Re: [qubes-users] debian 8, rc.local not running

[Chris Laprise]

On 06/09/2016 10:31 PM, Drew White wrote:

Hi folks,

Debian 8...

On boot, the rc.local file doesn't execute after the system has booted.

What could be wrong?

root@***:/rw/config# ls -al
total **M
drwxr-xr-x 3 root root 4.0K Jun 10 12:24 .
drwxr-xr-x 9 root root 4.0K Jun  8 12:11 ..
-rwxr-xr-x 1 user user 5198 Jun 10 12:20 rc.local


it's executable by everyone, readable by everyone, so there should be 
no issues, right?


Hope someone can help please?

Every time my PC starts, that VM should set up all the ports to be 
forwarded and more.
I'm about ready to build an applicaiton to handle all the ports and 
all because Qubes doesn't have something that
handles it all in one, they are all separate and distinct, when they 
shouldn't really be.


I have other issues with the Qubes Windows Tools too, but that's 
another post, and I have pictures and a way around getting them to 
work on large resolutions, like they say there is a bug for.

--


Did you add the shebang at the beginning of the script?

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/575A423B.5010807%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Dom0 Enable access

[Drew White]

Hi folks,

I'm wanting to give Dom0 access to internet to only a specific IP Address.

This is to enable functionality that I need to look at and test.

What's the easiest way to do this?
Do I pass it through a ProxyVM that has rules for only the one IP that it's 
allowed to access?
Or is there a way to give it ascess via a NetVM directly but also enforcing 
the Firewall Rules set on the fly?

Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3391125f-020a-45c2-a13e-c677ef0be7a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] nm-applet disappeared

[raahelps]

I don't know if this is related to your issue, but I have gotten two network 
manager icons in the panel when trying to create a second usbvm.  Not sure what 
exactly happened but it was due to that usbvm i was trying to create and add a 
pci controller to.   Even though it was not the ethernet controller,  i was 
sure i was adding the right usb controller,  it created two network managers on 
boot and I coudln't get rid of them.   So i ended up just deleting that usbvm 
and the sys-net as well to be sure and recreating it.

 I ran into other errors like xenlight error as well.   I've learned form the 
mailing list this is most likely due to a security issue and limitation of my 
hardware to prevent me from passing around the controller to diff vms.  I guess 
there was also some bug that conflicted with the network controller.

So maybe this is possibly related to your issue as well?  If not i apologize 
for being way off...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd6ee3f4-c24f-48dd-a12a-2ddf9851cdfc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?

[Patrick Schleizer]

entr0py:
> Andrew David Wong:
>> On 2016-06-08 00:14, Albin Otterhäll wrote:
>>> I'm assuming that if you connect to Tor using the same Whonix
>>> gateway (e.g. "sys-whonix"), you get the same "identity" (IP, etc.)
>>> on both your workstations. Is this correct?
>>
>>
>> Not entirely. By default, stream isolation applies to different
>> workstations and to any supported apps in those workstations. This
>> means that every VM connected to sys-whonix will (and every supported
>> app in those VMs) will use a different circuit through the Tor
>> network, hence a different exit node, hence have a different IP address.
>>
>> However, there are still side-channel attacks that can be used to
>> correlate multiple workstations running on the same host (stressing
>> hardware and observing the effects in all workstations, clock skew,
>> network timings, etc.).
>>
>> Details:
>> https://www.whonix.org/wiki/Multiple_Whonix-Workstations
>> https://www.whonix.org/wiki/Stream_Isolation
>>
>>
> 
> What Andrew said. Some nitpicking:
> 
> There is no guarantee that you will have a different exit node (or even a 
> different circuit). It's random so you might wind up with the same but not 
> intentionally.

Yes, stream isolation by Tor default just isolated streams, not
necessarily assigns a different Tor exit.

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5759CE27.2070403%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How much security will I sacrefy, if I dualboot without AEM?

[raahelps]

On Thursday, June 9, 2016 at 4:00:16 PM UTC-4, raah...@gmail.com wrote:
> On Thursday, June 9, 2016 at 12:01:34 PM UTC-4, Arqwer wrote:
> > Documentation says, that there is a possibility, that other OS will infect 
> > /boot. What if I completely rewrite my hdd during os change, like , boot 
> > from usb and do 
> > dd if=windows_image of=/dev/sda
> > to run windows, and
> > dd if=qubes_backup_image of=/dev/sda
> > to return back to Qubes?
> > What if I will use different drive for windows, and take away qubes hdd, 
> > while windows is on?
> > Documentation says that other OS can infect firmware, how common is this 
> > attack? Is it just a possibility, or we know for sure that NSA does that, 
> > or that ordinary hackers can do that, or maybe there are viruses that 
> > attack everyone and infect firmware? Is it expensive?
> 
> Not sure how common firmware attacks are.  But I believe they have been 
> around for 20 years.   Same goes for bios. And IMO it just keeps getting 
> worse not better.   Most public case in recent times is hacking teams malware 
> for uefi bios.  Which they are in the business of selling such malware,  and 
> we can assume hacking team is just one of many groups like that.  We should 
> also assume its possible to inject it remotely.
> 
> AEM won't prevent something like that from happening,  but it would hopefully 
> let you know it has happened.  Which I then guess means you would have to 
> replace your hardware.

unfortunately, especially with modern machines,  these things can happen even 
without any os and there isn't much we can do about it.  either by physical 
access or even remote.  But when it comes to doing things through the o/s, 
qubes would be way more secure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7001382e-ded4-4c4a-9e9e-a87f02d423eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Windows 7 virtual graphics card

[J. Eppler]

Hello,

the Windows 7 standard VGA driver allows you to use such high values, but 
this was not my question.
My question was if Windows 7 itself does support 4K displays by default. I 
don't think it is a nice experience
to use Windows less than 10 with an 4K display with only 15" screen size.

