun, Dec 30, 2018 at 06:15:32PM -1000, John S.Recdep wrote: > > Hello, > > > > The following below was/is after using a manually opened xterm that > > successfully runs $sudo dnf update > > and closing the template/s > > >

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Brendan Hoar
Thank you, Marek et al, for your work over what was presumably a longer than usual work day. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: 4.0.1 persistent external LVM block device attach

2019-01-23 Thread brendan . hoar
On Tuesday, January 22, 2019 at 2:26:16 PM UTC-5, Eric wrote: > qvm-block does not accept a UUID (not documented > and gives an error: not exposed) I suspect that > should be added as an issue. [Out of curiosity, I ask, since I am away from the Qubes systems at the moment:] By "qvm-block does

[qubes-users] Re: Split gpg is just too cool.

2018-12-26 Thread brendan . hoar
On Tuesday, December 25, 2018 at 9:56:40 PM UTC-5, John Smiley wrote: > U2F Proxy is not so cool. So far no joy getting it to work. Someone on reddit > had similar issues and questions and resolved by installing USB keyboard > support. That’s not mentioned in the Qubes docs and I hope we don’t

[qubes-users] Re: Hit a bug in 4.0.1-rc2 I haven't been able to reproduce (yet)

2018-12-26 Thread brendan . hoar
On Monday, December 24, 2018 at 5:19:57 PM UTC-5, John Smiley wrote: > Posting here in case anyone else has seen this: > > I started a fedora-29-dvm instance to test keepass ... > When I was finished, I terminated the parent dvm expecting that the child and > grandchild would be removed along

[qubes-users] Re: Issues with https certificate for Fedora yum repo

2018-12-26 Thread brendan . hoar
On Tuesday, December 25, 2018 at 11:58:32 PM UTC-5, low...@riseup.net wrote: > The short version is, the certificate for the https URL listed in > /etc/yum.repos.d/qubes-r4.repo is throwing the below error, and browsing > to the same URL returns an invalid certificate. As per discussion on

Re: [qubes-users] TPM usage

2018-12-16 Thread brendan . hoar
On Sunday, December 16, 2018 at 10:44:07 AM UTC-5, Eric Duncan wrote: > AES hardware acceleration happens in your CPU, FYI. And usually the more > higher end ones. I would wager that any CPU that meets the Qubes R4 requirements (e.g. Intel VT-d + EPT or similar AMD features) assuredly

Re: [qubes-users] Re: Well color me impressed (4.0.1-rc2 install on laptop and desktop)

2018-12-22 Thread brendan . hoar
On Friday, December 21, 2018 at 6:56:22 PM UTC-5, John Smiley wrote: > A partial answer to my question about how much security is diminished when > using Thunderbolt comes from the Whonix doc on hardware hardening. >

Re: [qubes-users] Qubes OS 4.0.1-rc2 has been released!

2018-12-19 Thread brendan . hoar
On Wednesday, December 19, 2018 at 11:19:59 AM UTC-5, Chris Laprise wrote: > On 12/19/2018 12:42 AM, Andrew David Wong wrote: > > Dear Qubes Community, > > > > We're pleased to announce the second release candidate for Qubes 4.0.1! > The latest update has made my VMs start noticeably faster. I'm

[qubes-users] Re: TOR browser updates.

2018-11-20 Thread brendan . hoar
On Tuesday, November 20, 2018 at 1:29:04 AM UTC-5, Антон Чехов wrote: > On Tuesday, November 20, 2018 at 3:39:24 AM UTC+1, William Fisher wrote: > > How do I update the TOR browsers at the Template VM level? I've updated TOR > > at the APP level but it doesn't stay updated. > > I updated my

[qubes-users] Re: missing support for sd card reader in qubes4 kernel

2019-01-03 Thread brendan . hoar
On Wednesday, January 2, 2019 at 11:50:57 AM UTC-5, ludwig jaffe wrote: > Hi all, I have a dell note book that includes the following sd controller. > Which is supported in other linux kernels. > Please include support for this controller in the kernel and modules which is > shipped with

Re: [qubes-users] missing support for sd card reader in qubes4 kernel

2019-01-03 Thread brendan . hoar
On Wednesday, January 2, 2019 at 6:56:55 PM UTC-5, unman wrote: > On Wed, Jan 02, 2019 at 05:50:15PM +0100, ludwig jaffe wrote: > > Hi all, I have a dell note book that includes the following sd controller. > > Which is supported in other linux kernels. > > Please include support for this

