Re: [qubes-users] Re: What feature am I missing?
Thanks, that did the trick! ‐‐‐ Original Message ‐‐‐ On April 29, 2018 12:30 AM, Fernando wrote: > On Saturday, April 28, 2018 at 5:49:28 PM UTC-3, Zeko wrote: > > > Hello, today I ran into a problem installing Qubes 4.0 on my PC. I got an > > error message saying I don't have IOMMU/VT-d/AMD-(something). > > > > I have Asrock Z97 Killer 3.1 motherboard and Intel i5-4460 CPU. That CPU > > should have VT-d, right? What am I missing here? > > Have you checked your BIOS settings? It was disabled by default in my case. > > Best regards. > > > -- > > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to qubes-users@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/25e90d9c-936b-422d-91fd-fd5585a41cde%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/stskaVyZ0zo33uP3jKB1gn6dqI9_3ebp0negf2xxdbsApr8q8STa0QfLAoVs3UViBZ3nq5gfv20j-gGCV1GI4ZyJAGIuHYU04bEkuVW7xz8%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Error updating imported TemplateVM(from 3.2) on 4.0
On Tuesday, April 24, 2018 at 9:31:43 PM UTC-7, grv wrote: > Hi, > > When I manually launch update on imported template vm(clone of debian-8 > template) I see errors like these: > > Err http://deb.qubes-os.org stretch Release.gpg > Cannot initiate the connection to 10.137.255.254:8082 (10.137.255.254). - > connect (101: Network is unreachable) > > > One thing I noticed that imported template vm has this additional message on > "firewall rules" tab: > "Firewall has been modified manually -- please use qvm-firewall for any > further changes". This is message is not present on existing debian-9 > template vm on 4.0. > > I have done many customization on the template vm and do not want to manually > port all those to debian-9 template. Any suggestion to get update working on > imported template? Any suggestions? I have never created any firewall settings for template vm (manually or via GUI) and update was working fine in qube 3.2. I believe it because of some update proxy behavior that is not compatible with qube 4.0. Can I disable proxy and let vm connect directly to Internet for update? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ace27131-336c-49e4-be39-e13e18c95476%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Remote Control Question
Hi list. I'm considering setting up Qubes capable server at my home. What I need, however, is to be able to remotely control it. Updates...reboot/stop/start system and app vm's etc. Is this even possible with Qubes? I currently run a Ubuntu powered old laptop as a "server" and have it hosting a couple of VM's with virtualbox. I can ssh into it and even have an sshuttle setup for VPN over SSH functionality for when I need to do something "gui" remotely. One of my VM's is an old XP system which monitors my solar electric. One is a ubuntu install hosting a Drupal website. One is also installed which is a full blow VPN server for when I need to do more than just simple things...I rarely use this one. I will be upgrading my "server" hardware to a real server class platform one of these days, and I would like something specific to running independent VM's, but the remote maintenance might be a Qubes eliminating need... Anybody here attacked a remote console to dom0 before, or does it so completely violate the philosophy of Qubes that it is an absolute no-way-in-hell thing? Stuart -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180428205015.2f9042b8%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] screen sharing
What's the best way to allow app/screen sharing in WebEx / GotoMeeting / Hangouts etc. ? thanks all -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c7b0588-a43f-4f00-8bfc-f31a1a9b1734%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: What feature am I missing?
