[qubes-users] which tool alters my etc dir every boot?
Hi, I recently installed 3.2 and got the archlinux template working. I updated it to the latest and got KDE working nicely. One problem I have is that every single time I (re) start the templateVM, a new file is created in /etc/pacman.d/ it is a file that adds a http-proxy address. The result is that pacman stops working, as that proxy address doesn’t respond. So the question I have is which piece of software is responsible for recreating that file every boot. As I’m a developer, I’d like to fix it at least for myself. Any hints appreciated! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/30870866.6Qo8jQmbpd%40strawberry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] promoting testing packages
Last week I briefly tried 4.0RC2, only to realize that things like the archlinux package was just missing. Since then I learned that it actually is part of the testing repository. This makes me wonder, what is the procedure of promoting something from testing up to current? I mean, if its simply non-functional or missing in current, then should a testing version not be promoted ASAP ? ref; https://github.com/QubesOS/qubes-issues/issues/3185#issuecomment-338627359 -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/26995256.BphPtZlHdP%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: unable to start a freshly created VM (the first VM on a fresh install). Qubes 4.0-RC2
On Monday, 27 November 2017 07:03:51 CET Wael Nasreddine wrote: > I'm trying to create a Standalone VM to run ArchLinux dedicated for work, > but the VM fails to start, Where did you get the archlinux VM from? I successfully managed to get this working over the weekend by; a) following the basics (dns install etc) here (point3 & 4). Don’t do point 5 - 10. https://www.qubes-os.org/doc/building-archlinux-template/ b) follow the simplest guide from this report; https://github.com/QubesOS/qubes-issues/issues/3185 Then continue with points 10 - from the official docs. Generally, after a weekend of intense working with qubes4r2 (testing) I would say that creating new VMs based on a template and starting them is a bit of a hit-and-miss. I’m guessing that the daemon in dom0 has some race conditions that sometimes leaves newly created vms broken. Stress the system less and it seems to work more stable. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21911043.9nAo3dFqVE%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Yubikey in Challenge Response mode in Qubes 3.2
On Monday, 27 November 2017 06:30:48 CET Yuraeitha wrote: > I wonder how such misunderstandings, or false interpretations, can be > avoided among the people, like me, who are learning about Qubes (and > Linux in general). But that's something for another time and topic, but > an interesting one nonetheless. Personally I’d say that the majority of this problem comes from the mis- design that VMs like debian and even fedora are maintained by DNF/yum. To do a system upgrade by downloading a new RPM makes no sense as that completely destroys all changes made in the template. For instance new software that was installed. If qubes were to disconnect the idea that an RPM of several hundred MBs is the way to download/install/upgrade a VM, it would become much easier to understand. Maybe in Qubes 5 :) -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1727044.u3lbsDOL5E%40strawberry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Move homedir to second drive
I have a ‘work’ VM which holds a significant amount of user-data and as such I want my homedir to be hosted on my spinning-disk drive. I’m more than fine just using a standard btrfs partition there, I really like the snapshotting option there, but this does imply I would need to automatically assign this partition to the VM at vm-start. Probably from dom0. I can write a script and only start the VM that way, but it feels there musts be a better way. Does anyone know of a way to do this auto-bind? Thanks! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2513427.0csQtBiJSz%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Move homedir to second drive
On Tuesday, 28 November 2017 03:07:02 CET Andrew David Wong wrote: > On 2017-11-27 16:03, 'Tom Zander' via qubes-users wrote: > > I have a ‘work’ VM which holds a significant amount of user-data > > and as such I want my homedir to be hosted on my spinning-disk > > drive. [snip] > This option works well for me on 3.2 (doesn't require auto-bind): > > https://www.qubes-os.org/doc/secondary-storage/ Thanks for your answer, it seems like this is no longer an option in 4.0 because VMs are no longer directories on the dom0 filesystem. I may be wrong, but I understand they are actually partitions now. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9060708.MLDAJUS7DY%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Failed to load Kernel Modules
On Tuesday, 28 November 2017 14:18:44 CET cooloutac wrote: > Of course many feel Qubes is for more advanced users, and apparently that > will become a self fulfilling prophecy in version 4. Looking at the (lack of) UI tools at this time, you can be excused thinking this. I personally think its a focus issue. The core devs are good at security, and that is where their focus is. The people behind Qubes don't have to focus on usability, though. They can focus on an awesome core while others focus on tooling. I'd love to help write some great user interfaces that improve upon the Qubes supplied ones (which is a low bar), and do that in an open source manner which help improve the usability for everyone. As long as I don't have to use python, so the only thing we really need is a good interface which is language-agnostic. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1943595.qdjiYGhS3f%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes for "dummies"
On Tuesday, 28 November 2017 03:38:02 CET Andrew David Wong wrote: > Our position is that reasonable security > via compartmentalization (of which Qubes is an implementation) requires > the user to make informed decisions about how to compartmentalize > various parts of their digital life into separate domains. I fully agree with genevieve on all he said, and I'm not sure if the answer I quoted above is a good answer to his worries. Lets avoid making conclusions about "dummies", I personally would say a lot of people can make a much more secure setup using Qubes even if they are completely inable to use a command line. The trick is to not treat your users like morons but at the same time create usable and well designed (graphical) tools. What is missing currently is support for anything that is not xfce and while genevieve prefers Gnome, I perfer KDE. The GUI tools that Qubes came with in 3.2 are hardly done (many missing features) in 4.0, and thats Ok because they can be done at a later time. Writing usability centric tools is hard. What would be ideal is the opening of the APIs for 3rd party implementation. Naturally, there is an API, but its a python API, which is not exactly the most used API for graphical tools. I would argue that opening up the qubesd interface to users using other languages will open up the playing field to many GUI developers. Maybe even get some KDE / Gnome native integration. I won't speak for the core Qubes devs, but I would not be surprised if they would welcome others helping out with GUI tools because if you are good at security and Xen and stuff, that doesn't mean you enjoy doing GUIs. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21030661.7mqzxMQjci%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes for "dummies"
On Tuesday, 28 November 2017 18:33:37 CET Foppe de Haan wrote: > Bottom line IMO these days security can't be done by a layman, Security as a concept is not that black / white, there is no 100% security and likewise I fail to see how "laymen" can't increase their security. As a quick example, in Windows you can download an exe and start it with zero technical knowledge. In Linux a downloaded executable can't be started without the user explicitly marking it "executable". Guiding people into doing the right thing can be done. As long as you don't aim for perfect security (which honestly doesn't exist anyway), you can help people increase their security significantly. In my humble opinion, this is already happening in Qubes. The NetVM is a good example of a standard setup that has become completely transparant to users while isolating them from bad drivers causing security issues for many other linux users. The people that need this most are those that don't have the technical know- how, exactly because they don't understand how opening an executable or PDF from the net can cause any harm. The point I'm trying to make is that those people can already use this software today, but many of the more fun features are impossible to them because they have not been made easy. I'd also like to mention that all things require time to learn, I'd like to set up some firewall rules to let different VMs communicate between themselves. But lacking a nice GUI I have to figure out how to do this at the command line, and I honestly just don't have the time to learn that right now. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1799306.mAIeOnHVnd%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)
On Wednesday, 29 November 2017 08:51:33 CET '[799]' via qubes-users wrote: > As far as I have understand, the problem is not that the password is > shown, but that the report with this error mistake and the password could > get transferred. I don't want that my password gets transferred in some > part of an error report. Thats not what the guy wrote. He said that it was showing on screen in an error dialog. The problem seems to be that the password is requested from the user and then kept in memory to be passed to specific tools that do the work while the installation is ongoing. Then if the installation goes wrong it prints the log of what has happened so far, and that contains the password. I have seen no indication that the password is kept after the installation has completed and operations are given over to Qubes-OS. I agree its rather sloppy, but as far as I know the installer has no option of reporting issues. I don’t even think you connect to the network at all (did you type your wifi password, I never did). So, lets allow the devs to fix this without making this into a bigger thing than it is. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2706301.yDkeRr7QO1%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)
On Wednesday, 29 November 2017 02:40:01 CET Genevieve Gauthier wrote: > What do you need me to do ? Please expain in a little more detail what versions of the software you were using, what steps we might follow to reproduce the problem. For instance which screen was the last thing that was on before this error popped up. Cheers! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5092306.yHsbj7elGM%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Failed to load Kernel Modules
On Thursday, 30 November 2017 03:30:35 CET Unman wrote: > I think I must be missing your point - it might be clearer if you gave > examples of tasks that these user interfaces would serve. I think we have some great examples already which could use more love. The devices app, which allows you to assign drives (partitions really) to qubes. It is currently less than complete. Not only does it have bugs (shutting down a qube and starting it again makes a logical drive never be shown there again). But more importantly it just adds a new device in /devs/ without mounting it. It should allow a user to the first time select a qubes dir to mount it on. The goal; to avoid the user having to use the CLI. But also the Qubes-create-new VM GUI app is rather badly designed. It uses lots of terms like ‘appvm’ and similar, which is Ok. The problem is that none of these terms are explained. You have to go to browse on the internet to find out what those mean. It would be quite easy to add documentation inside the app in order to explain it. Maybe add a graphic-widget that shows not just the list of template VMs, but also which VMs are based on it. Because honestly, what a user wants is likely “make another VM like Work”. But then they have to first find out that “Work” is based on a named template, is an appvm and remember that and open the create-vm screen to base it on the same... In short, the tools are designed by technical people to do what they already know how to do. They are not designed for new users that need to discover the system at the same time as they get tasks done. Ths is just an example or two, I hope it explains my thinking. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1634249.gHXZ37I4Bz%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3 different rez monitors doable?
