[qubes-users] About wifi troubleshooting (Qubes R3.2)
I was wondering if the wifi modules blacklisting fix should only be implemented on sys-net to work properly, or systematically to all VMs in addition to sys-net ? This fix seemed to work for some time, but I often get these times when the wifi seems to be working, but is actually out, no matter how many restarts, unloads and reloads or devices and so on... Suggestions welcome ! PS: I'm running Qubes on a lenovo X220 if it helps -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2254dc54-9fc5-48bc-9c89-76fef5942c3c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
Apologize, just read you say it leads to an empty .cfg file. What do you mean? Grub file? thats weird. curious, are you multi booting? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc94c27d-b1e1-4b04-856e-bc5e9077479f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
On Thursday, November 30, 2017 at 5:07:59 AM UTC-5, Joe Hemmerlein wrote:
> Hi,
>
> so far it was easy to install and run Qubes OS 4.0 RC3 (and RC2) on this
> hardware - as long as I keep boot mode on "Legacy Only".
>
> However, the TPM chip on this hardware works in UEFI boot mode only; and even
> with secureboot disabled and CSM support enabled, I can't get Qubes OS to
> boot in UEFI mode:
> - The installer doesn't run in UEFI mode (I get text mode grub, but whatever
> i select simply does nothing and returns to grub)
> - If I turn UEFI mode on after installing Qubes OS, I don't even get grub.- I
> tried the UEFI troubleshooting guide to no avail, although I was unable to
> run efibootmgr directly while in legacy boot mode ("EFI variables are not
> supported on this system") so in order to run efibootmgr, i booted a separate
> Fedora 26 Live image which does boot in UEFI mode. However, even with updated
> records, the result is the same: selecting those options from the UEFI boot
> menu simply makes the screen flicker once and then i'm back in the UEFI boot
> menu.
> - I tried copying the EFI and CFG file to /EFU/BOOT and renaming them to
> BOOTX64.EFI and .CFG, and also created new entries with efibootmgr for this,
> again without success.
>
>
> I also tried installing Qubes OS 3.2 on this system which didn't work and
> initial troubleshooting failed; but I'd like to concentrate my efforts on
> making this work for Qubes 4.0 so i didn't spend too much time on getting
> Qubes OS 3.2 on the T470.
>
>
>
> Any hints about troubleshooting the UEFI boot option are appreciated; i can
> also provide more exact details about what i already tried. Given the specs
> of this machine, I'm really determined to not give up easily.
>
>
> For now, I'll test other functionality in legacy mode only.
>
> Cheers,
> -joe
What if CSM enabled and legacy bios mode if you have it?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/69cab2b7-66d3-40ef-8f9d-d6022518dc0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland
On Monday, January 8, 2018 at 1:30:05 PM UTC-5, tai...@gmx.com wrote: > I am bumping the thread as I greatly appreciate when companies search > for applicants like this (instead of with the usual DICE posting with > absurd HR specified qualifications that filter out all the honest > applicants.) > > Also please let me know if you need advice on libre hardware purchasing > - the various pre-PSP AMD libre firmware available boards are becoming > harder to obtain so I advise obtaining some sooner rather than later - > moreso as the G34/C32 Opteron CPU's are not vulnerable to the > meltdown/spectre trouble (they are only exploitable with spectre part 1 > if an obscure sysctl is enabled, however most distros have it disabled > by default as no one uses it) > On 01/08/2018 03:58 AM, mba wrote: > > Dear Qubes Community, > > > > I am reaching out this way on the advise of Andrew David Wong (Axon), as I > > am in need of finding a part time "jack of all trades" IT person, who has > > knowledge of Qubes to an extent where he/she is able to implement this in a > > small office environment with a handful of users. There will also be other > > tasks, such as alarm system / video monitoring, networking, server etc. etc. > > > > We envision this can be 50 - 100% workload (up to you) for a few weeks, > > after which we expect maybe 25% workload after that. All very flexible, BUT > > it is necessary that you are able to come and work from our office in > > Sihlbrug/Baar in Switzerland (just off the highway ... busstop 200 meters > > away). > > > > Due to the nature of work, and given that we cannot offer a full time > > position, we would expect a young person who is studying or is an > > apprentice, who would like to have some additional challenges and earn some > > extra money. However, it could also be someone older who's in between jobs. > > > > Important is knowledge/experience with Qubes, general IT/network and the > > ability to handle and solve challenges as well as being flexible, > > self-starter and work independently. > > > > If you are interested, please send me your CV, which also must contain a > > recent photo, email and telephone number. > > > > If you know of someone who could be interested, please let them know (or > > let me know). > > > > I will be looking forward to hearing from you on the following e-mail > > address: > > > > m...