Re: [qubes-users] Screen corruption on nvidia
>> Several packages were recently pushed to testing repos (see >> qubes-buider-github comments on the issue). Have you had a chance to try >> those? > > Cool, I will grab the latest qubes-gui-vm from current-testing and see if > that helps. Sorry, that was phrased wrong, and I hate to add any confusion for anyone. (I really should read more carefully before posting.) I see the updated packages are for qubes-gui-agent's in the fedora/debian templates. Will grab those, fire up several AppVM's, and see if things improve. Cheers. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65abe7794d0822f9a2387a7a4b96b804.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Root Drive Corruption
johnyju...@sigaint.org: >> This problem persists in 3.2rc2. >> >> (And I get 0 errors on the same USB drive under Tails. When I can find >> the SATA power connector around here somewhere, I'll try moving the drive >> direct onto the SATA bus.) > > I think the problem *may* be that systemd has a default 90 second timeout > on jobs, including unmounting root. > > On an external USB drive, due to slower transfer times, the shutdown > process of all the VM's, killing processes, flushing buffers, etc., > happens to take long enough that a clean unmount of the drive doesn't get > a chance to occur, leaned to a corrupted filesystem. > > If I shut down each Appvm manually before finally doing the reboot, the > work left to do on shutdown lets the unmount occur with in 90 seconds, so > the drive shuts down cleanly. > > I think that's what I've been seeing, anyway. There's a lot of disk > activity while systemd talks about outstanding jobs, and while the time > remaining of waiting for the jobs, ticks down to zero. > > Now, why the fsck on boot fails (and things fall into r/o mode, and fail > thus hang the boot sequence), I'm not sure. It could be a similar > problem, that startup jobs aren't happening within the 90 second default > job window for systemd (due to slower USB transfers, and the time taken > for the fsck), and the boot process gives up. > > People with internal drives and killer machines wouldn't see this issue. > > I'm going to try cranking up DefaultTimeoutStartSec and > DefaultTimeoutStopSec in /etc/systemd/system.conf, and see if that > improves the situation. I'll also scrutinize systemd-analyze (which I > just learned about, being an old-school /etc/init.d guy, lol) and see if > that confirms my suspicions. > > Cheers, > > JJ This might explain why I didn't see this behavior, because the external USB drive that I booted 3.2rc1 from was a USB3 drive that internally used RAID0, so it's probably faster than most. Might I ask whether your external USB drive was USB2 or USB3, whether it was an HDD or SSD, and whether it used RAID0? Cheers, -Jeremy Rand -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/168f1392-c917-c2f7-ce6f-70236a734eab%40airmail.cc. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: installing Signal on Qubes mini-HOWTO
On 2016-08-17 16:08, Chris Laprise wrote: On 08/17/2016 11:35 AM, johnyju...@sigaint.org wrote: On the Signal matter, just some personal paranoia Re: Signal and Google Play Services: I've been the subject of some rather intense and ongoing hacking (iPhone, iPad, Android phone/tablet, PC, MacBook, cable modem connection, you name it). On the Android phone, I wiped it several times, and switched to Cyanogen, but the "weirdness" kept coming back. (Seeing stuff being recorded, logged, queued to upload etc., when scrutinizing the filesystem with adb.) The issues often seemed to dance around Google Play Services. The problem kept coming back, until last time, when I wiped the phone yet again, but didn't install Google Play Store (and thus no Google Play Services). Things *appear* to be stable and secure now, with no logging/recording/uploading weirdness showing up on the filesystem. I'd like to install and use Signal for obvious reasons, but I honestly don't trust Google Store/Services enough to take the risk. (I have a psycho ex with some crooked cop buddies, so I half suspect some law enforcement/government hook might be present in Google Play Services. Speculation of course. But I'll personally stay clear for now. I'm not doing anything illegal, but with crooked cops it really doesn't matter much. :) ) I did get a copy of Signal from apkmirror, but I expect it might not work without Play Services, and I'm not sure it'd be smart to implicitly trust apkmirror, either. So I'll keep my SmartPhone as a DumbPhone for now. I was kind of excited to hear about Signal for Chromium, but disappointed to find it relied upon you also having it installed on your smartphone. Aand then there's this: http://arstechnica.com/security/2015/06/not-ok-google-chromium-voice-extension-pulled-after-spying-concerns/ Not cool, Google. Cheers. :) I have to say I don't understand the logic of tying an app like Signal to Google, meaning the user is attached to Google at the hip. Especially when an app like Ring.cx operates without a browser or even a server, which seems far less risky. Chris But Google just announced their end of support for Chrome apps on Windows, Mac, and Linux in early 2018. https://blog.chromium.org/2016/08/from-chrome-apps-to-web.html Won't that kill the Signal app? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88da137bb3ef7a3567603e0d42dd3d87%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run only available from dom0?
> On 2016-08-19 05:11, johnyju...@sigaint.org wrote: >> When I try to run qvm-run from within an AppVM, I get "Request refused." >> >> Is this by design, for security reasons? If so, I guess that's >> perfectly >> reasonable. I just don't see that fact documented anywhere. >> > > Yes, but it's completely user-configurable. You can read all about this > system > here: > > https://www.qubes-os.org/doc/qrexec3/ Sweet! Mainly looking to have Keepass, running in an offline AppVM, to be able to fire up specifically-allowed URL's in a browser in another AppVM, and stuff a password into its clipboard. (So it sounds like I could restrict the qrexec to a custom script in the AppVM that only opens that specific site; and stuffing the clipboard should be pretty benign, too.) If I'm very careful about the permissions, I should be able to keep any risk under control. The qrexec design looks pretty flexible. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89dfd009013139c7caa9ec16a5920efd.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] AMD Zen Secure Encrypted Virtualization (SEV)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-19 11:58, kev27 wrote: >> Secure Encrypted Virtualization (SEV) integrates main memory encryption >> capabilities with the existing AMD-V virtualization architecture to >> support encrypted virtual machines. Encrypting virtual machines can help >> protect them not only from physical threats but also from other virtual >> machines or even the hypervisor itself. SEV thus represents a new >> virtualization security paradigm that is particularly applicable to cloud >> computing where virtual machines need not fully trust the hypervisor and >> administrator of their host system. > > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/ > AMD_Memory_Encryption_Whitepaper_v7-Public.pdf > > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf > > Is this something Qubes OS could work with in the future to improve its > security on AMD Zen chips? Maybe something to keep an eye on. > Sounds very interesting! This reminds me of what Joanna has written about Intel SGX.[1][2][3] FWIW, however, Joanna has also said: "We don't have much experience with AMD: neither research- nor testing-wise. Right now we have no resources to get acquainted."[4] I imagine that could be relevant to this. [1] http://blog.invisiblethings.org/2013/08/30/thoughts-on-intels- upcoming-software.html [2] http://blog.invisiblethings.org/2013/09/23/thoughts-on-intels- upcoming-software.html [3] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf [4] https://twitter.com/rootkovska/status/756052459752128512 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt2GHAAoJENtN07w5UDAwLuQP/3IkhRVoHpTogM4u5hUpzig+ ni7T69i8FQ5cfbqRQKZa60TY4TAwaWUUKMyAOkUb8gnO9NEFOXHspV8S4kowWq3C j1OvVrq/DjucsqTchcwVo1x6K+WJsES+Bn92B253YCfmRllYNsGf7Zeolcd0uyVE 6w6qSkWuoPTjOmdXCHWBllreDh2LlVvgL3FF7207TLRTEjV8BGPFndFzZ8NfNGSx 6F4Ss7X/WLi0XmA3asJXofOr9piOM3D86sy6W8yK8q1OosbO+WQFAlVrtruoh6FZ WBhurvmix2Yj9TGOyFvdTBDG+ctybBrA3VatwJT7pcjIZvSKp6BW6h9P7rGAg+af AvW+UKJFsPD72meS3jyrKNICbz+tAajHCAL4eVF9wltS/zighuWBoIpAugOwxHWu rIfdN9hmtkPtG7uc/IeJP5utq9GpsbcuN3BjB79dPRrAqGrylriHa4hUGPloSutO OmXyq9YQW2C+FxLLFcAlfenxZZh1Umg+APPN0IqDjfBdKUS3oOYKJIP0YO0SDJYF CIZcQRiTs0O/JuKfqGddMU5QzzdWJx5Z2mVV2oTp5ed2sjl1KYYWLAg0gc73mSYB jcyWeeFvOJiz3csoBobOTh4eLBXJXd/Nzskki5WxOl6qYB7xSi4Vle1qnOels4vz 2NgLEVxsaJGJSZvJ72FJ =uIAV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/570f2e98-b342-b24a-7e0b-d3b734584417%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HVMs auto-resizing, causing positioning issues.