On Saturday, April 28, 2018 at 5:49:28 PM UTC-3, Zeko wrote: > Hello, today I ran into a problem installing Qubes 4.0 on my PC. I got an > error message saying I don't have IOMMU/VT-d/AMD-(something). > > > > I have Asrock Z97 Killer 3.1 motherboard and Intel i5-4460 CPU. That CPU > should have VT-d, right? What am I missing here? Have you checked your BIOS settings? It was disabled by default in my case. Best regards. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25e90d9c-936b-422d-91fd-fd5585a41cde%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Thinkpad T440s i7 and Qubes 4.0 compatibility
On Fri, 27 Apr 2018, Matthew Wyenandt wrote: On Friday, April 27, 2018 at 12:04:08 PM UTC-4, Eivind K. Dovik wrote: Hi, I have been offered a great deal on a used Lenovo Thinkpad T440s (secondhand, but I trust the current owner). I am currently on a Macbook Air running Debian and would like to make the switch to Thinkpad and Qubes. Does anyone have experience running Qubes 4.0 on a T440s? The T440s I am being offered has a 512gb ssd and an i7 CPU. Best, Eivind I run Qubes 4.0 on T440p and it runs great. 500gb hdd and an i5 vPro CPU I went and got the T440s today. I had prepared two USB drives: one with Qubes 3.2 and another with Qubes 4.0. I tried installing Qubes 4.0 first. After setting boot to UEFI, I was able to install Qubes 4.0. After installing, I ran into problems when booting - ended up in a boot loop, never getting to the grub-screen (this occured no matter what boot settings I set in the BIOS). After playing around with the different boot settings, I tried installing Qubes 3.2. This time, I had to do Legacy boot to get to the installer. Installing was a breeze, and I'm currently running Qubes 3.2. Wouldn't mind upgrading to 4.0. If anyone has a solution to my boot-loop-problem, I'd be thankful. Eivind -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/debedc46-ef92-4d57-b250-35c0a30083fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.LFD.2.20.1804282312100.2378%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What feature am I missing?
Hello, today I ran into a problem installing Qubes 4.0 on my PC. I got an error message saying I don't have IOMMU/VT-d/AMD-(something). I have Asrock Z97 Killer 3.1 motherboard and Intel i5-4460 CPU. That CPU should have VT-d, right? What am I missing here? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/lGXP0z8fEgEY3dcW11CE6Zyg5xk5V1Bq7zTd43_Fz81UyNnzxWqK7MkttyKlIyQ0Civ7JgnmMNiCsQ9_cIe-wtErIk73nFc8qj41DS2EbFg%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Issues with Qubes 4.0 on Lenovo T450s
Hi Everyone. I have a lenovo T450s and I've finally updated my Qubes 3.2 to 4.0. and I was finally able to get this version working (in the process I was forced to switch to enable legacy boot instead of UEFI since apparently Qubes 4.0 doesn't support it as its predecessor Q3.2 version for lenovo laptops) However, despite the apparent success I'm still facing some issues, reason why I'm addressing this to the community in the hope of getting some clarification. So these are the main issues I'm currently facing right now: Whenever I try to get to private more in FF by pressing ctrl+shift+p all my VMs get paused. Is there a reason for this? Is it possible to disable it? Whenever that happen I have to manually select each VM and resume it, which is kind of annoying. Qube manager is no longer started by default like in version 3.2, instead I got now an icon on the top right corner that allows to invoke operations on the running VMs. But some of the VMs in there are show an inconsistent state (I'm only allow to check the logs, set the preferences or kill it and not shut them down as with some of the displayed VMs) there's a cursor looping for the inconsistent VMs. Is there a way to fix this? Also Qube manager shows all VMs and not only the running ones, is there an option to show only the VMs that are running? Qube Manager doesn't refresh the state of the VMs as it happened in Qubes 3.2. Instead I have to manually hit refresh whenever I want to check when a VM has stopped or started. Is there a way one could have check the state of the VMs on Qube manager as it happened on version 3.2? During the boot and before unlock the LuKS volume I'm getting a lot of ACPI errors regarding Namespace lookup