date:20160701

X is broken.

The upgrade to new version of KDE has destroyed all functionality.
X crashes every 2 seconds.
Kill it, and it just shows login screen, and it's run as ROOT instead of as 
the user.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d56964d6-ba14-46b1-aa52-753c1fa04470%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: issues in 3.2

KDE crashes EVERY TIME I change the RAM of a guest.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38eeaa4f-6c25-4645-8a17-d59ab4c1010e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: issues in 3.2


>
> 4. No terminal access, have to go to next window
>

Well, at least I have a workaround for this. But it still needs a menu 
system. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe128dfa-080e-4ce7-bfd4-6d98677304bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: issues in 3.2

At least I can run things using the alternate consoles in the GUI.
Even though it's a waste of time when you use 5 monitors, it's at least 
working I guess

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26e3bdb0-ed7e-4bd3-a8a2-30bba908c378%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] issues in 3.2


1. During initial configuration, if you don't create the NetVMs because you 
want to set everything yourself, it has error running a command because no 
matter what, it will try to run the command on the sys-net and sys-firewall.
2. No desktop
3. No taskpar/panels
4. No terminal access, have to go to next window
5. Can't even "Run command in VM" on dom0
6. Has window borders and titles that are too wasteful.
7. Can't change fonts via interface, can't alter appearance to be 
functional.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c7e44c6-ff3e-4b2a-97c4-1b49c11c9677%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes OS Installation Fail

2016-07-01 Thread 'Danny Davenport' via qubes-users

 Everything installs fine except when I get to the end of the installation 
process that includes creating VMs. I get an error message that says

 Setting up network failure!
 ['/usr/sbin/service', 'qubes-netvm', 'start'] failed Redirecting to
 /bin/systemctl start qubes-netvm.servicefor qubes-netvm.service failed. See 
'systemctlstatus qubes-netvm.service' and 'journalctl -xn' fordetails
 
 this error message happens on both version 3.0 and 3.1
 I really want to use this OS and would appreciate any solutions to the issue.  
  Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2078984201.2333866.1467425712841.JavaMail.yahoo%40mail.yahoo.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can you update the tutorial for installing nvidia drivers on dom0 ?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-01 11:13, Orlessan wrote:
> I wanted to be a qubes user few month ago but I couldn't because I
> have a nvidia graphic card and I couldn't have a dual screen setup.
> I wanted to install the drivers but I didn't work.
> 
> Could you update the tutorial page for the nvidia driver
> installation https://www.qubes-os.org/doc/install-nvidia-driver/
> for the 3.2 (just so people can copy paste the commands in a fresh
> install) and maybe make it resilient over time ?
> 
> Thanks
> 

As usual, we'd love for a member of the Qubes community to do this.
Any volunteers?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdyJOAAoJENtN07w5UDAwxF0P/0B3AYO9B6ngVCc0hVapDvmh
tAwCwtGngZ0f8buL8oTMku67khTKnYa25VPOrHfoxICyyIk6YLjEcpa7b8CqWsuB
q/AGiqtPmuZm47U0tpmKRNSQryEKDp4T+7V5vA7Z4SjJtRIr/nHNcI19uiZ3+Gbc
8Y5NZNLprJ6L+VlbaUBGi0vQy/m9JNa6TGGq/jLCbhRocrwy7V0y5xi8v2hZnwRX
5j7/yFAuxAdW55Fm6p/ppFGMEktmcsCvjP5uw8ohcxZ/L14zxvWJEcoxqZ/Eh4kE
KbaFhKFQau4NadtZDenkVaqxwcLlxAXE1VgX5hJTKB/8NuUWRrrRnV+BG8Qfx8Kf
V9THEj91R50BygTu6qcgthbCyOTZ7qxV+hrk7SWoVw9SYuteKmh4UIkEsNO7eKsO
h4oFMAtn6px4Xnam2gbdkUypsqCVLURiEEqb5dkVDQvVlALP3h8a3fUqqeXGVdrR
TDDI4PXBr01dL7zChNnu1x/jvzpE9A12E2LoUPTV3//KQZCw+Pny4hjVqYsvyQ8Y
Q8wRaUxv95cGkRmU5RYdeyEVkKD3oQeIkbwJjfx8clFQdC5coxARmWqMefDHpkvL
rBlnJ6xkTPZdlbksaduTrenhUD3Qb+8wudtq9GyY04YgevEEIGRpfxu1WKUQjtPD
iEWS9K6eZubGBhTovDna
=rpVF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8d501f5-e99a-3d05-7705-ae5079ae37f1%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-01 11:04, Grzesiek Chodzicki wrote:
> @Andrew
> 
> A user has a network share on the internal network. This share
> does not require the user to provide any extra credentials to
> access it (for the same reason Qubes uses passwordless sudo). The
> user creates a separate AppVM in order to access the share and, in
> Qubes Firewall, allows the AppVM to connect to the share. However
> unless the user specifically forbids every other VM access to the
> share they can connect to it too (due to Qubes NAT all AppVMs use
> the same LAN IP and MAC address so the share cannot differentiate 
> between the AppVM that is supposed to access it and AppVMs that 
> aren't). Because every AppVM can connect to the share they can now 
> use it as a covert communications channel.
> 
> I tried to be as clear as I could with this one I hope You 
> understand what I'm trying to convey.
> 

Why not require a password to access the network share, then only
type/paste that password in the authorized AppVM? The reason for
passwordless sudo in Qubes is that it provides no extra security, but
it seems like requiring a password to access your network share would
provide some security in this situation (unless, of course, the
authentication mechanism can be trivially bypassed for some reason).

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdyIUAAoJENtN07w5UDAw2PYP/iWzPLc1qJGeJt4IEPeS/wGt
/B8H/BOh8Q/sxIycLMgVUx0rVRr3TgjgFMgMG0YH8NqyUTFaUrVACfrCNDRhEQmC
apma7ypOdFB5ztoKIgZhs0p65hktATOwF/2ivrupuVgQISKMDXa5hwegX2+jxTnh
rty6gpO1GDK1JAWiyTxI8tcV1xeeDEz6vA9LKJmDHWDXewxvQ5iOcbF7fyBhm3wb
dCvfVJkEg7CELfkpDyTNYIqjvSq0X7A+RuACP4wa+bZNx8tr5ipBrrPf9/gWjgsI
xHslUd6Vg4M0y5/AwvC4XMwA6RRb7Gk+3i/L27dm+NbrGMT5pG6Spx7ftrnCDyMr
3HQb46B8JDrrU+6OKxibvOotJ1Th/gYdnA4WAxZe/bDgji7rpJF8ANxsvM8d6zFA
JQtfn1VhukJYFhhIBqHy5eaKEvoyUrb7nnifgt1//5HeEd+m3IBeM+6Vc7l2VgJi
62ttY35Nc2q+XGTDSZPpCH5SbpXAl1UKZEwpu7c1GnmRBq9n2G4U3+fhNDXMBmSO
pGWaHrsziVBDlpfKq5xqUljRydSQvg9dHUcDFgIx+Q2EKe51m0D1q3+nlbylLOfu
Jge/7xDlF9OO+ioo7QjkmVrSbOS0BSRbk3i/+fF3OePnW5tE20/d6gqdOz2qNFdP
Y3gTKwSdNF1gbzPLAMZl
=2/gF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d67bd671-bade-fa51-49de-1a0138a16052%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes and sugarsync

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-01 08:01, Nicola Schwendener wrote:
> Hello all, I wish to move away from my windows pc to qubes os. in
> my configuration I still will use windows HVM because I need to run
> some software (and some office macro) in it. I've some questions
> about storages and cloud accounts. I've a crashplan account that I
> wish to continue using in linux. I saw that there is the crashplan
> linux version and I wish to know how to create a storagevm that
> shares via NFS to windows VM and some other VM the content 
> available in the storageVM (should be attached to some external
> disks and the NAS). then there is sugarsync. this software provides
> a synchronization between different PC I've on different locations.
> for this software there is a windows only version. what I wish is
> that this software should run (I guess via wine) in the storageVM
> in order to not duplicate data between VMs. is it feasable? could
> someone explain me how to create a storage VM and share data to
> other VMs? thank you very much best regards Nick
> 

Since you say you're new to Qubes, I hope you don't mind me asking:
Have you considered that it might not be optimal to attempt to
reproduce your current setup in Qubes? Many users (myself included)
have found that the functionality offered by Qubes is very different
from that of a conventional OS, so much of what we used to do on
conventional OSes no longer makes sense (or can be accomplished in
better ways).

For example, instead of sharing files via NFS directly between your
CrashPlan VM and your Windows VM (which is possible [1]), you could
consider storing your files in your Windows VM, where you use them,
then sending your Qubes backups [2] to your CrashPlan VM.

This is just one example. It may not apply to your specific situation,
but that's ok. It's mean to illustrate a more general point, which is
that you should be open to considering the new possibilities that
Qubes enables, rather than insisting on replicating old systems (that
were built on the assumption of a single, monolithic OS) in Qubes,
since doing so usually results in compromising the security by
compartmentalization Qubes provides.

[1]: https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4
[2]: https://www.qubes-os.org/doc/backup-restore/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdx/uAAoJENtN07w5UDAw5NkQAMePYiAGe6rvgmzuTd/qB1RJ
DYxZDMbLCvnf2lgbRBcjwRDtieS7r5+/YW4wg43GBoloI/rRh8tZ+DhexhQitX/H
E0uE1Zlh9V0jdRSfNmiddc32EQlHFTgAlXNev6yp9+ltAKBxxEWNaIzxbrjj+eWa
Ci6ADB+oYSR+u0twHGLjRk9/8sMCUQeoIUUQJ9gjJ9cAPwE8QeJOd/e3hJ3XOaRt
sK0bLDXlXkFLQZP9oKZwcg8U4/oVRInIQcBLZcBHqDsePLQGczFbMc78pv6f7BWE
I9EOL3bGJvX/IaIyI7km58QMrxVHld21fjfziqnOEvNpsEi9nF8/MqcQkqSgh7xv
nVcvfUMKWGf7EiY/yX4sNv3sOoUuEIPInvrVnzqrNZBDeMKiSYS7R/BNqeJne5GP
2VjD5Yd9KjfeXg5cId0pVliRieFZ2qBvL5jrPsl9ISB5Y7v7JaJilxmI42pDcdyr
IJQwM2opY8ZRZmQYWF7TfJyv1Q+/72Q1g56XpCW9v4eFUaOShDNH8/JS1EhgA//8
6e5qXeCt8A1ah+cYL2A3k+Hz+2AC/crAUSaVu0n4LAqX64SyX8Ud2YOdUoBe7GKp
lpcvroXyZTnxUZTE9HWYpLd7C5hN6FX/0EQsKamLuRp1tojrItJzs9NZPszKJ2VE
ufXw0znuJkhG6SVHM8sF
=R/Nn
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0f6b5fe-3b10-723c-6896-a954af1ea634%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Error starting VM: no such file or directory

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-01 08:01, katerim...@sigaint.org wrote:
> On 2016-06-30 09:42, katerim...@sigaint.org wrote:
 Hello After creating a proxy VM, I tried to start it but
 shows up this message: "Error starting VM:2 no such file or
 directory" What is the problem? Thank you
 
> 
> Can you check /var/lib/qubes/servicevms/ to see if the ProxyVM you 
> created has a directory there?
> 
> - From a dom0 terminal:
> 
> ls /var/lib/qubes/servicevms/
> 
>> 
>> 
> Maybe I have found the cause If I insert more than thirty ip
> addresses in the firewall tab and click 'ok', the error appears
> 

Ah, yes. This is a known issue, which is being tracked here:

https://github.com/QubesOS/qubes-issues/issues/1570


P.S. - Please keep the list CCed.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdxt7AAoJENtN07w5UDAwyJIP/1teNIDGuOXFyfVgGp3j7/sh
5kn/km2YUL/GMY8NgS4BFsqF1y+hhFF+resh3UWz6EuzT7tOKoP9+F00EkRWg38m
1mO1Ct4k/Q3olzXWFBYtYAY88LQPqR2BN9KkUsyOVYbOb8z2CKYBoXd+4Aj3wrgx
ExlpuWXFL0Yq8QROg7xDVO/M3E6qLGdhwxpFyLR8Boqzz4AemYIAUSSF76IHIGn5
A6rJq1h15Sqn0g7BIvF2q1rIrFMBJoAL9DV+W4ncU5zKKchpaeYnZpMKcrKwAVXv
mWrzXybdgL+R3mqr8hqxF9UqeI3EP8nZ3ixUtI2daqmpeKEQ9bYnBw/50/jYB6oY
IGRVZwnejJAIV9w0N4EcwhdayXiMmRweuDyITI2yu25liGaySlfAs9A31ESU12qW
OJsbfaeKUMPlk2RW7GrtOnW3t7AVcQHVtKfQ9mM8jJ9yJ2rdPxB4m2Vg/wqFe/hc
cmQGiNvLyxITZ0of4AfnNSo4YVjqWTtxDKQKYb7htoCI97l5XZ1ez0Llz65DvLZi
PYglpeLVz397yusboyM8QHAvmu+LyNNzRj/zTHYroHrlzK57Olo7SgnYLo8Guk35
SUDMFF40/POn6zuh1GoeTfYMO56i/fabyTufg4/QsPaC79GxJrkWN+4W32BnUVNN
ZhVqSCSBnDdWR2ESjTJy
=KMte
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1dcd419e-0e76-347b-9def-2ffadad4799b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Will KDE be deprecated? Migration for in-place upgrades?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 05:09:31PM -0700, Eva Star wrote:
> Sorry for my stupid question, but 
> ksnapshot tool is the part of KDE?

Yes.

> Will this tool be available at the system when KDE will be removed by 
> default?

Your guess is right - when KDE is not installed, there is also no
ksnapshot tool. But there are others, for example there is
xfce4-screenshooter, which support mostly the same features.

> I'm almost done the script that upload automatically screenshots from this 
> tool to imgurl hosting via appvm. And I need to know need to continue do it 
> and it  share for all... or we will be go from ksnapshot very soon?

