Re: [qubes-users] Problems connecting usb flash drive to any vm

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/25/16 23:26, zxe...@gmail.com wrote:
>> Have you changed the devices assigned to sys-usb? If so, it's possible 
>> you're running into a pci_strictreset issue here? Try running this in dom0 
>> (but before you do, make sure you understand the risks [1]):
>>
>> $ qvm-prefs -s sys-usb pci_strictreset false
>>
>> Then try starting sys-usb again:
>>
>> $ qvm-start sys-usb
>>
>> Let us know if there are any useful error messages.
> I ran both and got:
> Traceback (most recent call last):
>File "/usr/bin/qvm-start", line 136, in 
>  main()
>File "/usr/bin/qvm-start", line 120 in main
>   xid = vm.start(verbose=options.verbose, 
> preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
> notify_function=tray_notify_generic if options.tray else None)
>File "/usr/lib64/python2.7/site-packages/qubes/modules/005QubesNetVm.py", 
> line 122 in start
>   xid=super(QubesNetVm, self),start(**kwargs)
>File "/user/lib64/python2.7/site-packages/qubes/moduels/000QubesVm.py", 
> line 1958, in start nd.detach()
>File "/usr/lib64lpython2.7/site-packages/libvert.py", line 5249, in detach
>   in ret == -1: raise libvertError ('verNodeDevicesDetach() failed')
> libvert.libvertError: Requested operation is not valid: PCI device 
> :00:10.0 is in use by driver xenlight, domain sys-net
> (Note I typed this, so there may be errors in the transcription)
> 

Thanks. For future reference, you can copy text out of dom0 like this:

https://www.qubes-os.org/doc/copy-from-dom0/#copying-from-dom0

> If I shutdown the sys-net VM then sys-usb boots. Of course this also means 
> that sys-net fails to boot with the same error message. Now when I attach a 
> flash drive it automatically connects to sys-usb, instead of sys-net. How do 
> I stop sys-net from trying to request driver access? As long as sys-usb is 
> active, I am not able to boot any other VM. Everything fails silently.
> 
>> Did you mean "sys-usb" instead of "sys-net"? (If not, the description you've 
>> provided of your overall setup is inconsistent. Please clarify it.) 
> 
> I did mean sys-net. When the sys-usb VM is not booted and I have attach a usb 
> flash drive, I get a notification in the upper right hand corner saying 
> "Attached new device to sys-net /dev/sda". If I exit all VM's and boot the 
> sys-usb VM then it attaches to the sys-usb VM.
> 

Ah, it sounds like you have your USB controller assigned to both sys-net and 
sys-usb. In retrospect, this makes sense, since you described manually creating 
a USB qube even after the installer manually created one for you.

I'm not sure exactly what you're trying to achieve, but my recommendation would 
be to assign your USB controller to only one qube. Let's suppose you want it 
assigned to sys-usb. (This assumes that you're not using a USB Wi-Fi device, in 
which case you'll want to have a single sys-net that also functions as a USB 
qube, rather than having separate sys-net and sys-usb qubes.)

1. Shut down sys-net. (This will probably require shutting down most of your 
other VMs first.)
2. In Qubes Manager, right click on sys-net, then click "VM settings." Then, 
click the "Devices" tab.
3. On the right-hand side, select your USB controller(s), then click the "<" 
button, leaving only your network devices.
4. Reboot the whole system.

You should no longer run into the problem you described above.

> qvm-block -l gives:
> sys-usb:sda Flash_Dis () 7 GiB
> sys-usb:sda1 Flash_Disk (CHINA) 7 GiB.
> 
> I was mounting wrong... "sudo mount -t vfat /dev/sda1 /mnt/removable/" works 
> (sda1 not sda). However, the folder is empty. I checked on my other laptop 
> and the flash drive is neither empty nor broken.
> 

/mnt/removable is empty? Are you sure anything is actually mounted there?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOT0jAAoJENtN07w5UDAw70oP/A7Yu4kngpk6aoWx9b7NEzHq
xazY5K/aQIXIT9M5uMNvb7ui1md9Z90y7S9P9LSM4Tp8QVCcRFJ82sxpsbQej9Ib
eLZ+0YuejomX6RDk+1prlQxjn+HouvbTsJrBOfCdA9O1SZd1UuS4bc/dm3/cWO+l
qgUtxZGLMH/RoTK+z75OdBZjv6s5jCfAc1tw0Ynt6yrKR94O5aGRQhdjWdOF9Pbn
7CH2C1o4OEEWCbRX9PlsBZtv0Y4wPmbKvMhs6925PBmrcV1ZWar7JT9mWGXuf2Dz
1BmVw4RiFmOU7M1dFKaRVer5Y8jGhI43klr/B/ca3fzCf0BByc1610Rw50rhYwMS
0w1opl25DyjrAWT2r5SNUiddMIjExAZTT7cbwzmT55j9LPkUEy5Cy1uzvDxdrMeC
xsDRttgGDIsEdY6De1o0Y6YiZpoIeDWE/ZBTyr7apr2N3/ZJ1qI3G8GhFEW+60Hq
c/v9SOhce6oJygCRhUCQdB2YrMp4hgHlz600C1v3+v8m0Lh/rrx0UofdpOwnaoo2
5UoiW2j7+9Ob9Js1lElAQLjeTW23VE+dHNIbELt0sP1ZvyyYecvFTrUw7NuHICxs
pG0RAGHBvqM+HU/Sz0KrrOfDXjHshSOK3R8X1rIsMcIZdVJvCpGBGXaZj23NOKoi
FKcRRagPBt0XW2vqokPK
=FWdR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to

[qubes-users] Davmail and QubesOS for Exchange Mail

2016-11-25 Thread Paul Harper 
I have the misfortune of having an employer who uses Microsoft Exchange. To 
help with that I have installed Davmail. "DavMail is a 
POP/IMAP/SMTP/Caldav/Carddav/LDAP exchange gateway allowing users to use any 
mail/calendar client (e.g. Thunderbird with Lightning or Apple iCal) with an 
Exchange server, even from the internet or behind a firewall through Outlook 
Web Access. DavMail now includes an LDAP gateway to Exchange global address 
book and user personal contacts to allow recipient address completion in mail 
compose window and full calendar support with attendees free/busy display." 

http://davmail.sourceforge.net/


I plan to setup up mbsync (isync in Fedora) to use with mu4e. In the Work 
domain I need to use Davmail. 

In the Personal domain with Gmail I can just run mbsync the normal way. 

This approach could work for Mutt users who deal with Exchange as well.

I was able to install Davmail using this repo.
http://software.opensuse.org/download.html?project=home%3Ajetchko%3Afedora=davmail


When I try to run Davmail in the Work domain I get the following error:
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x7f1f3a334314, pid=1128, tid=0x7f1f7be70700
#
# JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build 1.8.0_111-b16)
# Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64 
compressed oops)
# Problematic frame:
# C  [libgdk-3.so.0+0x2d314]  gdk_error_trap_push+0x14
#
# Core dump written. Default location: /home/user/core or core.1128
#
# An error report file with more information is saved as:
# /home/user/hs_err_pid1128.log
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
Aborted (core dumped)


I am unsure if this is a permissions problem from QubesOS or something else?

I am attaching the error report as well.

What do I need to do to get Davmail working with QubesOS in my WorkVM?




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b484409c--4220-a4e1-6efb0477e8ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x7f1f3a334314, pid=1128, tid=0x7f1f7be70700
#
# JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build 1.8.0_111-b16)
# Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64 
compressed oops)
# Problematic frame:
# C  [libgdk-3.so.0+0x2d314]  gdk_error_trap_push+0x14
#
# Core dump written. Default location: /home/user/core or core.1128
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---  T H R E A D  ---

Current thread (0x7f1f74009800):  JavaThread "main" [_thread_in_native, 
id=1129, stack(0x7f1f7bd7,0x7f1f7be71000)]

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 
0x

Registers:
RAX=0x, RBX=0x7f1f74404000, RCX=0x, 
RDX=0x7f1f743fb4e0
RSP=0x7f1f7be6f7d0, RBP=0x7f1f7be6f848, RSI=0x0001, 
RDI=0x7f1f74404000
R8 =0x7f1f743ea820, R9 =0x0008, R10=0x0010, 
R11=0x0033
R12=0x, R13=0x7f1f78884af8, R14=0x7f1f7be6f860, 
R15=0x7f1f74009800
RIP=0x7f1f3a334314, EFLAGS=0x00010202, CSGSFS=0xe033, 
ERR=0x0004
  TRAPNO=0x000e

Top of Stack: (sp=0x7f1f7be6f7d0)
0x7f1f7be6f7d0:   7f1f78884af8 7f1f7be6f848
0x7f1f7be6f7e0:    7f1f3af424dc
0x7f1f7be6f7f0:   7f1f7be6f848 7f1f650171b4
0x7f1f7be6f800:   7f1f65016f02 7f1f7be6f808
0x7f1f7be6f810:   7f1f78884af8 7f1f7be6f860
0x7f1f7be6f820:   7f1f788ec6f0 
0x7f1f7be6f830:   7f1f78884af8 
0x7f1f7be6f840:   7f1f7be6f868 7f1f7be6f8a8
0x7f1f7be6f850:   7f1f65007ffd e061f5b0
0x7f1f7be6f860:   7f1f65011278 7f1f7be6f868
0x7f1f7be6f870:   7f1f78884b97 7f1f7be6f8b8
0x7f1f7be6f880:   7f1f788ec6f0 
0x7f1f7be6f890:   7f1f78884bc8 7f1f7be6f868
0x7f1f7be6f8a0:   7f1f7be6f8c0 7f1f7be6f900
0x7f1f7be6f8b0:   7f1f65007ffd 
0x7f1f7be6f8c0:

Re: [qubes-users] Problems connecting usb flash drive to any vm

2016-11-25 Thread zxeben 
> Have you changed the devices assigned to sys-usb? If so, it's possible you're 
> running into a pci_strictreset issue here? Try running this in dom0 (but 
> before you do, make sure you understand the risks [1]):
> 
> $ qvm-prefs -s sys-usb pci_strictreset false
> 
> Then try starting sys-usb again:
> 
> $ qvm-start sys-usb
> 
> Let us know if there are any useful error messages.
I ran both and got:
Traceback (most recent call last):
   File "/usr/bin/qvm-start", line 136, in 
 main()
   File "/usr/bin/qvm-start", line 120 in main
  xid = vm.start(verbose=options.verbose, 
preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
notify_function=tray_notify_generic if options.tray else None)
   File "/usr/lib64/python2.7/site-packages/qubes/modules/005QubesNetVm.py", 
line 122 in start
  xid=super(QubesNetVm, self),start(**kwargs)
   File "/user/lib64/python2.7/site-packages/qubes/moduels/000QubesVm.py", line 
1958, in start nd.detach()
   File "/usr/lib64lpython2.7/site-packages/libvert.py", line 5249, in detach
  in ret == -1: raise libvertError ('verNodeDevicesDetach() failed')
libvert.libvertError: Requested operation is not valid: PCI device :00:10.0 
is in use by driver xenlight, domain sys-net
(Note I typed this, so there may be errors in the transcription)

If I shutdown the sys-net VM then sys-usb boots. Of course this also means that 
sys-net fails to boot with the same error message. Now when I attach a flash 
drive it automatically connects to sys-usb, instead of sys-net. How do I stop 
sys-net from trying to request driver access? As long as sys-usb is active, I 
am not able to boot any other VM. Everything fails silently.

> Did you mean "sys-usb" instead of "sys-net"? (If not, the description you've 
> provided of your overall setup is inconsistent. Please clarify it.) 

I did mean sys-net. When the sys-usb VM is not booted and I have attach a usb 
flash drive, I get a notification in the upper right hand corner saying 
"Attached new device to sys-net /dev/sda". If I exit all VM's and boot the 
sys-usb VM then it attaches to the sys-usb VM.

qvm-block -l gives:
sys-usb:sda Flash_Dis () 7 GiB
sys-usb:sda1 Flash_Disk (CHINA) 7 GiB.

I was mounting wrong... "sudo mount -t vfat /dev/sda1 /mnt/removable/" works 
(sda1 not sda). However, the folder is empty. I checked on my other laptop and 
the flash drive is neither empty nor broken.

Thanks for your help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e9d7748-6fd0-4ca7-95b0-76b69b9ff061%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problems connecting usb flash drive to any vm

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/25/16 21:56, zxe...@gmail.com wrote:
> When I first installed Qubes (3.2), I could attach and detach block devices 
> without errors and mount flash drives in VM's. I wanted to use my external 
> keyboard with my laptop so followed the steps in the guide 
> (https://www.qubes-os.org/doc/usb/) for "Creating and Using a USB qube" 
> (using the management stack) and "How to use a USB keyboard".
> 
> However, the generated sys-usb Qube fails to boot

Have you changed the devices assigned to sys-usb? If so, it's possible you're 
running into a pci_strictreset issue here? Try running this in dom0 (but before 
you do, make sure you understand the risks [1]):

$ qvm-prefs -s sys-usb pci_strictreset false

Then try starting sys-usb again:

$ qvm-start sys-usb

Let us know if there are any useful error messages.

> and detaching a USB flash drive using the VM Manager always give me a blank 
> window with the text "Houston, we have a problem..." and freezes the VM 
> Manager. After a few seconds of trying to close the blank window I get "This 
> window might be busy and is not responding. Do you want to terminate the 
> application?". After I restart the VM Manager the USB device is still shows 
> as attached.

Try detaching it from the command-line instead:

$ qvm-block -d :

Or just:

$ qvm-block -d 

And let us know if there are any useful error messages.

> If I restart the VM with the attached USB device it gives me another error 
> "AssertionError: This is most likely a bug in the Qubes Manager" and the VM 
> is killed. (Note I did this with a DisposableVM).

Errors are to be expected when restarting a VM with USB devices still attached. 
They should be detached first.

> The above happens even if I attach and then immediately detach the USB block 
> device.
> 
> After plugging in the USB flash drive to my laptop, but not attaching it to 
> any VM the USB flash drive is visible to sys-net with "fdisk -l",

Did you mean "sys-usb" instead of "sys-net"? (If not, the description you've 
provided of your overall setup is inconsistent. Please clarify it.)

> but mounting fails with "wrong fs type" even though I mount it with "-t vfat" 
> and fdisk shows the USB flash drive is FAT32.

Are you sure the drive is formatted correctly? If you have a backup of the data 
already, try reformatting it.

If your VM is based on an unusual template, that could also be a clue.

> If I attache the USB flash drive to any other VM "fdisk -l" does not show any 
> attached flash drive.

If you attach the drive to another VM, what is the output of this command?

$ qvm-block -l

If the drive is really attached, it should indicate that in the output of the 
above command.

> I am currently in China, so I cannot reach google with the laptop running 
> Qubes until I get a socks proxy set up and tor is block in China (any bridges 
> I have tried are quickly blocked).
> 
> Any help would be helpful. Let me know what logs would be useful to post (I 
> am still very new to Qubes).
> 

[1] 
https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOSdBAAoJENtN07w5UDAwHl0P/2fisY9AfoPnDKWTb0QnGfjE
EIBjlLWgTiN5fBAfZ7A+aPLadqOXn3PXuytsP/FCaswLzuu/Y09hYzqmssKPSnnj
7tXmb3DbOqJNn/oY2T2FtS1BoAlnEYrSxt1pGdO22ZV6NyvpytqUu+jeZ0fAfNK1
/wI1CsPaRHSbI+slqTexGtggJ3kM2Oh0I2O4HIZeRPL/gyN71zGbek5JpkeUjdju
+AbJ2+OteFXIMEXbP+1t6oJ5kwP4QkAnidgvImDAmV0fL21DXtn25rhoq338egB6
7Oh0YfK1s8bk2VTBFOMUj1gI8u3unrUUswegr0J0IlT/b8jF8c8G9+1EiQi2KM3Z
swqWRLWGWO5wi5PfWYIpb6Lsg5Z9rr3i5MYtkhXpzsaFWk1HHS6lr9frQCZJLpE6
vKuZpvXBnp3yv70TyOcWurfA+dkE/W/WRgkSskUutfqZNUO4mDzPw+dnzUWAbMEY
76tLEKhU2DBxkKnzVobL2hEG7d5XKIFIau+NV3Xq1kcSWWrpY8M/sKf54jr/DPP9
6hju7DyyP/CUeo+ekFq2Z0CECQ3vQh7vRwENhF2YFQn8hOKnXdsDE0ep16OGRy6C
RiGpeCM8fXkj37mlVe1+eJoy/IR6LbXf44vvHh8UbJAM5KIyL8xOfjTldVL3kqFw
kcyOP1BU/M8jO7Z5WO5v
=7/Or
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f179407d-da5d-ab91-a76d-d6762a9f31a2%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problems connecting usb flash drive to any vm

2016-11-25 Thread zxeben 
When I first installed Qubes (3.2), I could attach and detach block devices 
without errors and mount flash drives in VM's. I wanted to use my external 
keyboard with my laptop so followed the steps in the guide 
(https://www.qubes-os.org/doc/usb/) for "Creating and Using a USB qube" (using 
the management stack) and "How to use a USB keyboard".

However, the generated sys-usb Qube fails to boot and detaching a USB flash 
drive using the VM Manager always give me a blank window with the text 
"Houston, we have a problem..." and freezes the VM Manager. After a few seconds 
of trying to close the blank window I get "This window might be busy and is not 
responding. Do you want to terminate the application?". After I restart the VM 
Manager the USB device is still shows as attached. If I restart the VM with the 
attached USB device it gives me another error "AssertionError: This is most 
likely a bug in the Qubes Manager" and the VM is killed. (Note I did this with 
a DisposableVM). 

The above happens even if I attach and then immediately detach the USB block 
device.

After plugging in the USB flash drive to my laptop, but not attaching it to any 
VM the USB flash drive is visible to sys-net with "fdisk -l", but mounting 
fails with "wrong fs type" even though I mount it with "-t vfat" and fdisk 
shows the USB flash drive is FAT32. If I attache the USB flash drive to any 
other VM "fdisk -l" does not show any attached flash drive.

I am currently in China, so I cannot reach google with the laptop running Qubes 
until I get a socks proxy set up and tor is block in China (any bridges I have 
tried are quickly blocked).

Any help would be helpful. Let me know what logs would be useful to post (I am 
still very new to Qubes).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/feca37ec-61db-4b4d-a66c-30aada27994d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.x and Librem 13

2016-11-25 Thread rspeiglvera 
It seems that Purism has failed to follow through on its promise to provide 
open firmware (i.e coreboot) and overstated it's capability to provide a 
completely free firmware (i.e. libreboot). As a result, they have left many 
unhappy customers and/or prospective customers. I doubt that we will ever have 
libreboot on current/new Intel hardware.

Optimistically speaking, a truly open hardware ecosystem (i.e. Risc-V, 
OpenPower) will likely take ~3-10 years to become commercially viable. 
Considering the pragmatic approach that Qubes OS is taking, it would seem ideal 
to get the most secure and privacy-protecting hardware in the short-term until 
such time that we can have "truly" secure and privacy-protecting hardware in 
the long-term.

As Marek pointed out, the Librem 13 would work with Qubes OS 4.x and "may be 
somehow more secure with Coreboot (less places to hide some backdoor), but may 
be also less stable - depending how mature is Librem 13 support in Coreboot." 
As Grzesiek pointed out, waiting until 4.x to be released makes sense since "a 
better option might present itself". In addition, it would give Purism an 
opportunity to right a wrong.

