[qubes-users] Re: A problem with update

[admixior]

Apart from the dom0 update, there is a something nasty in quebes-os debian 
jessie repository (debian-8, whonix-ws and gw):

W: Failed to fetch 
http://deb.qubes-os.org/r3.1/vm/dists/jessie/main/binary-amd64/Packages  Hash 
Sum mismatch

Can anyone confirm the issue, or is it only on my computer.

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b7a0b2b-589c-405e-a1eb-76b0e3418747%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: A problem with update

[donoban]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


On 28/07/16 09:42, admix...@gmail.com wrote:
> Apart from the dom0 update, there is a something nasty in quebes-os
> debian jessie repository (debian-8, whonix-ws and gw):
> 
> W: Failed to fetch
> http://deb.qubes-os.org/r3.1/vm/dists/jessie/main/binary-amd64/Package
s
> Hash Sum mismatch
> 
> Can anyone confirm the issue, or is it only on my computer.
> 
> Regards
> 

Same problem here.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXmbfuAAoJEBQTENjj7Qily34P/jgHHBl5be2dE/WBeS5j0aV4
2uH5qlW/ZnYdl76yZch7+YVzyDTsoY7MfAlWpDOp2Fr/2ABEl8fRLXf68+n37Y/8
LQCP1MliHsP53Gk7cR5xTzSNtsStBbJISRvn95bZuiEU0D9ifMB2JpjoqGskSwL/
4rBy5TL107V6YRL7b5swOOnh8zSmbUSkeQFVXBuAfOcT84uF1xnJxoE9b/qj7rRn
6rpEmHuxSNTY2p9DJsb1ooUav6rLr/KG3dfOmSshCjROIk4tGeIMyG8YyAfRnd01
DtDcqtlYQT9coYiP3rOj8M0P7a+KPEFPHoHut4gMra1Jrvcxr1D1F58FUPEwU4KW
BfeqDqukL3HQi7OmhjOoY+eRpS3akcVieXAKtgGnYDPsWR+u2fkIEO3AE1lP1o6C
CQ+I634DIvUsvyM14ENJuGOcCQOK0XOLk+BM8AFFhHZoUMwWsSEkZRxU5XI6hgEa
7v9dxsHZIQxAXDwrAL0rOU5JDC1MV0Reu5m2005sdNDTwBUjP1uATKsKynrpR+XT
S1IX3/spE9aMvrYA+3TMAeFfJpGUcUHimXICZUAIF84mlv+Ib72r+X8Kg1fhRIDI
CT6Vcss6kGV4qdNZ9OldHyf7Hevxh63s0NP8B4YJBdPTiUj+PfPSzDzqyXFuD5hd
MAi5DFdcpR4+6mtvPyAK
=/OsC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c3ae8c3-1967-8c4b-a636-4528a95c190f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to find a notebook with VT-d (IOMMU) support

[ab0f1985]

On Tuesday, 20 August 2013 21:12:12 UTC+3, Eric Shelton  wrote:
> VT-d, which provides IOMMU services, is a very important feature for 
> realizing the security promises of Qubes OS.  Without it, although the CPU 
> isolates VMs, their memory lies open to relatively easy DMA-based attacks, 
> with network devices and GPUs being some of the more well-known pieces of 
> hardware for executing such attacks.
> 
> 
> 
> Finding a system - especially a notebook system - that supports VT-d is a 
> serious challenge.  Unfortunately, a great majority of laptop/notebook 
> systems do not even have the hardware necessary to use VT-d, and the presence 
> or absence of this feature is not well documented by vendors.  Although the 
> Hardware Compatability List (https://wiki.qubes-os.org/trac/wiki/HCL) is a 
> helpful resource, it only lists a handful of models, many of which have been 
> discontinued.  It is helpful to have a more systematic way of identifying 
> systems that at least have the necessary hardware to support VT-d (BIOS 
> support, discussed below, presents a secondary issue). 
> 
> 
> 
> 
> What to look for:
> 
> 
> For Ivy Bridge, BOTH the CPU and chipset must support VT-d, which compounds 
> the problem of finding a VT-d capable system.  The most common issue is that 
> although the CPU will support VT-d, the chipset does not.  However, there are 
> systems where not even the CPU has the needed support (such as all of the 
> mobile i3 models?).
> 
> 
> 
> To save you some hassle: only 2 (out of 7!) Ivy Bridge chipsets will work: 
> QM77 and QS77.  Unfortunately, most systems use the HM7x chipsets...
> 
> 
> For Haswell, the issue is simpler, because the CPU and chipset are in a 
> single package, which eliminates mixing & matching.  Nevertheless, only some 
> Haswell chips have VT-d support, with most Haswell laptops/notebooks I have 
> seen listed not having VT-d.
> 
> 
> On Sandy Bridge, there is VT-d support to be found, although probably with 
> the same chipset issues as Ivy Bridge.
> 
> 
> 
> 
> Where to look:
> 
> 
> I have found the following two websites very helpful in identifying notebooks 
> with supporting hardware:
> 
> 
> 1) CPU and chipset specifications available at http://ark.intel.com/ (for 
> example, 
> http://ark.intel.com/products/75033/Intel-Core-i5-4350U-Processor-3M-Cache-up-to-2_90-GHz
>  for the Haswell i5-4350U)
> 
> 
> Typically, I just drop the CPU or chipset identifier into Google, and the 
> corresponding ark.intel.com page will show up towards the top of the results.
> 
> 
> For VT-d, the feature you are looking for is labeled "Intel® Virtualization 
> Technology for Directed I/O (VT-d)", and you want the table to say "Yes" for 
> this item.
> 
> 
> Examples:
> i5-4350U 
> (http://ark.intel.com/products/75033/Intel-Core-i5-4350U-Processor-3M-Cache-up-to-2_90-GHz):
>  Yes
> i5-3230M 
> (http://ark.intel.com/products/72056/Intel-Core-i5-3230M-Processor-3M-Cache-up-to-3_20-GHz-BGA):
>  No
> HM77 (http://ark.intel.com/products/64339/Intel-BD82HM77-PCH): No
> 
> 
> 2) Chipset- and CPU-specific pages at http://www.notebookcheck.com/
> 
> 
> The Intel pages are the authoritative reference for what CPUs and chipsets 
> support VT-d, but how do you determine (a) what CPU+chipset is in a given 
> notebook model, or (b) what notebook models make use of given CPUs+chipsets?  
> With Ivy Bridge, vendors will almost never indicate the chipset model.  For 
> one system, I ended up starting from chip markings shown in an iFixIt 
> teardown, and web searching back from that to determine the chipset model.
> 
> 
> Luckily, there is at least one website providing a better way to go about 
> this: http://www.notebookcheck.com/, which has taken the time & effort to 
> document which CPUs & chipsets are present in various models.
> 
> 
> For Ivy Bridge chipsets, 
> http://www.notebookcheck.com/Intel-Ivy-Bridge-Chipsaetze-7-Series-Chipsets.88194.0.html
>  gives links to pages for each chipset, such as QM77 and HM77.  Then, on each 
> chipset-specific page is a list of notebooks identified as using that 
> chipset.  As I mentioned above, the chipset is usually the weak link, so 
> working back from the supporting chipsets, and then confirming there is also 
> a supporting CPU, seems the way to go.
> 
> 
> Here are links to the only two supporting chipsets I mentioned above:
> QM77: http://www.notebookcheck.com/Intel-QM77-Express-Chipset.88218.0.html
> QS77: http://www.notebookcheck.com/Intel-QS77-Express-Chipset.88220.0.html
> 
> 
> The page provided for Haswell, 
> http://www.notebookcheck.com/Intel-Dual-Core-Ableger-der-Haswell-Generation-vorgestellt.93523.0.html,
>  is extremely helpful, because the tables on that page directly indicate 
> which models support various Intel technologies, including VT-d.
> 
> 
> As can be seen on the charts, only the least expensive models in each lineup 
> lack VT-d support.  Unfortunately, those are also the models I have most 
> frequently seen included 

[qubes-users] Can't seem to get my wireless working. Any help would be appreciated!

[randallrbaker]

I cant get my bcm4360 drivers to install properly and when I paste the code 
into sys-net terminal I get this error. please help me out thanks!


 [user@sys-net ~]$ wget http://git.io/vuLC7 -v -O 
fedora23_broadcom_wl_install.sh && sh ./fedora23_broadcom_wl_install.sh; 
URL transformed to HTTPS due to an HSTS policy 
--2016-04-16 17:47:47--  https://git.io/vuLC7 
Resolving git.io (git.io)... 23.23.173.104, 23.23.111.66, 54.243.161.116 
Connecting to git.io (git.io)|23.23.173.104|:443... connected. 
HTTP request sent, awaiting response... 302 Found 
Location: 
https://gist.githubusercontent.com/onpubcom/7f41dc9cbe90556b2113/raw/a69939c941319741744bea28dadf273f118d67a2/fedora23_broadcom_wl_install.sh
 [following] 
--2016-04-16 17:47:47--  
https://gist.githubusercontent.com/onpubcom/7f41dc9cbe90556b2113/raw/a69939c941319741744bea28dadf273f118d67a2/fedora23_broadcom_wl_install.sh
 
Resolving gist.githubusercontent.com (gist.githubusercontent.com)... 
23.235.47.133 
Connecting to gist.githubusercontent.com 
(gist.githubusercontent.com)|23.235.47.133|:443... connected. 
HTTP request sent, awaiting response... 200 OK 
Length: 1058 (1.0K) [text/plain] 
Saving to: ‘fedora23_broadcom_wl_install.sh’ 

fedora23_broadcom_w 100%[===>]   1.03K  --.-KB/sin 0s   

2016-04-16 17:47:48 (74.5 MB/s) - ‘fedora23_broadcom_wl_install.sh’ saved 
[1058/1058] 