If you have taken approach of hooking it up using desktop file with
appropriate MimeType, it should just work. Take a look here:
https://github.com/QubesOS/qubes-issues/issues/1324#issuecomment-155655636
https://github.com/QubesOS/qubes-issues/issues/953#issuecomment-219299573

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdws5AAoJENuP0xzK19cs3/kH/An6JTqlOymWxM/jWEqiqjYV
ELCQaEOZggmOfN3aoQNqhuwPrxp5qXh9/mPezsIp+PeJqIDnYnkgYTblURms2hse
6oDawjq3HY0VRGEq5QWIwGKtRDA9jJx2Wt7YwabuPWr/jb+sWDfUyRJWrayVZPOu
Rq1F3THimyfVtriJy8kljJ4o/yc+vAfSvLz0VQSfm20poAey2c+tsWYwVACpNDQ1
jeppcpTBTmYST2OeqsX/7uW42VYKsfLLe9CFuqdWTRiZ6E7rzNKxPJnqnRuYYsK4
YJiwdshffIt6XkztqZuCcpjKxFqSLVPum/jIEwimTzT8Lzp2nPG3jFqrCecfDz0=
=eikv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160702003050.GT1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Will KDE be deprecated? Migration for in-place upgrades?

2016-07-01 Thread Eva Star

Sorry for my stupid question, but 
ksnapshot tool is the part of KDE?

Will this tool be available at the system when KDE will be removed by 
default?
I'm almost done the script that upload automatically screenshots from this 
tool to imgurl hosting via appvm. And I need to know need to continue do it 
and it  share for all... or we will be go from ksnapshot very soon?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f80b908a-7d74-485d-afe8-00e098c5c205%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes R3.2 Failed to Load Kernel Modules

2016-07-01 Thread Eva Star

I can confirm. I have the same error while Qubes is loaded. And sudo 
systemctl status systemd-modules-load also write me about success.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62cf1024-fd19-4d35-bdfb-ae44fcd98de6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Unable to create arch template

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 03:00:47PM -0700, Jaakko Färm wrote:
> Hi, 
> 
> I'm following the instructions given here 
> . Everything seems to be 
> going great until I get to the last part of make qubes-vm, make 
> gui-agent-linux-vm. Then I get the this:
> 
> error: target not found: pulseaudio<9.0
> > warning: skipping target: xorg-server
> > ==> ERROR: 'pacman' failed to install missing dependencies.
> > /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120:
> >  
> > recipe for target 'dist-package' failed
> > make[2]: *** [dist-package] Error 1
> >
> 
>  It does also say "bsdtar: Failed to set default locale" (I'm using 
> fi_FI.utf8.) but I'm not sure if that's related to the problem. 
> 
> Qubes 3.1
> using fresh updated fedora-23 template

It will be solved by this pull request:
https://www.qubes-os.org/doc/upgrade-to-r3.2/

Submitted just 5 minutes before your mail :)

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdvmIAAoJENuP0xzK19cslFcH/3vn8sV3Q1qO5CdvYu2C/Lj9
2uJptX9uHRFfEd/4g7zuGuiU8dkm4MgcOhIewla4Rkag7FjIQv+1Y45O4BkFzMxB
ar1i/S7D7WO+fyiYIpCmgLdZGxoqD20eTDrDYQOTR8WkRAWQ8HFN8x+s819ha6IK
Pp1+UNuXMHY84Tw4JPiiS4bfIu6KBOA8wK/CKx0GAjDsxkelxXMazFEZYS0GcLZJ
/+GCJhzolh4tjsLat/x/jwbSYxUy/jKt87yw3h7h4VihTbDjqwS7upnl308S8G2w
wTEYBwYX1lSBGPSwQ67ytRCjpER/JRIVSUSgQL1zTXJ+jqcPUqHo3cMXQhl1VQA=
=GiTW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701231521.GS1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 3.2 rc1 has been released!

2016-07-01 Thread Qubed One

Marek Marczykowski-Górecki:
> On Tue, Jun 28, 2016 at 10:36:42AM -0700, raahe...@gmail.com wrote:
>> Will we be able to upgrade to 3.2 from dom0 update eventually?  Or if we 
>> choose not to reinstall is there security implications?
> 
> Yes. Experimental instruction already online:
> https://www.qubes-os.org/doc/upgrade-to-r3.2/
> 
> 


Thanks!

Upgrading from 3.1 to 3.2 worked perfectly for me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ea11550-6378-bf95-3ee9-0b9ab650f2bb%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-usb-proxy in 3.2?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Jun 28, 2016 at 09:36:13PM +0200, Niels Kobschätzki wrote:
> Hi,
> 
> I am trying to install qubes-usb-proxy in my Fedora-23-template in
> 3.2RC1 but dnf cannot find it. When I do a "dnf search qubes" I get
> listed several qubes-packages but nothing like qubes-usb-proxy.
> Do I need to enable an extra repo, is the problem once again the
> interface between chair and keyboard or is something else broken?

Is it about template shipped with 3.2rc1? Or some restored from 3.1?
In the later case, you need to upgrade it first to R3.2:
https://www.qubes-os.org/doc/upgrade-to-r3.2/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdug1AAoJENuP0xzK19csVocH/Rn7EzEQQPxf14B/vckHgC1T
JV71OGQbEIVoi7mIDTjbC23K6HFb+VMsvvDPjj0L2gEXo3XV73sYCdo7e70MP/dr
q7Nd+PfzngAsqKF/r2ZnkcqPtZcJFdiqAwOsOaPklJaDi1QQmqqlL3zvmgahRim1
tPbyHVkVQTkxEWP1dNaCRsnbTkYvonl4xS4cRY0s8eNeh9gqBJvUQOe7NblXoe2D
uEfjFrLENyoIfM/LU8pPqK+iiY0RzwrA472ulh7fJxhMNHHrgLm8B55J2gM4PpK6
lBLA6Zuz7QzcUPTRXWovfrE9N9nM0d+xKAhqAiKURa5yPb+QVRQuikRWlO4=
=inK4
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701220127.GR1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to create arch template

2016-07-01 Thread Jaakko Färm

Hi, 

I'm following the instructions given here 
. Everything seems to be 
going great until I get to the last part of make qubes-vm, make 
gui-agent-linux-vm. Then I get the this:

error: target not found: pulseaudio<9.0
> warning: skipping target: xorg-server
> ==> ERROR: 'pacman' failed to install missing dependencies.
> /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: 
> recipe for target 'dist-package' failed
> make[2]: *** [dist-package] Error 1
>

 It does also say "bsdtar: Failed to set default locale" (I'm using 
fi_FI.utf8.) but I'm not sure if that's related to the problem. 

Qubes 3.1
using fresh updated fedora-23 template

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a33cdfe-5088-408f-af71-620416f3d787%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--> Archlinux dist-build-dep (makefile)
-> Archlinux update-local-repo.sh
ls: cannot access '*.sig': No such file or directory
==> Extracting database to a temporary location...
bsdtar: Failed to set default locale
==> Extracting database to a temporary location...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/pacman-5.0.1-4-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'pacman-5.0.1-4' already existed
  -> Computing checksums...
  -> Removing existing entry 'pacman-5.0.1-4'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/pacman-mirrorlist-20160614-1-any.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'pacman-mirrorlist-20160614-1' already existed
  -> Computing checksums...
  -> Removing existing entry 'pacman-mirrorlist-20160614-1'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-db-vm-3.1.3-3-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-db-vm-3.1.3-3' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-db-vm-3.1.3-3'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-libvchan-xen-3.1.0-2-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-libvchan-xen-3.1.0-2' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-libvchan-xen-3.1.0-2'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-vm-core-3.1.17-6-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-vm-core-3.1.17-6' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-vm-core-3.1.17-6'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-vm-gui-common-3.0.3-1-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-vm-gui-common-3.0.3-1' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-vm-gui-common-3.0.3-1'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-vm-kernel-support-3.1.9-5-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-vm-kernel-support-3.1.9-5' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-vm-kernel-support-3.1.9-5'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-vm-utils-3.1.9-5-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-vm-utils-3.1.9-5' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-vm-utils-3.1.9-5'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/qubes-vm-xen-4.6.1-17-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'qubes-vm-xen-4.6.1-17' already existed
  -> Computing checksums...
  -> Removing existing entry 'qubes-vm-xen-4.6.1-17'...
  -> Creating 'desc' db entry...
  -> Creating 'files' db entry...
bsdtar: Failed to set default locale
==> Adding package 'pkgs/sudo-1.8.16-1-x86_64.pkg.tar.xz'
bsdtar: Failed to set default locale
==> WARNING: An entry for 'sudo-1.8.16-1' already existed
  -> Computing checksums...
  -> Removing existin

Re: [qubes-users] qubes-usb-proxy in 3.2?

2016-07-01 Thread Qubed One

Niels Kobschätzki:
> Hi,
> 
> I am trying to install qubes-usb-proxy in my Fedora-23-template in
> 3.2RC1 but dnf cannot find it. When I do a "dnf search qubes" I get
> listed several qubes-packages but nothing like qubes-usb-proxy.
> Do I need to enable an extra repo, is the problem once again the
> interface between chair and keyboard or is something else broken?
> 
> Niels
> 


The package you're looking for is called qubes-input-proxy-sender.

You can see if it's already installed in the template with:

$ rpm -qi qubes-input-proxy-sender

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8ab2af9-20f8-a902-b600-582685f06ebd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] manual update dom0 to newest 4.5 kernel

2016-07-01 Thread R F

On Tue, Jun 28, 2016 at 5:07 PM, R F  wrote:

> Holger,
>
> Great to hear you managed to upgrade the kernel !! This means I might not
> need to buy an other laptop after all.
>
> I looked back at what you posted but it's a bit confusing. I'm probably
> not the only one.
>
> Would it be possible for you to make a clear overview of all the steps to
> take (commandos in dom0 terminal) to be able to upgrade the kernel?
>
> This would be of help to alot of people, at least to me.
>
> Hope you can help out.
> Much appreciated!
>
> Cheers,
> R
>
>
>
>
> On Wednesday, 27 April 2016, Marek Marczykowski-Górecki <
> marma...@invisiblethingslab.com> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> On Tue, Apr 26, 2016 at 10:54:19PM +, Holger Levsen wrote:
>> > On Wed, Apr 27, 2016 at 12:39:08AM +0200, Marek Marczykowski-Górecki
>> wrote:
>> > > Reading through /etc/grub.d/20_linux_xen, it requires also
>> > > /boot/config-$kernelversion file.
>> >
>> > whoohoo, that worked, grub picked it up and when I boot it… it reboots
>> > directly after grub loading xen and the 4.5 kernel… with no
>> > output/failure whatsoever :/
>>
>> Try removing "quiet" option from kernel cmdline.
>>
>> > at least the fallback to xen with 4.1 kernel works nicely…
>> >
>> > the initramfs for 4.5 is a bit smaller (16755547 vs 17384503), there are
>> > 3778 files in /lib/modules/4.1* and 3589 in /lib/modules/4.5*
>>
>> Interesting, but probably doesn't matter. I guess in 4.5 more things are
>> selected as built-in.
>>
>> - --
>> Best Regards,
>> Marek Marczykowski-Górecki
>> Invisible Things Lab
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iQEcBAEBCAAGBQJXH/QTAAoJENuP0xzK19cshOIH/RUGJ0WgUuV/8uOcLLn18uOF
>> ulC1L+VKBThMtjdAqU/GVT8Qy6YSaS91Y5GGzp5/9Iw7nNSi+6fZxQZ1pT9wHjQE
>> 8rYiWfwjnNBEiUaVDpEEMivmCy9q1AiFRwMGGH3xgxIzfKnEU+zt5SEcoplu8bEo
>> lLg3VbfcFQphGOI3O7gA3KHeUdwsCNCQit1DV/4ZekPot4K/YphoQmSGNKSrtp18
>> AZNzfKLv2YFp4dApD6jIGLBktOcqPz+DwGDP458nDFiTFvsaSq+Fo8HOXumwVjyK
>> E+E+rpwwvPoX36BdEg8PhBEc0H4gYOqKGmD312/VvFdfEqBn0+z9HMj397s+7r0=
>> =h8p7
>> -END PGP SIGNATURE-
>>
>
Sorry I mis-read Holgers last email after "whoohoo, that worked, grub
picked it up and when I boot it…"
So there was no output, it didn't work. Bummer.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGqf3ZEXZdXT%3D76iruLZEUdyqQ%2B8Bg5j5oCqHC2Babs3Gg5xZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 Failed to Load Kernel Modules

On Fri, Jul 01, 2016 at 07:50:51PM +, amad...@riseup.net wrote:
> On 2016-07-01 18:26, Marek Marczykowski-Górecki wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Fri, Jul 01, 2016 at 08:13:32AM +, am wrote:
> > > During the boot process I get messages Failed to Load Kernel
> > > Modules.Is
> > > this sometyhing I should be concerned about? It does not appear to
> > > have
> > > affected the operation of Qubes in any way.
> > 
> > Did you upgraded the system, of did fresh install? I don't see such
> > error on my system... Can you provide more details, especially which
> > module failed to load:
> > 
> > sudo systemctl status systemd-modules-load
> > 
> > Anyway, probably harmless.
>
> I did fresh install and restored some templatevms and appvms from R3.1.
> 
> sudo systemctl status systemd-modules-load
> ● systemd-modules-load.service - Load Kernel Modules
>Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service;
> static; vendor preset: disabled)
>Active: active (exited) since Fri 2016-07-01 17:07:05 BST; 2h 22min ago
>  Docs: man:systemd-modules-load.service(8)
>man:modules-load.d(5)
>   Process: 801 ExecStart=/usr/lib/systemd/systemd-modules-load
> (code=exited, status=0/SUCCESS)
>  Main PID: 801 (code=exited, status=0/SUCCESS)

Looks like a success...

Maybe this is about some other service? Does systemctl list anything
failed?

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701203109.GP1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] Qubes R3.2 Failed to Load Kernel Modules

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 08:13:32AM +, am wrote:
> During the boot process I get messages Failed to Load Kernel Modules.Is
> this sometyhing I should be concerned about? It does not appear to have
> affected the operation of Qubes in any way.