That said, besides the Librem 13, I haven't seen nor heard of another laptop 
that provides hardware switches to disable camera/audio/wifi and components 
that do not require blobs (CPU excepted of course). Besides my Google Pixel LS 
Chromebook running linux, I'm unsure whether there is  a better option at this 
point.

Thanks,
Roberto

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa5e330c-f624-4f7d-8a9c-1fcecd6941b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [SOLVED Realtek 8111/8168] was Re: [qubes-users] R2rc1 networking issue

2016-11-25 Thread Vincent Elliott 
Okay.

I guess solving these issues help with to accelerate learning curve.

Thanks again.
Vincent

Vincent "Kim" Elliott
ITC Consultant
Kingston, Jamaica
876-381-0661


On Fri, Nov 25, 2016 at 6:39 PM, Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Nov 25, 2016 at 11:59:26AM -0500, Vincent Elliott wrote:
> > Marek,
> >
> > Thanks a mil.
> >
> > I doubled the size, restarted the VM and the interface came right up.
> >
> > I spent many days trying to find a fix... perhaps the default size should
> > be doubled to accomodate any other noobs with the same hardware?
>
> No, because the bigger the value is, the greater chance you won't be
> able to start the VM at all. This amount of memory needs to be
> continuous (in terms of physical memory pages) and its hard to get one,
> especially after some time of running a lot of VMs...
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJYOMvKAAoJENuP0xzK19csB5QH/234khPD8UrXqy02/c7uneye
> lR+TvWh8sUA86VetrOQT//IIVHEaw4EygMS6ezI3ipM7wz3WoXga8CO1brMkD9Zt
> 8bJpl+3COqR4DYBV/AHhbYmRshzz5F5pyBRgzPSV6ifqze4kfHnkrSpC+z0PH5pg
> nR9qMKp6uMBW9Udea+oA72IRkZeszGzFcEDBGGCoSXQzSLJLi6oRD1eUF/drDfBL
> oOwamQQkTJV+THpEGvvmFSdA/W3yONgQix7QUpFIYGaAp83MnwzZBTzCjxjHqpMG
> IkHNK+l37FnU9RXQhIANFIlrE2CuhwIeTH6YU2ffuO+unH81AtK4WejUbL7jkdU=
> =gIsV
> -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/qubes-users/6hhO7SCFzM8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/20161125233952.GH1145%40mail-itl.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANNetsPOuPEwPzGOP5GW%2B-DgLXBfgwVa47zqgbmPXWPbKZWkCA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't update dom0?

2016-11-25 Thread raahelps 
when I use gui,  before it updates anything I have to select them all and then 
hit apply.  It doesn't do that for you guys?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d75e6656-14b9-4b4a-a683-a6113607f790%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Booting Xen directly from GRUB2 command line

2016-11-25 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Nov 26, 2016 at 12:37:23AM +, Duncan Guthrie wrote:
> Hej folks,
> I have installed Grub2 as my Coreboot payload, and now I want to boot Qubes 
> from a USB drive.
> Since I haven't made any changes to Grub2's default config, I am trying to 
> boot Qubes from the command line Grub provides.
> I do the following:
>   set root=(usb0)
>   linux /isolinux/vmlinuz
>   initrd /isolinux/initrd.img
> This is clearly wrong though as it boots without Xen, so when Qubes loads, 
> the little bar only gets to halfway then it crashes into a rescue shell.
> What I want to know is how I can boot Qubes from the Grub2 CLI then I can 
> install it. I don't know the right commands.

Something like this (adjust exact filenames and kernel parameters):

multiboot /isolinux/xen.gz (xen options here)
module /isolinux/vmlinuz (kernel options here)
module /isolinux/initrd.img

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYONqpAAoJENuP0xzK19cstgUH/0o/nXuS733HOaY8k6iOd+Eg
J5ShB7rSeqXtjVfCuFfVsMwr6nOVIpmp9Lyny/It2s6ro+Bzphuyld4egJ4So+XC
I6+5yupKSv5p9kPT7sEG8DSqOmMPFSP2hUg8RsRoaJQ+fs8GmJaZUwKLc+4Spu8i
Y+jx3uEy28Bt2W5za50K3Ox2IVyVV0vf8Vqj+0KEXBw3YzlESQtT2+Sh61Kbl2PJ
IpJJ4s1ij5+JzEvB4M3AZ3ic8uCBUF8/a0FDTemh67Zb4oFIC+K37uPmxR4W91cD
2DO8FVgfs5UhrT+kKEJxYXXK4Cz1Ggc1k0rFenDyP4H1WQEGitZMEuyTSrI89RI=
=O5cr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161126004319.GI1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Booting Xen directly from GRUB2 command line

2016-11-25 Thread Duncan Guthrie 
Hej folks,
I have installed Grub2 as my Coreboot payload, and now I want to boot Qubes 
from a USB drive.
Since I haven't made any changes to Grub2's default config, I am trying to boot 
Qubes from the command line Grub provides.
I do the following:
  set root=(usb0)
  linux /isolinux/vmlinuz
  initrd /isolinux/initrd.img
This is clearly wrong though as it boots without Xen, so when Qubes loads, the 
little bar only gets to halfway then it crashes into a rescue shell.
What I want to know is how I can boot Qubes from the Grub2 CLI then I can 
install it. I don't know the right commands.

D

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/248AAE60-BF4B-4188-82ED-8123F382FC7F%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [SOLVED Realtek 8111/8168] was Re: [qubes-users] R2rc1 networking issue

2016-11-25 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Nov 25, 2016 at 11:59:26AM -0500, Vincent Elliott wrote:
> Marek,
> 
> Thanks a mil.
> 
> I doubled the size, restarted the VM and the interface came right up.
> 
> I spent many days trying to find a fix... perhaps the default size should
> be doubled to accomodate any other noobs with the same hardware?

No, because the bigger the value is, the greater chance you won't be
able to start the VM at all. This amount of memory needs to be
continuous (in terms of physical memory pages) and its hard to get one,
especially after some time of running a lot of VMs...

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYOMvKAAoJENuP0xzK19csB5QH/234khPD8UrXqy02/c7uneye
lR+TvWh8sUA86VetrOQT//IIVHEaw4EygMS6ezI3ipM7wz3WoXga8CO1brMkD9Zt
8bJpl+3COqR4DYBV/AHhbYmRshzz5F5pyBRgzPSV6ifqze4kfHnkrSpC+z0PH5pg
nR9qMKp6uMBW9Udea+oA72IRkZeszGzFcEDBGGCoSXQzSLJLi6oRD1eUF/drDfBL
oOwamQQkTJV+THpEGvvmFSdA/W3yONgQix7QUpFIYGaAp83MnwzZBTzCjxjHqpMG
IkHNK+l37FnU9RXQhIANFIlrE2CuhwIeTH6YU2ffuO+unH81AtK4WejUbL7jkdU=
=gIsV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161125233952.GH1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 with Grsec could make a big splash

2016-11-25 Thread Patrick Schleizer 
https://github.com/coldhakca/coldkernel/issues/35#issuecomment-262175541

https://www.coldhak.ca

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43cd9fbd-2b1a-1212-3e07-d78de81500fa%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

2016-11-25 Thread raahelps 
On Friday, November 25, 2016 at 8:52:01 AM UTC-5, jkitt wrote:
> On Friday, 25 November 2016 11:38:21 UTC, raah...@gmail.com  wrote:
> > can you just tell us the options so we can compile it ourselves?  paste the 
> > cfg or something.
> 
> https://wiki.gentoo.org/wiki/Hardened/FAQ#Do_I_need_to_pass_any_flags_to_LDFLAGS.2FCFLAGS_in_order_to_turn_on_hardened_building.3F
> 
> Also:
>  
> > Can I add -fstack-protector-all or -fstack-protector in the make.conf 
> > CFLAGS?
> 
> > No, they will likely break the building of many packages, amongst others 
> > glibc. 
> 
> in other words these options will break some packages - particularly glibc; 
> ulibc is more flexible in that regards.
> 
> There's also: https://wiki.gentoo.org/wiki/Hardened/Toolchain
> 
> It's not as straightforward as you think. Perhaps you can build selected 
> applications as statically linked with PIE, and place it in a grsec chroot 
> instead - it would be a lot simpler.
> 
> I'd really like to see Gentoo (hardened) support, that and OpenBSD.

I've always used a grsec kernel with baremetal debian.  I just slete the 
default security over performance option.  But I'm assuming some pax settings 
conflict with xen?  So wanted to see your working .config file.  Or maybe i'm 
wrong and should just try it myself...

I just kind of figure that since I'm using qubes whats the point is it really 
worth all the effort...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e61ade92-fb40-4bdd-b9de-fd6110d8047a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

2016-11-25 Thread raahelps 
On Friday, November 25, 2016 at 8:52:01 AM UTC-5, jkitt wrote:
> On Friday, 25 November 2016 11:38:21 UTC, raah...@gmail.com  wrote:
> > can you just tell us the options so we can compile it ourselves?  paste the 
> > cfg or something.
> 
> https://wiki.gentoo.org/wiki/Hardened/FAQ#Do_I_need_to_pass_any_flags_to_LDFLAGS.2FCFLAGS_in_order_to_turn_on_hardened_building.3F
> 
> Also:
>  
> > Can I add -fstack-protector-all or -fstack-protector in the make.conf 
> > CFLAGS?
> 
> > No, they will likely break the building of many packages, amongst others 
> > glibc. 
> 
> in other words these options will break some packages - particularly glibc; 
> ulibc is more flexible in that regards.
> 
> There's also: https://wiki.gentoo.org/wiki/Hardened/Toolchain
> 
> It's not as straightforward as you think. Perhaps you can build selected 
> applications as statically linked with PIE, and place it in a grsec chroot 
> instead - it would be a lot simpler.
> 
> I'd really like to see Gentoo (hardened) support, that and OpenBSD.

