[qubes-users] Re: making hvm iso to block device?

[grzegorz . chodzicki]

Why would You want to do that? You can pass the .iso file as an rgument of the 
--drive or --cdrom arguments for the qvm-start script

If the iso resides in a vm all You need to do is do it like this (assuming the 
VM which holds the iso is named test and the hvm is named test2)

qvm start test2 --drive=:test\path\to\.iso

Remember to put \ character if You have spaces in the directory path or rename 
the files\catalogues so the names don't have spaces.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c13e82d-2770-4021-8c75-90d703bac3b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Making screenshots of Installation..

[grzegorz . chodzicki]

W dniu piątek, 2 września 2016 23:52:43 UTC+2 użytkownik Fabian Wloch napisał:
> Hello,
> I have the following problem: I want to make some screenshots during the 
> installation / record the installation process on video, but I can't boot 
> into the installer at all.
> My reason for this is to make some screenshots/video for an installation 
> guide.
> 
> 
> I tried with Qubes 3.2-RC2 and 3.2-RC3 Image, none of these work.
> Qubes 3.1 works, but the installer in 3.1 is quite "outdated".
> 
> What I tested:
> Booting Qubes ISO in VirtualBox on Windows Host
> Booting Qubes ISO in in Qubes as Host
> Booting USB Drive with Qubes ISO on Qubes as Host (ISO written with dd)
> Booting USB Drive with Qubes ISO on Qubes as Host (ISO written with Rufus)
> Booting DVD with Qubes ISO on Qubes as Host
> 
> ISO checksums / signatures are fine. Checking the installation files before 
> installing (The boot option "Check installation files & install" from the 
> Image) doesn't work because the error appears before the actual check is 
> performed.
> 
> I always get the same error:
> https://i.imgur.com/W5R9Evv.png
> 
> Can anyone confirm this / has anyone a hint how I can get it work?
> 
> I also tried other ISO files, like Fedora 24, Debian or Tails. All working 
> fine.
> 
> By the way, I also tried the Screenshot-Feature from Anaconda when installing 
> it onto my hard drive, it always results into a black screen imminently after 
> pressing the key-combo, which does not disappear. I always need to restart 
> the system after trying.
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/sect-adminoptions-screenshots.html
> 
> -Fabian

IIRC the screenshots from the installation process that are in the 
documentation were made by running Qubes inside virtualbox. If all else fails 
try a hrdware video grabber.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ec3753f-1ef8-4344-9bf5-084b1e74c705%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Benefits of running Qubes on server-grade hardware?

[grzegorz . chodzicki]

I know that QubesOS is developed mostly with notebook use in mind, however some 
users, me included, opt to run it on desktop computers. The question is, is 
there any advantage of building a Qubes-dedicated machine on workstation/server 
components? 
Will Qubes be able to take advantage of higher core count in Xeon processors? 
Or two processors if a user decides to build a dual-CPU rig? 
Does the system performance scale with the number of available cores/ clock 
speed?
Can it take advantage of ECC RAM?
Server hardware that is few years old can be bought for dirt cheap (Xeon 
E5-2670 has 8 cores and costs about 75$).

I'll be upgrading from my current PC and I'm seriously considering building a 
rig around a Xeon processor and a motherboard with ECC RAM but if there is no 
real benefit then what's the point?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46064a78-8838-4508-91d0-a0741f5c9474%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [3.2rc2] Pulseaudio 100% CPU load at dom0

[David Hobach]

On 09/02/2016 07:10 PM, entr0py wrote:

David Hobach:

On 08/31/2016 08:14 PM, entr0py wrote:

Eva Star:

3.2rc2 - clean install (on 3.2rc1 with updates I do not have this
problem)

At dom0 pulseaudio proccess always eat 100% of CPU. If I kill it,
then it starts again! Please, help. Hot to fix this issue or how
to disable pulseaudio start after kill.


Same problem here, only by updating though.


Had similar symptoms on Qubes 3.1. If you have multiple audio
adapters (ie Onboard + HDMI), disable one. (On KDE, it was
PulseAudio Volume Control > Configuration. Don't know XFCE.)


I also have multiple (incl. external). Disconnecting the external one
does not appear to help though.

Pulseaudio child processes constantly die and get started again, i.e.
the PID is changing every 1-2s. I guess that's not normal? Sound in
VMs is stuttering.

rsyslogd also eats quite a lot of CPU, but I bet it's due to the
pulse logs.

Sample log and /etc/pulse/default.pa attached.

Anyone got an idea?



In my case, the Onboard and HDMI adapters kept trying to connect, kicking out 
the other adapter. The machine would basically lock up every few seconds and 
CPU would max out. Same symptoms as you describe with the PIDs.

What I did specifically was go to Configuration tab and set Profile to 'Off'. 
One of the dom0 updates caused this setting to revert to its default. Perhaps 
you've got another adapter besides the USB, or the machine keeps looking for 
the disconnected adapter?


You were 100% right.

In my case I had connected a new GPU which had registered itself as new 
audio output device (HDMI) and apparently kept pulseaudio busy.


For reference:
Non-KDE users can pop up a dom0 console and use the "systemsettings" 
command to get into the GUI. There you can go to Multimedia -> Audio 
Hardware setup and switch the unneeded sound cards off (Profile = off).


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a679e42-b36a-10ca-c06d-40e48e2a1689%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Re: making hvm iso to block device?

[pixel fairy]

On Saturday, September 3, 2016 at 2:05:23 AM UTC-7, grzegorz@gmail.com 
wrote:
> Why would You want to do that? You can pass the .iso file as an rgument of 
> the --drive or --cdrom arguments for the qvm-start script
> 
> If the iso resides in a vm all You need to do is do it like this (assuming 
> the VM which holds the iso is named test and the hvm is named test2)
> 
> qvm start test2 --drive=:test\path\to\.iso
> 
> Remember to put \ character if You have spaces in the directory path or 
> rename the files\catalogues so the names don't have spaces.

thanks! i didnt scroll down far enough on that page :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bcddacb9-3d8b-4c96-ac02-1709b7441cbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[pixel fairy]

On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, grzegorz@gmail.com 
wrote:
> I know that QubesOS is developed mostly with notebook use in mind, however 
> some users, me included, opt to run it on desktop computers. The question is, 
> is there any advantage of building a Qubes-dedicated machine on 
> workstation/server components? 

mostly ecc ram. its a shame non-ecc is so prevalent. in practice, i dont think 
the difference is worth it. there are many more important variables.

