date:20180430

On Tue, May 1, 2018 4:24 am, Ivan Mitev wrote:
> Hey !
>
>
> On 05/01/2018 03:19 AM, [799] wrote:

>> Where is the data from qvm-prefs stored? Is it really a database?
>>
>
> No idea but I'd like to know the answer too, please let me know if you
> find out (I just replied to another post about timezones and couldn't find
> how the "db" was updated).

I think in https://wiki.xen.org/wiki/XenStore. See
qubes-src/vmm-xen-stubdom-linux/rootfs/init for some example usage.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8569678b96fa3ee815a46c8790db8e11.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help understanding qubes networking

Hey !

On 05/01/2018 03:19 AM, [799] wrote:
> Hello Ivan,
> 
> On 04/30 10:19, Ivan Mitev wrote:
>> Hi !
>>
>> On 04/30/2018 09:48 AM, [799] wrote:
>>> [...]
>>> I am trying to understand how networking is configured.
>>> [...]
>>
>> - when the XEN network interface appears, /usr/lib/qubes/setup-ip
>>  script is run by udev (see /etc/udev/rules.d/99-qubes-network.rules)
> 
> Thanks, this script is located in the AppVM.

Yes - in VMs.

>
>> - /usr/lib/qubes/setup-ip gets the VM's definitions from dom0 with
>> `qubesdb-read /blah` and sets the network accordingly
> 
> Looking at the script /usr/lib/qubes/setup-ip I found:
> 
> ip=$(/usr/bin/qubesdb-read /qubes-ip 2> /dev/null)
> 
> so the variables are filled from data coming from qubesdb-read.
> I opened qubesdb-read but it looks like a binary (?) file.

qubesdb-read is an interface to dom0, it simply reads keys exported by
dom0; see the following doc for a list of available keys:

https://www.qubes-os.org/doc/vm-interface/


>> you can change a VM's network prefs with `qvm-prefs vmname ip`,
>> `qvm-prefs vmname gateway`, ...; I see there's a bunch of `visible_...`
>> network prefs, no idea how those works nor nor how they're generated).
> 
> So basically it looks like this:
> 
> network configuration of AppVM -> qvm-prefs -> stored "somewhere" in dom0
> /usr/bin/qubesdb-read (in the AppVM) -> read data from dom0

yes - at least that's how I think it's working.

> 
> Where is the data from qvm-prefs stored? Is it really a database?

No idea but I'd like to know the answer too, please let me know if you
find out (I just replied to another post about timezones and couldn't
find how the "db" was updated).

Maybe ask on @qubes-devel ?

> 
> [799]
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a7fed2c-4b57-eb28-fcab-81d81624ab77%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Wrong timezone in VMs: where the value for qubesdb-read /qubes-timezone comes from? (Take two)

Hi,

On 05/01/2018 03:18 AM, Pablo Di Noto wrote:
> Hello all,
> 
> I asked this question when Qubes R3.2 was out, and solved with help from 
> Andrew in a somewhat weird way (running local scripts on each AppVM).
> 
> Now that we are at R4.0, I am again having this issue:
> 
> After install, dom0 gets proper timezone:
> 
> |[root@dom0 Desktop]# timedatectl
> |  Local time: Mon 2018-04-30 21:12:20 -03
> |  Universal time: Tue 2018-05-01 00:12:20 UTC
> |RTC time: Tue 2018-05-01 00:12:20
> |   Time zone: America/Argentina/Cordoba (-03, -0300)
> | Network time on: no
> |NTP synchronized: no
> | RTC in local TZ: no
> 
> but for some reason, all AppVM get the wrong timezone on their configuration 
> script:
> 
> |user@p-vault:~/p-vault$ ls -l /etc/localtime 
> |lrwxrwxrwx 1 root root 39 Apr 30 23:32 /etc/localtime -> 
> ../usr/share/zoneinfo/Argentina/Cordoba
> 
> which of course does not exists, so all AppVM end up in GMT.
> 
> So my original question is back: Where does that value come from?
/usr/lib/qubes/init/qubes-early-vm-config.sh

the script gets the timezone from dom0 with `qubesdb-read
/qubes-timezone` and sets it early during a VM's boot.