I meant if you were able to fpaste the .config file of your grsec kernel.  I 
don't know anything about hardened building of the kernel.  Is that nescessary? 
lol

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/825a7df7-1577-4e19-a96b-c460b3f42115%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Is the Gigabyte Aero 14 laptop well supported?

2016-11-25 Thread privisec 
First of all, for the developers of Qubes reading this: **massive props**. Your 
work is amazing, very much needed, and I appreciate it to the extreme. I cannot 
help with development, but will do my best to help in other ways.

On to the topic: I'm new to Qubes -I've only been using it for the last two 
weeks-. It's just what I was waiting for and I've been using it daily. I want 
to use it daily for everything, but this will require a laptop. I've looked at 
the recommended LibreM, but the price/value ratio seems way off, and listed 
battery duration is too short. The one I'm considering is the *Gigabyte Aero 
14*. How well will it work? (specs pasted below). Any issues envisioned?

CPU    6th Generation Intel® Core™ i7-6700HQ (2.6GHz-3.5GHz)
Display    14" QHD 2560x1440 IPS Wide Viewing Angle Anti-Glare Display LCD
System Memory   16GB DDR4 2133, 2 slots (Max 32GB)
Chipset    Mobile Intel® HM170 Express Chipset
Video Graphics    Intel® HD Graphics 530
NVIDIA® GeForce® GTX 965M GDDR5 2GB
Supports NVIDIA® Optimus™ Technology
Storage    *Support Dual-Storage System
256GB SSD (2 x M.2 SSD slots (Type 2280, supports NVMe PCIe X4 & SATA))
I/O Port    USB 3.0 (Type-A)*3, USB 3.1(Type-C)*1, HDMI 2.0, mini-DP, 
Headphone-out jack (Audio-in Combo), SD Card Reader, DC-in Jack
Optional: USB-to-LAN Converter
Audio    1.5 Watt Speaker*2, Microphone, Dolby® Digital Plus™ Home Theater
Communications    Wireless LAN: 802.11 ac (a/b/g/n compatible)
Bluetooth: Bluetooth V4.1+ LE
Webcam    HD Camera
Security    Kensington Lock
Battery    Li Polymer 94.24Wh
Adapter    150W
Dimensions    335(W) x 250(D) x 19.9(H) mm
Weight    ~1.89kg (w/Battery)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KXRNFzl--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [SOLVED Realtek 8111/8168] was Re: [qubes-users] R2rc1 networking issue

2016-11-25 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Nov 25, 2016 at 07:57:59AM -0800, Vincent Elliott wrote:
> On Thursday, 15 May 2014 01:27:56 UTC-5, inf...@gmail.com  wrote:
> > On Monday, 12 May 2014 09:58:30 UTC+2, Marek Marczykowski-Górecki  wrote:On 
> > 12.05.2014 00:43, inf...@gmail.com wrote:
> > 
> > > On 12/05/14 00:38, Marek Marczykowski-Górecki wrote:
> > 
> > >>
> > 
> > >> ..
> > 
> > >> Looks more like some missing package (linux-firmware?). On my fc20
> > 
> > >> template
> > 
> > >> there is /lib/firmware/rtl_nic...
> > 
> > >>
> > 
> > >>> Aha, indeed
> > 
> > >>>
> > 
> > >>> when I do a "sudo yum install linux-firmware" it begins to install but
> > 
> > >>> fails with:
> > 
> > >>>
> > 
> > >>> Error unpacking rpm package 
> > >>> linux-firmware-20140317-37.gitdec41bce.fc2noarch
> > 
> > >>> error: unpacking of archive failed on file /usr/lib/firmware/updates: 
> > >>> cpio:
> > 
> > >>> chmod
> > 
> > >>>
> > 
> > >>> ?
> > 
> > >> Ah, I see... That symlink is leftover from times where firmwares were 
> > >> provided
> > 
> > >> by dom0. Now you can simply remove it and retry package installation.
> > 
> > >> The next qubes-core-vm package will also remove that link.
> > 
> > > 
> > 
> > > Sorry, am still Linux doofus, what exactly should I do?
> > 
> > 
> > 
> > sudo rm /usr/lib/firmware/updates
> > 
> > 
> > 
> > So that worked :-) :-)
> > 
> > For anyone with an 8168 chip (until the update kicks in), best procedure 
> > (assuming have WiFi as well)..
> > 
> > 1) disable 8168 network adapters in BIOS (necessary - it interferes with 
> > WiFi), get the WiFi connection going
> > 2) in the Template VM, remove the symlink as above
> > 3) sudo yum install linux-firmware
> > 4) update Template VM, and dom0
> > 5) reboot, re-enable 8168 network adapter in BIOS
> > 
> > The wired network should now settle immediately, and seems to run fine on 
> > standard r8169 (sic)
> > 
> > CB
> 
> All,
> 
> Am having the following issues on R3.2 and just cannot get the Ethernet 
> connection working (8188CE WiFi is fine!):
> 
> [user@sys-net ~]$ sudo journalctl | grep r8169
> Nov 25 08:46:17 sys-net kernel: r8169 Gigabit Ethernet driver 2.3LK-NAPI 
> loaded
> Nov 25 08:46:17 sys-net kernel: r8169 :00:00.0: Xen PCI mapped GSI16 to 
> IRQ22
> Nov 25 08:46:17 sys-net kernel: r8169 :00:00.0 eth0: RTL8168e/8111e at 
> 0xc92f4000, 28:92:4a:2a:8d:16, XID 0c20 IRQ 23
> Nov 25 08:46:17 sys-net kernel: r8169 :00:00.0 eth0: jumbo features 
> [frames: 9200 bytes, tx checksumming: ko]
> Nov 25 08:46:18 sys-net kernel: r8169 :00:00.0 enp0s0: renamed from eth0
> Nov 25 08:46:28 sys-net NetworkManager[543]:   (enp0s0): new Ethernet 
> device (carrier: OFF, driver: 'r8169', ifindex: 2)
> Nov 25 08:46:28 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full 
> (sz: 16383 bytes)
> Nov 25 08:46:28 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX 
> DMA!
> Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full 
> (sz: 16383 bytes)
> Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX 
> DMA!
> Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full 
> (sz: 16383 bytes)
> Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX 
> DMA!
> Nov 25 10:25:17 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full 
> (sz: 16383 bytes)
> Nov 25 10:25:17 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX 
> DMA!
> Nov 25 10:26:13 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full 
> (sz: 16383 bytes)
> Nov 25 10:26:13 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX 
> DMA!
> Nov 25 10:47:16 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full 
> (sz: 16383 bytes)
> Nov 25 10:47:16 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX 
> DMA!
> [user@sys-net ~]$ 

Try increasing swiotlb parameter on sys-net kernel cmdline. See here:
https://www.qubes-os.org/doc/assigning-devices/#possible-issues

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYOGJpAAoJENuP0xzK19cs4QoH/2jDyzwgrtN06LNzva4xoXer
oYwySJ65m5uZAvw5e6EbD4fQqrppva8dnjqWIxFN9gZYm/DTGLUXOxoO86+Tv8BS
CVdNJD4yPYWePBdeNZxQug2MZmMM5ad3+5gsvSlr+6Gza7mgKc8/g7G9JRItBGc1
EFLX9GbfFFTGhd9wrKqO+L54s+FbgwSjEiUTwmPeWQx0OZE/rPueZaYACAoZgUZe
QL2PSvEVPulpv+Fy2JpAA05BmLwlgdNqnaE/wS0iurky3SIxY8JvZYwPyzdHVamC
OKEiiByiu25YTn/wJPHEKwJmNggJVSeWozYYQVdiItausLFRg1YYdCEo0CGzGCc=
=GJ7m
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web

Re: [SOLVED Realtek 8111/8168] was Re: [qubes-users] R2rc1 networking issue

2016-11-25 Thread Vincent Elliott 
On Thursday, 15 May 2014 01:27:56 UTC-5, inf...@gmail.com  wrote:
> On Monday, 12 May 2014 09:58:30 UTC+2, Marek Marczykowski-Górecki  wrote:On 
> 12.05.2014 00:43, inf...@gmail.com wrote:
> 
> > On 12/05/14 00:38, Marek Marczykowski-Górecki wrote:
> 
> >>
> 
> >> ..
> 
> >> Looks more like some missing package (linux-firmware?). On my fc20
> 
> >> template
> 
> >> there is /lib/firmware/rtl_nic...
> 
> >>
> 
> >>> Aha, indeed
> 
> >>>
> 
> >>> when I do a "sudo yum install linux-firmware" it begins to install but
> 
> >>> fails with:
> 
> >>>
> 
> >>> Error unpacking rpm package 
> >>> linux-firmware-20140317-37.gitdec41bce.fc2noarch
> 
> >>> error: unpacking of archive failed on file /usr/lib/firmware/updates: 
> >>> cpio:
> 
> >>> chmod
> 
> >>>
> 
> >>> ?
> 
> >> Ah, I see... That symlink is leftover from times where firmwares were 
> >> provided
> 
> >> by dom0. Now you can simply remove it and retry package installation.
> 
> >> The next qubes-core-vm package will also remove that link.
> 
> > 
> 
> > Sorry, am still Linux doofus, what exactly should I do?
> 
> 
> 
> sudo rm /usr/lib/firmware/updates
> 
> 
> 
> So that worked :-) :-)
> 
> For anyone with an 8168 chip (until the update kicks in), best procedure 
> (assuming have WiFi as well)..
> 
> 1) disable 8168 network adapters in BIOS (necessary - it interferes with 
> WiFi), get the WiFi connection going
> 2) in the Template VM, remove the symlink as above
> 3) sudo yum install linux-firmware
> 4) update Template VM, and dom0
> 5) reboot, re-enable 8168 network adapter in BIOS
> 
> The wired network should now settle immediately, and seems to run fine on 
> standard r8169 (sic)
> 
> CB