Did you upgraded the system, of did fresh install? I don't see such
error on my system... Can you provide more details, especially which
module failed to load:

sudo systemctl status systemd-modules-load

Anyway, probably harmless.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdrXyAAoJENuP0xzK19csNB8H/R2tzN+1SL5mylazbCeZstRg
UcyJakG8PMm/MKyImETJXQNoBmJCfq1Fd0kEMC7KXPwRlHZJYIIwTi5avcTLnG5s
AvUMxziL0Nh9BORBzeH8CJ9IQUymzVtFN2+WhgmieYxwwGCsvPeulOqcVpwy891i
k0OEg6pKvqWBiu5FtFHvTb51a/e1XHBre8RBINf0jbnPFlvJQTWMYo4eioz6Ws89
MIEnssoGWLHXDIYk7QT3FHP1HKdeUJ+o2IhlF7PM5MYRKPNp/mRM3rBMO2dTj1tp
2yM4poiI6LJiIe2ZlYSVQgsKyP5PnXp/PdzWqoWGDJMMHRjaxrACfBysxBLEWrs=
=Oz8Q
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701182659.GO1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dispvms + whonix template = broken in xfce

2016-07-01 Thread J.M. Porup

On Fri, Jul 01, 2016 at 08:17:25PM +0200, Marek Marczykowski-Górecki wrote:
> On Fri, Jul 01, 2016 at 02:19:01PM -0400, J.M. Porup wrote:
> > So I've been using dispvms based on the whonix-ws template in order to
> > get disposable torbrowser working.
> > 
> > This works great in KDE, but when I switched over to xfce, dispvms
> > refuse to start. The usual workaround is to rebuild the dispvm template,
> > but that didn't work for me in xfce...so I've had to return to KDE for
> > now.
> > 
> > Don't know why the desktop environment should make any difference, can
> > anyone confirm this behavior?
> 
> Indeed really strange. What do you mean by "refuse to start"?

I go the KDE menu, select DisposableVM --> Firefox, the notification
pops up saying "starting dispvm"...but then nothing happens.

I find this happens once every dozen or so times I launch a dispvm. This
has been consistent for more than a year. A quick Ctrl-R in dom0 to find
the rebuild command solves the problem for me.

> > Also, related question--is there a way to modify the dispvm script to
> > make torbrowser the default dispvm action, instead of firefox?
> 
> Take a look here:
> https://www.qubes-os.org/doc/dispvm/#tocAnchor-1-1-5
> 
> You can then adjust that menu entry (or create new one).

thanks!

jmp

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701182744.GN1126%40fedora-21-dvm.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes R3.2 Failed to Load Kernel Modules

2016-07-01 Thread am

During the boot process I get messages Failed to Load Kernel Modules.Is
this sometyhing I should be concerned about? It does not appear to have
affected the operation of Qubes in any way.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nl58ne%241th%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dispvms + whonix template = broken in xfce

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 02:19:01PM -0400, J.M. Porup wrote:
> So I've been using dispvms based on the whonix-ws template in order to
> get disposable torbrowser working.
> 
> This works great in KDE, but when I switched over to xfce, dispvms
> refuse to start. The usual workaround is to rebuild the dispvm template,
> but that didn't work for me in xfce...so I've had to return to KDE for
> now.
> 
> Don't know why the desktop environment should make any difference, can
> anyone confirm this behavior?

Indeed really strange. What do you mean by "refuse to start"?

> Also, related question--is there a way to modify the dispvm script to
> make torbrowser the default dispvm action, instead of firefox?

Take a look here:
https://www.qubes-os.org/doc/dispvm/#tocAnchor-1-1-5

You can then adjust that menu entry (or create new one).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdrO0AAoJENuP0xzK19csW9cH/09qtfqgLmXl7pNtN3CfCSF4
QLhUgFI/ZKJiXiXhqOQXz+qn42uioK8ahaRsfZtBm9+FTSJbae3eg9PoSruRnMo5
kGlF7nLH1OtHJw+PX4MgNaEircxtBo/YTH+4PP3ey0NUmzunz2BMSHGjZ62HlCPA
5Z+TOc3HXkmyfio6vxdjnIwbGEjfMrQT6+8eY2+nWzQIgwI+t8yTUaiCUhmTNGFU
ravbQ6WhoaJIrkXqNWa7v/DgxjczuwRbyj4GZ5n1rhScsSD3BFE+uiJacAIqmPp3
w4ZfT160umqtdwzeQ602+f64IL4DQNsiJ3ljQWU720+R+KxD/vA2hUlxHF9SRzw=
=giAm
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701181725.GN1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing XFCE

2016-07-01 Thread Micah Lee

On 07/01/2016 11:10 AM, Marek Marczykowski-Górecki wrote:
> Try this:
> 
> qubes-dom0-update @xfce-desktop-qubes

Thank you! Works great.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/395580d6-a069-1f6e-ed32-543a0f2325e0%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing XFCE

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 02:14:57PM -0400, J.M. Porup wrote:
> On Fri, Jul 01, 2016 at 11:02:49AM -0700, Micah Lee wrote:
> > I've installed Qubes 3.2-rc1 with only KDE. How do I install XFCE now as
> > well? The docs [1] about this look super outdated. A couple things that
> > I tried but didn't work:
> > 
> > sudo qubes-dom0-update xfce4
> > sudo qubes-dom0-update @XFCE
> > sudo qubes-dom0-update @xfce-desktop-environment
> > 
> > [1] https://www.qubes-os.org/doc/xfce/
> 
> This worked for me a couple days ago:
> 
> sudo qubes-dom0-update @xfce-desktop-qubes

Thanks, waited for this confirmation :)
Doc page updated.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdrMgAAoJENuP0xzK19csHMcH/R8DXG031V7vYJuvsE8LcdFx
/KbeEbCDkxytBm0DH1OTXjhzWJ3HIzpBaNGdgE8TG8TNWKgaOPQxL+d/DgYuH4wX
IV/GtYmojRsDqIzqgdz/IUU5UHhP65+ng+UKGZWW228HoMHTl57UhiaxSTxIUNq3
slJkaRSi3F39C/3sRK3pzV/TFf70FJI/l1vhNPJiKqyprQ4HjLYkNiF9vnlTicfu
G1qe3IkkKisceNpXhnzL8aJJp352RfJnc5DZ7uxVLk3Rt2x8WN5l7bwbZKZcVUGC
jBXkA+w3SMKYOipE+ns/YUpbCZawF5w6lYcihudY5EhU7BtB5vOPK40aUJGCjVY=
=cNPg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701181458.GM1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] dispvms + whonix template = broken in xfce

2016-07-01 Thread J.M. Porup

So I've been using dispvms based on the whonix-ws template in order to
get disposable torbrowser working.

This works great in KDE, but when I switched over to xfce, dispvms
refuse to start. The usual workaround is to rebuild the dispvm template,
but that didn't work for me in xfce...so I've had to return to KDE for
now.

Don't know why the desktop environment should make any difference, can
anyone confirm this behavior?

Also, related question--is there a way to modify the dispvm script to
make torbrowser the default dispvm action, instead of firefox?

thanks
jmp


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701181900.GM1126%40fedora-21-dvm.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can you update the tutorial for installing nvidia drivers on dom0 ?

2016-07-01 Thread Orlessan

I wanted to be a qubes user few month ago but I couldn't because I have 
a nvidia graphic card and I couldn't have a dual screen setup. I wanted 
to install the drivers but I didn't work.


Could you update the tutorial page for the nvidia driver installation 
https://www.qubes-os.org/doc/install-nvidia-driver/ for the 3.2 (just so 
people can copy paste the commands in a fresh install) and maybe make it 
resilient over time ?


Thanks

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4efd3e8-c209-ed6d-6c28-e56bd17e3710%40zoho.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing XFCE

2016-07-01 Thread J.M. Porup

On Fri, Jul 01, 2016 at 11:02:49AM -0700, Micah Lee wrote:
> I've installed Qubes 3.2-rc1 with only KDE. How do I install XFCE now as
> well? The docs [1] about this look super outdated. A couple things that
> I tried but didn't work:
> 
> sudo qubes-dom0-update xfce4
> sudo qubes-dom0-update @XFCE
> sudo qubes-dom0-update @xfce-desktop-environment
> 
> [1] https://www.qubes-os.org/doc/xfce/

This worked for me a couple days ago:

sudo qubes-dom0-update @xfce-desktop-qubes

cheers
jmp

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701181456.GL1126%40fedora-21-dvm.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing XFCE

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 11:02:49AM -0700, Micah Lee wrote:
> I've installed Qubes 3.2-rc1 with only KDE. How do I install XFCE now as
> well? The docs [1] about this look super outdated. A couple things that
> I tried but didn't work:
> 
> sudo qubes-dom0-update xfce4
> sudo qubes-dom0-update @XFCE
> sudo qubes-dom0-update @xfce-desktop-environment
> 
> [1] https://www.qubes-os.org/doc/xfce/

Try this:

qubes-dom0-update @xfce-desktop-qubes

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdrIXAAoJENuP0xzK19csf38IAI6HsybH4WF2i6nnjmIv0gAX
fkbx5Yah7L69LGqQI9Bclu87YnAtFcpIAszLMUmMX/W+OEkCDT8fkfp55y3iQLyM
tbXDHW7HaXoseuJBvX3cHcbao6UxX6VjB0LEcTJLKgLGzVPTMT+JLDjzVdGj2Xqt
BO30dulJtcGtiYjHS8PwrwyGkirR0AWIpNNIonOdxJNWRjVcr2iko/Mo+BVQKPkM
vErKFd0Aelu5r8DoCPzEUyEHRRUNE6IMlZUVzRwCRMzsnAsRYC9SIhateGUL0UYC
uOtj029zUfqUWHVRrD3i44GzQBYnZ3U881dj66b/eRxf4yGlwg8X8HlCYrksxns=
=2iBA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701181032.GK1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once

2016-07-01 Thread Grzesiek Chodzicki

@Andrew

A user has a network share on the internal network. This share does not
require the user to provide any extra credentials to access it (for the
same reason Qubes uses passwordless sudo).
The user creates a separate AppVM in order to access the share and, in
Qubes Firewall, allows the AppVM to connect to the share.
However unless the user specifically forbids every other VM access to the
share they can connect to it too (due to Qubes NAT all AppVMs use the same
LAN IP and MAC address so the share cannot differentiate between the AppVM
that is supposed to access it and AppVMs that aren't).
Because every AppVM can connect to the share they can now use it as a
covert communications channel.

I tried to be as clear as I could with this one I hope You understand what
I'm trying to convey.

@Marek

Thanks for the tip! I did not know that. However I think it would be really
helpful if the same task could be carried out within the GUI and with more
granular control over VMs.

2016-07-01 11:23 GMT+02:00 Drew White :

> Perhaps this is something that can be added in when the manager is fixed
> and the issues with the memory leak and functionality and many other bugs
> are resolved?
>
> This would be a good addition. As it is something that I believe many
> people would benefit from.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEWhQ4cx05N0O2xViXcYP5EQLPbg7X_KEn-hCsCuiiaeQCA-eA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installing XFCE

2016-07-01 Thread Micah Lee

I've installed Qubes 3.2-rc1 with only KDE. How do I install XFCE now as
well? The docs [1] about this look super outdated. A couple things that
I tried but didn't work:

sudo qubes-dom0-update xfce4
sudo qubes-dom0-update @XFCE
sudo qubes-dom0-update @xfce-desktop-environment

[1] https://www.qubes-os.org/doc/xfce/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adab2276-029f-2acb-3302-5497813cd944%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Will KDE be deprecated? Migration for in-place upgrades?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 03:43:00PM +, Patrick Schleizer wrote:
> I understand, the port to GNOME did not work out yet, and that now the
> decision has been made to make Qubes R3.2 based on LXDE.
> 
> Sources:
> - https://github.com/QubesOS/qubes-issues/issues/1806
> - https://github.com/QubesOS/qubes-issues/issues/2119
> 
> Therefore my question, will KDE be deprecated? Or will it still be
> somewhat supported?

It will still be available in repositories, but but will not be included
in installation image and Xfce will be the default environment for new
installations.

> Will in-place R3.2 upgrades migrate Qubes KDE users to LXDE or will that
> be a manual process?

Upgrade will keep the user choice. With an exception that KDE5 has
renamed it session name (`kde-plasma` -> `plasma`), so on first login
after upgrade it needs to be choosen again. This is covered in upgrade
instruction:
https://www.qubes-os.org/doc/upgrade-to-r3.2/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdq4mAAoJENuP0xzK19csJxYH/i3uQHWEvttyq01ADlWX15MV
PAI0JL5Hycz1cCVfiSnnFYkhM8iqNyjeXx4YtYefi7e6NYZTGdjIO31SF9sZEGJy
iCCX6f9v87ZqNefrcvN+xETzCjJIGTB1On/daRZT9A9r/NdGj/ENECajJyMt5n65
liO9nOE4GPusLEwDpE9bkqfFRG2Y3KoC5cdRv54jySRFTooBkLtsW6NEeBhKb1xR
zNQz5uaZmtzUjyHBivVwpcQDECTt8O65XO4XexaceCBlaHvf2WDO9hXyKbAI4DNs
g/uCWBzp8OQVLtIBtla8rlpn2teUoFYuSxawEw2TooEkDRGzRpSM86D2eZkpF+U=
=omEP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701175343.GJ1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Will KDE be deprecated? Migration for in-place upgrades?

2016-07-01 Thread Patrick Schleizer

XFCE. Not LXDE.

(Sorry, I messed that up!)