> Will Qubes be able to take advantage of higher core count in Xeon processors? 
> Or two processors if a user decides to build a dual-CPU rig? 
> Does the system performance scale with the number of available cores/ clock 
> speed?

yes.

> Can it take advantage of ECC RAM?
> Server hardware that is few years old can be bought for dirt cheap (Xeon 
> E5-2670 has 8 cores and costs about 75$).

it will benefit the same as any another machine from ecc ram. 

> I'll be upgrading from my current PC and I'm seriously considering building a 
> rig around a Xeon processor and a motherboard with ECC RAM but if there is no 
> real benefit then what's the point?

apparently price is the advantage, but think of your ears! server hardware is 
loud. 

if your willing to spend more on good hardware, go for a good ssd, and good 
ddr4 ram (G.Skill or Geil) in case bitflipping attacks start showing up. 

http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-memory-501898.shtml

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f970b52a-a56a-4d0b-aed6-e87b1e1d427c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[grzegorz . chodzicki]

W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel fairy napisał:
> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, grzegorz@gmail.com 
> wrote:
> > I know that QubesOS is developed mostly with notebook use in mind, however 
> > some users, me included, opt to run it on desktop computers. The question 
> > is, is there any advantage of building a Qubes-dedicated machine on 
> > workstation/server components? 
> 
> mostly ecc ram. its a shame non-ecc is so prevalent. in practice, i dont 
> think the difference is worth it. there are many more important variables.
> 
> > Will Qubes be able to take advantage of higher core count in Xeon 
> > processors? 
> > Or two processors if a user decides to build a dual-CPU rig? 
> > Does the system performance scale with the number of available cores/ clock 
> > speed?
> 
> yes.
> 
> > Can it take advantage of ECC RAM?
> > Server hardware that is few years old can be bought for dirt cheap (Xeon 
> > E5-2670 has 8 cores and costs about 75$).
> 
> it will benefit the same as any another machine from ecc ram. 
> 
> > I'll be upgrading from my current PC and I'm seriously considering building 
> > a rig around a Xeon processor and a motherboard with ECC RAM but if there 
> > is no real benefit then what's the point?
> 
> apparently price is the advantage, but think of your ears! server hardware is 
> loud. 
> 
> if your willing to spend more on good hardware, go for a good ssd, and good 
> ddr4 ram (G.Skill or Geil) in case bitflipping attacks start showing up. 
> 
> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-memory-501898.shtml

Xeon it is then. As for the rowhammering attack as far as I know ECC RAM is not 
vulnereable to that. t's a shame that the more powerful Xeon CPUs don't come 
with a built in GPU, I'll have to make do with a current one. Added benefit 
here is that pretty much all Xeons support technologies necessary for Qubes 4.0 
compliance. Wonder why they aren't more popular among desktop users.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac34c4c8-22ba-461d-a428-cd7cdfa0b8f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> fairy napisał:
>> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
>> grzegorz@gmail.com wrote:
>>> I know that QubesOS is developed mostly with notebook use in 
>>> mind, however some users, me included, opt to run it on
>>> desktop computers. The question is, is there any advantage of
>>> building a Qubes-dedicated machine on workstation/server
>>> components?
>> 
>> mostly ecc ram. its a shame non-ecc is so prevalent. in practice,
>> i dont think the difference is worth it. there are many more 
>> important variables.
>> 
>>> Will Qubes be able to take advantage of higher core count in
>>> Xeon processors? Or two processors if a user decides to build
>>> a dual-CPU rig? Does the system performance scale with the
>>> number of available cores/ clock speed?
>> 
>> yes.
>> 
>>> Can it take advantage of ECC RAM? Server hardware that is few 
>>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
>>> cores and costs about 75$).
>> 
>> it will benefit the same as any another machine from ecc ram.
>> 
>>> I'll be upgrading from my current PC and I'm seriously 
>>> considering building a rig around a Xeon processor and a 
>>> motherboard with ECC RAM but if there is no real benefit then 
>>> what's the point?
>> 
>> apparently price is the advantage, but think of your ears!
>> server hardware is loud.
>> 
>> if your willing to spend more on good hardware, go for a good
>> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
>> attacks start showing up.
>> 
>> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
ory-501898.shtml
>
>>
>> 
> Xeon it is then. As for the rowhammering attack as far as I know
> ECC RAM is not vulnereable to that.

Unfortunately, that's not true:

"Tests show that simple ECC solutions, providing single-error
correction and double-error detection (SECDED) capabilities, are not
able to correct or detect all observed disturbance errors because some
of them include more than two flipped bits per memory word."

https://en.wikipedia.org/wiki/Row_hammer#Mitigation

> t's a shame that the more powerful Xeon CPUs don't come with a
> built in GPU, I'll have to make do with a current one. Added
> benefit here is that pretty much all Xeons support technologies
> necessary for Qubes 4.0 compliance. Wonder why they aren't more
> popular among desktop users.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIbBAEBCgAGBQJXyr3BAAoJENtN07w5UDAwvucP+IL6Pht912BBzr/rsGBbwXMX
L97rBovZ4L21UimjrIwqSqrgvOzntD3+ltaG0qZFW/r//Qbp9WAEUk/E7Pm/9WPQ
bTlvY4cAn6nU8Ogg08LB5kJd4/wIMetIQ90SEtgUTiVuLJu7ykbXZTGknqoQmXtW
6l8nNkEoN/3KaSggJIJGBvNl3fZTlpkPfQkucUTKJNPI42r/ARvqdgCuLzIdCzXk
ol4CdrUUz06NpZODQ7NCJPanZ2ZsaPjbyAFRBNQ1RF/jJuRUwr12VqBLIhxMzWoA
zu2Hegh2kGig8GIU1S6Dsqdc+ykv3Btj55C0l0McrznC3IawK0G3Dp3xNYvScRvz
m8MlMIo6X64a8Ku0tXq6qKd4UWDJGBGAV2fwESnaJMNT+nts47TV8JuOJl9jI5Wt
GJro4ui0nE736cb6IVfMIYKtIeFWkdTK87NCyOv/uEOaNjzsQG6LvtFdie8Q3s8j
YPeBzxyfmVT3hKIkxNfM5BgU2CcLH+LrgtnfSRKjlDTz4Ynh8DUITpUPGK4xfHLB
ZpQx6a2WSDLI7tfaUiejWHFtAuQGF+791Vf9u8kubLct3Mp+vc9E5rWv4YnpEKML
zocxarGY2pY6X5EMxmUCQAA0wITLUvcvqxJ2LmJ2g6+9qc3trkWROqp9PuCCc7Go
mboB023gu1AyH/5oO5E=
=e2ZE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ed75595-b27a-cb75-1bd6-4e03a4f25d00%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[grzegorz . chodzicki]