Last metadata expiration check: 0:59:15 ago on Sat Apr 16 16:48:35 2016. 
Package gcc-5.3.1-6.fc23.x86_64 is already installed, skipping. 
Package kernel-devel-1000:4.1.13-9.pvops.qubes.x86_64 is already installed, 
skipping. 
Dependencies resolved. 
Nothing to do. 
Sending application list and icons to dom0 
Complete! 
mkdir: cannot create directory ‘hybrid_wl_f23’: File exists 
--2016-04-16 17:47:53--  
http://www.broadcom.com/docs/linux_sta/hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz
 
Resolving www.broadcom.com (www.broadcom.com)... 209.132.249.240 
Connecting to www.broadcom.com (www.broadcom.com)|209.132.249.240|:80... 
connected. 
HTTP request sent, awaiting response... 200 OK 
Length: 2928541 (2.8M) [application/octet-stream] 
Saving to: ‘hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz.4’ 

hybrid-v35_64-nodeb 100%[===>]   2.79M   666KB/sin 4.3s 

2016-04-16 17:47:57 (668 KB/s) - 
‘hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz.4’ saved [2928541/2928541] 

Makefile 
lib/ 
lib/wlc_hybrid.o_shipped 
lib/LICENSE.txt 
src/ 
src/include/ 
src/include/typedefs.h 
src/include/linuxver.h 
src/include/bcmutils.h 
src/include/siutils.h 
src/include/packed_section_start.h 
src/include/epivers.h 
src/include/linux_osl.h 
src/include/bcmendian.h 
src/include/packed_section_end.h 
src/include/pcicfg.h 
src/include/bcmdefs.h 
src/include/bcmcrypto/ 
src/include/bcmcrypto/tkhash.h 
src/include/wlioctl.h 
src/include/osl.h 
src/shared/ 
src/shared/bcmwifi/ 
src/shared/bcmwifi/include/ 
src/shared/bcmwifi/include/bcmwifi_channels.h 
src/shared/bcmwifi/include/bcmwifi_rates.h 
src/shared/linux_osl.c 
src/wl/ 
src/wl/sys/ 
src/wl/sys/wl_dbg.h 
src/wl/sys/wlc_key.h 
src/wl/sys/wl_linux.h 
src/wl/sys/wl_linux.c 
src/wl/sys/wlc_wowl.h 
src/wl/sys/wl_iw.c 
src/wl/sys/wlc_pub.h 
src/wl/sys/wl_iw.h 
src/wl/sys/wl_export.h 
src/wl/sys/wl_cfg80211_hybrid.h 
src/wl/sys/wlc_ethereal.h 
src/wl/sys/wl_cfg80211_hybrid.c 
src/wl/sys/wlc_utils.h 
src/wl/sys/wlc_types.h 
src/common/ 
src/common/include/ 
src/common/include/proto/ 
src/common/include/proto/bcmeth.h 
src/common/include/proto/ieee80211_radiotap.h 
src/common/include/proto/ethernet.h 
src/common/include/proto/802.1d.h 
src/common/include/proto/bcmip.h 
src/common/include/proto/bcmevent.h 
src/common/include/proto/802.11.h 
src/common/include/proto/wpa.h 
KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` clean 
make[1]: Entering directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
CFG80211 API is prefered for this kernel version 
/home/user/hybrid_wl_f23/Makefile:85: Neither CFG80211 nor Wireless Extension 
is enabled in kernel 
make[1]: Leaving directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` 
make[1]: Entering directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
CFG80211 API is prefered for this kernel version 
Using CFG80211 API 
  LD  /home/user/hybrid_wl_f23/built-in.o 
  CC [M]  /home/user/hybrid_wl_f23/src/shared/linux_osl.o 
  CC [M]  /home/user/hybrid_wl_f23/src/wl/sys/wl_linux.o 
  CC [M]  /home/user/hybrid_wl_f23/src/wl/sys/wl_iw.o 
  CC [M]  /home/user/hybrid_wl_f23/src/wl/sys/wl_cfg80211_hybrid.o 
  LD [M]  /home/user/hybrid_wl_f23/wl.o 
  Building modules, stage 2. 
CFG80211 API is prefered for this kernel version 
Using CFG80211 API 
  MODPOST 1 modules 
  CC  /home/user/hybrid_wl_f23/wl.mod.o 
  LD [M]  /home/user/hybrid_wl_f23/wl.ko 
make[1]: Leaving directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
install -D -m 755 wl.ko /lib/modules/`uname -r`/kernel/dri

[qubes-users] Can't seem to get my wireless working. Any help would be appreciated!

[randallrbaker]

I've even turned off secure boot, but it still gives me the WL error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5f23b2f-2e8e-4c53-ab19-5311d4bc26a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't seem to get my wireless working. Any help would be appreciated!

[randallrbaker]

I've even turned off secure boot, but it still gives me the WL error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a9715f5-ca09-4a22-93b2-a5ea1697428b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't seem to get my wireless working. Any help would be appreciated!

[randallrbaker]

I've even turned off secure boot, but it still gives me the WL error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ac6fb87-9006-477e-8ba2-e572c84eb623%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to find a notebook with VT-d (IOMMU) support

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-28 01:16, ab0f1...@opayq.com wrote:
> On Tuesday, 20 August 2013 21:12:12 UTC+3, Eric Shelton  wrote:
>> [...] AMD motherboard vendors made a big mess of things.  AMD did a great
>>  job pitching IOMMUs some time ago, hardware support is just a matter of 
>> the right chipset, and AMD provided BIOS vendors with the code for proper
>>  configuration.  However, most of the vendors still fail to enable the 
>> hardware correctly and/or have bad ACPI tables (which generally causes
>> Xen to disable the IOMMU).  I have not seen any instance where a vendor
>> has resolved such issues, even for simple and clearly identified ACPI
>> issues. This issue was prevalent enough to help give rise to Xen Security
>> Advisory 36.  If you still want to use AMD for IOMMU, you have been
>> warned...
> 
> I have an AMD CPU and won't be throwing it away to test and possibly adopt
>  Qubes. Are you trying to say I shouldn't even bother with Qubes since I
> have an AMD rig?
> 

I don't think that's what he's saying. I think he's just pointing out that it
can be very problematic. It's still worth trying if you have an AMD rig, since
your combination of hardware (CPU, motherboard, etc.) might be compatible.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXmcSoAAoJENtN07w5UDAwFvQQAJfplJ35awhu/q6ZQ9WrnqE4
S39MHl/ApxO9gshZwSbsHN+3k+IbYfKYJCNI5gW8PDVyCDXV7r/NW+HGLlC/q1GC
dN3+63l74HYzTu2H4sCHy7F8K1nLBDKkZIKiIF7Xvx5utMXHndKgmCznSyMhRb8p
Nj7EIU51DAa8OJilTLwi5B7X3k6ZX+Zbia92mpDXqwlTLi4q+kzvgTU6cVR1585B
fydDBb0ofas3d4RXlLzcsfnKgA/cew7UDbyoiJtAM1BAPONpc5T3+Ol/niZOdjME
1Um3AItmJYTyzrstMom8ScVJZULfHm3iodc5/4HYHt632reJKDJbj04dTfgmfor+
h6Gw1cvpYEUG5UC9qfPiCf4kCcTj7q1PNguvlWFT88mJxPe6Y0Y4UsGdeQPPDLey
7cebI+vHjvq+85de3DO04/2OtdYz2Dp8cOhxZZ1+uTrujqNY0PscEDbbKQxKiBYV
wgSF9rS9cktg7nf7ozy92wNU2/XcW2HpgJ7y230KkaNlKYtV2ukUNlctHpTUbEwx
pXSaDFaKREfIGSkhjE1/r2KyeGI2IJnkG7TzeY0ZpWY6H2cyMMOMlclI1/+iSptl
TeJSczuQnrAZqOR9Iwf34pyeghahRKa9x5cLgUfOKPhW+xKYYkuFeWYwMIINjPiX
w18jvmMMgfjIaCNCa8A+
=cDOm
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/988deaea-0af1-6a05-a969-3ffb8c2a05d4%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A problem with update

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-27 22:31, admix...@gmail.com wrote:
> Hi, I'm trying to update qubes but there still show that there is no
> updates (for few moths). I thought that was true until I tried to download
> update for xen.
> 
> Some commands: http://pastebin.com/Q7nhfZnX Linux dom0
> 4.1.13-9.pvops.qubes.x86_64 #1 SMP Thu Feb 11 15:46:02 UTC 2016 x86_64
> x86_64 x86_64 GNU/Linux
> 
> Can somebody tell me whats going on?
> 
> Regards Adrian
> 

Which template is your sys-firewall based on?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXmcUyAAoJENtN07w5UDAwSH8QAM6+YPcubOYV6rhNN97xqQkT
p8pXhHxH2RD6OdPzlwqImynWgLfcvL+S6GTE8NeYznfDt78lSxDRRBnL7pli3Fcg
UayFUbJBP+uqSu7by1SqIRDCkGWuLv+kIgdpcbmWgypopfH8bwRSW5DIDxyQz4E1
dSMVa/I5l0ovbvGZGtn2TQiIUiN6joT3zmU02SCQusE2vTq208JDF90P7t28on38
0Q4Z7N3Owi53JwXF31VUp1aM8IxdeWQHdZtjzSCTiUbkL9yTWmL8aZedC4nazORg
xAhNngGtTVYbeHVfEaewmDsewyMXSeOxu1X4XvbVLYTOQzpU387BO7lJgVdcZd5R
vzB/z2iwyjyJqE5/QFmyoIRhaSsESw2QrAtf6v/dllz0q1U++ncOVc/yAbiXB+jW
JQ6GS5CJlfBvKuQd2G4mKoITsud3XAgMNXQ70m1CKlJ6QWW0kb9G+ciqVlcn98yt
wRMpVVk46LzyaXLB7ZwRUquOaHE5lnPIbgbf0T9bfISV35X0VweoF5tc8xNUm5+M
StW1E2gp3bbuncCprYXv+CcW49oZXKOkfEckm47ZuD4COhqA9TO8RajJ9GMN0jWo
Qq2DNjSJvQhoz3byBo2i24ZC/Fy6LD56J0hgEwW4OjIv9JsE0KxoXpx0uy0Rk2C2
YJ7xYTor0ogVHPTs1tYS
=hGaC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ca63be8-bab4-5a64-72b3-2eecf8ed5086%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to find a notebook with VT-d (IOMMU) support

[ab0f1985]

On Thursday, 28 July 2016 11:39:24 UTC+3, Andrew David Wong  wrote:
> I don't think that's what he's saying. I think he's just pointing out that it
> can be very problematic. It's still worth trying if you have an AMD rig, since
> your combination of hardware (CPU, motherboard, etc.) might be compatible.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org

Thanks for the quick reply! As a complete newb to this level of IT security, 
how can I tell if Qubes works properly or not? Or will it just fail to install 
and run properly? Also, I assume 8 GB of RAM won't allow me to run too many VMs 
in parallel.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12a6c7e2-745a-489a-9fc6-51ad68d7286f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can't seem to get my wireless working. Any help would be appreciated!