All,

Am having the following issues on R3.2 and just cannot get the Ethernet 
connection working (8188CE WiFi is fine!):

[user@sys-net ~]$ sudo journalctl | grep r8169
Nov 25 08:46:17 sys-net kernel: r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded
Nov 25 08:46:17 sys-net kernel: r8169 :00:00.0: Xen PCI mapped GSI16 to 
IRQ22
Nov 25 08:46:17 sys-net kernel: r8169 :00:00.0 eth0: RTL8168e/8111e at 
0xc92f4000, 28:92:4a:2a:8d:16, XID 0c20 IRQ 23
Nov 25 08:46:17 sys-net kernel: r8169 :00:00.0 eth0: jumbo features 
[frames: 9200 bytes, tx checksumming: ko]
Nov 25 08:46:18 sys-net kernel: r8169 :00:00.0 enp0s0: renamed from eth0
Nov 25 08:46:28 sys-net NetworkManager[543]:   (enp0s0): new Ethernet 
device (carrier: OFF, driver: 'r8169', ifindex: 2)
Nov 25 08:46:28 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full (sz: 
16383 bytes)
Nov 25 08:46:28 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX DMA!
Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full (sz: 
16383 bytes)
Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX DMA!
Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full (sz: 
16383 bytes)
Nov 25 09:27:32 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX DMA!
Nov 25 10:25:17 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full (sz: 
16383 bytes)
Nov 25 10:25:17 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX DMA!
Nov 25 10:26:13 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full (sz: 
16383 bytes)
Nov 25 10:26:13 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX DMA!
Nov 25 10:47:16 sys-net kernel: r8169 :00:00.0: swiotlb buffer is full (sz: 
16383 bytes)
Nov 25 10:47:16 sys-net kernel: r8169 :00:00.0 enp0s0: Failed to map RX DMA!
[user@sys-net ~]$ 

Vincent

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa1107e7-dcf8-445c-b6cd-499699ea18f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Restore after suspend on Dell XPS 13 (9360)

2016-11-25 Thread masenius 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi! Just bought the Dell XPS 13 (9360) and installed Qubes. Most things work 
but it won't wake after suspend. Keyboard lights up but the screen doesn't 
wake. It is not possible to switch to tty (Ctrl+F2). How can I debug this on 
Qubes? /David
-BEGIN PGP SIGNATURE-

iQIcBAEBAgAGBQJYOFeYAAoJEPGkLSV5Ugp+cv4P+wbYThZtMF1mtksnWPqMmcY3
X6Ll3hIVYJ2a4XpyYfqBgPAs5uGH13DlU0fP3hUsWx9apaY1wR5l+vaF/mH3wwpw
yWpD/V3JGE2MCSQHVv8tTFN0unGk0HkfNsJ+PXGW1lzIA1vgRtHpfjXBt20A3/AN
Bl5xBWbnjniOXbaFynSath0Xnps7DDsMzIic4vvhNhA7OyWbbl6UIUH6nTmjhrXy
OCkoouTK3v1Rcm2fPmqqiuTCKlNuFqemyDnYrrtVE5c5Uaoj2kO1zmVoAODqrdaQ
SvHtBLhLiZ584ePHFoWJYcXc5i1EWDgOI8lIc2hFV2ccb+0WkON+box2JSgXNZU2
Tj2uxMVBMPmUiEJFiU5rvH0xCuCjxuIIt2OCmZuNz0UGcZ7e8rgUPIMizW4c7a8C
YRHOOPGK4QeLDGGb91gKOyBhZaZye+4X4oRIfbzC63nK+hQbGo1p4JpsWgOotWVk
MgChkBy37NJO5AKryePP6X4BAUByQoKAORJM9a7v34CAvqruqnZa/31P4Krr+MkO
hzSDDwXvxByjmZpQWChXEo/PA/vugaciWvWZkIBsnrEwOYVwhxvyENYQyNbMYoON
PFpq+njXPlUWfHM8HepQdHSjWaKYfalNKBi7SGwYq2rVUG0tm+LOPyx7kG9bqLnT
sL2AXKZm4HP/JFyhlJNS
=Txwl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e0cdfa9-b822-4c67-8fae-519e3decd700%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Questions

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/24/16 07:29, rspeiglv...@gmail.com wrote:
> * Finally, I am interested in the Purism Librem 13 laptop and noticed that it 
> was supported for Qubes R3.x but not R4.x. Is this because of some hardware 
> issues or because R4.x hasn't been released yet?
> 

Short answer: Hardware issues. If you want a laptop that's certified for 4.x, 
it is unlikely to be from Purism.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOFCzAAoJENtN07w5UDAwuYkP/13VBRDJMJKnm4gaYQub2cpN
qCQPYLd/SzuCWME61XcwXpSfEfVKexHUMkA8cHhe/02n094FMUcP1bNA5REtOJoI
PjzCcNjxqT9jcPO9F2/T6hN2wMNrzczShtJdy3VIJn9PQA2NFXDKEyNSjsTH6IP0
S6NJyOVhaD5yLsRGh5GeDCFNOJQN6z6MawBe5wiehT5Hl8d/jwzGU94QpeyjG4xI
IPU6i6Ngl3W7ghwXX3knITDViqPOzcXj8pcrlmGUiho9JJA3c5YXjO9r127gwtPG
2Wp6P987x7yq2ZxnNNg5YiYYVoWFdHoB9GkXOXrwJmUqCIDag4bpSNzKbMuw/TqJ
LHaBmRegB8fofQfwIb58IyBkKTNFR1CQDn5ig1h1jwSELN8lmrZAmXhjIgoqm1vK
uwrc3OGA9ESKJjnkONSNbFuwLD4m0QQeqj+1b0xyOYNyr/dlDMucT/3ydlaVHNgO
8ScH/ofbXbA2O252BD3GNrFOQ9R4MFA5byCpLuTzC6qkKactR+33/OZvWBqhr5V4
t1VzfKABX+Tagy7B7CtW1KoUw+Iu0OdvETlojZht/pg/gogazR9zv/udEWxaeDHQ
Tvi/d5YmcjJanALUVSiJGwgSct8JAz0ITe6HpTNPwH/cbl6wYXQYQKuFdd+OhIWl
JV+Sf7CPRr0TaqrbBB0r
=62HS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c8e3c3c-78c1-ecfc-cd3b-7cbbfdb4d159%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 24 Network Manager icon is missing (and other small issues).

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/24/16 02:35, Fabrizio Romano Genovese wrote:
> As the title says: I've cloned my fedora 23 templates and followed the 
> procedure to upgrade them to fedora 24. Everything is splendid, the only two 
> disappointing things are:
> 
> a) Network manager applet icon is missing. May this be related to the fact 
> that my netvm runs on a minimal template?
> 

You should be able to get a working NetworkManager applet if you install all 
the packages in the "NetVM" use case listed here:

https://www.qubes-os.org/doc/templates/fedora-minimal/#customization

> b) Fonts look a bit changed. Again, not that much of a problem, it's just 
> unexpected.
> 

That's probably because you don't have the same fonts installed as in the 
standard Fedora 24 template. (I'm not sure what they are, but I find DejaVu 
Sans works well enough for my purposes.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOE9mAAoJENtN07w5UDAwWxgQALUXEDLLPx8W2QEsgsmqi7eD
QZMhgEmQUmk9QD5dlg4xKphl88KE2pBv5eakD/NC/JhnOI1Fo0Mevw1B99Vu5dEZ
lETBFOO9TfnwJPG5HaFajBrpbziCxizPXhHvRKX+ayKb3tMECxbvq3sd4TgdnaiN
xtn03AH+RcBhO+qI6vk+pHvbuAkzuH/nAgXESuI0weUZPuokJBBO8Mak7q88/rdQ
qthyYley1cc7j6ogY9zfCYVIarFhAMd8NeoLSnXvgAUT1a4C5RAlhj1amjSz/JHZ
PmBsaygM2au2B0MOSe7vBY9Naobmoblu57IyT/mkwJ4uGMZuvNXPwarPoISxg0T1
IaCU1oeaTYQ+1FBXT1+ZVU/wTUBeUEu5mkxRvJcBl84dH57Vv3hnl/bbJitPCKkM
4+NYVZwVt9XdT++z/oPe+IEpzahtrcSEGq4UGhf01P5zLcTNqeqR9AZSJLfrpCzf
5EbhnokJU1U3Ex3u5XBpstW9Ygi0fjoFpMfMl69S3ISxsyJclcTv6xaIVjjablcz
ksL61DyqABceaBILW5i97NSzGUURXbP+dCUXSddlEBgqHuRcUgEuOOSMxDX3f35u
PXrq4o1vINlbhTRgMIcTDGDe52Tvzg+41PYTmc6Pd3vTNvOztLw0cwsCbAG4UDs4
5ION0JU+3981xicM2I1S
=kTpw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b5a4377-112b-32ae-381c-1fd351d55311%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Replacing Dolphin on Whonix-ws

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/21/16 20:19, Patrick Schleizer wrote:
> Nautilus previews are still enabled unfortunately. TODO:
> 
> https://github.com/QubesOS/qubes-issues/issues/1108
> 
> Dolphin [and Nautilus] previews are disabled in Qubes-Whonix, but not in
> other Qubes VMs. TODO:
> 
> https://github.com/QubesOS/qubes-issues/issues/1885
> 
> Help welcome!
> 
> Cheers,
> Patrick
> 