W dniu sobota, 3 września 2016 14:11:04 UTC+2 użytkownik Andrew David Wong 
napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> > W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> > fairy napisał:
> >> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
> >> grzegorz@gmail.com wrote:
> >>> I know that QubesOS is developed mostly with notebook use in 
> >>> mind, however some users, me included, opt to run it on
> >>> desktop computers. The question is, is there any advantage of
> >>> building a Qubes-dedicated machine on workstation/server
> >>> components?
> >> 
> >> mostly ecc ram. its a shame non-ecc is so prevalent. in practice,
> >> i dont think the difference is worth it. there are many more 
> >> important variables.
> >> 
> >>> Will Qubes be able to take advantage of higher core count in
> >>> Xeon processors? Or two processors if a user decides to build
> >>> a dual-CPU rig? Does the system performance scale with the
> >>> number of available cores/ clock speed?
> >> 
> >> yes.
> >> 
> >>> Can it take advantage of ECC RAM? Server hardware that is few 
> >>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
> >>> cores and costs about 75$).
> >> 
> >> it will benefit the same as any another machine from ecc ram.
> >> 
> >>> I'll be upgrading from my current PC and I'm seriously 
> >>> considering building a rig around a Xeon processor and a 
> >>> motherboard with ECC RAM but if there is no real benefit then 
> >>> what's the point?
> >> 
> >> apparently price is the advantage, but think of your ears!
> >> server hardware is loud.
> >> 
> >> if your willing to spend more on good hardware, go for a good
> >> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
> >> attacks start showing up.
> >> 
> >> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
> ory-501898.shtml
> >
> >>
> >> 
> > Xeon it is then. As for the rowhammering attack as far as I know
> > ECC RAM is not vulnereable to that.
> 
> Unfortunately, that's not true:
> 
> "Tests show that simple ECC solutions, providing single-error
> correction and double-error detection (SECDED) capabilities, are not
> able to correct or detect all observed disturbance errors because some
> of them include more than two flipped bits per memory word."
> 
> https://en.wikipedia.org/wiki/Row_hammer#Mitigation
> 
Back to the drawing board it is then. What other precautions can we take to 
mitigate this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f72fb0a3-ac5a-4057-bf7e-3931a7a3ad83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-03 05:15, grzegorz.chodzi...@gmail.com wrote:
> W dniu sobota, 3 września 2016 14:11:04 UTC+2 użytkownik Andrew 
> David Wong napisał:
>> 
>> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
>>> W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
>>>  fairy napisał:
 On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
 grzegorz@gmail.com wrote:
> I know that QubesOS is developed mostly with notebook use 
> in mind, however some users, me included, opt to run it on
>  desktop computers. The question is, is there any
> advantage of building a Qubes-dedicated machine on
> workstation/server components?
 
 mostly ecc ram. its a shame non-ecc is so prevalent. in 
 practice, i dont think the difference is worth it. there are 
 many more important variables.
 
> Will Qubes be able to take advantage of higher core count 
> in Xeon processors? Or two processors if a user decides to 
> build a dual-CPU rig? Does the system performance scale 
> with the number of available cores/ clock speed?
 
 yes.
 
> Can it take advantage of ECC RAM? Server hardware that is 
> few years old can be bought for dirt cheap (Xeon E5-2670 
> has 8 cores and costs about 75$).
 
 it will benefit the same as any another machine from ecc 
 ram.
 
> I'll be upgrading from my current PC and I'm seriously 
> considering building a rig around a Xeon processor and a 
> motherboard with ECC RAM but if there is no real benefit 
> then what's the point?
 
 apparently price is the advantage, but think of your ears! 
 server hardware is loud.
 
 if your willing to spend more on good hardware, go for a good
 ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
 attacks start showing up.
 
 http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-m


 
>>> Xeon it is then. As for the rowhammering attack as far as I 
>>> know ECC RAM is not vulnereable to that.
>> 
>> Unfortunately, that's not true:
>> 
>> "Tests show that simple ECC solutions, providing single-error 
>> correction and double-error detection (SECDED) capabilities, are 
>> not able to correct or detect all observed disturbance errors 
>> because some of them include more than two flipped bits per 
>> memory word."
>> 
>> https://en.wikipedia.org/wiki/Row_hammer#Mitigation
>> 
> Back to the drawing board it is then. What other precautions can
> we take to mitigate this?
> 

You may want to test memory (by hammering it and checking for bit
flips) or rely on the test results others have reported:



- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXyr/cAAoJENtN07w5UDAwGT8P+wX1ilw/t6oeq3KpcT2Zr4p5
nCs+Qyl0ntn89QAtGxTcpYYsTSHZ3Iw6F3ovWJEtDcwFCC/i86Cgnp+VB9VZWKfk
tDt+3x3fUyFQ6I1wGIxjjvbVNmYFUo+cbMjQK2Y0OHfF2j+0zWJ/Nqaue2oems8O
EXPWAdt1KHkm5VlwqaKNjmuPKrJUlNw4ha90nQXNvtf5U9UDOmFnjrh19/PacZgH
Bk7Y2XUjxKHqaBAa6dv+fkH1x37LxeNmmUiyyLze6o5hNlhECeMjSxlLKbyE7asC
mrCemmsGEIuEbuiNTHZrRTJaViTT5EyccJQX708iiEwiEz5zVS3KwBLSHMMaaMBs
Aquld1b42OPezUTOCtTuSU/+oCCZJpqbWb3VB5GK/eLvYFoa2h4rD8E89Lwa4kNQ
vpz7AbZFn4YmVBfQ8rrS7qpay8JgRGChQM75pOSDlZzk8nf3uhYywlg+T1VlT6fL
RTQdzGLn67HBNdD7xIcd1utbLxNXSXfS+5FNMaBeZe3out96+jsNAwZADAkaNU6R
b1xNUSdZQSZ+j8j6w6b5EA7ddg6mH47BKcSMS0x4KP43xrHAP4maH1LCEVcaTJRK
P6kJzOvxrOhxVe5mtewzlRoXLDV1iyoJtlZA+So4ASyfi/ijRo1aZP90Yzwcsu/d
Ilpt015m7KVmu4KVzpmA
=nxuo
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a4b500a-de40-8ef4-8bce-d0ff6fa92392%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[grzegorz . chodzicki]