On Fri, Aug 19, 2016 at 3:15 PM, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-19 09:00, Joe Thielen wrote: > > I have a minor GUI usability issue. > > > > I'm using a smaller monitor, and my CentOS 7 HVMs seem to always want to > > take up the entire height of the screen. The problem is the HVM window > > title bar will show at the top cutting off a little at the bottom of the > > window. When using text-mode/CLI, this means once I get to the bottom of > > the screen I can't see what I'm typing. > > > > I've tried right-clicking on the title bar, going to More Actions, then > > Special Window Settings. If I set Position to Force 0,-25, this seems to > > work when I do it manually. > > > > When the HVM boots again it works... for the first bootloader screen. > > However, after that, the HVM re-sizes itself, and I'm in the same boat > > again. Now, when I go back to look at the settings, it still says Force > > 0,-25, and if I hit OK, it will resize. > > > > The problem is it doesn't do this automatically upon resizing. > > > > I could force position to 0,0 then remove the header and frame. But then > > I can't figure out how to get the header back, in order to get to the > > "Special Windows Settings" menu section again... in case I want to make > > further changes. If I right-click on the HVM in the taskbar there is a > > "More Actions" section, but no "Special Windows Settings". I can only > > seem to find it when right-clicking the title bar. But I've removed the > > title bar for this HVM now...! > > > > Any ideas? > > > > I think you're normally supposed to set the desired resolution from within > the > HVM OS's internal settings. In this case, try to set the desired resolution > within CentOS. > > I think it's to be expected that attempting to force window properties in > KDE's window settings wouldn't work, since CentOS doesn't "know" about > dom0's > window manager. > > A tip for moving unwieldy windows around: Since you're using KDE, you can > simply hold alt, then drag anywhere on the window. This should work even if > the title bar is completely offscreen. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXt1rIAAoJENtN07w5UDAwyEAP/izU8N2q5os1A4ewj13Czl4c > JDa08VekcmQJRVVT2ZTmMeyqblZiuGI6xah9zBIc9gk1cryUNI588zBkGlmjlMvK > IbEKnkZbHRTYZIdA1sjlvjhkuiJhRcl+W+rIfRtjMTz/JYeG7zIFG1XgP98g9B05 > zhCzeQPzmRYUxGZoIK1s3S0Hz470YM/dGdSy/6snfSXoCHpMY5s2z1q7Eoy7aN+q > MabH/9lVfT/xbJceuo9ydlsKHhOcD+dmL+woJ9WJFHVr4qmKVh5XvnG+bM9Bex5B > bYDFq7f2+E1/U35wLwLoVw7eNVGkILEF1vQmr74oFkxilZyyzlM4inLdBmWCEwRu > J4lRNMR1Ne7KPXQ4eINZxf88f5xl8D/kPgAnEJHmI3s/+V1GDo9ljp1DR+kVxFls > Vx/6veKJRnxOnwqCfBrl2ayO75MCywIBujPLfghrqHX18/yRoHeHMgOEBB0/jsJi > npU8uO64cfMz9ljlfApdN/sTFj6/EmLsFuuZoQfHk5v5EwkVEsFD1aLS2pgQ9Tiw > fgcyi8cBs5ff2fTQyOsBU9eRRHYDTWtsnTufA0AyW6V0ab823e+a/3ZrThMPKJvJ > 5Wdg/DBFAbk+ZrzdgzaoRng0Zywt7t0+SFhQGGufbZFWSts46miWPub0V7SE0xkT > fswhU9KPeg8ihG45AtoF > =4oQx > -END PGP SIGNATURE- > > Thank you Andrew. I'm not sure that I know how to set the resolution for CentOS in non-GUI mode. I will have to look at that. Holding alt and draging does not work for the windows. It does for windows with a header/frame, but not for the ones where I've removed the header/frame and/or forced to position 0,0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAM9FSFxGoHA1ShX5ZY8D7vwkGfehhOF__c2QOSOckWd%3DdVGmtA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - HP Envy 14 LR1281G4W
Hello, Here is the HCL report for the HP Envy 14 LR1281G4W Qubes 3.1 gave me "warm black" after install and was unable to boot so I installed Qubes 3.2 RC2 and the OS will now boot. Upon boot i receive the error "Failed to start Load Kernel Modules" once logged in i am unable to connect to the internet or even scan for networks with my wireless receiver. also there is no application bar. it never loads or shows up. any suggestions? Thank you, RutchMathers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/156a449a742-3f75-47c%40webprd-m102.mail.aol.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Hewlett_Packard-HP_ENVY_14_Notebook_PC-20160819-114832.yml Description: Binary data
Re: [qubes-users] Re: Problem with headphones in Qubes-OS 3.2rc2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-19 09:35, 'digitaldijjn' via qubes-users wrote: > On Friday, August 19, 2016 at 12:07:23 PM UTC-4, York Keyser wrote: >> Hi List, >> >> I think I have a problem with the sound on my Qubes-OS 3.2rc2. Sound >> works fine with the speaker, but as soon I plug in headphones I can't >> hear anything. I can see the that the sound is playing in the Volumen >> Control but I can't hear anything. Also, it the Volumen Control shows >> that the headphones are plugged in. Anybody with the same problem or is >> it maybe a Layer 8 problem ;) >> >> Regards York > > I was just about to post the same problem, I'm guessing I have to pass a > device to the vm I'm just unsure which one. I had my headphones plugged in > when I started audacious in one of my vms I got this error message: > > ALSA error: No suitable mixer element found. > > ALSA error: snd_mixer_attach failed: No such file or directory. > > when trying to play some of the songs I got this: > > ALSA error: No suitable mixer element found. > > ALSA error: snd_mixer_attach failed: No such file or directory. > > ALSA error: snd_pcm_open failed: No such file or directory. > > I'm updating my VM's and rebooting to see if it helps. > If they're just regular headphones, I don't think you should have to pass any devices to any VM. Try checking in the settings for your dom0 sound mixer (e.g., KMix). Make sure that the headphone volume level isn't set to 0 and that the associated device isn't disabled. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1vgAAoJENtN07w5UDAwvw8P/jQHLxDKr4WVbIJ2iw7WazVk Or1SWi0e6O17lFiBk2KI8yJG91K6ThTCZW9vrtRX3OnFOmNVWEMXvUXLmiRqlAtm kyJ794APoP1r9ei5celTNMMRdhOuxpQnQObPS+RdQAOpqtIkVvsYQ5RcTGhOYar0 ovp0oAFYmR3eccy5BhkXCmAVRIy1yL64PaFi+lu65owbwTBcqsSynFa048OzUQfy VIEt+O9sHCn3UPxe5zg47tI6x0Bdu0JB/qeIPRzB42a+7Js9lQ0DWjynW3ZUs2x3 1e8THdZ7dIs/h7HwMYiGx5+rzuZGDdcEglcmMW/AwvYr6qUg13/g5qkbH4upQKkR qXtE9O2Sf7sLR8a/rxU6BTDhsxibhsa2VwlJL8S/HlZRp+0C3Dv1aEtp+8tKN21u YL8oSYmZ5d+13QkxTGAPHWGik3a6+UUfH927yAAQIRF1nEwSE+FQSA5I7n+OW64M tGUbOItkXAAgrNrGvlkg9KxLgr80VN5LLaBuGqG15NvZu+EvG4SiwsL3gKx4zdpB fwXxJjs7K/YAWWT2fz4KOqcZhhCnSeN8xdmkCRMt9HQ6rK9JcsRmLxReJaiH97/P W612uW08Zs6Wt/FfQPKX+7kb0tmFIfzY9sZBAP8E/0ArFoz1SUm3IVLhQbQELDNp ku4GNUrqBuqNPNiK4KwT =VH9h -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b8d9395e-be14-ecf9-aa5c-86f521430b92%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HVMs auto-resizing, causing positioning issues.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-19 09:00, Joe Thielen wrote: > I have a minor GUI usability issue. > > I'm using a smaller monitor, and my CentOS 7 HVMs seem to always want to > take up the entire height of the screen. The problem is the HVM window > title bar will show at the top cutting off a little at the bottom of the > window. When using text-mode/CLI, this means once I get to the bottom of > the screen I can't see what I'm typing. > > I've tried right-clicking on the title bar, going to More Actions, then > Special Window Settings. If I set Position to Force 0,-25, this seems to > work when I do it manually. > > When the HVM boots again it works... for the first bootloader screen. > However, after that, the HVM re-sizes itself, and I'm in the same boat > again. Now, when I go back to look at the settings, it still says Force > 0,-25, and if I hit OK, it will resize. > > The problem is it doesn't do this automatically upon resizing. > > I could force position to 0,0 then remove the header and frame. But then > I can't figure out how to get the header back, in order to get to the > "Special Windows Settings" menu section again... in case I want to make > further changes. If I right-click on the HVM in the taskbar there is a > "More Actions" section, but no "Special Windows Settings". I can only > seem to find it when right-clicking the title bar. But I've removed the > title bar for this HVM now...! > > Any ideas? > I think you're normally supposed to set the desired resolution from within the HVM OS's internal settings. In this case, try to set the desired resolution within CentOS. I think it's to be expected that attempting to force window properties in KDE's window settings wouldn't work, since CentOS doesn't "know" about dom0's window manager. A tip for moving unwieldy windows around: Since you're using KDE, you can simply hold alt, then drag anywhere on the window. This should work even if the title bar is completely offscreen. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1rIAAoJENtN07w5UDAwyEAP/izU8N2q5os1A4ewj13Czl4c JDa08VekcmQJRVVT2ZTmMeyqblZiuGI6xah9zBIc9gk1cryUNI588zBkGlmjlMvK IbEKnkZbHRTYZIdA1sjlvjhkuiJhRcl+W+rIfRtjMTz/JYeG7zIFG1XgP98g9B05 zhCzeQPzmRYUxGZoIK1s3S0Hz470YM/dGdSy/6snfSXoCHpMY5s2z1q7Eoy7aN+q MabH/9lVfT/xbJceuo9ydlsKHhOcD+dmL+woJ9WJFHVr4qmKVh5XvnG+bM9Bex5B bYDFq7f2+E1/U35wLwLoVw7eNVGkILEF1vQmr74oFkxilZyyzlM4inLdBmWCEwRu J4lRNMR1Ne7KPXQ4eINZxf88f5xl8D/kPgAnEJHmI3s/+V1GDo9ljp1DR+kVxFls Vx/6veKJRnxOnwqCfBrl2ayO75MCywIBujPLfghrqHX18/yRoHeHMgOEBB0/jsJi npU8uO64cfMz9ljlfApdN/sTFj6/EmLsFuuZoQfHk5v5EwkVEsFD1aLS2pgQ9Tiw fgcyi8cBs5ff2fTQyOsBU9eRRHYDTWtsnTufA0AyW6V0ab823e+a/3ZrThMPKJvJ 5Wdg/DBFAbk+ZrzdgzaoRng0Zywt7t0+SFhQGGufbZFWSts46miWPub0V7SE0xkT fswhU9KPeg8ihG45AtoF =4oQx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f0e440f-6a86-9368-29f7-f653922d5361%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Root Drive Corruption - Solved???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-19 06:18, johnyju...@sigaint.org wrote: >>> This problem persists in 3.2rc2. >>> >>> (And I get 0 errors on the same USB drive under Tails. When I can >>> find the SATA power connector around here somewhere, I'll try moving >>> the drive direct onto the SATA bus.) >> >> I think the problem *may* be that systemd has a default 90 second >> timeout on jobs, including unmounting root. >> >> On an external USB drive, due to slower transfer times, the shutdown >> process of all the VM's, killing processes, flushing buffers, etc., >> happens to take long enough that a clean unmount of the drive doesn't >> get a chance to occur, leaned to a corrupted filesystem. > > I am very new to systemd, but I believe the cause of my corruption is that > there may be a typo bug in one of the directives for systemd's > umount.target. > > "systemctl show umount.target" reveals: > >> JobTimeoutUSec=0 > > "man systemd.directives" and "man system.unit" do not show any such > directive; however, they do show "JobTimeoutSec" which I believe was likely > the intended directive, and which would set no limit on waiting for that > shutdown filesystem unmount, and I believe would prevent the corruption I > was seeing. > > A zgrep of all the man pages shows no indication of JobTimeoutUSec being a > legit property. > > Cheers. > > JJ > Thanks for the report! Updated: https://github.com/QubesOS/qubes-issues/issues/2245#issuecomment-241107927 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1kbAAoJENtN07w5UDAwTdkP/jcUco65Mh1pBLqCXhFBfZ9s s57imQlP8jfUfE+zXAZ8PeYYA07cw31QXx+K3jcKvDyFOo3xfMvL+t9XH0WkM2B0 FUpFLn+YO3MEClLQM4ZC3hTZz7fl0npuhJBEPkOiGXMgbkycxP2rrqNTi9M7yoYi Zg4/sAzi7PyLC8/gaUJ6c5LdsZ3KB2k8QQWRpgFbEBdYQ7b0kHF7hyjZqHo6Rnrd 26b8NTwKaCJR07tf2/BVuMzgskQpkzugDE083nVpyqKqBo9c6lZANETavd7JiVLD O6Yt7NVM1ZHWKU8dPuEvBQ8yleEOmXRPDqrs9sXS2R2AdPpnmUOxYU8Tyi6MBTYi +acp9A4gyduHbufhiDOv6Mh4rYpaItRQixutk6Q89UzgsjarR9Fj9IH/JqR4KmAK mUdcok1rrzpcMGOOMH34kMJ/IkgxlWe7LNypn+kDattwULeoPYp+MMkRI2h/OJRR bPdsXU5RN1Yc1x2hiGYdGBXn2QXT28I06AHq2fvLCXpIo90ia7lBr5u7DzzEVKp/ YkJgNp7QVR7rjE1WbmXWx43K8gUT5+0yYE7hPP72GSmQqZz3j5BlbheVrzzruEbz EnsIfiwbl2Xj9wZNnSOuOnxNHSDaPtFRR+pRwBooIBsK8bP3vj4wajdg8mby8nI9 kh3DJ51P4tpeHGltp9LT =Idxb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10c08c9c-a1ac-4a28-295a-22cdd0971b7a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Root Drive Corruption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-19 04:32, johnyju...