@corpconsult.info > > > > Best regards > > Mogens Berg Andersen > > MBA Consulting GmbH > > > >> On 2018-01-05 01:25, mba wrote: > >> > >>> Hi, > >>> > >>> In connection with my clients plan to secure our entire IT > >>> infrastructure, we are looking for a part-time and/or short term Qubes > >>> enthusiast who also have good knowledge of networking, as well as the > >>> ability to work with various hardware. It will be necessary to do all of > >>> the work from our office in Baar, Zug, Switzerland. We see this as an > >>> ideal opportunity for a knowledgeble and motivated individual, who maybe > >>> now is an apprentice / student / unemployed, who have spare time and the > >>> wish to earn some extra money. Working times will be very flexible and > >>> with a high degree of independence in terms of carrying out the tasks. > >>> > >>> I do realize that this here is not a job-centre, but was wondering if you > >>> have some inputs as to how to get in contact with such an individual? I > >>> am not myself at all skilled to the level needed, and Google searching as > >>> well as various fora's did also not provide any useful pointers, so I'm > >>> hoping you will be able to help me. > >>> > >>> I thank you in advance for any input you'll be able to provide, and > >>> please feel free to share the entire content of this mail, including the > >>> contact details below, as you see fit for the purpose. > >>> > >>> Best regards > >>> Mogens Berg Andersen > >>> MBA Consulting GmbH > >>> > >>> > >> Hello, > >> > >> I suggest that you ask on our qubes-users mailing list: > >> > >> https://www.qubes-os.org/mailing-lists/#qubes-users > >> > >> -- > >> Andrew David Wong (Axon) > >> Community Manager, Qubes OS > >> https://www.qubes-os.org > >> hmm what is "DICE posting"? The job sure sounds like fun though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd504e21-0600-42c5-92a4-c21a7038b682%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 rc3 boot and performance is quite slow
On Monday, January 8, 2018 at 8:56:58 PM UTC-5, Fabrizio Romano Genovese wrote: > Well, I disabled intel speedstep in the bios and things seem to be better. > Startup time now is around 1.20 mins (still better than 3mins), both in > plugged and unplugged state (booting in plugged state was around 45 secs > before tho). I'll use my PC for a bit more, trying another couple of reboots > and then I'll confirm if and how this helped. > > Cheers, > Fab double check for updates cause after new years. my board just fixed all the bugs I reported. nice holiday present lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/536ea698-28f6-48d6-991b-c1c358fa5561%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
On 01/09/2018 05:17 AM, Roy Bernat wrote: On Tuesday, 9 January 2018 11:12:17 UTC+2, msg...@gmail.com wrote: On Tuesday, January 9, 2018 at 2:11:06 PM UTC+7, Tim W wrote: On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/09/2018 12:07 AM, Roy Bernat wrote: What about release rc04? it should be release at 8/1 that was yesterday . Delayed until the devs have a good workaround for SP1/SP2/Spectre. /Sven -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= =59oT -END PGP SIGNATURE- Great time to be using a AMD chipset as they are not effected.Wonder if something like this would have been caught years ago if the microcode was open? This is a big one in terms of the effects it has when mitigated at the software level. I wonder what the performance hit will be from application of whatever patch route Qubes takes? Projections of 5-30% hit. As I said Great day for AMD stock LOL AMD is affected by the SP1/SP2/Spectre as well as Intel and ARM. So he can not dance :) From my recollection of AMD statements: SP1: Very hard to exploit on any CPU SP2: Much harder to exploit on AMD than Intel SP3/Meltdown: AMD not affected -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20ffecb9-4bf5-edf3-ee97-da363e94bf6d%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