Best regards
  J. Eppler

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1db699dd-8a09-4486-b797-989551e3a6fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Likely that installing a second hard drive in CDrom dray would *not* work?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-09 08:13, gaikokujinkyofu...@gmail.com wrote:
> I had problems with my cdrom drive, mainly that I could not get 
> Qubes, or any other Linux, to see it. I didn't have much use for
> it before but now it is totally useless. Even before this I had 
> considered replacing it with a hard drive caddy but now I am less 
> sure since the cdrom wasn't recognized.
> 
> Is my reasoning correct or since I would be installing a regular
> hard drive and I think the interface is just SATA then its likely
> it should work? Thoughts? (not looking for "guarantees" just some 
> feedback from those more Qubes savvy than myself).
> 
> Thanks!
> 

Sorry, it's not clear to me what you're asking. Are you asking whether
a SATA HDD is more likely to be recognized by Qubes than a SATA CD-ROM
drive? I suppose that if the problem isn't actually with the SATA port
or the cable, and if the CD-ROM drive is also unrecognized by other
Linux systems, then probably yes.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXWcOjAAoJENtN07w5UDAw17QP/RluEZ8Lbm901oIsXY/q0uMX
npMB6HKvFGW8Hes4fqTNntdmC1DcsVAAkDks7Mvq7acIxZv0tYuAoQqUxKtogrI9
Pq9sbKJkooT1eTyuac0pc1QCsQSDNhtE9H5kwv38J1HfEvMTw9kwyAmbTjIQcgvt
g+88q3eiTMaKgtbthkTBEPFwow+stAff1ff54HeDPAkhVMUCcn8m5M6C5oON7Ds1
hRQoMLZmFWSkoB8kl+V38jDl/STuFyRWjxabnBHS8tGQKmmUgBMnUiJm6fiGt6DW
+xEncP1uhTIINZ5CZDenceVFCCx4suF0IVta6vCqwMdaY2G7xFNYuYM5Dz6ZgwQG
hlRC2CdPXD5R7KAig0NLjat2ARJfCivM8lbLQjkoWlcPL1+AQlaSDuqYX1pskhXl
lxR3AZW0453BbN55efOYx2rBT4y0XhslTRsHVLGk02+Z5IKKkaRxDP4u+k41bXR+
RHJAkaxCtEXhJyVXhynw5HRfTf+uRcwBoO2DM6AoCZ1kIySCpr4jGDyocUX4T00N
LLWN8cepnt6/zhqVW9g/pJfY+NkmIhr0dbsQviKPT4lZWxbC5+q4zqMaf7U2mNoN
f8lcO7CP78GtXFoTLfylBfC+Osfaz2+i0PDFF/ByzwKTeeg4hH0K3vqdWCg156GM
bB+mlY9cq3Nibresc8gr
=COhD
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b820670-eedd-a515-5a8d-865f5ab1d242%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] use different network configuration for each template

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-09 08:00, Nicola Schwendener wrote:
> Hello all, I'm totally new to Qubes OS and I'm really fell in love.
> My 2 questions is about network connectivity. 1. there's a way to
> connect a switch with multiple VLAN in Trunk mode and let the
> templates work indipentently with a single VLAN? 2. there's a way
> to configure the template to use a Wireless LAN to connect to the
> internet while using the wired connection on other templates
> 

I haven't tested this, but I think if your hardware supports assigning
the wireless NIC to one VM and the wired NIC to another VM, you should
be able to have two NetVMs. (You may also want to have two
FirewallVMs.) Then it should just be a matter of assigning one set of
TemplateVMs to one and the other set to the other.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXWcIwAAoJENtN07w5UDAwoHsQALFJqH8b5zEaO1vR9ULQh5yg
lecZ44GuBrpwYwMZ+bYpHyusLsmZY7sCm8druU7qvsvolQnftkjgwrnfKcqOOkQE
QDDGvwNyTbGCgL6K0ONo1w6Q5KpfvvpxvUpZHUXUEEueK8pRrvKyh6vuqYi9C6fc
rjJCpYS4jfJYIqLUq6Cep++DeZFVSY3yC4sJKccrsaR+0+GEwOQh5h7NsTXYUdjp
/Fqjeeo6O5tAxTmfOvO0Of0G7QV0a9RVcP7T4UylN7WzLqaHOe178CTLMuFar4kW
AVgJDEC4rF8331mz+iUIbEx0MOF8255suFoBjpTh11Ujl9Pk6uGI/oeCxaA4GqJD
2snCdqoJdkMlDwAZ2wmzYinFy6QkLGFhWo435fcjYZq9hGAA1fO9ltDUmOHtf9cO
f8toDthLPSaMLgcJkqFIP1TC/bDRL9IARTFL2OTrkOG1m4dXA5rANgmTmJsdzkgf
uP81MMF6QSiy5JQRNgktRFWA8BJcRJaRwkMsAnpUG7vJVBXOs0yJ342RSZUL1tQJ
9i1f4uHHwoWgZDtNCIlZEHAmuKObDJfZFmFc9a+X1bBe25k+treOUpU9sNg+ytDp
OCzd0Nlb8zikKf5E8v1ehBRLtx2QbVfutXYDc8ZYxB4nJ4g2lRuQfG2eo46Ektnz
aX95aKXGuZfcvJiWHp5X
=7shB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9a84495-aa62-e793-8e9a-42d64ba6ab19%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to install clean template?

[J. Eppler]

Hello, 

yes, I normally clone one of the default VM's in the Qubes Manager. Which 
opens a popup dialog to name your cloned template. 

For example: fedora-23 -> clone to fedora-23-dev

Afterwards I tweak the templates for my development needs.

For example: Install my IDE, git etc.

At the last step I create new App VM's which are based on my development 
qube. I name them mostly after the project or programming language.

For example:
java-dev
work-projectname-dev
...

Sometimes it is better to create a standalone VM for development. 

Best regards
  J. Eppler

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/582e7923-8731-47e1-9f9a-defe8ad622fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Windows 7 virtual graphics card

[J. Eppler]

Hello, 

is a resolution of 2560*1400 and 300 dpi supported by Windows 7? 
As far as I know it is difficult to use with Windows 7.