see this post/thread for more details:

https://www.mail-archive.com/qubes-users@googlegroups.com/msg21693.html


> And the obvious next one: How can I change it to a proper 
> "America/Argentina/Cordoba"?
I tried to set a different timezone in dom0 but qubesdb-read would
return the old value in VMs ; I don't know how the db is updated (a
reboot would probably do but it seems overkill and I have too much stuff
open to test).

But if you're rebooted already and you still get the wrong string in
VMs, maybe it's a bug in how qubesdb-read reads the timezone
(interestingly, that's the first time I see 3 fields like 'X/Y/Z' - I
always thought a timezone would be 'X/Y').

> 
> Thanks!
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29748e05-37a9-48eb-dfc6-674cd81c83c2%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Os4 very slowly comparing to Qubes 3.2

2018-04-30 Thread taii...@gmx.com

On 04/30/2018 04:54 PM, cooloutac wrote:

> On Monday, April 30, 2018 at 3:10:30 PM UTC-4, frkl...@gmail.com wrote:
>> That could be a good idea John! 
>>
>> I have only one problem. I can not disable Speedstep in the Bios- Uefi 
>> because there is no Speedstep configuration. 
>>
>> Does anyone know how to disable speedstep outside of the Bios at qubes os? I 
>> didn't find any solution.
> disable c-states option if there is one.  just make sure your pc doesn't run 
> significantly hotter.
When intel first introduced power saving measures people always thought
that was the reason their computer was running slowly, but if frequency
scaling is working properly all it does is save you money on your power
bill - in your case it probably isn't functioning right and you should
investigate in dom0.
> also as previous poster said 8 gb of ram is too small and 4.0 uses more 
> resources then 3.2 as well.  ssd also helps.
I use 8GB RAM and no swap without any issues, you can't run too many
VM's especially with resource consuming firefox but it isn't that terrible.

PVH should be just as fast as PV, I would investigate frequency scaling
and of course install the spectre microcode updates (very difficult
thanks to the good people at intel/amd not really releasing them)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33b46779-69ea-b1c7-4982-7e6d4b4d443f%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys

[qubes-users] Re: Issues with Qubes 4.0 on Lenovo T450s

qvm-shutdown --all   then whatever survives qvm-shutdown VM  or  the 
stubborn one qvm-kill


before any and all system shutdown or reboot

that much is the same.   then  I have gotten ACPI  complaints flash by 
while boot  on both 3.2 and 4.0  ,  seems to be  SOP  for the  qubes 
system  :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e3ac049-e417-ef19-ea2b-cceb8713f89d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AMD? threadripper / ryzen?

2018-04-30 Thread taii...@gmx.com

On 04/30/2018 08:09 PM, pixel fairy wrote:

> ready to ditch intel on desktop (and maybe laptop if anyone has a good 
> recommendation) 
>
> my understanding is that some amd lines dont have PSP or any such equivalent 
> to intelME or AMT.
The older stuff like socket g34 and c32.
> about to jump down the rabbit hole of figuring this out. 
>
> has anyone tried ryzen or threadripper? 
They have PSP - impossible to disable it just like ME.
> is there another line worth looking at?
>
> what im looking for,
>
> * no psp, ME, amt etc
> * no speculative execution vulnerabilities (at least no known ones)
You gotta install the latest microcode updates anyways it seems so a
43xx/63xx CPU is what to get with the boards I mentioned.
> * at least 32gigs of ram (yes, i actually use that)
> * at least 8 cores or threads.
> * ps2 mouse/keyboard or more than 1 usb bus.
I would get a KCMA-D8 ($315) or KGPE-D16 ($415) they check all your
boxes and more - they are what all the experts use, leah rowe from
libreboot paid for them to be ported to coreboot-libre a few years ago.
D16 max 192GB RAM with 32 cores, and it also has OpenBMC support, two
separate usb controllers (btw you need breakout cables for second
controller/more ports) etc.

