Re: [qubes-users] Re: [R3.2] Audio disappears

[Alex]

On 06/24/2016 06:33 AM, raahe...@gmail.com wrote:
> On Thursday, June 23, 2016 at 6:11:43 PM UTC-4, Albin Otterhäll
> wrote:
>> I've come across a possible bug there the audio disappears at
>> random, and the only way to get back the sound is to reboot the
>> system.
>> 
>> I checked the system's and application's (VLC) volume control, and
>> both showed about 100 percent volume. I only opened a new video
>> file between the sound working and disappearing. The new file
>> worked flawlessly after rebooting the computer.
>> 
>> I don't know enough for making a issue on Github, so I'm wondering
>> if you people have any suggestions on logs to check when I come
>> across this problem again?
> 
> you can check dmesg.  You might also want to do a pulseaudio -k and
> pulseaudio --start from dom0 terminal and see if that works instead
> of rebooting.
> 
I had some problems with audio because I have an HDMI monitor but I
don't use HDMI audio, but the plain line out. Pulseaudio on 3.2Rc1 chose
to use HDMI audio, so I could not hear anything and the speed of video
was too fast.

Once switched to the correct output device everything went ok; you may
want to check this too - maybe in your situation the HDMI audio is
recognized later for any reason, and that triggers the switch in Pulseaudio.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b15adef-948d-826d-f4c1-6445fefb5987%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Issues with Qubes 3.2-rc1 on Dell XPS 13 (2016)

[Alex]

On 06/24/2016 05:46 AM, Daniel wrote:
> 
> I managed to get the VM's updated with a USB wireless NIC, but it
> didn't fix the issue with my built-in wireless NIC. What information
> would be useful in helping to get it fixed?
I really can't help, it's been a long time since I fiddled with wifi on
linux :/

AFAIR you should make sure to have compatible firmwares in the VM that
handles the wifi adapter; everything should then happen automagically.
Once you redirect your wifi adapter to a NetVM, any guide for Fedora /
your adapter should help, provided you don't need to recompile your
kernel (that's a bit complicated in Qubes, since for many reasons the
kernels are kept separately from their VM).

A thing I noticed in a recent update of Fedora 23 is that systemctl now
complains, at boot, that it cannot load the "loadable kernel modules
unit"; that happens on my laptop, which is plain fedora 23. If that
problem happens on Qubes AppVMs too, that may affect loading of drivers
if they are packaged as kernel modules. You may want to check that too,
with journalctl.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d471d61-f79a-2a78-d30a-af8977a05adc%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] How do I install packages to a template over a VPN?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 12:03, James Ward wrote:
> I'm reinstalling to clean up all the experimenting I did yesterday
>  just to get a fresh start, but I do have one more question I can't
>  seem to find the answer to. How do I make the default user the 
> same as dom0 (i.e. jeward in my case)? I regularly ssh into other 
> system as jeward and this would just be so much more convenient 
> than "user".
> 

Not certain about this, but I think "user" might be hardcoded. Maybe
someone else knows of a way to change it without breaking stuff, but
I'm not personally aware of one.


P.S. - Please avoid top posting.

> On Thursday, June 23, 2016 at 9:16:56 AM UTC-7, Chris Laprise 
> wrote:
>> 
>> There is an issue with updating a template over a vpn: The 
>> intercepting updates proxy normally runs in sys-net, which can't
>>  see inside the encrypted vpn traffic. This may be a cause of the
>>  problem, however it should really only manifest if you are using
>>  yum/dnf; Programs like wget should be able to access the net OK
>>  if you've set the template's firewall setting to 'allow...'.
>> 
>> Another thing to look out for when using qubes-setup-dnat-to-ns 
>> is that it needs the vpn-specific nameservers entered into 
>> /etc/resolve.conf (in the vpn vm) before its run. This has to be
>>  done each time the vpn vm boots, unless you change it in the 
>> template.
>> 
>> In my previous message, I mentioned you could download the 
>> packages in an appvm then transfer them to the template vm for 
>> installation. Another possible solution is to create a Standalone
>> appvm: It will permanently accept installed programs and also be
>> able to access the net like a template-based appvm.
>> 
>> Chris
>> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXbMUrAAoJENtN07w5UDAwUyMQANCOqvog+eFBkAXYOZQF5y7b
5t6B9WNLsU+Z1DeoffHlY/FkHAl7UV30uPMxuvDG5Mpstaw+tJqg+C3Oh0knUPVz
Y3EurFF0hnGsaamkPen+U4v6i5w+2b3QyyxX3P58kV8yIva5DC/l0tL4bFzY5z1D
pex3FrUR8Lajm7JipMpHLluISg6yManh2FbrmVbIMQ5IadZ3PFeV2XbxViod/tjF
onaZr+6/+/jrd3fDjryABsSC1Z4K91F12yjMobEsv5woxOi0yB4U+LUFCd+8HR7s
mgaW/UoxXzIQgA+Zzgx8Ymuy4Jqk/flIBsGt/dJ9CL01rt/GvglP6bKTBnyj4e0r
VsgB4fEBcZ+FSiRugo79diTSZYGr91z3/OiJ1fUh6JHew/G1YcscZwl7oYgUpTSz
hoXn8uBLpfMs6Ki08YGBAWgufb6ejJ3Fnpb+LEavByvFnJR/WYqf5EGurtdkmTqI
wkpAswiOvtf6BpAFrqINBvEQMIHYNb0sPe0qtJPzK3asBr5SIk5Trx9svShcvrhz
e84/ALhUvXLZHbsN9XH+R0LTyhjiArCmpyblUPOG+Xb6Fk+D5MH7ogTUEZNJ3ZlI
rmu83Omzgn+sNBnykr2RNXo7Z6hKrzHmMUBmLIZi+qQXcS2uu2LsAM/D0sRLaDRU
DB9w8tPaHTP+IRLbBI4n
=jngm
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4e4ed73-6723-f85f-c6a3-927daa753082%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to properly administer several templates?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 13:02, Jimmy Axenhus wrote:
> Den 2016-06-16 kl. 19:23, skrev Andrew David Wong: On 2016-06-15 
> 09:33, Jimmy Axenhus wrote:
 Den 2016-06-15 kl. 11:14, skrev Andrew David Wong:
> On 2016-06-15 01:56, Franz wrote:
>> On Tue, Jun 14, 2016 at 10:49 PM, Andrew David Wong 
>>  wrote:
>> 
>> On 2016-06-14 15:20, Albin Otterhäll wrote:
> I've eight different templates (copies, etc.) and 
> administrate them takes quite a while. How should I
> streamline this and make it as easily as possible 
> to update and install applications across several 
> templates?
> 
>> Personally, I found that the vast majority of time I 
>> spent administering templates was spent on keeping them 
>> updated, so I wrote a bash script to update them and set 
>> it to run periodically as a cron job in dom0.
>> 
>> 
>>> And what happens when the update process stops for some
>>> reason, such as for being unable to verify packages or
>>> for suggesting some manual steps?
> Then it'll just fail to update. I log all the output and 
> check it periodically, so if something requires manual 
> interaction, I just do it manually at some later time.
> Most of the time, no manual interaction is required for
> standard updating.
> 
 Would you mind sharing that bash script? It sounds way more 
 convenient than manually updating all the templates from the 
 Qubes VM Manager.
 
> I'm sure it's suboptimal in many ways, so if you (or anyone else) 
> sees room for improvement, feel free to let me know. :)
> 
> [...]
> 
> Now it's my turn! Inspired by your script and the fact that it
> will probably be a few months until Qubes 3.2 is released I decided
> to go ahead and try a cleaner version of it. After looking at how
> the VM Manager does it I ended up with a completely rewritten
> script in Python. The difference is that this one is interactive (I
> prefer that) and it's starting them all right after each other. In
> other words you might get a bunch of windows popping up.
> 
> I have no idea how stable it is or if it's going to work in Qubes 
> 3.2, but it works fine in 3.1.
> 
> License is CC-0 or GPLv2+. Pick the one you like.
> 
> https://gist.github.com/JimmyAx/818bcf11a14e85531516ef999c8c5765
> 
> [...]
> 

Thanks for sharing!

(I also have another one that updates all the TemplateVMs
simultaneously, but I prefer updating them serially when running the
script as a cron job to minimize resource usage.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXbMQzAAoJENtN07w5UDAwurcP/igS2uVDTd+wdQCMmYvXUlIR
QvUqzs3GBrEUwz7At05kEUHYW7q/IkxMddGIzJcAub65EnAYZl3L+vDEB5lVpDCW
1G6w7BWgX3TDIxfCSh8wVF1/Pg3uo8Wc0JFlR1XAEqlSIYWZNQs62fdfvju7Y3Ix
iYYnGJS3d54hcIrwjxVKNu+yGx8wLXefYDweU6+/hgC3mGbE2bhzbQUAqERNER2h
ls5vAsPzBktSlX4jjQUNaxWgt9UmAuCYF06MyT38IYV+2oEdDP95dRbdKFxw8ALw
S4KrTe0gp1KpiYmEZAmCCzbP0vHaGQu4VMpHlwu0q1tI1Ljc79gBW1cqkSTAkrYh
Ud5AOshLiMzwbArV2NOV6xE3nuJ3MFkdm+ydyOb2+NuTOPrYwQoSTfDtenUGnzD5
RcSbQX1RdOuMTuL6gVyKPJFpvbsF4eTzvLd3uYZWlcqtUMk4UdaoLZlMP5gQypuv
wX9OWXgf0TocMY8BLu4QpOAp+CdCASKwCQbX26CdjM27vnyzeBkc2OMr8FZ3XtNj
VgUhCEYRV4g3JBcEIJsppNz36YSqYo/ELJI3CT3mxfvzveRNS0B3e00hs8xDE0ct
pptN80JFiCY9C2zKzbDRXk5g1zagj4sJIP1YJu8k66Qyaj1S7AUEbO6TVMn4Xlgq
P2uF7vJnRwW73x8BzMHT
=14zX
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88060dd3-a1ca-517f-f565-4f68ce7c87fa%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [R3.2] Audio disappears

[raahelps]

On Thursday, June 23, 2016 at 6:11:43 PM UTC-4, Albin Otterhäll wrote:
> I've come across a possible bug there the audio disappears at random,
> and the only way to get back the sound is to reboot the system.
> 
> I checked the system's and application's (VLC) volume control, and both
> showed about 100 percent volume. I only opened a new video file between
> the sound working and disappearing. The new file worked flawlessly after
> rebooting the computer.
> 
> I don't know enough for making a issue on Github, so I'm wondering if
> you people have any suggestions on logs to check when I come across this
> problem again?

you can check dmesg.  You might also want to do a pulseaudio -k and pulseaudio 
--start from dom0 terminal and see if that works instead of rebooting.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5a674d6-5bfb-41f0-9463-d365f7fbdf1a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Issues with Qubes 3.2-rc1 on Dell XPS 13 (2016)

[Daniel]