failure: [ 1.726445] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.726525] ACPI Error: Method parse/execution failed _PR.CPU1._CST, AE_NOT_FOUND (20170728/psparse-550) [ 1.726609] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.726739] ACPI Error: Method parse/execution failed _PR.CPU2._CST, AE_NOT_FOUND (20170728/psparse-550) [ 1.726932] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.727136] ACPI Error: Method parse/execution failed _PR.CPU3._CST, AE_NOT_FOUND (20170728/psparse-550) [ 1.727332] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.727517] ACPI Error: Method parse/execution failed _PR.CPU4._CST, AE_NOT_FOUND (20170728/psparse-550) [ 1.727709] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.727896] ACPI Error: Method parse/execution failed _PR.CPU5._CST, AE_NOT_FOUND (20170728/psparse-550) [ 1.728105] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.728290] ACPI Error: Method parse/execution failed _PR.CPU6._CST, AE_NOT_FOUND (20170728/psparse-550) [ 1.728483] ACPI Error: [_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (20170728/psargs-364) [ 1.728667] ACPI Error: Method parse/execution failed _PR.CPU7._CST, AE_NOT_FOUND (20170728/psparse-550) Is there any way one could resolve this? Shutdown is also taking an huge amount of time to complete spending lots of time waiting for the disk to be ready. Any idea how one can improve it? Thank you all for the fantastic work! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca9ec8db7de56e60be92696bf7cf113d%40disroot.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 10 Os in Qubes 4.0
This probably doesn't work, or has some major issue, but why not create a HVM with some distro that doesn't support VirtualBox, and install VB on it . and Win10 on the VB :) and then in the win10 VB installed win7 <- that part just a joke :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08f8ff91-bfca-81af-f87b-a32e86ba323e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: debian-9 template
nm, "files" appears to be nautilus , but then should nemo be also appears in applications since it *is installed also ? PS: what is the secret(if any) to using gmane without using my email account ; eg with the address below ? -- john -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7962f5ce-4dc0-31ea-0ac0-001cb318aa8a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: debian-9 template
On 04/27/18 21:36, john wrote: On 04/27/18 08:20, higginsonjim2-re5jqeeqqe8avxtiumwx3w-xmd5yjdbdmrexy1tmh2...@public.gmane.org wrote: On Friday, April 27, 2018 at 1:46:08 PM UTC+1, higgin...-re5jqeeqqe8avxtiumwx3w-xmd5yjdbdmrexy1tmh2...@public.gmane.org wrote: Have used Qubes3 for a couple of years and now acquired a new PC where I've done a complete fresh install of QUBES 4. (Copied all my data off old system - ready for adding to new system when all set up) Base system seems fine - standard VM's etc - but everything by default based on Fedora - albeit Debian and Fedora templates offered by default. Fedora template has lots of assorted software - that I could use to add to various Vm's as required - a standard new VM using Fedora template offers FILES, TERMINAL, FIREFOX and QUBES SETTINGS - basically core features to get me started. WHEN I LOOK AT THE DEBIAN-9 template - there is no software at all. ALSO the DEBIAN-9 template and any VM that I generate using it, only offers QUBE-SETTINGS - i.e. no TERMINAL, BROWSER or FILEs. CAN ANYONE advise on what I should do next - assume if I get access to terminal, I can install all software I want - but assumed there would be a standard stock of software/base features available in the Debian-9 template. (Am sure this was the case with QUBES3) Grateful for advice - my preference is to use Debian (as per last 2 years within QUBES and many years before that using DEBIAN distro) rather than Fedora. See awokd comments. Problem is that I have nothing in APPLICATIONS. Have tried Removing DEB9 template, installing DEB8 template and then following the Upgrade 8 to 9 route. This initially seems to solve problem. Load of APPLICATIONS appear - and by going into repos folder- could change "jessie" to "stretch". Then update/upgrade. Still can't use the APPLICATIONS in DEB 9. I'll try it again with fresh install - in case I did something wrong. Another