[qubes-users] Re: Keyboard backlight color based on active qube

2019-01-12 Thread brendan . hoar
On Saturday, January 12, 2019 at 2:48:24 PM UTC-5, Brendan Hoar wrote: > ...I took Marmarek's keyboard-color script, modified it a bit, and voila, I > now have a little night-light indicator as an extra reminder on which VM has > focus. In action: https://www.youtube.com/watch?v=qI

[qubes-users] Re: Keyboard backlight color based on active qube

2019-01-12 Thread brendan . hoar
> > On Thursday, October 11, 2018 at 1:01:12 PM UTC-4, Marek > > Marczykowski-Górecki wrote: > > > I've published the first post on my blog: > > > https://blog.marmarek.net/blog/2018/10/11/keyboard-backlight-color-qubes.html In the spirit of fun, after I ran across a $13 USB device that is,

[qubes-users] Re: "Introducing the Qubes U2F Proxy" by Wojtek Porczyk

2018-09-11 Thread brendan . hoar
On Tuesday, September 11, 2018 at 5:18:49 AM UTC-4, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear Qubes Community, > > Wojtek Porczyk has just published a new article titled "Introducing > the Qubes U2F Proxy." The article is available on the Qubes

Re: [qubes-users] Manual update Fedora, Debian and Whonix?

2018-12-19 Thread brendan . hoar
On Monday, December 17, 2018 at 6:46:02 PM UTC-5, unman wrote: > (There is a risk with dist-upgrade that some existing packages will > be removed, although this should not happen within a release.) > You can also (with caution) use 'apt autoremove' but make sure you review > the list of what is to

[qubes-users] Re: Keyboard backlight color based on active qube

2018-12-19 Thread brendan . hoar
On Saturday, October 13, 2018 at 2:45:13 PM UTC-4, Brendan Hoar wrote: > On Thursday, October 11, 2018 at 1:01:12 PM UTC-4, Marek Marczykowski-Górecki > wrote: > > Hi, > > > > I've published the first post on my blog: > > https://blog.marmarek.net/blog/2018/

Re: [qubes-users] vault color (black?) & window decorations

2019-01-22 Thread brendan . hoar
On Tuesday, January 22, 2019 at 10:53:30 AM UTC-5, chuc...@gmail.com wrote: > On Monday, October 15, 2018 at 8:07:38 AM UTC-5, awokd wrote: > > bre...ail.com: > > > Hi folks, > > > > > > Regarding the default R4 color scheme... > > > > > > ...does anyone else find that the default color for

Re: [qubes-users] Hyperthreading on or off?

2019-04-04 Thread brendan . hoar
On Thursday, April 4, 2019 at 5:10:39 AM UTC-4, donoban wrote: > On 4/3/19 11:54 PM, jr...@gmail.com wrote: > > Looking for guidance on best practices for Qubes configuration: > > given the vulnerabilities that have been reported with > > Hyperthreading, it would seem to be a no-brainer that it

[qubes-users] Change default DisposableVM for sys-whonix?

2019-04-05 Thread brendan . hoar
By default, even though launching from this VM is disabled on install, it is set to dvm-fedora. Might it not be better that it be (none) or perhaps a whonix-ws dvm? I believe that even if the user enabled the capability, under the OOTB configuration, this change probably doesn't provide any

Re: [qubes-users] Re: debian 10 [SOLVED]

2019-03-30 Thread brendan . hoar
On Friday, March 29, 2019 at 10:39:36 PM UTC-4, Chris Laprise wrote: > In 4.0 its supposed to be automatic. However, there is some flaw with > Linux discard mount option and it may still leave some fraction of > blocks un-trimmed. The good news is now you only need to run 'fstrim -a' > in the

Re: [qubes-users] Re: debian 10 [SOLVED]

2019-03-30 Thread brendan . hoar
On Saturday, March 30, 2019 at 9:35:58 AM UTC-4, brend...@gmail.com wrote: > Similar except I remind myself to dismount any large volumes mounted > (those can take to run trim against): ^(those can take a lot of time to run trim against): -- You received this message because you are

[qubes-users] Re: command line tools work when the gui does not

2019-03-31 Thread brendan . hoar
On Sunday, March 31, 2019 at 2:02:57 AM UTC-4, pixel fairy wrote: > this seems to be more of a qubes 4.0 thing, dont remember these issues in > qubes 3, but maybe i didnt notice. the update notification in qubes 3.x also > always seemed to work. > > does everyone else just use the command line

Re: [qubes-users] Re: Best ideal laptop for Qubes?