On Thursday, June 23, 2016 at 10:35:26 AM UTC-7, Alex wrote:
> On 06/23/2016 07:30 PM, *** wrote:
> > 
> > As for the USB nic, it doesn't show up in the list of available
> > devices when I try and assign it to sys-net. It might be an
> > incompatibility with this specific USB nic, and I'll try with a
> > different device when I get home if we're not able to solve the
> > issues with the built-in device.
> Please note that you cannot redirect single USB devices, but ONLY PCI
> devices (that's how VT-d works, AFAIK); an USB controller counts as a
> single PCI device as a whole, with its root hub and all attached devices.
> 
> You will have to find the USB controller that handles the USB port you
> used to attach your NIC, and redirect all that. Note also that,
> oftentimes, laptops have only one USB controller for all ports: if this
> is the case and you remove the USB controller from dom0 to attach it to
> the NetVM, all USB devices will be attached to the NetVM. If you use USB
> keyboard/mouse they will not work anymore for dom0, because they will be
> attached to the NetVM.
> 
> To redirect single devices (sort of) you will have to set up and use an
> UsbVM.
> 
> -- 
> Alex

I managed to get the VM's updated with a USB wireless NIC, but it didn't fix 
the issue with my built-in wireless NIC. What information would be useful in 
helping to get it fixed?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f6f4535-0c7d-43eb-9a42-49afa1631fcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

[Marcus at WetwareLabs]

On Thursday, June 23, 2016 at 10:17:59 PM UTC+3, Marek Marczykowski-Górecki 
wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On Thu, Jun 23, 2016 at 12:07:29PM -0700, 
> '01938'019384'091843'091843'09183'04918'029348'019 wrote: 
> > Hello, 
> > 
> > wow cool. 
> > 
> > 
> > Would this mean, I can in some way (extra manual work) use the full GPU 
> power in a WindowsVM or a LinuxVM, without security issues for the hole 
> QubesOS System? 
> > (Or should I first use this setup on a separate machine or some 
> Qubes-Qubes Dual boot machine). 
>
> I haven't reviewed the instruction details, but it most likely involve 
> running qemu process in dom0, which is a huge security drawback for the 
> whole system. 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXbDXdAAoJENuP0xzK19csZJkH/0eH6sttRaGVL5FWbPrWkEN8 
> BrhB/9WA6fI/c0pVkNAQI0uzZwRlL+yQuKzI6Epi08kQXgO8AK/sUnc8C5l8u+jX 
> 0Gv0fDwG9vEAsmMfCBkAnPun509JUjMonKgxE5KBb4mrz+3/KlLjj40+djRSDxRg 
> vr5U96EMeqDfLr7ikx1CMUSTGAAypQFXE7YyGKW+q9z/6mO3ya7bM7DVZhZEzBy7 
> vbK4Kau27ycpGCgWZ/T7ftQsrLbxC2O6fHHdl9AEeRBWPtiMfKktRa3QfoHwF7wc 
> xWDliQy7bQ3ieAd7n+lfbXd0Nxtu/Kv3UwQVJXOLSYrmc9/YkzMafAzR6rQPd6A= 
> =m+57 
> -END PGP SIGNATURE- 
>

Hi Marek,

you're right, it's using qemu-xen-traditional and qemu is running in dom0, 
so inherently it's more exposed than running VMs in stub domain.  

In the end, rigorous risks vs benefits analysis should be done which 
programs should be allowed to run there. Personally, I use it only for 
those few applications that I really need (Office, Visual Studio, Atmel 
Studio, Diptrace) and deem "safe". Networking is also disabled by default. 
Another Windows VM (without GPU passthrough) is running in stubdom to be 
used for those occasional needs for trying out miscellaneous less-trusted 
programs that need internet connection.

Continuing on this matter, what is your personal opinion about the security 
of the following scenarios:
- VM running in Dom0 (on Xen)
- VM running in Dom0 (on KVM) (I assume this is the default case, or does 
KVM have it's own version of stubdom?)
- Dual booting Qubes and Windows, without AEM

BTW. I saw you found the culprit for PCI passthrough not working in 
stubdom! (https://github.com/QubesOS/qubes-issues/issues/1659)  Congrats!  
Finally we may be getting closer to getting Qubes both secure AND usable 
for larger masses  :)

Best regards,
Marcus

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d684f5f-048c-4f3f-b038-06276cdf046f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [R3.2] Audio disappears

[Albin Otterhäll]

I've come across a possible bug there the audio disappears at random,
and the only way to get back the sound is to reboot the system.

I checked the system's and application's (VLC) volume control, and both
showed about 100 percent volume. I only opened a new video file between
the sound working and disappearing. The new file worked flawlessly after
rebooting the computer.

I don't know enough for making a issue on Github, so I'm wondering if
you people have any suggestions on logs to check when I come across this
problem again?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nkhmqc%243lm%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

[Marcus at WetwareLabs]

On Wednesday, June 22, 2016 at 11:33:50 PM UTC+3, Ilpo Järvinen wrote:
>
> Great to hear you got it working! I've done some googling related to 
> techniques you mention below and I want to share some thoughts / 
> information related to them. 
>
> On Wed, 22 Jun 2016, Marcus at WetwareLabs wrote: 
>
> > If you still don't get passthrough working, make sure that it is even 
> > possible with you current hardware. Most of the modern (<3 years old) 
> > working GPU PT installations seem to using KVM (I got even my grumpy 
> NVidia 
> > GTX 980 functional!), so you should at least try creating bare-metal 
> Arch 
> > Linux installion and then following instructions here: 
> > https://bufferoverflow.io/gpu-passthrough/ 
> > or Arch wiki entry here: 
> > https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF 
> > or a series of tutorials here: 
> http://vfio.blogspot.se/2015/05/vfio-gpu-how-to-series-part-1-hardware.html 
> > 
> > 
> > Most of the instructions are KVM specific, but there's lot of great 
> > non-hypervisor specific information there as well, especially in the 
> latter 
> > blog. Note that all the info about VFIO and IOMMU groups can be 
> misleading 
> > since they are KVM specific functionality and not part of Xen (don't ask 
> me 
> > how much time I spent time figuring out why I can't seem to find IOMMU 
> group 
> > entries in /sys/bus/pci/ under Qubes...) 
>
> This contradicts what I've understood about PCI ACS functionality. 
>
> IOMMU groups may be named differently for Xen or not exist (I don't know, 
> it's news to me that they don't exist), but lack of PCI ACS functionality 
> is still a HW thing and according to my understanding the same limit on 
> isolation applies regardless of hypervisor. ACS support relates how well, 
> that is, how fine-grained, those "IOMMU groups" were partitioned. Each 
> different group indicates a boundary were IOMMU is truly able separate 
> PCIe devices and are based on HW limitation not on a hypervisor feature. 
> Unfortunately mostly high-end, server platforms have true support of ACS 
> (some consumer oriented ones support it only inofficially, see 
> drivers/pci/quirks.c for the most current known to support list). 
>

Moi, Ilpo!

And thanks for chiming in. 

Yes, you're right about ACS being a hardware capability. What I've 
understood is that IOMMU group and VFIO are software packages (developed by 
guys at Red Hat specifically for KVM) in the kernel / hypervisor that in 
turn use ACS (but please correct if I'm wrong). On Arch Linux / KVM I 
checked that the GPU was alone (together with the combined sound device) in 
its own IOMMU group, so passing those two together should be safe (safe as 
in "no accidental memory access violations via peer-to-peer transactions"). 
However I'm not sure how this (conforming to restrictions according to 
IOMMU groups while passing through ) translates into isolation in Xen. Is 
ACS turned on by default and is the isolation as good as with KVM and its 
IOMMU groups? 

In my setup I can see this log entry in messages:
pci :00:1c.0: Intel PCH root port ACS workaround enabled
pci :00:1c.3: Intel PCH root port ACS workaround enabled

Those devices are the X99 series chipset PCI Express Root Ports.

And in the /linux/drivers/pci/quirks.c there's entry also for X99 (along 
with few other inlet chipsets): 

3877  */**3878 
 * * Many 
Intel PCH root ports do provide ACS-like features to disable peer*3879 
 * * 
transactions and validate bus numbers in requests, but do not provide an*3880 
 * * actual 
PCIe ACS capability.  This is the list of device IDs known to fall*3881 
 * * into that 
category as provided by Intel in Red Hat bugzilla 1037684.*3882 
 

* */*

This relates to this patch
https://patchwork.kernel.org/patch/6312441/

So I guess (for X99) this should be supported starting from Linux 4.0 
onwards.  But I'm not certain how well is this actually enforced. I should 
try to passthrough a device belonging to a group that has other PCI devices 
as wall and see if it's denied.  


> Lack of ACS may not be a big deal to many. But it may limit isolation in 
> some cases, most notably having storage on PCIe slot connected SSDs and 
> GPU passthrough. And passing through more than a single GPU to different 
> VMs might have some isolation related hazards too because of the usual 
> PCIe slot arrangement. But one likely needs deep pockets to have such 
> arrangements anyway, so going to server or high-end platform may be less 
> of a issue to begin with :-). 
>
> > One thing about FLReset (Function Level Reset): There's qu

Re: [qubes-users] How do I install packages to a template over a VPN?

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06/23/2016 06:16 PM, Chris Laprise wrote:
> There is an issue with updating a template over a vpn: The
> intercepting updates proxy normally runs in sys-net, which can't
> see inside the encrypted vpn traffic. This may be a cause of the
> problem, however it should really only manifest if you are using
> yum/dnf; Programs like wget should be able to access the net OK if
> you've set the template's firewall setting to 'allow...'.

I'm usually commenting out the yum/dnf proxy for such templates.
in case of fedora 23 /etc/dnf/dnf.conf
You will find the qubes proxy related line, comment out that line, and
the update will be successful.


- -- 
Zrubi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXbE+JAAoJEC3TtYFBiXSvl+IP/iL4KkBq5/liHyKfS0KlTcCv
8PsiLfIZ901cWDk/oTZXtUMO0IPhdx4Jm0RYYe4TOqNGyDm5rqAPx5BOTp9Voixp
4Y/Ecxfikp8ZwsK/xs07UorL3QNnFRzgrM5zk/AfJ8ztyDwXsYQ3MBP6h1HA78Zf
I5d4OSJsMPXCIL8NX1sMOJE8qxwnWbCTnFVSYdF8R7PwCBlQyla8V+zOHXiJ0AaK
8bfqE/xw79SahOhs7RTYRykGtbswdjD8JxKGSoHPBK/MozkqeeBBQZ772XBORFxZ
y5ldAgiQJDb2MvIXHMzP+UnB8DYpOjOwKo8/xdXEq2O5mSgoC3ccqTkIbP7HhOxA
MwEBzSsz8e32c7QVaZK16mBdh4mrTIJk3hI8ARJR1GkE+OIQ4Vaf5/jJjCjsgRGh
M2809aLRr0xJBPddoA20NbVb0/8jmafaD9NNmWZSYdZG4NUvUMM8tZLG3fkDWXjo
qWg0Qp7EZscvWARNObMuD35Peek8p0N294y37WdfhpYQEnvlDfMaIxFqP/egYOjv
J4s7McN6EN6ZBFUOe8RpRJKL6ZckkWCqX4GBInk4eXGVjfPguCkeElStDZBzVjC/
ReG9LL7RThblU6X+ikeqnhKDALiurXu7qR1pojSipYyNRLZ7YLzyXy/DJ+lum8kO
y3wDi9k3kC5ADL03Yrif
=4xyN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c131abc4-3f49-42f6-b9aa-3a59c439bd3a%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HVM Win7 libxenlight error?