[Gorka Alonso]

El jueves, 28 de julio de 2016, 10:24:10 (UTC+2), randal...@gmail.com  escribió:
> I cant get my bcm4360 drivers to install properly and when I paste the code 
> into sys-net terminal I get this error. please help me out thanks!
> 
> 
>  [user@sys-net ~]$ wget http://git.io/vuLC7 -v -O 
> fedora23_broadcom_wl_install.sh && sh ./fedora23_broadcom_wl_install.sh; 
> URL transformed to HTTPS due to an HSTS policy 
> --2016-04-16 17:47:47--  https://git.io/vuLC7 
> Resolving git.io (git.io)... 23.23.173.104, 23.23.111.66, 54.243.161.116 
> Connecting to git.io (git.io)|23.23.173.104|:443... connected. 
> HTTP request sent, awaiting response... 302 Found 
> Location: 
> https://gist.githubusercontent.com/onpubcom/7f41dc9cbe90556b2113/raw/a69939c941319741744bea28dadf273f118d67a2/fedora23_broadcom_wl_install.sh
>  [following] 
> --2016-04-16 17:47:47--  
> https://gist.githubusercontent.com/onpubcom/7f41dc9cbe90556b2113/raw/a69939c941319741744bea28dadf273f118d67a2/fedora23_broadcom_wl_install.sh
>  
> Resolving gist.githubusercontent.com (gist.githubusercontent.com)... 
> 23.235.47.133 
> Connecting to gist.githubusercontent.com 
> (gist.githubusercontent.com)|23.235.47.133|:443... connected. 
> HTTP request sent, awaiting response... 200 OK 
> Length: 1058 (1.0K) [text/plain] 
> Saving to: ‘fedora23_broadcom_wl_install.sh’ 
> 
> fedora23_broadcom_w 100%[===>]   1.03K  --.-KB/sin 0s 
>   
> 
> 2016-04-16 17:47:48 (74.5 MB/s) - ‘fedora23_broadcom_wl_install.sh’ saved 
> [1058/1058] 
> 
> Last metadata expiration check: 0:59:15 ago on Sat Apr 16 16:48:35 2016. 
> Package gcc-5.3.1-6.fc23.x86_64 is already installed, skipping. 
> Package kernel-devel-1000:4.1.13-9.pvops.qubes.x86_64 is already installed, 
> skipping. 
> Dependencies resolved. 
> Nothing to do. 
> Sending application list and icons to dom0 
> Complete! 
> mkdir: cannot create directory ‘hybrid_wl_f23’: File exists 
> --2016-04-16 17:47:53--  
> http://www.broadcom.com/docs/linux_sta/hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz
>  
> Resolving www.broadcom.com (www.broadcom.com)... 209.132.249.240 
> Connecting to www.broadcom.com (www.broadcom.com)|209.132.249.240|:80... 
> connected. 
> HTTP request sent, awaiting response... 200 OK 
> Length: 2928541 (2.8M) [application/octet-stream] 
> Saving to: ‘hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz.4’ 
> 
> hybrid-v35_64-nodeb 100%[===>]   2.79M   666KB/sin 4.3s   
>   
> 
> 2016-04-16 17:47:57 (668 KB/s) - 
> ‘hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz.4’ saved [2928541/2928541] 
> 
> Makefile 
> lib/ 
> lib/wlc_hybrid.o_shipped 
> lib/LICENSE.txt 
> src/ 
> src/include/ 
> src/include/typedefs.h 
> src/include/linuxver.h 
> src/include/bcmutils.h 
> src/include/siutils.h 
> src/include/packed_section_start.h 
> src/include/epivers.h 
> src/include/linux_osl.h 
> src/include/bcmendian.h 
> src/include/packed_section_end.h 
> src/include/pcicfg.h 
> src/include/bcmdefs.h 
> src/include/bcmcrypto/ 
> src/include/bcmcrypto/tkhash.h 
> src/include/wlioctl.h 
> src/include/osl.h 
> src/shared/ 
> src/shared/bcmwifi/ 
> src/shared/bcmwifi/include/ 
> src/shared/bcmwifi/include/bcmwifi_channels.h 
> src/shared/bcmwifi/include/bcmwifi_rates.h 
> src/shared/linux_osl.c 
> src/wl/ 
> src/wl/sys/ 
> src/wl/sys/wl_dbg.h 
> src/wl/sys/wlc_key.h 
> src/wl/sys/wl_linux.h 
> src/wl/sys/wl_linux.c 
> src/wl/sys/wlc_wowl.h 
> src/wl/sys/wl_iw.c 
> src/wl/sys/wlc_pub.h 
> src/wl/sys/wl_iw.h 
> src/wl/sys/wl_export.h 
> src/wl/sys/wl_cfg80211_hybrid.h 
> src/wl/sys/wlc_ethereal.h 
> src/wl/sys/wl_cfg80211_hybrid.c 
> src/wl/sys/wlc_utils.h 
> src/wl/sys/wlc_types.h 
> src/common/ 
> src/common/include/ 
> src/common/include/proto/ 
> src/common/include/proto/bcmeth.h 
> src/common/include/proto/ieee80211_radiotap.h 
> src/common/include/proto/ethernet.h 
> src/common/include/proto/802.1d.h 
> src/common/include/proto/bcmip.h 
> src/common/include/proto/bcmevent.h 
> src/common/include/proto/802.11.h 
> src/common/include/proto/wpa.h 
> KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` clean 
> make[1]: Entering directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
> CFG80211 API is prefered for this kernel version 
> /home/user/hybrid_wl_f23/Makefile:85: Neither CFG80211 nor Wireless Extension 
> is enabled in kernel 
> make[1]: Leaving directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
> KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` 
> make[1]: Entering directory '/usr/src/kernels/4.1.13-9.pvops.qubes.x86_64' 
> CFG80211 API is prefered for this kernel version 
> Using CFG80211 API 
>   LD  /home/user/hybrid_wl_f23/built-in.o 
>   CC [M]  /home/user/hybrid_wl_f23/src/shared/linux_osl.o 
>   CC [M]  /home/user/hybrid_wl_f23/src/wl/sys/wl_linux.o 
>   CC [M]  /home/user/hybrid_wl_f23/src/wl/sys/wl_iw.o 
>   CC [M]  /home/user/hybrid_wl_f23/src/wl/sys/wl_cfg80211_hybrid.o 
>   LD [M]  /home/user/hybrid_wl_f23/wl.o 
>   Bu

Re: [qubes-users] A problem with update

[admixior]

My sys-firewall and sys-net is based on fedora-23.
sys-firewall's netVM is sys-net and sys-net is connect to the internet (there 
isn't any problem with internet on VM).

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/081cf09d-9d4e-42d2-99b9-9521c533de9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: A problem with update

[donoban]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 28/07/16 11:13, Marek Marczykowski-Górecki wrote:
> Should be ok now.
> 

Perfect, thanks Marek.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXmc/cAAoJEBQTENjj7Qil27EP/j2j0vZdIin0lw1KRQxQz5CO
h9QXaV0AIenwJts/L5f6LevH71uGZI0LlBclgJXGjq2jNluE5MBOWMCX5y1IUDyV
rylnlCNHhlZeshUzoLYJ94RlQ8uAAXnUaovtVzC1TsO4Lr7NTuv4sTIpY5fIN4ir
WyI+85NnKkfzupQ2HdgrH8yB5CzjMxeGvR7eggFrm36oN9VfGrT4XOAQAXydmKHS
iHpiOH/3gGJPCmtNZizR/k/y+uGVlZapmxQmH67YezjPKyLKlbQLZZOTJII5Hplf
mnqkppcbKXhkFfMf2iJBr5butdUc3PuWptvCJIoIyKKqqvjaNIB9bEYrscwELdVG
5IFupzYkq4T2WH0KyZU8rGQzhgzoo8sP5Ir0IoTO7iktTYYgdXM7a4hiQzDs7/CH
Jj5j/P2CKwebnlbVryhS4MVYJK6HWWwF+NQSV7k+y+XAtpyunXe2XfvtG02r2uPG
pgnfbHStWWIY742JR4FPcrimOB7lcUb38GlpW+BeeeqwA1g6WYuFXCysG5UtLHLc
VtijeHevNG4qiWlRpUoXhHDumzh3M4Nvr4VreGUHq2rD9dfgq04JLqTFKxqXzsXl
ER0ijUar3ilL9EFE4GzdiUF0qvuQ/hgK2rSKKSIyVRlwuJ//jBMYthBQMo7aGWz8
hJbwPFJG62EerSI4bgxF
=+2n5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/93f130f6-d32a-290e-8faf-72426e1252b7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to find a notebook with VT-d (IOMMU) support

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-28 01:43, ab0f1...@opayq.com wrote:
> On Thursday, 28 July 2016 11:39:24 UTC+3, Andrew David Wong  wrote:
>> I don't think that's what he's saying. I think he's just pointing out
>> that it can be very problematic. It's still worth trying if you have an
>> AMD rig, since your combination of hardware (CPU, motherboard, etc.)
>> might be compatible.
>> 
> 
> Thanks for the quick reply! As a complete newb to this level of IT
> security, how can I tell if Qubes works properly or not?