@sigaint.org wrote: > If I shut down each Appvm manually before finally doing the reboot, the > work left to do on shutdown lets the unmount occur with in 90 seconds, so > the drive shuts down cleanly. > Hm, I wonder if this could be related to this: https://github.com/QubesOS/qubes-issues/issues/1826 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1jSAAoJENtN07w5UDAwPgkP/3XynrrWe1d0LbIX1wW+QSDy Njd6dZkBs1bCZRaVl1QjM3prAmbHlEsgcHtpYvgqS50lSXclr7A8E4wU6Vyu2bIg XH/1kKLdCxNnVTBkTLM5aeZosNittvEA3/6HLW/wQWrZw3kLP5Lf2wJmmnAO3eOj V2joY3vhAnpGuq8vmnRX8RTwGBDAOPnNh37decjqw+kx5FxNumYMRnZPJsnbmcoU Qo+cwFCuVI3+0NYOXypVrTyR9nV2Dc68dyAEJ+LHECyTfXaWukx5UQo3800C1qTx XQjQi9ZDZnIr+PrIdzdKsKBz/S0EtzayiX7voT65QNFXi2F1e+/EwyOnqIS0zRRX OSNCQG4k0yeD35QXfTQNFsPJ8L176cy7hk1Vgs7P4bR3KxNdjkx7ukneLMkJOkqE adU8t8DBGewj3wQ/FnI9G3x99NRafoBPq/+xD6/qUPI6UeKWIlXcPZPQGr8Oxsso z8kQdAPSSX6SxycMLLGKhrXlF8gnJwo/N2ZHXgSpPnMIhUWm+FgDidSo6XtfOb9v cAbYDMOn+KKOMwTOvJGclS+R8yi3DZPlhH9qTVgMc9XdXvPHSF91GdU7Pmc2mAJ7 c+1pP4zgTs3TKnWk/NKax0AEk+5mdqkP6aUzmdNZtASfgw+V7xyvrB2fMuLW3ElT wbQKUe9P1X6uXHCltLDo =B9TE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/061b8345-5906-4fbe-5896-6cd7c85ea859%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Qubes 3.2RC2 not verifying Checksum but passing Siganture?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 [Moving to qubes-users.] On 2016-08-19 05:53, kernel[consulting] Sebastian Hültenschmidt wrote: > Hi all, I just recently downloaded the 3.2RC2 and verified the signature > ok. When i tried to use it, it fails the checksum test after ~4.8% It > rechecked the signature and tried another USB Stick without sucess. I used > it anyway to install, but it had only XFCE window manager, no KDE. > > To verify i dowloaded the 3.2RC1 and it works as expected. Signature ok, > checksum test ok, KDE available. I just assume you are not switching > packages when transitioning from one RC to another, so i guess there is > something broke on the way. RC1 is 4.5 GB, RC2 only 4.0 GB. > > Did i make a mistake? Anyone else with this behaviour? > > Best regards, > > Sebastian > This issue has been reported previously: https://github.com/QubesOS/qubes-issues/issues/2246 As you can see from the comment, the other user's media check also failed after 4.8%. However, copying the same ISO onto a different flash drive (8 GB Kingston) from a different computer (Linux Mint 17.1) worked. Perhaps you could also try an alternative flash drive and/or computer? If it still doesn't work for you, we can reopen the issue. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1fzAAoJENtN07w5UDAw4gQQAKuc4TI331kOeZOQFWmjU6s8 zt2/Asg5QEpIyEHvpHVkMZ/EY4NMjVHG7SNwscp/FZhrFkNcgdvSMnDrlCPfYoOV rRJHn7Sm1hehaVYCsT+8m3vFTRzn6iQmMFt/W3tn3ukG9txdwaZnGxCSnuKXAhcq uYzIHeSBzhkrRvc0KKDTOzjuxttAlPSpObPB89qpRVdRLwN+uJH+xjJzSxVa0caw 64hlv34olOzMTA2eAs8lSSDGPdutdMiG5xZkrrEyGpK4LKzZXVBdPUZOyC/tIiYE pawh7Ne8JMp0w+t9b2+DPvGYtQdGsRFi7jZrW9qgFnRLEjFr2r4jIRQhBcuioeS7 zusznX0Se7mit+BO8SAtEjUK8GrrweB0NZAoy9Jm9Z3WpmVTsnogxCPxs3KAfmsL tLXTeQvEZ06TaQvB8DTp5b2P/1w1aahGOY+GN3IGBvDO60o3pdpiGo0Hsmyz6GSp awKfAVP553CvwwlvWGhxsBD142ZT+M8TLO1Utc5P5JpBpie2lu8e4yTzwekTv4Ut 3DlvP6BquspUWtbgQDqQhaPvXRVV8pnjdDZ/gZ1gZfSNHWyyYk+T2IkFozrwM3HM tKK3MGHeo0obQsdM4OAw+sVAMvK1EwdwRjjueHzXoyXmwQ6cA3H6QZoe3V/Ymh59 ELvTG95i9GDOM3QkM/xC =WR8N -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f600861-9c30-27de-cee0-d82301edca43%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] AMD Zen Secure Encrypted Virtualization (SEV)
> Secure Encrypted Virtualization (SEV) integrates main memory encryption > capabilities with the existing AMD-V virtualization architecture to support > encrypted virtual machines. Encrypting virtual machines can help protect them > not only from physical threats but also from other virtual machines or even > the hypervisor itself. SEV thus represents a new virtualization security > paradigm that is particularly applicable to cloud computing where virtual > machines need not fully trust the hypervisor and administrator of their host > system. http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Is this something Qubes OS could work with in the future to improve its security on AMD Zen chips? Maybe something to keep an eye on. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af69cf92-c19b-4b88-8676-613713c33b38%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run only available from dom0?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-19 05:11, johnyju...@sigaint.org wrote: > When I try to run qvm-run from within an AppVM, I get "Request refused." > > Is this by design, for security reasons? If so, I guess that's perfectly > reasonable. I just don't see that fact documented anywhere. > Yes, but it's completely user-configurable. You can read all about this system here: https://www.qubes-os.org/doc/qrexec3/ Pay special attention to the section titled "Qubes RPC administration." As that section explains, there's a file where you can enable using qvm-run from within an AppVM. That file is: /etc/qubes-rpc/policy/qubes.VMShell However, before doing this, there is a very serious warning that you should heed: https://groups.google.com/d/msg/qubes-users/xnAByaL_bjI/3PjYdiTDW-0J > (The demonstration of one of the Xen exploits executes a qvm-run of xcalc > in dom0 from an compromised AppVM, which kind of implies the fact that > such behaviour is normally restricted between AppVM's. If this is indeed > the case, it might be useful if certain commands could be configurably > whitelisted, from a config file in dom0, to be qvm-run between specific > VM's.) > Yes. The action is prohibited by default because it can be so dangerous. However, as explained above, advanced users can choose to selectively allow it for certain VMs at their own discretion. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1aDAAoJENtN07w5UDAwrS4QAIhHMbWIIY6etJA+ThQ8YhZF vjwftWCsnRI4B1OeJ+ECNCE9PeMoaIa65HzdDm/X9Vq2yvX1uk4Z3PjFIX4Y/lAk yhIR6LnStgGHFZJp3uHWXlnT9eXeFpu93MRID1o2enRBrhQAA9+WmkTHyUyCtiu1 z96g4B3xE5faPfOBEhkg3xex4anxt2a5RY8tGo/99hwUHQ5U2stiRkBRmbAm3TUL PjplajBoNoe8yGS/7m1gCdC7BA3XiSjw2eCjsT3Zshc70tEEd7dFFwBKmPVVURCJ dTIbfVKk4yCMsM3Vw/V4CZLzTnBPzpwPSmk1ZymJRTedgIBUdQLYpRDb3RLS1vmZ r44cpZk3Hdkf6ZimFcSk13HYE1LZxvCaDolD/MPeB+EKLzkiNIhlPIkJzDCpCwIy rOgPuShcF+xf73HR3ZGelLcPl7jVFxphsTu8OC7NG/9NF8X8i7U2ZpzLTW7lPTr4 vISlH7u5woLQ3O4OL10ei0bgDSGnA3osF5LwcU9zc9ZwciHROLd4s9wDrJCIAK9Q kMaPeasaFv6osRN/XlumxYC7gPC5N86g6lX9ylFXnXTW6yTViylZN2TtcqRdM6VI 0p7C7Rxi+99Sva/9M2L1L2F+V+wwLF5LGtN7KTR67LIihxlYFLDXRMH2BRebeS47 ruW5iK6KFCvqsGGMcNF9 =mEsp -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36adade2-1c19-2089-bca4-dcef16420fd1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Memory balancing - security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-18 15:20, admix...@gmail.com wrote: > Hi, What do you think about using memory balancing between several VMs. Is > it security risk? If someone exploited two VM (for example with tor and > without), he can fill all accessible memory on one VM and release them and > then other suspected vm can reserve all memory and look for a pattern. The > malicious program without access to other VM can also reserve memory from > time to time and looking for sensitive data from other VM. > > Regards > Qubes is designed to perform memory balancing in a secure way that is not vulnerable to the type of risk you've described. You can read more about how memory balancing works in Qubes here: https://www.qubes-os.org/doc/qmemman/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1PGAAoJENtN07w5UDAwR4IP/1xQdNWK3MGfskr8F6nVBQXd wR1W5LOFh7yE0iiIyb9AhCnRzjiDC/PC0lphRDwZcKUai5p+zdr7XHn8sYs1vpTW KTX2Ex+ZU152/qKZSIEvCncMqKj5q//JM80jd61QSSIx2HhOecIEWkYtK9mHcet8 BhcS1Xb6NY+eMKxWWz6OhsGad1xhILG+EV3QaF9etb8utZxmr7EkRi9qc5sLNDRD 8seUyI8571xpB9YgYGMlzLvxk975Vpz5cCjLUj9jnGWl7PAaGA/ffn85rBk9o3gL 2tvAr1ykpBG17CvCtDVOx4wbc4LFzYi3x1Ldjs57esuPQJPtxjkjxLpdgIEJSPw7 E4OG/cx0qto6dSdrgHohIP6TO6iDveTnrIWCUqsdnnZrRNlSCBff/3mm1BRXTPzr awJ36JQx5baGuwiNBt9z7ngGCJ7GVFXsTnirtkLRcLN4HZ2DXY9jFmSM+1h1Df0b 7X0uwBHcczmfNRZXgcgNbhKO+ciXfBZCPlZQIN62wTFuPsmseAZkXtfRAAI3Tui3 n7bgSxV6lFpdDa2jkf34gGRypZ5VwtC/e1/X9EeDgljgxOxsy2a+1nEsilrXxxIT WTyRtPvUCd+ps6X3iXFw7oJ4PH8WWKKKkQW+fyKnxAulxtxv+AYzpZBJmJK34hNt AG8C3lBNBrp0NJR7hKmM =kp5P -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c42930f-8a0f-fdc3-9c62-ab5ecd896d86%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2RC2, AMD / IOMMU weirdness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-18 10:19, Foppe de Haan wrote: > I've been slowly figuring out how qubes works, and configuring it the way > I want, while getting used to linux at the same time (which means I'm not > very good at things other than diagnosing and prodding around yet). > > As such, I found out today that IOMMU doesn't appear to be enabled, and > qubes-hcl-report lists it as 'no', even though it "should" be there and > work. The reason why this is the case eludes me, as I am not really seeing > any errors beyond the exceedingly uninformative outcome -- "error > initialization" in xl dmesg. Can anyone help me along on the way to > figuring out why this may be the case? > > My CPU is listed as supporting IOMMU (amd athlon x4 845, carrizo core), my > BIOS has the option enabled, and lspci lists a IOMMU device. > > I've attached a few log files that contain information that googling > around told me may be relevant; I have also searched the qubes-users and > -devel groups, but not really found much, apart from outdated information > (referring to xen 4.3, 4.4, 3.x). > > Thank you in advance. :) > > For reference: what I believe are the most directly relevant bits from the > attached files: > > xl dmesg: (XEN) ACPI: IVRS CC9AD968, 00D0 (r2AMD BANTRY 1 AMD > 0 (XEN) Enabling APIC mode: Flat. Using 2 I/O APICs ... (XEN) alt table > 82d0802c6b30 -> 82d0802c7d90 (XEN) PCI: MCFG configuration 0: base > f000 segment buses 00 - 3f (XEN) PCI: MCFG area at f000 > reserved in E820 (XEN) PCI: Using MCFG for segment bus 00-3f (XEN) > AMD-Vi: Error initialization (XEN) I/O virtualisation disabled (XEN) > nr_sockets: 3 (XEN) ENABLING IO-APIC IRQs (XEN) HVM: ASIDs enabled. (XEN) > SVM: Supported advanced features: (XEN) - Nested Page Tables (NPT) (XEN) > - Last Branch Record (LBR) Virtualisation (XEN) - Next-RIP Saved on > #VMEXIT (XEN) - VMCB Clean Bits (XEN) - DecodeAssists (XEN) - > Pause-Intercept Filter (XEN) - TSC Rate MSR (XEN) HVM: SVM enabled (XEN) > HVM: Hardware Assisted Paging (HAP) detected (XEN) HVM: HAP page sizes: > 4kB, 2MB, 1GB (XEN) HVM: PVH mode not supported on this platform > > lscpu: Vendor ID: AuthenticAMD CPU family:21 > Model: 96 Model name:AMD Athlon(tm) X4 845 Quad Core Processor > Stepping: 1 CPU MHz: 3493.540 BogoMIPS: 6987.08 > Hypervisor vendor: Xen Virtualization type: none > > lspci: 00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Device 1577 > > xlinfo: virt_caps : hvm xen_version: 4.6.1 > xen_caps : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p > hvm-3.0-x86_64 xen_scheduler : credit xen_pagesize : > 4096 platform_params: virt_start=0x8000 xen_changeset : > xen_commandline: loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M > Just a shot in the dark: In order for IOMMU to work, it has to be supported by the CPU, chipset, and motherboard. According to this previous guide, a common problem faced by many users looking for compatible hardware is that even though their CPU supports VT-d/IOMMU, their chipset does not: https://groups.google.com/d/topic/qubes-users/Sz0Nuhi4N0o/discussion Is it possible that, even though your CPU supports IOMMU, your chipset does not? IIRC, some users have even found that their motherboard does not properly support VT-d/IOMMU, despite the option to enable it being available in the BIOS. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt1GcAAoJENtN07w5UDAwpbUQAMF/RBTo3SuYdkp4dKV8oWRm NQBdoLRJMQJKgTqn/91HEEEPZAmTJ9w+EtLPtcP9IMJWiooAIHuTeQtTryMAHxhF c7HCQqV1oOkLygNaY656wOGXgdd41vguYGXL1heDtfcwCliUC0Q1SE9tJ0BN+cV6 8xqjMkvF11evhhF0NPvpgGSqQHjgFPactIJ2L0UFnLI/bDa0j6152CF9/iDWsc18 tK05WfVJNCBX/VaM4SrkZoDcwdP5Nr90h1L6tBTN2Xn+1xHGwKt6lzumIjkX9Gtu ykCd5geeM3Bs/OWVu2IJcQlBNXS3w2fdxlIC6OF5KDJkJVifITZViiJth3GRjCyx lgvpe5bO0jREcRGT47WBy1opSxrQhxsZlGgXvowseS/HJeIRiGHkeTqddlqCZLy1 0UNIuvXvWv82iMy/lmQfUHH2SxqjMkWA9RZ4cjQm8Tyq2TkoLxlxN4MVZQ8BEQs1 RXR2mmK+sMAQJnZm4phtVzKze3bHXiJfaykaG4mvlTFtBOU5rkVLpSwGgzzQsVnU 8C4YjFoVOQAuDCn7Ibm4tc6Vw/JDUIaDOKaQHpzCIntTY/ZXt+briiILXV2lGadw tWVFdHUQt7Q9D4isVnUYPDQgsKHdogIpkwl/8STrqpyeZ7o5KbESq2yl13256ygT VNRTy+RgFOTo/aaqrVrk =M+cM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a83643c0-f5f7-bb5c-2297-1dd1a10a1906%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 Hardware Requirements