[098321'091832'40918'30429812943]

Hello,

I like to check the QWT installation.

https://www.qubes-os.org/doc/windows-appvms/

If I use the command:

qvm-prefs Win7VM

than all this parameters are FALSE:

qrexec_installed
guiagent_installed
default_user

What can I do that QWT is running under Q R3.1?

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2610087-310a-46c4-afdc-0a1b60ae1f6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] interesting talk about intel CET/ME

[raahelps]

https://www.youtube.com/watch?v=W3AdFoJ8lCs  Over 10 years later people finally 
realizing the security implications.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b05d36f-dc4d-4eed-94e7-13bd2fc34591%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: VM CPU mapping - countermeasurements against covert channels via cpu caches?

[1039841094380918430'91843'09]

Assume my PC has to CPUs.

How I can configure Qubes that all black VMs are running under CPU0 and all 
other VMs are running under CPU1?

That would be cool!

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ae68167-1923-453f-a9c0-047029b0304d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: VM CPU mapping - countermeasurements against covert channels via cpu caches?

[1087340917834091784309178094378]

Hallo Andrew,

real crypto works always with air-gapped machines.

PC0 handels all encryptions (PC0 is sheltered) 
PC1 is the achive

The charme of this solution is, that the risk of bit-leaks,  of the crypto keys 
can mitigated.

In qubes I could use a dual CPU system.

CPU0 handels all encryptions in all CyptoVMs (PC is sheltered) 
CPU1 is the power-support for all other VMs

How I can make sure that all CyptoVMs are powered by the cores of the CPU0 and 
all others by the CPU1?

Kind Regards



P.S. Optional would be the (external) "crypto-chip" solution, like a FPGA 
board. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c10b5a5-b010-4206-9d2d-4368b478e0a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: VM CPU mapping - countermeasurements against covert channels via cpu caches?

[10'9438'109438'019438'091438'091324'80943218]

Hallo Andrew,

real crypto works always with air-gapped machines. 

PC0 handels all encryptions
PC1 is the achive

This setup (if PC0 is sheltered) allows to distribute documents without the 
risk of bit-leaks, e.g. with side channel attacks, of the crypto keys (game 
over, if you know it).

Q looks quite fine for doing a cleaner crypto setup. 

Perhaps to reach the goal, if on one cpu-core, the caches cannot be safe (I 
don't know if some real-time OS features or other stuff can prevent the 
cache-leakages between cores), it will be possible a Q-System with two 
CPU-chips and a feature that I can be sure that VM0 is using only core0 and all 
other VMs the core1.

So core0 can do all crypto stuff and core1 all application support.

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6742872f-bd0c-4c3c-a1da-a6ba6475b3e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] TheBrain installation - JRE Error?

[kersten . vogel]

Hi Francesco,

yes, I also lost some "Datebases", because PB7 is not a real database with the 
full data-base guarantees. I use now an Standalone Debian8 VM DSVM1.

i) the PB7 team help me to get the corrupt files again running (Win8 I got the 
W10 image on my limited SSD disk, this causes the PB7 DB crash), but I could 
restored it

ii) I use the calender function inside PB7, so frequently I made the 
Zip-snapshot of this funny "DB"

iii) I hoped with btfrs I can move forward and backward in time on a 
deterministic computer, but my QR 3.1 was not accepting btfrs, now
(Still apple has some similar modern disk filesystem like btfrs in the near 
future)

PB don't support Linux in the full form, but for me it is still working quite 
well. I have more the issues, how I can integrate PB7 smart into the Qubes 
Workflow, like open this URL in a DispVM, etc.pp.
The main problem PB7 don't support scripting in any kind :-(
And I don't know, if Q offers command URLs

PB7 in the SVM1 with the Thought-URL
Open:VM:Disp1:www.google.com
(Open google search inside the DispVM)

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78af5722-e267-449e-b63f-ba1943a91e30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to properly administer several templates?

[Jimmy Axenhus]

Den 2016-06-16 kl. 19:23, skrev Andrew David Wong:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-15 09:33, Jimmy Axenhus wrote:

Den 2016-06-15 kl. 11:14, skrev Andrew David Wong:

On 2016-06-15 01:56, Franz wrote:

On Tue, Jun 14, 2016 at 10:49 PM, Andrew David Wong
 wrote:

On 2016-06-14 15:20, Albin Otterhäll wrote:

I've eight different templates (copies, etc.) and
administrate them takes quite a while. How should I
streamline this and make it as easily as possible to
update and install applications across several
templates?


Personally, I found that the vast majority of time I spent
administering templates was spent on keeping them updated, so I
wrote a bash script to update them and set it to run
periodically as a cron job in dom0.



And what happens when the update process stops for some
reason, such as for being unable to verify packages or for
suggesting some manual steps?

Then it'll just fail to update. I log all the output and check it
periodically, so if something requires manual interaction, I just
do it manually at some later time. Most of the time, no manual
interaction is required for standard updating.


Would you mind sharing that bash script? It sounds way more
convenient than manually updating all the templates from the Qubes
VM Manager.


I'm sure it's suboptimal in many ways, so if you (or anyone else) sees
room for improvement, feel free to let me know. :)

As a GitHub Gist (with some syntax highlighting):

https://gist.github.com/andrewdavidwong/d0b109186de65835255d467ae103c289

As plain text:

##

#!/bin/bash
# Set the updatevm.
updatevm=sys-firewall
# Declare arrays of VMs to be updated.
Fedora=(
'fedora-23'
'fedora-23-minimal'
)
Debian=(
'whonix-gw'
'whonix-ws'
)
# Proceed only if the UpdateVM is running.
if qvm-ls $updatevm | grep -q Running; then
 echo "Starting update process."
 # Download dom0 updates.
 echo "Downloading updates for dom0 at $(date -Is) ...";
 sudo qubes-dom0-update -y;
 sleep 5;
 # Download Fedora VM updates.
 for vm in ${Fedora[*]}; do
 if qvm-ls $vm | grep -q Halted; then
 echo "Updating $vm at $(date -Is) ...";
 qvm-start --no-guid -q $vm;
 sleep 3;
 qvm-run -a --nogui -p -u root $vm \
 'dnf -y --refresh upgrade';
 sleep 10;
 qvm-shutdown -q --wait $vm;
 sleep 3;
 fi
 done
 # Download Debian VM updates.
 for vm in ${Debian[*]}; do
 if qvm-ls $vm | grep -q Halted; then
 echo "Updating $vm at $(date -Is) ...";
 qvm-start --no-guid -q $vm;
 sleep 3;
 qvm-run -a --nogui -p -u root $vm \
 'apt-get -y update && apt-get -y dist-upgrade';
 sleep 10;
 qvm-shutdown -q --wait $vm;
 sleep 3;
 fi
 done
 echo "Finished update process at $(date -Is).";
fi
exit

##

- -- 
Andrew David Wong (Axon)

Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXYuCYAAoJENtN07w5UDAwCR8P/iTbzgmV565vwtS6b9E+pAq7
TMvK2mRECwvhbuqSOCmCQqIkxXHkgjMfWUWRZowxA+BmmeS6fhUbQFiF7k/XoS/Y
D5uxP9txtmAlyFRQGtGvlylG9+0QzSfaGHyxxabJcbEMlh/6NEs/BplpJX9CwqqQ
uf6YIXlNCkuaP4wDEMdLg0eUrKb9GwicdWTxL4SGjZ9wK1t3RzbTtMHghBAsdr6Y
opx655TpmPW/1oG+K+CgGKEu6e1QwBDhmusRl9AxKLOdDUq9cqxeLycK7CZ6fBXQ
G4Ptbl5wTfsaDKwDsmM/QAoaC0BtkTjgwZmCvVT9YFcDz4+WClMRuL6mS8Ftx/cl
nF5xXaKg2F+sM08lZSAU2SvNlmJFygMGlbNFQpPatxw1KH/w4tXGguQFrrUQFzMm
pn8P7ThZSuCrCQ5xj3t1LRJFQuK712sGiR2xzlY9VB32uCr4YC+27Cm1IftGhoLM
ogo7UseqeiybPkpjB3JFOvXqMHvf8n//aeCs/ZIIUheWD2T1LCCd2DeRZ/rBiesX
XRsuwKJA+zAFh89MN+BRwYRf8elNVkLolM83++MSqA28BzkSrGbDes/SmG8svRUN
gNxIOsnzs04tvFyuoMmIeRrOBMDwBm7gbuBUkBJWyTBfO/SBF/NdMRil2k2C9IJI
JKZfz/5hkCQIaQpqprpZ
=o+UX
-END PGP SIGNATURE-



Now it's my turn!
Inspired by your script and the fact that it will probably be a few 
months until Qubes 3.2 is released I decided to go ahead and try a 
cleaner version of it. After looking at how the VM Manager does it I 
ended up with a completely rewritten script in Python. The difference is 
that this one is interactive (I prefer that) and it's starting them all 
right after each other. In other words you might get a bunch of windows 
popping up.


I have no idea how stable it is or if it's going to work in Qubes 3.2, 
but it works fine in 3.1.


License is CC-0 or GPLv2+. Pick the one you like.

https://gist.github.com/JimmyAx/818bcf11a14e85531516ef999c8c5765

###

#!/usr/bin/python2

import subprocess

from qubes.qubes import QubesVmCollection


if __name__ == "__main__":
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_reading()
try:
qvm_collection.load()
finally:
qvm_collection.unlock_db()

vms = qvm_collection.values()

exclude_vms = ("archlinux-aur", "archlinux")

processes = []
for vm in vms:
dom0 = vm.qid == 0
if not dom0 and vm.updateable and vm

[qubes-users] Re: VM & Apps comment box for the policies

[1092438'0194328'0914328'0914]

Merci!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2d760be-f19e-48d7-8c36-92d3e8363411%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HVM Win7 libxenlight error?

[1'0834701438'0913284'091823'409'1804329]

Hello,

I installed the test repos QWT and now like to test the QWT, if it will work.

Secure Copy and Paste:

I took some text from the web VM1 and try to copy it into the Win7-txt file.

But it was not working.

How I can use the secure copy and paste between Win7 and any VM?

Or how I can test E2E, if the QWT is working well?

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e97d45a7-6c7d-4cd0-9715-46c2decea9a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 24?

[Niels Kobschaetzki]

On 16/06/23 00:28, Marek Marczykowski-Górecki wrote:

On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote:

Hi,

what would I need to do to update an existing Fedora-template or install a new 
template to/with Fedora24?

Will Fedora24-templates come with Qubes 3.2?


In Qubes 3.2 we build packages also for Fedora 24. There is no prepared
template available, and packages aren't tested yet, but it should be
possible to upgrade using something similar to:
https://www.qubes-os.org/doc/fedora-template-upgrade-21/
Just replace 23 with 24 and probably use dnf instead of yum.


It seems that the commands might work but the packages in the Qubes-repo
have still dependency-problems with Fedora 24. It seems I need to wait
for 3.2.
And I am not eager to do an allowerasing or some force installing which
burnt me in the past (not with Qubes but in general).