On Thursday, 30 November 2017 01:21:40 CET Stumpy wrote: > I don't see why this wouldn't work, but at the same time, I thought > better to be safe than sorry. > > I have two monitors (1920x) hooked up to my comp which has two video out > ports, I wanted to add a 4k monitor and will have to add an extra card. If it works on Xorg, it should work on Qubes. So you can try on any KDE or Gnome forum to get the confirmation you want. I have two screens which works fine. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25211675.hEn0ludk9C%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
On Thursday, 30 November 2017 11:07:56 CET Joe Hemmerlein wrote: > However, the TPM chip on this hardware works in UEFI boot mode only I think its a known issue that Qubes doesn't support EFI. It ironically creates an efi partition, but the installer doesn't create the right stuff to actually boot from it. And I can confirm that the installer doesn't boot without legacy boot systems either. If your hardware is really incompatible with legacy boots, you are out of luck. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1527351.KGz1QmYuqg%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Suggestions (for forum posts)
On Friday, 1 December 2017 00:37:47 CET Stumpy wrote: > I am not so familiar with google groups but I don't have a google > account For those of us in that section of the population; you can subscribe to the group without having a google account and get 100% of the emails in your email application of choice. The details are here; https://www.qubes-os.org/mailing-lists/ Quoting from it; > Google Groups > > You don’t have to subscribe in order to post to this list. However, > subscribing might nonetheless be desirable, as it ensures that your > messages will not be eaten by the Google Groups spam filter and allows > you to receive messages which were sent directly to the list.> > To subscribe to the list, send a blank email to > qubes-users+subscr...@googlegroups.com.> > Note: A Gmail account is not required. Any email address will > work. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8507827.v5nN5cJd7g%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows Menu innaccessable because of Windows Tools.
On Friday, 1 December 2017 06:03:56 CET Drew White wrote: > What can I do (logically) to resolve this issue? Silly idea; make the bottom of both monitors be the same on your Linux side, that may sidestep the issue. If nothing else, you can move the windows taskbar to the left side of your screen and get your start menu button showing top-left. To fix the actual bugs, have you opened an issue on the appropriate github repo? I understand the tool that does this is not open source, so I’m personally not sure where you can report it or if you need to pay to get bugs like this fixed. Others that know may want to reply here as well. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1812918.4pv4icv6SJ%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Boot Delay
On Friday, 1 December 2017 07:38:06 CET Drew White wrote: > How can I set the Boot Delay so that I can see the POST screen before it > actually goes into an operating system please? That is handled and configured in the bios of your machine. Most peope want to see as little as possible of the POST (to them its just waiting). You may check your bios config. It may be possible, it may not, I can’t tell. Bottom line, this has nothing to do with Qubes. > Also, is there an easier way to Add a BIOS to Qubes config rather than > running a Custom Config all the time and having to use that in my manager > that I built? This line doesn’t parse for me. You may have picked the wrong names for technical terms, maybe it works better if you can describe whats you see in generic terms and what you want to happen in same. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5740503.zEzL9FETcY%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Monday, 4 December 2017 16:38:12 CET r...@tuta.io wrote: > Vm manager... It has been reduced to a single icon in your system tray. Some features have been moved elsewhere (start menu has a config item per VM) some are command-line only. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3278743.nbyTSUyjSW%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Wednesday, 6 December 2017 08:14:44 CET taii...@gmx.com wrote: > On 12/04/2017 06:34 PM, r...@tuta.io wrote: > > Just read it. Thats fucking stupid. > > Sure is, I am tired of the linux greybeard obsession with the CLI - it > is not always the best choice. > > When it comes to management of many virtual machines a GUI is a must to > speed tasks and avoid 3AM critical mistakes. The creation of GUIs doesn’t have to be done by the Qubes team, in my opinion. I would even argue that the skills required to make fine UX apps are significantly different and we’ll likely get better interaction from people that are further away from the core development. I took a look at this myself and got disengaged when I realized that the core team does all of its APIs in python. Which means that the only way to ask the qubes-daemon something is to either write in python, or emulate the way that python talks to it. This does not make it impossible just significantly harder to write good GUIs for Qubes. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7187767.jv0iuaymnc%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Wednesday, 6 December 2017 13:02:43 CET Franz wrote: > Sorry for the obviously stupid question, but why is it harder to write it > in python rather than something else? Not at all, its a good question. It is harder to *have* to write it in python instead of any langauge any developer may be actually good at. It limits the pool of available developers, available toolkits/libraries and other such resources quite dramatically. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5129252.mOhMi244ek%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Wednesday, 6 December 2017 16:08:28 CET Unman wrote: > "useful, but wasnt any good" - do you mean buggy or poorly designed? > What 2 features should be implemented/fixed? > > I confess I rarely use the Manager, so don't have a feel for what's wrong > with it. To be clear, the main reason the old one is removed seems to be that it would have had to be reimplemented due to the architecture changes in 4.0 This is relevant to know because that means nobody actively thought "It is not good enough, lets remove it". The removal then, in my own opinion, means we have an opportunity to do better. To support the point of view of "useful but wasn't any good", let me explain what I think such a tool should behave like. The first issue with the old tool, and also with some of the new tools, are that you already have to know how things work in order to be able to use it. For instance the terminology 'appvm', 'templatevm' etc are completely not explained anywhere. You have to go to a website to learn what the mean. A clear success story of Qubes is its networking, abstracting the netVm is done to add security without having any significant impact on usability. Practically speaking, normal users can ignore the whole networking setup as it "just works". This is the level of support that we want. And most tools are nowhere near that just yet. Some examples of things that in 3.2 as well as in 4.0 are clearly in need of a lot of love are; * Which VMs are in which state. If you start something and the netvm/ firewall VM are auto-started, this is not at all clear to the user. If something fails, it gets even worse. * Network communication between Qubes. Routing via the firewallVM. * Port forwarding. FirewallVM again. * Media-management. Hard drives etc. It just barely works today. * Graphical configuration of multiple qubes. Even in 3.2 not being able to open more than one config dialog at a time was silly. This is just a short list based on my experiments over the last month or so. I'm sure others can add wishlist items. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7505248.onY2f5TSTP%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Wednesday, 6 December 2017 17:34:24 CET Elias Mårtenson wrote: > I had a script that updated the templatevms and it was written in Python, > taking advantage of the API. This script stopped working in 4.0. I rewrote > it to use the commandline tools instead. > > Perhaps a new UI could also be based on those tools. Without a need to use > Python, such UI could be implemented in any language. That would be an > interesting project. i was pondering between two options; a) hope that the python APIs are just thin wrappers that send the actual commands to the daemon process via a unix socket and instead write code that uses the protocol on the socket in a language of choice. b) generate an python script for certain calls and then call them in order to call the APIs. the first would be beneficial as that allows us to receive notifications from the daemon (like a new VM starting). My language of choice is Qt/C++ with QML for the GUI. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7085382.B6flgriP1d%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Wednesday, 6 December 2017 19:28:54 CET Unman wrote: > > the main reason the old one is removed seems to be that it > > would have had to be reimplemented due to the architecture changes in > > 4.0 > Tom, this is simply not true. > If you look at issue #2132 That issue actually supports the point, to quote. > the next-gen manager for Qubes 4.0 (which we need to rewrite anyway > because of the changes in the core-ng) But your reply is unnecessarily confrontational, it really doesn't matter what the core devs decide on the GUI front as they also state they have an open API. As it turns out people are interested in a different GUI experience than the one outlined in the quoted issue. It is good to realize that a better GUI will allow a more secure usage. > > * Media-management. Hard drives etc. It just barely works today. > > Not my experience. There are occasional issues, but generally this seems > to work well If you use a larger amount of features, stuff starts to fall apart fast, though. For instance I added a second drive, attached it to a VM. Noticed that the only thing that happened was the appearance of a strangely named file in /dev/ As far as I can tell you need to somehow guess which file to use in /dev and then type a 'mount' command to actually access it. That requires CLI interaction... And thats just the most simple usecase I can come up with. > BUT basic users generally want little more than to load > data from USBs/phones and to backup to disk How do you rate usecases like having your homedir (private partition) on a second drive on a desktop computer? Extremely common setup on desktops when you end up having many gigabytes in your homedir. A multi-TB spinning disk costs a fraction of an ssd. How about the usecase of auto-attaching and auto-mounting several drives on a specific VM startup, every time it starts. For instance a read-only (aka CDRom or Loopback) mountpoint in your homedir of firefox settings shared between some of the VMs. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2225087.MTxVmBMS7p%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to copy-paste into Terminal from global clipboard?
On Thursday, 7 December 2017 09:29:22 CET Zrubi wrote: > On 12/07/2017 07:33 AM, Nik H wrote: > > This may be a silly question but I've been unable to figure it out: > > I quite often want to paste something from a browser into a > > Terminal in a different vm. > > > > Global, secure copy / paste is Ctrl-Shift-c / Ctrl-Shift-v > > > > In a Terminal window, these shortcuts are mapped to normal copy > > paste, rather than inter-vm copy pasting so it doesn't work out of > > the box. > > Shift-Insert is the "magic key" you searching for ;) More specifically; to paste to a VM you use ctrl-shift-v which makes it available to all apps in that VM. Followed by shift-insert to paste it to your termnal. I use konsole, the KDE terminal. It happens to not map ctrl-shift-c/v making this an out-of-the box experience. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2189453.KzMNbdVETx%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VM's fail to start after fixing chock-full LVM thinpool
On Thursday, 7 December 2017 01:53:40 CET Patrick wrote: > However... I immediatelyy found out VM's still did not start on my system. > After looking in journalctl and systemctl, I found out qubesd would not > start: "failed to start Qubes OS daemon". I attached text files of the > error outputs from both commands for all your scrutinizing eyes. Does > anybody got any ideas on what is going wrong? I would hope qubesd logs somewhere else as well, as these files show nothing of use. Just that it failed. Try qvm-run -p -u root ‘ls /usr/log’ and similar commands to check if there are more logs. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3329171.eTUlKB7VhS%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can AppVMs detach or attach block devices?