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-18 05:22, johnyju...@sigaint.org wrote: > The Qubes security team has written: > >> Consequently, we have decided to move to hardware memory virtualization >> for the upcoming Qubes 4.0 release [4]. > > And Joanna has written: > >> For Qubes 4 we want to move away from using PV as the default method of >> virtualization in favor of using hw-aided (i.e. SLAT-enforced) >> virtualization, which currently Xen offers as PVH. > > I'm currently on an AMD Athlon system. Does this mean that in order to use > Qubes 4.0, I will have to upgrade my hardware? ('Cause that would suck. :) > ) > > Thanks. > > JJ > I don't know enough about the AMD platform to answer definitively, but if I'm interpreting this Twitter exchange correctly, it sounds like you might be right: https://twitter.com/QubesOS/status/756041961203785728 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt0+1AAoJENtN07w5UDAwMIgP/1F6RnYX3RVotvOLdWgYb1xG IpBQdk/bYqseQq5aUbW2s7V4K8mAfvvUUT9KDc0jtLHJ4p3LVyRacRSTixMNie1D rJu9D2Kk0Ox8sWWs/HV+/Vk2B//AwV/eW9fyZqgZW22CikOPn/J4jU555hYQsosC MGLZyL3KGVH9JazvUgxPV8443neQNnh1dEXMI/DxDL1XL1CKxI1/GwwN2ghScrX8 F/v3Cm3MofDD65pjJXNTAMXB9oNmN+RXvtCKseAGKJeEWEfDjtSCFkqeMeYgRuTf lqDWzwuOWjhNHrwlQ5tZF3mPGfrU/EEk0gl2I0M7H6gjHs81AYihv61m5wK/IZST 6bjrsPkZUXOAk0dNcyUniJNTYBqKTkhdgTvfx2nGNKDp243S8hUSIo/GP1FfrmbH Mqpd1J+g22suoYhKXNtnNA36gh5m36CXX0fXlJmBOQDSz63SmrEwRIi81yT6wjj7 EXm0sM80uW3Zv2k/fKvcK2cBwMqGehQ9MD4K/bsRcrlJ0IGwK/mU0lsIWiRaEUcq 6n/suoiScHydVIX9It7halZHfZKnz76XUE+sG5083iXo6C+jgmKhqKy1OA1rGFmt MesQ5C3HITdCvad6a5y8bO2xvrvOXVg4sfVKWup4zhJC1wsqPvtCKocqT0pahTb6 U4LpyG4Z25Na1G2C69yj =1Xp8 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa11cb2c-6b5c-170c-8b21-337c9d172824%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Screen corruption on nvidia
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-18 04:44, johnyju...@sigaint.org wrote: > This problem persists in 3.2rc2. > > JJ > Several packages were recently pushed to testing repos (see qubes-buider-github comments on the issue). Have you had a chance to try those? P.S. - Please keep the list CCed and try not to top-post. However, under Qubes, I experience random screen corruption. See: https://i.imgur.com/ovEFgYO.png >> >>> Looks like it could be this issue: >>> >>> https://github.com/QubesOS/qubes-issues/issues/1028 >>> >>> As you can see from the qubes-builder-github comments, some patches >>> for this are already in the testing repos. You may want to give those a >>> try. >> >> Awesome! Will give that a shot. Thanks for the reply! :) >> - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt00bAAoJENtN07w5UDAwsmMP/1sY/IiuOY8smMwFNWJlekd7 N/296EgTEN0Q/r5VJWMyXIHcwXoLFRk3aKBoUoCXoRPRAD2Zyl6oQOMjx9oZhL7V AYSrFaGe9LWVYsoYfutYboz+ajMpFnxkR4mjHaaSe1vRdmzzyzF81bC2Bnn7j2Mh IuNM7MdKSaCsjD+dzfyLQWvoGVsCzy43yilXTkVsDwc93XXUmGv3CLyhY4ywPFAw HsNHRM6jtXIeS7FAGOe8/uqRtPR0yUDwnQgTaCoCF38oFvFsHpUzlwlfl7YGQ9ce lBb/fNkVoArKW6HnzoLC4ZWjDl8TeStjiuVCmJ+6QjwXI15+iSLpC+ejHXOaHsxj lqaGQrEzOq7v5vTVUM2zMxR3M9Um53245ivEHCBX3a13KMSm7/ocoaA0+St74Ju7 zLjSL5hFivZ9rg0FAjZeFv9R8lJvZVR+9PeDUbhtguEH4p2cUikNngyprtcNl1Fs 6FOJmBDicNBO1f1uQfigowxI/cVITrqMgcOzgpX2i0ZSN+iKvlWHCsU78M5U1o2Z DM9kmC+BZLndVC4ooUlvMV8Fk8uPZ5IcBxlZ6rd0+wXsHoq8wfQJdaUiJf3azWGI w4uNdKk4IgCjoTMBlQEuoxrsNUeSa690ujARZNbEPqV2hL1VeEMumG1OMOVVw/5V rFKNdEU75fu+WpYL2HGQ =mf2l -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f381a671-6a75-1cb6-9265-66f5b737e4d5%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Network Access dom0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-17 15:06, Desobediente wrote: > The bumblebee docs tell you to use yum/dnf without gpg. > > I haven't found their keys also. Normally it sits on a > keyserver.example.com or keys.example.com > > Giving the circumstances, I'd guess there aren't any. > > There is a "just works" way to do it, but I'm not the one telling how to > do that. Just ask them to generate gpg keys. > Is the "just works" method adding "gpgcheck = 0" to the repo file? If so, then I can understand why you wouldn't want to tell anyone how to do that, since it'd render them vulnerable to a potential MitM attack. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt0vNAAoJENtN07w5UDAwQl8QALRLtl7E/d3LLADwDnmD53a0 kq1yxZsHzxYxV/tp6SKaScjk8GJa0p80gX27QEWLx+1/iasEmGFJrNGNY7/KyFUi yKcs04DJSVi9O3zc/tmFcPAXrC13lhP9ONuBeP5PbJ9R/jbIGzxgxv85lj6kfNy2 bVq1W9YbmzPgORXIZqGNeYXmEcHrou8Qb4xgP9fh1GFuXUy6YiNb0C/ECkqGewHk 8hjoEm5/QjD5BitdqDr32n2GmOpXjs9/15Ae0JTBGGHSGNAD+A/HQ6gk/9aPt1q/ KRJW0ZW118hPLltjuNo99eBD2BTpeaNE1JZ0xic/RV4HhYL28Ivu+qCfpaLHxENG zF/gNk5PkdbKJhjXoOizXj9q8YwPP60IKYrteN0+TPHSzayscVTn2s4oSi2YlxbE xHfWSbp+Xqo14f2E+0rSTor44UdRFcOg2UHB+2roCbgN2+Ta+SQRtlEXO+7ehrpN 60LFS7HPTK7GNaVYvmFvSZxDHpLaZymxvYHRpGwiP/x2T75Ceg9XoUnl4iGdMiIO jo/C+8sXF1Oa8PNHtA+d5bpqh4duELsDGNjV9R9EKNRBUlrVdMdGhjuhhzk3JSsa TL/u47RoSd4nQYdOPdUgBHZlLVqchBKqrM0lPoYTebRRTxi5Ns9kMFHvrzssLJxy a25Kb7ATBBPJ8HsEoxNI =XUBP -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9305ab9-21d3-a80a-118a-99f272c59fa8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is it possible to select different fedora repository mirror