The error messages are:
Error: package python3-dnf-plugins-qubes-hooks-3.1.16-1.fc23.x86_64 requires python(abi) = 3.4, but none of the providers can be installed.  
package qubes-gui-vm-3.1.5-1.fc23.x86_64 requires pulseaudio = 7.1, but none of the providers can be installed.

package xen-qubes-vm-2001:4.6.0-13.fc23.x86_64 requires xen-libs = 
2001:4.6.0-13.fc23, but none of the providers can be installed.
package qubes-core-vm-3.1.16-1.fc23.x86_64 requires 
python3-dnf-plugins-qubes-hooks, but none of the providers can be installed.
package qubes-core-vm-systemd-3.1.16-1.fc23.x86_64 requires qubes-core-vm, but 
none of the providers can be installed
(try to add '--allowerasing' to command line to replace conflicting
packages)

Cheers,

Niels

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160623193146.nksx3ah6c72rr2ob%40untrusted.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 23, 2016 at 12:07:29PM -0700, 
'01938'019384'091843'091843'09183'04918'029348'019 wrote:
> Hello,
> 
> wow cool. 
> 
> 
> Would this mean, I can in some way (extra manual work) use the full GPU power 
> in a WindowsVM or a LinuxVM, without security issues for the hole QubesOS 
> System?
> (Or should I first use this setup on a separate machine or some Qubes-Qubes 
> Dual boot machine).

I haven't reviewed the instruction details, but it most likely involve
running qemu process in dom0, which is a huge security drawback for the
whole system.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXbDXdAAoJENuP0xzK19csZJkH/0eH6sttRaGVL5FWbPrWkEN8
BrhB/9WA6fI/c0pVkNAQI0uzZwRlL+yQuKzI6Epi08kQXgO8AK/sUnc8C5l8u+jX
0Gv0fDwG9vEAsmMfCBkAnPun509JUjMonKgxE5KBb4mrz+3/KlLjj40+djRSDxRg
vr5U96EMeqDfLr7ikx1CMUSTGAAypQFXE7YyGKW+q9z/6mO3ya7bM7DVZhZEzBy7
vbK4Kau27ycpGCgWZ/T7ftQsrLbxC2O6fHHdl9AEeRBWPtiMfKktRa3QfoHwF7wc
xWDliQy7bQ3ieAd7n+lfbXd0Nxtu/Kv3UwQVJXOLSYrmc9/YkzMafAzR6rQPd6A=
=m+57
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160623191749.GN1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Windows Black Thursday

[039812309418'0329481'09348'1092348]

Hello,

today this morning I had my black Windows Thursday...

I switched on my Windows Laptop (some professional one) and see a black Windows 
Screen: Plugin your Disk!

In the last month, in a strange way, the system becomes more and more slow and 
now the SSD disk crashed totally, from one hour to the next.
(That was now the second disk-crash on Windows, the first was a HW virus and 
another two with the Mac).

Conclusion (valid for any OS):

- a stable performance over the usage-time is key
- a protection against disk-killers are key
- a system health-measurement is key
- a backups strategy is key

Good Luck and Watch out!

Kind Regards

P.S. But my Qubes OS is running fine :-)






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1246e797-5fb5-4f8b-a55c-0c15ebc05c34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

['01938'019384'091843'091843'09183'04918'029348'019]

Hello,

wow cool. 


Would this mean, I can in some way (extra manual work) use the full GPU power 
in a WindowsVM or a LinuxVM, without security issues for the hole QubesOS 
System?
(Or should I first use this setup on a separate machine or some Qubes-Qubes 
Dual boot machine).

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/45750a15-2f9f-4daf-b413-9cfea370238b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I install packages to a template over a VPN?

[James Ward]

I'm reinstalling to clean up all the experimenting I did yesterday just to 
get a fresh start, but I do have one more question I can't seem to find the 
answer to. How do I make the default user the same as dom0 (i.e. jeward in 
my case)? I regularly ssh into other system as jeward and this would just 
be so much more convenient than "user".

On Thursday, June 23, 2016 at 9:16:56 AM UTC-7, Chris Laprise wrote:
>
> There is an issue with updating a template over a vpn: The intercepting 
> updates proxy normally runs in sys-net, which can't see inside the 
> encrypted vpn traffic. This may be a cause of the problem, however it 
> should really only manifest if you are using yum/dnf; Programs like wget 
> should be able to access the net OK if you've set the template's 
> firewall setting to 'allow...'. 
>
> Another thing to look out for when using qubes-setup-dnat-to-ns is that 
> it needs the vpn-specific nameservers entered into /etc/resolve.conf (in 
> the vpn vm) before its run. This has to be done each time the vpn vm 
> boots, unless you change it in the template. 
>
> In my previous message, I mentioned you could download the packages in 
> an appvm then transfer them to the template vm for installation. Another 
> possible solution is to create a Standalone appvm: It will permanently 
> accept installed programs and also be able to access the net like a 
> template-based appvm. 
>
> Chris 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b62f762-7c1e-40de-a91e-7cc4f9b7c5c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I install packages to a template over a VPN?

[James Ward]

Standalone Appvm sounds like the way to go. I'll look for instructions! 
Thanks!

On Thursday, June 23, 2016 at 9:16:56 AM UTC-7, Chris Laprise wrote:
>
> There is an issue with updating a template over a vpn: The intercepting 
> updates proxy normally runs in sys-net, which can't see inside the 
> encrypted vpn traffic. This may be a cause of the problem, however it 
> should really only manifest if you are using yum/dnf; Programs like wget 
> should be able to access the net OK if you've set the template's 
> firewall setting to 'allow...'. 
>
> Another thing to look out for when using qubes-setup-dnat-to-ns is that 
> it needs the vpn-specific nameservers entered into /etc/resolve.conf (in 
> the vpn vm) before its run. This has to be done each time the vpn vm 
> boots, unless you change it in the template. 
>
> In my previous message, I mentioned you could download the packages in 
> an appvm then transfer them to the template vm for installation. Another 
> possible solution is to create a Standalone appvm: It will permanently 
> accept installed programs and also be able to access the net like a 
> template-based appvm. 
>
> Chris 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3fcde457-dadf-4c75-87d9-2e554fc8d8ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Issues with Qubes 3.2-rc1 on Dell XPS 13 (2016)

[Alex]

On 06/23/2016 07:30 PM, un.si...@gmail.com wrote:
> 
> As for the USB nic, it doesn't show up in the list of available
> devices when I try and assign it to sys-net. It might be an
> incompatibility with this specific USB nic, and I'll try with a
> different device when I get home if we're not able to solve the
> issues with the built-in device.
Please note that you cannot redirect single USB devices, but ONLY PCI
devices (that's how VT-d works, AFAIK); an USB controller counts as a
single PCI device as a whole, with its root hub and all attached devices.

You will have to find the USB controller that handles the USB port you
used to attach your NIC, and redirect all that. Note also that,
oftentimes, laptops have only one USB controller for all ports: if this
is the case and you remove the USB controller from dom0 to attach it to
the NetVM, all USB devices will be attached to the NetVM. If you use USB
keyboard/mouse they will not work anymore for dom0, because they will be
attached to the NetVM.

To redirect single devices (sort of) you will have to set up and use an
UsbVM.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ad88c50-f2c0-f3bf-421e-32db659deb77%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Issues with Qubes 3.2-rc1 on Dell XPS 13 (2016)

[un . sined]

On Thursday, June 23, 2016 at 10:00:24 AM UTC-7, Alex wrote:
> On 06/23/2016 06:54 PM, *** wrote:
> > I'm working on getting Qubes running on my new laptop (Dell XPS 13
> > 2016 edition). It was exciting to see that dom0 was updated to the
> > 4.4.x kernel which included support for my wireless card.
> > 
> > It turns out that the appVM's were still running Fedora 23, which
> > only has a 4.2.x kernel, and does not include support for my wireless
> > card. Unfortunately, this wireless card is the only form of
> > networking available on the XPS 13.
> The kernel in AppVMs in Qubes is NOT the one from the distribution, but
> one with paravirtualization enabled and some optimizations by the Qubes
> team.
> 
> If you successfully upgraded to 3.2Rc1, you'll find that in the AppVM
> settings (Advanced tab) you can choose the 4.4.12-9 kernel (I had to
> choose that for all my AppVMs). Make sure you select that kernel and try
> again.
> 
> You may want to use a different network connection to update dom0,
> specifically the kernel-qubes-vm package.
> 
> > 
> > There were a few installation issues:
> > 
> > 1) During install an error that the chrony package was unavailable
> > occurred. It was possible to continue despite this error
> Happened to me too, and forgot to mention that in my feedback ;) it
> doesn't seem to be a problem, as you say the installation continues.
> 
> 
> > 2) The EFI boot entry was not created. I was able to create this
> > manually and successfully boot (should I be using the xen.efi or
> > xen-4.6.1.efi to boot, or does it matter?).
> Lucky you, my installer froze when installing the EFI bootloader.
> 
> > Now, for the questions that may get me unstuck:
> > 
> > 1) Is it possible to update the appVM template to Fedora 24 via a USB
> > stick?
> That should not be necessary, please try with a newer kernel first.
> 
> > 2) Is it possible to use a USB wireless NIC? If so, how can I do this
> > without being able to install the qubes-usb-proxy in the appVM? Is
> > there a way that I can install this via a USB stick?
> You may attach the specific controller with the USB nic to your NetVM
> with the VM Settings / Devices tab.
> 
> -- 
> Alex

Thanks for the tip on the kernel version. I didn't know that option existed. 
Unfortunately, I was already running the 4.4 kernel, so it seems that kernel 
version is not the problem.

>From the command line of the sys-net VM, I'm able to see the built-in card 
>when running lspci (it's also assigned to sys-net in the VM settings), and can 
>see the kernel modules loaded when running lsmod. 

However, when running ip a or ifconfig -a, I do not see the interface listed.

Any ideas?

As for the USB nic, it doesn't show up in the list of available devices when I 
try and assign it to sys-net. It might be an incompatibility with this specific 
USB nic, and I'll try with a different device when I get home if we're not able 
to solve the issues with the built-in device.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66ca5886-056c-4b38-afed-e322ade8d96b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: whonix gateway metapackage missing

[entr0py]

digitaldi...@tutanota.com:
> Turns out whonix still runs, or at least sys-whonix does, I'm in the 
> process of updating dom0, and arm for sys-whonix is showing plenty of 
> activity that I couldn't get before(when I was trying to update Whonix-gw 
> template vm
> 
> On Thursday, June 23, 2016 at 10:13:45 AM UTC-5, digita...@tutanota.com 
> wrote:
>>
>> hi, I rebooted my computer this morning and had a prompt saying that the 
>> whonix gateway metapackage is missing, which prevents me from updating 
>> dom0, as well as whonix(tried to do that to fix the issue). I have two 
>> questions:
>>
>> what caused this? or what possibly caused this?
>>
>> how do I fix it?
>>
>>
> 

Most likely you upgraded from Whonix 12 to Whonix 13 without knowing it.
Follow these instructions: 
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13
If this resolves your issue, then there's no need for concern.


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/576C16CE.7030507%40vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Issues with Qubes 3.2-rc1 on Dell XPS 13 (2016)

[Alex]

On 06/23/2016 06:54 PM, un.si...@gmail.com wrote:
> I'm working on getting Qubes running on my new laptop (Dell XPS 13
> 2016 edition). It was exciting to see that dom0 was updated to the
> 4.4.x kernel which included support for my wireless card.
> 
> It turns out that the appVM's were still running Fedora 23, which
> only has a 4.2.x kernel, and does not include support for my wireless
> card. Unfortunately, this wireless card is the only form of
> networking available on the XPS 13.
The kernel in AppVMs in Qubes is NOT the one from the distribution, but
one with paravirtualization enabled and some optimizations by the Qubes
team.