You can check basic hardware compatibility with the qubes-hcl-report command
after installing, as explained here:

https://www.qubes-os.org/doc/hcl/

> Or will it just fail to install and run properly?

It *may* fail to install and run properly, but it may install successfully even
if you do not have, e.g., IOMMU. If you're missing, e.g., IOMMU, then that
will be reported on the HCL report mentioned above. At that point, you can
read about any missing or unsupported features and decide whether you're
comfortable using Qubes without them.

> Also, I assume 8 GB of RAM won't allow me to run too many VMs in parallel.

8 GB should be fine to run a few VMs. It really depends on your personal usage
habits. Many people use Qubes with 8GB and are happy with it. Others need more.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXmdcPAAoJENtN07w5UDAw+XEQALO8No8/mkLMcd+8jBVTFbQ4
ePmj+8CHpM/465aeCbJXqjnf2DfhsKnkdOzAaVBOma86TuwumMmp+VlWzxSnUzIb
/tjZ6xB7HE2Er2DwOwtKVXhlXFY/MBY9BPneQb+Lmkx7HH5pYxJ0kEjktkB7iXcf
Ep9FFOo6Wd4xXX5CO7uKK95qD+kW54gc3JAj0CKBsMqxWXpw8jQgoL5/BmEFZLgT
AjZgAK6IKkXfygKZZxM2sXFwx0hUXPGnS1DSl73Dpn8yGxf1lO+edGclnDPex87Y
WxLQJyRGuOXa2RkrUXOqRArh4KQIS3DaDiJAweg7OqZtjAMawT5U+KKVvq+QHLHC
zxxOjvB2xxVl9JcQIzLJ5iDMrMS6nlSKv5iInk2Ji4yOiWZqhDJZSQhuMY34GgjD
UMJcC7XKMFyE2WW+2s/2AtMgD+bsU5l5luHqTZwOfT5gliiDRTusWYEL/phmggve
YCRoe5UQ6WtjNZ+BSWIldZROF58zjCarAR1qiJDBKHcFsD7ImbDXRfM42vD5ke2g
+zxUnKiI/olBGdZRLgUUqH6m/1XnBDiBcpc5W65syAwn6FdmYIpPbTGzHeROY+Mk
XcHEAb2wDCnbGz83RvZoe6mh7JLXAz8sanqUVwm0h07EfAJ/NKpVKizCkYLp1jB4
w93zhBUumF53hlzaV0eX
=lDjT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0de5af61-f67e-8b11-b785-dd9f41463cb5%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to find a notebook with VT-d (IOMMU) support

[ab0f1985]

On Thursday, 28 July 2016 12:57:43 UTC+3, Andrew David Wong  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-07-28 01:43, ab0f1...@opayq.com wrote:
> > On Thursday, 28 July 2016 11:39:24 UTC+3, Andrew David Wong  wrote:
> >> I don't think that's what he's saying. I think he's just pointing out
> >> that it can be very problematic. It's still worth trying if you have an
> >> AMD rig, since your combination of hardware (CPU, motherboard, etc.)
> >> might be compatible.
> >> 
> > 
> > Thanks for the quick reply! As a complete newb to this level of IT
> > security, how can I tell if Qubes works properly or not?
> 
> You can check basic hardware compatibility with the qubes-hcl-report command
> after installing, as explained here:
> 
> https://www.qubes-os.org/doc/hcl/
> 
> > Or will it just fail to install and run properly?
> 
> It *may* fail to install and run properly, but it may install successfully 
> even
> if you do not have, e.g., IOMMU. If you're missing, e.g., IOMMU, then that
> will be reported on the HCL report mentioned above. At that point, you can
> read about any missing or unsupported features and decide whether you're
> comfortable using Qubes without them.
> 
> > Also, I assume 8 GB of RAM won't allow me to run too many VMs in parallel.
> 
> 8 GB should be fine to run a few VMs. It really depends on your personal usage
> habits. Many people use Qubes with 8GB and are happy with it. Others need 
> more.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXmdcPAAoJENtN07w5UDAw+XEQALO8No8/mkLMcd+8jBVTFbQ4
> ePmj+8CHpM/465aeCbJXqjnf2DfhsKnkdOzAaVBOma86TuwumMmp+VlWzxSnUzIb
> /tjZ6xB7HE2Er2DwOwtKVXhlXFY/MBY9BPneQb+Lmkx7HH5pYxJ0kEjktkB7iXcf
> Ep9FFOo6Wd4xXX5CO7uKK95qD+kW54gc3JAj0CKBsMqxWXpw8jQgoL5/BmEFZLgT
> AjZgAK6IKkXfygKZZxM2sXFwx0hUXPGnS1DSl73Dpn8yGxf1lO+edGclnDPex87Y
> WxLQJyRGuOXa2RkrUXOqRArh4KQIS3DaDiJAweg7OqZtjAMawT5U+KKVvq+QHLHC
> zxxOjvB2xxVl9JcQIzLJ5iDMrMS6nlSKv5iInk2Ji4yOiWZqhDJZSQhuMY34GgjD
> UMJcC7XKMFyE2WW+2s/2AtMgD+bsU5l5luHqTZwOfT5gliiDRTusWYEL/phmggve
> YCRoe5UQ6WtjNZ+BSWIldZROF58zjCarAR1qiJDBKHcFsD7ImbDXRfM42vD5ke2g
> +zxUnKiI/olBGdZRLgUUqH6m/1XnBDiBcpc5W65syAwn6FdmYIpPbTGzHeROY+Mk
> XcHEAb2wDCnbGz83RvZoe6mh7JLXAz8sanqUVwm0h07EfAJ/NKpVKizCkYLp1jB4
> w93zhBUumF53hlzaV0eX
> =lDjT
> -END PGP SIGNATURE-

Will definitely try it soon then! Thanks a lot for your time and patience :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/433f507e-083a-41ae-8b79-3a34ed1d19dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A problem with update

[admixior]

Ok, maybe, but...
I've got xen-4.6.0-13.fc20.x86_64 (rpm -qa | grep xen) instead of the new 
version mentioned in *-devel forum:
http://yum.qubes-os.org/r3.1/current/dom0/fc20/rpm/xen-4.6.1-20.fc20.x86_64.rpm

and qubes-dom0-update report always "No new updates available"
I've tried run with "--clean" and it still don't work.

Maybe I executed something by accident which has deleted/overwrote an important 
file?

Have you any idea? Or what should I check?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6846cd15-0614-4c7e-a3fe-7aec6c0acf9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to find a notebook with VT-d (IOMMU) support

[niels]

> On July 28, 2016 at 10:43 AM ab0f1...@opayq.com wrote:
> 
> On Thursday, 28 July 2016 11:39:24 UTC+3, Andrew David Wong wrote:
> 
> > I don't think that's what he's saying. I think he's just pointing out that 
> > it
> > can be very problematic. It's still worth trying if you have an AMD rig, 
> > since
> > your combination of hardware (CPU, motherboard, etc.) might be compatible.
> > 
> > *   --
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> 
> Thanks for the quick reply! As a complete newb to this level of IT security, 
> how can I tell if Qubes works properly or not? Or will it just fail to 
> install and run properly? Also, I assume 8 GB of RAM won't allow me to run 
> too many VMs in parallel.

I have 8GB of RAM and have 7 VMs permanently open (sys-net, sys-firewall, 
untrusted, mail, personal, vault, sync-vault) and use the RAM-eater Chrome. The 
only problem arises when I use a special USB-VM to get some devices working 
which doesn't assigns RAM dynamically but statically. Since that VM needs to 
run Chrome etc I gave it 4GB of RAM and then it's getting problematic for 
running too many of the other VMs.

Niels

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/836826890.9955.1469705161828%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A problem with update

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jul 27, 2016 at 10:31:10PM -0700, admix...@gmail.com wrote:
> Hi,
> I'm trying to update qubes but there still show that there is no updates (for 
> few moths).
> I thought that was true until I tried to download update for xen.
> 
> Some commands:
> http://pastebin.com/Q7nhfZnX
> Linux dom0 4.1.13-9.pvops.qubes.x86_64 #1 SMP Thu Feb 11 15:46:02 UTC 2016 
> x86_64 x86_64 x86_64 GNU/Linux
> 
> Can somebody tell me whats going on?

I think --debuglevel option is not supported - this is why you've got
that help message instead. Try `qubes-dom0-update --clean` to remove old
metadata first.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXmc9nAAoJENuP0xzK19csDp8H/AxRPuOImKt7Oih1iKwf0kJ+
c+qEiY/sguQbqQC8oOXUrulEHZ4aT+9d1sUdAcmUVjQNt7ewo3ksikejfLTQ8uA1
+C7Q63/7sAJUZU+/0x0DCxjC5FMtz+XNwvdAWC8jXU5NNFGjOzw0qkUZUTZhbg0g
injHV5nMVag+Hw4h4I2LOsRhqMVyk2fCeSRQPylB7YB6IfRwHiU/zXcuhq8Eziy/
DqaLztWediTjigsEsMHY+cX06osZdwM8WCxM96lnnQIFA87vSKfPYMV+V3JG9dHs
osVOZYQxopTPy6teulmAOl3yWduJFuXD/mIS8zGlLSUyvFlqH4pGD4APPVBCP9U=
=mxAU
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160728092454.GY32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: A problem with update

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jul 28, 2016 at 09:44:46AM +0200, donoban wrote:
> 
> On 28/07/16 09:42, admix...@gmail.com wrote:
> > Apart from the dom0 update, there is a something nasty in quebes-os
> > debian jessie repository (debian-8, whonix-ws and gw):
> > 
> > W: Failed to fetch
> > http://deb.qubes-os.org/r3.1/vm/dists/jessie/main/binary-amd64/Package
> s
> > Hash Sum mismatch
> > 
> > Can anyone confirm the issue, or is it only on my computer.
> > 
> > Regards
> > 
> 
> Same problem here.