The PS/2 security idea thing is from idiots who have no idea what they
are doing, using PS2 sends all your keystrokes out on the ground wire as
I have mentioned previously.
I would get a unicomp keyboard with trackpad, as then you have input
devices where the firmware can't be internally flashed like most
keyboards can.
> gpu support for tensorflow would be nice, but will probably make a second, 
> dedicated box when that time comes.
>
> free bios support (coreboot, libreboot etc) would be nice too.
>
> and before anyone suggests it, no, im not porting xen to talon.
*Talos 2
It seems you have read my other posts? in that case why do you ask? I
have already answered all these questions many times.
> a laptop like the above would be awsome if its light and has good battery 
> life, but thats not something im going to hold my breath for.
The G505s has 4 cores and 16GB RAM, the FT3 platform is the last and
best x86_64 laptop platform without PSP/ME that supports IOMMU, open
init for ram/cpu etc.
There are a few FT3 coreboot laptops but this is the best supported/most
popular.

I am pleased you are smart enough to avoid the fraudulent companies out
there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae81b3cc-b94b-de6d-ecf2-a204ecdbe80c%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys

Re: [qubes-users] Re: Lenovo G505S Coreboot

2018-04-30 Thread taii...@gmx.com

On 04/30/2018 08:49 PM, Andrew B wrote:

> OK, just to clarify, if I am to build the coreboot image, I need to do that 
> on the G505s by say running Debian or Ubuntu (presumably could use a Live 
> disc/USB) or similar and building the image as shown here?
> https://www.coreboot.org/Board:lenovo/g505s#Building_a_coreboot_image
Yeah.
But you need another PC in case something goes wrong.
> Then I take the created coreboot.rom file and load it onto a separate 
> computer where I can externally flash the G505s as shown here: 
> http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate
Get a USB CH341A, they're easier.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a4db6a2-96a8-b6fc-9130-b3416111cc65%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys

Re: [qubes-users] Re: Qubes 4 boot ISO

2018-04-30 Thread Drew White

On Monday, 30 April 2018 21:10:51 UTC+10, cooloutac  wrote:
> On Sunday, April 29, 2018 at 8:11:28 PM UTC-4, Drew White wrote:
> > On Sunday, 29 April 2018 01:50:22 UTC+10, awokd  wrote:
> > > On Sat, April 28, 2018 2:24 am, Drew White wrote:
> > > > On Saturday, 28 April 2018 02:07:21 UTC+10, awokd  wrote:
> > > >
> > > >> On Fri, April 27, 2018 6:40 am, Drew White wrote:
> > > >>
> > > >>> Still not working no matter what I do.
> > > >>>
> > > >>>
> > > >>>
> > > >>> Does anyone have any possible resolution to resolve this please?
> > > >>>
> > > >>
> > > >> How are you making the boot device? If USB from Linux, a standard "cp
> > > >> qubes.iso /dev/xvdj" (where xvdj is your USB device) should work. You
> > > >> can also try switching to legacy boot mode.
> > > >
> > > > I burn it to DVD. It is an ISO after all.
> > > > I always use Legacy Boot mode.
> > > 
> > > I had trouble burning to DVD at first because the image is large enough to
> > > require dual-layer burner support. Ended up using Debian Stretch with
> > > default software and a newer drive before I got a good burn. If you're
> > > using some other tool, try Debian instead.
> > 
> > The Qubes 4 ISO fits on a normal DVD. So it's fine.
> > The thing is it worked and booted in a Guest once.
> > But wouldn't boot on the PC or using external HDD.
> > 
> > This is why I am unsure.
> > 
> > I have all the requirements filled, but it won't boot to it because of that 
> > issue.
> 
> Are you sure its fine?  You can't even download the iso to a default qube its 
> so big.4.7gb is the size of a normal dvd.  And thats the same space I 
> needed to download the iso sucessfully.  Thats cutting it pretty close, you 
> sure a bigger dvd wouldn't help?