Patrick Schleizer:
> I understand, the port to GNOME did not work out yet, and that now the
> decision has been made to make Qubes R3.2 based on LXDE.
> 
> Sources:
> - https://github.com/QubesOS/qubes-issues/issues/1806
> - https://github.com/QubesOS/qubes-issues/issues/2119
> 
> Therefore my question, will KDE be deprecated? Or will it still be
> somewhat supported?
> 
> Will in-place R3.2 upgrades migrate Qubes KDE users to LXDE or will that
> be a manual process?
> 
> Cheers,
> Patrick
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b44fe52-82ae-9337-2b77-873b74f5e742%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problems with GUI Agent on Windows (was: Lenovo Thinkpad P50 Qubes)

2016-07-01 Thread Peter M



On Sunday, June 19, 2016 at 5:08:09 PM UTC-6, derfa...@gmail.com wrote:
>
> hi fellow p50ers, 
>
> On Monday, May 16, 2016 at 2:25:07 PM UTC+2, Achim Patzner wrote: 
> > > Am 16.05.2016 um 12:57 schrieb derfa...@gmail.com : 
> > > 
> > > on another note, i finally ended up deleting my usbvm. it would only 
> come up every third or fourth reboot, and if it didn't, i was not able to 
> start it up manually. 
> > 
> > The P70 has the same problem after updating the firmware to version 
> 2.00; there seems to be some race condition affecting bus initialization 
> and management engine/firmware. Waiting with entering the disk passphrase 
> helps, turning the machine off before booting helps, too. Not auto-starting 
> it doesn’t change anything so I’d expect it to be a Xen problem. 
>
> i can happily confirm that this usb-vm issue seems to be resolved in qubes 
> R3.2-rc1. also, i updated the BIOS to 1.26 and, after reading in the lenovo 
> forums, updated the thunderbolt firmware to the latest version, which fixed 
> the HDMI output issue for me. 
>
> Qubes R3.2 will fully support the Lenovo P50 out of the box! :D 
>
> best, 
>
> fake 
>
>

Did you install it in EFI mode or without? Did you do clean install or 
upgrade?
Tried doing clean install of 3.2 RC1 and it installs fine but when I select 
Qubes on boot list it comes straight back.

Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/797e68b4-4bc8-40c8-80b3-26808a77a8e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Linux-libre in dom0

2016-07-01 Thread raahelps

On Friday, July 1, 2016 at 7:47:11 AM UTC-4, Duncan Guthrie wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> 
> 
> On 01/07/16 02:05, raahe...@gmail.com wrote:
> > On Thursday, June 30, 2016 at 8:49:16 PM UTC-4, Duncan Guthrie
> > wrote: On 01/07/16 00:03, Marek Marczykowski-Górecki wrote:
>  On Thu, Jun 30, 2016 at 10:57:42PM +0100, Duncan Guthrie
>  wrote:
> > Dear Qubes Users, I have been using Qubes OS for a couple
> > of days now. I own a Lenovo Thinkpad X200 and everything
> > works fine, including WiFi. However, I am concerned about
> > this, because my X200 has an Intel WiFi chipset, which I
> > know uses proprietary firmware. I am concerned about this
> > because the firmware could be malicious, so I think this is
> > quite bad from a security perspective. The more proprietary
> > software, the worse security you have, as has been shown
> > many times. Since the hardware is secret, it is possible
> > that the WiFi chipset could be used to do malicious actions
> > without any way to tell. I am especially concerned about
> > the firmware being in dom0, which has access to the
> > hardware.
>  
>  WiFi card is assigned to NetVM and have no access to dom0. So
>  even if its firmware is malicious, it shouldn't be a big
>  problem. It may at most mess with your network traffic -
>  which should be encrypted anyway for anything sensitive.
>  
>  In practice the only firmware still needed in dom0, is the
>  one for GPU (if applicable).
>  
> > I think this is a good idea in general, whether the firmware is
> > free software or proprietary software. However, there are certain
> > wireless chipsets (made by Atheros corporation) which work without
> > a proprietary firmware blob for WiFi, but don't for Bluetooth, so
> > even if they largely work without the proprietary program, the
> > operating system still loads some proprietary program not needed
> > (most people don't use Bluetooth at any rate). I own such a chipset
> > on my desktop computer; Debian works without any proprietary
> > software at all, while Tails loads firmware for the Bluetooth. What
> > is the answer to this, do you make exceptions for firmware only for
> > wireless cards and GPUs? Or do you just allow them all through.
> > 
> > Another thing I have read is that Linux-libre's deblob scripts
> > don't just get rid of firmware that is proprietary, it removes all
> > binary files disguised as source files (e.g. some binary file
> > named "something.h") and "obfuscated" driver sources (I believe
> > that the 2D nv driver has been accused of this). Would you consider
> > at least adapting the deblob scripts from Linux-libre to work for
> > your kernel to only allow select firmware through, for the most
> > common computers? Another option, like Debian (and, if I recall,
> > Ubuntu to some extent, although I have never installed Ubuntu),
> > which I think would be even better is to have a completely free
> > kernel by default, then a separate repository for firmware, which
> > can be enabled in the installation process. It would probably be
> > considerably simpler than adapting the deblob scripts to be quite
> > selective, too. It wouldn't make Qubes compliant with the Free
> > Software Foundation's "Free Software Distribution Guidelines", but
> > I think that from a security perspective it is better than
> > including the proprietary 'blobs' by default, and is a balance
> > between usability of obscure hardware and security of dom0 (it
> > never hurts). What do you think of this proposal?
> > 
> >  Thanks for your reply, it was really helpful for allowing me
> > to understand more about your security policies.
> > 
> > D.
> > 
> > 
> > 
> > I think what Marek is saying is that from a security standpoint it
> > doesn't really matter because the netcard is isolated even at the
> > hardware level with iommu supported system.   And if it messes with
> > your network traffic you should be using encryption,  https or tor
> > etc..
> > 
> > I think the reason they are not adopting such kernel is cause qubes
> > is trying to get more users and hardware compatibility is the
> > biggest hurdle and turn off to people.  Its still new type of os
> > and people are hesitant.   Also most people use laptops and
> > wouldn't be as willing to buy an external usb network card for
> > qubes.Which might also be troublesome in some cases when trying
> > to isolate usb controllers.
> > 
> I understand what Marek is saying. I'm saying that ideally we
> shouldn't let any proprietary software by loaded by dom0, because we
> simply have no idea what it does. For example, someone could pressure
> the people who write the firmware to put something nasty in it
> designed to attack Qubes and TAILS users, to exploit Xen and break out
> of the hypervisor. It is a distinct possibility, considering we are
> living in the age of Orwell.
> What I am proposing

Re: [qubes-users] Re: Will KDE be deprecated? Migration for in-place upgrades?

On 07/01/2016 06:49 PM, raahe...@gmail.com wrote:
> [...]
> But  XFCE is definitely the way to go now imo.
+1

-- 
Alex


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90713eee-0b37-494c-73ce-53cf15563902%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Will KDE be deprecated? Migration for in-place upgrades?

2016-07-01 Thread raahelps

On Friday, July 1, 2016 at 11:43:50 AM UTC-4, Patrick Schleizer wrote:
> I understand, the port to GNOME did not work out yet, and that now the
> decision has been made to make Qubes R3.2 based on LXDE.
> 
> Sources:
> - https://github.com/QubesOS/qubes-issues/issues/1806
> - https://github.com/QubesOS/qubes-issues/issues/2119
> 
> Therefore my question, will KDE be deprecated? Or will it still be
> somewhat supported?
> 
> Will in-place R3.2 upgrades migrate Qubes KDE users to LXDE or will that
> be a manual process?
> 
> Cheers,
> Patrick

lxde?  its super lightweight and a full desktop. I've always prefered it for my 
laptops,  but unfortunately I don't think its maintained anymore. Its my 
understanding the devs have now moved to lxqt which is pretty much as bloated 
as xfce.  I think maybe just Sticking with xfce might be a better idea.

I completely understand wanting to get rid of KDE at this point.  because the 
newer KDE versions are so buggy.  I also don't like the direction its gone with 
removing options that past versions had, or how its become less easily 
customizeable as well. So I wasn't too upset at qubes not updating to the 
latest version so quick.  I'm glad qubes came to this decisions because even 
though I have always preferred KDE,  the new versions are worrysome. I also was 
never a fan of gnome at all.  gnome-flashback was only thing I liked since it 
wasn't bloated and mysterious.  But  XFCE is definitely the way to go now imo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e04b2de7-7d6c-4b80-8580-28f537d79622%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Will KDE be deprecated? Migration for in-place upgrades?

2016-07-01 Thread Patrick Schleizer

I understand, the port to GNOME did not work out yet, and that now the
decision has been made to make Qubes R3.2 based on LXDE.

Sources:
- https://github.com/QubesOS/qubes-issues/issues/1806
- https://github.com/QubesOS/qubes-issues/issues/2119

Therefore my question, will KDE be deprecated? Or will it still be
somewhat supported?

Will in-place R3.2 upgrades migrate Qubes KDE users to LXDE or will that
be a manual process?

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29860b80-9c47-ba93-2838-e5d840ac8b2c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes and sugarsync

2016-07-01 Thread Nicola Schwendener

Hello all,
I wish to move away from my windows pc to qubes os.
in my configuration I still will use windows HVM because I need to run some 
software (and some office macro) in it. 
I've some questions about storages and cloud accounts. 
I've a crashplan account that I wish to continue using in linux. I saw that 
there is the crashplan linux version and I wish to know how to create a 
storagevm that shares via NFS to windows VM and some other VM the content 
available in the storageVM (should be attached to some external disks and 
the NAS). 
then there is sugarsync. this software provides a synchronization between 
different PC I've on different locations. for this software there is a 
windows only version. what I wish is that this software should run (I guess 
via wine) in the storageVM in order to not duplicate data between VMs. 
is it feasable? could someone explain me how to create a storage VM and 
share data to other VMs?
thank you very much
best regards
Nick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb583e4f-4b14-4e5b-8bd0-9bb7ecfc3d76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Linux-libre in dom0

On 07/01/2016 04:03 PM, Duncan Guthrie wrote:
> 
> Thanks for your reply! However, I think I need to clarify some things
> here.
> Freed-ora is a repository produced by the Linux-libre project which
> provides a kernel without the proprietary firmware programs, and a
> package which removes and prevents installation of non-free programs
> (mostly firmware packages for various devices, such as bluetooth
> dongles). It would not require any modification to Fedora in dom0
> other than enabling and installing the freed-ora packages. I do not
> know if Qubes makes any modification to the kernel, or it just uses
> stock Fedora kernel.
> Regarding graphics, I am not talking about the Nvidia binary drivers -
> Nouveau works perfectly for most people, and can be used without
> proprietary firmware (although recent Nvidia cards require signed
> firmware from Nvidia, but the driver is open source). (The Nvidia
> binary drivers, if installed in dom0 are running in kernel space,
> which is utterly stupid. I can't see a way that people would be able
> to put them in a special GUI domain). It is their computer and they
> can install what they want.
> 
> What I really want is for Qubes not to include the proprietary
> components by default. This is as simple as the installer saying
> something like:
> "The installer detected your computer requires proprietary firmware.
> Your computer may work fine without the firmware. As Qubes does not
> have access to the source code or is unable to modify these firmware
> programs due to license restrictions, we can make no guarantees
> regarding security, although we have taken steps to mitigate the
> problem through Qubes' design. Would you like to enable the firmware?
> [recommended: no]"
> 
> Keep in mind this is by default. It is not as if we are saying these
> people can't use Qubes without the firmware, and indeed we are giving
> them an easy way to enable it at installation, and they can install it
> later through the package manager.
> 
I stand my ground that this would not increase security against targeted
attacks. I concede that it would be a nice goal for the FOSS movement,
but nothing more. Let me explain.

In normal linux distro, opaque binary blobs are disliked mainly because
they may contain unintended security holes that cannot be verified nor
easily patched, and become unmaintainable shuld the providing entity
disappear out of business. Then there is the FOSS promotion stuff and
so. Last and least, there is the intentional malware inclusion
possibility; which is rarely practical, because opaque binary blob
makers do have economical incentives in keeping it simple, working and
in defending their brand name from such allegations.

In qubes, the driving philosophy is taking those opaque binary blobs as
necessary evil, and isolating them as much as possible in a way to
contain their danger. The NetVM is a brilliant example, as is the GuiVM
(which is not nearly as impossible as you make it sound). So yes, there
may be opaque binary blobs, and it may be a better world without, but in
Qubes they cannot do much damage *by design*. They are disliked in dom0,
and the general direction is to get rid of them from dom0 as much as
possible: the only elephant remaining in the room is GPU drivers, and
GuiVM will work around that point.

As for what can be hidden by *intentional* means in open source
software, I invite you to read and understand the spirit of the
Underhanded C Contest: http://underhanded-c.org/ . My take on FOSS is
that having open source software is absolutely nice when it comes to
fixing bugs faster in production code, and that it is a guarantee on the
writer going out of business, but no, having FOSS is not by itself a
guarantee against targeted attacks.

Or are you really, seriously going to audit a linux distribution for
underhanded intended effects? Did you remember that someone already
tried to do that to the linux kernel (http://lwn.net/Articles/57135/) ?

So my take on the strength of Qubes is the philosophy of 1) living with
necessary evil, and containing the damage or eliminating it by design
and architecture and 2) preferring less code instead of more, even if
supposedly more secure, because all code contains bugs, and some bugs
may be security holes. The vast majority of the bugs may be unintended,
but FOSS alone is not a guarantee of no intended bug being present.