Best regards
  J. Eppler

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a7a563c-334d-4199-aa96-4ac361e67152%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes user guide instructed me to brick my qubes disk

[J. Eppler]

Hello, 

Mike Patton is right. Instead of blaming other people afterwards you should 
have asked
before you do something.

Best regards
  J. Eppler

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/790bc109-e42a-4492-832e-bd474402c25e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install VPN in anon-whonix

[Chris Laprise]

On 06/09/2016 06:21 AM, asdfg...@sigaint.org wrote:


On 06/08/2016 04:15 PM, asdfg...@sigaint.org wrote:

Hello
I read the guide on whonix site about how setup a VPN in workstation but
it is old and my VPN is a little different, it has a GUI interface but
also a setup for Open VPN (to work i have to use GUI). Do I setup like a
normal VPN in debian (network connection, import configuration,
certificate etc...) and change firewall?

Thank you

Mixing a VPN in the same VM as other tunnels or proxies is a more
complex affair. Qubes proxy VMs allow us to do this kind of thing more
cleanly.

So I recommend using a debian proxy VM. The doc Andrew linked to
contains a firewall script I created with Whonix (and other apps) in
mind. Its designed to fail closed (block traffic) if openvpn stops
working, and to stop all leaks. The only thing in or out is tunneled
traffic and related ICMP. Its designed for simple VPNs that tunnel all
traffic upstream (i.e. no special subnet selections), so it'll work with
most services.

There is a fancier version that creates systemd service and has a more
explicit firewall setup, though its about the same protection:
https://github.com/ttasket/Qubes-vpn-support

What's more, you don't have to alter any template beyond installing
openvpn to get this working.

OTOH, if you're looking for a solution for Network Manager, the doc
shows you how but its without a firewall. I am looking into a way to
make the firewall script work with NM.

Chris



Hello
I have a problem when run this command
sudo chown -R root:root openvpn  (no directory)


The contents of the openvpn/ dir need to be transferred to /rw/config/ 
including the openvpn/ dir itself.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5759BA78.50405%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxify VM

[Chris Laprise]

On 06/09/2016 11:45 AM, Jeremy Lator wrote:

Hello
To setup socks5 in network-manager openvpn do I have to go 
advanced-->proxies and enter all the details?


Thank you


Yes, but I'd ask the NM folks about any issues with that.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5759B8A0.9070505%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes user guide instructed me to brick my qubes disk

[boromirsbeard]

> On Thursday, 9 June 2016 08:22:44 UTC+10, boromi...@sigaint.org wrote:
>>
>>
>> I followed the user guide here for creating a usb VM because for some
>> reason qubes will otherwise automatically connect a possibly malicious
>> USB
>> to DOM0 for some unknown reason. My qubes is installed onto a USB so i
>> dont know what good any of that would do.
>>
>> ---
>>
>> https://www.qubes-os.org/doc/usb/
>>
>> Alternatively, you can create a USB qube manually as follows:
>>
>> In a dom0 terminal, type lsusb to check if you have a USB controller
>> free of input devices or programmable devices. If you find such free
>> controller, note its name and proceed to step 2.
>> Create a new qube. Give it an appropriate name and color label
>> (recommended: sys-usb, red).
>> In the qube’s settings, go to the “Devices” tab. Find your USB
>> controller in the “Available” list. Move it to the “Selected”
>> list.
>> Click “OK.” Restart the qube.
>> Recommended: Check the box on the “Basic” tab which says
>> “Start VM
>> automatically on boot.” (This will help to mitigate attacks in which
>> someone forces your system to reboot, then plugs in a malicious USB
>> device.)
>>
>> --
>>
>>
>> LSUSB shows a list of devices and my usb connected to it, i could see my
>> controllers listed and my qubes usb, it did not specify which controller
>> its connected to, which even if it did would be of no help, as the
>> devices
>> tab of the USB vm i created uses different names for the controllers.
>>
>> I selected both controllers figuring there is no fault in protected all
>> usb ports. Then i selected 'start vm automatically' to protect against
>> some obscure attack. What the instructions failed to document is that a
>> usb VM will put your USB's into read-only mode which immediately began
>> to
>> brick my qubes usb. I restarted hoping to fix the problem, but having
>> set
>> it to start automatically as instructed forced the system to brick
>> itself.
>>
>> Im severely disappointed in the failure of the qubes development team to
>> forsee this simple problem and its failure to document the read-only
>> property of a usb vm. If it cannot even ascertain that its instructions
>> will lead to a fatal outcome how can anyone possibly believe they can
>> secure an entire operating system.
>>
>>
>>
>> Your subject is kind of false.  The guide didn't instruct you to brick
> your install disk.
> Unfortunately you did that by not following the instructions.  It
> specifically says:
>
> "*type lsusb to check if you have a USB controller *
>
> *free of input devices or programmable devices. If you find such
> free controller, note its name and proceed*"
>
> Considering the operation is forwarding the USB controller to the
> usb-vm...
> Forwarding both your controllers (one of which includes your install disk)
> doesn't seem like a smart thing to do.  Sorry, just my opinion.
>
> If you weren't sure about the instructions, perhaps it would have been
> best
> to ask somewhere for assistance?  I have had amazing response times to
> queries in this group and when reporting a non-bug.
>
> Hope you give it another go.
>
> M.
>


Had you read my post you would have saw that the lsusb command does not
state what controller a USB is connected to, and even if it had, the names
for the usb controllers listed in the devices tab of a VM do not relate in
any way to ones listed in lsusb.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6766609a11a36402e8c27eb46d18ee43.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Remnder: Ubuntu-template anyone?

[Achim Patzner]

Hi!


