[qubes-users] HCL - Lenovo Thinkpad T540p
Everything works well. Some small inconsistencies between the VMs in terms of HiDPI scaling but that is more an application issue rather than qubes specifically. Suspend, Audio, Brightness all work. Shutting down takes ages, and I often have to force shut-down after ~5m, though I see other users with the same problem so unknown if hardware specific. Install had to be done using BIOS/Legacy method, install USB would not boot otherwise. Overall really happy with it :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3845ae3a-afaa-318a-cb37-86ab934d312a%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-20BECTO1WW-20161210-024247.yml Description: application/yaml
[qubes-users] qmemman entries in the journal
Hi!
Could someone tell me what qmemman tries to tell me from time to time
when it is logging this (line wrapping by my editor):
Dez 10 03:29:05 dom0 qmemman.systemstate[2624]:
Xen free = 61143341669 too small for satisfy assignments!
assigned_but_unused=61301070009L, domdict=
{'1': {'last_target': 314572800, 'meminfo': None, 'memory_current':
312463360L, 'no_progress': False, 'memory_actual': 314572800,
'memory_maximum': 314572800, 'mem_used': None, 'id': '1',
'slow_memset_react': False},
'0': {'last_target': 65586845881, 'meminfo': {'MemTotal': 4287901696,
'Cached': 1112002560, 'SwapFree': 63999832064, 'SwapTotal': 63999832064,
'MemFree': 2623762432, 'Buffers': 5431296}, 'memory_current':
4287885312L, 'no_progress': False, 'memory_actual': 65586845881,
'memory_maximum': 68578967552, 'mem_used': 546705408, 'id': '0',
'slow_memset_react': False},
'3': {'last_target': 524288000, 'meminfo': None, 'memory_current':
524288000L, 'no_progress': False, 'memory_actual': 524288000L,
'memory_maximum': 3145728000, 'mem_used': None, 'id': '3',
'slow_memset_react': False},
'2': {'last_target': 524288000, 'meminfo': None, 'memory_current':
524288000L, 'no_progress': False, 'memory_actual': 524288000L,
'memory_maximum': 3145728000, 'mem_used': None, 'id': '2',
'slow_memset_react': False},
'4': {'last_target': 419430400, 'meminfo': None, 'memory_current':
419430400L, 'no_progress': False, 'memory_actual': 419430400L,
'memory_maximum': 4194304000, 'mem_used': None, 'id': '4',
'slow_memset_react': False}
}
I'm not really running out of memory, am I? It is happening with about
10 template VMs running which could be using up 40 GB at most (as all
have a maximum of 4000 MB in their configurations).
Achim
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/4ab62627-59c9-6135-4d26-7007a3fec59a%40noses.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
On 12/09/2016 05:56 PM, Eva Star wrote: On 12/07/2016 07:48 AM, Andrew David Wong wrote: FWIW, `systemctl restart qubes-firewall` fixed it for me last time. Today one my VM losses network 2 times. Every time I tried `systemctl restart qubes-firewall` and it not fix the issue. It's looks like the issue at VM. Maybe, fedora-25 will fix it... Debian 8 & 9 have been working fine, BTW, and Debian has a more secure update than Fedora. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc2f4bf6-f1a1-a09d-b718-d357a5b5f018%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: off topic - invite codes to 'riseup'