On Thursday, 7 December 2017 09:41:37 CET qbertq...@gmail.com wrote: > My understanding is that you attach and detach block devices from the dom0 > side, and you mount, umount, and eject from the AppVM side. > > Is it possible to detach and/or attach block devices from the AppVM side, > or is this something that only dom0 can do? Making them available is something only dom0 can do, to make sure that a compromised qube can’t get itself more resources. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4107452.Mjt6kl4oOj%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Thursday, 7 December 2017 14:17:52 CET Franz wrote: > > On another note what would it take ($$$) for someone to create this back > > on 4 as an option for the community (obviously theres quite a few of us) > > that want this to install? > > > > Im not rich by any means living in one bedroom apt and work from home > > but > > this does help me with work and would donate towards getting this done. > > that is an interesting approach, developers can make programs, but > non-developers can pay for others to do it. I offer $5000. Hi guys, I've investigated the possibilities today about how this can be done from a purely technical point of view. It seems possible, and to test this I am writing a very simple app that retrieves the current Qubes and their status from the central qubes system. Just as a proof-of-concept. Looks promising so far! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1572791.jpaFWVJQuq%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Where is ability to backup and restore backups on 4?
On Thursday, 7 December 2017 17:38:15 CET Jean-Philippe Ouellet wrote: > Remember that the "R4" you're speaking of is still just a release > candidate - it is *not* finished! To most people the concept of a "release candidate" is that the software released is possible the final version, if there don't appear to be any show-stoppers. As such, the Qubes devs consider it feature complete. Otherwise it would have been marked as beta. So we have to conclude that missing features (like not having a UI for backups) is not planned for 4.0, maybe for 4.1. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9850192.f46aOWGfkO%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Friday, 8 December 2017 06:09:32 CET Chris Laprise wrote: > There is the question of whether someone should try porting the original > Qt-based Qubes Manager to R4.0. I mention this since the biggest > complaint so far is not having a _comprehensive_ UI; Updating QM for the > new Qubes API could be the most direct path to addressing that need. > > I'd like to know what people think... I’m a big fan of Qt, but the original was written in python (using the Qt python bindings) which is my least favourite choice in language, and on top of that the original QM had many problems for the user experience. I also know that the “state of the art” in creating user interfaces has moved on and the technology used in the old app is end-of-lifed for some years now. All in all, you’ll get a nicer app if you ignore the code of the old one. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1618250.N4Z28JSqJV%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Friday, 8 December 2017 06:09:32 CET Chris Laprise wrote: > What I want > to say is that people that do not like to experiment with computer just > memorize what they are told and always do the same steps just happy that > it works. I fully agree with that and it mirrors my observations. Personally I blame Windows for this as that one breaks so easy, and anyone else that at any time tells a person they are doing something "wrong". Being told (as a non-tech person) you are doing it wrong is literally the worst thing you can do to that person as they will lose their ability to have confidence and subsequently they will lose their will to experiment. An OS like Qubes will lose its objective if it starts telling people they are doing it wrong. Instead, make every effort to show them the right way, and allow experimentation. In other words; enforce correct behaviour and warn against (but do not forbid) possibly bad behaviour. Anyhow, I leared from your post that it was possible to start apps from the old QM, I never knew that, I never tried! :) Thanks for sharing that! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2670504.fyzs8cDxUL%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VM's fail to start after fixing chock-full LVM thinpool
On Friday, 8 December 2017 01:05:32 CET Patrick wrote: > I found the problem! My /var/lib/qubes/qubes.xml file was corrupted, so > it could not be parsed correctly by qubesd. I restored a previous version > from /var/lib/qubes/backup and now I am back in business! Thanks anyway > for checking out my problem. :-) Thanks for reporting this! This looks like a show-stopper bug to me. The system should never be able to corrupt a critical file like that due to disk-full. I reported it to the qubes devs; https://github.com/QubesOS/qubes-issues/issues/3376 -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3429712.PcA1Q6VB4G%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Friday, 8 December 2017 11:50:07 CET Unman wrote: > Anyway, I don't want to labour the point. > Enough people seem to like the Manager style approach to make it worth > putting something like it into 4.0. You wrote a very interesting mail, with lots of great ideas on how to make the workflow better. I really like the idea to have application icons match your VMs. The 4.0 start menu forces users to first pick a qube and then pick an app. With a Firefox available in each and every qube... I think this thread is more about having any sort of user friendly tools than it is specific about the QM. Its just that most users have only ever had the QM, and then even that was taken away from them in 4.0 :( I'd say you (Unman) are in a great position to brainstorm ideas we can try to find a good user interface that helps people stay secure and helps them survive, to even thrive. I'd like to write a simple app that people whom were used to the QM can relate to. With some people here stating they are willing to pay for the service, I can make some time for that. As that crystallizes, maybe more people can jump in and work on other stuff. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1832023.braeTR7ho0%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What happened to domain manager in 4?
On Friday, 8 December 2017 14:56:00 CET Chris Laprise wrote: > > I also know that the “state of the art” in creating user interfaces has > > moved on and the technology used in the old app is end-of-lifed for some > > years now. > > Which end-of-life technology would that be? In Qt5 (released 19 December 2012) the qwidget module was split off onto its own and the APIs in that module have been frozen ever since. This details the module; https://doc.qt.io/qt-5/qtwidgets-index.html Newer applications using Qt are suggested to use the declarative APIs which have the added benefit of using the massive speedups Qt GUIs get from using modern hardware and new architecture. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8505819.xTjMXsjhq2%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to create DVM Templates in Qubes OS 4?
On Saturday, 9 December 2017 23:03:38 CET qbertq...@gmail.com wrote: > In Qubes OS 3, the documented way of creating DVM Templates is to use > qvm-create-default-dvm (see > https://www.qubes-os.org/doc/dispvm-customization/) > > qvm-create-default-dvm was removed in Qubes OS 4, so what's the new way to > create DVM Templates (https://www.qubes-os.org/doc/glossary/)? > > I would like to install something in a TemplateVM, configure it in a DVM > Template, and run it in a disposable VM. The documentation is outdated, there is an article that explains the 4.0 way; https://blog.invisiblethings.org/2017/10/03/core3.html See heading; "Disposable VMs redesigned" -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12519664.jrfMYDFmUQ%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to create DVM Templates in Qubes OS 4?
On Sunday, 10 December 2017 07:09:35 CET qbertq...@gmail.com wrote: > What I don't understand Just want to point out that the 4.0 support for dispVMs is extremely basic and honestly quite broken. The concept works, most of the tools don't or are just shitty. Happy to hear you made it work :) -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2576609.luoT2bi4Tg%40cherry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] [HOWTO] use 2nd drive partition as 'home' drive.
Lots of things changed in Qubes4, and I think I am finding out things lots of others will need to find out at one point too. So for them, as well as for my own memory, I'll write some howto emails. The task; as I run Qubes on a machine with a relatively small SSD and large spinning disk, I want to make my homedir (/home/user) be completely stored on the spinning disk. I have two main Qubes which require storage. A Private and a Work qube. Each gets one partition on my 2TB drive. I assume you already partitioned and did everything you need with the drive, it should be available to dom0. 1) Create and start a Qube "Work". 2) open a terminal in the Work qube. 3) do an ls /dev/xv* 4) Start a terminal for dom0; 5) run in dom0 in a terminal; a) qvm-block this shows a listing of drives with their names. Mine is; "dom0:sdb1" b) qvm-block a --persistent -- Work dom0:sdb1 The 'persistent' part here is a new 4.0 feature, seems undocumented but it means you only ever have to do the add once. Futher reboots and restarts of the Qube will automatically re-attach the drive. 6) in the terminal for Work, rerun the ls from step 3 and check which device was added. Possibly "xvdi" 7) edit (as root) the file /rw/config/rc.local and add this line; mount /dev/xvdi /rw/home/user/ Using the device you found in 6 instead of xvdi should it be different. 8) make the /rw/config/rc.local file executable. You can do this by running; sudo chmod 755 /rw/config/rc.local 9) Now shutdown and restart the Work qube and start a new terminal 10) (optionally) in the terminal type; chown user.user /home/user All done! known issue; it looks like the rc.local isn't always finished executing when the first app is started. This looks like a bug to me. So if your first app is firefox, for instance, you won't get your personal settings (plugins/bookmarks) until you start it the second time :-( My suggestion; make this qube autostart on login. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7417874.HcD3Z0RdmU%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Q4: vm-templates and updates
On Monday, 11 December 2017 12:43:37 GMT haaber wrote:
> On 12/11/2017 06:31 AM, Connor Page wrote:
> > did you update it in R4 before cloning and upgrading?
> >
> > templates establish a connection to a proxy running in some netvm defined
> > in dom0 over a vchan.
> yes, I did. I had to run apt-get dist-upgrade -d a dozen times (and
> spread over half a day) to fetch all ~800 packages. Now that they are
> there, I can install normally. I got the impression that changing
> identify in anon-browser (and hence resetting tor connections) improved
> the #{of error messages} per apt-get run. But this is no science, just
> a feeling. Bernhard
I still have not figured this out myself, but I can help you with one step of
the puzzle.
In the archlinux template I noticed a config file is re-created every time I
boot by someone. The config file for the package manager sets a (http) proxy to
localhost, port 8082
Removing that config (so it stops using the proxy) and enabling the networking
on the qube makes stuff work a lot nicer.