100% sure.
I'm downloading to a Guest and I have all my ISOs stored on an external drive.
I know the ISO is fine because it booted on a local Guest, then I tried on 
another drive in the guest, but as soon as I went to another HD it started to 
fail and not work.

Therefore, I can only conclude that it is the actual Qubes installer since it 
worked only in that one exact scenario.

If you had read my posts, all of the first ones, you would have seen my tests 
there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c84c74c-3e24-4f13-b393-ad45b92fb6a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Q4.0] Lenovo t520 AEM: GPU Hangs After SINIT Loads

2018-04-30 Thread luke . a . spangler

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I still haven't been able to resolve this issue. Where should I take my search?
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEH2N/jKRz/HdRscWv+AtTum38ebIFAlrnyTAACgkQ+AtTum38
ebLfMA/+ITX4oDq0zh7cV3HZE3m/YTJNQSs07h9bTtqj/pxLy435Xz0xI5Gg5p6L
2tX1rmVfuWOD+0cdbqdCF1mBFU1BXb/rjN+5q+gHae6A3pp8meQznFVW5X7Vv/ss
yQlxLicWTfqex+1VyQCyiTqzzKT2RLmw5UY/KzjipuyOGMwOweVliY6T1GU/PkTL
GsyrgQZzkNKE1xCFTJPEG1Z3ueUb3/yTeoLouEEGSxHO6RIIKdxaJ8zIEHJeoeud
DWtS8EZDHXITpIC3AKyueF0eWo61+otCUSL0zgse8uhiaTYghe00zgOINhtrvmLz
uTmTXUfZ9RN8D/OAiV1zbAOfUIBsgAPWPWKC5/K2BXAhz+667XwQ7+oBUN29HLhI
87sJpuv4XGpe2qho6WezO2Rt91B3R7JhiCOdxoToIt+g58lYi0e5hQdPVij93Idi
STQuLpBDVjdhK0dvn+6vfrG4TgTgsvSlv2CqX29TCgjFzRbhOYtVS0VQ0vyWaHsP
hOKuBjS6PpdeoC5YMpzkkVlAfRimz3iUG5uz6j4Iqf3XdZQcvJi4UYmUN8VDbSSt
wCT57ODHEdr399yIMOuwVAkyNcbpiRVpYoLNFNmO00ZucmG+EZWMQT5wR6sMqnPI
6Gn9l6BHWVPhh+kqlzkz1TqhAh5G5RGFpUv19b5zjCrvbaLtaZ4=
=rzRF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4cefcb87-4a2c-4c51-b0ce-58147997fdb3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

2018-04-30 Thread Andrew B

OK, just to clarify, if I am to build the coreboot image, I need to do that on 
the G505s by say running Debian or Ubuntu (presumably could use a Live 
disc/USB) or similar and building the image as shown here?
https://www.coreboot.org/Board:lenovo/g505s#Building_a_coreboot_image

Then I take the created coreboot.rom file and load it onto a separate computer 
where I can externally flash the G505s as shown here: 
http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40dcefb1-64ab-49d1-911e-b71c4c9b6756%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Announcement: Parts of the Qubes OS website are temporarily down

2018-04-30 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-04-30 08:54, Andrew David Wong wrote:
> Dear Qubes Community,
> 
> As many of you have noticed, parts of the Qubes OS website are 
> temporarily down. The reason is that GitHub is doing unplanned 
> maintenance on GitHub Pages, the service that hosts the Qubes
> website. During this maintenance, sites that rely on submodules
> (like the Qubes site) will not build until the work is completed.
> They tell us that they're working to restore submodule
> functionality as soon as possible, but there's no ETA yet.
> 
> Please see this issue for more information:
> 
> https://github.com/QubesOS/qubes-issues/issues/3870
> 
> In the meantime, remember that you can always run your own local
> copy of the website by following these instructions:
> 
> https://github.com/QubesOS/qubesos.github.io#instructions
> 
> In addition, please remember that all of our documentation pages
> are designed to be readable as plain text (Markdown) files. If you
> need to refer to any documentation, it's still available in the
> qubes-doc repo:
> 
> https://github.com/QubesOS/qubes-doc
> 
> We recommend having your own local copy of this repo.
> 