If you successfully upgraded to 3.2Rc1, you'll find that in the AppVM
settings (Advanced tab) you can choose the 4.4.12-9 kernel (I had to
choose that for all my AppVMs). Make sure you select that kernel and try
again.

You may want to use a different network connection to update dom0,
specifically the kernel-qubes-vm package.

> 
> There were a few installation issues:
> 
> 1) During install an error that the chrony package was unavailable
> occurred. It was possible to continue despite this error
Happened to me too, and forgot to mention that in my feedback ;) it
doesn't seem to be a problem, as you say the installation continues.


> 2) The EFI boot entry was not created. I was able to create this
> manually and successfully boot (should I be using the xen.efi or
> xen-4.6.1.efi to boot, or does it matter?).
Lucky you, my installer froze when installing the EFI bootloader.

> Now, for the questions that may get me unstuck:
> 
> 1) Is it possible to update the appVM template to Fedora 24 via a USB
> stick?
That should not be necessary, please try with a newer kernel first.

> 2) Is it possible to use a USB wireless NIC? If so, how can I do this
> without being able to install the qubes-usb-proxy in the appVM? Is
> there a way that I can install this via a USB stick?
You may attach the specific controller with the USB nic to your NetVM
with the VM Settings / Devices tab.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5427936-fabc-f7e5-e7bc-4c10e26e289f%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Issues with Qubes 3.2-rc1 on Dell XPS 13 (2016)

[un . sined]

I'm working on getting Qubes running on my new laptop (Dell XPS 13 2016 
edition). It was exciting to see that dom0 was updated to the 4.4.x kernel 
which included support for my wireless card. 

It turns out that the appVM's were still running Fedora 23, which only has a 
4.2.x kernel, and does not include support for my wireless card. Unfortunately, 
this wireless card is the only form of networking available on the XPS 13.

There were a few installation issues:

1) During install an error that the chrony package was unavailable occurred. It 
was possible to continue despite this error

2) The EFI boot entry was not created. I was able to create this manually and 
successfully boot (should I be using the xen.efi or xen-4.6.1.efi to boot, or 
does it matter?).

Post installation, I encountered the issue above.

Now, for the questions that may get me unstuck:

1) Is it possible to update the appVM template to Fedora 24 via a USB stick?

2) Is it possible to use a USB wireless NIC? If so, how can I do this without 
being able to install the qubes-usb-proxy in the appVM? Is there a way that I 
can install this via a USB stick?

I'm open to other suggestions on how to solve the issues that I'm encountering, 
and would be happy to try most suggestions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c419672-3e7a-47aa-aeb7-458bc769ede5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: whonix gateway metapackage missing

[digitaldijjn]

turns out that after I updated dom0 and rebooted the message went away, 
currently updating whonix

On Thursday, June 23, 2016 at 10:33:30 AM UTC-5, digita...@tutanota.com 
wrote:
>
> Turns out whonix still runs, or at least sys-whonix does, I'm in the 
> process of updating dom0, and arm for sys-whonix is showing plenty of 
> activity that I couldn't get before(when I was trying to update Whonix-gw 
> template vm
>
> On Thursday, June 23, 2016 at 10:13:45 AM UTC-5, digita...@tutanota.com 
> wrote:
>>
>> hi, I rebooted my computer this morning and had a prompt saying that the 
>> whonix gateway metapackage is missing, which prevents me from updating 
>> dom0, as well as whonix(tried to do that to fix the issue). I have two 
>> questions:
>>
>> what caused this? or what possibly caused this?
>>
>> how do I fix it?
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb7533ba-d209-43c2-a90b-7e353ac6bc09%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Chris Laprise]

Continuing this in James' original thread...
https://groups.google.com/d/msgid/qubes-users/fbc140cc-94e4-4218-8095-3a73d346296f%40googlegroups.com

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b98a35a9-e448-a4c8-be27-a890b607d747%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I install packages to a template over a VPN?

[Chris Laprise]

There is an issue with updating a template over a vpn: The intercepting 
updates proxy normally runs in sys-net, which can't see inside the 
encrypted vpn traffic. This may be a cause of the problem, however it 
should really only manifest if you are using yum/dnf; Programs like wget 
should be able to access the net OK if you've set the template's 
firewall setting to 'allow...'.


Another thing to look out for when using qubes-setup-dnat-to-ns is that 
it needs the vpn-specific nameservers entered into /etc/resolve.conf (in 
the vpn vm) before its run. This has to be done each time the vpn vm 
boots, unless you change it in the template.


In my previous message, I mentioned you could download the packages in 
an appvm then transfer them to the template vm for installation. Another 
possible solution is to create a Standalone appvm: It will permanently 
accept installed programs and also be able to access the net like a 
template-based appvm.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c769cf1b-7ef9-d941-fa26-50bfc1edf321%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: whonix gateway metapackage missing

[digitaldijjn]

Turns out whonix still runs, or at least sys-whonix does, I'm in the 
process of updating dom0, and arm for sys-whonix is showing plenty of 
activity that I couldn't get before(when I was trying to update Whonix-gw 
template vm

On Thursday, June 23, 2016 at 10:13:45 AM UTC-5, digita...@tutanota.com 
wrote:
>
> hi, I rebooted my computer this morning and had a prompt saying that the 
> whonix gateway metapackage is missing, which prevents me from updating 
> dom0, as well as whonix(tried to do that to fix the issue). I have two 
> questions:
>
> what caused this? or what possibly caused this?
>
> how do I fix it?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/18aeca92-d742-49e2-bb85-262fdccd842d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] whonix gateway metapackage missing

[digitaldijjn]

hi, I rebooted my computer this morning and had a prompt saying that the whonix 
gateway metapackage is missing, which prevents me from updating dom0, as well 
as whonix(tried to do that to fix the issue). I have two questions:

what caused this? or what possibly caused this?

how do I fix it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29b22402-aaac-4b3a-910b-7323e6d343c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 06:20, Rusty Bird wrote:
> Hi Chris & everyone,
> 
>> On 06/23/2016 06:53 AM, Andrew David Wong wrote:
> 
>>> On 2016-06-23 03:49, Rusty Bird wrote:
 Hi Andrew,
 
> On 2016-06-22 21:58, Todd Lasman wrote:
>> On 05/16/2016 11:44 PM, Andrew David Wong wrote: I seem
>> to have this exact same problem, but only after
>> installing Qubes 3.2 (worked fine with 3.1) on my
>> Thinkpad T430.
> Very interesting. Perhaps my suspicion about the AEM 
> installer having recently changed was right after all?
 IIRC and going by the dates on the pages below, the
 installer and all other code changes were before R3.1 (only
 the README has changed since):
> 
>>> Ah, perhaps not then. It remains a mystery!
>>> 
>> If it changed after initial 3.0 release (esp. later on, near the 
>> 3.1 release date) then that would actually make sense.
> 
> There is something the people for whom AEM fails on UEFI could
> try:
> 
> [...]

Not sure if this is directed at me, but I was/am not on UEFI. (If you
were already aware of this and were talking to other people, my
apologies.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa+NFAAoJENtN07w5UDAw5q8P/16kAWjSnG/OYaGRRgX6V91m
6EKiypRoxHPGZrRf4QGDiSGzaZDOQzwCfWXQer24SB6AKwDpumW5vm3q7OgcAqCd
3qi0scV0KgUnFrqs8pxgJ7Ojs6kl6vAv1ugYo5pR6/Q3L8gEcra2j/9Dj7FV6kqo
f8X9gmgd7wVB2J6KMJ5HxLterBcx/uN4aG8WR2Oit2sDvJOoqvQQlv+h5zbm7EGo
6P1A5mOidIrOBhBuTQ+8ZqaU8INJa8VuYMwGuGpCJVAQgPKNF3ZqpKCgDce7N5hI
c3AkJMnsxb/VHyAV4c43gjAOcr9WqhbRpa4zH8oiPAhBp8LxmFBAibMuBREVa5cp
li4WGDrplS5mzIDrTPCiaCLzdyRPvfX6J+ZG2wEco82YVpAJWxWh6ennZiV2DDEy
V3YZJHO4ukZCQsPGpWPgucr+M39R0rYS1qr83WUA5oYii9VRU2y+HzMtmpMSs0dG
rvL8Vnu6pSqHrtvkZcLCZLEVSyh3xUYArYzfLXlgZeXoCKkGy3Xf15p4oqb1HheT
QqpnRj7b9P9WGJo91p6d/xhi2erNm/vyDdWmgqnA3qRcALz+67OaRH7/5QvePTVY
RD/1JIKj/3eQ4vRLP5seRsDWLoGMh0kQij9UCbmUzyC4kwUq4JpC0qpdOujqd0fy
m//6FjSVH/XIugK1V1cA
=cwuz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccdac4b3-8d84-11bc-23f2-a91e8838d59d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 Rc1 feedback

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 04:45, Alex wrote:
> On 06/23/2016 09:38 AM, Andrew David Wong wrote:
>> On 2016-06-22 01:32, Alex wrote:
>> 
>>> Had a working Qubes 3.1 installation, and the only problem was
>>> that it could NOT be used with UEFI (even if the motherboard
>>> supports it, and the Qubes installer does boot and starts in
>>> EFI mode), [...]
>> 
>> I think this is to be expected. R3.1 does not support EFI.
>> 
> Actually it should, at least per the release notes: 
> https://www.qubes-os.org/doc/releases/3.1/release-notes/ (new
> features since 3.0, it says "UEFI support") and I remember
> following the github ticket for this very bullet point, and it was
> completed successfully.
> 

My mistake. You are correct.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa+DqAAoJENtN07w5UDAw1a4QAMdNrkfGVSf/blQjZKAStF40
rB0XRKc0yrY7cp641EH8SiIPGz1Z1tExE904Vo1lb7uvnbQqc/5WxTNcbQ/x1OVd
euQOMub+8rQ0pov4rTMJH7W0E8LGbd3Tq+7FVwC9WMEJlyRozbz9eI/2Yp78Kbdx
1YfDrjABzFOVwXhmlVT3/xuBwxuxiZVythLGz4945n9V2Pzdsjtf5R4RPatSblnO
DygTRSqPWX2o6yZqCCm2LihQf2jPi0cj8smCVolPUv1KAFMLp7OhqSYPSvj2aKTz
3nf9pDZUAxsM4NQUplv0r5HdzoWbqXglcz82D8u+80cwY3uACWms5/SdJEBCan9+
MQralmdpIHFmuZWpK+IJksFDjYBfskOzRrlGgO9NsPp7ZexqddaLxqLgGZA4TdlW
ktAnUmZLDU/rwOvA1gnvlZzd8UR7dipaED9eiJfJSD09etwE6AT5/kZwbVxtwwc0
uT3nclR0BGlEqiEa+dMsR5/wyeqqnsdQlIjMKq9+cg8ZWxJIEnGNskERj2eks4CO
HZOTUtqFQ9ZHzNEDhVKlShva/vclpg1I3wZtuSGSVcP9e+yd5QpaYCsuFuDvx3Xu
iYqQv9zhmfH5glNS3OXZecCqEsy5/AOge84JE/phsgkZ2ocFOxs92lo93+V5LRHa
uaCmSFo2qBKToQztMQhC
=BKlG
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27832b9f-3f94-c259-f86a-43d9dcfff738%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 Rc1 feedback

[Alex]

On 06/23/2016 09:38 AM, Andrew David Wong wrote:
> On 2016-06-22 01:32, Alex wrote:
> 
>> Had a working Qubes 3.1 installation, and the only problem was that
>> it could NOT be used with UEFI (even if the motherboard supports
>> it, and the Qubes installer does boot and starts in EFI mode),
>> [...]
> 
> I think this is to be expected. R3.1 does not support EFI.
> 
Actually it should, at least per the release notes:
https://www.qubes-os.org/doc/releases/3.1/release-notes/ (new features
since 3.0, it says "UEFI support") and I remember following the github
ticket for this very bullet point, and it was completed successfully.