W dniu sobota, 3 września 2016 14:19:52 UTC+2 użytkownik Andrew David Wong 
napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-09-03 05:15, grzegorz.chodzi...@gmail.com wrote:
> > W dniu sobota, 3 września 2016 14:11:04 UTC+2 użytkownik Andrew 
> > David Wong napisał:
> >> 
> >> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> >>> W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> >>>  fairy napisał:
>  On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
>  grzegorz@gmail.com wrote:
> > I know that QubesOS is developed mostly with notebook use 
> > in mind, however some users, me included, opt to run it on
> >  desktop computers. The question is, is there any
> > advantage of building a Qubes-dedicated machine on
> > workstation/server components?
>  
>  mostly ecc ram. its a shame non-ecc is so prevalent. in 
>  practice, i dont think the difference is worth it. there are 
>  many more important variables.
>  
> > Will Qubes be able to take advantage of higher core count 
> > in Xeon processors? Or two processors if a user decides to 
> > build a dual-CPU rig? Does the system performance scale 
> > with the number of available cores/ clock speed?
>  
>  yes.
>  
> > Can it take advantage of ECC RAM? Server hardware that is 
> > few years old can be bought for dirt cheap (Xeon E5-2670 
> > has 8 cores and costs about 75$).
>  
>  it will benefit the same as any another machine from ecc 
>  ram.
>  
> > I'll be upgrading from my current PC and I'm seriously 
> > considering building a rig around a Xeon processor and a 
> > motherboard with ECC RAM but if there is no real benefit 
> > then what's the point?
>  
>  apparently price is the advantage, but think of your ears! 
>  server hardware is loud.
>  
>  if your willing to spend more on good hardware, go for a good
>  ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
>  attacks start showing up.
>  
>  http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-m
> 
> 
>  
> >>> Xeon it is then. As for the rowhammering attack as far as I 
> >>> know ECC RAM is not vulnereable to that.
> >> 
> >> Unfortunately, that's not true:
> >> 
> >> "Tests show that simple ECC solutions, providing single-error 
> >> correction and double-error detection (SECDED) capabilities, are 
> >> not able to correct or detect all observed disturbance errors 
> >> because some of them include more than two flipped bits per 
> >> memory word."
> >> 
> >> https://en.wikipedia.org/wiki/Row_hammer#Mitigation
> >> 
> > Back to the drawing board it is then. What other precautions can
> > we take to mitigate this?
> > 
> 
> You may want to test memory (by hammering it and checking for bit
> flips) or rely on the test results others have reported:
> 
>  ion>
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXyr/cAAoJENtN07w5UDAwGT8P+wX1ilw/t6oeq3KpcT2Zr4p5
> nCs+Qyl0ntn89QAtGxTcpYYsTSHZ3Iw6F3ovWJEtDcwFCC/i86Cgnp+VB9VZWKfk
> tDt+3x3fUyFQ6I1wGIxjjvbVNmYFUo+cbMjQK2Y0OHfF2j+0zWJ/Nqaue2oems8O
> EXPWAdt1KHkm5VlwqaKNjmuPKrJUlNw4ha90nQXNvtf5U9UDOmFnjrh19/PacZgH
> Bk7Y2XUjxKHqaBAa6dv+fkH1x37LxeNmmUiyyLze6o5hNlhECeMjSxlLKbyE7asC
> mrCemmsGEIuEbuiNTHZrRTJaViTT5EyccJQX708iiEwiEz5zVS3KwBLSHMMaaMBs
> Aquld1b42OPezUTOCtTuSU/+oCCZJpqbWb3VB5GK/eLvYFoa2h4rD8E89Lwa4kNQ
> vpz7AbZFn4YmVBfQ8rrS7qpay8JgRGChQM75pOSDlZzk8nf3uhYywlg+T1VlT6fL
> RTQdzGLn67HBNdD7xIcd1utbLxNXSXfS+5FNMaBeZe3out96+jsNAwZADAkaNU6R
> b1xNUSdZQSZ+j8j6w6b5EA7ddg6mH47BKcSMS0x4KP43xrHAP4maH1LCEVcaTJRK
> P6kJzOvxrOhxVe5mtewzlRoXLDV1iyoJtlZA+So4ASyfi/ijRo1aZP90Yzwcsu/d
> Ilpt015m7KVmu4KVzpmA
> =nxuo
> -END PGP SIGNATURE-

What about Xeon processors? Any other caveats I should know about before I buy 
one of these?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fa21e34-c0c9-4bfa-83cc-10eab4e231b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] seafile applet integration with the panel is not working

[kototamo]

Hello,

The seafile-applet (a kind of open-souce dropbox) is not being displayed in the 
xfce panel when started.

Is there something specific to check or fix to get it working?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b785e4dd-5eb9-4f02-b25b-5117c929165b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2-rc1, xfce4 volume control

[sebastian . jug]

In 3.2-rc3 the volume buttons still don't work for me either. I had to set the 
master card to #1 rather than #0 but I don't know how to change this for 
xfce4-volumed.


On Wednesday, July 13, 2016 at 11:38:01 PM UTC-4, raah...@gmail.com wrote:
> On Wednesday, July 13, 2016 at 6:27:41 PM UTC-4, Micah Lee wrote:
> > On 07/13/2016 03:07 PM, Marek Marczykowski-Górecki wrote:
> > > Wasn't that installed by default? It should be...
> > 
> > It wasn't for me. I installed xfce by installing the @xfce-desktop-qubes
> > package in dom0, rather than using the installer.
> > 
> > > Install xfce4-volumed. It will be installed by default in next release
> > > candidate.
> > 
> > Thanks!
> 
> did you figure out how to get your volume controls working.  I had same issue 
> and installed the audio mixer from panel preferences, but haven't got the kb 
> volume buttons working yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0702c347-b00d-452f-9464-c4c96156f321%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Announcement: Qubes OS 3.0 reaches EOL on 2016-09-09

[Dave Ewart]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Friday, 02.09.2016 at 12:17 -0700, Andrew David Wong wrote:

> As a reminder, Qubes OS 3.0 reaches EOL on 2016-09-09. If you're a
> current 3.0 user, we strongly urge you to upgrade to a newer release
> before 2016-09-09. You can read the full announcement here:
> 
> https://www.qubes-os.org/news/2016/09/02/qubes-os-3-0-eol-on-2016-09-09/
> 
> Please feel free to use this thread to discuss the announcement.

I've got 3.0 and therefore need to upgrade.

I note that 3.2 is not quite final release: I'd prefer not to install
3.1 only to consider 3.2 almost immediately afterwards.