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-16 12:39, salmander wrote: > In many distributions it's possible to select a mirror server. > > How can i do it in fedora template vm? > > I notice slow network updates. Maybe because of location. > I'm not sure, but my guess is that it should largely the same as Fedora, the difference being where you make the changes (dom0, sys-firewall, or sys-net). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXt0faAAoJENtN07w5UDAw2nEP/AoQO4CKhyCLIRGB4DHFTjnw zMOusauWkcp2QZAgIxYEEwNGo37aJ0q8VIGqOK9WVT/aYCiZeq+zbg4jpNcVscR2 cQ3Kd8GKw9cboqwHDWoL7r3ld6nn4PEqs+/I5KrMwp5wuLfip/xpNZVOxRxBTuMi D6L0dpkp99HMM/GuuaIal6UVXlFa1Gc7WlUDfVFK57Wbho9/KuSLw0vO6m/J6Qv3 pPVdZnDgQmZS1rorfHIwnUnxy50/uDOgXfed9flwNbyRLycVvY6P4nZHZzDyRUbv TwU5uXuikGoU0KtyT1YtRLIJtsndKuY0iEV+CKrO0KXEFJRy/PmqtZrarCOYb4dQ UTKhvJjUfRkfU77ncOzzsIWRw9sgaLxEmx+h9t8uNC5RW5xHm2hGHxC9mg0+4CKm +Q9fdehSuc1k9gKDmpDjZe4/WQSO2bAjq6Divn1m2OH04ZzK94MvR9xAKMtSUgHG CkWta0C7yps4WvjlS3bq7FY35kPZ7ch3P2z1Mmvh9rkjMenP1wAFtj3yyc6Oz41e Yv3l/DTk8V38vxyVxubr3bGIuFz40s0wyp4KFoJTGBQ/yX5feQy4avCY/BFG1FTe F7WAdQeP94mv5T2opNGaMpK9GnCEhcqfIcKdMT/zpQ8Fz+/9HYMqjbRtKvcQHIL0 DduanIM90QXbXG5zGq0v =aKeC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/349be02f-5e30-8e5c-78a2-be2b6d5a46e1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installation boot problems on Lenovo T420
Hi everyone (Sorry if this is a double post, my post from a few hours ago didn't seem to go through) Would-be new user of Qubes here, but a longtime Linux user. I'm trying to install Qubes-R3.1-x86_64 on a Lenovo Thinkpad T420. I encountered the "hangs on penguins" problem described here: https://www.qubes-os.org/doc/uefi-troubleshooting/ I followed the steps there and they all worked well, until the very last section where it asks for " /boot/efi partition number". I don't know what that is and I don't think it came from the previous steps. I tried it with the entry number and with a similar number that came up during a different step, but neither worked. One time it gave me an error reading "segmentation fault" and something about needing a unique instance. When I rebooted, I couldn't boot to anything. Another time it created two instances of Qubes in the boot menu but trying to boot to either got stuck at penguins. I think all I really need is to know what a partition number is and where to find it. Googling hasn't helped me so far, and I'd really appreciate any help you all could provide. Thanks so much for all your work!! Looking forward to getting Qubes going. -CR - -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8fba309cbc0a93ccd396e6843f9a6d0c.squirrel%40mail.resist.ca. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Boot problems on Lenovo T420 thinkpad
Hi everyone, Would-be new user of Qubes here, but a longtime Linux user. I'm trying to install Qubes-R3.1-x86_64 on a Lenovo Thinkpad T420. I encountered the "hangs on penguins" problem described here: https://www.qubes-os.org/doc/uefi-troubleshooting/ I followed the steps there and they all worked well, until the very last section where it asks for " /boot/efi partition number". I don't know what that is and I don't think it came from the previous steps. I tried it with the entry number and with a similar number that came up during a different step, but neither worked. One time it gave me an error reading "segmentation fault" and something about needing a unique instance. When I rebooted, I couldn't boot to anything. Another time it created two instances of Qubes in the boot menu but trying to boot to either got stuck at penguins. I think all I really need is to know what a partition number is and where to find it. Googling hasn't helped me so far, and I'd really appreciate any help you all could provide. Thanks so much for all your work!! Looking forward to getting Qubes going. -CR - -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/391850c7c9ac5d73e9f75c016a129120.squirrel%40mail.resist.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: installing Signal on Qubes mini-HOWTO
> Is F-Droid's Silence any better than Signal given it can run without > Google Play Store? I use CyanogenMod Android minus most of the Google malware (ie. no Google play). In that configuration Signal refuses to work because it (at least) depends on Google Play for notifications. Silence however does not, and works great. On Android, with a sim card. However, it is my (not deeply researched!!) understanding that the Signal dev(s) do not like/permit other applications connecting to their servers. No servers, no direct messages, all Silence messages are necessarily SMS messages going over the phone network. So Silence will not work outside of a phone with a working sim card. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160816184247.02dd35bc%40armor-mail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Problem with headphones in Qubes-OS 3.2rc2
also forgot to mention, even after I unplugged the headphones I'm having the same issue -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/14552408-f848-4398-b932-a921c3e8a25b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Problem with headphones in Qubes-OS 3.2rc2
On Friday, August 19, 2016 at 12:07:23 PM UTC-4, York Keyser wrote: > Hi List, > > I think I have a problem with the sound on my Qubes-OS 3.2rc2. Sound > works fine with the speaker, but as soon I plug in headphones I can't > hear anything. I can see the that the sound is playing in the Volumen > Control but I can't hear anything. Also, it the Volumen Control shows > that the headphones are plugged in. Anybody with the same problem or is > it maybe a Layer 8 problem ;) > > Regards York I was just about to post the same problem, I'm guessing I have to pass a device to the vm I'm just unsure which one. I had my headphones plugged in when I started audacious in one of my vms I got this error message: ALSA error: No suitable mixer element found. ALSA error: snd_mixer_attach failed: No such file or directory. when trying to play some of the songs I got this: ALSA error: No suitable mixer element found. ALSA error: snd_mixer_attach failed: No such file or directory. ALSA error: snd_pcm_open failed: No such file or directory. I'm updating my VM's and rebooting to see if it helps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b378e1b5-5fcd-4354-b758-595525bd3c6d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HVMs auto-resizing, causing positioning issues.