Has anybody had success getting a Ubuntu template compiled? Even at 16.04?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba7cec7c-2896-19ab-ea9c-c9fa3cf98d55%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Windows 7 virtual graphics card

[Achim Patzner]

Am 09.06.2016 um 08:46 schrieb Drew White:

> On Thursday, 2 June 2016 21:24:02 UTC+10, Achim Patzner wrote:
>
> Is there a way to provide a virtual graphics card that will support
> 3840*2160 pixels? I'm having serious problem to see anything using a
> Windows 7 HVM at 257 dpi...
>
> Either install the tools and go Seamless, OR alter the settings to
> have the text and all larger.

Great idea. Then you've got a stamp-sized window with very few but
readable characters. That's making work much easier.

I'll rephrase my question: Does anyone have an idea how to get a Windows
HVM to provide a window of more than 2560*1400 pixels, no matter which
size the pixels are? (Obviously things are _much_worse for people using
a 15" display at > 300 dpi).

> Or else just use a lower resolution.

An even greater idea. That's ok if your competition is a zSeries
mainframe. It sucks if your competition is Mint or Ubuntu.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b086227-fcfe-2c69-c5dc-95443262c2d8%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to install clean template?

[Achim Patzner]

Am 09.06.2016 um 12:09 schrieb Andrew David Wong:
> On 2016-06-09 00:09, Albin Otterhäll wrote:
> > Is it considered god practice to only use copies of the default
> > templates?
>
> Yes.

There is some grey area around that. Some tools just have to be there
for you to feel well. In my case it's things like "no unix without joe".
On the other hand side there is a lot of stuff I would never haven in
/usr of a "minimally comfortable" baseline installation.

Essence: If you know what you're doing there is nothing wrong with
creating your own templates and use them all over the system. And remove
the templates that came with the installation.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9982f2df-79fa-b25c-597e-ae617b963eb2%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How much security will I sacrefy, if I dualboot without AEM?

[Arqwer]

Documentation says, that there is a possibility, that other OS will infect 
/boot. What if I completely rewrite my hdd during os change, like , boot 
from usb and do 
dd if=windows_image of=/dev/sda
to run windows, and
dd if=qubes_backup_image of=/dev/sda
to return back to Qubes?
What if I will use different drive for windows, and take away qubes hdd, 
while windows is on?
Documentation says that other OS can infect firmware, how common is this 
attack? Is it just a possibility, or we know for sure that NSA does that, 
or that ordinary hackers can do that, or maybe there are viruses that 
attack everyone and infect firmware? Is it expensive?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb488a3f-0198-492c-85ad-f4662459a775%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb

[Franz]

On Thu, Jun 9, 2016 at 5:47 AM, Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Thu, Jun 09, 2016 at 04:58:21AM -0300, Franz wrote:
> > On Wed, Jun 8, 2016 at 7:33 PM, Marek Marczykowski-Górecki <
> > marma...@invisiblethingslab.com> wrote:
> >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA256
> > >
> > > On Wed, Jun 08, 2016 at 08:44:11AM -0700, Andrew David Wong wrote:
> > > > On 2016-06-08 08:36, Andrew David Wong wrote:
> > > > > On 2016-06-08 08:21, Franz wrote:
> > > > >> Hello,
> > > > >
> > > > >> I noted that when I insert a SD card into the corresponding slot
> > > > >> of my Lenovo x230, it is automatically attached to Dom0 rather
> > > > >> then sys-usb (default configuration). Well I use the SD card only
> > > > >> for my Nikon camera and I have no reason to trust Nikon less then
> > > > >> Lenovo, so no problem for me, but wonder if this is expected
> > > > >> behaviour.
> > > > >
> > > > >> Best Fran
> > > > >
> > > > >
> > > > > It's probably that the associated hardware device is not assigned
> > > > > to any domU (e.g., your USB qube, if you use one). On my ThinkPad,
> > > > > the device is labeled "PCI Express Card Reader." Assigning it to my
> > > > > USB qube results in any inserted SD card showing up in the USB
> > > > > qube.
> > > > >
> > > >
> > > > Issue for implementing an option to have this performed for the user
> > > > when the USB qube is first created:
> > > >
> > > > https://github.com/QubesOS/qubes-issues/issues/2055
> > >
> > > Indeed may be a good idea. On the other hand, I remember that for some
> > > Realtek devices it is impossible to attach the card reader to a
> > > different VM than the (somehow bundled?) network card.
> > >
> > > I guess it doesn't apply to your model, could you provide more details?
> > >
> >
> > Not sure if I understand your question, but my SD cards are SanDisk
> Extreme
> > 32 and 16 G
>
> I had card reader details in mind, not cards itself.
>
> > When I insert it in the slot an alert appears telling that it is attached
> > to Dom0
> >
> > if I digit lspci in dom0 nothing changes before and after inserting the
> SD
> > card (so not sure how to follow Andrew suggestion)
> > If I digit lsusb in dom0  it gives: unable to initialize libusb: -99
> >
> > ls /dev  shows addition devices mmcblk0 and mmcblk0p1, if I attach the
> > first one to a VM using Qubes Manager, it works perfectly. Well it works
> > now, years ago it did not.
>
> Take a look at kernel messages - you should have some hint about the
> reader there.
>

dmesg:

[165374.133574] xen-blkback: ring-ref 10, event-channel 11, protocol 1
(x86_64-abi) persistent grants
[165374.211106] xen-blkback: ring-ref 11, event-channel 12, protocol 1
(x86_64-abi) persistent grants
[165931.292131] mmc0: new high speed SDHC card at address 
[165931.323942] mmcblk0: mmc0: SD32G 29.7 GiB
[165931.326278]  mmcblk0: p1
[165932.478396] mmc0: card  removed
[165934.677370] mmc0: new high speed SDHC card at address 
[165934.677708] mmcblk0: mmc0: SD32G 29.7 GiB
[165934.680518]  mmcblk0: p1
[165987.993391] xen-blkback: ring-ref 4855, event-channel 49, protocol 1
(x86_64-abi) persistent grants
[170771.103298] mmc0: card  removed
[170818.395315] mmc0: new high speed SDHC card at address 
[170818.395698] mmcblk0: mmc0: SD16G 14.8 GiB
[170818.397933]  mmcblk0: p1
[170818.900536] mmc0: card  removed
[170821.580970] mmc0: new high speed SDHC card at address 
[170821.581707] mmcblk0: mmc0: SD16G 14.8 GiB
[170821.585080]  mmcblk0: p1
[171136.265353] xen-blkback: ring-ref 4855, event-channel 49, protocol 1
(x86_64-abi) persistent grants