Given the EOL for Qubes 3.0, is the recommended "upgrade to a newer
release before 2016-09-09" really recommending the 3.2 release
candidate?

Cheers,

Dave.

- -- 
Dave Ewart da...@sungate.co.uk, http://twitter.com/DaveEwart
All email from me is digitally signed, http://www.sungate.co.uk/
GPG key updated Jan 2013 see http://www.sungate.co.uk/gpg
Fingerprint: CF3A 93EF 01E6 16C5 AE7A  1D27 45E1 E473 378B B197
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCgAGBQJXywsdAAoJEEXh5HM3i7GXn6gf/A0xE+HqCq2yU5fYCJLPs9SG
N3iqpcwxS/dskSpefzrheYS5brycZX0DOxi7DsuVGOTIVCTRllu75V0nZurBcBwD
GGmeUGa/DVY3Ae/4E0hSup49mwF7FIEYixAmRcw23XIOkwEhlHFoJjMmpdKapsbj
DR7eojm3Pnihf4NNAJG9o/3oqUc43SZJ4idH/Iq6g8zvFMwd72aVL7abQC16I2tC
rG1ptUijrA8SQ+PrY2eSRJNtWC1PctGZTUo8WI77aBmxSJ7PILOY6E0bbntbKSMF
/VDxYaBh1KUZ0QnB2gpdYay/SA54+b4+stZXsHcrjFFJzWII3sGaUQq0ZmCjH+by
u1anMNNepT06GfeFRp3pzzWfZWKredJECHss3x3ZNzIY0mSBVie6QetQZ5NkH7C6
xA7tt/m8JKHGmzs1JIN5ot6vfy3nguKWz5r/h3U1gKsckuKBw3U3GY+jHIPxXEjF
mN1aPQZM7OHFhZTAZ36DirFbLGjS1JG0GMUuP9ZiLm107z57cpHZU6batXWdntww
qM6uKm0JOTqVTTdX7ssvjKfaP6pOobX+UpxdB/8eqJfK6tfumQhaHVuLtT4ooeb1
OSF8K8gWfsF2nTLXA7HfjAn1CRwhYOro7D6XNaxRbpOf9GVoCuD5VImuaxDmRblE
TwyO3dFAbTjclSRIzNIEcG//Fum8lqOZnPYzNrv7r0FGXGESFc1/AHjT555DXM4O
knmyLiFRyZQ0LeE75zJlTaSc4/b04sqEZ6O9ygL9Uzw7fd7yzpVy4y/04rxkfDnY
btOfb26j9KljGtrTf+Ma1s/BYMQEYp8e0VbwBKmBTWlFcC7pGf7NwE7aFMafEaQ0
MLGFa9w+zof5GFfdbt5DhA5vKFy4l7BjLBhf5aBtm5F0F5OlYvGiRI7wAZw51l0j
W+OcgubmiQ2shBTbLu/ftmFS+aSqYveaGSIfywkfllOMj3gFlLQzgNrRdL9ODevZ
f0o6SM2tPvHQG5dq3ZQo/3pJ/iaUS61rbTMpGYYDnxGyr/syKrMwaxvT4ke56F3y
M79tuTpKTN6iUHQAdJQ1//12zC8BN/gntga1ud6o3cXNfpcz8lv4VvaUuOtOnBjW
mikF3/pxuTh2zw04Nbrzi/OY1eakNeUbree9mWsBw9L694dmbTv/dYjenoEyFX0s
GrQzUKI5uBZu+MsC0RmclFW5XC6hQfYWcCt6nvfam3/wbPwMVHEZH7j5qiL6eYsF
mhmeFto/M5Ur6Y5CONZu51ogXL+FuxO7xhWKc9bjU8NBTi7zwL48oxLUZoVv9Gjv
1rorEBSK6EIy5dYySXrqiErxZLCAAOeEvo567rzFDCJoQCxXpn+TLb+HRxUfKio=
=saKC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160903174046.GB11916%40sungate.co.uk.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Announcement: Qubes OS 3.0 reaches EOL on 2016-09-09

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Sep 03, 2016 at 06:40:46PM +0100, Dave Ewart wrote:
> On Friday, 02.09.2016 at 12:17 -0700, Andrew David Wong wrote:
> 
> > As a reminder, Qubes OS 3.0 reaches EOL on 2016-09-09. If you're a
> > current 3.0 user, we strongly urge you to upgrade to a newer release
> > before 2016-09-09. You can read the full announcement here:
> > 
> > https://www.qubes-os.org/news/2016/09/02/qubes-os-3-0-eol-on-2016-09-09/
> > 
> > Please feel free to use this thread to discuss the announcement.
> 
> I've got 3.0 and therefore need to upgrade.
> 
> I note that 3.2 is not quite final release: I'd prefer not to install
> 3.1 only to consider 3.2 almost immediately afterwards.
> 
> Given the EOL for Qubes 3.0, is the recommended "upgrade to a newer
> release before 2016-09-09" really recommending the 3.2 release
> candidate?

Unless some major bug will be found in R3.2-rc3 (which is unlikely), the
final R3.2 will be exactly the same as R3.2-rc3. So, yes - upgrading to
R3.2-rc3 seems as a reasonable step.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXyw10AAoJENuP0xzK19csxokH/jRmFRApIWIG3omrayb/LaOv
+v2BUMzMlnvMM4MAJh8DSaeddn9DLlNUxkxN3EBxvKQki2gsioTruLtBSAs1cFlb
W98jJnGP4RKuXBXX0N1mtw+26FhbSXjRE3ZoewDHVAoo/efG7L7MLMabBlSZo7wK
25alHn0xnu6QZVqU+dSOb2uEhZCKIKeYxStcQ0ARnijq3mtADKbNtIgxw/iEn6KQ
Lcs7yaW1mynxX0k3mpZ8SMyoTWYzKOCzhQtuaXWBo2MKyNJ3M1cclczxchXpwVup
i/Qagc5Q+87HAecmJK5KfeqzrT66WtRqUAbStC7RyGWQ/oVzQnAmbdVhviWAWtU=
=slO/
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160903175044.GO328%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R3.2 USB passthough Windows HVM

[Lorenzo Lamas]

Does the new USB passthrough feature also work with Windows HVMs?

For work I need to use software that is only available on Windows and it uses a 
DRM system which requires a connected USB flash drive counterpart in order to 
start the software(I think it's from Codemeter, but I'm not sure). I'd rather 
not use dual boot or swap hard drives in the same machine to use a Windows 
installation but want to use a Windows HVM instead.