This problem was resolved earlier today, and the Qubes website should
now be fully operational for all visitors. If you have any questions
or concerns, please don't hesitate to let us know.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrntBYACgkQ203TvDlQ
MDAFFQ/9E2OAPbv4sQDKwO35SP35WsnlIO1GRSybcExa892C+d+A0bLjZ6fIg6ST
SkHitRjHhQwC2K3iQzYSnKSC8buSKzZ5kS2G2vOwLIu7vmJpxe8tzvsKX/f0+RcH
n8HM16O7DuhsdyfUXpHdcB1oUjBSQZUedP/oAdigu3INKagJyzBqz76MFjKQwXbE
ZVypYlg04eZ3qi5OWQC8R1LEqgzsSO+uUGeo01RxoSLTV60QGFDYxv2fNVsteWD6
x3NxRF156NUX5+BYdumGXtI2oMUCOUZ38k3fWRQ8AOi9Pz+YL0tydLqvd5uxKW2q
qcCiyLKcgmrFTMy5Iqu4kINl1FiRgq1P1FHkoDm1khWMOBbEEK4GBsjtx7mR0G66
l/50TyN5mkoXVUm8YUP5sfxCK9k+bJtQ94ZQis4gRjFH9Szqs3IpTWxPKjAD4nIl
R01cH+KmWbTRJ7I3tDIgGJRffDLh5PrM2uFeZ3BR/Lx1/7bPq5FlHrTZHDLqfNd3
TuEEGtvPAuHi4t65sQDuSILwFyZsh2otxqLsomymVGZXd9voqxnwYnEP5/7RkuBN
mC02sqwu8jVXYA+80emFamVi9lc5qoKGbP72MLXazga/svD5H2sRKj9gLAZUTRlq
LIx9hhEnElfPSptwTclpOD46/NE+fDyPJeQuruIVUCC+wKUOQ4k=
=LaMW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb9efb2a-acb6-22f5-a7eb-ccfed2ea99f7%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Wrong timezone in VMs: where the value for qubesdb-read /qubes-timezone comes from? (Take two)

2018-04-30 Thread Pablo Di Noto

Hello all,

I asked this question when Qubes R3.2 was out, and solved with help from Andrew 
in a somewhat weird way (running local scripts on each AppVM).

Now that we are at R4.0, I am again having this issue:

After install, dom0 gets proper timezone:

|[root@dom0 Desktop]# timedatectl
|  Local time: Mon 2018-04-30 21:12:20 -03
|  Universal time: Tue 2018-05-01 00:12:20 UTC
|RTC time: Tue 2018-05-01 00:12:20
|   Time zone: America/Argentina/Cordoba (-03, -0300)
| Network time on: no
|NTP synchronized: no
| RTC in local TZ: no

but for some reason, all AppVM get the wrong timezone on their configuration 
script:

|user@p-vault:~/p-vault$ ls -l /etc/localtime 
|lrwxrwxrwx 1 root root 39 Apr 30 23:32 /etc/localtime -> 
../usr/share/zoneinfo/Argentina/Cordoba

which of course does not exists, so all AppVM end up in GMT.

So my original question is back: Where does that value come from?
And the obvious next one: How can I change it to a proper 
"America/Argentina/Cordoba"?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/698c13f7-532a-4d23-8d08-034e19785b8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] AMD? threadripper / ryzen?