TL;DR: I understand your point, but I don't agree with that, and I will
be completely ok with opaque binary blobs once we'll have a GuiVM.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11692511-74b4-24cc-b3d4-bbf83320d3c0%40gmx.com.
For more options, v

Re: [qubes-users] Linux-libre in dom0

2016-07-01 Thread Duncan Guthrie

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/07/16 13:34, Alex wrote:
> On 07/01/2016 01:46 PM, Duncan Guthrie wrote:
>> 
>> I understand what Marek is saying. I'm saying that ideally we 
>> shouldn't let any proprietary software by loaded by dom0, because
>> we simply have no idea what it does. For example, someone could 
>> pressure the people who write the firmware to put something nasty
>> in it designed to attack Qubes and TAILS users, to exploit Xen
>> and break out of the hypervisor. It is a distinct possibility,
>> considering we are living in the age of Orwell. What I am
>> proposing (nonfree repository turned off by default) means that
>> we can have hardware support while ideally avoiding the
>> proprietary software as much as possible. If it works for Debian
>> and Ubuntu, then I am sure it would work for Qubes. For instance,
>> this might be easier if dom0 was based on Debian, as I am aware
>> this was discussed.
> What you say is not wrong, but also not new, and that's exactly
> the reason behind netvm and the planned (but harder, hence not yet
> ready) guiVM. If everything goes according to the plan, with GuiVM
> there will be no need for opaque binary blobs in dom0, and any
> distribution may well be used - dom0 still does not have any
> networking, so apart from not-yet-found malicious code in the FOSS
> in dom0 there should be no security problem.
> 
> The fact that it might be easier if dom0 was debian based is wrong:
> it would be exactly the same. As long as someone needs support for
> nvidia and chooses to install the official nvidia drivers, they
> will have opaque binary blobs in dom0. With fedora it's exactly the
> same: by default there are the foss nouveau drivers, but if someone
> feels inclined, they may well install the official (opaque) nvidia
> blobs.
> 
> If that same person is happy with nouveau, they may use it both in 
> debian or in fedora.
> 
> If you find any other unneeded suspicious package, you may just
> remove it with the package manager; please report back what you
> find, so that dom0 may be "purged" if these packages are actually
> unneeded in every case.
> 
>> I am also still confused about how I might install Linux-libre
>> in dom0 and replace all the proprietary stuff with the packages
>> from freed-ora repositories (or my own). I think a guide in the 
>> documentation for this would be good. Does anyone have any
>> ideas?
>> 
>> Thanks for your reply, D.
> The problem with a custom dom0 is that it has to support being a
> Xen hypervisor administration domain. If this pre-requisite is met,
> then you may try to port the qubes tools to work in your dom0.
> 
> I still don't see your point in doing that, anyway, apart from the
> video card opaque blob (explained above). As an example, I do not
> have any NVidia card as of now, so I don't have any opaque binary
> blob in my dom0. Could you please list what other
> non-just-removable "proprietary stuff" you found in your dom0 and
> explain what would you replace it with?
> 

Thanks for your reply! However, I think I need to clarify some things
here.
Freed-ora is a repository produced by the Linux-libre project which
provides a kernel without the proprietary firmware programs, and a
package which removes and prevents installation of non-free programs
(mostly firmware packages for various devices, such as bluetooth
dongles). It would not require any modification to Fedora in dom0
other than enabling and installing the freed-ora packages. I do not
know if Qubes makes any modification to the kernel, or it just uses
stock Fedora kernel.
Regarding graphics, I am not talking about the Nvidia binary drivers -
Nouveau works perfectly for most people, and can be used without
proprietary firmware (although recent Nvidia cards require signed
firmware from Nvidia, but the driver is open source). (The Nvidia
binary drivers, if installed in dom0 are running in kernel space,
which is utterly stupid. I can't see a way that people would be able
to put them in a special GUI domain). It is their computer and they
can install what they want.

What I really want is for Qubes not to include the proprietary
components by default. This is as simple as the installer saying
something like:
"The installer detected your computer requires proprietary firmware.
Your computer may work fine without the firmware. As Qubes does not
have access to the source code or is unable to modify these firmware
programs due to license restrictions, we can make no guarantees
regarding security, although we have taken steps to mitigate the
problem through Qubes' design. Would you like to enable the firmware?
[recommended: no]"

Keep in mind this is by default. It is not as if we are saying these
people can't use Qubes without the firmware, and indeed we are giving
them an easy way to enable it at installation, and they can install it
later through the package manager.

Thanks for everything,
D.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcB

Re: [qubes-users] Q wipe files

2016-07-01 Thread Chris Laprise

On 07/01/2016 01:14 AM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-30 13:47, 109384'109438'0194328'0914328'098 wrote:

Hello,

Q security policy don't protect against app-exploits, but give the
tools to protect your data.

Protect data, but not apps!

It's very clever!

If, I move a file from VM1_green to VM2_green, the the filemanger
and the move-to-VM command.

https://www.qubes-os.org/doc/copying-files/

Than later VM1 gets compromised in some way. So I must be sure that
the old file(copy) was wiped.

How Qubes wipes files, so that the secure copy and paste security
mechanism will work, if the security-sensitive user will take this
manual action, to protect his/her data?

I assume, if I delete a file, it will work in the same safe way...

Kind Regards

I'm not sure if I understand your question.

Is your question: "How can I securely wipe (delete) a file in a VM?"

If this is your question, then the answer is basically the same as on
a conventional OS. For example, if it's a Linux VM, then you can use
the "shred" command. It's a matter of controversy whether this will
make the file forensically unrecoverable, especially if it was written
to an SSD that utilizes wear-leveling.

Actually, how it works in a default Qubes setup is pretty reassuring...
You don't need to shred if you are concerned only with domU programs
accessing deleted files. Simply[1] deleting the file will cause its
blocks to be /discarded/ so they cannot be recovered in any way by that
VM except as zeroes. That is because the img file has had holes punched
in it at those locations during the delete/trim (i.e. because the img is
a sparse file). OTOH, dom0 may still be able to find the data.

[1] Not so simple: Ensuring there are no remaining hard links; But there
are ways to find these...
https://linuxcommando.blogspot.com/2008/09/how-to-find-and-delete-all-hard-links.html
Also, remove all snapshots for that volume after you delete the files in
question.

Chris

However, if you believe that the VM that contains the file is
compromised, and you've already qvm-copied out all the data you want
to keep, why not simply destroy the whole VM? You can do this with
qvm-remove (or the same via Qubes Manager). The same concern about
forensic recoverability might arise at the dom0 level. You have a
couple different options here:

* You can use shred in dom0. The same caveat applies as above.
* You can write the data to an encrypted disk/container in the first
place, then just wipe the encryption header whenever you want to make
the data unrecoverable. (Of course, if you use "shred" to wipe the
header, then you're back to the previous issue, but at least anyone
who recovers the header will still require the passphrase.) If you
don't want to wipe your entire disk, you can store certain VMs in an
encrypted disk/container and symlink them from /var/lib/qubes/*/, as
described here:

https://www.qubes-os.org/doc/secondary-storage/

(Or use some other method of relocating them.)

- --
Andrew David Wong (Axon)

Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdfxFAAoJENtN07w5UDAwMngP/RSa7rYAn/c6ylnzsZ0S/8+e
RoCrXgS8PEwtql6Kt7uTHC7opgfiAljBzLKFKQ8u6l/hFeRWvb/zAxPvCQ14weFN
Zktxu4A0yeW1LV+jAR6Z2keFnqqjtddDoWO+frGwpYXhm1BoxwFvHzQDnUQOchR/
Ayzs5X8Qr/F3KXJBAsphLKYKHFdZ6IKEA73SCCor2lzrzft+j4BZKQuIxRqiQRCA
59eB5lcdzdfMS5LbohNGFP8SM+3ApLPqMxxcrRCRvjq3f1+uqmIosGgd3ba4Phhs
97SMJkMeNHeWB1KcPfLcQE7zj17WJzi/Opm/IpN4mO38UlDk8Bt5Smt++tfqLlz3
uYj5/7QwoMGoGbHRFhTmWuM/GcKT2tTHZn6glGRxdyvXTJi/hCo/FMI44oFkh8cl
YLJZ70DrTHM/qLB27S+8Q5Zi6Hl8KMEmU+VX08P53cC/UO1beCXrRA2Uu3/dWvrQ
oVkVNK+bIyKjyR4HVQo/kHPnERr4jtedaG2By9smUNAq88uouzhMoj1/9RB8DKWu
osV96fWj+t9qjSupC+FVENg5GwjR4vTJM5zAnaTHWmKbtLX3u6GDt0vTWju2shVW
XukK0hqDtTG0myvTLUCklQj1l/O7hDMnSvD3guiGECfVBL/BOH9rg0i+AlCRBbGI
wl3nktfK8BwMT2fh0YKA
=3T5X
-END PGP SIGNATURE-

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b3ad8310-b372-e1f5-9204-71449d882ae8%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I install packages to a template over a VPN?

2016-07-01 Thread Ward... James Ward

I had done that in the past in another scenario. Turns out my employer's
idea of a secure workstation and the separate firewall VM do not mesh.
There were several ways it failed my employer's security checks, but then
they're expecting a standalone system or a standalone VM at most.

On Fri, Jul 1, 2016 at 3:39 AM Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Thu, Jun 23, 2016 at 10:29:16PM -0700, Andrew David Wong wrote:
> > On 2016-06-23 12:03, James Ward wrote:
> > > I'm reinstalling to clean up all the experimenting I did yesterday
> > >  just to get a fresh start, but I do have one more question I can't
> > >  seem to find the answer to. How do I make the default user the
> > > same as dom0 (i.e. jeward in my case)? I regularly ssh into other
> > > system as jeward and this would just be so much more convenient
> > > than "user".
> > >
> >
> > Not certain about this, but I think "user" might be hardcoded. Maybe
> > someone else knows of a way to change it without breaking stuff, but
> > I'm not personally aware of one.
>
> Unfortunately it is hardcoded in many places. But you can configure ssh
> to use a different one by default:
>
> .ssh/config:
>
> Host *
> User jeward
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXdkh1AAoJENuP0xzK19csi3MH/3rlP3tmjKDgfLQy5i9e7eg7
> 2cRidy4E510phN95b7C9XTjf2Y3JJByqBIr744NqLobowtUQRnmxsEQRnLf3cZ4z
> m5qthPN0CoI9GcMr6AgipP3N/CDz1tDhPyK7toK8qo54Bhi/Zxz4GWUT6ivKfBVS
> Sz+JLIDexOlZqdZTKTiE6jVsuToHIuxU6hlPgGQFNIM8/cnJn/3sqOgiYDpWDXV0
> bMghMT+6keh1A4L4VxrPjg0dTMXLUG7aD6fypaSQNFbKAXTuv+wwuXKrZac12MsS
> gyDf5hZv4+fD4Utn0grGGN2f4/rgOc69mgm5kfSUk6oD3zrOI/2MAUK6GSqNNyY=
> =Gncj
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADmwtgCfg3ztnAcpdu8UpdxTyeT6BH%3DVRuiE7MtBwZxBfZtaeg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Linux-libre in dom0

On 07/01/2016 01:46 PM, Duncan Guthrie wrote:
> 
> I understand what Marek is saying. I'm saying that ideally we 
> shouldn't let any proprietary software by loaded by dom0, because we 
> simply have no idea what it does. For example, someone could
> pressure the people who write the firmware to put something nasty in
> it designed to attack Qubes and TAILS users, to exploit Xen and break
> out of the hypervisor. It is a distinct possibility, considering we
> are living in the age of Orwell. What I am proposing (nonfree
> repository turned off by default) means that we can have hardware
> support while ideally avoiding the proprietary software as much as
> possible. If it works for Debian and Ubuntu, then I am sure it would
> work for Qubes. For instance, this might be easier if dom0 was based
> on Debian, as I am aware this was discussed.
What you say is not wrong, but also not new, and that's exactly the
reason behind netvm and the planned (but harder, hence not yet ready)
guiVM. If everything goes according to the plan, with GuiVM there will
be no need for opaque binary blobs in dom0, and any distribution may
well be used - dom0 still does not have any networking, so apart from
not-yet-found malicious code in the FOSS in dom0 there should be no
security problem.

The fact that it might be easier if dom0 was debian based is wrong: it
would be exactly the same. As long as someone needs support for nvidia
and chooses to install the official nvidia drivers, they will have
opaque binary blobs in dom0. With fedora it's exactly the same: by
default there are the foss nouveau drivers, but if someone feels
inclined, they may well install the official (opaque) nvidia blobs.

If that same person is happy with nouveau, they may use it both in
debian or in fedora.

If you find any other unneeded suspicious package, you may just remove
it with the package manager; please report back what you find, so that
dom0 may be "purged" if these packages are actually unneeded in every case.

> I am also still confused about how I might install Linux-libre in
> dom0 and replace all the proprietary stuff with the packages from
> freed-ora repositories (or my own). I think a guide in the
> documentation for this would be good. Does anyone have any ideas?
> 
> Thanks for your reply, D.
The problem with a custom dom0 is that it has to support being a Xen
hypervisor administration domain. If this pre-requisite is met, then you
may try to port the qubes tools to work in your dom0.

I still don't see your point in doing that, anyway, apart from the video
card opaque blob (explained above). As an example, I do not have any
NVidia card as of now, so I don't have any opaque binary blob in my
dom0. Could you please list what other non-just-removable "proprietary
stuff" you found in your dom0 and explain what would you replace it with?

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84807200-3a9d-821a-aadb-764c3ea83ac4%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Linux-libre in dom0

2016-07-01 Thread Duncan Guthrie

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 01/07/16 02:05, raahe...@gmail.com wrote:
> On Thursday, June 30, 2016 at 8:49:16 PM UTC-4, Duncan Guthrie
> wrote: On 01/07/16 00:03, Marek Marczykowski-Górecki wrote:
 On Thu, Jun 30, 2016 at 10:57:42PM +0100, Duncan Guthrie
 wrote:
> Dear Qubes Users, I have been using Qubes OS for a couple
> of days now. I own a Lenovo Thinkpad X200 and everything
> works fine, including WiFi. However, I am concerned about
> this, because my X200 has an Intel WiFi chipset, which I
> know uses proprietary firmware. I am concerned about this
> because the firmware could be malicious, so I think this is
> quite bad from a security perspective. The more proprietary
> software, the worse security you have, as has been shown
> many times. Since the hardware is secret, it is possible
> that the WiFi chipset could be used to do malicious actions
> without any way to tell. I am especially concerned about
> the firmware being in dom0, which has access to the
> hardware.
 
 WiFi card is assigned to NetVM and have no access to dom0. So
 even if its firmware is malicious, it shouldn't be a big
 problem. It may at most mess with your network traffic -
 which should be encrypted anyway for anything sensitive.
 
 In practice the only firmware still needed in dom0, is the
 one for GPU (if applicable).
 