If this is not the case would attaching the USB controller with PCI passthrough 
work? Because I read quite a lot reports of it not working properly with HVMs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a5ea09b-38e8-454a-b90e-b2b84ccc3e74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R3.2 USB passthough Windows HVM

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Sep 03, 2016 at 11:33:06AM -0700, Lorenzo Lamas wrote:
> Does the new USB passthrough feature also work with Windows HVMs?
> 
> For work I need to use software that is only available on Windows and it uses 
> a DRM system which requires a connected USB flash drive counterpart in order 
> to start the software(I think it's from Codemeter, but I'm not sure). I'd 
> rather not use dual boot or swap hard drives in the same machine to use a 
> Windows installation but want to use a Windows HVM instead.
> 
> If this is not the case would attaching the USB controller with PCI 
> passthrough work? Because I read quite a lot reports of it not working 
> properly with HVMs.

Unfortunately none of above methods currently works.

USB passthrough isn't implemented for Windows yet, and it is quite
unlikely we (as core Qubes OS team) will work on this in the near
future. But some community contribution could help here. In theory all
the building blocks are there:
1. USBIP Windows drivers: usbip.sourceforge.net
2. Qrexec agent for Windows - part of Qubes Windows Tools

The missing part is connecting those two together.

As for passing through the whole USB controller, it is broken currently:
https://github.com/QubesOS/qubes-issues/issues/1659
We'll work on this some more this month and hopefully fix it.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXyxu9AAoJENuP0xzK19csyTIH/2HqarECFg0XCihrVjzuFSU/
Sp1yfiX9MrBnnPJNftcoPR6JN6KiqJ8r94YdTwa8azM8ftF2+MhzAmCXJkhIfrdF
5rlxCc/hmfVcrE7flAvwZ6b+wUX7K8B7NOoomDHNlkGJA/CR6Va7haT4Zm2DTnlX
+eOEXKgbYs250qvhMst8L/bm41RckzgjPiN1BAU1MlvmE9T0n28li0CIqAbD0YvB
bcQJ/yS/ILnKhvMnu1S1OqnbHNgm/lOfdikIxWl+nQ/14QCzRy8TIGML3ANWd6ma
juy33x9+ibK4bAPGB5q9g6uqnUskmkpsKF7VMz0utzFAO9dQD8EAIcj7hntagGc=
=wtco
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160903185140.GP328%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[Ilpo Järvinen]

On Sat, 3 Sep 2016, Andrew David Wong wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> > W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> > fairy napisał:
> >> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
> >> grzegorz@gmail.com wrote:
> >>
> >>> Can it take advantage of ECC RAM? Server hardware that is few 
> >>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
> >>> cores and costs about 75$).
> >>>
> >>> I'll be upgrading from my current PC and I'm seriously 
> >>> considering building a rig around a Xeon processor and a 
> >>> motherboard with ECC RAM but if there is no real benefit then 
> >>> what's the point?
> >> 
> >> apparently price is the advantage, but think of your ears!
> >> server hardware is loud.
> >> 
> >> if your willing to spend more on good hardware, go for a good
> >> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
> >> attacks start showing up.
> >> 
> >> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
> ory-501898.shtml
> >
> > Xeon it is then. As for the rowhammering attack as far as I know
> > ECC RAM is not vulnereable to that.

Sandy Bridge (E5-2670) does not support DDR4. All DDR3 designs probably 
predate rowhammer discovery, so I wouldn't really trust them to properly
mitigate rowhammer attacks as it was not a factor when the chips were
designed. Obviously rehashing old products is even less likely to occur 
due to cost and soon to be obsoleted products.

When considering rowhammer, TRR (targeted row refresh) is much more 
important feature than ECC actually, and Xeons at least should supports 
TRR (probably since Ivy Bridge although that bit of information is based 
on sources I wouldn't fully trust, i.e., some random vendor marketing 
material, IIRC). AFAIK, there is no publically available official 
confirmation from Intel that Xeons really do support TRR, however, there 
are some errata entries that indicate that TRR with LRDIMMs won't work 
which indicates that it likely works with RDIMMs at least. Thus, it
seems mainly as a problem of finding RDIMM that actually implements
TRR properly and likely also a motherboard which enables CPU's TRR 
functionality is needed.

AFAIK, there is no information whether non-E5/E7 CPUs would support
TRR or not.

> Unfortunately, that's not true:
> 
> "Tests show that simple ECC solutions, providing single-error
> correction and double-error detection (SECDED) capabilities, are not
> able to correct or detect all observed disturbance errors because some
> of them include more than two flipped bits per memory word."
> 
> https://en.wikipedia.org/wiki/Row_hammer#Mitigation

While I don't doubt a second that there are vulnerable ECC memories
too (especially DDR3 ones), I noticed one interesting oddity in the
recent DRAMA attack paper:

The paper first mentions that their dual E5-2630 v3 system is fitted 
with Samsung DDR4 ECC RDIMM when they did the address bits reverse 
engineering part. However, later in the paper when they actually
exploited rowhammer bugs, the dual E5-2630 v3 system is, for some
reason, reconfigured to use Crucial DDR4s. Could it perhaps indicate
that they (while not reporting it), didn't succeed in rowhammer
against Samsung ones so they tried to other ones just to prove
a point... It would make things very interesting if that would be
true.

In the last Spring rowhammer paper, Micron-based DIMMs seemed
to be particularly bad (close to magnitude worse than the other
brands mostly, IIRC) so the ability to trigger rowhammer issues
with Micron-based DDR4 ECCs in particular doesn't surprise me that
much. I know that Micron mem chip specs indicate as if they
would have some non-TRR based solution built-in but that doesn't
seem to help (or work).

Other vendors information I've come across:
* Samsung: DDR4 specs mention TRR support and have timing diagrams on
  how that is performed. One presentation with a high ranked Samsung
  person as the author claims that rowhammer is mitigated in their
  DDR4s (or it might have mentioned TRR directly, I don't remember
  anymore the wording)
* IIRC, both Hynix and Intel have a patent related to rowhammer but
  that won't prove anything about real products

> > t's a shame that the more powerful Xeon CPUs don't come with a
> > built in GPU, I'll have to make do with a current one. Added
> > benefit here is that pretty much all Xeons support technologies
> > necessary for Qubes 4.0 compliance. Wonder why they aren't more
> > popular among desktop users.