option - might simply copy the DEB9 "template" from previous computer and install that - but wanted to avoid that - just naturally want to have "clean" install on QUBES 4 on new computer. Any other suggestions welcome - have others found DEBIAN-9 template OK on clean install?. I believe I saw this also, but don't recall if I fixed it or what dom0$ qvm-appmenus --sync debian-9 or so btw, which file managers are recommended ? Nautilus or Nemo , I believe I installed both, but what I see available is just called "files" ; IIRC in debian-8 it was actually called Nautilus or , sorry if this is a debian question or? .maybe qvm-appmenus update debian-9 vs qvm-sync-appmenus which seems to update more items but also spits out Warning: ignoring key 'Name' of display-im6.q16 and icedove, and iceweasel and shows *noNautilus in the 'applications' tab to select over to the right .. -- john -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea6ba653-78e2-7163-2f56-1bb54c42e82e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: debian-9 template
On Sat, April 28, 2018 7:36 am, john wrote: > On 04/27/18 08:20, higginsonjim2-re5jqeeqqe8avxtiumw...@public.gmane.org >> Any other suggestions welcome - have others found DEBIAN-9 template OK >> on clean install?. Yes, don't remember having to do anything special. > I believe I saw this also, but don't recall if I fixed it or what > dom0$ qvm-appmenus --sync debian-9 or so > > btw, which file managers are recommended ? Nautilus or Nemo , I believe > I installed both, but what I see available is just called > "files" ; IIRC in debian-8 it was actually called Nautilus or , sorry > if this is a debian question Nautilus "just works" as expected under Qubes (i.e. the right-click menu lets you copy to another VM/launch in DVM, etc.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c9f3b36df03c6d1a789e79e1ba3bf612.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: debian-9 template
john: > btw, which file managers are recommended ? Nautilus or Nemo , I > believe I installed both, but what I see available is just called > "files" ; IIRC in debian-8 it was actually called Nautilus or , sorry > if this is a debian question I like nemo better than nautilus, but the qubes specific file options (copy/move to other VM, open in dispVM) only appear in nautilus (or dolphin for whonix VMs). You can have both installed tho and use nemo for regular purposes. Thunar is another good file manager (dom0 uses it) and it comes with a GUI bulk rename tool that can be handy. I'm not sure how to enable the qubes specific actions in a non-default file manager like nemo tho. It's possible to create custom actions but i haven't really looked into it enough. But yea nautilus and nemo are both just called "files" in the deb VMs. You can manually edit the desktop files so they'll display the proper names to distinguish them. -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f0a9dae-0141-2932-d37c-be5bb1c58448%40bitmessage.ch. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Assigning USB to VM fails
On Fri, April 27, 2018 6:43 pm, max.milit...@gmail.com wrote: > fredag den 27. april 2018 kl. 17.57.45 UTC+2 skrev awokd: >> On Thu, April 26, 2018 11:38 am, 'Max Andersen' via qubes-users wrote: >> >>> I have trouble attaching my USB RJ45 adapter. I get the following >>> error : >>> >>> >>> [Max@dom0 ~]$ qvm-usb -a lokal-belkin sys-usb:3-2 >>> ERROR: Device attach failed: No device info received, connection >>> failed, check backend side for details [Max@dom0 ~]$ >> >> If you're using a new template for sys-usb or lokal-belkin, have you >> installed the qubes usb proxy in both and qubes input proxy sender in >> sys-usb? Going off memory so can't remember the package names exactly. > > I remembered changing template to debian as sys-usb, since fedora can't > handle large USB drives with exFat, so I swithced back to fedora-26. That > didn't help though. > > I have qubes-input-proxy-sender and qubes-usb-proxy in the template. And qubes-usb-proxy installed in the template used for lokal-belkin? If so, I'm not sure what else it could be... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ed57280787d6e3bbbcef523d692cc50.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Q4.0 Whonix Torbrowser no sound, says to install pulseaudio ...