> I think this is a good idea in general, whether the firmware is
> free software or proprietary software. However, there are certain
> wireless chipsets (made by Atheros corporation) which work without
> a proprietary firmware blob for WiFi, but don't for Bluetooth, so
> even if they largely work without the proprietary program, the
> operating system still loads some proprietary program not needed
> (most people don't use Bluetooth at any rate). I own such a chipset
> on my desktop computer; Debian works without any proprietary
> software at all, while Tails loads firmware for the Bluetooth. What
> is the answer to this, do you make exceptions for firmware only for
> wireless cards and GPUs? Or do you just allow them all through.
> 
> Another thing I have read is that Linux-libre's deblob scripts
> don't just get rid of firmware that is proprietary, it removes all
> binary files disguised as source files (e.g. some binary file
> named "something.h") and "obfuscated" driver sources (I believe
> that the 2D nv driver has been accused of this). Would you consider
> at least adapting the deblob scripts from Linux-libre to work for
> your kernel to only allow select firmware through, for the most
> common computers? Another option, like Debian (and, if I recall,
> Ubuntu to some extent, although I have never installed Ubuntu),
> which I think would be even better is to have a completely free
> kernel by default, then a separate repository for firmware, which
> can be enabled in the installation process. It would probably be
> considerably simpler than adapting the deblob scripts to be quite
> selective, too. It wouldn't make Qubes compliant with the Free
> Software Foundation's "Free Software Distribution Guidelines", but
> I think that from a security perspective it is better than
> including the proprietary 'blobs' by default, and is a balance
> between usability of obscure hardware and security of dom0 (it
> never hurts). What do you think of this proposal?
> 
>  Thanks for your reply, it was really helpful for allowing me
> to understand more about your security policies.
> 
> D.
> 
> 
> 
> I think what Marek is saying is that from a security standpoint it
> doesn't really matter because the netcard is isolated even at the
> hardware level with iommu supported system.   And if it messes with
> your network traffic you should be using encryption,  https or tor
> etc..
> 
> I think the reason they are not adopting such kernel is cause qubes
> is trying to get more users and hardware compatibility is the
> biggest hurdle and turn off to people.  Its still new type of os
> and people are hesitant.   Also most people use laptops and
> wouldn't be as willing to buy an external usb network card for
> qubes.Which might also be troublesome in some cases when trying
> to isolate usb controllers.
> 
I understand what Marek is saying. I'm saying that ideally we
shouldn't let any proprietary software by loaded by dom0, because we
simply have no idea what it does. For example, someone could pressure
the people who write the firmware to put something nasty in it
designed to attack Qubes and TAILS users, to exploit Xen and break out
of the hypervisor. It is a distinct possibility, considering we are
living in the age of Orwell.
What I am proposing (nonfree repository turned off by default) means
that we can have hardware support while ideally avoiding the
proprietary software as much as possible. If it works for Debian and
Ubuntu, then I am sure it would work for Qubes. For instance, this
might b

Re: [qubes-users] How do I install packages to a template over a VPN?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 23, 2016 at 10:29:16PM -0700, Andrew David Wong wrote:
> On 2016-06-23 12:03, James Ward wrote:
> > I'm reinstalling to clean up all the experimenting I did yesterday
> >  just to get a fresh start, but I do have one more question I can't
> >  seem to find the answer to. How do I make the default user the 
> > same as dom0 (i.e. jeward in my case)? I regularly ssh into other 
> > system as jeward and this would just be so much more convenient 
> > than "user".
> > 
> 
> Not certain about this, but I think "user" might be hardcoded. Maybe
> someone else knows of a way to change it without breaking stuff, but
> I'm not personally aware of one.

Unfortunately it is hardcoded in many places. But you can configure ssh
to use a different one by default:

.ssh/config:

Host *
User jeward

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdkh1AAoJENuP0xzK19csi3MH/3rlP3tmjKDgfLQy5i9e7eg7
2cRidy4E510phN95b7C9XTjf2Y3JJByqBIr744NqLobowtUQRnmxsEQRnLf3cZ4z
m5qthPN0CoI9GcMr6AgipP3N/CDz1tDhPyK7toK8qo54Bhi/Zxz4GWUT6ivKfBVS
Sz+JLIDexOlZqdZTKTiE6jVsuToHIuxU6hlPgGQFNIM8/cnJn/3sqOgiYDpWDXV0
bMghMT+6keh1A4L4VxrPjg0dTMXLUG7aD6fypaSQNFbKAXTuv+wwuXKrZac12MsS
gyDf5hZv4+fD4Utn0grGGN2f4/rgOc69mgm5kfSUk6oD3zrOI/2MAUK6GSqNNyY=
=Gncj
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701103947.GB1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> On 2016-06-23 06:20, Rusty Bird wrote:
>> There is something the people for whom AEM fails on UEFI could 
>> try:
> 
>> [...]
> 
> Not sure if this is directed at me, but I was/am not on UEFI. (If
> you were already aware of this and were talking to other people,
> my apologies.)

No problem, I just understood your original post to mean that you
tried both BIOS and UEFI booting because your ThinkPad can do either?
If so, there might be a tiny chance that it's worth retrying UEFI with
the options removed.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXbAewXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfPw0P/2CSFQ85OrlpnlJHvnkesTI/
oDPUYa12EEVNm0bQiL4VLciH5ob3uQc+5ykKX8lYd0foOzQatnxwtXUGQQgMF6eO
2lJqpgyaa8x8ewEyOb7Kr/iDqwoU5jbNvFA5v9Uhlei1W2hOISStrl4ZjON+C95H
2ZYoSnAyjdseZK0O6iXKWDLdsMTTm/oNU1CIbpZsxvKX1tmvVnSTPmcpDI+MwPht
pIrAgw4wZqOl6V+g3OKsnIV5wevedmK9/EWxPzIgElf/6dr2e9FN9ysiohhmSxdx
HgmBbbMCd1OfQGCIJh+1FPw4XjZ1fJjis3zq6rfr74j+ilRMjKcxP4gBtu8lDwyT
dWv4UKL9utPmlIimEpemYqR+BPl5dchRplO/JUNtoQyHVfaq9H/KgHqYQ7HgPlSf
c+PaDft2fgRIkaNsaQ+FkVvIca4STfM1O9Kjl3t5lVMqk8jnFwIIypF1Y4J/i3x6
jvUaDV3fpVl1XGf1AxLqIBEXFN6J0/o9zHtp0+E6wZQE/ETlrbPyxgoGdPFKgUZR
CF7S4JCdkM+P0miQzfvd03piK0XV7NoxmT7A32Ds+MuHUBIm76IV2nlELA77zbVH
fzPIiT/5ysG1U9C+ExdUzaz9Ey12Y6ESldTYSq2jbFGVi5v86VCW2HVmdhV0o52p
/LCthjRRPbi7i51pFNDb
=2J9L
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f57b46ec-58dc-aadb-f456-b75bc47c0d9f%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - HP 15-r069no laptop

2016-07-01 Thread ulrik


Hello!

I tried Qubes with this laptop a year ago but it failed to boot, now it 
does.


Normal use works without problems using whonix-gw as connection using 
WLAN. Disk encryption works. Windows 7 installation is very slow (this 
laptop is incredibly slow sometimes) and hangs at finalizing stage (or 
rather continues 10h+ never finishing) but does work once you kill and 
restart VM. Windows tools install succesfully and work.


Touch pad doesn't click when you tap it but it's likely just settings 
issue. If laptop goes to sleep you have to force close with 5s power 
button as it doesn't wake up.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4ba0f2b87505bcf00e571a904d5cf46%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Hewlett_Packard-HP_15_Notebook_PC-20160623-212117.cpio.gz
Description: GNU Zip compressed data
---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'no'
tpm:
  'unknown'
brand: |
  Hewlett-Packard
model: |
  HP 15 Notebook PC
bios: |
  F.18
cpu: |
  Intel(R) Celeron(R) CPU  N2830  @ 2.16GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Atom Processor Z36xxx/Z37xxx Series SoC Transaction 
Register [8086:0f00] (rev 0e)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation Atom Processor Z36xxx/Z37xxx Series Graphics & Display 
[8086:0f31] (rev 0e) (prog-if 00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Realtek Semiconductor Co., Ltd. RTL8188EE Wireless Network Adapter (rev 01)
  Realtek Semiconductor Co., Ltd. RTL8101/2/6E PCI Express Fast/Gigabit 
Ethernet controller (rev 07)
memory: |
  3989
scsi: |
  WDC WD5000LPVX-6 Rev: 1A01
  DVDRW  DU8A5SHL  Rev: ZH63

versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R3.2
  xen: |
4.6.1
  kernel: |
4.4.12-9
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Andrew,

> On 2016-06-22 21:58, Todd Lasman wrote:
>> On 05/16/2016 11:44 PM, Andrew David Wong wrote: I seem to have
>> this exact same problem, but only after installing Qubes 3.2
>> (worked fine with 3.1) on my Thinkpad T430.
> 
> Very interesting. Perhaps my suspicion about the AEM installer
> having recently changed was right after all?

IIRC and going by the dates on the pages below, the installer and all
other code changes were before R3.1 (only the README has changed since):

https://www.qubes-os.org/doc/releases/3.1/schedule/
https://www.qubes-os.org/news/2016/03/09/qubes-os-3-1-has-been-released/
https://github.com/QubesOS/qubes-antievilmaid/commits/master
https://github.com/QubesOS/qubes-antievilmaid/commits/master/anti-evil-maid/sbin/anti-evil-maid-install

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXa77KXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfoHMQAINdc3jjtOepRQeist3RVXzd
xyMLsbQ6kQtG/mnKAt/ddSI/TDEwQNXG/LQKtVVYDZesU9tDRzX4kKo2ou7DieuK
0/jW9HxrWQuWLH9RzGbIgff5HHQAr2LJx837mwuxqoTmCxmkI+70dXGdJ74ns33t
Cz3ElYqE63xkxnCtf+V5l8pN+fQUXkhxXEVWlh0W+nwCjE7igP1+Eljl4FFWcbdF
fnWlv9fbWcoSHTxexkuzQ1HLzVh3YLD4tecUe5JrmuAP0pwUjEephGacadm4yhh1
cXDdIy2XvLijsmrOhFgLmHsnKY7w4DEWFXLQADZm6vHNpG3dkhhdL4bVF/TxCxNg
lThp5AUJiDTSoXtV3pe1tYw52TrUabbL4rzOseQzfI0fp9qOu90enLnFG6d6usyj
zbuwQer56dZiOoSn8BNY4fBquFjaQnQ4utqY4GIGqm/hssLLPgNGFPD/4zQbqJJW
j1MJyQYwd9vPQLQOnpOSxxRv9Vm+7YpA8/JOuefrpEIIVPGJcZDpU7zqDeeOOkFn
qGPEnKDmKBqRaKYaAdYFpDu6G6WPMRE1+A3VDhBIWnBkXs3ZwIG9Mgnz5wriuPxM
dkObLIi5Rb6CbDTNdLazmppF6xwNMDg12iWb2a5puUzE4ccMEARcbmW9S0BMHCeA
L88bxut/i51024RDjRTE
=210N
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/283b532d-519b-ef7a-b6f5-74b421326ea1%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I install packages to a template over a VPN?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Zrubi,

>> There is an issue with updating a template over a vpn: The 
>> intercepting updates proxy normally runs in sys-net, which can't 
>> see inside the encrypted vpn traffic. This may be a cause of the 
>> problem, however it should really only manifest if you are using 
>> yum/dnf; Programs like wget should be able to access the net OK
>> if you've set the template's firewall setting to 'allow...'.
> 
> I'm usually commenting out the yum/dnf proxy for such templates. in
> case of fedora 23 /etc/dnf/dnf.conf You will find the qubes proxy
> related line, comment out that line, and the update will be
> successful.

Or you can disable the updates-proxy-setup Qubes service for that
template, which is responsible for adding the proxy setting to dnf and
apt configuration when the template starts.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXbQziXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfH7sP/080TCPi9kfKe/mBFt94wSZc
9JPG+NhOqA6NclGECDtTmbgx4REddOofwSQRuIl+0uEsVtE9EdCMRR6DEgcK3fnc
sgQNxC7/qb0CjqTy0BsLDrLkysQThyIzsGQKBTyJ1cQiRcBpwvxDEwda2IuGlzYi
NgITZb9GQMFaxwTeKHKtH+mjKCMncmdHwXzNPCX61+1zjiTsukZU1NoExKUa0hGO
0t20gP3jRdVGCIXkQlosXcUKJwsUKhnU0lodJw56xBX+WpMA1PS8kvzGd2NQwv2a
meXRgeZN/9aStHAgM3Gc52mNyIcEjmG+GUEFrN9DsFs/L9ALDL6NxL5UVm0qD7Cu
S9RJop9AZ6aWs3b7CNgBvoteysqjfToRf7vaeYxSNg9DBdJMcntwq+NYy/pj4MPE
jSXksHFT4YOzUZJfmRXqLU31BeoEJrKOBpjgADNG38IfvLjSQy3k2cl5FyZ5t31H
IKOSb9qQI1uJs44ld9bWdtCdBl+VtPyi/Qkr1CdRbjJi6VN1TJhORofk+QL/ZDOU
rNDDB7KeCQzTx5ue6pCYWxnQ0GoYGTmUKpm52JcHhw98B2o/vm0Di45Q3/9ByXi5
Jgjm/NltHjtyp7GUsr0e7uXVt1YYUW4LcZ4jBthj03lkM9KVb9F/YPGEBfr3V6Sd
34idW/Amhqk6OZcKuGx6
=49Ep
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6f07479-e436-f473-df5a-392f029acd9a%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Chris & everyone,

> On 06/23/2016 06:53 AM, Andrew David Wong wrote:

>> On 2016-06-23 03:49, Rusty Bird wrote:
>>> Hi Andrew,
>>> 
 On 2016-06-22 21:58, Todd Lasman wrote:
> On 05/16/2016 11:44 PM, Andrew David Wong wrote: I seem to 
> have this exact same problem, but only after installing
> Qubes 3.2 (worked fine with 3.1) on my Thinkpad T430.
 Very interesting. Perhaps my suspicion about the AEM
 installer having recently changed was right after all?
>>> IIRC and going by the dates on the pages below, the installer
>>> and all other code changes were before R3.1 (only the README
>>> has changed since):

>> Ah, perhaps not then. It remains a mystery!
>> 
> If it changed after initial 3.0 release (esp. later on, near the
> 3.1 release date) then that would actually make sense.

There is something the people for whom AEM fails on UEFI could try:

AEM uses a forked version of grub2's 20_linux_xen as
/etc/grub.d/19_linux_xen_tboot. In commit c43309[1], I rebased this
against the then current (on Fedora) version, which added the
following options for non-BIOS platforms: no-real-mode edd=off

But tboot's 20_linux_xen_tboot [2], a different fork of 20_linux_xen,
never followed grub2 upstream in adding these options. Maybe they
should not be used if Xen is loaded by tboot?