I have a minor GUI usability issue. I'm using a smaller monitor, and my CentOS 7 HVMs seem to always want to take up the entire height of the screen. The problem is the HVM window title bar will show at the top cutting off a little at the bottom of the window. When using text-mode/CLI, this means once I get to the bottom of the screen I can't see what I'm typing. I've tried right-clicking on the title bar, going to More Actions, then Special Window Settings. If I set Position to Force 0,-25, this seems to work when I do it manually. When the HVM boots again it works... for the first bootloader screen. However, after that, the HVM re-sizes itself, and I'm in the same boat again. Now, when I go back to look at the settings, it still says Force 0,-25, and if I hit OK, it will resize. The problem is it doesn't do this automatically upon resizing. I could force position to 0,0 then remove the header and frame. But then I can't figure out how to get the header back, in order to get to the "Special Windows Settings" menu section again... in case I want to make further changes. If I right-click on the HVM in the taskbar there is a "More Actions" section, but no "Special Windows Settings". I can only seem to find it when right-clicking the title bar. But I've removed the title bar for this HVM now...! Any ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAM9FSFwhrhk4DvRSMzNazVVBCTNXKrrBrUXHk%2BfrAKj7pQkA2g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Problem with headphones in Qubes-OS 3.2rc2
Hi List, I think I have a problem with the sound on my Qubes-OS 3.2rc2. Sound works fine with the speaker, but as soon I plug in headphones I can't hear anything. I can see the that the sound is playing in the Volumen Control but I can't hear anything. Also, it the Volumen Control shows that the headphones are plugged in. Anybody with the same problem or is it maybe a Layer 8 problem ;) Regards York -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/144e9c53-b753-085c-e66e-c773312c88cc%40cryptea.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 3.2RC1 fresh install, no internet access on sys-net
Hi, i did install a fresh copy of 3.2RC2 on a HP DL360 G6. when sys-net start, i can see icon on the top (dom0) saying Connection established, but there is no network access. my dhcp server provide ip address to Qubes, i can see it with ifconfig on sys-net, but i can't ping other device on the network from sys-net terminal. Also, from the cisco switch or from the dhcp server, i can't ping the address provided to qubes. i downgraded to 3.1 to check, and the problem remain. I did install VMware Esxi 6.0, and everything is fine with network. here is the /etc/resolv.conf of sys-net [user@sys-net ~]$ cat /etc/resolv.conf # Generated by NetworkManager search jefflinux.com nameserver 10.195.198.2 this is my domain and my dhcp/dns server ip address I did try to set it to static (with dns and gateway) using the red network icon in the dom0 menu bar, but still no success. can't ping from each side. here is the log from my dhcp server: Aug 19 11:28:33 pingouin dnsmasq-dhcp[24241]: DHCPDISCOVER(enp10s0) f4:ce:46:85:0b:70 Aug 19 11:28:33 pingouin dnsmasq-dhcp[24241]: DHCPOFFER(enp10s0) 10.195.198.171 f4:ce:46:85:0b:70 Aug 19 11:28:33 pingouin dnsmasq-dhcp[24241]: DHCPREQUEST(enp10s0) 10.195.198.171 f4:ce:46:85:0b:70 Aug 19 11:28:33 pingouin dnsmasq-dhcp[24241]: DHCPACK(enp10s0) 10.195.198.171 f4:ce:46:85:0b:70 on sys-firewall, the resolv.conf only have 10.137.1.1 and .254, which is normal... Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4faf690b-6ab6-449f-8a7c-10f45f690b35%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Root Drive Corruption - Solved???
>> This problem persists in 3.2rc2. >> >> (And I get 0 errors on the same USB drive under Tails. When I can find >> the SATA power connector around here somewhere, I'll try moving the >> drive >> direct onto the SATA bus.) > > I think the problem *may* be that systemd has a default 90 second timeout > on jobs, including unmounting root. > > On an external USB drive, due to slower transfer times, the shutdown > process of all the VM's, killing processes, flushing buffers, etc., > happens to take long enough that a clean unmount of the drive doesn't get > a chance to occur, leaned to a corrupted filesystem. I am very new to systemd, but I believe the cause of my corruption is that there may be a typo bug in one of the directives for systemd's umount.target. "systemctl show umount.target" reveals: > JobTimeoutUSec=0 "man systemd.directives" and "man system.unit" do not show any such directive; however, they do show "JobTimeoutSec" which I believe was likely the intended directive, and which would set no limit on waiting for that shutdown filesystem unmount, and I believe would prevent the corruption I was seeing. A zgrep of all the man pages shows no indication of JobTimeoutUSec being a legit property. Cheers. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db8ae328392da35722270028da397924.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Kernel panic while trying to install 3.1rc2
> > You don't need to rebuild anything, just add boot_delay=10 to kernel > command line. In grub you can press "e" to edit the entry, add the > option to the line with "vmlinuz", then press ctrl+x to boot it. > It looks as though this thread went nowhere. I'm having the same problem as the original poster above. I've tried creating an install USB with both Windows and Linux - same result. I'm happy to try editing the edit kernel command line, but am hoping someone has solved this before I proceed. Please let me know if this problem wasn't solved. Thanks, Mike -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/910ae500-150e-4732-b1e6-d0cb57f3552c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Clipboard
Is there any qvm-* command, or other method, to programmatically copy to the qubes clipboard? (Similar to my last question, a perfectly reasonable answer might be "of course not, are you crazy?" due to security concerns. Requiring explicit dom0/GUI user interaction for clipboard manipulation seems like a good idea, but I thought I'd ask anyway.) Thanks. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2408739537fe2bea30a6226612c7c27c.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-run only available from dom0?
When I try to run qvm-run from within an AppVM, I get "Request refused." Is this by design, for security reasons? If so, I guess that's perfectly reasonable. I just don't see that fact documented anywhere. (The demonstration of one of the Xen exploits executes a qvm-run of xcalc in dom0 from an compromised AppVM, which kind of implies the fact that such behaviour is normally restricted between AppVM's. If this is indeed the case, it might be useful if certain commands could be configurably whitelisted, from a config file in dom0, to be qvm-run between specific VM's.) Thanks. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/adaab082c9baec5d6fc0897ef0a544fc.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Root Drive Corruption
> This problem persists in 3.2rc2. > > (And I get 0 errors on the same USB drive under Tails. When I can find > the SATA power connector around here somewhere, I'll try moving the drive > direct onto the SATA bus.) I think the problem *may* be that systemd has a default 90 second timeout on jobs, including unmounting root. On an external USB drive, due to slower transfer times, the shutdown process of all the VM's, killing processes, flushing buffers, etc., happens to take long enough that a clean unmount of the drive doesn't get a chance to occur, leaned to a corrupted filesystem. If I shut down each Appvm manually before finally doing the reboot, the work left to do on shutdown lets the unmount occur with in 90 seconds, so the drive shuts down cleanly. I think that's what I've been seeing, anyway. There's a lot of disk activity while systemd talks about outstanding jobs, and while the time remaining of waiting for the jobs, ticks down to zero. Now, why the fsck on boot fails (and things fall into r/o mode, and fail thus hang the boot sequence), I'm not sure. It could be a similar problem, that startup jobs aren't happening within the 90 second default job window for systemd (due to slower USB transfers, and the time taken for the fsck), and the boot process gives up. People with internal drives and killer machines wouldn't see this issue. I'm going to try cranking up DefaultTimeoutStartSec and DefaultTimeoutStopSec in /etc/systemd/system.conf, and see if that improves the situation. I'll also scrutinize systemd-analyze (which I just learned about, being an old-school /etc/init.d guy, lol) and see if that confirms my suspicions. Cheers, JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c13a5de2f52dc81b5b34fc3b2d74474.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Screen corruption on nvidia
However, under Qubes, I experience random screen corruption. See: https://i.imgur.com/ovEFgYO.png > This problem persists in 3.2rc2. > > JJ Actually, just FYI, the behavior seems to be a lot better under 3.2rc2. I've only seen it a couple of times, versus seeing it consistently under 3.1. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0016acf00ca3d64f97e679c8d40277ee.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.