On Wed, Dec 07, 2016 at 07:55:31PM -0800, simmonsja...@gmail.com wrote: > On Sunday, December 4, 2016 at 7:24:38 PM UTC-5, zachke...@gmail.com wrote: > > Could you PM me one as well? > > Could two people also send me two invitation codes (via email) so that I may > join the riseup.net email service? > > Thank you in advance. If someone (or two) would be so charitable, I'd like 2 invites to riseup also. -- List replies preferred. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161210012519.GM27966%40server. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Installing on macOS Macbook
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-08 21:11, Jean-Philippe Ouellet wrote: > On Thu, Dec 8, 2016 at 6:37 AM, Andrew David Wong > wrote: >> Qubes isn't supported on VirtualBox or on Macbooks > > This is the first I've heard of MacBooks being "not supported". > By "not supported," I mean that there are a lot of known problems specific to Macbook compatibility, and we don't have any particular commitment to changing Qubes in order to fix/circumvent those problems. > I know at least one person personally who is currently running > Qubes on a recent (<2yo) MacBook, and it is completely usable. > "Not supported" does not (and has never) meant "unusable" or "cannot be done." I'm not sure why you would think it does. (Frankly, your interpretation is uncharitable, given that I pointed out that there are threads on accomplishing each one separately and that it might be possible through DIY hacking.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYS1AwAAoJENtN07w5UDAwrj4QAIAhBDoP7twbHAEBmy+V9w5g s10hSzwmPAY1Mebx764f+Uish1k5XflsMa4fSQaV9DiwP7z+RfY/siI/RVTr3QXu hk81q7RbxBXdut5L8VNoOjBximWVZOd2NDlBtR9SbwFAJemJG89NYRtYlXKqoeV7 li9mM/dXLj43oLYlMXqtP7nAnq7pIONViIa3Rn5qQcF/rBnx4UP9OucGd3J6yXrV PxfGxcDn/g9D4Wi1GrVllK+2Kej5deRKttSjgsd6k9Z2H1j3ZM1VEXnRgnJEjZ+h bzoIHV64X7SyKHQH4Y+qfBUycCP1NonNhZPKMziN/4G9gY9VRDfocSCi5hinKX6C UE2AIrz/P8fwr3FfToVGVWNLDzHmSeGmrYiYtAYaWH7zYfh5DAxYIR/yEiOvzDmw aFmTF42pSqG3JLSgIpPAA7yfouQ85LVL9GRuBMTQ8As9kzQU7onmNE22PugbDC0u yiZp0PSCZ+snyOipfuvnbsrSGXysMfb07nfjwwj0l0jUxbd+3u5Au+bTtVGOgh6V l9LSjp2NMgaHzDSqTl4smNGbPqn4FYBLtPvr9NlRkou252FajAqncxVYfm6uEWgE uRF+oCeUjw/rytKHMSh8s2uUlVQCwd5tEMZppiZZRPRS5Ogg2OxeZlZ7sy3jDb/z FZ8jlh5j+BfD+LxKbkRh =EpU0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ee1b3f2-b51f-9a7b-b286-5f855820b316%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora 23 EOL December 20; Update Your Templates!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-09 05:37, Daniel Moerner wrote: > Hi all, > > Just a friendly reminder that Fedora 23 End of Life is December 20.[1] You > may want to make sure you've updated your templates; there is a guide in the > Qubes Documentation.[2] > > I know I don't get to decide what people talk about, but I'd like to ask that > people NOT use this thread to rehash the debate about the dom0 distribution. > :) > > Best, > Daniel > > [1] https://fedoramagazine.org/fedora-23-end-of-life/ > [2] https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ > Thanks for the reminder, Daniel. I'll also take this opportunity to re-share our announcement from last month: https://www.qubes-os.org/news/2016/11/15/fedora-24-template-available/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYS04mAAoJENtN07w5UDAwDa8QAK2iO71YRRB9YCe9Uqs73tVB 