>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXWS0EAAoJENuP0xzK19cseAIH/3Y9RsBKl8t3JLtdovPxmKWP
> RP+fC6JsKrkTjnCmMolYm4FTJ/ZlGzS3skZPSRDBkStgXYmIUKltt4ASz6GRv2ge
> bVCt5np9V+Ad7vr+fCHEjqHhSrJQ1Km9By9dz/1QxJYIQUXtFihd4/MWyUm6AvJv
> dd+nPd/Mb4XjUfy9PR+r3gM6ACczhKQEBKlMOkF5YH9d5Alf7i4om3oM7CgIsT7/
> IHRxs7n+kri4hV+D5KA+uqL+a6b5uHchyi1TiBer0Q8Njd3/mCkpW8WWN56T1kLB
> CntMiptl/FDuoAW/qRy14+N2QFlYstzwWrMeinlnc8E7Qk2T80R7GrHE5gt0Up8=
> =wcyh
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qBErmAQ7VBozXJvb%3D-RTa9zPVboe-h3NgjT7ZsLHnhCpw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Downgrade Xen / switch to KVM? (for GPU passthrough experimentation)

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 09, 2016 at 06:20:51AM -0700, Marcus at WetwareLabs wrote:
> Hello everyone!
> 
> What would be the steps for installing and trying out different Xen 
> versions in Qubes 3.1? Or even switching to KVM? Shouldn't HAL make this 
> possible on Qubes 3.0+ ?

As for KVM - it isn't that simple - requires writing few components -
namely vchan library and a little modification to gui-daemon (currently
uses Xen-specific feature to map memory pages from VM).

> I'm mainly interested in testing Xen 4.3 branch, 

Take a look at my github account, there is xen-4.4 branch, it should be
quite simple to get xen 4.3 from there. When you build such package in
Qubes 3.1 environment it should just work, at least in theory. But see
below.

> since there's anecdotal 
> evidence that something might have broken with GPU passthrough between Xen 
> versions 4.4 and 4.3 and I have not seen any success stories of passthrough 
> after 4.3. 
> http://www.gossamer-threads.com/lists/xen/users/349649
> https://lime-technology.com/forum/index.php?topic=36101.0
> https://www.linuxserver.io/index.php/2013/09/12/xen-4-3-windows-8-with-vga-passthrough-on-arch-linux/
> Only exception is here:
> https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA
> with Qubes 3.0RC2 but he seems to be using AMD GPU & CPU whereas I'm with 
> Intel and Nvidia.
> 
> Personally I've been trying to get the GPU passthrough (as secondary GPU) 
> working for the past two weeks now, without luck. It's always the same 
> result: Windows BSODs during the first boot after driver installation. I've 
> tried Windows  7 Pro SP1 and Windows 8.1 and both act the same way. I know 
> it's not a hardware problem, since GPU passthrough using *KVM on Arch Linux* 
> *works 
> without hiccup*. Also the same BSOD happens with Xen on Arch Linux, so I 
> also know that *it's not restricted to just Qubes. *Also it's not about the 
> well-known problem of "BSOD after 2nd boot", since with KVM I could boot 
> DomU many times flawlessly without any requirement to boot Dom0 (to reset 
> the GPU as well).

Do you see PCI device in the VM at all? There is a problem with this in
Qubes 3.0+ : 
https://github.com/QubesOS/qubes-issues/issues/1659

And as you can see, there is some progress recently, but it isn't solved
yet.

> I've tried out these OS's with stock Xen versions:
> Arch Linux, Xen 4.6.1: BSOD on DomU boot
> Qubes 3.1, Xen 4.6.0: BSOD on DomU boot
> Qubes 3.0 RC 2, Xen 4.4.2: BSOD on DomU boot
> Qubes 2.0, Xen 4.1.6:  Sadly BSOD on DomU boot here as well..  

Ok, this is some hint that solving #1659 would not be enough...

> My current HW is:
> Intel I7-5820K
> Asrock X99 WS
> EVGA GTX 980 (passthrough GPU)
> Asus Radeon R5 230 (dom0 GPU)
> 
> I've tried also Radeon as passthrough GPU on Xen 4.6.0 with many driver 
> versions (win 7 pro), but with same results.
> 
> I would be very interested hearing what kind of results others have 
> achieved!
> 


- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXWXppAAoJENuP0xzK19csjJkIAI479ZpDcVLSE35zrEslIevD
Hsj65Lj15yPfEbU797vciZgGql04yUQwBjaZkgCMyWpPrizr1GSZHuMerRo4dJk7
4DY1DFAjykBxucPdQlL539JDWgO5DdL4bFb4o+zD+rPSNzDwQqOt1LDX36AewRW1
DCfVTsoZbdl+PBxpqByd2QnjehBAaceWg1LC57+4BXTJM8IViZQWOxu+IMnBVHLa
bhGsj+nKJIJxrYcaVMymbQbBMxCGjrsayBBRjVl9txf5q5QwJLKbQ8zA24FOC8HA
TnVYcQNK4NCMUEJKd21PMRFsSb5r7cgU8JPFpwbAjctHfzisrqy65D/xZnVJlIM=
=rFfY
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160609141714.GE1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Downgrade Xen / switch to KVM? (for GPU passthrough experimentation)

[Marcus at WetwareLabs]

Hello everyone!

What would be the steps for installing and trying out different Xen 
versions in Qubes 3.1? Or even switching to KVM? Shouldn't HAL make this 
possible on Qubes 3.0+ ?