On Fri, April 27, 2018 10:11 pm, [799] wrote: > Hello mossy, > > > On 04/13 01:39, mossy wrote: > >> john: >> >>> Q4.0 Whonix Torbrowser no sound, says to install pulseaudio ... >>> >> >> This issue (and others) are resolved in whonix 14, now in testing -- >> you can upgrade here: >> >> https://www.whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14 >> >> >> Although it will be less work/risk if you can wait until the templates >> are ready. If you attempt the upgrade, be sure to backup your Whonix >> appVMs and templateVMs first! > > > Questions: > > > 1) If I understand you correctly sound will work in whoonix 14? > Do you or someone else knows when whoonix 14 will be evailable via the > Qubes Repositories? It's in unstable and sound works, see https://www.mail-archive.com/qubes-users@googlegroups.com/msg21534.html > 2) Has someone installed pulseaudio in the whoonix-ws template in Qubes 4 > and did this solve the no-sound-topic. Haven't tried that > 3) Why is there no sound in whoonix in the default Qubes Installation? Think there is a specific audio related driver file that needs to be manually copied somewhere but can't remember where I saw that -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/76ddaadb9d0e8cfb143528f2dd774529.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4 boot ISO
On Sat, April 28, 2018 2:24 am, Drew White wrote: > On Saturday, 28 April 2018 02:07:21 UTC+10, awokd wrote: > >> On Fri, April 27, 2018 6:40 am, Drew White wrote: >> >>> Still not working no matter what I do. >>> >>> >>> >>> Does anyone have any possible resolution to resolve this please? >>> >> >> How are you making the boot device? If USB from Linux, a standard "cp >> qubes.iso /dev/xvdj" (where xvdj is your USB device) should work. You >> can also try switching to legacy boot mode. > > I burn it to DVD. It is an ISO after all. > I always use Legacy Boot mode. I had trouble burning to DVD at first because the image is large enough to require dual-layer burner support. Ended up using Debian Stretch with default software and a newer drive before I got a good burn. If you're using some other tool, try Debian instead. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38dc6d4d09f0da1f6b2178a81ac1bae6.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] NTP and/or clock issue
Hi Matthew, On 04/28/2018 03:47 PM, Matthew Wyenandt wrote: > On Friday, April 27, 2018 at 10:28:04 PM UTC-5, Ivan Mitev wrote: >> On 04/27/2018 11:20 PM, Matthew Wyenandt wrote: >>> On Friday, April 27, 2018 at 3:32:44 PM UTC-4, Ivan Mitev wrote: On 04/27/2018 09:34 PM, Matthew Wyenandt wrote: > On Friday, April 27, 2018 at 10:46:34 AM UTC-5, Ivan Mitev wrote: >> Hey, >> >> On 04/27/2018 06:12 PM, Matthew Wyenandt wrote: >>> Hi all, >>> >>> I'm new to Qubes 4.0 and loving it. I'm having an odd situation where >>> the time on my clock is showing -5 from my current timezone, rather >>> than -5 from UTC. For instance, I'm physically located in >>> America/Chicago timezone, which is -5 UTC. My Qubes OS clock is set >>> for America/Chicago timezone, which also says -5 UTC; however, the >>> clock is now showing -10 UTC. I've tried to figure out a way to >>> manipulate the clock within dom0, but I'm not finding anyway to do so. >> >> your hw clock is likely set to local time instead of UTC ; this usually >> happens because you use(d) MS Windows. >> >> `hwclock` allows you to tweak the hardware clock; you can manually set >> the time and then run `hwclock --systohc --utc`, that should fix your >> problem. >> >> Note that `qvm-sync-clock` is run every hour in dom0 and should fix the >> offset automatically: it first syncs dom0's time with the time in >> "clockvm" (usually sys-net, see the output of `qubes-prefs clockvm`) and >> it then runs `hwclock --systohc`. >> >> If you still have issues, check that the timezone and time are OK in >> sys-net (or whatever clockvm you have defined). > > Thanks for this info, Ivan. I followed these steps. Should my sys-net > clock be set for UTC? When I run hwclock --show, it's still showing EDT > as the current time. Do I need to set this manually? I would prefer > that it get updated via ntp. The clockVM's clock is synchronized with NTP, you don't need to set anything manually... Clock synchronization works like that (if I'm not mistaken): 1- when a VM boots, the `/usr/lib/qubes/init/qubes-early-vm-config.sh` script sets the VM's timezone (the script gets the timezone from dom0 with `qubesdb-read /qubes-timezone`). 