Should be ok now.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXmcy5AAoJENuP0xzK19cs/p8IAJTBqcnhq+UIG50v7rXmzEfi
5s9MSAuO7tVpaMkS9r4rxORzxsUipONoQjufmjhdgzhVRAVMMcfH4MUXwINO4CWY
drc4CFBLhkbltgx29CcBtIxiOEvt5MtmKvW8dDmV35o6EsT1QLwQWGNMDAE+zWXK
UicN8HtAhBhw5TUmdvHnuNWiGW2Wi2Kq9QrQIVTqimjE+FdEOUjrubkDeGXpt8/d
48S9fEhLoEtK4anEQkTAmEVx79k/XHWbe3z7Q4RR2Ta+shPaDC/Wd/OZvKcpswDl
jVz3vSdEXWVg6aK3455QfU+kXXtc2vRsutx+LXNH00d2bMWbZUQESp2iCec3798=
=1Sxr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160728091328.GX32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 3.2 rc2 has been released!

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Details here:
https://www.qubes-os.org/news/2016/07/28/qubes-OS-3-2-rc2-has-been-released/

As usual, you can download new image from:
https://www.qubes-os.org/downloads/

Users of R3.2 rc1 can just install updates, no need for full reinstall.
For older releases check above page for upgrade instructions.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXmf5AAAoJENuP0xzK19csDmkH/03njjel549paROC+OdUEFUn
s7cz2MXSFuz+b2ck0uEom4wZGOMt2YVn/KbeirvFljMhNhr1U3A8NOYzOoe5TGM5
IXM7YuBsaHQiVJYB8mpjTkHRkOjqoYQ7AVryRJd9oL/Fuz8Ft21wzPOagqFxsFCZ
IX7wvI3bHAGPKJJn2OFImk3HEM2/hdOpVMDJtNpgooEKTi/x+M/O3zRN9S48W2fY
rogc7NeOUMi2qj9cOoEjWvmDR2BxTFs+HAQmWKDQ0gu4ksOtgG2YVWD1VRNqIRi9
B/9Zg0wlGa0Pi/5FNSh6gwLRNFVo2Y+x+htJX4nBPysFQE295IW2DCBqpigSjcE=
=rf1q
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160728124447.GB32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A problem with update

[admixior]

Okey,
I did step by step (I hope every needed line) in quebes-dom0-update  and on 
sys-firewall.

Finally I runned yum and... some packages are checked and sys-firewall lagged 
for a while. After all it looks like that:

http://pastebin.com/0SnJZh7M 

It seems like qubes-download-dom0-updates.sh doesn't supports yum crash.
But why it is always crashing? Any idea?

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73c800c9-242f-4521-959e-ca49a49d8637%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A problem with update

[admixior]

[Solved]

Yum crashed because there's no more RAM. Include sys-firewall in memory 
balancing solved this problem.

However "No updates available" is bit confusing.

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f2ab79bd-ebbd-42a8-b657-d956102b7ccd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 rc2 has been released!

[neilhardley]

Does this come with the newest Xen patch after the exploit yesterday?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cfde5a7-d5b7-4bc5-94d2-0e918881c7b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 3.2 rc2 has been released!

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-28 07:43, neilhard...@gmail.com wrote:
> Does this come with the newest Xen patch after the exploit yesterday?
> 

If you're referring to XSA 182 / QSB #24, then yes. As stated in the
announcement:

> All critical bugs we know of are fixed, including XSA 182, which was 
> recently announced in Qubes Security Bulletin #24.

And it links to QSB #24:

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXmhsHAAoJENtN07w5UDAwCEYP/AhwqHKQHj3k4dG0m3XejCpR
0b/oc9rR0toaJyYwZzlikHBqmtiGzOB5LaX+68Ca9PBs0FcZ3qyEkhd71H5Ekw69
OOvXdRImDCVhGKVHHhDwrnxuE4f1wncAShNW1iLrLgP4ma2NpSyQGxC9qfJL4reO
pl3kIp8qQqffSmSphPMhFJ1XtA5Dp3TGlttDz2Gs4hwrK5w3yCCrGPB/5NcUwQka
JXIXD4UYVbO1MB+JcZRlozNi/ITtYZlsKqCC3R76cH5Yw3Yh9X+3nx7Xy6P7/QoT
hwGv7CPASpdfww9c1XN24S1qkr4moHEbbaXZNqiKwf/b/SkHxtLARiFAl4lTj1Tk
K5B4zmnlEEXCcJPHTLvfGqZL3IcLmVsoPwCl3mog0E6N+cMZdiQHNlw0DY47lN43
iPoYB7pw6JcHLCLTFwNjZ1VJGGIKdgrOBqSco/vczKHFFvfUZGBW5CguSf6hKzZZ
H/+uggTp0F8DCWtjF8Ap2LwzK8SJaAmhsR7AnszdH5rH+tBnCGnHg7JL5k/JGAfo
v8dKfVz0Pb/+UkeQk28sVR5Qj/a7Spq5W9dgs1TVHECc9hqf3BCfKWzmQLE7EnE1
vle3pIEKWyGvx2qjSBWqpT4inn5rrUsDtBYoY0BoNNYjRALujxLiWqYA/y7fm9rf
qTfdXi/KnR7S/lALyWSd
=2hBZ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e37c9b7f-dd5e-2a42-44dd-c455dadc683b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Question on creating USB qube

[neilhardley]

I am installing QUBES 3.2 to a new laptop.

With the 1st option:

[X] "Create a USB qube holding all USB controllers (sys-usb) [experimental]"

There is then a 2nd option underneath:

[ ] "Use sys-net qube for both networking and USB devices"

Is it recommended to check the box for the 2nd option or not?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f839361d-effb-4543-8fd2-8598398c40c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora 23 template upgrade conflict

[45pqfc+92r6buy8fu550 via qubes-users]

Hello,

I'm no longer able to upgrade the fedora 23 template due to a non-existing 
package. Error is displayed below:


"Error: nothing provides xen-libs >= 2001:4.6.1-20 needed by 
qubes-db-3.2.1-1.fc23.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages)
Done. Press Enter to exit"






Sent using GuerrillaMail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33368111df6eadd0164e951c1c63c64b623%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 rc2 has been released!

[Chris Laprise]

On 07/28/2016 08:44 AM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Details here:
https://www.qubes-os.org/news/2016/07/28/qubes-OS-3-2-rc2-has-been-released/

As usual, you can download new image from:
https://www.qubes-os.org/downloads/

Users of R3.2 rc1 can just install updates, no need for full reinstall.
For older releases check above page for upgrade instructions.



Fedora 23 template shows a broken dependency for qubes-db:

Error: nothing provides xen-libs >= 2001:4.6.1-20

If manually add --allowerasing, it just tries to skip updating qubes-db.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc55183f-104a-aacf-69db-bdf2c3396812%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question on creating USB qube

[Desobediente]

What that option means is to not actually create a new "sys-usb" qube to
handle the USB controllers, but rather use the already existing "sys-net"
qube to handle the USB controllers.

Since the "sys-net" qube already handles networking, the option states
"both networking and USB devices".

Having a "sys-usb" qube on will probably consume a small amount of
additional RAM memory, and having "sys-net" handle more things will
probably open an hypothetical probability of something going wrong in an
hypothetical future.

Come to think about it, I have another question: how different would be to
use USB network cards in the three different scenarios (USB handled by
dom0, sys-net and sys-usb)?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAF0bz4R2USokm18Mir5AjyPYzasLPRCRq_EoAw_EG8WGoH3CkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question on creating USB qube

[neilhardley]

OK thanks for the explanation.

Let me follow up with another question.

Do I need to create a USB qube in order to take advantage of the VT-D/IOMMU 
protection for my internal WiFi chip... or is sys-net OK in that regard..?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dc5207a-ac2d-4360-935e-66f8ee07ae21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 rc2 has been released!

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jul 28, 2016 at 12:49:25PM -0400, Chris Laprise wrote:
> On 07/28/2016 08:44 AM, Marek Marczykowski-Górecki wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > Details here:
> > https://www.qubes-os.org/news/2016/07/28/qubes-OS-3-2-rc2-has-been-released/
> > 
> > As usual, you can download new image from:
> > https://www.qubes-os.org/downloads/
> > 
> > Users of R3.2 rc1 can just install updates, no need for full reinstall.
> > For older releases check above page for upgrade instructions.
> > 
> 
> Fedora 23 template shows a broken dependency for qubes-db:
> 
> Error: nothing provides xen-libs >= 2001:4.6.1-20
> 
> If manually add --allowerasing, it just tries to skip updating qubes-db.