I'm mainly interested in testing Xen 4.3 branch, since there's anecdotal 
evidence that something might have broken with GPU passthrough between Xen 
versions 4.4 and 4.3 and I have not seen any success stories of passthrough 
after 4.3. 
http://www.gossamer-threads.com/lists/xen/users/349649
https://lime-technology.com/forum/index.php?topic=36101.0
https://www.linuxserver.io/index.php/2013/09/12/xen-4-3-windows-8-with-vga-passthrough-on-arch-linux/
Only exception is here:
https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA
with Qubes 3.0RC2 but he seems to be using AMD GPU & CPU whereas I'm with 
Intel and Nvidia.

Personally I've been trying to get the GPU passthrough (as secondary GPU) 
working for the past two weeks now, without luck. It's always the same 
result: Windows BSODs during the first boot after driver installation. I've 
tried Windows  7 Pro SP1 and Windows 8.1 and both act the same way. I know 
it's not a hardware problem, since GPU passthrough using *KVM on Arch Linux* 
*works 
without hiccup*. Also the same BSOD happens with Xen on Arch Linux, so I 
also know that *it's not restricted to just Qubes. *Also it's not about the 
well-known problem of "BSOD after 2nd boot", since with KVM I could boot 
DomU many times flawlessly without any requirement to boot Dom0 (to reset 
the GPU as well).

I've tried out these OS's with stock Xen versions:
Arch Linux, Xen 4.6.1: BSOD on DomU boot
Qubes 3.1, Xen 4.6.0: BSOD on DomU boot
Qubes 3.0 RC 2, Xen 4.4.2: BSOD on DomU boot
Qubes 2.0, Xen 4.1.6:  Sadly BSOD on DomU boot here as well..  

My current HW is:
Intel I7-5820K
Asrock X99 WS
EVGA GTX 980 (passthrough GPU)
Asus Radeon R5 230 (dom0 GPU)

I've tried also Radeon as passthrough GPU on Xen 4.6.0 with many driver 
versions (win 7 pro), but with same results.

I would be very interested hearing what kind of results others have 
achieved!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc7117f0-0fb7-4f5b-a0ae-abec7214d6ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: choosing 1 upgrade of the month

[@MarkMat320768]

On Thursday, June 9, 2016 at 7:33:14 AM UTC-4, @MarkMat320768 wrote:
>
> On Wednesday, June 8, 2016 at 6:49:16 PM UTC-4, Tibor Veres wrote:
> > the ram may be cheaper than you expect if you're willing to accept used. 
> I recently bought 6x4g ddr3 ecc on ebay for ~$45
>
> nice! I wish I got it...I think it's pretty obvious this system can 
> benefit from a lot of good ram right?  I really need to settle this issue 
> about networking...do I need a certain kind of switch that keeps them well 
> separated? Do I just need to inestigate that dlink...put qubes on it's own 
> modem? I swear they share info..they blink when one of the other's gets a 
> hung process killed..
>
> If you see any more of that ECC..some of us are just good shoppers you 
> must be...send me a smoke signal: @MarkMat320768   oh yeah (P.S.) it's like 
> this now: T1600 dell workstation   4 bays only 2 x 4gig now so 8gig...it 
> has 2 maxes more for non ecc..i have to look it up...be back soon ;)
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f89cd2fd-4cf4-48b8-b8b4-61bac3c444e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: choosing 1 upgrade of the month

[markmat320768]

On Wednesday, June 8, 2016 at 6:49:16 PM UTC-4, Tibor Veres wrote:
> the ram may be cheaper than you expect if you're willing to accept used. I 
> recently bought 6x4g ddr3 ecc on ebay for ~$45

nice! I wish I got it...I think it's pretty obvious this system can benefit 
from a lot of good ram right?  I really need to settle this issue about 
networking...do I need a certain kind of switch that keeps them well separated? 
Do I just need to inestigate that dlink...put qubes on it's own modem? I swear 
they share info..they blink when one of the other's gets a hung process killed..

If you see any more of that ECC..some of us are just good shoppers you must 
be...send me a smoke signal: @MarkMat320768

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dafbae38-b2ab-4e3e-921e-927dc2e6058d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes on a Shoestring in a Hurry

[Albin Otterhäll]

Drew White:
> Min 256 for a ProxyVM (depending on how many firewall rules it will have to 
> handle.)

I haven't done it myself, but wouldn't MirageOS for the firewall be a
good option here?[1] It's experimental, but Uncubed seems to be in a
desperate situation where this is could be considered a good option.
Leonard has got it running, and the Firewall only needs 20MB compared to
the minimum 256MB that the Fedora based firewall need. This would give
Uncubed around thirty percent more memory that can be used by qubes. You
can find the ongoing discussion about implementing MirageOS in Qubes on
this mailing list.[2]

[1]
http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
[2] https://groups.google.com/forum/#!topic/qubes-devel/ZnGQkOU-Odc

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/njbjds%24oki%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-08 15:33, Marek Marczykowski-Górecki wrote:
> On Wed, Jun 08, 2016 at 08:44:11AM -0700, Andrew David Wong wrote:
>> On 2016-06-08 08:36, Andrew David Wong wrote:
>>> On 2016-06-08 08:21, Franz wrote:
 Hello,
>>> 
 I noted that when I insert a SD card into the corresponding 
 slot of my Lenovo x230, it is automatically attached to Dom0 
 rather then sys-usb (default configuration). Well I use the 
 SD card only for my Nikon camera and I have no reason to 
 trust Nikon less then Lenovo, so no problem for me, but 
 wonder if this is expected behaviour.
>>> 
 Best Fran
>>> 
>>> 
>>> It's probably that the associated hardware device is not 
>>> assigned to any domU (e.g., your USB qube, if you use one). On 
>>> my ThinkPad, the device is labeled "PCI Express Card Reader." 
>>> Assigning it to my USB qube results in any inserted SD card 
>>> showing up in the USB qube.
>>> 
> 
>> Issue for implementing an option to have this performed for the 
>> user when the USB qube is first created:
> 
>> https://github.com/QubesOS/qubes-issues/issues/2055
> 
> Indeed may be a good idea. On the other hand, I remember that for 
> some Realtek devices it is impossible to attach the card reader to 
> a different VM than the (somehow bundled?) network card.
> 
> I guess it doesn't apply to your model, could you provide more 
> details? Also worth collecting info on problematic models to set 
> appropriate default depending on the hardware.
> 