2a- if the VM is defined as the clockVM (sys-net by default) then the `systemd-timesyncd` service synchronizes the VM's clock with NTP. 2b- for dom0 and VMs != clockVM, the `qubes-sync-time.timer` systemd timer runs the `qvm-sync-clock` every 6 hours to (re)sync the clock with the time in clockVM (sys-net). So make sure your timezone is OK in dom0: `ls -l /etc/localtime` should point to the right timezone (eg. /usr/share/zoneinfo/America/Chicago). Then the easiest way is to perform a *full* reboot and everything should be fine. If it isn't, you'll have to debug a bit further: - make sure the timezone is OK in VMs too (again with `ls -l /etc/localtime`). If it isn't, check what `qubesdb-read /qubes-timezone` returns: it should be the same as dom0's timezone. - in sys-net, run `systemctl restart systemd-timesyncd` ; `systemctl status systemd-timesyncd` should output a line like Status: "Synchronized to time server a.b.c.d:123 (0.fedora.pool.ntp.org)." the clock in sys-net should show the right time (both `date` and `sudo hwclock` should show the same time, with the EDT format). - in dom0 and other VMs != clockVM, run `sudo qvm-sync-clock` ; the time should then be OK. Hope this helps ! >>> >>> Okay, so something doesn't seem to be configured correctly. During further >>> debugging, i was able to get the correct timezone using 'timedatectl >>> set-timezone Americas/Chicago'. However, when running 'systemctl status >>> systemd-timesyncd' I get the following output: >>> >>> systemd-timesyncd.service - Network Time Synchronization >>>Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; >>> enabled; v >>> Drop-In: /usr/lib/systemd/system/systemd-timesyncd.service.d >>>└─30_qubes.conf >>>Active: inactive (dead) >>> Condition: start condition failed at Fri 2018-04-27 10:04:54 CDT; 4s ago >>>└─ ConditionPathExists=/var/run/qubes-service/clocksync was not >>> met >>> Docs: man:systemd-timesyncd.service(8) >>> >>> It seems the clocksync file is missing from /var/run/qubes-service/ >>> directory. >> >> >> If the output above is for your clockVM (sys-net) then something isn't >> right. Otherwise that's the standard output for other VMs: >> /var/run/qubes-service/clocksync is set only in the clockVM >> >> I'm afraid I can't help more than that - maybe someone more experienced >> will chime in, otherwise you should file an issue. >> >> just in case, please p
Re: [qubes-users] NTP and/or clock issue
On Friday, April 27, 2018 at 10:28:04 PM UTC-5, Ivan Mitev wrote: > On 04/27/2018 11:20 PM, Matthew Wyenandt wrote: > > On Friday, April 27, 2018 at 3:32:44 PM UTC-4, Ivan Mitev wrote: > >> On 04/27/2018 09:34 PM, Matthew Wyenandt wrote: > >>> On Friday, April 27, 2018 at 10:46:34 AM UTC-5, Ivan Mitev wrote: > Hey, > > On 04/27/2018 06:12 PM, Matthew Wyenandt wrote: > > Hi all, > > > > I'm new to Qubes 4.0 and loving it. I'm having an odd situation where > > the time on my clock is showing -5 from my current timezone, rather > > than -5 from UTC. For instance, I'm physically located in > > America/Chicago timezone, which is -5 UTC. My Qubes OS clock is set > > for America/Chicago timezone, which also says -5 UTC; however, the > > clock is now showing -10 UTC. I've tried to figure out a way to > > manipulate the clock within dom0, but I'm not finding anyway to do so. > > your hw clock is likely set to local time instead of UTC ; this usually > happens because you use(d) MS Windows. > > `hwclock` allows you to tweak the hardware clock; you can manually set > the time and then run `hwclock --systohc --utc`, that should