So, try removing "no-real-mode edd=off" (but not the whole line, I
don't know if empty else blocks are allowed here) in
19_linux_xen_tboot and running anti-evil-maid-install again. I'd be
very interested to hear if it helps.

Rusty


1.
https://github.com/QubesOS/qubes-antievilmaid/commit/c43309d0a0b90368b5b2600c886b9deee55e0522

2.
https://sourceforge.net/p/tboot/code/ci/default/tree/tboot/20_linux_xen_tboot
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXa+IGXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfWR4P/3siCVvTWN3JJHZfeCyjhWpc
lI8P8nNuSP6a4u1bPzu18s8jRaX25AXHID27RnwuOXKXHlSJkH4pB6FphmorqSFS
EhtaIKz+QaEB8ecRxlZeS6KREKGyQbIbaJW5KAOzb2HEeZ6AP4qTBrIHuXOIhYaB
H6qLOvrIMtngJNtKsdBD6xIsx/AuCbn/5jqA807Fw4IikWLts+53CxJ31WK8Er2D
cHD3OD+AyurM2We9Cbc7FNG4H8kIM1+qAGGSqFNAXJP8O9vOIyeGCAN3fo3Ctbj8
ueAqNrRjO00y1Cd/oist8VSf0uNnYKc8Q3sfnnHI6Fm1cn+h+2DBL6UctEPq6JJ7
NpiBP8mBWmkgTWoMOjWkVCjQXJU9GnTFQGLQRUl35nM+pdu9+it9gxbhWeqBh+ME
r1bbNHBK2k9FUPPxE7qiQA1xTuiTeFfOxLTeD2uVoABROYHAlxkh656AXL2qvKOG
lmy0kqFsAsQ81PXfRN6VETjGVaHQBcQLh3nunSS2CeNE88YcwNt4WH6X6mh3453B
NNjnX3p0aHv0uHI9IWp10Tqap/ed8/2F+WStH7on9gFtBgNvPoou7iqP9jjsd0cU
BLvFvffDpqgka50iEH4KUIUHNHWBBkabhpTrUL0t+OlVXGOBPrMuU5sQHIN1+HVw
RNzvu+DKYq/dJMs5w98a
=+Liu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2813f291-ed31-9451-2661-de5a3d3fc250%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Video in Qubes 3.2

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

> I often watch videos offline. I download .mp4 files dans I play
> them in a dedicated VM (debian template) with MPV. When I launch a
> video, the VM CPU goes up to 98%, It is quite strange.

Try "-vo x11". mpv sometimes defaults to "-vo sdl", which is very slow.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXc46KXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfysMQAJFQ5h0Mrc2mxQmayQZax+SY
1nlTVlDdUBw2/14YjU6hJ2Hf88ARFLAZNYvn5yb4IPFYRNBTwD2dNjLIg+Kxbx8A
yyT1Agnqll6dDJAQWqGmr2aI8xx5eftUpi92xRLgPaRP3JGyk+pYqvZQLZ6XOOaK
EVlNE7mpJD1PKw0NcrIZYXKk15gdfzVe9waot9awmzJrRJGnOyrvekODuHm6zf2R
yXUcGn498xvbkT9mHsKvwoo1GfhrmfoTAyI+z3T1WvXI6vhhouGbMqyCo1GkU4fy
d2fT8GQLZa6zIy8GC6wQLQPSOo5FqkyQRZXGBHo5ulL+8HKV5RhoCeGdJr0umcfL
UPKHkx0/vsU2+m5Dn3WvC9BDG+c7LoO24pMpOHNGpXaqK2+sWVNiIqyy1WxwzWvM
9pmEv32SyfOU5xpvMbNne7zgCJWdfWPP/P2lcHZqJ02t3uTh3SQblh8PeBDLGfDT
PRDAi3pv7hxDuQtsMYJ4iR8RGbK1wClSOQIjy3ZH0E2pU10yBEzLiQVua6GMi6KV
u2iVzsYvBb6lGRDveAB5Ljjta+I7JGLmM1m9F3KXLfJoZKemJYGBYZJrJzdgZqFL
16Nqo4GvUVDBC+OPBpTH0o1ZHw0QijOw9ZKme2m4O52+zB1+juPZW6PVSNiO2X3n
sJsCwaY5CBjhbkWDTCMI
=2iAM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa642610-2a6c-f985-a8c7-0b0b48dcb663%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: Removing template rpms removes kernel-qubes-vm (was: Re: [qubes-users] Qubes R3.2 Rc1 feedback)

2016-07-01 Thread niels


> 
> On July 1, 2016 at 11:56 AM Marek Marczykowski-Górecki 
>  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Wed, Jun 22, 2016 at 10:32:47AM +0200, Alex wrote:
> 
> > > 
> > In the meantime, I removed the RPM templates (that
> > were installed even if unselected during setup!), reinstalled
> > kernel-qubes-vm that was automatically uninstalled when removing the
> > last template RPM but I think it's needed, and restored the backup.
> > 
> > > 
> Did you used dnf or yum to remove template rpms?
> I can't reproduce the problem... But it may be related to dnf feature
> enabled with clean_requirements_on_remove option, which is something
> like automatic apt-get autoremove.
> 

In my experience dnf has pretty much always this behavior.

Niels

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/439253617.2602.1467368540830%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Removing template rpms removes kernel-qubes-vm

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 12:08:42PM +0200, Alex wrote:
> On 07/01/2016 11:56 AM, Marek Marczykowski-Górecki wrote:
> > On Wed, Jun 22, 2016 at 10:32:47AM +0200, Alex wrote:
> >> In the meantime, I removed the RPM templates (that
> >> were installed even if unselected during setup!), reinstalled
> >> kernel-qubes-vm that was automatically uninstalled when removing the
> >> last template RPM but I think it's needed, and restored the backup.
> > 
> > Did you used dnf or yum to remove template rpms?
> > I can't reproduce the problem... But it may be related to dnf feature
> > enabled with clean_requirements_on_remove option, which is something
> > like automatic `apt-get autoremove`.
> 
> I'm sorry I don't really remember exactly what I did :/
> 
> But straight from my dom0:/root/.bash_history,
> # dnf remove qubes-template-debian-8
> # dnf remove qubes-template-fedora-23 qubes-template-whonix-gw
> # dnf remove qubes-template-fedora-23 qubes-template-whonix-ws
> # dnf install kernel-qubes-vm
> # dnf remove qubes-template-whonix-ws
> # dnf install kernel-qubes-vm
> # qubes-dom0-update kernel-qubes-vm
> 
> I can try to understand: when I gave the third dnf remove, it prompted
> me that it would also remove kernel-qubes-vm, and I stopped it. So I
> tried to set the package as manually installed somehow, 

dnf mark

> hoping that it
> would not be automatically removed, but since I'm not that expert with
> dnf it may just have said "gee hee, that's already installed you dumb",

Probably you're right.

> so I opted for the obvious way: removing both (whonix and kernel-qubes)
> and reinstalling only the latter. I don't know why I later tried to use
> qubes-dom0-update on the very same package.

Because package kernel-qubes-vm (rpm file) isn't there, you needed to
download it again.

So it looks like my guess was right. And kernel-qubes-vm needs to be
marked as needed regardless of template rpms.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdkPXAAoJENuP0xzK19csy2EH/2fM9GUPajkRqHIQAh2RXBmR
oXqaUR4wQtNgfxbhrD+McIuid52MHUWCUQJZl/AlsSHbFnjR+l8XKGajHdxoymVS
hRLOIsVDWyUQetX4O3SvXDHa47YSjY1CApNvrqeEsDfH2LkIciwR1s0gE8/lQfUL
dilUiVJwoeYULHoWQjozpyI+OFyQMq7FL4V65WsaEMzX0IBXS/VYRRZi7ZkmHa93
fD6+6qgSVXeFUOacbc6x3mPJGIrDp20kh9HeDQRcy8GEW4QqvU1YcryGB5Q7ASLD
crhivYm9UHlLYgASedGjWaXKaWf+BNcNmNHnYSInW8pFSvxhrTXmFlprsEtue3I=
=brpg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701102005.GZ1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Removing template rpms removes kernel-qubes-vm

On 07/01/2016 11:56 AM, Marek Marczykowski-Górecki wrote:
> On Wed, Jun 22, 2016 at 10:32:47AM +0200, Alex wrote:
>> In the meantime, I removed the RPM templates (that
>> were installed even if unselected during setup!), reinstalled
>> kernel-qubes-vm that was automatically uninstalled when removing the
>> last template RPM but I think it's needed, and restored the backup.
> 
> Did you used dnf or yum to remove template rpms?
> I can't reproduce the problem... But it may be related to dnf feature
> enabled with clean_requirements_on_remove option, which is something
> like automatic `apt-get autoremove`.

I'm sorry I don't really remember exactly what I did :/

But straight from my dom0:/root/.bash_history,
# dnf remove qubes-template-debian-8
# dnf remove qubes-template-fedora-23 qubes-template-whonix-gw
# dnf remove qubes-template-fedora-23 qubes-template-whonix-ws
# dnf install kernel-qubes-vm
# dnf remove qubes-template-whonix-ws
# dnf install kernel-qubes-vm
# qubes-dom0-update kernel-qubes-vm

I can try to understand: when I gave the third dnf remove, it prompted
me that it would also remove kernel-qubes-vm, and I stopped it. So I
tried to set the package as manually installed somehow, hoping that it
would not be automatically removed, but since I'm not that expert with
dnf it may just have said "gee hee, that's already installed you dumb",
so I opted for the obvious way: removing both (whonix and kernel-qubes)
and reinstalling only the latter. I don't know why I later tried to use
qubes-dom0-update on the very same package.

I restored a dom0 backup shortly after, and I usually remove the
directory with contents that were in the user home before restore, so I
can't check now what was in the bash_history of the user (e.g. some
sudo-command), but I'm pretty confident that there would be nothing
related to this specific issue.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a080eca-bc32-6b81-1db8-6ddaed660698%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Description: OpenPGP digital signature

Removing template rpms removes kernel-qubes-vm (was: Re: [qubes-users] Qubes R3.2 Rc1 feedback)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jun 22, 2016 at 10:32:47AM +0200, Alex wrote:
> In the meantime, I removed the RPM templates (that
> were installed even if unselected during setup!), reinstalled
> kernel-qubes-vm that was automatically uninstalled when removing the
> last template RPM but I think it's needed, and restored the backup.

Did you used dnf or yum to remove template rpms?
I can't reproduce the problem... But it may be related to dnf feature
enabled with clean_requirements_on_remove option, which is something
like automatic `apt-get autoremove`.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdj5rAAoJENuP0xzK19csjXUH/An3fXXqAK8kgBfQ/UtzyezW
SK+zQ90GXrSAixumqmNwfYYONRq+g3Oz7RAaOrtHwdWMlPqRxudYRcy+B7vlNtgj
aF9J2nobYXLyFM/f2J+6JkJHWIckvmEu/eb2yLKOQm1cd6JoiqK1/XoJNirNcn3G
GqUzEfk+gokHv1Fqjix3pF3r1L9gtylRGyJqukUVNGMdZKLdAwl6LjHV58YwKoKm
qnjFl155JHd01LN9SOfNOoJL14V8tLfDu7/QdIdG8ztGJSQS5R9IZ/83kZ+7Cb/E
/WmABpF2pEC/xj2EADXYG+/uIWLh95NskgTtki3EVpe2miePbLo8h647DGN2Up8=
=vvBI
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701095658.GD1552%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to install 3.2-rc1 on Thinkpad T450s

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Jun 27, 2016 at 09:05:03AM +, 41zxmg+5qvzr7o3u2us via qubes-users 
wrote:
> Ping...
> 
> Anyone knows how to pass these parameters (mapbs=1 & noexitboot=1) onto the 
> kernel on boot time? Changing the xen.cfg simply does not work.

Those parameters should be passed to xen efi loader itself, not kernel.
Documentation at https://www.qubes-os.org/doc/uefi-troubleshooting/ have
been clarified.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdjywAAoJENuP0xzK19csEY0H/0fiXWCUJBl9x1pvpHle+Kai
gxHRx782LRhZHetG38CYvvMqryz1py5C3zzMIi7yTSv/EZAbA07e4l3KfDqMSVYQ
zjI9OS6j1CZbCnDI7jydkODrRmwl04G8zSg9oUHdnM195ld8pvv4SBvGdeqRhB1j
FCzfZEHzeI24EsMbKueR3wdrJPY0QoiOJPwpKYe11qGTo+rts/uKN2sR2HbV6nzS
IF4mFL9XTFTKDvPrBq23FHOk7fremGvUJanMEDxqiu/qsrX/8URnJYMy2X8oTR9y
WuEVVpSHdPIbmTUBua90XwyveOK8qqKgLkPYRetTFQ5y5w0G7HZ/EpVRr4aWM3g=
=P9bR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701094934.GC1552%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Networking

With this. Why is it so hard to have it as a gigabit functionality between 
guests?
Why is it so hard to just have the e1000 put in as well as the drivers?
Generic virtualisation in linux, virtualisation with virtualbox or vmware in 
linux or windows will always be able to work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59a41716-5347-49a7-a61e-0180a3d997f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once

Perhaps this is something that can be added in when the manager is fixed and 
the issues with the memory leak and functionality and many other bugs are 
resolved?

This would be a good addition. As it is something that I believe many people 
would benefit from.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/989d4742-f8f5-40bd-9f0c-69d8bc346958%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 10:26:01AM +0200, Alex wrote:
> On 07/01/2016 10:22 AM, Marek Marczykowski-Górecki wrote:
> > On Fri, Jul 01, 2016 at 10:15:59AM +0200, Alex wrote:
> >> On 07/01/2016 10:13 AM, Marek Marczykowski-Górecki wrote:
> >>> On Fri, Jul 01, 2016 at 10:07:48AM +0200, Alex wrote:
>  which, as far as I can tell, is not meaningful - that file is created by
>  qubesutils.py in usb_attach() if it does not exist, and then deleted
>  afterwards. 
> >>>
> >>> No. This isn't the same file:
> >>> /etc/qubes-rpc/qubes.USB+1-4
> >>> vs
> >>> /etc/qubes-rpc/policy/qubes.USB+1-4
> >> My bad, so I have been mistaken. Is it necessary for that file to exist?
> >> Should I ignore it?
> > 
> > /etc/qubes-rpc/qubes.USB is part of qubes-usb-proxy package, which isn't
> > available for dom0. Theoretically it could be adjusted to work also in
> > dom0, but in general we want to get rid as many as possible devices out
> > of dom0.
> That makes sense, thank you for your explanation.
> 
> Do you think it would be sensible to add a single-phrase warning to
> https://www.qubes-os.org/doc/usb/ like "Please note that you cannot pass
> through devices from dom0"?