Marek has already seen this, but for anyone else reading this, the
device lspci details are provided here:

https://github.com/QubesOS/qubes-issues/issues/2055#issuecomment-
224846969

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXWUIJAAoJENtN07w5UDAwz/AQALg/TveWtfuT9KD5P/VczsWW
Ov2fR0TPvXcSagJHDSItH5HHXnCSaATLP7Dgb2cygQ7nmpLqOXqH3TfiIQAK6M1P
UPjC3u/3vYh79suoZ9lNshrTp95J9D5bWPpyIXHOpjNLuDgHdDAU/jYn3n5oIIXM
o3atNdYf3bzVx2pJ2UCKN3UtarO75o6hUevl4NB0QIz1xc+PMBU0p/U69/caPlkk
Jcm5EtboPBYmy83hOIohOsyiVm2lza5B3ZY72kOeshi3twSTIlOykPr2LjchSXGA
XMWJnj7LE5I1AFw+SRpXYYclmKp8KuoOcMJe43wI+qzfbD8sllt7Y6KCZsdGsXww
Wuf+Y8UIiRlPM6kEo+Mi0FvUM3RTle6knEZel2v+LNAE6+bidl0w71w+4SOF/sfN
IT6Z1XzdZ1Vy1hkunMxSXRLy+MYfaQzvJlCDXsIDHdph2S1xjg3/pEIE/6bB9u5u
/N+9VCLt8vHsdj6TtPEDwSV9cIDB+ABJ+Xa4zFl9pQ5o+kWmEXadVOxx44xgKHM6
JkTvKtNbQLrWZDch0brx16Fa+GhUvkAGmxczu6/gDokognuEVFpEBFcLo7ya4bQP
tD4vczLbodVkg+8DTON0620CKvL7DzDTVnWV0asHOP/hGgHGT2Pg+75ip1uirSNc
0cX7M8mh9KWz11k3OMVt
=Sfnr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f013aa9-6dfb-ebbd-0a1c-9c5462de5815%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New initramfs won't stick

[Mike Patton]

On Wednesday, 8 June 2016 23:25:14 UTC+10, Marek Marczykowski-Górecki wrote:
>
> Just to make sure: it should be in /etc/dracut.conf.d 
>
> Do you boot in UEFI mode? In such a case, initramfs is on ESP, not /boot 
> directly. The path is /boot/efi/EFI/qubes/initramfs-KERNELVERSION, so 
> you need to pass this path to dracut when generating it. 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
>
>
Boom! Headshot!  Yes, that was it.  No issues after running dracut with the 
correct path.

Thanks again for the great support.

M. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df8f713f-118e-4a97-be62-ae8a31b1799d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb

[Franz]

On Wed, Jun 8, 2016 at 7:33 PM, Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Wed, Jun 08, 2016 at 08:44:11AM -0700, Andrew David Wong wrote:
> > On 2016-06-08 08:36, Andrew David Wong wrote:
> > > On 2016-06-08 08:21, Franz wrote:
> > >> Hello,
> > >
> > >> I noted that when I insert a SD card into the corresponding slot
> > >> of my Lenovo x230, it is automatically attached to Dom0 rather
> > >> then sys-usb (default configuration). Well I use the SD card only
> > >> for my Nikon camera and I have no reason to trust Nikon less then
> > >> Lenovo, so no problem for me, but wonder if this is expected
> > >> behaviour.
> > >
> > >> Best Fran
> > >
> > >
> > > It's probably that the associated hardware device is not assigned
> > > to any domU (e.g., your USB qube, if you use one). On my ThinkPad,
> > > the device is labeled "PCI Express Card Reader." Assigning it to my
> > > USB qube results in any inserted SD card showing up in the USB
> > > qube.
> > >
> >
> > Issue for implementing an option to have this performed for the user
> > when the USB qube is first created:
> >
> > https://github.com/QubesOS/qubes-issues/issues/2055
>
> Indeed may be a good idea. On the other hand, I remember that for some
> Realtek devices it is impossible to attach the card reader to a
> different VM than the (somehow bundled?) network card.
>
> I guess it doesn't apply to your model, could you provide more details?
>

Not sure if I understand your question, but my SD cards are SanDisk Extreme
32 and 16 G

When I insert it in the slot an alert appears telling that it is attached
to Dom0

if I digit lspci in dom0 nothing changes before and after inserting the SD
card (so not sure how to follow Andrew suggestion)
If I digit lsusb in dom0  it gives: unable to initialize libusb: -99

ls /dev  shows addition devices mmcblk0 and mmcblk0p1, if I attach the
first one to a VM using Qubes Manager, it works perfectly. Well it works
now, years ago it did not.

Best
Fran



Also worth collecting info on problematic models to set appropriate
> default depending on the hardware.
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXWJ1KAAoJENuP0xzK19csPYcH/3jbEvJoLE8Rnc61sAmslpol
> DIfXZzTfNt4Ag6bDyOS6zRCzSGiaeCRO+c6K+PLllhq8/dVGhlMIVMute/BfFUDh
> 6i/N4kSkefG/53Xm/Q7DhGaJTvMlkBmOF4yLI1MTe/RMdRzGscn2nDhaX+7tJejD
> vClwZJumFyxPDylvEb42guAtdzJH2l9IcuGeHZGZgjJlwwxOeLi76OBnF4/lryMe
> B8Tf42MDyPoyico7TUfg3jN2fSDxjRm4i/+C1LFA58zW5iziOtjTP2U/so//m4Ed
> 4+XPov7amb3fmXUUst9+zTAL1e00293hOaabtPyoftRV+MwLDAF0fOXM1VFQ9TA=
> =pSCz
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAYZX%3DEXfSd%2BkzQjXJiWGJsb95F_5-8Wcp-kUH-TFQVWg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to install clean template?