Also, do check if you updated your /etc/apt/sources to use a local mirror.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/4307300.ehHCCX5zbd%40mail.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Q4: vm-templates and updates
On Monday, 11 December 2017 11:31:22 GMT Connor Page wrote: > templates establish a connection to a proxy running in some netvm defined > in dom0 over a vchan. Would you be able to repeat that in English ? :-) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1868560.ghOpRHun3K%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Q4: vm-templates and updates
On Monday, 11 December 2017 17:48:45 GMT Unman wrote: > This is a case where "making stuff work a lot nicer" isn't necessarily a > good idea. The "log nicer" is that it is quite a bit faster and error handling is much better. > I don't think you should advise against this without explaining the risks. Can you perhaps explain what you think those risks are? To me it boils down to; don't run any software except for "software upgrades" in your template. I'm wondering if this is a "protect the user from himself" or something real. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4356475.d642LDFU23%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [HOWTO] use 2nd drive partition as 'home' drive.
On Monday, 11 December 2017 15:10:17 GMT Connor Page wrote: > I hope you do understand that there is no encryption in what you propose. Thats why I wrote; > I assume you already partitioned and did everything you need with the > drive, it should be available to dom0. I cowerdly leave the full-disk encryption details to be done by people before they start the howto :-) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1813860.0epH4JKW6K%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [HOWTO] use 2nd drive partition as 'home' drive.
On Tuesday, 12 December 2017 16:18:25 CET Connor Page wrote: > so in short, first create a qubes storage pool > qvm-pool --add In the spirit of a “howto”, can you fill in the actual values to allow one to add a second drive as the ‘private’ (home) partition *only* of a Qube? > if you go for a thin pool, create it first and use volume group and thin > pool names as options for qvm-pool. As the storage pools doc is missing readability, I have to say I have no clue what a “thin pool” is. What a “volume group” is. Last, how does one create a btrfs filesystem on their “home” drive when using this pool concept? > P.S. I’m not sure lvm backend operates properly. File-based backend can > also be used instead. Just mount the secondary drive in dom0 and use the > old trusty file driver if worried. Using a file is going to cause lots of fragmentation and adds an unneeded layer that will just be able to introduce issues. What is the benefit of using pools? Doing a backup of a 1TB homedir can be done without the backup tool too ;) -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20728576.2Otm7ilaGg%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: USB Keyboard thoughts...
On Tuesday, 12 December 2017 16:24:16 CET cooloutac wrote: > well I'm no expert but with ps/2 keyboard it will be the only thing > attached, unlike usb which can have multiple devices on same controller, > spoofed as other devices. Is there a better option? The attack modes are two very different ones. Taiidan is thinking about someone coming in, installing a snooping device and waiting for you to type something critical. In contrary your ps2 solution is one which protects against people at any time entering your OS through compromised (usb) hardware. Either by giving you a pen, or entering the pen themselves. It seems that if you drop usb pens in the parking lot of a mall or company, you have a very very high chance some unsuspecting person will insert it in their machine. With the amount of bad USB drivers in the linux tree (not to mention in Windows) this is a worrying attack allowing the machine to be rooted without the attacker even being physically present. sys-usb limits this attack. > USB to ps/2 adapter works, i apologize if it is a too simple and > practical cheap solution. If you are oldschool you probably have some > laying around the house. I think thats a great solution for the more common attack. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2076848.empXumHRCm%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [HOWTO] use 2nd drive partition as 'home' drive.
On Wednesday, 13 December 2017 00:49:14 CET Connor Page wrote: > I’ll disagree with comparison of btrfs to lvm. there is a very significant > difference between btrfs and lvm. btrfs is like a namespace and lvm > volumes are block devices. one can put a namespace on a block device. but > yes, layers and layers of metadata processing required. > > BTW, has anyone started a btrfs driver for storage pools? I think it could > very tricky if at all possible. related; https://github.com/QubesOS/qubes-issues/issues/3334 -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5232241.G1l38BtH0a%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Release date for qube os 4
On Thursday, 14 December 2017 01:14:55 CET Jon Solworth wrote: > On Tuesday, December 12, 2017 at 9:05:30 PM UTC-5, Andrew David Wong wrote: > > We'll announce this as soon as we can. We usually can't say > > for certain whether an in-place upgrade will be possible until very > > close to the stable release. > > Andrew, now that the schedule for 4.0rc4 is out, it would be good to know > what work remains to be done before 4.0 can be replaced. I would (and > I'm sure the community would) appreciate a few words on this. There is a wealth of information on the github pages. For instance the ‘milestone’ for the 4.0 release still has a large number of open bugs. https://github.com/QubesOS/qubes-issues/milestone/17 Speaking from experience, the devs may bump the less important ones to the next release, so don’t see that as “written in stone”. Also hae to make clear that I see very little communication from the core devs, so I have no idea about their thinking here. My thinking is that since the milestone is there, it likely is important to someone :) -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/floweethehub -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2692764.xq8zzqKEmm%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] GPU Passthrough Status - (Purely a meta-discussion, no specifics)
On Sunday, 17 December 2017 11:59:26 CET Yuraeitha wrote: > f, but from what I understand, complex software is hard to make secure, > compared to well-made hardware minimizing use of software. If Qubes > hypothetically were to adopt these, would the hardware approach be more > secure here? The question isn't really about software vs hardware. The overall design and concept is what is more important. The actual approach of how to do this makes or breaks the security mode. >From that approach follows what parts are required to be in hardware (to still be fast and secure). I claim no expertise in the domain you address in this thread, so apologies for the generic answer. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1828191.tAHdXYOLUq%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] GPU Passthrough Status - (Purely a meta-discussion, no specifics)
On Saturday, 16 December 2017 03:25:46 CET Yuraeitha wrote: > Initially, this is all the reasons I can think of for wanting V-GPU. ... > - Extending a single Qubes machine around the house or company, using > multiple of screens, keyboards/mouses or other thinkable means. This sounds inherently unsafe. Not sure what your usecase is, but there has to be a better way than allowing a multitude of foreign, not-directly-connected hardware from accessing various very security sensitive channels. ... > - Cryptocoin miners who wish to utilize a single machine > for all round purposes. To build a proper crypto-mining rig based on GPUs, you would not run an OS on the machine. It literally drains money out of your system to use it on the same hardware as you main desktop. If you install 8 GPUs on a mainboard, you have to realize that the mainboard ends up costing a fraction of the total. Reusing it for non-mining purposes (while mining) just doesn't make any sense. Both from an economics as well as a security point of view. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8533554.PhlilUoQuC%40cherry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes GUI for v4
Last weeks there was a lot of talk about a lot of us missing the qubes-manager, or frankly any sort of useful graphical user interface. As I’m a long time programmer I decided to just give this a go and try to get something useful going. My approach is one where I talk directly to the Admin-API (at least when running in dom0) from this code which happens to have been written using Qt in C++, the code will be GPL licensed. The GUI is showing some usefulness already, the ‘start’, ‘pause’ and ‘stop’ buttons are functional. I just wanted to show some progress, hope you like it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4703087.nNqGHXKHql%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora 26 VLC/mplayer fullscreen problem
On Sunday, 17 December 2017 19:59:36 CET donoban wrote: > Any idea? If you hit the ‘f’ key to go full screen, or use the application menu, then you end up doing this using the application in the Qube. Try to do it using the menu on the titlebar, which makes the trusted-window- manager be the one to instruct the full-screen option. That tends to work better. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/floweethehub -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11660533.ZimtETrxDG%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
On Monday, 18 December 2017 10:13:48 CET pr0xy wrote: > I am still a bit stuck concerning the Qubes Update Proxy. Where would I > set the environment variables for my corporate proxy so that I could > update dom0, templates and VMs? You should add sys-net to your template VM if you want that since the proxy that is in place today is to avoid your template VM from accessing the intranet or internet outside of your own machine. Then google on where the template operating system (Fedora or Debian etc) sets proxies for doing the command-line update, the configuration is the same as Fedora or Debian etc. I don’t know fedora at all, in archlinux you’ll have a file in /etc/pacman/ which sets the current proxy, in debian you’ll likely have one in /etc/apt/ grep -R -i PROXY /etc/* may be useful too. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/floweethehub -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3673012.sFe5jTk4l6%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
On Tuesday, 19 December 2017 16:33:49 CET Unman wrote: > Tom > > Ive suggested before that if you give this advice you should > clearly state the consequences. Ok, no worries. Here you go: The consequences is that the template, which has no personal or identifying information, can be used to run apps that make outbound connections. Don’t worrry! No inbound connections are possible. In short; * There is no possibility of loss of private data (since there is none). * There is no possibility of a remote hacking attack (b/c no listening services). * There is no possibility of a hacker installing bad software in your template (only you can do that). Bottom line is that there is no additional risk when a user uses a corporate firewall and a http proxy to allow him to download updates. Unman, being paranoid is fine, but making users unable to update their system unless they do it the very complicated way you approve of will not help security. We are dealing with people, lets keep that in mind. Specifically, the result of being too strict on this is that they will end up either not updating (and missing security updates) or maybe just giving up and using the simple route of throwing security out the window and just getting the job done. Perfection is the enemy of good enough. And since I’m being nasty today, lets focus on another illusion in this email. You wrote; > sys-net will not enforce a firewall Basically true, sys-net indeed bypasses sys-firewall. But you are mistaken if you think that sys-firewall adds security. Sys-firewall adds the _option_ of allowing you to _manually_ add security. IF you have the know-how on how to do so. Which most people don’t. sys-firewall allows you to block remote hosts by IP-address, manually. And optionally. Making people believe that having sys-firewall makes them more secure is selling an illusion of security, which is really bad for actual security because it follows that people will believe they are magically secured. In reality the configuration of the firewall is a highly specialized and low- level task that most people without sys-admin-training will simply not do. Security is not about following a rulebook, it is about people first and foremost. Lets not lose focus of that, please. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2682772.EKl5eY0fiO%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes GUI for v4
On Wednesday, 20 December 2017 08:25:44 CET Matteo wrote: > but before you code it you should talk to joanna to be sure it will be > accepted and used. I sent an email to the dev mailinglist at the same time I sent one here (no reply so far) so at minimum she knows about it. But I have to say that I’m programming this for myself and for people that have indicated they want a similar solution. It would be nice if it were packaged in Qubes, but I’m not depending on it. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12525626.MbyXGMKWBx%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Attempting to securely wipe drives, running into issue.