Those issues are for Debian and Whonix. File previews in the Fedora templates 
have been disabled for a long time now.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOE0hAAoJENtN07w5UDAwByUP/05cP1OgCMoU3BxBCtmGYiGH
QQOj4et9FPIsVCuuzmL2M3hTA1dV8pbpCyXCyFuuUvVzvD8lJavuJ4jCthkPU9uN
FeP/YjKKR8OXktBlXkvTbrhlEpBuw08s8bnWk9PnYizDIxTrj4XSOB5CPleQOzGo
SiFbdtJRHcZW9cjXgsQjPGmmawdbzhDgzPydGaGrCG3B9o0CMl1IAu9qivuGfeEZ
9W6VTiBLpkVyBNs+zFAWJQ0787e9hZy/NL/2s9HhxzvISOf4B6dVuyZCb1WxkArA
cM9Pf+rVAqx2ncYJvSTMsQNlFXYi9kVHoV3Bu3U4Bm8CtpaTmPWiQ9GycB2Mj7jm
G2t19CjlZ2FshYAw0C6WM4Y5xkEkY7oNGwnKOeSZ24B35Muy6L2p+t0bCzIwZjeI
LfB/+iVS0qwwjpoxQuTfkZjaQ3Ii3i/3ipd0mQF6TfOyJziR5B2aGL9W9w2AK7a+
rghxYP7jNNWwxILmdgg0hYhK7l3jS+iw6XkhpAwGt3MVp7OG7P+3Q1Osr8JYctFh
kHyTSb66F+AqOzlWJbekkWtD1ONc9EhLqn3/GAcY1ZTJIUiFlxT55dznluwJYIUY
GmBjSzf/Kx8QyQ+NYOOFKdcJFqHQ2p71CXFsbI0dJjky9Z+AdvJviEys3nCJGcwJ
Cfu3OXeVxYEiKr+NKaof
=rxZv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dbb7ab0a-c089-056b-18cc-9988b45bf63f%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes - Revocation of the Qubes Signing Key

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/21/16 07:46, Me wrote:
> Do Qubes have any intention of following in the footsteps of TAILS as
> proposed below:
> [...]

This is a good idea. Tracking it here:

https://github.com/QubesOS/qubes-issues/issues/2459

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOEpMAAoJENtN07w5UDAwa3YQAL+lkWgR8klU70/J098lPTUU
sY0nin+jMUa7VATfShZoZT6fR+sfaWT90HCGHkEAQiO8iIP+qYk19+B/GxYUi0SC
JwK0pMn2rlo7phtAteLui5znPam25j0T9bfDZOdk7pMpSihSj6OXbqcXa6aeRImd
K5zciq2BedP+cjmq1INHbWf5fscoqGh0cRlydYbwWDrQ92bEWflTvrqExLaGTqhN
n8Bg0ceEVdz7YQjhc9rKDslOfgVVwzEaqqpU+luI91tXG04KLIgJxC8mSgnB7e1O
bC/ImjzqmUIbd3O4Xcy8v8XzgliPlzGc50GzyBFVAwLr5ZjjEGEwU5Z+v/kmlG99
8T1JF7utjuuPCFzdrht5p/+6WMN0G2qIJzrqE1QMOMJbjZspjSvIumLEHVQx2TOQ
ZkkwWlzd8JqCSIoSYJpPD1gTjn6NjCEdMshy/pISHCdocC7cWZdEIIGSv4NgowCY
q0eX0zp4CRbnkcbcnP9b19HZInAkkay9b6Mi1s7wifzRG7z7MNnieuSAXnVeuIn5
d9QunG7bElzG2ls5oD4e08sCN4vcEaPxgiVh9QgbZzROOSdWqmsfYbJxMULd6Zht
CGWMuBPZs2NRKTUC0/yqoBllHLTEwmCHDnF5O4iCRjcBgZ/qj8rN6cVBK3DCqGG1
5X+SqllKC9PHO40m7NTw
=EPCo
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6fc6b6f5-e4ce-9906-adc2-969c7e1c6ec5%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't update dom0?

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/21/16 09:12, Loren Rogers wrote:
> 
> On 11/19/2016 06:31 AM, Andrew David Wong wrote:
> On 2016-11-16 12:10, Loren Rogers wrote:
 I can't seem to update dom0 using the regular updater. The system keeps 
 telling me there are updates for dom0, but I can't get anything to 
 actually update. Is there something I'm missing here?

 Clicking the "Update VM System" button with dom0 selected seems like it 
 starts, but it doesn't really go anywhere. I attached a screenshot of the 
 system after it gets going. Eventually, it'll just silently crash. I can 
 re-start the process, but it does the exact same thing.

 I'm using R3.2 on a Thinkpad X201 Tablet.

 Thanks!
 Loren

> Are you sure it's crashing instead of simply not finding any updates? There's 
> a known issue with the update notification icon showing even when no updates 
> are available:
> 
> https://github.com/QubesOS/qubes-issues/issues/2086
> 
> No, I don't actually know what happens when it disappears. What would be a 
> good way to determine if it crashes or exits without updates? Is there any 
> indication that the process completed?
> 

I'm not aware of a way from the GUI. That's why I prefer using the command-line 
for updates. I'd recommend doing that if you're comfortable with it (and are 
still having problems).

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOEkXAAoJENtN07w5UDAwzfoP/AzoT/cevG7gtk3vRWCCl374
obXiwxTUmsM7fnW2NiH5NYZa/IFyrqLnv6MWVVnYw6NQtn99MfRvY4gn/fzVqqDo
Yic8jhcpiKGgHtsvaFGZCB0lUlP8RY2wZVh9ddEL/z+1UtbpXB2ZJDRPbyN4fP6N
QX5eYt4XKrx+Z1TBrglG0hJ9wshghl18yWq9eM0do3lt10DYbmdamhma2cIKMN8D
pMOfd5hwUh+qDbDj5zEsI/2DJpzoplcTbquPIxoCDOf5tO/x0yKNqaA8++qS2jKs
giwnKhJfmgjxnaQI+rwTjOgV8WyatNRwsVG1Vh2ntNpZM6cJNPhULUkkzGKMDkgA
bO50VmFDdo4GXC6Rdl+KCcJ635OARhKMrGrCUO7fFATH0fJEQ2mj9pIpL1VkiCub
K0VLuXfJVi4Iw/ye6jUufWqxA7ehCjHSHCjDfDYt1L5TFazQYt44y6AZvmS6we/R
cFgA70v3Q+KCfRlScQVJhq5dJDrkye9zW4+L3IQl0Ryc9AcunNpCKS3B43qQyAlM
JjN5JSiLdMGlmZD1JAIZeDHlLx9TlrguZt2DAtBy1GiBs7nMAPHNGpypMobKZeGF
iz+/X5pXKZXEZLHI/jgxXkEeMU++2pCp3nqDy9M2h6tvf7QHVjyMmv8gaN4aM7un
mh33rujEHIbWivht+FEz
=wgFr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3adc354f-7afe-c061-dff7-2b0b79d4cfa3%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Date/Time panel plugin appears with white backgroud after yesterday's upgrade

2016-11-25 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/21/16 07:11, 55qpno+2vc52qkc122uo via qubes-users wrote:
> Hi,
> 
> After yesterday's upgrade my date/time panel on the XFCE panel appears with a 
> white-ish background that makes almost impossible to verifying the current 
> time/date.
> Is anyone else experience the same thing? Any ideas how to resolve this? 
> 
> Thanks
> 

I haven't see this personally. Have you tried changing the desktop and window 
manager styles?

Settings Manager -> Appearance -> Style

and

Settings Manager -> Window Manager -> Style

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYOEeOAAoJENtN07w5UDAwAsUP/2AtzJTNDFvezqeQ7P8uh2MO
kyTK9Wq476d2ekkfVmJhkpDTTI8u+XIu+rhAId7PrD5vmn0pf04jwwhDYxG0CqPK
My11hImfzvucJnQFdiQAkmOEdqSnQRv3C41ng0o9lqoXDhirSi91YFOpL3PL32b+
o3CcWxbNanqShrqXw4hFhXZ9e97GKXhbUQG/IhujCB+/UF79Ei8qhSlhTnCbM/HI
ZfAKVuoTPlWXm9HIOiGu7mb4DjX+CAhNEoAgf339KCGRSiX6S23ImNZRJUsOOcDD
IOORi3aJv28haKI9wilx62t+rQxI1Lrwy/GzRQf+VK9l/RjXB3o7tv3w2ceEa6hn
0Rh2+ZzVETYHbiwtR/IYJIhLx1/5ygfrd9WYl9XxdJgfBruEaYjBL7PnSzK+J94/
2j4IxnKF6FQR7wcr3hhWd8FuEAxhFx3kKvx292xs8ytYeSMLy3m3280t9x0LHbP4
tNumO5Om3OwX6tteSor+Z8Z0l+B9vpCY1kC4qTEQq+Wod40Yd4LewsHlg33V/GY9
TPoA2EaXktwV/ysev84kbr4lIzPOl8/rKzgKQDPf3pwB8v6SwsoHpsCzMA10xAkG
U2bFOxUpmB+zmOxuW9gyhlseJ+KnJMQJYNV1+Y65L7Vt2PU3uOCHI6LLb95xWvNy
RsIM3oQETrvmRCK6bbq2
=k6iF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3c72c3d-bebf-282a-3cc9-1222e649761c%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Passthrough

2016-11-25 Thread Salmiakki 
On Friday, November 25, 2016 at 1:36:42 PM UTC+1, Desobediente wrote:
> As for these checking algorithms, everything can be faked, 

Not really pertinent to this discussion but PUFs: 
https://en.wikipedia.org/wiki/Physical_unclonable_function

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ad2ea33-057f-4fcb-92ca-52b72c9eb3ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

2016-11-25 Thread jkitt 
On Friday, 25 November 2016 11:38:21 UTC, raah...@gmail.com  wrote:
> can you just tell us the options so we can compile it ourselves?  paste the 
> cfg or something.

https://wiki.gentoo.org/wiki/Hardened/FAQ#Do_I_need_to_pass_any_flags_to_LDFLAGS.2FCFLAGS_in_order_to_turn_on_hardened_building.3F

Also:
 
> Can I add -fstack-protector-all or -fstack-protector in the make.conf CFLAGS?