2019-02-23 Thread brendan . hoar
On Saturday, February 23, 2019 at 4:09:35 PM UTC-5, dexint...@gmail.com wrote: > Where can I find the memory guide? I have 16gb X1C6 that I acquired a couple > days ago. So far 16gb is running my Qubes well but hey might as well do some > tweaks.

[qubes-users] Re: Dom0 upgrade and reinstallation packages

2019-02-23 Thread brendan . hoar
On Friday, February 22, 2019 at 7:25:54 PM UTC-5, cooloutac wrote: > On Thursday, February 21, 2019 at 7:40:06 PM UTC-5, Andrzej Andrzej wrote: > > but for example packages related to anaconda and a few others just > > downloaded and did not update them, leaving them in the field for > >

Re: [qubes-users] Re: Best ideal laptop for Qubes?

2019-02-23 Thread brendan . hoar
On Saturday, February 23, 2019 at 11:44:51 AM UTC-5, 799 wrote: > schrieb am Sa., 23. Feb. 2019, 14:35: > > Not quite sure why people try use Qubes with laptops. I found far better > > performance on desktops. Laptops are the opposite of flexible. PC's you can > > upgrade to your hearts

Re: [qubes-users] Re: Oryx Pro laptop (BOOTX64.cfg for Qubes 4.0.1)

2019-02-28 Thread brendan . hoar
On Thursday, February 28, 2019 at 9:26:31 AM UTC-5, Daniil Travnikov wrote: > On Thursday, February 28, 2019 at 9:04:05 AM UTC-5, unman wrote: > > You are trying to write to an iso file, which is a read only file > > system. (It's an image of a CD/DVD) > > > > As awokd has suggested, you need to

Re: [qubes-users] Re: Oryx Pro laptop (BOOTX64.cfg for Qubes 4.0.1)

2019-02-28 Thread brendan . hoar
On Thursday, February 28, 2019 at 5:30:38 PM UTC-5, awokd wrote: > br@gmail.com wrote on 2/28/19 3:33 PM: > > From wikipedia: > >> ISO 9660 is by design a read-only, pre-mastered file system ... all the > >> data has to be written in one go or "session" to the medium > > > > In order to

Re: [qubes-users] Best practices?

2019-03-04 Thread brendan . hoar
My recommendations, incorporating some other previous recommendations. 0) After install, clone the baseline templates, then re-point all the non-standalone VMs to the clones. Update the clones regularly. This avoids the catch-22 of having your network broken on all your templates. If a clone

Q menu cleanup ideas (was Re: [qubes-users] Best practices?)

2019-03-04 Thread brendan . hoar
On Monday, March 4, 2019 at 7:14:40 AM UTC-5, swami wrote: > Le 04/03/2019 à 13:03, b@gmail.com a écrit : > > * at some point we'll need to talk about how to keep the Qubes menu clean > > with all these clones around. > > It would surely help much to have a « Include in menus » checkbox in

Re: [qubes-users] Shrinking a private volume

2019-02-27 Thread brendan . hoar
I’ve found it necessary sometimes to sudo fstrim -av from inside the VM in order for the dom0 lvm thin provisioned volumes to return the unallocated space back to the pool. This doesn’t shrink the volume but it does tell the system that it doesn’t need to store anything there for that VM

Re: [qubes-users] sys-net fails to load ath10k_pci after fedora-29 update

2019-03-20 Thread brendan . hoar
On Monday, March 18, 2019 at 11:33:03 AM UTC-4, seaclue wrote: > I switched to kernel-latest and now it's working. Can confirm: same wifi chipset and my fedora-29 networking was broken for me...as my system default VM kernel was rather old (being a 4.0 install from last year, upgraded

[qubes-users] Re: ThinkPad X270 USB C/Thunderbolt USB C type and docking station Qubes 4.0

2019-03-21 Thread brendan . hoar
On Wednesday, March 20, 2019 at 10:08:36 AM UTC-4, Matthew Roy wrote: > So there are 3 things I needed to do to get Thunderbolt docks to work on a > laptop with Qubes: > 3) Manually add and remove PCI devices provided by the dock from individual > Qubes (e.g. sysnet and sys-usb). The Qubes will

Re: [qubes-users] How secure is a VM if a user tries to tampers it?

2019-02-08 Thread brendan . hoar
[To the Qubes team - have there been efforts to support enterprise clients?] Frafra - When NxTop was released I did some beta work with them and was sad when Citrix acquired them, renamed the product XenClient XT, stopped considering non-enterprise use cases and then, finally, killed the

Re: [qubes-users] How secure is a VM if a user tries to tampers it?