On Tuesday, 19 December 2017 22:09:31 CET David wrote: > I'm attempting to wield a command from the archlinux wiki and getting > access denied, even with sudo in front, and even when on dom0 (against > my better judgment). Any thoughts? A complex series like this is best just to run as root in a shell. First run something like; # sudo su which should give you a shell that is owned by root. Type who ami to confirm. Then you can copy/paste the line from the archlinux wiki to do the work. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3256594.W4lDGWArza%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.
On Wednesday, 20 December 2017 11:59:26 CET Holger Levsen wrote: > oh, and if you want to securly erase data, use /dev/random, not > /dev/urandom. This is not good advice, your /dev/random device creates true randomness, but it only generates a very small amount of data. Bytes per minute. Creating enough to write to a many gigabytes data would take centuries. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79673397.0iQst3c43i%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] template /home/user is not copied when creating appvm
On Tuesday, 19 December 2017 20:22:02 CET Dave C wrote: > Whenever a TemplateBasedVM is created, the contents of the /home > directory of its parent TemplateVM are copied to the child > TemplateBasedVM’s /home... > > Is this true in Qubes 4.0 rc3? > > In my experience, changes made to /home/user in the template are not > copied to the appvm when it is created. This mirrors my experience, AppVMs don’t inherit the homedir. I believe that the design has changed (i.e. the docs are outdated). Template VMs are means to be used purely for its operating system and the software going with it, the homedir should have no personal data or app-configs because you should not use the template for anything other than updating packages. Notice that disposable VMs no longer use templateVMs, they are based on an AppVM instead. You will likely end up creating an AppVM which will be a template for disposable VMs launched by the system. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3068604.OtRxxK0urg%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
Thanks for your mail! I think we are getting to the core of our little discussion :-) On Thursday, 21 December 2017 19:02:23 CET Unman wrote: > Since templates can be customized by the user it is not true that they > cannot contain private data. They can contain private data, because they have harddrive space. So technically speaking you are not wrong. Do you have any reason to believe there is any incentive to store your private data, your account info (password) etc in a template? > It's a moot point to what extent Templates do > contain identifying material, even when not customized. The entire point of Qubes is compartmentalization, which means actively choosing where you have your login data, your keys and your private messages. A security worry that assumes people will copy their darkest secrets in inappropriate qubes is a bit... odd. And that is exactly what you say when you argue placing material you want to keep secret in a template is a moot point. > It isn't true that Templates CANT contain listening services, This is true only if you pick your words very specifically. It is true that template can try to listen to someone out there. But its pointless because the Qubes system doesn't allow anyone to connect to your templates. There is no port forwarding to your templates. Just connecting to sys-net will not make that magically happen. Bottom line is that no hacker can connect to your services on your template. And thus you can’t get remote hacked by doing nothing. > or services > that make outbound connections without user intervention. Debian > Templates will start some services on installation, for example, and > there are other "aids" that may initiate outbound connections without > the user's knowledge. There are circumstances where this could be > extremely undesirable. Interesting to hear, you maintain the Debian RPM for Qubes, right? Can you explain which services are started automatically and do outbound connections in that template? You seem sure, so please share that info. > If (e.g) you use a web browser in a Template there is every chance that a > hacker may install bad software without your knowledge. I highly doubt that. If that were true most Ubuntu boxes would have been turned into bots. But more importantly, the advice to only run software to update your template stands. The template VM is started for updating your operating system, it is not for playing a flash game or running Skype. This was always the advice. > If the Template is compromised then all the AppVMs that use it > will be compromised. This thought is not false, but your thoughts of how a template can get compromised are clearly unfounded. As you have admitted multiple times; all these technical things that make basic tasks more difficult are there only to protect the user from user-mistakes. To be clear, I can get on board with the idea that users should be discouraged from *using* templates. User training you called it. I think the two different schools of thought here are that you work with rules a lot. Decide that users can't do X or Y or Z, and you solve the problem. This works in a company, this works for a certain set of users. I come from a different background, after 17 years of doing open source I learned that telling people what NOT to do will always lead to disappointment. :-) Finding more user friendly ways of telling people what is a better way to solve a problem is the direction I'm leaning towards. Lead, not punish. As a quick example; make templates have a config file that indicate which software is the ‘updater-GUI’ and make the icon-updater use this info to only show a limited set of start-menu-items for template VMs. A second icon associated from a template would be “create VM based on this...”. My thinking is that we have to work *with* people, not against them. Provide more useful options, don't take away ones you think are dangerous. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40945027.Ov4JLljASd%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
On Thursday, 21 December 2017 19:02:23 CET Unman wrote: > This helps protect against user error - for example, opening a browser in > Template by mistake, and using it to browse the web. A separate thought occured to me, if Qubes is worried about users misusing templates, I'd argue that free sudo-access should be removed from templates so you benefit from standard user protection. In other words, you'd need a privilege escalation to compromise your template. While today the bar is much much lower. Naturally, an AppVM based on a template would have to have full sudo access. What do people think about this? -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4630734.vq5SLFKYRq%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?
On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net wrote: > assuming > 4.0 is going to come out of the box with like Debian 9 and Fed 26? Fedora 26 is not going to be used in 4.0, maybe in 4.1 source; https://groups.google.com/forum/#!msg/qubes-devel/13PZgSOaajA/RvBh02ANCAAJ -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36072167.FdIqrO2KI0%40strawberry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] pools, how to use
Hi, I've set up a new qubes install and created two LVM volume groups. I wanted to try and see how this works with qubes and I tried out the pools concept. The problem is that I think I did everything according to the docs, but the qvm-create command gives me an error message. Can someone find out what I did wrong? sudo vgs -a VG #PV #LV #SN Attr VSize VFree Slow 1 1 0 wz--n- 391.51g 391.01g qubes_dom0 1 2 0 wz--n- 59.33g 37.33g sudo lvcreate -L 37g -n systems qubes_dom0 sudo lvcreate -L 390.5g -n data Slow sudo lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert dataSlow -wi-a- 390.50g adminvm qubes_dom0 -wi-ao 22.00g systems qubes_dom0 -wi-a- 37.00g qvm-pool -a qubes_ssd lvm_thin -o volume_group=qubes_dom0,thin_pool=systems,revisions_to_keep=0 qvm-pool -a data lvm_thin -o volume_group=Slow,thin_pool=data,revisions_to_keep=0 qvm-create -P qubes_ssd --template fedora-25 -l green --class AppVM test app: Error creating VM: b' Logical volume qubes_dom0/systems is not a thin pool.\n' Any help appreciated! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2932962.V7N4gufabA%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] pools, how to use
On Sunday, 24 December 2017 02:09:54 CET Marek Marczykowski-Górecki wrote: > > sudo lvcreate -L 390.5g -n data Slow > > You need yo create those as thin pools, not standard volumes. For > example this way: > lvcreate -L 37g --thinpool systems qubes_dom0 Thanks, that fixed it :-) It took some more puzzling and I now have some VMs on LVM pools instead of everything as huge files in my dom0 filesystem. Great success. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2149218.s4zhisSmft%40strawberry. For more options, visit https://groups.google.com/d/optout. signature.asc Description: This is a digitally signed message part.
Re: [qubes-users] Password security/disposable vm security
On Sunday, 24 December 2017 01:58:36 CET mmm...@gmail.com wrote: > Can't we just create disposable thunderbirds to protect the password? The protection you want is against the evil software leaking the password. A disposable VM would not help in this case as you enter the password, or you let it remember your site passwords, then it would just send it out t the evil website immediately. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2233978.iWJVDZlCSV%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
On Sunday, 24 December 2017 23:14:21 CET mmm...@gmail.com wrote: > Okay so I read all of that lol, and I understood it all but what if there > was an e-mail client that used the browser method? You get logged in to > all your emails without retrieving anything then switch to cookie > authentication and forget the password, that way when the zero-day > happens you only lose your cookie which is probably not as powerful as > the actual password(ie I dont think you can change your password with > just the cookie) plus the zero day can't "permanently" compromise > thunderbird cause you opened it in a disposable , just only after this > odd login method over and over again =p. Maybe that's overdoing it > butI don't want to change my passwords ever so laziness commands me > to want such a thing XD. I think you may have misunderstood the idea behind the initial post you quoted; > "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" The thought behind that quote is that you have to trust your open software running on your machine and there is no way around that. As the quote says, feel free to let it remember your password. No point in trying to be smart. So if you run thunderbird in a qube that has (access to) password and/or emails, you better trust that open source software with that information. So make sure your software is from a trusted source. Personally, I' d avoid thunderbird and anything from mozilla, but thats just me. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2283324.qrAAk4daPN%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Trying to download new Whonix templates and fedora 23 gets updated?