4JjLk5c+uv54CTRxSS/UEVvtYUz8Pw5GkOTyR0mBvUC/xome6WqgR7wVYcVh3UfF rPVHxd6pNtfTDbcXu9w7E+c6JxV3l5nUqyesfU7AwNB3YbkIPoUS6Wx8VndjPF3N FoYrVukGoFQyJAZt7YvPrXQXlgySPm/KqpD43HVvdp1hUzaE/oSx+oGEdrfdtgMo hztt48FhK2VmMeoJNhutS2F/HetDSh9u3v66PKh2Gz8epN3V1EdIY0numsDSvNZQ qunOy8IhKs661xV+N3w/hhzUooCGfIpg/rETUY5D7SgJZhyhk8+AUOnDyHERbCAO dQu9/OaoMiyHnmHRJjUC7L9EWRe4o7X/VJwUNRcqHJ3WsRtunxpPJYB3AnG7KfVz DCaC2pogTjSomUF92G7nhd7ilKUnPtZ6QJXus1biv8JA363U37oNkJnK+Xjvr4kI w0RtAxiHl0I3k46NvZRpn3eaAJsewmJ34F2omM/UydLFLgHnGnC3MYMf3+6sflOT VRCbfzsHdlAIEL+cM/lJ7DOeuj6hvd7tUNdB0a7ZcPsTGIpsnQtUacnRAwNx0LNc 0NTi+oko/+Oi1uOyFsAFyzfG3b9N+iaY0B80mPuMTLtr1+OWV1DyBp3kXU/nWr0z DUvQIBS4FzeicdIUl+60 =4HRE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1bce03ca-648a-795e-95a5-f6cb25cc2530%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-open-in-dvm opens files with wrong application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-09 03:53, rutger7...@gmail.com wrote: > Using command 'qvm-open-in-dvm' in an AppVM opens all files in chromium. > > I use a custom DispVM image based on the fedora-23-minimal template. On it I > have installed chromium and libreoffice. Opening files ending in .odt and > .docx using 'xdg-open' opens libreoffice. Opening files ending in .html and > .pdf using 'xdg-open' opens chromium. All is well in this aspect. > > When the same files are opened from an AppVM using 'qvm-open-in-dvm' ALL > files, regardless of extension, are opened in chromium. > > Searching Google for a way to change what software is used to open the files > when 'qvm-open-in-dvm' is used, yielded no results. > It sounds like you need to change your MIME type associations: https://unix.stackexchange.com/questions/154552/how-an-application-is-chosen-over-others-to-open-a-particular-filetype-in-linux - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYS029AAoJENtN07w5UDAw3vYP/3rQwxHPeCpZRr4uRyty20s6 FIUja7kMxQAwZV/U6k3SRHlNiYb+mzLYC4pGrlSsiHQnX/I/l0l66G5tqHfiSZMv JAEinyrNpAzJEHI1Z24vGGql3dkY421SvcKEmRtioAZjOsWjptQA3i1/e7corfNF v4P3p5KvHlyN1ZtPKXGi5rdz3QoMeCv7ZaZOeZCXnXgS+yncqOYP4rE+NVbUSARY ebS9/C9HQqROfynOjaU5l3JdXuQrLgvhKmBcm4vrumBGAA7aArnLEFdjQ460rqvK AFGcwCQhl8ISO3uwfdAc7o68iwpmL497T8yn1Bwg84GykIdXeCDwVFGYupu1JR04 y+JjmyCI+DDbh7MWP0vTiVhtMvReG5+TUJgsVS3ZEHCxjKNyeRpneKZjGPTALPuW CXniMztpc4hX/nAi4wDuUxUaU43Iuzp0ToZTOBlbo2y9yY52kCk8KMH4pMgZBvmO wIejcZQ1MiT1VxeTvhOlzQ5Zgc1pg5a8PQ38lkt6FpJXd4HDuNap8+Kycp8Pr7sq MhF6FOQcpIOP3NAd40C7rhghAe62hVuHUVio1TE/5BbAQFAue+7PvNazW/AXhLre 778FvYtcC2GztJ6uZRAmeK9J3BvTXTWq7xIW91t+OONIa1TNOFE3ua98aV6HwSa/ fXmbXjUsHMxrJM/c+PWg =TdR7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3adf5e2e-d1d6-4771-fc0e-927e10efd923%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
On 12/07/2016 07:48 AM, Andrew David Wong wrote: FWIW, `systemctl restart qubes-firewall` fixed it for me last time. Today one my VM losses network 2 times. Every time I tried `systemctl restart qubes-firewall` and it not fix the issue. It's looks like the issue at VM. Maybe, fedora-25 will fix it... -- Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ddf52728-8c59-da2f-c32e-97c29655cd91%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] It's winter, my laptop is freezing (again!)