fix your > problem. > > Note that `qvm-sync-clock` is run every hour in dom0 and should fix the > offset automatically: it first syncs dom0's time with the time in > "clockvm" (usually sys-net, see the output of `qubes-prefs clockvm`) and > it then runs `hwclock --systohc`. > > If you still have issues, check that the timezone and time are OK in > sys-net (or whatever clockvm you have defined). > >>> > >>> Thanks for this info, Ivan. I followed these steps. Should my sys-net > >>> clock be set for UTC? When I run hwclock --show, it's still showing EDT > >>> as the current time. Do I need to set this manually? I would prefer > >>> that it get updated via ntp. > >> > >> The clockVM's clock is synchronized with NTP, you don't need to set > >> anything manually... > >> > >> Clock synchronization works like that (if I'm not mistaken): > >> > >> 1- when a VM boots, the `/usr/lib/qubes/init/qubes-early-vm-config.sh` > >> script sets the VM's timezone (the script gets the timezone from dom0 > >> with `qubesdb-read /qubes-timezone`). > >> > >> 2a- if the VM is defined as the clockVM (sys-net by default) then the > >> `systemd-timesyncd` service synchronizes the VM's clock with NTP. > >> > >> 2b- for dom0 and VMs != clockVM, the `qubes-sync-time.timer` systemd > >> timer runs the `qvm-sync-clock` every 6 hours to (re)sync the clock with > >> the time in clockVM (sys-net). > >> > >> > >> So make sure your timezone is OK in dom0: `ls -l /etc/localtime` should > >> point to the right timezone (eg. /usr/share/zoneinfo/America/Chicago). > >> Then the easiest way is to perform a *full* reboot and everything should > >> be fine. > >> > >> > >> If it isn't, you'll have to debug a bit further: > >> > >> - make sure the timezone is OK in VMs too (again with `ls -l > >> /etc/localtime`). If it isn't, check what `qubesdb-read /qubes-timezone` > >> returns: it should be the same as dom0's timezone. > >> > >> - in sys-net, run `systemctl restart systemd-timesyncd` ; `systemctl > >> status systemd-timesyncd` should output a line like > >> > >> Status: "Synchronized to time server a.b.c.d:123 (0.fedora.pool.ntp.org)." > >> > >> the clock in sys-net should show the right time (both `date` and `sudo > >> hwclock` should show the same time, with the EDT format). > >> > >> - in dom0 and other VMs != clockVM, run `sudo qvm-sync-clock` ; the time > >> should then be OK. > >> > >> > >> Hope this helps ! > > > > Okay, so something doesn't seem to be configured correctly. During further > > debugging, i was able to get the correct timezone using 'timedatectl > > set-timezone Americas/Chicago'. However, when running 'systemctl status > > systemd-timesyncd' I get the following output: > > > > systemd-timesyncd.service - Network Time Synchronization > >Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; > > enabled; v > > Drop-In: /usr/lib/systemd/system/systemd-timesyncd.service.d > >└─30_qubes.conf > >Active: inactive (dead) > > Condition: start condition failed at Fri 2018-04-27 10:04:54 CDT; 4s ago > >└─ ConditionPathExists=/var/run/qubes-service/clocksync was not > > met > > Docs: man:systemd-timesyncd.service(8) > > > > It seems the clocksync file is missing from /var/run/qubes-service/ > > directory. > > > If the output above is for your clockVM (sys-net) then something isn't > right. Otherwise that's the standard output for other VMs: > /var/run/qubes-service/clocksync is set only in the clockVM > > I'm afraid I can't help more than that - maybe someone more experienced > will chime in, otherwise you should file an issue. > > just in case, please paste the output of the following commands: > > in dom0: > - `timed
[qubes-users] Using AIDE (Intrusion Detection) and Lynis (auditing) in Qubes App/TemplateVMs