Indeed. Given how much effort Intel has put into GPU virtualization,
it's really shame that there aren't any more than 4 core CPUs with iGPU
in the first place and as far as the leaks about upcoming ones can be 
trusted, there won't be any in the near future either (but take this
with a grain of salt obviously). It would be quite interesting product 
especially as Intel seems to really put sig

Re: [qubes-users] Announcement: Qubes OS 3.0 reaches EOL on 2016-09-09

[Dave Ewart]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Saturday, 03.09.2016 at 19:50 +0200, Marek Marczykowski-Górecki
wrote:

> On Sat, Sep 03, 2016 at 06:40:46PM +0100, Dave Ewart wrote:
> > On Friday, 02.09.2016 at 12:17 -0700, Andrew David Wong wrote:
> > 
> > > As a reminder, Qubes OS 3.0 reaches EOL on 2016-09-09. If you're a
> > > current 3.0 user, we strongly urge you to upgrade to a newer
> > > release before 2016-09-09. You can read the full announcement
> > > here:
> > > 
> > > https://www.qubes-os.org/news/2016/09/02/qubes-os-3-0-eol-on-2016-09-09/
> > > 
> > > Please feel free to use this thread to discuss the announcement.
> > 
> > I've got 3.0 and therefore need to upgrade.
> > 
> > I note that 3.2 is not quite final release: I'd prefer not to
> > install 3.1 only to consider 3.2 almost immediately afterwards.
> > 
> > Given the EOL for Qubes 3.0, is the recommended "upgrade to a newer
> > release before 2016-09-09" really recommending the 3.2 release
> > candidate?
> 
> Unless some major bug will be found in R3.2-rc3 (which is unlikely),
> the final R3.2 will be exactly the same as R3.2-rc3. So, yes -
> upgrading to R3.2-rc3 seems as a reasonable step.

Thanks, that does indeed seem reasonable given the maturity of the 3.2
release candidate.  Cheers :-)

Dave.

- -- 
Dave Ewart da...@sungate.co.uk, http://twitter.com/DaveEwart
All email from me is digitally signed, http://www.sungate.co.uk/
GPG key updated Jan 2013 see http://www.sungate.co.uk/gpg
Fingerprint: CF3A 93EF 01E6 16C5 AE7A  1D27 45E1 E473 378B B197
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCgAGBQJXyzGwAAoJEEXh5HM3i7GXqsAgAIE5RGLRoyA9236JuYdel2ex
OqRaKeH+Y36jCmnoxrGNZFyNfVmb8vNsjFRznYb5V37Hr0TVyJ+HIDcOzDmUqTnY
tl3AjOWmLqUPLuIXOzMt7lBCbNAVHlr7rQHx6N42cw/kRpiQOXBDlG6K5pEswIkl
oe/jVx8LkxQaqDsbR9NDsulmyHtpopUCvK1yFEPGFgqcaBm5T3aizollDf6BweEq
+2CYtQ9BvSoyJhBZMMtbz/fsVnY9YNBnl2kRlRU5DxErVfYh+2cdtXJL8PU4RJo0
GPYH25sLbrsKBOc3FH2t6ki8+TaN5WEmvKPoFdHDYVi2M06j8yM4c6SDOZzlLBFY
WqhAPYzKxYNYIZtPlShnlaQyvfPexsjtUyp+W7bZ6/cMwTkHU4rBXiXF+7pieMyW
N2htKEOmEYN3bIMs5WJwcSKqBX00ccb5Wjgng709k+DTttsNMqHKkJb/nv/D+Qn4
qulLUWmFyo6AHXYRjbHkkr+nftISxv5ePsPBSHSPaVSDoSyLqiMZPiQ4/uLXO0gn
SdGt4QEqw/9SJvyt6lMHcw7YKtwe2xCq5u7F4+S3FiJP6zeYMjw+yt0t7573As5j
8gOwJY2IKsAxiN+EADjOUEQlJPb1t5wY1y4Ym0WBMgnSzZIwsYNof8M4B/VbLcWq
sbF6Pqztzp54PWCz1Pkg71Pwl/rZ0a7Vj3Am6KUcBfklL13K1fTVGBOZnztFg6Y2
en67q00j8emZiMShdgGuOXlj84qcf7mVSZjmf974bi5UFMREkei0lzSwhy6w8h75
0ljD11OV35ogl2SEh7CboiGrB6lIfrEDFkOMI+9QDa9MBNEY1DKP2YM0gcrDvCiW
DcMDmi/iUBraX6Ar21l2OPG3uPeWqpOJ/JIjM7gQ1hJNX2ZlPYTlImHJPL6mp+HG
gknDCiardkTZT5bpWzxnN00RdOTaJyptAnWBgSiIC1kzMruYoBycQZGCylRujKYC
89IHcEDWKgXgwAZXi1PdxQPGyvNiOa0TTISqDAbNHxUke5ev2de2q9/4bsqJDPTg
cmPAYXRdkLheyikMMOzYwhArJ1WCa4JgGvBhE9IMy3G5tYTYI/wUtriyfT/3novv
JnyTVWwju42tfuw4qN993kriQf4uPQKQZTQye9S8c/ovdqzbUFkGSrDxGf1P6O8s
/S1kIUfLr2f4tyNcdHZMtUtQNeOgXfHqPqnIXnqOBisjkgJarRjnQTJss6n/MD8v
XuXo20DH2IwpgZ+XZWUnfEbslVavjpMV0WoNVpX6Xrl5nJZ1pY+r7VyZ+QwiEf1i
kA9Q2NQqsRggEqDS5AAtKQvbsTW1W9tkqB8Uqc1C3cVJYNAgmfCJuLcoI1O6woA=
=BqLT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160903202521.GC11916%40sungate.co.uk.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2-rc1, xfce4 volume control

[sebastian . jug]

I've found the issue, 
if we go to System Tools -> Settings Editor -> xfce4-mixer
you need to set the property "active-card" to the value of the card you want to 
change volume for. This is independent of which card is active for alsa by 
default.

However the mute is still broken. When you press mute, it mutes both Master & 
Speaker, when it unmutes it only unmutes property "active-track" which is 
typically Master OR Speaker.