2019-02-08 Thread brendan . hoar
On Friday, February 8, 2019 at 10:24:17 AM UTC-5, Laszlo Zrubecz wrote: > On 2/8/19 3:55 PM, brendan wrote: > > Anyway. The open source OpenXT (open source based on the above) > > is/was designed for the use case discussed in this thread and is > > the underlying platform of DoD's SecureView

Re: [qubes-users] How secure is a VM if a user tries to tampers it?

2019-02-11 Thread brendan . hoar
On Friday, February 8, 2019 at 7:07:53 PM UTC-5, Chris Laprise wrote: > On 2/8/19 5:12 AM, Francesco Frassinelli wrote: > > > The issue you mention is more about trust in employees, the trust > > model, than about selected OS in usage. > > > > The problem is that there are cryptolockers,

Re: [qubes-users] Installing Mirage Firewall

2019-04-18 Thread brendan . hoar
On Wednesday, April 17, 2019 at 2:46:10 PM UTC-4, 799 wrote: > I was also struggling with the installation, therefore (and to save time for > the Mirage Pros to develop the firewall not helping newbies like myself) I > have created a howto: > > >

Re: [qubes-users] Spontaneous rebooting

2019-04-13 Thread brendan . hoar
There are some discussions in qubes-issues on github about torbrowser causing 100% cpu while idle, yet appearing to mostly work ok. Running a couple VMs with that bug might cause an overheat reboot on some systems... -- You received this message because you are subscribed to the Google Groups

[qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-24 Thread brendan . hoar
Hi folks, Summary/Questions: 1. Is the extremely large minimum-IO value of 256KB for the dom0 block devices representing Q4 VM volume in the thin pool ... intentional? 2. And if so, to what purpose (e.g. performance, etc.)? 3. And if so, has the impact of this value on depending on discards

[qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-24 Thread brendan . hoar
Looks like the chunksize of the pool is the controlling factor (256kb) here. % lvs -o name,chunksize|grep pool Docs say the default value is 64kb (that’s also the minimum for a thin pool). Not sure why qubesos value is higher. -- You received this message because you are subscribed to the

Re: [qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-25 Thread Brendan Hoar
On Sat, May 25, 2019 at 12:09 PM Chris Laprise wrote: > > It would be interesting if thin-lvm min transfer were the reason for > this difference in behavior between fstrim and the filesystem. Indeed. Pretty sure that is the case for some workloads. However, I think you're wrong to assume that

Re: [qubes-users] WARNING: don't update qubes, will break your install

2019-05-26 Thread brendan . hoar
Guess I lucked out by using kernel-latest this time... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this

Re: [qubes-users] halfway to a certified hardware list

2019-06-04 Thread brendan . hoar
On Tuesday, June 4, 2019 at 1:14:03 AM UTC-4, Chris Laprise wrote: > On 6/4/19 12:26 AM, Andrew David Wong wrote: > > > Any suggestions about how we could keep this up-to-date? I imagine > > that the first column would be almost uniformly green ("currently > > sold") based on when the HCL report

Re: [qubes-users] qvm-block doesn't see a thin volume

2019-06-07 Thread brendan . hoar
On Friday, June 7, 2019 at 8:43:49 AM UTC-4, awokd wrote: > awokd wrote on 6/7/19 12:39 PM: > > 'Crypto Carabao Group' via qubes-users wrote on 6/7/19 12:21 PM: > >> Created a thin volume on a second hdd. > >> Can use mount to attach it to dom0 and make a backup on it for  example. > >> mounted or

Re: [qubes-users] Unable to update anything on new installation

2019-06-07 Thread brendan . hoar
On Friday, June 7, 2019 at 8:08:53 PM UTC-4, atrain...@gmail.com wrote: > On Friday, June 7, 2019 at 8:04:22 PM UTC-4, awokd wrote: > > atra...@gmail.com wrote on 6/7/19 11:01 PM: > > > I'm really really stuck and I can't go forward no matter what I do. My > > > goal is to create qubes to

Re: [qubes-users] Re: real and virtual storage usage by qubes

2019-05-30 Thread brendan . hoar
On Tuesday, May 28, 2019 at 7:25:46 PM UTC-4, Chris Laprise wrote: > > If you run fstrim -av inside the qube, it's supposed to release unused > > space back to the thin filesystem. > > Keep in mind this will probably cause the volume to consume more LVM > metadata or 'tmeta'. The filesystem

Re: [qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-28 Thread brendan . hoar
On Saturday, May 25, 2019 at 2:28:13 PM UTC-4, Chris Laprise wrote: > I think the only _good_ way to deal with COW metadata expansion, since > its always related to data fragmentation, is to keep expanding it and > let system performance degrade accordingly. Yup. One could argue that the same