On Sunday, 24 December 2017 02:33:26 CET Sven Semmler wrote: > On 12/09/2017 08:38 PM, vel...@tutamail.com wrote: > > Dependencies resolved. Nothing to do. > > Did you include the --enablerepo parameter as shown below? > > sudo qubes-dom0-update --enablerepo=qubes-community-templates > qubes-template-whonix-ws qubes-template-whonix-gw And be sure to read the output fully, sometimes it says it will remove certain packages but then if your read the full text you notice that it actually doesn t do so and you have to pass in two more parameters to get it to actually resolve conflicts... -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3361966.yVHOLScUyE%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
On Tuesday, 26 December 2017 00:56:30 CET mmm...@gmail.com wrote: > "So make sure your software is from a trusted source." > Right but even if it is trusted at one point it can become less > trustworthy later(infection) so I wanted to keep it perfectly "fresh" by > using disposables. Aha. In Qubes you *use* AppVM based virtual machines. Those are unable to change software because the actual software is owned by a TemplateVM. As such this idea of keeping it fresh is already done by normal daily usage of Qubes. The disposable VM concept goes one step up by isolating changes to your private data (downloaded files, config, etc). For your goal the dispVM doesn't add anything, AppVMs already do what you want. > "Personally, I' d avoid thunderbird and anything from mozilla, but thats > just me." > Do they have a bad track record(I planned on researching my apps later > =p). Just last month they added an invisible plugin in their binary builds which was programmed to not show up in the 'add-on' screen and had the ability to alter page content. Someone didn't actually program it well enough and the whole thing got leaked and after a lot of heat, a lot of bad press they eventually apologised. I'm more concerned that they tried then how they failed. It leaves a bad taste in my mouth. Google for "looking glass" and "mozilla" if you want to know more. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2452051.NKi2Ta5ZWQ%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install software on templates (Qubes 4.0)
In short, software is to be installed in your template exactly the same as you would do it in the ‘upstream’ way. So if you are using a debian template, you’d be able to go to the debian wiki pages that explain how to do it. So your question 1 and two are answers with; “like in the upstream distro". > 3. What if we need to install a package that's not available via a repo? This opens a bit more complex situation because software not available for a public repo may cause the issue of it not being trusted. I don’t trust skype, for instance. Technically the installation is not too difficult, you just follow the instructions from the place you find the software. But it is important to assess how much you trust this software and its installer because changes made in a template will have an effect on ALL qubes that are based on it. Installing untrusted software in a template may end up exposing your data in the “work” qube that is based on it. You may consider creating a new AppVM where you install the software (again, using the instructions from the place where you find the software). Check the /rw/config dir, there is a binds configuration that allows you to specify which files or directories are kept between restarts. Hope this helps. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4259797.hveZSERC7u%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install software on templates (Qubes 4.0)
On Tuesday, 26 December 2017 23:58:36 CET Eric Scoles wrote: > Sorry, I guess I'm not understanding your answer. The 'usual way' to > install in an upstream distro would be to connect to the network. Your ‘yum’, ‘pacman’, ‘apt-get’ have access to the internet via a proxy solution. Please give it a try. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22619918.86Z0RbBJyT%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On Wednesday, 27 December 2017 00:34:38 CET Leo Gaspard wrote: > > I'm more concerned that they tried then how they failed. > > It leaves a bad taste in my mouth. > tl;dr: please do google for “looking glass” and “mozilla” Its good we agree on all the technical details, and I agree intent is tricky to guess about. I definitely will not advice people either way, my opinion is irrelevant and browsers are not my specialty. The situation left a bad taste in my mouth, I had to conclude that their priorities are not aligned with mine. Your millage may vary. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11327008.TsmdWpZAG9%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weak connection. Cannot reinstall borked template, download will not resume.
On Wednesday, 27 December 2017 03:02:57 CET dangmad...@gmail.com wrote: > Opted to reinstall template, but I cannot download it without my > connection dropping, and thus timing me out. dnf does not resume the > download, despite it claiming to be saving the download to cache. > > I have put keepcache=true in dnf.conf, with no results. > > > cannot wget from dom0. Should I wget from some other VM? You should definitely be able to install a template you downloaded and copied via whatever means into dom0. Please be aware that download-resumes are a feature on the server as much as on the client. Your wget should be able to tell you if a resume is possible serverside by just testing it (ctrl-c it after 100KB, and use the --continue flag on second try. I ve seen the qubes builder create a script that installs an rpm directly from local file, hence I know it is possible. Just don' t know how. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1947346.PResNbeEAm%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On Thursday, 28 December 2017 03:49:07 CET cooloutac wrote: > chrome doesn't have a good track record either. Not to be confused with the project “Chromium” which is based on the open source version of google-Chrome. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1563903.oqRGAcKBYx%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: new Desktop build recommendation
On Friday, 29 December 2017 19:23:01 CET taii...@gmx.com wrote: > I am sure the massive > markup over parts cost is worth it for a "tested working properly" > system right? Yes. Yes it is. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2639293.tW9BGqeZ3M%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Install Rtlwifi new
On Sunday, 31 December 2017 20:57:36 GMT davidmizr2...@gmail.com wrote: > I can see e permission problem here > "/net/wireless/realtek/rtlwifi/rtl_pci.ko' Read-only file system, That is not a permission problem. Nobody can write to a read-only filesystem. Try to make sure that you configured your compile correctly. The path starting with /net makes little sense to me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4847878.CPfFngQe5g%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Detached LUKS header
On Monday, 1 January 2018 18:14:27 CET spi...@gmail.com wrote: > I did look at this link as I already said. > But the thing is that there are no info on how to install it > without using the GUI. if you get to the installer you can use alt-f1 to get to a native TTY. There are several of them and at least one is a bling bash which has root. Not sure how easy it is to use, but that may just be the entry point you were looking for. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6674491.ZHgf7Uu3eD%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How find out addresses to limit outgoing connections
On Saturday, 30 December 2017 04:55:59 CET Stumpy wrote: > In the end, I want to have say a VM for email, where the firewall blocks > everything but access to the email service, and do the same for my > "banking VM" or "bitcoin wallet vm" > > I'm at a bit of a loss so would be greatful for help. Using gmail in your browser is indeed quite difficult to allow specifically. Even using another protocol to a provider like google is practically speaking not possible. So I think you started on the hardest problem. Instead, if you were to use for instance kolabnow.com, you'd be able to limit your outgoing to just two hosts (imap.kolabnow.com and smtp.kolabnow.com) which is a short list of IP addresses. (I personally use 'dig' to find out all IP addresses of a DNS). Same with the Bitcoin wallet VM, you need to find out a series of trusted IP addresses and only allow outgoing connections from them, and likely no incoming connections at all. Those IPs would be someting from friends, or some you find on; https://bitnodes.earn.com/ But notice you need to then tell your bitcoin software to actually connect to those IPs and likely skip any DNS lookup. Hope that helps! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19704108.RhNjRlVOSx%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation security : Usb optical vs sata optical vs usb drive
On Tuesday, 2 January 2018 06:20:46 CET mmm...@gmail.com wrote: > So from the installation security guide I read the following: > And for USB Drive: > "Untrustworthy firmware. (Firmware can be malicious even if the drive is > new. Plugging a drive with rewritable firmware into a compromised machine > can also compromise the drive. Installing from a compromised drive could > compromise even a brand new Qubes installation.)" > > Do usb optical drives not also have the same problem firmware wise? The problem with USB is that its universal. An attacker can make his device look like its anything USB based. For intance a rarely used web-camera. The problem with that is that each brand has its own driver in the Linux Kernel and most of those drivers are hardly checked for exploits. As such, an innocent looking thing that connects on USB could root your kernel with unknown exploits in any usb driver shipped by the kernel. Just using a different firmware. This is why there is the suggestion to have a sys-usb qube to isolate those drivers, should you fear your hardware in future falling in the hands of bad people. > What about sata? I hope someone else can answer this. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12053226.DA0ORK4ZM7%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disable root password on fedora-25-minimal (Qubes 4.0rc3)
On Tuesday, 2 January 2018 18:26:27 CET Fabrizio Romano Genovese wrote: > ...But how? The naming is confusing as the root password is not really removed at all. What happens is that a service called 'sudo' is configured to allow you to do anything without a password. Make sure you have this content at /etc/sudoers.d/qubes) https://www.qubes-os.org/doc/vm-sudo/ also I suggest double checking that sudo is actually installed. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1593640.XvPIAPtHh8%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4rc3: More space needed on the / filesystem.
On Wednesday, 3 January 2018 16:16:13 GMT Fabrizio Romano Genovese wrote: > I am trying to install texlive on a fedora-26 template vm. The package is > quite big, nevertheless it is correctly downloaded. After this, when the > actual installation process would be supposed to start, it fails with the > message: > > At least *MB more space needed on the / filesystem Have you considered making the root filesystem of your VM have more space? In the settings dialog for a VM its the "System storage max size" item which you can change. Be aware that the VM likely needs to restart to access the extra space. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1746454.YCgnGZCP08%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Donations with Bitcoin (Cash) - BCH
On Thursday, 4 January 2018 12:28:27 GMT evas...@openmailbox.org wrote: > Happy New Year Qubes Community! > > Due to high fees and heavy losses to donator at Bitcoin Core (BTC) network > I suggest to at Bitcoin Cash (BCH) donation address as alternative. > Nobody want to donate 50$ and lose 40$ as fees. As a long time Bitcoin developer, I completely agree with this sentiment. I want to also add that the current address publicly displayed will work just fine on Bitcoin Cash, which may be useful to know. Big companies like bitpay (biggest bitcoin payment processor) have already stated they will no longer accept any Bitcoin internet payments under $100, which you can understand means it can no longer be used for the majority of Internet payments. They are working on switching to Bitcoin Cash instead. Curiously, looking at the Qubes donation page I see that the address you have shows that the Qubes organization in actual fact already owns a some funds in Bitcoin Cash (BCH). https://bch.btc.com/3GakuQQDUGyyUnV1p5Jc3zd6CpQDkDwmDq Around € 700 worth. To the Qubes-guys; please consider updating your website and if you post it on something like reddits rBtc forum, you likely will get some more publicity out of it as well. If you want any details, feel free to ask me more in private email. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1537277.lEZcpCop9W%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How do I install and configure a template vm in Qubes 4?