That package was still in testing repository. Now should be better.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXmlWCAAoJENuP0xzK19csRxUH/1li8CAJNBz/SYYIew8yLwtT
pgiI2RepbHPEvOg4LcT1kmQCFkUpkoc9SGp5LRBB9dcXg4LmiPhAhrLTIsWclHbD
DAHdrxy+kH5ZBuDAETXv5AR0qIlrkUd9yieXbIXf0ynyaRK0rlLMNSf2s5pr/vYx
GyjAONbiLJLZk4wA98uETFoPNygqWTOiN6xPOiY0bdj5upQJhzH71Rq8iAjRZdzo
E11rfDaxx0HQREbLpufi44yztCnYaNK6J8+yXrhmRq40FQh0QgrCXX/VJ/h6RYC1
6/i4kfUKQbGsa9uNr+MaoNxGbeyLxRJjjRyoZa7+wFYqZr3op71gm7/ZqJ9A1Wc=
=go/X
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160728185705.GE32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to log all the websites accessed by a VM

[Franz]

On Wed, Jul 27, 2016 at 5:35 PM, R.B.  wrote:

> On 07/27/2016 12:25 AM, Franz wrote:
>
>>
>>
>> On Tue, Jul 26, 2016 at 11:38 AM, Steve Coleman
>> mailto:steve.cole...@jhuapl.edu>> wrote:
>>
>> Another hack to avoid having to manually type in the addresses is
>> done with the attached script. Its like Mareks solution, but does
>> the parsing on the dom0 side
>>
>>
>> I understand this means this script should be executed directly in dom0,
>> but isn't this a security problem?
>>
>
> Let's see... In this use case we have a "new" vm we want to give a filter.
> So, you fire up the vm and start the script from Dom0.
> Then you start your browser and visit the site you want it to work with.
> At first it will be dns requests originating from the browser and answers
> from you dns server.
> The risks here are malformed packets that could trip either tcpdump or
> python (in this case). To me, it is very unlikely this could result in an
> advanced persistent threat (APT) in Dom0.
> Nevertheless, running full streams back-and-forth through any program like
> tcpdump with a --pass-io to Dom0 can be considered a possible hazard.
>
> In short: As a way to test what you need to communicate with your bank,
> while only dns or icmp packets are considered - like in the tcpdump example
> of Marek, it should be OK.
>
> Use it with care.
>
>
I tried to do that, but on the way I was too frightened to do something
wrong, so stopped. But found an easier way:

Run Marek script
https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585
 into the applVM that tries to connect to the net, but cannot because the
firewall is manually set to "Deny network access except...". Then copy the
result into a file in the same applVM.

then from Dom0 terminal wrote:

qvm-run --pass-io appl-VM-name 'cat path to just-created-file'

This makes all the firewall setting to appear directly on Dom0 terminal. It
is enough to copy all of them and past them on the same terminal and it is
done.

This seems safer for one like me that does not know what he is doing.

The most surprising thing is that it works, the applVM can really connect
through the selected addresses.

Best
Fran


> Greetings,
>
> RB
>
>
>>
>> and the syntax is a little easier. It does the remote tcpdump
>> command in the vm and the results are returned through the pass-io
>> mechanism. With the -A option the script then generates the
>> qvm-firewall add commands to its stdout.
>>
>> Then, if you want to add that address to the firewall you simply
>> copy and paste the lines you want from that dom0 command terminal
>> window into another dom0 command window, and the address is added to
>> the firewall without any manual typing. If you want, you can add a
>> netmask (e.g. address/24) to an IP in the target window before
>> pressing enter.
>>
>> [user@dom0 ~]$ qvm-fwdenied -A 
>> qvm-firewall  -add
>> ec2-54-200-125-198.us-west-2.compute.amazonaws.com
>>  any
>> qvm-firewall  -add 104.244.43.140 any
>> qvm-firewall  -add 104.244.43.44 any
>> qvm-firewall  -add
>> ec2-54-148-80-75.us-west-2.compute.amazonaws.com
>>  any
>> qvm-firewall  -add
>> ec2-52-88-118-150.us-west-2.compute.amazonaws.com
>>  any
>> qvm-firewall  -add
>> ec2-52-25-189-162.us-west-2.compute.amazonaws.com
>>  any
>> ...
>>
>> Note that these appear in batches on the console because tcpdump is
>> in a mode where it exits after some number of captured packets have
>> been filtered, with the default set to 200 packets. By default it
>> will repeatedly restart tcpdump for another batch. The -C ### option
>> allows that default number of packets to be changed.
>>
>> It would be far better if the script was made to be multi-threaded
>> so the output of tcpdump could be read while another thread outputs
>> the commands and asks the user if each entry should be added or not.
>> I just have not had time to look into that yet. its obviously a work
>> in progress.
>>
>> Also it logs everything to /var/tmp/qvm-fwdenied.log if you need to
>> look at what happened in your last session.
>>
>>
>> On 07/25/2016 02:14 PM, Franz wrote:
>>
>>
>>
>> On Mon, Jul 25, 2016 at 2:51 PM, Marek Marczykowski-Górecki
>> > 
>> > >> wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> On Mon, Jul 25, 2016 at 02:46:55PM -0300, Franz wrote:
>> > On Mon, Jul 25, 2016 at 1:24 PM, Marek Marczykowski-Górecki
>> <
>> > marma.

Re: [qubes-users] How to log all the websites accessed by a VM

[Desobediente]

I'd like to add that I also use CIDR notation for the firewall rules, in
addition to the name rules, and it works in most cases.

Sometimes some services change their addresses, but the time consumed to
add new entries is not relevant.

I use the 'dig' tool to find out in which block they are. Some of them use
a whole /24 block. But most of time that's too many addresses, and would
lead to unblock totally unrelated stuff:

$ dig service.example.com

-- 
iuri.neocities.org

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAF0bz4Rf%3D%2BrHpMsGc5_%2BDODY9xnYAgj2GVGkNYP673uf4JG22w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Wireless PCI card that is compatible with cubes os

[randallrbaker]

I'm having the worst time trying to get my wireless drivers working and am 
wondering if there is a wireless card that works out of the box? With out the 
need to download any drivers as I'm using my phone as a hotspot to access the 
net.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2031ab5-8509-4f09-b653-ebff102f9ed6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question on creating USB qube

[R.B.]

On 07/28/2016 08:43 PM, neilhard...@gmail.com wrote:

OK thanks for the explanation.

Let me follow up with another question.

Do I need to create a USB qube in order to take advantage of the VT-D/IOMMU 
protection for my internal WiFi chip... or is sys-net OK in that regard..?



Hi Neil,

In my experience, USB network dongle (either wifi or copper), do not 
seem to work outside the the USB cube. I tried to assign the USB network 
adapter to sys-net, but it failed Since then, I installed 3.2rc1 
with the option of USB and networking in one qube.


You Could try it, but I think you'd need to prevent the network drivers 
from loading in the USB qube somehow.


Greetings,

RB

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/730d826e-bf5c-3e15-8117-b8f936240b5e%40reboli.nl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question on creating USB qube

[neilhardley]

Yeah, I'm not talking about WiFi USB dongles.

I'm simply talking about the INTERNAL WiFi.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4285d8b5-83b5-4acb-8c9c-84f64009769b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Will SLAT / EPT truly make QUBES 4.0 more secure..?

[neilhardley]

Based on 2 Xen exploits in just the last 1 year, QUBES 4.0 is moving over to 
using SLAT / EPT for memory isolation, and to using HVM/PVH rather than PV.

Certainly, in the last 2 Xen exploits, it has only affected PV and not HVM.

However, is it possible that using Intel's EPT is even riskier..?

Intel ME is said to be insecure by Joanna Rutkowska due to its insecure 
implementation, and not being able to look at the code, because it is 
closed-source.

Well, couldn't the same be said for Intel's EPT..? Surely this is closed-source 
too..? No..?

At least with Xen, we can actually see the code and fix the bugs, whereas 
surely with Intel we have no chance.

Or am I missing something here..?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb61e544-740e-4e7a-a837-898e507d2711%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Will SLAT / EPT truly make QUBES 4.0 more secure..?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jul 28, 2016 at 03:05:59PM -0700, neilhard...@gmail.com wrote:
> Based on 2 Xen exploits in just the last 1 year, QUBES 4.0 is moving over to 
> using SLAT / EPT for memory isolation, and to using HVM/PVH rather than PV.
> 
> Certainly, in the last 2 Xen exploits, it has only affected PV and not HVM.
> 
> However, is it possible that using Intel's EPT is even riskier..?
> 
> Intel ME is said to be insecure by Joanna Rutkowska due to its insecure 
> implementation, and not being able to look at the code, because it is 
> closed-source.

The main problem with Intel ME is that we can't really know what it is
doing. It is basically a second system with full access to all resources
(including RAM) and we can't look even at the binary running there. Or
disable it. So, even it is bug-free (which is unlikely), it may still be
malicious on purpose and we don't have any way to detect it.

> Well, couldn't the same be said for Intel's EPT..? Surely this is 
> closed-source too..? No..?
> 
> At least with Xen, we can actually see the code and fix the bugs, whereas 
> surely with Intel we have no chance.
> 
> Or am I missing something here..?

Yes, the missing part is that you use your CPU anyway. So if the
microcode, or whatever part of CPU is implementing EPT, is buggy, it
will affect the system in any case (in case of EPT, in Qubes 3.x, it
will affect only HVM, but still). On the other hand, not using PV
domains makes a whole lot of Xen code unavailable to the attacker. Quite
complex code, and as we can see, somehow buggy.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXmobVAAoJENuP0xzK19csO6AH/2w2L+o/EToBzEoW0FyFfgiI
v8tnU6f5KN/yw9jN/PDv9fuYO7emvgFCHmIf7HKht+i1tMeOXYfeE3QFVLeSiLV9
VtXQeCCC6XChGVsqulhuAQz+c1an5cEpGJEOG3UPcodVVvHRFQEE0KZX50O1cH/W
Icb5N6XTx/wNVLysn/CerJQMIa7CHMjylGJwIgFKX5GpdHcWSZ58QLvxDeog74Ry
LxvlRBJcWogq4yafIFIE1RKsfTx8J/13vzSbOJRQXG4KgkZ9KcYXqKreVtJkzHsZ
YoGbZVCOgdtHyjABunWkduID6UkCYVSR9MNpLEGMTAxTtu7n0ko7m6vZHdLAYBU=
=ix6h
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160728222732.GH32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question on creating USB qube

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jul 28, 2016 at 03:31:12PM -0300, Desobediente wrote:
> What that option means is to not actually create a new "sys-usb" qube to
> handle the USB controllers, but rather use the already existing "sys-net"
> qube to handle the USB controllers.
> 
> Since the "sys-net" qube already handles networking, the option states
> "both networking and USB devices".
> 
> Having a "sys-usb" qube on will probably consume a small amount of
> additional RAM memory, and having "sys-net" handle more things will
> probably open an hypothetical probability of something going wrong in an
> hypothetical future.
> 
> Come to think about it, I have another question: how different would be to
> use USB network cards in the three different scenarios (USB handled by
> dom0, sys-net and sys-usb)?