Hello everyone, Following the latest Qubes update the Qubes seems again to randomly freeze every 1-2 day making it unusable. After the last freeze I fetched the following error from dmesg (I'm using a Thinkpad T500): --- 8< [18899.015916] audit: type=1110 audit(1481304606.026:978): pid=7687 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' [18971.119105] radeon :01:00.0: ring 0 stalled for more than 10372msec [18971.119122] radeon :01:00.0: GPU lockup (current fence id 0x0001950d last fence id 0x0001962b on ring 0) [18971.354376] radeon :01:00.0: Saved 9145 dwords of commands on ring 0. [18971.354394] radeon :01:00.0: GPU softreset: 0x0008 [18971.354398] radeon :01:00.0: R_008010_GRBM_STATUS = 0xA0003030 [18971.354401] radeon :01:00.0: R_008014_GRBM_STATUS2 = 0x0003 [18971.354404] radeon :01:00.0: R_000E50_SRBM_STATUS = 0x200010C0 [18971.354408] radeon :01:00.0: R_008674_CP_STALLED_STAT1 = 0x [18971.354411] radeon :01:00.0: R_008678_CP_STALLED_STAT2 = 0x [18971.354414] radeon :01:00.0: R_00867C_CP_BUSY_STAT = 0x00020186 [18971.354418] radeon :01:00.0: R_008680_CP_STAT = 0x80028645 [18971.354421] radeon :01:00.0: R_00D034_DMA_STATUS_REG = 0x44C83D57 [18971.410243] radeon :01:00.0: R_008020_GRBM_SOFT_RESET=0x4001 [18971.410299] radeon :01:00.0: SRBM_SOFT_RESET=0x0100 [18971.412443] radeon :01:00.0: R_008010_GRBM_STATUS = 0xA0003030 [18971.412446] radeon :01:00.0: R_008014_GRBM_STATUS2 = 0x0003 [18971.412449] radeon :01:00.0: R_000E50_SRBM_STATUS = 0x200080C0 [18971.412453] radeon :01:00.0: R_008674_CP_STALLED_STAT1 = 0x [18971.412456] radeon :01:00.0: R_008678_CP_STALLED_STAT2 = 0x [18971.412460] radeon :01:00.0: R_00867C_CP_BUSY_STAT = 0x [18971.412463] radeon :01:00.0: R_008680_CP_STAT = 0x8010 [18971.412467] radeon :01:00.0: R_00D034_DMA_STATUS_REG = 0x44C83D57 [18971.412481] radeon :01:00.0: GPU reset succeeded, trying to resume [18971.430177] [drm] PCIE GART of 512M enabled (table at 0x00254000). [18971.430200] radeon :01:00.0: WB enabled [18971.430203] radeon :01:00.0: fence driver on ring 0 use gpu addr 0x1c00 and cpu addr 0x88013a777c00 [18971.430981] radeon :01:00.0: fence driver on ring 5 use gpu addr 0x000521d0 and cpu addr 0xc900014121d0 [18971.462438] [drm] ring test on 0 succeeded in 1 usecs [18971.638803] [drm] ring test on 5 succeeded in 1 usecs [18971.638811] [drm] UVD initialized successfully. [18971.639046] switching from power state: [18971.639048] ui class: none [18971.639050] internal class: boot [18971.639052] caps: video [18971.639055] uvdvclk: 0 dclk: 0 [18971.639057] power level 0sclk: 6 mclk: 7 vddc: 1100 [18971.639058] power level 1sclk: 6 mclk: 7 vddc: 1100 [18971.639060] power level 2sclk: 6 mclk: 7 vddc: 1100 [18971.639061] status: c b [18971.639063] switching to power state: [18971.639064] ui class: performance [18971.639066] internal class: none [18971.639068] caps: single_disp video [18971.639071] uvdvclk: 0 dclk: 0 [18971.639072] power level 0sclk: 11000 mclk: 40500 vddc: 900 [18971.639074] power level 1sclk: 3 mclk: 7 vddc: 1100 [18971.639075] power level 2sclk: 6 mclk: 7 vddc: 1100 [18971.639076] status: r [18981.658102] radeon :01:00.0: ring 0 stalled for more than 10020msec [18981.658119] radeon :01:00.0: GPU lockup (current fence id 0x0001950e last fence id 0x0001962c on ring 0) [18981.658250] [drm:r600_ib_test [radeon]] *ERROR* radeon: fence wait failed (-35). [18981.658330] [drm:radeon_ib_ring_tests [radeon]] *ERROR* radeon: failed testing IB on GFX ring (-35). [18982.811925] audit_printk_skb: 15 callbacks suppressed [18982.811929] audit: type=1130 audit(1481304689.822:984): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' --- 8< It really seems I'm out-of-luck with Qubes freezes and, frankly, I feel a little depressed at the idea I may have to through it away to switch back to a more traditional Linux distro :'(. For the record, I already encountered what appears to be the same freezes with Qubes R2, but setting KWin to use XRender instead of the OpenGL as the compositing engine definitively solved the issue with no noticeable drawback and gave me a rock solid Qubes (with full screen Youtube videos and all the fancy, good old times!). Since Qubes R3.2 and its switch to XFCE,