On Thursday, 4 January 2018 10:40:56 GMT 'Ahmed Al Aqtash' via qubes-users wrote: > In 3.2 you could allow network access in a template rather easily through > the GUI, and thus be able to pull software from other destinations than > just repos. The same functionality is present in Qubes4, just not via a GUI. open a terminal in dom0 (adminvm) and type; qvm-prefs -s YOURVMNAME netvm sys-firewall When you are done downloading consider unsetting the netvm with; qvm-prefs -s YOURVMNAME netvm "" I'll add the warning that you should be careful what you do in a TemplateVM, anything you run or download has sudo and can install or change data which then will cause all your VMs based on this template to be contaminated. Be safe. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6475371.V95BB4TYbR%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 rc3 boot and performance is quite slow
On Thursday, 4 January 2018 11:49:45 GMT Fabrizio Romano Genovese wrote: > Looking at the console messages at startup, it looks like the problem is > that Qubes takes more than one minute to boot sys-net, sys-firewall, > sys-usb and sys-whonix. That was not the case in 3.2. > > Also, when giving > qvm-start someVM > the startup time is again quite slow. Could it be that my VMs are based on > Fedora26? Can you try giving your VMs more initial memory? I saw that the default of 400MB is causing VMs to swap like crazy on startup. I change it to 1000MB and stuff starts significantly faster. I also removed swap in fstab on all templates, the only effect this has had so far is show that the memory balancer is in need of work. It fails to give hosts memory when they use significantly more than others. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4469951.fVkcPeMF00%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tweak Tool not working as expected after upgrade to Fedora 26
On Thursday, 4 January 2018 02:11:16 GMT Mark Malcom wrote: > I downloaded fedora-26 template and after that my gnome-tweak-tool is > completely ignored: no themes, no windows scaling anymore. Not just the > Tweak Tool, but if I try to change the scale factor with gnomesettings, > that is also ignored. Lets check if its an environment issue; if you start a terminal on a VM. In that terminal do an; export GDK_SCALE=2.3 and then start something like chromium or any gtk app. does that work? If yes, then you know its most likely a problem with environment variables in your VM in one way or another. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1643950.2kKg6ph7nQ%40mail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] dns in qubes
I'm trying to figure out how this works, and I am stuck. In every qube (except sys-net) there is a resolv.conf that points to two name servers. 10.139.1.1 and .2 This raises two questions; * how does sys-net handle these requests on this odd address. No 'ip ad' network seems to listen on this address. * how can I change this in indidivual qubes in the correct matter. I have some qubes routing through sys-vpn and I adjusted the vpn VM to find the DNS, but users of the vpn can't find any DNS service now. Any help appreciated. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65877894.cAG3c6iG4f%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] dns in qubes
On Friday, 5 January 2018 15:37:37 GMT Unman wrote: > Look at the nat table in the upstream netvm. > You'll see that sys-net NATs these requests to the NS used by sys-net. Ah, that hint was enough, I didn't expect NAT, thanks! Got it working now. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1933751.YPqAdZ1Hvv%40mail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Qubes Controller as the new Qubes-Manager
On Friday, 5 January 2018 23:43:58 GMT Zrubi wrote: > > I'll attach two sceenshots of the tool, to give you a bit of an > > idea of what it already does and maybe if its worth your time to > > compile > > Probably this is very subjective, but: > For me, the most important parts/feature of the current Qubes Manager > are (in order of importance): > > - Full overview of the state of the VMs in ONE screen, without clicking. > The new widget is failing on this badly, just as your proposal. My aim has so far been to show which VMs are there, which type they are and if they are running. This is visible in one go. Including even which VM has a high CPU usage. I'm not happy yet with the way that the netVM is visualized, as you say it costs clicks on each VM. > - Changing the NetVM of a given VM. Great idea! > - Starting programs from a given VM. Fully agreed, this is what I added last week. I'm using it all the time. Much more convenient than the start menu. > - start/stop VMs Present :) > - attaching/detaching devices. Yes, definitely. > - reading VM logs. Good to know. > Probably these are only my personal preferences. Hence I have no time > to write a new manager for the Qubes 4.x I just shared my use case. > Feel free to ignore them if you don't like 'em They are excellent ideas, thanks! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11479443.jBHdx6CR7K%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Q4.0 rc3 (current testing) - power off/ suspend issues.
On Saturday, 6 January 2018 10:56:13 GMT haaber wrote: > 2) Reboots hang systematically at "Reached target shutdown" and has to > be rebooted via a coldboot. I've been seeing this too, although sometimes it goes on after half a minute only to hang at some other point (after loads of messages). I noticed that if I manually shut down all qubes, INCLUDING, sys-net, before logging out then this problem is avoided. Next time you reboot, can you try that and let us know if this isn't just me? That may help with debugging. Cheers! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1691880.VtDucUss21%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] hey, Please confirm we cannot install Qubes 4.0 on DVD, and the minimum on flash drive to install
On Saturday, 6 January 2018 17:42:00 GMT russlyatos...@gmail.com wrote: > hey, Please confirm we cannot install Qubes 4.0 on DVD, and the minimum > on flash drive to install Qubes 4.0 we must have 32GB? thanks Not sure if this is helpful; the minimum size harddrive I've installed Qubes on was 21GiB. But you have to skip the debian and the whonix templates and I turned off swap. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3687512.A40YJjNSdJ%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes app menu keeps old templatevm entries.
On Saturday, 6 January 2018 23:19:54 GMT pixel fairy wrote: > The app menu, top left, keeps entries for old template VMs. is there a way > to get rid of them? You find the data backing this in $HOME/.local/share/qubes-appmenus/ -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1716821.WnKjKGyYoC%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes 4 qvm-trim not exist
On Sunday, 7 January 2018 19:40:27 GMT Yuraeitha wrote: > But there are still some > issues, i.e. no visual interface to show your overall disk space useage > (the other month, you had to pull and combine several commands to make it > show accurately). I'm not sure if this disk space useage reporting issue > has been fixed today though. * https://github.com/QubesOS/qubes-issues/issues/1872 (open) Implement UI Notifications for cases of a Qube disk full * https://github.com/QubesOS/qubes-issues/issues/1053 (open) Improve usability of VM disk space / increasing disk size * https://github.com/QubesOS/qubes-issues/issues/3438 (open) Qubes storage pools of type LVM issues This one is closed, but as I point out in the collection of issues (3438) this is not yet fixed; https://github.com/QubesOS/qubes-issues/issues/2016 (closed) Create dom0 API to detect global disk space available And, yeah, it also still needs a user-interface. The simplest way to get the space usage if you are using a LVM based pool (which requires completely manual setup at the moment) is sudo lvs and you can read under the column "Data%" how much actual usage you reached. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4269306.bpYcQdtx5U%40mail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] how to get the update proxy working again
I needed space on my dom0 (Q4) drive, so I ended up using qvm-clone to copy my fedora25 template, my sys-net & sys-firewall to a different pool. I naturally also copied the setup from the config dialog. Everything seemed to work for a while, so I removed the sys-net /firewall originals. Now I have a problem, updates in templates no longer work. The magic proxy fails me and I can't figure out how that thing actually was designed in order to make it work again. My first thinking was to assign the original IP addresses to the cloned VMs, but qvm-prefs refuses to overwrite the qid property. :-( The docs on the website talk about a service "qubes-yum-proxy" can't find that one, though. I guess its a 3.2 property. Anyone here able to explain how this proxy works? Would make a nice doc on the website too! I'd love some suggestions on how to fix this... Thanks! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4020213.iHnCjNg7BT%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: how to get the update proxy working again
On Monday, 8 January 2018 06:53:46 GMT khmartin...@gmail.com wrote: > Is your new net vm different than "sys-net"? This caused me problems too. > One solution is to rename the new net vm to "sys-net" or you can edit > this file in dom0: > > /etc/qubes-rpc/policy/qubes.UpdatesProxy > > In that file there is a line that says target=sys-net. > I changed it to the same name as my net vm. That did the trick! Thanks, I would never have found that... -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5511262.ciHnklDXiN%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big if true: AMD reportedly allows disabling of the PSP (its Intel ME equivalent)
On Monday, 8 January 2018 10:10:17 GMT qubestheb...@tutanota.com wrote: > Hi. > > https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option > It's still yet not known whether this disabling is effective and whether > it disables the PSP in its entirety. > > But if it does, then that would make the most recent AMD processors one of > the best choices for Qubes 4.x usage. In context; https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI So its an up / down :) * AMD is faster (no PTI) * AMD has a remote code execution issue, at least until you can turn off PSA using a bios update. * Bios updates are not much seen in the wild. Time will tell. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3608826.gtipCf02p4%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users wrote: > But issues like moving a templates home directory to /etc/skel (meaning > that appvm's inherit /etc/skel as home dir from the template) left me > baffled with my first install.. Homedirs are completely separated from your template homedir. I personally ended up setting up things like chrome and konsole, bashrc etc. Making a tar off my setup and uncompressing it on other qubes. Usage of /etc/skel is not something I suggest, that is *only* for first initialisation of an AppVM and never gets updated again. Bottom line; your homedir is unique and different in each and every VM. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1587531.ENQz9nrnvL%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users wrote: > * One I call 'trusted' which is based on debian sid (unstable) that I > install everything I use for daily usage (firefox, libreoffice, mpv, > emacs, other open source tools). Primarily AppVM's will be based out of > this template. > > * One I call 'untrusted' that is going to be a clone of 'trusted', and > that I install proprietary software in, that I also use on a daily basis > (e.g. spotify). Also AppVM's out of this, but probably only 1 to start > with. An alternative solution is to make your "untrusted" VM an AppVM and you install the software in there using bind-dirs. Then you *only* use that VM for running that software and you likely store no personal data there (other than maybe your spotify cridentials). Additional bonus would be to open any webpages in disposable VMs, should you click on a link in any of those apps. > * I will probably create a standalone VM based off of 'trusted' that I use > for development. So I will install stuff like docker, golang, and all > other > stuff I would otherwise use for developing. I may be wrong, but all those development tools are open source and likely shipped by your distro. In which case I wonder what the benefit is to putting them into its own VM? In short, maybe the simplest way is to create; * TemplateVM: debian9 * Work AppVM based on debian9 * Untrusted AppVM based on debian9, adds untrusted apps using binds * any other AppVMs you need... All based on the same debian9 template. > NOTE: I use zsh with oh my zsh and spacemacs. Both of which are git repos > that are cloned to the homedir of the user (meaning they are git repos > cloned to /etc/skel) Using /etc/skel just causes the data to be copied to the appvm homedir on first start. You end up duplicating the data anyway, maybe you can use a different way to copy everthing between VM homedirs. Notice that you can just do a qvm-copy [dir] which copies recursively. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2937565.vjQbnCdrbL%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Graphic Tablet Compatibility (basic features)