USB handled in dom0: no way to use it for VM networking

USB handled in sys-net: should be easily accessible using the same
NetworkManager icon

USB handled in sys-usb: possible to use it after some configuration:
One of:
 - assign the device to sys-net using qvm-usb
 - enable NetworkManager sys-usb (in "services" tab in sys-usb settings)
   and assign it as a netvm for sys-firewall

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXmorcAAoJENuP0xzK19csTDUIAJoctr5bseALRFL0VDfWmSjG
+kjLeCsmhcSZ3tkhw27GH4Au9PMuDlrHjkrTzk0fpg61r7VkM/YuobJn+/3T79TK
GjEgJa1mtUEkGRVtz1S9SyMLiK2kZXE4jIYWmc42auxYmrM/8f5wLg/Md4rFKKIO
50xeSXu9uagfaQp2UZG5gPZxAQ1rEj7RMenwLFE0fB9L1JYusQXyxajAIC8f8zZT
ce/M7ImmGC7B3Ig6QWCgHF4rnsZPZaUXd5UgxFoenEyITn4MP6Ar4aYSmP1fYqSv
Onh3vZvx79K0M+oI0QhtKcmuUbP+jARZQwkyWb4p0TRkfdokVte5LgPOqdCLMcE=
=cE/N
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160728224443.GI32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to log all the websites accessed by a VM

[Steve Coleman]

On 07/26/2016 06:25 PM, Franz wrote:



On Tue, Jul 26, 2016 at 11:38 AM, Steve Coleman
mailto:steve.cole...@jhuapl.edu>> wrote:

Another hack to avoid having to manually type in the addresses is
done with the attached script. Its like Mareks solution, but does
the parsing on the dom0 side




I understand this means this script should be executed directly in dom0,
but isn't this a security problem?


Yes, there is one risk I know. If the VM that had been firewalled off 
from the Internet has already been 0wned, then the hacker could replace 
the tcpdump utility with something that passes a ";" back withing the ip 
address field and has a shell command after that. DNS could be hacked, 
or a man in the middle could do it too. Then that ";" in the field might 
then get parsed by the python script and passed to the command line 
where the qvm-firewall command is invoked with the bogus IP/hostname, 
thus executing something nefarious in the dom0 shell. All that would be 
needed to correct this flaw is a little sanitation of the IP/host 
parameter, proper detection of that hack-attack, and that problem is 
solved, except that your VM was rooted.


That being said the script is only a work in progress shared for input, 
and if your VM is already 0wned then you already do have a real problem. 
Firewalling the VM off obviously is too little too late. Detection then 
becomes key to resiliency and recovery. The one problem I have with this 
architecture in general is that detection of an attack is not an 
inherent feature of the overall design. Ideally I would want something 
like an selinux targeted policy in each VM, generating avc messages, 
that would then be forwarded by the kernel in realtime and then somehow 
feeding a central intrusion monitor which could then notify the owner 
when important system resources are being tampered with. Before that 
tampering leads to a full scale system circumvention. Perhaps just 
monitoring a checksum on the copy-on-write system image? or just detect 
a page write back to the cow? Whatever it is it needs to be realtime and 
not easily interceptable by the adversary considering they already have 
root in at least one VM.


As in the above example, if you knew that your tcpdump executable had 
just been replaced, before you locked down your firewall on that VM, 
then you would have a much better chance at getting your system back 
under your own control before they can start attacking the hypervisor. 
Without knowing if your system is hacked or not can you really feel 
safe? I don't feel unsafe, but I do feel blind. Don't get me wrong, 
qubes is a *beautiful* design, I love it and use it daily and tell 
*everyone* about it, its just that prevention of a hack only takes you 
so far. Application level protocol attacks that bypass network 
restrictions are way too easy, and too numerous, so system level 
detection can be equally important. This is because there are people out 
there that do this for a living. You really don't want to be their 
target, but if for some reason you are, you _really_ need to detect that 
they have arrived. Its nice when you can tell if someone is jiggling 
your doorknob or not. Detection doesn't always work, but neither does 
system software. It absolutely needs to be a multilayered solution to be 
resilient.


best regards.


and the syntax is a little easier. It does the remote tcpdump
command in the vm and the results are returned through the pass-io
mechanism. With the -A option the script then generates the
qvm-firewall add commands to its stdout.

Then, if you want to add that address to the firewall you simply
copy and paste the lines you want from that dom0 command terminal
window into another dom0 command window, and the address is added to
the firewall without any manual typing. If you want, you can add a
netmask (e.g. address/24) to an IP in the target window before
pressing enter.

[user@dom0 ~]$ qvm-fwdenied -A 
qvm-firewall  -add
ec2-54-200-125-198.us-west-2.compute.amazonaws.com
 any
qvm-firewall  -add 104.244.43.140 any
qvm-firewall  -add 104.244.43.44 any
qvm-firewall  -add
ec2-54-148-80-75.us-west-2.compute.amazonaws.com
 any
qvm-firewall  -add
ec2-52-88-118-150.us-west-2.compute.amazonaws.com
 any
qvm-firewall  -add
ec2-52-25-189-162.us-west-2.compute.amazonaws.com
 any
...

Note that these appear in batches on the console because tcpdump is
in a mode where it exits after some number of captured packets have
been filtered, with the default set to 200 packets. By default it
will repeatedly restart tcpdump for another batch. The -C ### option
allows that default number of 

Re: [qubes-users] Wireless PCI card that is compatible with cubes os

[Chris Laprise]

On 07/28/2016 04:46 PM, randallrba...@gmail.com wrote:

I'm having the worst time trying to get my wireless drivers working and am 
wondering if there is a wireless card that works out of the box? With out the 
need to download any drivers as I'm using my phone as a hotspot to access the 
net.



The iwlwifi driver should already be in your system, so Intel cards will 
already work.



Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f4f49cb-ab1a-4883-2acb-771430c7%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: networking on Dom0 - can I have it please?

[facu . curti]

El jueves, 25 de febrero de 2016, 23:26:21 (UTC-3), Nom  escribió:
> Is there anyway to get networking on Dom0 to work?
> 
> Before everyone screams "UNACCEPTABLE!", (Don't pretend you weren't going 
> to). I know it doesn't fit the security model of the OS. But my threat model 
> - quite reasonably doesn't require it. I would like to be able to still have 
> some of the benefits of the OS's secure design with the chosen compromise of 
> networking in Dom0. So can we just leave it at; I need network access on Dom0 
> for "reasons", OK?
> 
> I tried running the old 'qubes-dom0-network-via-netvm' that was removed in 
> this patch: 
> https://github.com/QubesOS/qubes-core-admin/commit/bb9d8bbf7881ce13023ac905f98511beaeaaeae7
> 
> Running 'qubes-dom0-network-via-netvm up' it gets as far as doing 'modprobe 
> xen-netfront' successfully and fails on line 70 when calling 
> 'qvm_collection[0].attach_network(...)' and reports:
> 'Dom0 does not have libvirt object'.
> 
> Is there a work around?

Nom, you found solution? I want to do the same :P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c145ef48-1b0c-4bef-af28-30e170155274%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 rc2 has been released!

[Iestyn Best]

Thank you guys, great work.

Just a little side note, yesterday when I updated it seemed to break my window 
borders in KDE. I am now using XFCE and all seems fine.

I have not tried KDE again today, just trying to get use to XFCE now as that is 
your focus now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/698c34ec-8310-4d02-b952-b5ad0f3b1d57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Chris Laprise]

On 07/27/2016 04:27 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-26 20:01, Chris Laprise wrote:

On 07/26/2016 08:45 PM, el...@tutanota.com wrote:

What is best way to verify our system supports these things?

I think you can also check out the processor with Intel.. ark.intel.com
You can search through the different processors if you are looking to
pick up a new computer.


A guide I found at AMD:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

  From Microsoft:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

  Basically, anything recent that isn't too cost-reduced.

Chris


Chris, I think you may have accidentally pasted the same link twice.

- -- 


Sorry, didn't hit Ctrl-shift-V when I should ;)

Here's the MS link:
http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e93fd151-1dc1-0c42-5977-d33534a3d61b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to log all the websites accessed by a VM

[Franz]

On Thu, Jul 28, 2016 at 8:00 PM, Steve Coleman 
wrote:

> On 07/26/2016 06:25 PM, Franz wrote:
>
>>
>>
>> On Tue, Jul 26, 2016 at 11:38 AM, Steve Coleman
>> mailto:steve.cole...@jhuapl.edu>> wrote:
>>
>> Another hack to avoid having to manually type in the addresses is
>> done with the attached script. Its like Mareks solution, but does
>> the parsing on the dom0 side
>>
>
>
> I understand this means this script should be executed directly in dom0,
>> but isn't this a security problem?
>>
>
> Yes, there is one risk I know. If the VM that had been firewalled off from
> the Internet has already been 0wned, then the hacker could replace the
> tcpdump utility with something that passes a ";" back withing the ip
> address field and has a shell command after that. DNS could be hacked, or a
> man in the middle could do it too. Then that ";" in the field might then
> get parsed by the python script and passed to the command line where the
> qvm-firewall command is invoked with the bogus IP/hostname, thus executing
> something nefarious in the dom0 shell. All that would be needed to correct
> this flaw is a little sanitation of the IP/host parameter, proper detection
> of that hack-attack, and that problem is solved, except that your VM was
> rooted.
>
> That being said the script is only a work in progress shared for input,
> and if your VM is already 0wned then you already do have a real problem.
> Firewalling the VM off obviously is too little too late. Detection then
> becomes key to resiliency and recovery. The one problem I have with this
> architecture in general is that detection of an attack is not an inherent
> feature of the overall design. Ideally I would want something like an
> selinux targeted policy in each VM, generating avc messages, that would
> then be forwarded by the kernel in realtime and then somehow feeding a
> central intrusion monitor which could then notify the owner when important
> system resources are being tampered with. Before that tampering leads to a
> full scale system circumvention. Perhaps just monitoring a checksum on the
> copy-on-write system image? or just detect a page write back to the cow?
> Whatever it is it needs to be realtime and not easily interceptable by the
> adversary considering they already have root in at least one VM.
>
> As in the above example, if you knew that your tcpdump executable had just
> been replaced, before you locked down your firewall on that VM, then you
> would have a much better chance at getting your system back under your own
> control before they can start attacking the hypervisor. Without knowing if
> your system is hacked or not can you really feel safe? I don't feel unsafe,
> but I do feel blind. Don't get me wrong, qubes is a *beautiful* design, I
> love it and use it daily and tell *everyone* about it, its just that
> prevention of a hack only takes you so far. Application level protocol
> attacks that bypass network restrictions are way too easy, and too
> numerous, so system level detection can be equally important. This is
> because there are people out there that do this for a living. You really
> don't want to be their target, but if for some reason you are, you _really_
> need to detect that they have arrived. Its nice when you can tell if
> someone is jiggling your doorknob or not. Detection doesn't always work,
> but neither does system software. It absolutely needs to be a multilayered
> solution to be resilient.
>
>
Joanna wrote in the past something like that it is impossible to identify
an attack and for this reason we should focus so much on prevention. I have
personally no idea, but this goes beyond the purpose of this thread.
Perhaps you should start a new thread to properly support your ideas.
Best
Fran


> best regards.
>
> and the syntax is a little easier. It does the remote tcpdump
>> command in the vm and the results are returned through the pass-io
>> mechanism. With the -A option the script then generates the
>> qvm-firewall add commands to its stdout.
>>
>> Then, if you want to add that address to the firewall you simply
>> copy and paste the lines you want from that dom0 command terminal
>> window into another dom0 command window, and the address is added to
>> the firewall without any manual typing. If you want, you can add a
>> netmask (e.g. address/24) to an IP in the target window before
>> pressing enter.
>>
>> [user@dom0 ~]$ qvm-fwdenied -A 
>> qvm-firewall  -add
>> ec2-54-200-125-198.us-west-2.compute.amazonaws.com
>>  any
>> qvm-firewall  -add 104.244.43.140 any
>> qvm-firewall  -add 104.244.43.44 any
>> qvm-firewall  -add
>> ec2-54-148-80-75.us-west-2.compute.amazonaws.com
>>  any
>> qvm-firewall  -add
>> ec2-52-88-118-150.us-west-2.compute.amazonaws.com
>> 

[qubes-users] networking on Dom0

[facu . curti]

Hi there.

I want to get networking on Dom0... I know everything you are going to say... I 
use qubes for investigate, I dont have ANY sensitive data, and I want to use 
Qubes, not another OS.

I need to get a program that uses internet and 3D. As I have only one video 
card (passtrougth is impossible), I think this is the best solution. I dont 
need so much capability, but I need 3D working.

Please, spare any comments about security and/or using other os... I know 
everything that. I just want to use Qubes with this program...

What is the best way to connect dom0 in to the network?

Someone can help me?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01ea05d7-6df1-49d0-8785-b970786b8799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] What do you think about the idea of a FileVM?

[epicdonk]

A fileVM would be a mountable filesystem that 2 or more AppVMs can share.

A fileVM could be a normal partition like MSDOS/FAT32, an encrypted filesystem, 
or even a distributed or cloud filesystem.

There are numerous uses for this, for example, installing Dropbox on a Linux 
AppVM and sharing the dropbox folder with a Windows AppVM that has Microsoft 
Office installed so you can edit docx files. You would create one DOS/FAT32 
partition that would be attached to both the Linux and Windows AppVM. Currently 
you would have to install dropbox on both the Windows and Linux AppVMs doubling 
storage requirements.

As long as the two AppVMs share the same risk tolerance there doesn't seem to 
be any reason not to allow this in my mind?

The current system of having to manually transfer individual files from one 
AppVM to another is a productivity bottleneck and to many makes QubesOS 
undesirable as a primary OS. 

I understand there are many reasons to enforce the manual transfer in certain 
AppVM domains depending upon their nature, and this should be the default, but 
we also need a way to intelligently share large amounts of files between AppVMs 
in the same security domain.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/425c5d89-f850-4f71-ab32-711f97e8bc6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A problem with update

[M. Vefa Bicakci]

On 07/28/2016 05:24 AM, Marek Marczykowski-Górecki wrote:
> On Wed, Jul 27, 2016 at 10:31:10PM -0700, admix...@gmail.com wrote:
>> Hi,
>> I'm trying to update qubes but there still show that there is no updates 
>> (for few moths).
>> I thought that was true until I tried to download update for xen.
> 
>> Some commands:
>> http://pastebin.com/Q7nhfZnX
>> Linux dom0 4.1.13-9.pvops.qubes.x86_64 #1 SMP Thu Feb 11 15:46:02 UTC 2016 
>> x86_64 x86_64 x86_64 GNU/Linux
> 
>> Can somebody tell me whats going on?
> 
> I think --debuglevel option is not supported - this is why you've got
> that help message instead. Try `qubes-dom0-update --clean` to remove old
> metadata first.

Hello Marek and Andrew,

On a related note, the script at 
"/usr/lib/qubes/qubes-download-dom0-updates.sh" may have
a minor bug related to the removal of the cache files when the --clean option 
is passed
to the qubes-dom0-update script in dom0.

When I run "sudo qubes-dom0-update --clean", as seen below my signature, "rm" 
outputs an
error mentioning that it cannot remove a directory. Even though "--clean" was 
used, the
timestamp for the metadata expiration check indicates that dnf is using 
metadata from
almost 12 minutes ago. This indicates an issue with the clean-up of the dnf/yum 
cache.

When I "rm -rf" all the offending directory on sys-net using the command listed 
below,
then "--clean" works as expected as can be seen below, where the metadata 
expiration
check indicates only a 23 second delta, which is a more plausible value when 
using "--clean".

All this to say, would it be possible to make the 
"qubes-download-dom0-updates.sh" script use
"rm -rf" rather than "rm -f" on the paths related to the dnf/yum cache for dom0 
updates?

To be specific, I mean replacing the "rm -f" instances with "rm -rf" on the 
following lines
in /usr/lib/qubes/qubes-download-dom0-updates.sh in the Qubes OS VM templates:

  if [ "$CLEAN" = "1" ]; then
  $YUM $OPTS clean all
  rm -f $DOM0_UPDATES_DIR/packages/*
  rm -f $DOM0_UPDATES_DIR/var/cache/yum/*
  fi

I believe this may be related to some of the "updates missing" issues that 
Qubes OS users
have reported after the release of the corrections for Qubes Security Bulletin 
#24.

Thank you,

Vefa

=== 8< ===

[user@dom0 ~]$ sudo qubes-dom0-update --clean
Using sys-net as UpdateVM to download updates for Dom0; this may take some 
time...
Running command on VM: 'sys-net'...
30 files removed
rm: cannot remove '/var/lib/qubes/dom0-updates/var/cache/yum/x86_64': Is a 
directory
Checking for dom0 updates...
Last metadata expiration check: 0:11:54 ago on Thu Jul 28 22:24:19 2016.
Dependencies resolved.

 Package  Arch Version  Repository Size

...

[user@dom0 ~]$ qvm-run -aqp sys-net 'rm -rf 
/var/lib/qubes/dom0-updates/var/cache/yum/x86_64'

[user@dom0 ~]$ sudo qubes-dom0-update --clean
Using sys-net as UpdateVM to download updates for Dom0; this may take some 
time...
Running command on VM: 'sys-net'...
30 files removed
Checking for dom0 updates...
Last metadata expiration check: 0:00:23 ago on Thu Jul 28 22:39:13 2016.
Dependencies resolved.

 Package  Arch Version  Repository Size

...

=== >8 ===

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/190ddc7d-ed44-2ea9-5994-3d8a3a867a33%40runbox.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Niels Kobschaetzki]

On 16/07/28 20:25, Chris Laprise wrote:

On 07/27/2016 04:27 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-26 20:01, Chris Laprise wrote:

On 07/26/2016 08:45 PM, el...@tutanota.com wrote:

What is best way to verify our system supports these things?

I think you can also check out the processor with Intel.. ark.intel.com
You can search through the different processors if you are looking to
pick up a new computer.


A guide I found at AMD:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

 From Microsoft:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

 Basically, anything recent that isn't too cost-reduced.

Chris


Chris, I think you may have accidentally pasted the same link twice.

- --


Sorry, didn't hit Ctrl-shift-V when I should ;)

Here's the MS link:
http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx


Neat, the X201 supports SLAT :)

"Old" laptop but still on the safe side :)

Niels

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160729042010.GA1141%40mail.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL Acer Chomebook C710

[Paul Harper]

This Chromebook has been modified by install Coreboot from John Lewis.
https://johnlewis.ie/custom-chromebook-firmware/rom-download/

I also added 16GB of RAM and an SSD 480 GB Hard Drive. All seems to be
working well.

-- 
Regards,


Paul

about.me/pauljamesharper

GnuPG Fingerprint: B3C2 6A80 BB3E 8D4D 126E  4FBE 5F62 4195 17D3 CB75


“Wisdom consists in being able to distinguish among dangers and make a
choice of the least harmful.” — Niccolo Machiavelli, The Prince

“The user’s going to pick dancing pigs over security every time.” — Bruce
Schneier

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAG1manyDe6Q8mgp7Zr907UTgPrK4%2Bx%3DHBse6avGZJvN_32xD%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Google-Parrot-20160729-114941.yml
Description: application/yaml