Re: [qubes-users] USB hardware firewall (was: epoxy on ram to prevent cold boot attacks?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Sep 04, 2016 at 06:35:42PM +1200, Robert Fisk wrote: > On 09/01/2016 06:55 PM, johnyju...@sigaint.org wrote: > > I was thinking earlier that some form of a "USB Firewall" hardware > > device might be cool to create; one that goes into each USB port in > > between each device and the PC, and only passes a specific device, > > or only a HID device (and doesn't permit a drive to add another HID > > identity). Yet another side project for winter. :) There may be > > existing products. > > > Ahem. Allow me to introduce you to a project I have been working on > for a while now: > > https://github.com/robertfisk/usg/wiki > https://github.com/robertfisk/USG/wiki/FAQ > > The USG (which is Good, not Bad) is a hardware firewall for your USB > ports. It connects between your computer and your untrusted USB > device, isolating the badness with two dedicated processors. > > Features: > - Isolates low-level USB exploits by using a simple internal protocol > with minimal attack surface > > - No hub support blocks 'hidden' malicious devices > > - Prevents devices changing their enumerated class after connection, > stopping malicious class changes. > > > Device support: mass storage (flash drives), keyboards, mice. > > Project status: You can build your own USG v0.9 hardware out of > development boards if you are handy with a soldering iron. End user > hardware is approaching production-ready status, samples will be > available in the coming months. > > Feedback / pull requests / sales leads are welcome! This project have great potential! The USB proxy hardware can be used for somehow more secure USB keyboard usage on Qubes OS, when only a single USB controller is available. Take a look at this idea[1]: Have a piece of hardware plugged between USB keyboard and PC (based on https://github.com/robertfisk/USG?), to encrypt and integrity-protect the events. And then decrypt them in dom0 and check integrity protection, and only then pass them down to input devices stack. This should at least partially guard against malicious USB VM. It still will be able to perform timing based attacks to guess what you're typing - not sure how accurate such attacks are currently. Such device could introduce artificial delay (like - inject queued events every 50ms) to at least partially mitigate such attacks. What do you think about it? I think the hardware you've designed is perfect for this! [1] https://github.com/QubesOS/qubes-issues/issues/2507#issuecomment-265894809 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYSwUuAAoJENuP0xzK19csXIYH/1Xw4r49ofa9P6RA3TJDqgv3 vN7+Qxzu6zXCIYt/TdWoaKtqvqsiHvhEHrFrTLE9+ysGcuiUtEzJtOBohw4WHFHd 1E1hOL14MTPUXEtu7Jrf2B5XYXQhnNTJgh58xG+nWqIpzi7/RkHz6lq9W8iRXfX2 qWfefAAH6PRywECaj6VEPh8PcbBtu9B3tn8977q1fKB3ZrltnFUjro0p9qLVQr6z eXE6mBWKKmvTyVGCe1xe3yp7p9LGzoUgsecZEtERZHtxViOlk9faTAHwU4vOho0N QlinJSUUdE8XWEVSGrNb+KB4Kbwikh7GoABWlSmYiJrOTxVMnOv7DE/mL5WEvtA= =6Cbj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161209192533.GA23647%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: off topic - invite codes to 'riseup'
Could you PM me one as well? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7769b57e-3e2b-427a-b3ed-95e2eb619521%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: off topic - invite codes to 'riseup'
Can anyone please send me a couple of invite codes that I might be able to sign up? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f536b3ca-b9f4-4e14-b9d7-9d28eb585c6e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Swappiness, Qubes, Microkernels