I suspect this would happen with any plain linux distro, and suspect it
to be a bug in grub-efi, but since it takes a lot of time to trash a
system just to test with partitions/boot sectors/boot loaders I can't
invest more time on this specific workstation. I do apologize for this;
I'd like to help.

If details are needed:
- partitions have been decided autonomously by the installer
- it decided to put a 500MB /boot partition (/dev/sda1), followed by a
200MB /boot/efi partition (/dev/sda2), followed by the lvm container
(/dev/sda3)
- During boot loader installation, I can see three messages in the
anaconda log, but cannot remember them exactly. The first is "I'm gonna
install the bootloader!", the second says "Installing stage1 in
/dev/sda1" and the third says "Installing stage2 in /dev/sda2" - the
system freezes as soon as the third message appears.
- Checking online, two potential issues were mentioned:
  * There may not be enough space on the EFI partition
  * There may be older GPT data that may be picked up
- To try and debug the first issue, I let the installer set up the
partition tables and forced the EFI partition (/dev/sda2) to be 600MB
instead of 200 - same freeze on the same log message
- To try and debug the second, I "dd'ed" from /dev/zero to /dev/sda for
~8GB, and tried again reinstalling - same freeze on the same log message
- I don't know how grub-efi is supposed to work, but I do know grub
(stages/menu/etc) - is it right for an EFI installation to put a stage2
in the EFI partition?


That's everything in detail; hope this helps!
-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49bf1229-05ac-a65d-30dc-65f9bfb3ac06%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

[Chris Laprise]

On 06/23/2016 06:53 AM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 03:49, Rusty Bird wrote:

Hi Andrew,


On 2016-06-22 21:58, Todd Lasman wrote:

On 05/16/2016 11:44 PM, Andrew David Wong wrote: I seem to
have this exact same problem, but only after installing Qubes
3.2 (worked fine with 3.1) on my Thinkpad T430.

Very interesting. Perhaps my suspicion about the AEM installer
having recently changed was right after all?

IIRC and going by the dates on the pages below, the installer and
all other code changes were before R3.1 (only the README has
changed since):

[...]

Rusty


Ah, perhaps not then. It remains a mystery!

If it changed after initial 3.0 release (esp. later on, near the 3.1 
release date) then that would actually make sense.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb05403b-c5ff-f005-23d3-29ff89cd075b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 03:49, Rusty Bird wrote:
> Hi Andrew,
> 
>> On 2016-06-22 21:58, Todd Lasman wrote:
>>> On 05/16/2016 11:44 PM, Andrew David Wong wrote: I seem to
>>> have this exact same problem, but only after installing Qubes
>>> 3.2 (worked fine with 3.1) on my Thinkpad T430.
> 
>> Very interesting. Perhaps my suspicion about the AEM installer 
>> having recently changed was right after all?
> 
> IIRC and going by the dates on the pages below, the installer and 
> all other code changes were before R3.1 (only the README has 
> changed since):
> 
> [...]
> 
> Rusty
> 

Ah, perhaps not then. It remains a mystery!

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa7+SAAoJENtN07w5UDAwuXkP/R1aLX1n7xm50huX93/YxSnE
vrR1RiLytNMUSEBF8jz/8F0TSivVK/40qm6LBEF42UpLQUnjx7NDX+zCmeToLxBE
WacBzx5osT7vCS3QCdd3Z8RO2pVKQ2Fn4w56ucSXJtV8v6nn29mPdTVwtXpH+HxI
rC/QvmN/ZvH3+5rwXcH5qE+mSn3+OKKVLXW0LdmOfqw2aa208Rk/VJ2FnpYGlIyq
RNeE9JpQOiEsvxt2g9S+pACzeC5deN/xn7myhLKjGtMKEhsIwr5IrAIzOwv7Ir/o
nrB3jOiP8k3Hai/Zn3tPYZrg7/MycIY06KPK0Qr2KnSYLF/Tq4bhMupopprluIDK
L2NQ5L7bEFtUQUEFnO0xrOev8JTQrVsxllBBtxyedcyQGFxPDz8+YnKezW4MUKlQ
pmcJgsPw+3Zf7Dqrw7SJKdOjbg602tz53g1GnknDIkPkHEKCVz5Udn+6kVDV0ZRk
El7RXjaa70I1CFO8F3QwGBcTn9PWbUrgPl2nwbOmPUGsoI/crsea2KR5GQHdHmw/
5xV9yIcRp81l/T9GG2eswuFOEZcPdFo11HVkXZhHLgO5vavAEhlTuqXArA4iV0wx
S33T9RDYnaf5+aLIIs3Itf3QY3lYthIABZnPFb+acx+Gm9n0Vnpbt3Ptfxq4usIb
CepoRxYGUqaQE4tMfE9r
=4PlM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d74651d-99d9-be82-79f6-45fe04cc91cb%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 03:40, Ward... James Ward wrote:
> Yeah, I tried that. Template still times out where a VM based on 
> the template doesn't need any firewall modifications to install
> the firewall.
> 

That's very strange. If you've set things up correctly, there
shouldn't be any restrictions on your network access from the
TemplateVM.

Are the "Allow ICMP traffic" and "Allow DNS queries" boxes checked?


P.S. - Please don't top post.

> On Thu, Jun 23, 2016 at 12:03 AM Andrew David Wong 
>  wrote:
> 
> On 2016-06-22 18:17, Chris Laprise wrote:
 
 
 On 06/22/2016 08:45 PM, Ward... James Ward wrote:
> I have even bypassed the firewall. I've got the VPN ProxyVM
> pointing directly at NetVM.
> 
 
 That doesn't bypass the firewall exactly. The vpn vm is also 
 a firewall, and it accepts the firewall settings of other
 vms that are pointing to it. So you would have to 'allow
 full access' from the template's firewall settings.
 
 Chris
 
> 
> Yes, Chris is right. Make sure your VPN ProxyVM is set as your 
> TemplateVM's NetVM, then try using the "allow full access for N 
> minutes" option.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa78EAAoJENtN07w5UDAwHuwP/3D9vwS4HwyoJ7dapxv/izaJ
3UeKF1D0g5A7uSZnpYzC16pz6pWyB2VYGbXjUznfFkUFkDcBUMdleDJOPiLSpRpj
tbEXJr3f0qD054HUdX713aYDA3CaojOqhOACKIFophQxZ9Bcw8ISFmF8YhKOHM57
gEwFSX5xqR1x/4GJ+0eCSvmcZcusDDACY6zeiCiGRfY1vaTBVGADyOATRe9x4Itg
kbHOPG3w8fZgt48pWJhhwrbFlyD872EVDbmNttS9St7vinEHdU3OsBaiMyH0R/Qc
l5oTEv63PhMgEWU+mXg8MVqMUjHExkWE+Ki3ERn4bFVGAwRQXzCLKedXH48DWZFB
dLIEuQrCLzlKZofI5MRN4h+ap0eGvqWtRv+zDF7BC4RvyPyZKyXbqXwc5J0O1F/Z
/90SxC9T5VbZraxWvaqy2SrhQTuIDm6BaOcFtNK8JJRteBfwwlTHVwfW6z0vv8eb
b4m9yqeypIIu12rvz2Mfz+iTynW73zctc62aZ1q7yfaTmMRP7Qs+yKJF/U9ZjfsS
s8Jde9Rb1QkK7AuybypeGdoly12Hvq1t8Bw2Rsd5h5w8kS3M6OLToIevfgkiU3zN
wwAdvoNb34Lcm2UuvDKy1tweIPai8581ymQYT6milH4kCPc2OUwCsk2g5JtT/HOr
JyW9lUgiUGYSjpgGOsw4
=dyKt
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd9f12e8-598a-3227-34e6-126745919f8d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Ward... James Ward]

Yeah, I tried that. Template still times out where a VM based on the
template doesn't need any firewall modifications to install the firewall.

On Thu, Jun 23, 2016 at 12:03 AM Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-06-22 18:17, Chris Laprise wrote:
> >
> >
> > On 06/22/2016 08:45 PM, Ward... James Ward wrote:
> >> I have even bypassed the firewall. I've got the VPN ProxyVM
> >> pointing directly at NetVM.
> >>
> >
> > That doesn't bypass the firewall exactly. The vpn vm is also a
> > firewall, and it accepts the firewall settings of other vms that
> > are pointing to it. So you would have to 'allow full access' from
> > the template's firewall settings.
> >
> > Chris
> >
>
> Yes, Chris is right. Make sure your VPN ProxyVM is set as your
> TemplateVM's NetVM, then try using the "allow full access for N
> minutes" option.
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXa4m6AAoJENtN07w5UDAwMaIP/2CFulCr86nj9QPOeMBSeMlc
> p075EnYJO14WNLWCy2yz3gk5XoAwpyVpSnENmauF3LBZspk5ytm2cChTQGWQApSt
> vALACA+RVyxUC29f3ifucahvKOnCHllEdJVqVEPuPyTUzdNLUeyV/TgJG5UglDrw
> zwej85Q6dxe39KKguNhUmRh+uVqIlSgl4N1Fr3Q2xnRNKrUCjjykOHliRRgAkNrW
> vPiGyJjHgh3uOQE+29Id0xceLJ5jIvVYAIrAE+IBx0eQK82OGjAhRQeEuP+irPMY
> ie2AM7XRdvNM7aMNAbCmZG744xbBHrpTpf7ic2KwxJwVW4D3miSaf2p6sgKNCPAm
> G1yofnpWXhtgx0kmiZ2ASlS5NHCpUh3y5LQHvy302FwlokJRgTwBm4bKBNmmSEUB
> CHguBr/YAhKD6vqMWTYuMcUDZcXIAjkpa+vnbOaXE+3FMP78c7yeha/jrfijUzw4
> DBVOPQP9vGfdwVqtdIEFxZx0hXtPk2H76JgWX5tchcoIk3EbwEVMrs8sP7ze5Yg1
> t4B3ZoxC3BlJ4RsEmR9yznFHkSGWIdb1VjpzFRLv6/1BPjM+wd5CvC1KYUE8u3DW
> bgS9uS+t7DLQ4bJ9VHdpxX7kwVmAbfa32C1RNaVH0TjTjUa3VQFIpAbOsYV/foKd
> kW9sCqlvbK2nJ2/kWo7r
> =6FUO
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADmwtgBLLhjhh4%2BtSDf%3DJVRQNEfahhZ6yh8GctmiF8YpWyKcNQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 24?