Hint: might be slightly off-topic (except Question 1) Hello, I am currently "harding" my Email-AppVM by adding additional firewall rules and using this opportunity to "play" with some tools like - rkhunter - clamav - lynis - AIDE - ... I am unsure if this is really needed in Qubes, but for me it is also about learning more about those tools. I have some questions regarding which might be answered by the security-professionals here. 1) If I choose to install an IDS like AIDE, should it be installed in the Template or AppVM ? As AppVM can't change critical system files, the Template VM might the better solution? 2) AIDE specific, but I couldn't solve it after googling for a while: everytime I run AIDE I get the following warning: [user@my-privmail bin]$ sudo aide --check DBG: md_enable: algorithm 7 not available It seems that this means that some algorithm is missing, but I don't know how to install it afterwards or disable the use of it. In an older topic I found the hint that it might be related to HAVAL which is a hashing algorithm. https://openindiana.org/pipermail/oi-dev/2013-July/002519.html But looking into my AIDE config file it seems that I am not using haval at all. Any ideas? 3) I run lynis and got some suggestion for improvements Running it on my customized fedora-26-min template (added some apps for email) I got the following result: Lynis security scan details: Hardening index : 73 [## ] Question: is someone using lynis on Qubes and can give some feedback about this? regards [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180428102948.6ugvnmfcuwptgyi5%40my-privmail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: debian-9 template
On 04/27/18 08:20, higginsonjim2-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: On Friday, April 27, 2018 at 1:46:08 PM UTC+1, higgin...-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: Have used Qubes3 for a couple of years and now acquired a new PC where I've done a complete fresh install of QUBES 4. (Copied all my data off old system - ready for adding to new system when all set up) Base system seems fine - standard VM's etc - but everything by default based on Fedora - albeit Debian and Fedora templates offered by default. Fedora template has lots of assorted software - that I could use to add to various Vm's as required - a standard new VM using Fedora template offers FILES, TERMINAL, FIREFOX and QUBES SETTINGS - basically core features to get me started. WHEN I LOOK AT THE DEBIAN-9 template - there is no software at all. ALSO the DEBIAN-9 template and any VM that I generate using it, only offers QUBE-SETTINGS - i.e. no TERMINAL, BROWSER or FILEs. CAN ANYONE advise on what I should do next - assume if I get access to terminal, I can install all software I want - but assumed there would be a standard stock of software/base features available in the Debian-9 template. (Am sure this was the case with QUBES3) Grateful for advice - my preference is to use Debian (as per last 2 years within QUBES and many years before that using DEBIAN distro) rather than Fedora. See awokd comments. Problem is that I have nothing in APPLICATIONS. Have tried Removing DEB9 template, installing DEB8 template and then following the Upgrade 8 to 9 route. This initially seems to solve problem. Load of APPLICATIONS appear - and by going into repos folder- could change "jessie" to "stretch". Then update/upgrade. Still can't use the APPLICATIONS in DEB 9. I'll try it again with fresh install - in case I did something wrong. Another option - might simply copy the DEB9 "template" from previous computer and install that - but wanted to avoid that - just naturally want to have "clean" install on QUBES 4 on new computer. Any other suggestions welcome - have others found DEBIAN-9 template OK on clean install?. I believe I saw this also, but don't recall if I fixed it or what dom0$ qvm-appmenus --sync debian-9 or so btw, which file managers are recommended ? Nautilus or Nemo , I believe I installed both, but what I see available is just called "files" ; IIRC in debian-8 it was actually called Nautilus or , sorry if this is a debian question -- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/61dba987-c461-7486-6d26-eeace4153448%40riseup.net. For more options, visit https://groups.google.com/d/optout.