> On Tuesday, 29 November 2016 09:44:17 UTC+11, Patrick Schleizer wrote: >> >> Would setting >> >> /etc/sysctl.d/swaplow.conf >> vm.swappiness=0 >> >> in Qubes by default make sense? >> >> If not effective at all, why is it not required? Why do you thik it is not effective? I've played around with swappiness a lot. It has the intended effect when I play with it, both in the vm's and in dom0. (I wrote a handy little dom0 memory monitor utility that shows more details on all VM's, that I'll hopefully post before long.) > Question you have to ask yourself. : Do you have enough RAM to not need > swap? > > Personally, I have no swap space. I generally agree that is smart, especially in the VM's. Although it's nice to have in case you get one process get memory-hungry; it's nice not to have things randomly killed. vm.swappiness *does* have an affect. With swappiness=0 swapping will only happen when it really needs to; when cache/buffers have been taken back and used, and there's just no more ram to allocate. With higher swappiness values, infrequently-used data will be swapped out to disk, even when it isn't necessary. The higher the number, the more aggressively this happens. With a high number, only pages in active use stay in memory. Sounds good, but you shouldn't have a lot of inactive stuff running in your VM's anyway. With higher swappiness values, since the swapping isn't really necessary, the result will be extra free ram in a VM, which Linux immediately starts using for cache/buffers. On bare hardware, this makes sense. Unused memory is simply wasted, might as well cache some data and code there until we need it. It can't hurt. *However*, inside a VM, it's stupid and wasteful to swap stuff out so you can have more buffers/cache. In fact, it's stupid and wasteful to even have buffers/cache inside a VM at all. Any cached data will also be cached in dom0, doing the .img reads. And since the templates root.img file (for example) is shared between multiple domU's, having that cached in dom0 gives you a noticable performance boost. Having a virtual disks's contents *also* cached inside the VM, is redundant, wastes memory and CPU, and makes the whole memory management thing more awkward. Having a block from root.img cached in dom0, as well as every domU that uses that template, is nuts. Qubes' memory manager deals with things as follows: for each VM, it allocats what the VM indicates it is using, plus a "fudge factor" of 1.3x (also known as the cache-margin-factor in /etc/qubes/qmmeman.conf, but I think it's hard-coded elsewhere, ugh). There's also a fudgey extra amount reserved for dom0, configurable in the Qubes manager. Adding more memory to this is a roundabout away of cranking up dom0's cache, if you wish. The memory manager, also takes any leftover memory on top of of the VM's usage (+fudge factor) and divvies that memory up amongst all the VM's. That's not exactly optimal. Giving that extra memory to VM's that don't really need it doesn't hurt anything memory-allocation-wise; if another VM suddenly needs memory, VM's will give up the part they don't need. It'd result in a bit of extra unnecessarily memory shuffling and CPU usage during memory reallocations. I do notice the odd extra pause as memory gets shuffled. However, when qmemman bestows that extra memory on a Linux VM, Linux in the VM will start using all of it for buffers/cache, which is redundant. The memory would be better used in dom0 caching, or for another VM doing something useful. I've cranked my cache-margin-factor down to 1.1, and it helps performance for me. The cache-margin-factor also acts as a bit of a pre-allocated margin for memory growth, without having to request a qubes memory manager reshuffle. (I'm not super-thrilled with the somewhat implicit allocations of memory to different key system purposes. It's like controlling the system via a bunch of loose rubber bands. :) ) On a Virtual machine system, swapping makes very little sense. It's a major performance killer, especially inside a VM. About the main reason I keep it around is that if