On 01/09/2018 02:11 AM, Tim W wrote: On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: Great time to be using a AMD chipset as they are not effected. Just got back from a small seminar on the topic. All modern processors with speculative execution units are likely effected by this. Wonder if something like this would have been caught years ago if the microcode was open? It would not make any difference, as a microcode patch is not able to fix the underlying problems in the architecture. The problem lies in the kernel memory cache system vs the speculative branch prediction portions of the CPU, and microcode does not generally coordinate these separate hardware units. When you have multiple branches of code independently executing in a given CPU core the kernel can be tricked into loading kernel memory into cache, which is then able to be accessed/hammered to copy that data back out into userspace. I heard one quote that the kernel data can be read at up to 5 kbits/sec by a carefully constructed application. Since it takes a locally running application to do this trick the flaw is disastrous for cloud services. Thus allowing anyone to execute arbitrary code in your virtualization system could be giving away all the other VM's secrets. Probably not a problem if you trust the code you are running on a single user system like Qubes, but even signed code from your repo should be considered suspect for data exfiltration purposes with this issue unpatched. This is a big one in terms of the effects it has when mitigated at the software level. I wonder what the performance hit will be from application of whatever patch route Qubes takes? Projections of 5-30% hit. As I said Great day for AMD stock LOL Not a good day for any CPU vendor as far as I can see, because anything advanced enough to give good performance via speculative execution now needs to pull back on the reigns until there is a architectural solution. Likely the next-gen processors will actually fix it, but that could take years given the modern development cycle time frames. There are all kinds of patches being worked on to get around this, but they all show poor performance. We may see patches with better performance as time goes on in specific instances, but for right now "slow", by actually defeating speculative execution, seems to be the solution. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ba19c63-c3a1-afb1-da9a-155507263978%40jhuapl.edu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
On Tuesday, 9 January 2018 08:54:02 GMT aaq via qubes-users wrote: > Okay, so I found the documentation for bind-dirs > (https://www.qubes-os.org/doc/bind-dirs/), but was still wondering if > you meant binding the AppVMs /usr/bin and /usr/local/bin, or was thinking > of something else? > > I would assume I need to bind all dirs that a given application is going > to write to (such as potentionally /usr/share, /var/lib, etc). Let me give you an example usage; I have the binary build "keybase" app in its own AppVM. It installs the majority of its files in /opt, as such I bind that dir. (restart before install!). There are a dozen files also being copied into the /usr/ dir-structure. I copied those files into the /rw/keybase/usr/ dir structure and I edited /rw/config/rc.local to copy those files back onto the /usr dir-structure at vm-boot. This was enough for this app, your actual usage may depend on how your app installs itself. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2618527.1rHtBk9TLS%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
On Tuesday, 9 January 2018 11:12:17 UTC+2, msg...@gmail.com wrote: > On Tuesday, January 9, 2018 at 2:11:06 PM UTC+7, Tim W wrote: > > On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > On 01/09/2018 12:07 AM, Roy Bernat wrote: > > > > > > > What about release rc04? it should be release at 8/1 that was > > > > yesterday . > > > > > > Delayed until the devs have a good workaround for SP1/SP2/Spectre. > > > > > > /Sven > > > -BEGIN PGP SIGNATURE- > > > > > > iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U > > > H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 > > > hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 > > > lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau > > > aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA > > > VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv > > > X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs > > > u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F > > > h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv > > > 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU > > > 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS > > > k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= > > > =59oT > > > -END PGP SIGNATURE- > > > > Great time to be using a AMD chipset as they are not effected.Wonder if > > something like this would have been caught years ago if the microcode was > > open? > > > > This is a big one in terms of the effects it has when mitigated at the > > software level. I wonder what the performance hit will be from application > > of whatever patch route Qubes takes? Projections of 5-30% hit. > > > > As I said Great day for AMD stock LOL > > AMD is affected by the SP1/SP2/Spectre as well as Intel and ARM. So he can not dance :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7fa88e1c-18f1-4b92-bd48-b88b2fa4751c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Graphic Tablet Compatibility (basic features)
On Tuesday, 9 January 2018 01:54:40 GMT Fabrizio Romano Genovese wrote: > Hello all, > This looks like an old issue: > https://github.com/QubesOS/qubes-issues/issues/2715 > > I'd be interested in using only the basic tablet features (essentially > moving the mouse and clicking around using the tablet would be enough). > In the issue linked above it is said that > > "this in theory should be easy (a matter adding proper metadata - min/max > - to the protocol handshake, and filtering events based on this info)" > > I'd like to help with this, but I am no coder. I just know a bit of bash > scripting and trying to check the code in > > https://github.com/QubesOS/qubes-app-linux-input-proxy/blob/master/src/pro > tocol.h#L17-L28 > > didn't really help. I understand that developers are quite busy with much > more hardcore problems to solve, but if someone could at least point me > to the right research direction I could try to investigate this by > myself. From; http://linuxwacom.sourceforge.net/index_old.php/howto/theory > Initially at least, the USB Wacom tablet is an HID compliant device, and > when first connected to the computer, will identify itself as such. > Unfortunately, this is not what you want because in this mode, you will > not get any of the fancy features. The hid-core.c, mousedev.c, and > usbmouse.c kernel drivers contain exceptions for the wacom; when the > device is detected, they ignore the tablet. So maybe you can use that website to find out how to configure your wacom to just be a HID (human interface device) and make it send those mouse clicks. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3164963.Ui2e7s9DGh%40mail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Multiple usability issues Qubes 4RC3
Den mandag den 8. januar 2018 kl. 14.52.43 UTC+1 skrev Tom Zander: > On Monday, 8 January 2018 13:29:02 GMT 'Ahmed Al Aqtash' via qubes-users > wrote: > > * One I call 'trusted' which is based on debian sid (unstable) that I > > install everything I use for daily usage (firefox, libreoffice, mpv, > > emacs, other open source tools). Primarily AppVM's will be based out of > > this template. > > > > * One I call 'untrusted' that is going to be a clone of 'trusted', and > > that I install proprietary software in, that I also use on a daily basis > > (e.g. spotify). Also AppVM's out of this, but probably only 1 to start > > with. > > An alternative solution is to make your "untrusted" VM an AppVM and you > install the software in there using bind-dirs. > Then you *only* use that VM for running that software and you likely store > no personal data there (other than maybe your spotify cridentials). > > Additional bonus would be to open any webpages in disposable VMs, should you > click on a link in any of those apps. Okay, so I found the documentation for bind-dirs (https://www.qubes-os.org/doc/bind-dirs/), but was still wondering if you meant binding the AppVMs /usr/bin and /usr/local/bin, or was thinking of something else? I would assume I need to bind all dirs that a given application is going to write to (such as potentionally /usr/share, /var/lib, etc). Any thoughts? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06ab2226-4ec2-4715-a8b5-4b60b737c247%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] porting to ARM
I notice there is Xen for ARM but no qubes for ARM; qubes Minimum is 64-bit Intel or AMD processor (x86_64 aka x64 aka AMD64) that is because the recommended is: Intel VT-d or AMD-Vi (aka AMD IOMMU) (Intel® Virtualization Technology for Directed I/O (VT-d) required for effective isolation of network VMs). . is it true that ARM has nothing comparable to VT-d; ie, no effective isolation of network VMs? any docs to that effect? Phil Torrance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAF20Xn0m_7Lf_psM2WSqfaNY0Mce0ypePAFkiNX7h4DYwn7SOw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