> No, they will likely break the building of many packages, amongst others 
> glibc. 

in other words these options will break some packages - particularly glibc; 
ulibc is more flexible in that regards.

There's also: https://wiki.gentoo.org/wiki/Hardened/Toolchain

It's not as straightforward as you think. Perhaps you can build selected 
applications as statically linked with PIE, and place it in a grsec chroot 
instead - it would be a lot simpler.

I'd really like to see Gentoo (hardened) support, that and OpenBSD. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85a85993-5aaa-42a5-b627-3ff158fe456f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Network problem since upgrade to fedora-24 template

2016-11-25 Thread BePe 
I found the "problem".
It seems that the code of the systemd script that detects virtualization
(systemd-detect-virt) has changed between fedora-23 and fedora-24.
The one in fedora-24 is confused by the fact I use QubesOS insed a KVM
VM and is not able to detect xen on top of the VM (it detects KVM
instead). As a consequence, the service xendriverdomain.service was not
started (ConditionVirtualization not met), causing networking to not
work on the AppVM (as the backend network was not correctly configured
on the NetVM side).
To workaround this "problem" I overwritten the systemd-detect-virt in
fedora-24 by the one in fedora-23.
Everything works fine again :)


On 11/25/2016 12:01 PM, BePe wrote:
> I suspect that the script vif-route-qubes is not called at all?
> What triggers this script? Where is it configured?
>
> On 11/24/2016 04:09 PM, Opal Raava wrote:
>> On Thursday, November 24, 2016 at 3:03:01 PM UTC+1, BePe wrote:
>>> Hi Opal,
>>> Thanks.
>>> But I don't know all the actions that should be realized. For sur there
>>> will be IP configuration, routing and probably iptables rules.
>>> BePe
>>>
>>> On 11/24/2016 01:22 PM, Opal Raava wrote:
 On Thursday, November 24, 2016 at 8:33:14 AM UTC+1, BePe wrote:
> Hi All,
>
> I have an installation of QubeOS 3.2  inside a KVM VM (I know
> that it's not recommended but it's very practical for testing)
> that was working without any major issue since last week when I
> decided to upgrade to the fedora-24 template and have migrated
> the net-vm et the firewall-vm to use the new template.
>
> Since then, the networking (e.g. internet access) is no longer
> working on all the AppVM except on the net-vm.
>
> I noted that when an AppVM is started there is no vif interface
> that is brought up in its configured NetVM as it used be the
> case when fedora-23 template was used for the NetVM.
>
> Does somebody have the same issue? How could I fix/workaround
> the problem?
>
> Is there a way to manually and properply bring up the vif.XX
> interface to establish the connection between a VM and its
> configured NetVM?
>
> Thanks for your help.
>
> Regards,
>
>   
> -- 
> BePe
 Hi BePe, I don't have the same issue, but maybe you can manually put the 
 required ifconfig orso commands in your /rw/config/rc.local file? (and 
 make that file executable.)

>>> -- 
>>> BePe
>> Hmm there should be an easier way, but I dont know how... I'm still a noob :/
>>

-- 
BePe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3aa66b77-9a06-83d8-d965-6583ef10d2a9%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Passthrough

2016-11-25 Thread Desobediente 
In the settings tab on the qubes manager you could passthrough almost
everything. For example, if you passthrough the video card, your screen
will black out.

As for these checking algorithms, everything can be faked, which implies
the very idea of checking the system is broken because you can run your
"system checking" software everywhere you want to, because with
virtualization, you can tell the operating system whatever you want to.

Modern and clever software for checking COULD bypass some things, what
would require you to recompile qubes/xen to apply more aggressive means to
fool the windows guest.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAF0bz4QxNBCJmRH8yVvtUyWs6%3D7Rzz1T%3DDFz42m8mW3mKxhBZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes and GPUs for Data Science

2016-11-25 Thread Salmiakki 
You would need "GPU passthrough" and give the entire GPU to one VM. Some people 
try; most fail. It's not supported and finicky.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11401b03-7f1c-442d-bb12-e2097f136801%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Passthrough

2016-11-25 Thread Salmiakki 
On Friday, November 25, 2016 at 12:55:27 AM UTC+1, Drew White wrote:
> Is there any way that I can pass through all real hardware specifics to the 
> guest to make it not think it's running under xen? (primarily Windows)

It depends on what exactly is used as input to creating this device identifier 
but it's extremely unlikely that you will be able to pass through all the 
necessary devices. You might be able to fake some of it, though. There is no 
support from qubes except for PCI passthrough.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f948a2e-5aae-4451-b806-7b6961e513b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

2016-11-25 Thread Salmiakki 
On Tuesday, November 22, 2016 at 7:57:56 PM UTC+1, kev27 wrote:
> I saw this being retweeted by the Qubes account on Twitter. Can Grsec support 
> still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc?
> 
> I think if Grsec would be enabled by default in Qubes, it would be no 
> question that Qubes is the most secure operating system out there.

Technically you could consider having grsec in dom0 or in AppVMs. It seems 
unklikely to me that it will appear as a default in either place.
In dom0 it isn't really necessary because it is extremely hardened and 
trustworthy already. In AppVMs it can be used already which is what this tweet 
is about but I doubt that the default Fedora template will change.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/530ca2c9-c99f-447f-88ed-5a4fe59ca65a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

2016-11-25 Thread raahelps 
On Friday, November 25, 2016 at 6:38:21 AM UTC-5, raah...@gmail.com wrote:
> On Wednesday, November 23, 2016 at 6:34:08 PM UTC-5, jkitt wrote:
> > On Tuesday, 22 November 2016 19:49:07 UTC, Ronald Duncan  wrote:
> > > Will this be using the latest linux kernel since grsecurity only provide 
> > > the latest version free.
> > 
> > Yes, it will be an "unstable" kernel. A bare metal grsec kernel is actually 
> > available in Debian's testing repo. However, it is not compiled with 
> > optimal hypervisor guest options, and will be slow (if working at all) in a 
> > Xen guest environment. And because it's in the testing repo it probably 
> > doesn't receive as much attention to security as stable.
> 
> can you just tell us the options so we can compile it ourselves?  paste the 
> cfg or something.

does it need any other special patches?  something like this to stay up to date 
you gonna need compile the multiple times a month.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dedae420-91df-4a54-b96c-a56bb36e7d1f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

2016-11-25 Thread raahelps 
On Wednesday, November 23, 2016 at 6:34:08 PM UTC-5, jkitt wrote:
> On Tuesday, 22 November 2016 19:49:07 UTC, Ronald Duncan  wrote:
> > Will this be using the latest linux kernel since grsecurity only provide 
> > the latest version free.
> 
> Yes, it will be an "unstable" kernel. A bare metal grsec kernel is actually 
> available in Debian's testing repo. However, it is not compiled with optimal 
> hypervisor guest options, and will be slow (if working at all) in a Xen guest 
> environment. And because it's in the testing repo it probably doesn't receive 
> as much attention to security as stable.

can you just tell us the options so we can compile it ourselves?  paste the cfg 
or something.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80ea0796-216f-49d9-ac6c-56924058cba3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes not shutting down

2016-11-25 Thread raahelps 
On Thursday, November 24, 2016 at 3:11:15 PM UTC-5, Loren Rogers wrote:
> On 11/24/2016 01:39 PM, Loren Rogers wrote:
> >
> >
> > On 11/24/2016 03:57 AM, Pawel Debski wrote:
> >> W dniu środa, 23 listopada 2016 00:34:09 UTC+1 użytkownik Drew White 
> >> napisał:
> >>> On Tuesday, 22 November 2016 13:41:30 UTC+11, Loren Rogers  wrote:
>  On 11/21/2016 06:24 PM, Drew White wrote:
> > On Tuesday, 22 November 2016 06:04:43 UTC+11, Loren Rogers  wrote:
> >> On 11/21/2016 11:04 AM, Loren Rogers wrote:
> >>> On 11/21/2016 12:42 AM, Drew White wrote:
>  On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers  wrote:
> > Another correlation I've noticed is that my machine randomly 
> > shuts
> > itself down without warning when I'm browsing in the 
> > Anon-Whonix VM. It
> > seems that simply having the Whonix browser open causes the 
> > problem.
> > I've not been able to pin down an exact cause, but it seems to 
> > happen
> > after about 5-20min. When this happens, the machine sometimes 
> > ends
> > up in
> > a hung state (black screen) at the end of the shutdown process.
> >
> > I've also noticed that the fan speeds up right at it starts to
> > shutdown.
> > (The screen turns to the Qubes logo with the progress bar, 
> > then the fan
> > cranks up.) Sometimes the bar makes it all the way to the end, 
> > other
> > times it seems to simply crash to a hault. As I mentioned 
> > elsewhere,
> > the
> > Thinkpad X201t is known to have overheating issues, but I'm 
> > not sure if
> > this is related. I'm not working the machine particularly hard 
> > (just
> > browsing articles on the web), and the hardware is not 
> > particularly hot
> > to the touch.
>  When it gets to the qubes logo screen, press ESC to see what it's
>  actually doing.
> 
>  If you wish to always know what it's doing, turn off rhgb and 
>  quiet
>  in the boot config.
> 
>  Then you will see where the issue is.
> >>> Thanks, I'll give that a shot next time it happens. I feel like 
> >>> it'll
> >>> go by too quickly for me to see what's happening; does it also 
> >>> write
> >>> its activity to a log somewhere?
> >> I can now confirm that it's an over heating issue. When it went 
> >> into the
> >> automatic shutdown sequence, I pressed escape and managed to take 
> >> note
> >> of a few of the messages. One of the very first ones was 
> >> something about
> >> "thermal_zone_0 critical temperature reached: 128C", which I 
> >> assume is
> >> the cause. (This isn't an exact quote, since I noted it from 
> >> memory.)
> >>
> >> This raises some questions:
> >> - What could be causing this overheating issue in Whonix?
> >> - Is 128C a normal temperature for the safety shutdown to kick in?
> >> - Does Qubes have a warning / alert system for potential 
> >> overheat? (Like
> >> low battery)
> > It is a high temperature, but does it ONLY happen in Whonix?
> > Or if you push the PC does it happen also?
> > Have you tried limiting the threads Whonix can use?
> >
> > Sometimes CPUs have shutdown at 99 degrees.
> > So 128 degrees is a bit high in my own opinion.
> >
> > I recommend you check the CPU Fan and heatsinks (if it has them).
>  Thanks for the input - I just dusted out the fan, and we'll see if it
>  helps. It wasn't too bad, but we'll see if there's an improvement.
> 
>  No, it also randomly goes into auto-shutdown when backing up VMs.
>  However, that happens about 20% of the time. Whonix seems to do it 
>  about
>  80% of the time, the other 20% I figure I shut it down before it 
>  does so
>  on its own. I figure there may be something in the Whonix VM that's
>  causing my processor to over work itself. The auto-shutdowns may be
>  ultimately linked to dust in the fan or something like that, but if
>  there's something processor intensive in Whonix, it may be worth 
>  looking
>  into.
> 
>  Also, a heat warning message would be nice. I assume the thresholds 
>  are
>  set via the bios - is there a standard way of monitoring this? (I'm 
>  not
>  particularly well versed in this sort of thing.)
> >>>
> >>>
> >>> I recommend you get your HDD checked, and your RAM.
> >>>
> >>> Test both thoroughly.
> >>> Could be some bad sectors.
> >>> Also run a smartd check.
> >>>
> >>> Some PCs have system diagnostics built in for RAM in the startup 
> >>> sequence.
> >> Thinkpads have known problem that after long time of usage GPU 
> >> radiator glued to the chip goes loose and X201 is rather older model. 
> >> Not sure how to measure GPU