[niels]

> On June 23, 2016 at 12:28 AM Marek Marczykowski-Górecki 
>  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote:
> 
> > Hi,
> > 
> > what would I need to do to update an existing Fedora-template or install a 
> > new template to/with Fedora24?
> > 
> > Will Fedora24-templates come with Qubes 3.2?
> 
> In Qubes 3.2 we build packages also for Fedora 24. There is no prepared
> template available, and packages aren't tested yet, but it should be
> possible to upgrade using something similar to:
> https://www.qubes-os.org/doc/fedora-template-upgrade-21/
> Just replace 23 with 24 and probably use dnf instead of yum.

Thanks a lot for the information. I will probably try my luck tonight :)

Niels

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1040724932.47555.1466677966942%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Opening links in your preferred AppVM

[Chris Laprise]

On 06/22/2016 02:38 PM, Micah Lee wrote:

I published a quick blog post explaining how I do this:

https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/



Hi Micah,

I liked your new article on messaging apps. Just wondering if you've 
looked at Ring.cx yet... Its open source, has a Linux app and connects 
through DHT so it doesn't have the server issues you mentioned.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb162413-6de6-a49b-21d5-652c313f4180%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2RC1: number of issues

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-21 22:04, Dima Puntus wrote:
> Hi,
> 
> Here's the info:
> 
> System: HP Elitebook 2570p (3840QM, Intel HD4000, 16GB RAM, 250GB 
> SSD)
> 
> Qubes 3.2RC1,
> 
> 1. Dual monitor setup seems glitchy, by default the system mirrors
>  the screens but if you force it via xrandr, the laptop screen goes
>  black, can't right click on it but can drag windows into it and 
> maximize. The panel always stays on the external monitor. Same 
> setup using Qubes 3.1 works like a charm out of the box. There's no
> display/monitor section under system settings.
> 

Yes, others have also reported this. It seems that there are some
missing packages in dom0. For now, you can work around this by
installing kscreen:

$ sudo qubes-dom0-update kscreen

This should make KDE recognize your external monitor. Then you should
be able to run kscreen like so:

$ kcmshell5 kscreen

(Thanks go to Micah Lee for providing these instructions.)

Tracking here: https://github.com/QubesOS/qubes-issues/issues/2084

> 2. USB mouse (Razer Abyssus) sensitivity is too low by default and
>  can't be adjusted via system settings. Works fine in Qubes 3.1 
> Trackpad is fine.
> 

Hm, strange. Could this be a hardware compatibility issue with the
mouse? Can you test whether it works with baremetal Fedora 23?

> 4. Sensors Viewer doesn't register max CPU temps when changing 
> polling interval (I normally set it to 1-3sec). Same issue in Qubes
> 3.1
> 

It sounds like this might just be a limitation of the Sensor Viewer
applet. You may want to consider filing a report with whoever develops
it.

> 5. Plasma crashes when trying to change the default theme. That 
> seems to be related to plasma 5.x as it crashes on every standalone
> linux machine for me including Kubuntu 16.04.
> 

Might be worth filing a report with the KDE developers about this.

> 6. Question: is it possible to set max CPU threshold per VM? I can
>  only set it for all 8 vcores using xenpm
> 

I probably have no idea, but may I ask what exactly you mean by
"threshold"? As in, speed? (You can adjust the number of VCPUs assigned
to a VM in the "Advanced" tab of the VM's settings in Qubes Manager.)

> Thank you and hope this info helps improving some rough edges in 
> the new version.
> 

Thanks for your feedback!

> Let me know if you have any questions.
> 
> Dimitry
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa5UTAAoJENtN07w5UDAwtgAP/0LbD7HCQRWNN9eVHh3qIoik
HeVBPmcHZGK8RbyfGRrQNyGB4/MkzzIok73+c373mr92y318S7VunqgymklXKb/U
0f0CsDKEZjWbgokGJ0dL6cTWx5EpBY9gdSrBPCLmPzIwJOTGxE6zOMQqk4GTpAtg
ZkkvJpPGoYzzEjSrUEK59E2TKV4BK/az6o3wSbWG1fKM4nDjD2LDa8Osk/EmXKr4
1Zml8shaOddsJ8VkmNTdA93wJXQQJKtdVcVrCCiv0wI7FEakKwVPe5Mw3pdPONfa
pZnMEr7fwPBhJDpbzW0/mBsAGhFGNyEIO1TWci86RgGOT8n9kD4zsPN/wnYsyeFp
cBgOlU5SRuIZD2ibcipZPGBh8WiolbVG3E4vscZnGcZGsuQtyphI7HoAEtNAuA1j
8198hRRlM+0YF4MnKovOS8UkvIzHqRwSDC7OCXuJSbeOhAPNm0KqCqfenGzBHNcC
6Xn4EtUGyX56d2DH+kaJsQbED+Tfbf3pyW7xTSs/Gb5ON9zv903mKXEh9ZvmTgc6
hJK5vsUJn8k95lVdNV6DgqOB6fuzaevXaezfhV+O3MQ7UaDCu9ftLuqhul8hRXaS
HhRFgPICMegu6DBseIb+jBJPQLf6YsiYqNI4MeaTCEp8vNNjWXySDfIblIOIos/S
zWJesTA5FPoeNh7zeCTO
=AQch
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cade96c6-ea13-02c7-3fed-94d80b39f839%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Opening links in your preferred AppVM

[IX4 Svs]

On Thu, Jun 23, 2016 at 2:51 AM,  wrote:

> On Wednesday, June 22, 2016 at 2:38:22 PM UTC-4, Micah Lee wrote:
> > I published a quick blog post explaining how I do this:
> >
> >
> https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
>
> cool! thanks!
>

Nice and simple. Thanks for sharing.

Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTekQ-VZMZ-CfSSyjRYjgvyeWJjkYV0ZG7kUbj2vHKkMbQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 Rc1 feedback

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-22 01:32, Alex wrote:
> Hello everybody, here's some feedback from the migration of a
> working 3.1 to 3.2 rc1.

Thanks for the feedback!

> First, hardware and situation: assembled pc with asus Z97
> motherboard, 32GB ram, integrated video, intel i5 processor, 500GB
> hard disk. Three monitors, each with different cable (one VGA, one
> DVI, one HDMI) all connected to the onboard internal video adapter.
> Two monitors 1280x1024, one 768x1440 (it's a rotated 16:9).
> 
> Had a working Qubes 3.1 installation, and the only problem was that
> it could NOT be used with UEFI (even if the motherboard supports
> it, and the Qubes installer does boot and starts in EFI mode),
> because during an EFI setup the computer completely freezes at the
> "Installing bootloader" step. Text mode log says that it hangs at
> the second stage installation, last message is something like
> "Installing stage2 on target device /dev/sda2" (which should be the
> EFI partition).

I think this is to be expected. R3.1 does not support EFI.

> I'd like to have anti-evil-maid out of curiosity.
> 
> Done a full backup (I do backup templates too; did that error of
> not backing them up once - never again), downloaded Qubes 3.2 just
> to see if the EFI bootloader installation worked, and - it did not.
> I start to think it is a problem with my hardware that will never
> be fixed upstream. I don't know if an existing installation can be
> "converted" to EFI, and found very little online :(
> 

Bummer. :(

> Anyway, installed Qubes 3.2 non-efi, XFCE is my desktop
> environment, at the beginning there are some glitches with icons
> missing - turns out XFCE has to "index" or "preload" them, because
> they start appearing after a few minutes. In the meantime, I
> removed the RPM templates (that were installed even if unselected
> during setup!),

Noted, thank you:

https://github.com/QubesOS/qubes-issues/issues/2105

> reinstalled kernel-qubes-vm that was automatically uninstalled
> when removing the last template RPM but I think it's needed, and
> restored the backup.
> 
> The full restore brought back everything - dom0 settings, xrandr 
> settings, and the dependencies between VMs (who is the netvm of
> who). The only problem here was that firewallVM was not marked
> anymore as having ntpd enabled, and the clock could not sync.
> Enabled that, restarted firewallVM, clock could sync again.
> 

Also noted, thanks:

https://github.com/QubesOS/qubes-issues/issues/2106

> TL;DR: everything seems to work - audio, video, network, storage,
> except for EFI whose bootloader continues to be unable to be
> installed on my pc. Deselecting debian/whonix templates during
> setup has no effect (they are installed anyway). Removing all RPM
> templates removes an unrelated package that I think should be kept
> (kernel-qubes-vm).

Tracking:

https://github.com/QubesOS/qubes-issues/issues/2107

> Data restore works perfectly, apart from the ntpd service in
> firewallvm (may or may not have been enabled in the original, I
> think so, can't I check anymore?).
> 
> Wrapping up, works for me. Thank you all for your good work!
> 

Thanks for the detailed report!

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa5IEAAoJENtN07w5UDAwhUkP/3MHj1KshLfUFL2/nnQUGGhE
WeVlSEwgo1yb638hAGIg3UfRg76jDeS0WasQQhXmrGbqXyPfL7z5bRnLGWdLPUna
M9aXIaZXb5Bah6Q1fQk6fXy02AUV/1MGJyWGajXSI4+5NvFOgO83iVuxOyVcU8TD
245zHaFyfKEOmmk37JfqWF7j7yY2bLDhvB+NlrebfhKQZVikcskP2FdL1A452fUS
QMJ97+AF6IKv0n/XVqphpiEv8jEU792Gfq2wRLnS2YwlTiSkFNQ76jFn6Ilc3g8B
Zffsdpes6h7KXoYX6dskghFEeM6V2mJF5opeDM2/pK5J9O7ZB38uwP/9VXVWjcFs
ZDQufpcgwnQZlyvHRcSfzD1HbPOKG0aXo6IO/FjS/6KGsGQy2TI2ungYnK0fvjFr
dX8Yk/TpW3qxViUbAqfFMysXi5rEVdhGdQp2ws9fM8MibNTstMCJF4LInMYz7GBj
0i/PqWjqacdySG2x9ZTaC1pLuE9QaPlmssxdKQ2q4MVRCEwSBT2iHjPZWA30MHyr
1b0luI3rtDsjDjVFHMptacIWQHVuaQZTC9DuJZpAYHM277kT19AOmLWXjpYPDRZV
foi9M9CofuvqUPZZIhLsCG8NAZz6bCjc3yhY2HbHZnCR7jXTiGeqPXUtPaS2wd07
eO2FhOkCAvmn05R/8aPK
=bPfA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62ed72fd-c7c1-fa5a-50bf-7487d1912ae1%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Virtualising Qubes

[mmiheli1]

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-06-22 19:03, Drew White wrote:
> > Hi folks,
> > 
> > I'm trying to run a virtualised version of Qubes under VMWare
> > Player 7, but it's not booting past the initial screens.
> > 
> > I get the bootloader, select to install (I have tried other options
> > too), then it says it has X number of cpus, then other bits.

Good morning Drew,

How about if you try to install the Qubes on the bare metal? I recently managed 
to install the Qubes R3.1 on an external disk by swaping my primary disk and 
installing the Qubes on it. Then I put my primary disk back in and used this 
now external disk as a raw disk in VMWare 12.

Try it with the following:

a) Use a release version v R3.1 - without any upgrades to the dom0 kernel or 
VMM in dom0. I am stressing this because even if you get it working you might 
loose the ability to boot if you upgrade the dom0 latter on.

b) Try using the with the VMWare Player 12 (or 11) with the nested 
visualization enabled (virtualize Intel VT-x... checkbox in the CPU settings).

c) Try using the UEFI enabled install.
 
d) Add to the boot parameters of the installer and to the actually Qubes boot 
parameters the following parameter "efi=attr=uc". [This is UEFI specific.]