Yes, added, thanks :)

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdiq1AAoJENuP0xzK19csexgH/R4PmW6+KB/uVnD1Tl3P7DBf
czBkhy8C4PO4T5fDUil2G8b4wdXysKigdq5AkSyMMxcnnj03MNlcmBvb4RNbHvCU
hD0dPbplP7vQfw1MHesZqpCAtC4Ix82ASnQnARMyiSuXT7MyxerAb5J4qGVUKWTh
Ni0PWgW0AzOcE44EABm9lgDaV0XtGzPoqjWLUTHvX+JXxqtQsBEhoudSmLIb+jIN
c5mJfOP0nzGrvmDKOZMP8W7qSMCPryfa8Mx1dLDcSkhOki608Pf6n5b1eF0bBIno
b0e8F+RixOlnGBjxjdX8GC7FfeeBlTlOjeb/SNaQXL50B5IcckElXvd0r02yGu8=
=E1fO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701083252.GY1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

On 07/01/2016 10:22 AM, Marek Marczykowski-Górecki wrote:
> On Fri, Jul 01, 2016 at 10:15:59AM +0200, Alex wrote:
>> On 07/01/2016 10:13 AM, Marek Marczykowski-Górecki wrote:
>>> On Fri, Jul 01, 2016 at 10:07:48AM +0200, Alex wrote:
 which, as far as I can tell, is not meaningful - that file is created by
 qubesutils.py in usb_attach() if it does not exist, and then deleted
 afterwards. 
>>>
>>> No. This isn't the same file:
>>> /etc/qubes-rpc/qubes.USB+1-4
>>> vs
>>> /etc/qubes-rpc/policy/qubes.USB+1-4
>> My bad, so I have been mistaken. Is it necessary for that file to exist?
>> Should I ignore it?
> 
> /etc/qubes-rpc/qubes.USB is part of qubes-usb-proxy package, which isn't
> available for dom0. Theoretically it could be adjusted to work also in
> dom0, but in general we want to get rid as many as possible devices out
> of dom0.
That makes sense, thank you for your explanation.

Do you think it would be sensible to add a single-phrase warning to
https://www.qubes-os.org/doc/usb/ like "Please note that you cannot pass
through devices from dom0"?

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/805653e8-0fb0-7da6-689c-7e8a45adb829%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 10:15:59AM +0200, Alex wrote:
> On 07/01/2016 10:13 AM, Marek Marczykowski-Górecki wrote:
> > On Fri, Jul 01, 2016 at 10:07:48AM +0200, Alex wrote:
> >> which, as far as I can tell, is not meaningful - that file is created by
> >> qubesutils.py in usb_attach() if it does not exist, and then deleted
> >> afterwards. 
> > 
> > No. This isn't the same file:
> > /etc/qubes-rpc/qubes.USB+1-4
> > vs
> > /etc/qubes-rpc/policy/qubes.USB+1-4
> My bad, so I have been mistaken. Is it necessary for that file to exist?
> Should I ignore it?

/etc/qubes-rpc/qubes.USB is part of qubes-usb-proxy package, which isn't
available for dom0. Theoretically it could be adjusted to work also in
dom0, but in general we want to get rid as many as possible devices out
of dom0.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdig6AAoJENuP0xzK19cs7g8H/1uTDqtqCULAdo9ZlG/dIZf9
SMjWQhwQ2ViGNyzlAJxsHUmtGf03TYR9tNwiXymR5Fb7c4C0o+cqBh7Z6WfQW0E6
/dcNw0fL5wncyuKUsG7npYtQ+umrRWiwsR8w1G+lRorZlT3bUd11kgYfrbSeGjSn
1DPH41v7BmrKMr5zxvw7PPVsUM2r0gp1T5XR5sz+of4VrLv+3ZgK2utHUacQibl/
nAFz2TV7IHwl1F8cUya6bG5A2STsd30LdT4nw2N/p1jSI7kjeyEtEBcU0lXhkmpv
HYFRlRUCR/q3IgsPCBfZBjmrscsACe/vtnzhwOutRaodc9YhQemFARg6fDMAhIM=
=763v
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701082217.GX1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [3.2rc1] Bug: Windows disappear, VMs go from green to yellow

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 30, 2016 at 08:18:31PM -0700, Drew White wrote:
> 
> 
> On Friday, 1 July 2016 11:56:48 UTC+10, Marek Marczykowski-Górecki wrote:
> >
> >
> > Already fixed in testing repo. 
> > https://github.com/QubesOS/qubes-issues/issues/2085 
> >
> >
> What in the testing repo cures the issue?

qubes-gui-dom0 package.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdieTAAoJENuP0xzK19cszdAH/3ie/N6bNeInkHR6iniiAz1r
BP88Brga+0YxeStkWXB0zcLqXiuJPcTFVHyyL9l+DOuqD2gqWCemPnx9Et/xmFwr
Yw3/oqboiXuzRrkmMDlWE/EeR6dDd2cQMSSHx1sE9Aol+sNklKXRF0ozVlq56vrv
Qpct3QX0LEZk0LeVNHa8zbdrRZaxX22hoH5Dm8DJK1BP6vegeyBKT6jjaEI64XUf
D5ta6etCa2PJpr17sNPe5tmdaUM4LQ5Ohcx5a8mOaWGlii8rycdeIv1+wJs/C9GV
jlM/3yMfG8EgBN38Er+BbHeXgV2LPSg8CGZuG3AwBMWOkppzRXx3sbuT7q5OuGk=
=xwsW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701081929.GW1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

On 07/01/2016 10:13 AM, Marek Marczykowski-Górecki wrote:
> On Fri, Jul 01, 2016 at 10:07:48AM +0200, Alex wrote:
>> which, as far as I can tell, is not meaningful - that file is created by
>> qubesutils.py in usb_attach() if it does not exist, and then deleted
>> afterwards. 
> 
> No. This isn't the same file:
> /etc/qubes-rpc/qubes.USB+1-4
> vs
> /etc/qubes-rpc/policy/qubes.USB+1-4
My bad, so I have been mistaken. Is it necessary for that file to exist?
Should I ignore it?

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2423038-4c65-0f23-7cb6-c9731721fd22%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 10:07:48AM +0200, Alex wrote:
> On 07/01/2016 09:56 AM, Marek Marczykowski-Górecki wrote:
> > Are you sure you have qubes-usb-proxy package available in both
> > source and target VM? If so, take a look at logs in both VMs (`sudo
> > journalctl`) for more details.
> Mmm so should I have qubes-usb-proxy in dom0? It doesn't seem to be a
> package available to install... Do I need to have the USB controller in
> a usbVM to use passthrough?

Yes, it is required to have USB VM to use this feature. Which is good
idea anyway.

> In the journal of dom0, when an attempt fails, I find this entry:
> dom0 qubes.USB+1-4-work[14779]: /bin/sh: /etc/qubes-rpc/qubes.USB: No
> such file or directory
> 
> which, as far as I can tell, is not meaningful - that file is created by
> qubesutils.py in usb_attach() if it does not exist, and then deleted
> afterwards. 

No. This isn't the same file:
/etc/qubes-rpc/qubes.USB+1-4
vs
/etc/qubes-rpc/policy/qubes.USB+1-4

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdiY0AAoJENuP0xzK19csVNMH/ipqmKYMoUbvoBWf4Jbp97a8
wM6OZK2DE1NVRqMpzRGWJY+JmVoiV7y5VgqsRhEDjjgJsgg/1CCifR7rTLb0waC3
E0zzsq1cygtpdgevgVu6af525r3LJWNshijsMwuZyi0+w81hO2Izoh4B1FDL/K6x
pWVIYGGU+AWYxcsD1q5QQ6o+fhZY4GfCcGsYZdx1kskmyRY+rL9ibX4NVNj4HPfA
EOo61U7kLfI39x0vLUjUSwJvs3XCyezamr9vkb6l7EqVgxOdx3gNNgymGaz41Nta
USeg5aF5cRYaYVSsaFqko+xMl29RL5wYvw14upz1UuhTE6PYZLInqbeuk0P2ZB8=
=yzCC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701081338.GU1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

On 07/01/2016 09:56 AM, Marek Marczykowski-Górecki wrote:
> Are you sure you have qubes-usb-proxy package available in both
> source and target VM? If so, take a look at logs in both VMs (`sudo
> journalctl`) for more details.
Mmm so should I have qubes-usb-proxy in dom0? It doesn't seem to be a
package available to install... Do I need to have the USB controller in
a usbVM to use passthrough?

In the journal of dom0, when an attempt fails, I find this entry:
dom0 qubes.USB+1-4-work[14779]: /bin/sh: /etc/qubes-rpc/qubes.USB: No
such file or directory

which, as far as I can tell, is not meaningful - that file is created by
qubesutils.py in usb_attach() if it does not exist, and then deleted
afterwards. If I create it manually with the same contents it expects,
the file is not deleted and this line does not appear, so I don't think
this means much.

> On my system it looks like phone simulate disconnect + connect each
> time the driver is unbound from it (which is needed also during USB 
> passthrough...). It looks like this:
> 
> [root@sys-usb devices]# ls -l /sys/bus/usb/devices/3-1.2/driver 
> lrwxrwxrwx 1 root root 0 Jul  1 09:48
> /sys/bus/usb/devices/3-1.2/driver ->
> ../../../../../../../bus/usb/drivers/usb [root@sys-usb devices]# echo
> 3-1.2 > /sys/bus/usb/drivers/usb/unbind
> 
> Jul 01 09:50:23 sys-usb kernel: usb 3-1.2: USB disconnect, device
> number 11 Jul 01 09:50:23 sys-usb kernel: usb 3-1.2: new high-speed
> USB device number 12 using ehci-pci (...)
> 
> Unfortunately, this makes it incompatible with USB passthrough.
> Maybe there is a way to prevent such behaviour? Or prevent attaching
> "usb" driver initially, so it will not be necessary to unbind it?
I will try anyway, but if you confirm to me that an usbVM is absolutely
necessary for passthrough (i.e.: it does not work from dom0 because
there's no qubes-usb-proxy) I'll first go buy a PCI-USB adapter.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5bea6e10-b270-b0ee-bdd3-14d505c83b68%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] [3.2rc1] USB Passthrough debugging

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Jul 01, 2016 at 09:27:47AM +0200, Alex wrote:
> Hello everybody,
> I'm testing the new USB passthrough functions in Qubes 3.2 rc1, namely
> I'm trying to pass a whole Android smartphone to an AppVM (a cube? :).
> 
> I can see it in dom0 with qvm-usb, and I tried to pass it with a naïve
> command line like:
> $ qvm-usb -a work dom0:1-4
> 
> Problem is, the operation fails (ERROR: Device attach failed). Adding a
> couple lines in qubesutils.py tells me that the call to
> vm.run_service('qubes.USBAttach') on line 621 fails with error code 1.
> 
> Should I expect the USB passthrough of an Android smartphone to work? If
> this is the case, how can I further debug this failure?

Are you sure you have qubes-usb-proxy package available in both source
and target VM?
If so, take a look at logs in both VMs (`sudo journalctl`) for more
details.

On my system it looks like phone simulate disconnect + connect each time
the driver is unbound from it (which is needed also during USB
passthrough...). 
It looks like this:

[root@sys-usb devices]# ls -l /sys/bus/usb/devices/3-1.2/driver
lrwxrwxrwx 1 root root 0 Jul  1 09:48 /sys/bus/usb/devices/3-1.2/driver
-> ../../../../../../../bus/usb/drivers/usb
[root@sys-usb devices]# echo 3-1.2 > /sys/bus/usb/drivers/usb/unbind 

Jul 01 09:50:23 sys-usb kernel: usb 3-1.2: USB disconnect, device number
11
Jul 01 09:50:23 sys-usb kernel: usb 3-1.2: new high-speed USB device
number 12 using ehci-pci
(...)

Unfortunately, this makes it incompatible with USB passthrough. Maybe
there is a way to prevent such behaviour? Or prevent attaching "usb"
driver initially, so it will not be necessary to unbind it?

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdiJHAAoJENuP0xzK19cs74QH/0KEs8qRhiianmqz7N8eWBF3
MMmOjiYLX5PiLk/414q0h8S9oT17eTxW4g8CWr8IsUWguTpvHswRvLkICRkHbs0R
ClkCGZFhPgzth622R9ZUQ35UckIyaVSOnWSww/QMJ3RtzZKXcM5caUeFlOMu31EZ
6W4gzy7E+5XTdEHKwT+HOu8mjoBSzx975BwJdY9gp18E1VYfD2jdWS+If9cZl1Z5
JhMzaOlsCSQ7Lc9mPs1dTbyjoXH/Cz9CHsqeBBresdxx8/qUwKyZQcMBnVtn6nzc
Sw/nc6c02NgqMrQ+X4f7SWgKX/jnPNKBLU9Z/C+oucmFYXGxChpD4yHfihKGa/U=
=7GL6
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160701075654.GT1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [3.2rc1] USB Passthrough debugging

Hello everybody,
I'm testing the new USB passthrough functions in Qubes 3.2 rc1, namely
I'm trying to pass a whole Android smartphone to an AppVM (a cube? :).

I can see it in dom0 with qvm-usb, and I tried to pass it with a naïve
command line like:
$ qvm-usb -a work dom0:1-4

Problem is, the operation fails (ERROR: Device attach failed). Adding a
couple lines in qubesutils.py tells me that the call to
vm.run_service('qubes.USBAttach') on line 621 fails with error code 1.

Should I expect the USB passthrough of an Android smartphone to work? If
this is the case, how can I further debug this failure?

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f03530d-239a-43ec-8c2f-29a265d6ffc0%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once