Re: [qubes-users] Re: Qubes not shutting down

2016-11-25 Thread raahelps 
On Monday, November 21, 2016 at 2:04:43 PM UTC-5, Loren Rogers wrote:
> On 11/21/2016 11:04 AM, Loren Rogers wrote:
> >
> > On 11/21/2016 12:42 AM, Drew White wrote:
> >> On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers  wrote:
> >>> Another correlation I've noticed is that my machine randomly shuts
> >>> itself down without warning when I'm browsing in the Anon-Whonix VM. It
> >>> seems that simply having the Whonix browser open causes the problem.
> >>> I've not been able to pin down an exact cause, but it seems to happen
> >>> after about 5-20min. When this happens, the machine sometimes ends 
> >>> up in
> >>> a hung state (black screen) at the end of the shutdown process.
> >>>
> >>> I've also noticed that the fan speeds up right at it starts to 
> >>> shutdown.
> >>> (The screen turns to the Qubes logo with the progress bar, then the fan
> >>> cranks up.) Sometimes the bar makes it all the way to the end, other
> >>> times it seems to simply crash to a hault. As I mentioned elsewhere, 
> >>> the
> >>> Thinkpad X201t is known to have overheating issues, but I'm not sure if
> >>> this is related. I'm not working the machine particularly hard (just
> >>> browsing articles on the web), and the hardware is not particularly hot
> >>> to the touch.
> >> When it gets to the qubes logo screen, press ESC to see what it's 
> >> actually doing.
> >>
> >> If you wish to always know what it's doing, turn off rhgb and quiet 
> >> in the boot config.
> >>
> >> Then you will see where the issue is.
> >
> > Thanks, I'll give that a shot next time it happens. I feel like it'll 
> > go by too quickly for me to see what's happening; does it also write 
> > its activity to a log somewhere?
> 
> I can now confirm that it's an over heating issue. When it went into the 
> automatic shutdown sequence, I pressed escape and managed to take note 
> of a few of the messages. One of the very first ones was something about 
> "thermal_zone_0 critical temperature reached: 128C", which I assume is 
> the cause. (This isn't an exact quote, since I noted it from memory.)
> 
> This raises some questions:
> - What could be causing this overheating issue in Whonix?
> - Is 128C a normal temperature for the safety shutdown to kick in?
> - Does Qubes have a warning / alert system for potential overheat? (Like 
> low battery)

maybet thats your hdd reported temp?  Fedora use smartctl by default I think?  
could be your hdd is going if its the case.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a355c3c2-7a49-4553-a8de-a5d572e0a2fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Passthrough

2016-11-25 Thread raahelps 
On Thursday, November 24, 2016 at 6:55:27 PM UTC-5, Drew White wrote:
> Is there any way that I can pass through all real hardware specifics to the 
> guest to make it not think it's running under xen? (primarily Windows)

what? lol

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f541c21-32e7-493f-8ad6-bef4c1e72765%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.x and Librem 13

2016-11-25 Thread Duncan Guthrie 

À 25.11.2016 04:36, Jean-Philippe Ouellet a écrit:
On Thu, Nov 24, 2016 at 8:12 PM, Duncan Guthrie  
wrote:

And of course Coreboot is fast and fun.


I love your description of BIOS work as "fun" ;)

In my experience, getting things working has been anything but! xD


I like customising things, so it is fun. Coreboot usually works fine the 
first time you compile...


As for the fun, what I am referring too is some of its advanced features 
- can your BIOS run Tetris from the flash chip, I ask?


D

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40c9e25ff064949581ee8270008c91da%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Network problem since upgrade to fedora-24 template

2016-11-25 Thread BePe 
I suspect that the script vif-route-qubes is not called at all?
What triggers this script? Where is it configured?

On 11/24/2016 04:09 PM, Opal Raava wrote:
> On Thursday, November 24, 2016 at 3:03:01 PM UTC+1, BePe wrote:
>> Hi Opal,
>> Thanks.
>> But I don't know all the actions that should be realized. For sur there
>> will be IP configuration, routing and probably iptables rules.
>> BePe
>>
>> On 11/24/2016 01:22 PM, Opal Raava wrote:
>>> On Thursday, November 24, 2016 at 8:33:14 AM UTC+1, BePe wrote:
 Hi All,

 I have an installation of QubeOS 3.2  inside a KVM VM (I know
 that it's not recommended but it's very practical for testing)
 that was working without any major issue since last week when I
 decided to upgrade to the fedora-24 template and have migrated
 the net-vm et the firewall-vm to use the new template.

 Since then, the networking (e.g. internet access) is no longer
 working on all the AppVM except on the net-vm.

 I noted that when an AppVM is started there is no vif interface
 that is brought up in its configured NetVM as it used be the
 case when fedora-23 template was used for the NetVM.

 Does somebody have the same issue? How could I fix/workaround
 the problem?

 Is there a way to manually and properply bring up the vif.XX
 interface to establish the connection between a VM and its
 configured NetVM?

 Thanks for your help.

 Regards,

   
 -- 
 BePe
>>> Hi BePe, I don't have the same issue, but maybe you can manually put the 
>>> required ifconfig orso commands in your /rw/config/rc.local file? (and make 
>>> that file executable.)
>>>
>> -- 
>> BePe
> Hmm there should be an easier way, but I dont know how... I'm still a noob :/
>

-- 
BePe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb259fab-fe54-d997-add2-50c078b390f3%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Tradeoffs between btrfs, lvm, and lvm thin provisioning.

2016-11-25 Thread nakutnyi 
вторник, 28 июня 2016 г., 17:37:57 UTC+3 пользователь Chris Laprise написал:
> On 06/27/2016 09:47 PM, indoler...@gmail.com wrote:
> > What are the tradeoffs between btfs, lvm, and lvm with thin provisioning 
> > WRT speed and space efficiency?
> >
> 
> Both btrfs and (thin) lvm do similar things with copy-on-write, though I 
> have not seen direct comparisons of speed between them. Btrfs is more 
> flexible by far, though, and its what I use for Qubes. Regular lvm is 
> just a hassle and IMO only good for snapshots that are immediately 
> created and destroyed for backup procedures.
> 
> Qubes will automatically use reflinks whenever it clones vm disk images, 
> which is a COW copy that happens instantly and only allocates extra data 
> blocks when blocks are changed in either copy. It allows a lot of 
> experimentation to be done at virtually no cost in disk space, for 
> instance. This happens on a per-vm (actually, per-file) basis, without 
> having to do whole-filesystem snapshots as in lvm. This makes btrfs 
> potentially much more space efficient than the rest if you make use of 
> cloning. Btrfs also has compression.
> 
> Its worth noting that vm images suffer from logical fragmentation 
> because writing to disk image files behaves like random database 
> updates. Because btrfs does COW on *every* write, it does make it slower 
> than ext4 but on Qubes not noticeably so. Qubes vm images are sparse, so 
> whenever deletions occur this fragments ext4 filesystems and slows them 
> down also.
> 
> The fastest filesystem to use in dom0 is probably ext4 *without* lvm. 
> Turning off 'discard' in the vm's /rw volume may prevent some 
> sparse-related slowdown (at a cost in disk space). With lvm, ext4 will 
> probably become slower than btrfs as soon as you start making snapshots 
> and updates.
> 
> Beyond that, I think its possible to assign a raw block device to a vm, 
> though I haven't explored that yet. Ext4 on a raw block device would be 
> the fastest, but not flexible or space efficient.
> 
> Chris

Hello Chris,

Thank you so much for your answer

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77ff3000-2a24-447b-b54b-a0d51a2c9d2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Attaching Item as FDD

2016-11-25 Thread Salmiakki 
On Friday, November 25, 2016 at 3:55:04 AM UTC+1, Drew White wrote:
> How do I attach am IMG to appear as an FDD?

A floppy? You mean in Windows? I've never seen anything about that being 
supported.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b1ac7d6-49ed-4218-acef-6ef949c46d05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.