something does suddenly take up memory, I'd rather critical processes not be killed. But if it's ever in use, you need to look into it. (I have a dom0 utility which reports on VM's swap space among other stuff. Will post it at some point.) There's an argument that swapping lets unused stuff migrate to disk and not take memory (like X server data in sys-net, or whatever). But unless you're intentionally running very bloated AppVM's that start a bunch of unnecessary stuff (not a great idea), swapping out unused stuff buys you very little. I've turned to using small fixed-size VM's for most service VM's (with my own no-gui service flag, to avoid loading qubes-gui-agent and the X server). Same for pulseaudio, and other services that really don't need to be everywhere. That keeps the servicevm's from grabbing/releasing memory which only gets used as a
[qubes-users] Installation failed, X failed
Hello, I attempted to install 3.2, but it failed to work. The boot failed to get X going, and eventually it dumped me into a tmux-enabled anaconda menu. I tried to use that menu to do the installation, but I couldn't complete all the "spokes" (that was the word used in the anaconda menu). I tried to boot using the minimal graphics option for troubleshooting, but that didn't help either. I did some searching around and found there was this thread from 2013 that is linked on the Documentation page about newer amd gpus, so I tried to follow that, but the link referenced in there was broken. It talked about installing the linux-firmware package, so I tried again to boot and when it failed I went to the terminal and found the linux-firmware rpm and installed it, but that didn't change anything. The machine does have an amd radeon rx 480, but I think there are free drivers for it. I looked at the /tmp/X.log, and took a camera photo of the two attempts, you can find them here: http://imgur.com/a/aaJxk bt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87r35hks5h.fsf%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installing on macOS Macbook
On 12/09/2016 12:11 AM, Jean-Philippe Ouellet wrote: On Thu, Dec 8, 2016 at 6:37 AM, Andrew David Wong wrote: Qubes isn't supported on VirtualBox or on Macbooks This is the first I've heard of MacBooks being "not supported". I know at least one person personally who is currently running Qubes on a recent (<2yo) MacBook, and it is completely usable. The only issues were the need for qubes-input-proxy because the keyboard attaches via USB, and needing to somehow bootstrap wireless drivers, fetching them via another computer and transferring them (or sources for building them) via flash drive. YMMV The qubes-input-proxy is a recent feature, and still leaves open the possibility of dom0 being attacked by a USB device. If you look at dev comments about Macs they're generally not recommended. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1230e0a7-0df3-5987-35df-e064143cdbe9%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Newbie surprises
W dniu piątek, 9 grudnia 2016 09:11:39 UTC+1 użytkownik Zbigniew Łukasiak napisał: > Two more surprises from me: > > 1. I have USB headphones. So fare I have not yet found a way to make > them work under Qubes - but I found some headphones with the old audio > jack - and this works. > > 2. Once I detached an USB memory device from a VM, before unmounting > the device inside the VM. Then I could not unmount it anymore and I > rebooted the VM. Maybe detaching should check if the device is used? > > Cheers, > Z. 1. Create a sys-usb qube 2. use qvm-usb tool in dom0 terminal to list available USB devices 3. note down the address of the USB headphones (one digit followed by two digits like this 1:23) 4. use qvm-usb -a vmname usbaddress 5. To detach use qvm-usb -d usbaddress -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0b5bb0b-b562-4f05-8579-97660843b3fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installing Qubes OS 3.2 on an external HDD possible?