On Saturday, September 3, 2016 at 1:07:01 PM UTC-4, sebast...@gmail.com wrote:
> In 3.2-rc3 the volume buttons still don't work for me either. I had to set 
> the master card to #1 rather than #0 but I don't know how to change this for 
> xfce4-volumed.
> 
> 
> On Wednesday, July 13, 2016 at 11:38:01 PM UTC-4, raah...@gmail.com wrote:
> > On Wednesday, July 13, 2016 at 6:27:41 PM UTC-4, Micah Lee wrote:
> > > On 07/13/2016 03:07 PM, Marek Marczykowski-Górecki wrote:
> > > > Wasn't that installed by default? It should be...
> > > 
> > > It wasn't for me. I installed xfce by installing the @xfce-desktop-qubes
> > > package in dom0, rather than using the installer.
> > > 
> > > > Install xfce4-volumed. It will be installed by default in next release
> > > > candidate.
> > > 
> > > Thanks!
> > 
> > did you figure out how to get your volume controls working.  I had same 
> > issue and installed the audio mixer from panel preferences, but haven't got 
> > the kb volume buttons working yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b2fcf0d-1825-4e4e-aa9e-2d67ee08a0a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] seafile applet integration with the panel is not working

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-03 07:37, kotot...@gmail.com wrote:
> Hello,
> 
> The seafile-applet (a kind of open-souce dropbox) is not being 
> displayed in the xfce panel when started.
> 
> Is there something specific to check or fix to get it working?
> 

Do you mean the system tray icon? If so, it's probably another
manifestation of one of these known bugs:

https://github.com/QubesOS/qubes-issues/issues/2242

https://github.com/QubesOS/qubes-issues/issues/2216

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXy1gAAAoJENtN07w5UDAwh4YQAI2YnZo1znD+YGYs+WnSJjBN
VIxAPeMzC/sjsprNlF0QYacV8tnBv+k44s1/ThW5ATP5dwDYlecK+GpNkpW00Uwq
b72w5GIc2fKRhojx//Pg0UVG72HCZFg5FSbfXGzfJ7ZLOB+A7Tx2MgCbWL7hrOea
gaw0U5avVm2eWgeAB7RjRuxcODZ0HaoTG0X6U4Dsd/Gj48SWrSvnQPglAUzpjYPR
WjX9AdodcoCeYluW7cM12XNZQ6NgyIEsqvQ+VlZJ2GvHQSFiz1NEbjaJ+WENcP6C
orG5+8u6WIZ4fyjnWNEj1que6q8ctJZcNya+Ms3Ja5zCeVvbduLXLx6bUvnTqsVV
wWFnEYaYH+NuHoI4/boTbkMYlegeVE9iNFh5jJ+W2hmc1jVreewJfcUdxmreiwWi
npriRydo4CgWDw6KCOiLZjbs4VavyGKTk3yKfJ5+5vTrMcs3fiLaJH2X7L2FDbjL
BGGESlz95V2FqX7rB8zkB537/yzt/sSj2R8vfbvqjNuMB4rKl742Ux2ZYSYEvJIi
fQnJvcNKlOdu03c6xEEOYLpsU8zcAqn8d/PcppNUHTAP8YNtsHlnLPqfx1Ydjxq3
oarj6em107PONLyc/A1pIkitY99lZa7PJl4pPE1WXSH1W43vTWhjjMVe1og/RsWX
XX1Oenf4k1vKw/Ai3rfu
=o+/j
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8e29602-413c-901b-e324-0206b87b7618%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

[pixel fairy]

does qubes do any rowhammer mitigation?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d4354a5-b438-47bc-a916-8e9b5bbf718b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] App shortcuts in XFCE

[Gaijin]

I just upgraded from 3.1 to 3.2R3 and was wondering of the best way to 
restore some of my App shortcuts. I use some portable apps and 
executables that don't show up in the Applications shortcuts. In KDE I 
was used to the Menu Editor. I'm not familiar with XFCE and didn't see a 
similar option.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3855f6a714c76534bfed8d66a42c802%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] USB hardware firewall (was: epoxy on ram to prevent cold boot attacks?)

[Robert Fisk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 09/01/2016 06:55 PM, johnyju...@sigaint.org wrote:
> I was thinking earlier that some form of a "USB Firewall" hardware
> device might be cool to create; one that goes into each USB port in
> between each device and the PC, and only passes a specific device,
> or only a HID device (and doesn't permit a drive to add another HID
> identity).  Yet another side project for winter. :)  There may be
> existing products.


Ahem. Allow me to introduce you to a project I have been working on
for a while now:

https://github.com/robertfisk/usg/wiki
https://github.com/robertfisk/USG/wiki/FAQ

The USG (which is Good, not Bad) is a hardware firewall for your USB
ports. It connects between your computer and your untrusted USB
device, isolating the badness with two dedicated processors.

Features:
 - Isolates low-level USB exploits by using a simple internal protocol
with minimal attack surface

 - No hub support blocks 'hidden' malicious devices

 - Prevents devices changing their enumerated class after connection,
stopping malicious class changes.


Device support: mass storage (flash drives), keyboards, mice.

Project status: You can build your own USG v0.9 hardware out of
development boards if you are handy with a soldering iron. End user
hardware is approaching production-ready status, samples will be
available in the coming months.

Feedback / pull requests / sales leads are welcome!

Robert
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJXy8C+AAoJEN65WsAVra66zQEP/jJMgf8FnaLW9jLCb13dZbkM
IQQ50CgOFyzVF+S//FlZ794k9qfMFxumxfVMATawsTBooNhlTa9ASedMrcoWMuZI
fuYNMeVoSYijyavqvimHMS8axiKwaI48q6olrTsOKwDM6joBb3rKQnsv63NJlbH3
+qUOY9IVDSoFKG9ki9TpltknlYuI3NDIkPRr07Ekx5XiCs92CihuNn1xTlCtweEt
4Y1YtPv2HfYFGcbQk2w17efp0mFweiqZldsxbwNLEPv03GvrNg54vlxC1Yr8ByGB
nSPHslfgaCOqv4/XMvYAUA+22b7+d6VxRIYFojetdmmCi5u5fIFGv+6ErLIpPTVs
wNZOli0npmLeuAnYME+6wKw0ozsYtKQNudIATHy6t6IwWBew+SCoWnCdlJZQFx0i
YZwv8kJXzqTGU50vxad1FsDYQL1AaBEJBwqAGS9vV5OsyvAqpXuUacZWzrLgT4hM
+HupcnoWErFMZzbNZeTMMFHuP6yTwV0mh3jP99vLtLYyjYmq6qoy+aDCQUTvtH+Y
4wEq4h7VRY9U0HI5hq0B/5LyJw4KKpimYzNmSyiDi9/FSyRa9tPe1idYjHEQsCuU
sTybVvwCocIKF23XV4vPHNYydcdMvG8aHHQSeZ9ywLEkmxTeL0s9SL1+qaOOcqPC
c2HOcC6+FigpPFwrGvgC
=Hvzi
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57CBC0BE.6070709%40fastmail.fm.
For more options, visit https://groups.google.com/d/optout.