In this way I was able to get it working a couple of months ago. I wish I could 
tell you that I am certain that this will work for you.

Oh, yes, If you will be using UEFI than don't forget to put something before 
the parameter on command line. The first one is being ignored. Try with (spaces 
intentional) " -- efi=att=uc".

> > 
> > When it does manage to get into text mode, it doesn't install. It's
> > the same or similar issue I've had before with installing in text 
> > mode. It only works some of the time, the rest of the time it
> > freezes during install.
> > 
> > Yes, the initial issue was with version 3.0, and this is with 3.1,
> > and I'm assuming that 3.2 will not be much better, but I will try
> > it out.
> > 
> > Or is there something else that I need to set in the startup
> > options to enable it to install properly?
> > 
> > Is there a way to NOT install any other templates other than Fedora
> > in TEXT MODE? I noticed that in all the past versions, in TEXT
> > MODE, the installer only allows you to select the interface, not
> > the templates.
> > 
> > Hope yous can help.
> > 
> > Sincerely, Drew.
> > 
> 
> Please note that installing Qubes inside a virtual machine is not
> supported:
> 
> https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-in-a-
> virtual-machine-eg-on-vmware
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXa4YRAAoJENtN07w5UDAwrOgQAMzXkSmeLb7N0sip/mHzvDEc
> xgwCOZsuFVGIkows5aunsQRE29h+LnULteENhuZwxnyYzRu9jY6CrM4Ug2wlq0p4
> wlw7vAhqlWBd79/IcTjc5U+OVco8VfhOA/40iD8cKgdpTOTtiIDU6G9gcbk/V0Im
> Z8YDyOyRiDvc7h1wUfRllTGfYKiRhhTnd35Xm5hnSggFFRPG9ePTGql/deeTdU5p
> c+FKRWNKb1ld6ij1/2TAQvcqjS0yEqnq++PbW5XkzF+aB2Heq1NX7IsXGA/cSiq3
> 1DRitiHcbCiBiA8wCpfGpQNQAg7P6HQ+9EQNOHZhhUi4qEhGR9ryXeQkAR2xcd9Q
> wO/ax5Gd/vaCMi46936y3JRalUiJnYyUflysji+rXgyH6Jr5gKbAZDUvKVrMxHhu
> u6ciDxoKznc4/vGm099/LPWKpv75pip2gQ9jt0CtMIoYqQfp52ttSFo7LBWqWdFk
> Qq/Fy/rRJIV1n+Mt9DCA/B8p67Af0XqrX6lPsRzzWvhnKlktU819zTNhm8wrwn1+
> yH+l4FeSYJbuVOPLMyzpu+O1Xwv5v3M8Qb+LisiXTl2tp9Yn5lTf0aBqFYpZRnRg
> FDLeaLPmyFev9sTvV6YcO2NFnowOEoQNaGOg5hGwhScIvJnlgxKkokYqVg+S9cJH
> N6H5DI46ZOe85ZT5hANc
> =fpr/
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31da14ad-e0c6-421f-8a34-50f351ed8281%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-23 00:08, Ben Wika wrote:
> I do like the idea of being able to instantly rename (or clone) a 
> freshly downloaded vm so as to encourage the supposedly good 
> practice of never modifying or working with the raw template. In 
> fact I'd rather the raw templates themselves didn't even show up
> in the vm manager so you could always count on cloning them again 
> without having to re-download. On 23 Jun 2016 5:03 PM, "Andrew 
> David Wong"  wrote:
> 

That might not work as a default option, since some users may be short
on disk space or may (for one reason or another) want to modify the
RPM templates, but it wouldn't hurt to have the option to hide them.
(More generally, there could be an option to hide any arbitrary,
user-selected VMs.)

Added as a comment here:

https://github.com/QubesOS/qubes-issues/issues/1870#issuecomment-
227969153


P.S. - Please keep the list CCed, and avoid top posting.

> On 2016-06-22 18:17, Chris Laprise wrote:
 
 
 On 06/22/2016 08:45 PM, Ward... James Ward wrote:
> I have even bypassed the firewall. I've got the VPN ProxyVM
> pointing directly at NetVM.
> 
 
 That doesn't bypass the firewall exactly. The vpn vm is also 
 a firewall, and it accepts the firewall settings of other
 vms that are pointing to it. So you would have to 'allow
 full access' from the template's firewall settings.
 
 Chris
 
> 
> Yes, Chris is right. Make sure your VPN ProxyVM is set as your 
> TemplateVM's NetVM, then try using the "allow full access for N 
> minutes" option.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa4y2AAoJENtN07w5UDAwqCQP/3hot+uhUoiKGeneoo7+NLpY
Ba/Xau+rLx1xXJRG5520zzXL72Nw8sQ1zZ1cQ0HwR9CEvEmpOIYjrnS+GLsPOnds
6NllgHuNzGS8o0cDHZVFfXPxEZkFRIo1cZdnKla6ujpZu1eTBgAgDWC5NEZeHx/O
XSz6+6Q94YGUJIlKBflS+6Yaxt9vKiP9Qzr8KZcxGyP3TN+6rxcZE132k4/pOZ2p
7XurKmpSLqCSC4gX9oUi5tVCY7D5tXuMZP2IdAewzDajKY+mbff6AkdW3mnqA5vN
9NCt086QA6x4iCZFjJYhfK4FCPpOP+XevS1qMlDgAWFXtRRXP8SpwXHC0dApfC4c
+xcSMW09S+0M23JC37wGhGzOtY1q5GYzfMJ3vpSJFkoLd+JPb4hNV9bJE9Oad+Rx
0kEuplHDpYKAUVKy6FklVURXf9qqyqz33mEheZkYJZuEGFjTdkT67nqZw8SlGK29
d30T/yTUqT7ILhrCvHvOKC/ezZM23XU4N94VNdSLViysuZLXa7FKTaVmkwG60Ztx
nGu+Dlz7ePNzLVqLIdNfnWPoHFR15t+6IjXz8UZ3572BFhsn1/4wQoyUzqG5aEai
CDT304HDdtBta3601bqAxmVbvxY/e6WeZ2Rf3EbkztO+wcdwtk82ETXv+J/N5kl5
xQggYp3dZY+bReCmXvSQ
=5Ni8
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5371bd8-391a-e062-9a0f-02e4b7a22330%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-22 18:17, Chris Laprise wrote:
> 
> 
> On 06/22/2016 08:45 PM, Ward... James Ward wrote:
>> I have even bypassed the firewall. I've got the VPN ProxyVM
>> pointing directly at NetVM.
>> 
> 
> That doesn't bypass the firewall exactly. The vpn vm is also a
> firewall, and it accepts the firewall settings of other vms that
> are pointing to it. So you would have to 'allow full access' from
> the template's firewall settings.
> 
> Chris
> 

Yes, Chris is right. Make sure your VPN ProxyVM is set as your
TemplateVM's NetVM, then try using the "allow full access for N
minutes" option.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa4m6AAoJENtN07w5UDAwMaIP/2CFulCr86nj9QPOeMBSeMlc
p075EnYJO14WNLWCy2yz3gk5XoAwpyVpSnENmauF3LBZspk5ytm2cChTQGWQApSt
vALACA+RVyxUC29f3ifucahvKOnCHllEdJVqVEPuPyTUzdNLUeyV/TgJG5UglDrw
zwej85Q6dxe39KKguNhUmRh+uVqIlSgl4N1Fr3Q2xnRNKrUCjjykOHliRRgAkNrW
vPiGyJjHgh3uOQE+29Id0xceLJ5jIvVYAIrAE+IBx0eQK82OGjAhRQeEuP+irPMY
ie2AM7XRdvNM7aMNAbCmZG744xbBHrpTpf7ic2KwxJwVW4D3miSaf2p6sgKNCPAm
G1yofnpWXhtgx0kmiZ2ASlS5NHCpUh3y5LQHvy302FwlokJRgTwBm4bKBNmmSEUB
CHguBr/YAhKD6vqMWTYuMcUDZcXIAjkpa+vnbOaXE+3FMP78c7yeha/jrfijUzw4
DBVOPQP9vGfdwVqtdIEFxZx0hXtPk2H76JgWX5tchcoIk3EbwEVMrs8sP7ze5Yg1
t4B3ZoxC3BlJ4RsEmR9yznFHkSGWIdb1VjpzFRLv6/1BPjM+wd5CvC1KYUE8u3DW
bgS9uS+t7DLQ4bJ9VHdpxX7kwVmAbfa32C1RNaVH0TjTjUa3VQFIpAbOsYV/foKd
kW9sCqlvbK2nJ2/kWo7r
=6FUO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/161a0685-094e-3be3-a1cf-50f97e15fe0f%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R3.2 VM Recovery not possible?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-22 07:35, amad...@riseup.net wrote:
> I backed up my VM's in R3.1 --> dom0 --> secondary hard drive
> [internal HDD] then attempted to recover them using R3.2. However
> its not possible as the drive does not show in the Qubes restore
> window. In dom0 terminal id did qvm-block list and the drive and
> its backup partition is shown. Can anyone help recover my backups?
> 

If I understand your description correctly, you should not be trying
to select the drive in the restore window. Instead, you should leave
dom0 selected as the "AppVM" (even though it's not really an AppVM),
then enter (or select) the path to the backup in dom0. (If there is no
path to the backup in dom0, then mount the drive first, then enter the
path to the mount point.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXa4kVAAoJENtN07w5UDAwZUYQAJnOR9rv+T9rFkzdAt9uBnxv
Ss3CoY4zZ3HNVfdlUMIXNJYX08PZxUzGkZ5WLNzsJTnbMrDzXGy18+SZRl2N8UvJ
vZFr2wANd7EmONTJ2RB9cdNkyolSjbxr720k89h8wYNBDiH7EFfYw41ekqZ4Udpe
HfWAvNptWDvRaw3Rsvzk+WQCGU1OUV3NrstztCruPJ6l1jiRhds6cFSb6iI2/lsx
7+T0+MmvKfcbRc6u0zn9g5GHo3HP/7cQzaKBgKBe6d80LG8IU9Jx74XRKuNvbIGy
qdcLWVAqNXQc3mRPfisL2gAAhSDdhCnmRG7QNwUG247N6u93ZTYFisoSPKXaPlmx
WoU9ys6HxhSgKkQy03Q6wgEciOsXg05iJRWFm9lsTWbZRngl6j7Mjg+TcacZOqBQ
yfOnxCRliTZ7628Xac10Q7o/Ao7nlt1F98cock7jiQ+KGizgUWjXB5n7/5/TSYTJ
DQUa9EyovfViL3Cnr9PV2jzI9A55Dnf/m4Yy22MrIOXVoUmvgEhJTypEHYfMtrNx
hcXIKKj8FrMOjuvKfX8LhKr/S54KVGoNvczSGhUDBJwFRx5PNy0fNnH60zayNYz0
SxLRazBguhw7P6pQxvM2J76xe6BNygxAu1zxdtUdJ7A+Phx36adGHrqppqtjMQHw
IvA3zHaHkHXYHLPxs6Fl
=Up8O
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/591fb4aa-294f-1500-c93c-65dfe1bca68d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.