Re: [qubes-users] Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0

2019-05-28 Thread brendan . hoar
On Monday, May 27, 2019 at 8:05:07 PM UTC-4, awokd wrote: > Stumpy wrote on 5/27/19 4:09 PM: > > I am trying to use an onlykey U2F but have run into some issues like it > > showing up in dom0 and sys-usb but seems like i cant use it. > > > > in sys-usb: > > [user@sys-usb ~]$ lsusb | grep Only > >

Re: [qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-28 Thread brendan . hoar
On Saturday, May 25, 2019 at 8:50:57 PM UTC-4, unman wrote: > Docs also say that where a thin pool is used primarily for thin > provisioning a larger value is optional. Did you mean to say "optimal" or did the docs really say that larger cluster sizes are optional? In any case, I think the docs

Re: [qubes-users] what happened to qvm-trim-template?

2019-06-02 Thread brendan . hoar
On Sunday, June 2, 2019 at 2:10:47 AM UTC-4, haaber wrote: > On 6/2/19 10:16 AM, 'awokd' via qubes-users wrote: > > dr.@gmail.com: > >> Don't see it. > > > > Deprecated; no longer needed in Qubes 4.0. > > > There is "fstrim -a", see man mage. Template trim procedure is: $ sudo fstrim -av $

Re: [qubes-users] R4 system requirements; AMD compatibility?

2019-05-30 Thread brendan . hoar
On Thursday, May 30, 2019 at 10:01:07 AM UTC-4, Claudia wrote: > 1) Should I update the BIOS before attempting to install Qubes? Is this > a generally recommended practice for Qubes, and if so, why isn't it > mentioned in the installation guide? I know you're asking Chris, so feel free to

Re: [qubes-users] Security concern while checking FLR (Function Level Reset) for PCI passthrough to Xen HVM guest

2019-06-22 Thread brendan . hoar
On Saturday, June 22, 2019 at 3:07:25 AM UTC-4, awokd wrote: > 'npdflr' via qubes-users: > > while the section: Preparing a device for passthrough > > (https://wiki.xenproject.org/wiki/Xen_PCI_Passthrough#Preparing_a_device_for_passthrough) > > states that: > > "First, determine the BDF of the

[qubes-users] Trim/discard unallocated thin pool space

2019-06-17 Thread brendan . hoar
There is a tool in dom0 called "thin_trim" which is part of the "device-mapper-persistent-data" package. It issues discards to the unallocated space of a dm-thin device that is not in use. This gets a bit trickier if it is an lvm2 device, as there's another management layer above the dm-thin

Re: [qubes-users] Trim/discard unallocated thin pool space

2019-06-17 Thread brendan . hoar
Chris - thanks for jumping on this. :) On Monday, June 17, 2019 at 11:16:05 AM UTC-4, Chris Laprise wrote: > I would fully expect lvremove to issue discards, if lvm is configured > for it. Did you try changing /etc/lvm/lvm.conf so that "issue_discards = > 1" ? I've got that set (also in dom0 &

Re: [qubes-users] Trim/discard unallocated thin pool space

2019-06-17 Thread brendan . hoar
On Monday, June 17, 2019 at 11:32:50 AM UTC-4, Chris Laprise wrote: > FWIW, if there were any issues with data not being discarded, it would > be with the (size) mismatch between what ext4 considers a discarded > block and what the thin + lvm layers consider a discardable block or chunk. Yes,

Re: Re: [qubes-users] How does dropbox know that I‘m using qubes?

2019-06-20 Thread brendan . hoar
On Thursday, June 20, 2019 at 5:16:28 AM UTC-4, cy...@protonmail.com wrote: > Any other suggestions how servers can determine the client kernel version > when browsing with the pre-installed fedora browser? Does the template have flash installed? Actionscript's OS.Capabilities can readout the

Re: [qubes-users] sys-net fails to load ath10k_pci after fedora-29 update

2019-06-23 Thread Brendan Hoar
I think it was the kernel-latest-qubes-vm package from the -testing repo. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Re: Qubes - Critique (long)

2019-05-20 Thread brendan . hoar
On Friday, May 10, 2019 at 2:09:09 PM UTC-4, Chris Laprise wrote: > On 5/10/19 12:16 PM, Marc Griffiths wrote: > > Next step for me is ordering a T400, which doesn't have Intel Management > > Engine, supports Libreboot, and has proven itself as an uncrashable > > workhorse. I used to run Windows

  1   2   3   >