On 09/12/16 14:53, stevenwinderl...@gmail.com wrote: Hello everyone, i would like to test out Qubes OS a bit and since it doesnt work in VmWare due to my hardware being pretty limited is it possible to install Qubes OS on an external USB 3.0 5400 RPM 500 GB Toshiba HDD? To note is that some personal data including Image backups and ISO Files are on it currently. Yes it is possible, but you need to dedicate a separate partition for it. In your case, perhaps use Gparted or the like to resize your existing partition to free up space for Qubes to create a new one, and potentially also a SWAP partition. I have done this several times and never had a problem. PS. As it is never 100% certain that a partition resize will be successful, you are strongly adviced to have a second copy of those data on another disk before you do the resize. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f326f5b9-e892-11de-744e-1ec9ac6270f7%40leeteq.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installing Qubes OS 3.2 on an external HDD possible?
Hello everyone, i would like to test out Qubes OS a bit and since it doesnt work in VmWare due to my hardware being pretty limited is it possible to install Qubes OS on an external USB 3.0 5400 RPM 500 GB Toshiba HDD? To note is that some personal data including Image backups and ISO Files are on it currently. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8bb27101-a7b6-4c24-832e-1bfc056fb91f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora 23 EOL December 20; Update Your Templates!
Hi all, Just a friendly reminder that Fedora 23 End of Life is December 20.[1] You may want to make sure you've updated your templates; there is a guide in the Qubes Documentation.[2] I know I don't get to decide what people talk about, but I'd like to ask that people NOT use this thread to rehash the debate about the dom0 distribution. :) Best, Daniel [1] https://fedoramagazine.org/fedora-23-end-of-life/ [2] https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac8cfe18-866d-4611-9b75-bd038b671e20%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-open-in-dvm opens files with wrong application
Using command 'qvm-open-in-dvm' in an AppVM opens all files in chromium. I use a custom DispVM image based on the fedora-23-minimal template. On it I have installed chromium and libreoffice. Opening files ending in .odt and .docx using 'xdg-open' opens libreoffice. Opening files ending in .html and .pdf using 'xdg-open' opens chromium. All is well in this aspect. When the same files are opened from an AppVM using 'qvm-open-in-dvm' ALL files, regardless of extension, are opened in chromium. Searching Google for a way to change what software is used to open the files when 'qvm-open-in-dvm' is used, yielded no results. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05c21a93-3c01-41c5-8fce-4443e99ae769%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows vm ctl+alt+del
Any update on https://github.com/QubesOS/qubes-issues/issues/1585 I could not get the work arounds to work. Situation, could use sticky keys to get into vm and install qubes-windows-tools Having installed qubes-tools sticky keys, onboard keyboard, and direct sending of ctl+alt+del and ctl+alt+home do not work?? Looks like qubes-windows-tools makes the situation worse for ctl+alt+del and so work around appreciated. Thanks Ronald PS Need to access a windows domain account:) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f5d27f6-721f-486a-a03e-6904e83809a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Newbie surprises
Two more surprises from me: 1. I have USB headphones. So fare I have not yet found a way to make them work under Qubes - but I found some headphones with the old audio jack - and this works. 2. Once I detached an USB memory device from a VM, before unmounting the device inside the VM. Then I could not unmount it anymore and I rebooted the VM. Maybe detaching should check if the device is used? Cheers, Z. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAGL_UUtLbgw-zb9%2BjXS1J28y2PQXHDRuB7GrU4qSzMUaKUqztA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