On Tuesday, 9 January 2018 01:54:40 GMT Fabrizio Romano Genovese wrote: > Hello all, > This looks like an old issue: > https://github.com/QubesOS/qubes-issues/issues/2715 > > I'd be interested in using only the basic tablet features (essentially > moving the mouse and clicking around using the tablet would be enough). > In the issue linked above it is said that > > "this in theory should be easy (a matter adding proper metadata - min/max > - to the protocol handshake, and filtering events based on this info)" > > I'd like to help with this, but I am no coder. I just know a bit of bash > scripting and trying to check the code in > > https://github.com/QubesOS/qubes-app-linux-input-proxy/blob/master/src/pro > tocol.h#L17-L28 > > didn't really help. I understand that developers are quite busy with much > more hardcore problems to solve, but if someone could at least point me > to the right research direction I could try to investigate this by > myself. From; http://linuxwacom.sourceforge.net/index_old.php/howto/theory > Initially at least, the USB Wacom tablet is an HID compliant device, and > when first connected to the computer, will identify itself as such. > Unfortunately, this is not what you want because in this mode, you will > not get any of the fancy features. The hid-core.c, mousedev.c, and > usbmouse.c kernel drivers contain exceptions for the wacom; when the > device is detected, they ignore the tablet. So maybe you can use that website to find out how to configure your wacom to just be a HID (human interface device) and make it send those mouse clicks. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3164963.Ui2e7s9DGh%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
On Tuesday, 9 January 2018 08:54:02 GMT aaq via qubes-users wrote: > Okay, so I found the documentation for bind-dirs > (https://www.qubes-os.org/doc/bind-dirs/), but was still wondering if > you meant binding the AppVMs /usr/bin and /usr/local/bin, or was thinking > of something else? > > I would assume I need to bind all dirs that a given application is going > to write to (such as potentionally /usr/share, /var/lib, etc). Let me give you an example usage; I have the binary build "keybase" app in its own AppVM. It installs the majority of its files in /opt, as such I bind that dir. (restart before install!). There are a dozen files also being copied into the /usr/ dir-structure. I copied those files into the /rw/keybase/usr/ dir structure and I edited /rw/config/rc.local to copy those files back onto the /usr dir-structure at vm-boot. This was enough for this app, your actual usage may depend on how your app installs itself. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2618527.1rHtBk9TLS%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
On Wednesday, 10 January 2018 18:32:39 GMT Chris Laprise wrote: > I also have a download-able project that makes the scripted/antileak > setup fairly simple in Qubes R4.0: Please consider updating the docs repo with this :-) I poked the Qubes guys about providing a separate dir on the website to make it clear what is 3.x and what is 4.x specific, but they stated we should instead put notices about exceptions in the document pages. So I guess things like ProxyVMs should be mentioned to be old and AppVM is the new. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5012141.s6n0VTKdtO%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
On Thursday, 11 January 2018 03:42:11 GMT Andrew David Wong wrote: > On 2018-01-10 12:53, 'Tom Zander' via qubes-users wrote: > > I poked the Qubes guys about providing a separate dir on the website to > > make it clear what is 3.x and what is 4.x specific, but they stated we > > should instead put notices about exceptions in the document pages. > > That's not exactly right. Please see: .. > > In other words, do not just add notices in the text about exceptions. > Instead, make clearly-labeled sections for 3.x and 4.x so that users > can easily find the right information no matter which version of Qubes > they're using. > > > So I guess things like ProxyVMs should be mentioned to be old and AppVM > > is the new. Ok, I am having problem seeing your solution and my explanation of it as any different, in practice. Maybe I'm missing the obvious, I'm just not seeing it. In this specific case of the VPN page. https://www.qubes-os.org/doc/vpn/ * in v.4 there is no "NetVM". * There is no "ProxyVM" * The create qubes screenshot is considerably different. * adding 'meminfo-writer' and 'network-manager' are not needed (AFAIK). * does not use iptables anymore. Ok, going to stop now. I got to half the page and some 80% of the text and screenshots are wrong for v4. How would you solve that in line with the QubesOS policy? -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15007549.cTkGlXaZ1X%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Upgrading directly from Fedora 23 to 26 ?
On Thursday, 11 January 2018 06:39:02 GMT brutellealexan...@gmail.com wrote: > I don't seem to be able to download the 26 template either... It says all > mirrors have been used and it fails. This is definitely the direction you want to go, download the template from dom0 using sudo qubes-dom0-update qubes-template-fedora-26 after it installed the new template, you should start a terminal in iit and run the following inside of that template; sudo yum upgrade --best --allowerasing more info; https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/ If that faiils, please specify what you did and how it failed, this avoids guessing on our side :) -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2669430.f8Qn7f0c1A%40mail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] memory management in dom0 ?
I understand that there is a memory-manager to balance the memory between VM spaces. Does anyone know if dom0 is being managed this way? Currently there is 4GB assigned to dom0, of which 1.3 GB is in use. At the same time I have chromium getting out-of-memory errors in an AppVM. I'd like to actually use that 2½GB that dom0 now claims but doesn't use, anyone got ideas how? Thanks! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1525819.gA7xBjyaEC%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: memory management in dom0 ?
On Thursday, 11 January 2018 14:07:57 GMT Vít Šesták wrote: > For your case, I have few questions: > > * What's dom0 swap usage? Qmemman includes this amount in memory > requirements. My dom0 has no swap, I didn't disable it, it just never had any. I guess thats because in the installer I didn't assign any swap partition. > * Where does your “1.3 GB is in use” claim come from? Top :) The "in use" is what top claims. Add the "buff/cache" amount (1MB) to it and the "free" amount (1.6MB) and I do get to the total reported in both top and xentop. > * How much of memory does the AppVM use? I looked at it at the time I got repeated crashes, it had some 800MB assigned to it. > What is the memory limit for the > AppVM? See VM settings » Advanced » Initial memory. The settings are 1GB initial and 4GB max. I "solved" it by closing some VMs and my chromium got more space assigned. - The qmemman has some more room for growth. For instance I have one "Work" VM where I compile C++ code. I assigned it 16GB of memory and then qmemman came and only gave me 2GB. I start a compile (8 cores times 0.6GB of mem used) and maybe 10 seconds later I get out-of-memory issues. To my annoyance xentop shows me that there is still >10 GB free, unallocated. For some reason it just doesn't seem to allow growth of memory fast enough, regardless of my settings. I "solved" that by turning off memory management for that VM and just setting it to 12GB always :( -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1851645.2lrfOOeRYL%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
On Thursday, 11 January 2018 18:16:04 GMT Unman wrote: > On the VPN case your own comment confirms that it would be better to > provide a separate section, rather than trying to put "exceptions" in to > the existing text. Thank you for explaining that unman, much clearer indeed. While I agree on the general statement above, I feel its not the best solution in this case where 4.0 have massive changes in all layers of the technology. In many cases the about half of the text will be duplicated between the 3.2 and the 4.x sections, albeit with major changes. This will not help the reader much. More importantly, I fear that the new users (potential contributors) that have not used 3.2 will have a hard time deciding what to do with information that clearly doesn't represent the current state of technology. Asking people to put a lot of effort into reformatting documentation that may or may not actually be useful to anyone using an older version is a big ask in a volunteer project. I personally prefer the solution where a git repo is cloned for 3.2 as "legacy" which is then attached to the website under a subdirectory and people can edit that for maintainance and fixes. http://qubes-os.org/doc/3/ or somesuch. The majority of changes would then be in the 'master' branch which people can edit and they can add references to the github issues concerning known bugs. We can mark known issues with the pages like the VPN one I described and people reading the docs will actually be aware of pitt-falls. In my opinion there is only one thing worse than no documentation, it is official looking documentation that is wrong. > Also, that once 3.0 is retired, it will be simple to remove the 3.0 > relevant material, rather than filleting our bits from each page. This would be even better, if qubes ever wants to they can just remove the subrepository. What do others think? -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11311960.j3zXc7upma%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
On Friday, 12 January 2018 11:18:19 GMT 'awokd' via qubes-users wrote: > Would it be of value if I went through the published Docs and added these > version headers? Should newer versions be added at the top (so 4.0 before > 3.2 content)? 4.0 might just be "TBD". I think that would be wonderful, my main issue is with the not knowing if the current docs are actually applicable still. If someone could do as much as flag known out of date content as 3.2 only, this would be a huge help. The problem of knowing / identifying what isn't actually applicable anymore is the main one that I think is causing pain right now. Thanks! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1727079.pSIrDA7H5a%40mail. For more options, visit https://groups.google.com/d/optout.