[Albin Otterhäll]

Andrew David Wong:
> You can simply clone one of the default templates. If you've already
> modified the default template you want to use, you can clone it, then
> reinstall it from the repo.

So it isn't possible to install and name the template in the same
command? Little easier and simpler to just do that instead of renaming
templates before and after downloading a new template.

Is it considered god practice to only use copies of the default templates?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/njb4nq%24ck5%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Windows 7 virtual graphics card

[Drew White]

On Thursday, 2 June 2016 21:24:02 UTC+10, Achim Patzner wrote:
>
> Is there a way to provide a virtual graphics card that will support 
> 3840*2160 pixels? I'm having serious problem to see anything using a 
> Windows 7 HVM at 257 dpi... 
>
> Either install the tools and go Seamless, OR alter the settings to have 
the text and all larger.
Use the Themes for Windows.
Then you won't have an issue seeing things.
Or else just use a lower resolution.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3667946f-c821-4477-94c3-ddb81e04c19c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes on a Shoestring in a Hurry

[Drew White]

On Sunday, 5 June 2016 19:20:43 UTC+10, unc...@sigaint.org wrote:
>
> On Sat, June 4, 2016 13:58, unc...@sigaint.org  wrote: 
>
> > On Sat, June 4, 2016 12:35, "Holger Levsen"  > wrote: 
> > 
> >> did you try XFCE instead of KDE? XFCE is much more ressource friendly. 
> > 
> > 
> > Thanks for the tip!  I must try a full install; unfortunately that will 
> > take me offline for some hours, for obvious reasons... 
>
> I manually configured a 4GiB encrypted swap partition on an old hard disk, 
> and separately an encrypted LVM for Qubes, plus /boot and biosboot. 
>
> The good news is that Qubes R3.1 starts, and LXDE is smooth. 
>
> The bad news is that Qubes doesn't use the swap, and important things fail 
> due to out-of-memory. 
>

Firstly, I would recommend setting Dom to use only 1 GB of RAM. This is 
best set after initial install and tell it to
NOT create ANY of the VMs..  That way you can define everything after first 
boot.
Set each VM to have 256 MB RAM. IF you have Memory Balancing on, then set 
Maximum to 356 for NetVM and ProxyVM

So install Qubes, but don't create any VMs, create them yourself AFTER you 
have configured Dom0 using the
live DVD /USB after the install.

You say you have 2 GB RAM, so have 512 for Dom0, but better for 1 GB.
Then you have 1 GB to share among the other VMs.
You can go as low as 50 MB for a NetVM. I've got mine running at that.
Min 256 for a ProxyVM (depending on how many firewall rules it will have to 
handle.)
So then you have 700MB (rough)) for all other VMs.


 

> I think the rest is best explained in chronological order. 
>
> In the Qubes installer, I elected to configure all the default qubes plus 
> the option to route all system/update traffic through Whonix 
> ("experimental").  During the final stage when it shows a progress bar and 
> configures various qubes, I received the following modal dialog while it 
> was configuring networking: 
>
> --- begin dialog box 
> [title bar: "[Dom0]"] 
>
> Setting up networking failure! 
>
> ['/usr/sbin/service', 'qubes-netvm', 'start'] failed: 
> Redirecting to /bin/systemctl start  qubes-netvm.service 
> Job for qubes-netvm.service failed. See 'systemctl 
> status qubes-netvm.service' and 'journalctl -xn' for 
> details. 
>
> [Close] 
> --- end dialog box 
>
> When I hit "Close", the installer immediately finished.  I do not know 
> whether it just bailed, and left important configuration undone, or if it 
> really finished.  Thence to the Qubes login screen. 
>
> Running "systemctl status -l qubes-netvm.service", the pertinent lines 
> read in pertinent part (sorry, all of this is manually copied and 
> retyped): 
>
> --- begin quote 
> ERROR: ERROR: insufficient memory to start VM 'sys-firewall' 
> qubes-netvm.service: main process exited, code=exited, status=1/FAILURE 
> --- end quote 
>
> On startup, exactly two qubes are running: dom0 and sys-net.  top(1) 
> (which I grit my teeth running in dom0; is it part of the TCB?) shows less 
> than 30M free memory, and... 0 swap! 
>
> Specific questions: 
>
> (a) How do I not only add my swap partition, but make Qubes automatically 
> unlock and use it at boot?  I think this start config issue is probably a 
> Qubes-specific question, because Qubes is not really like other Linux 
> distributions in these under-the-hood system things. ;-) 
>
> (b) Related to (a), how do I make sure in the Qubes startup configuration 
> that it unlocks both the LVM partition and the swap partition with the 
> same LUKS passphrase?  It is not good to type the passphrase multiple 
> times, e.g. in public with shoulder surfers and possibly security cameras 
> around.  (Or better yet, swap with a one-time ephemeral key.) 
>
> (c) If I can get sufficient qubes started, how do I verify that all 
> network traffic (including update traffic) is routed through sys-whonix? 
> IOW in which qube do I fire up tcpdump(1) or check the logs, and really 
> get a global view of which packets are coming in/out?  I am accustomed to 
> watching traffic (through pf and on physical interfaces).  I just need to 
> know where in the Qubes intranet to get a global view, *without* risking 
> compromise to dom0 or another important qube with a tcpdump(1) or 
> libpcap(3) bug. 
>
> Thanks in advance! 
>
> Almost no longer, 
>
> "Uncubed" (un-uncubed?) 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0d3f5bb-a8b7-41f0-a9ec-c949c040a21c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.