2018-04-30 Thread pixel fairy

ready to ditch intel on desktop (and maybe laptop if anyone has a good 
recommendation) 

my understanding is that some amd lines dont have PSP or any such equivalent to 
intelME or AMT. about to jump down the rabbit hole of figuring this out. 

has anyone tried ryzen or threadripper? is there another line worth looking at?

what im looking for,

* no psp, ME, amt etc
* no speculative execution vulnerabilities (at least no known ones)
* at least 32gigs of ram (yes, i actually use that)
* at least 8 cores or threads.
* ps2 mouse/keyboard or more than 1 usb bus. 

gpu support for tensorflow would be nice, but will probably make a second, 
dedicated box when that time comes.

free bios support (coreboot, libreboot etc) would be nice too.

and before anyone suggests it, no, im not porting xen to talon.

a laptop like the above would be awsome if its light and has good battery life, 
but thats not something im going to hold my breath for.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31b8ee2d-393b-4e5c-a9ab-6788002432f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help understanding qubes networking

2018-04-30 Thread [799]

Hello Ivan,

On 04/30 10:19, Ivan Mitev wrote:
> Hi !
> 
> On 04/30/2018 09:48 AM, [799] wrote:
> > [...]
> > I am trying to understand how networking is configured.
> > [...]
> 
> - when the XEN network interface appears, /usr/lib/qubes/setup-ip
>  script is run by udev (see /etc/udev/rules.d/99-qubes-network.rules)

Thanks, this script is located in the AppVM.
 
> - /usr/lib/qubes/setup-ip gets the VM's definitions from dom0 with
> `qubesdb-read /blah` and sets the network accordingly

Looking at the script /usr/lib/qubes/setup-ip I found:

ip=$(/usr/bin/qubesdb-read /qubes-ip 2> /dev/null)

so the variables are filled from data coming from qubesdb-read.
I opened qubesdb-read but it looks like a binary (?) file.

> you can change a VM's network prefs with `qvm-prefs vmname ip`,
> `qvm-prefs vmname gateway`, ...; I see there's a bunch of `visible_...`
> network prefs, no idea how those works nor nor how they're generated).

So basically it looks like this:

network configuration of AppVM -> qvm-prefs -> stored "somewhere" in dom0
/usr/bin/qubesdb-read (in the AppVM) -> read data from dom0

Where is the data from qvm-prefs stored? Is it really a database?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180501001931.6jk27cvffbpyvwpj%40my-privmail.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Os4 very slowly comparing to Qubes 3.2

On Monday, April 30, 2018 at 3:10:30 PM UTC-4, frkl...@gmail.com wrote:
> That could be a good idea John! 
> 
> I have only one problem. I can not disable Speedstep in the Bios- Uefi 
> because there is no Speedstep configuration. 
> 
> Does anyone know how to disable speedstep outside of the Bios at qubes os? I 
> didn't find any solution.

disable c-states option if there is one.  just make sure your pc doesn't run 
significantly hotter.

also as previous poster said 8 gb of ram is too small and 4.0 uses more 
resources then 3.2 as well.  ssd also helps.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa0f49b3-e058-410f-80bc-0b7e9a5a6670%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Os4 very slowly comparing to Qubes 3.2

2018-04-30 Thread frkla1234

That could be a good idea John! 

I have only one problem. I can not disable Speedstep in the Bios- Uefi because 
there is no Speedstep configuration. 

Does anyone know how to disable speedstep outside of the Bios at qubes os? I 
didn't find any solution.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/103785cc-fe6f-4aa5-a1a1-ae61ee96e979%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ad-blocking ProxyVM?

2018-04-30 Thread tomaximum

Le mardi 14 février 2017 13:08:37 UTC+1, Joe Ruether a écrit :
> On Monday, February 13, 2017 at 9:35:52 PM UTC-5, Joe Ruether wrote:
> > Ok, I need to simplify this. I need help, I don't know what I am missing. 
> > Is anyone able to recreate the following netcat test?
> > 
> > I cannot seem to get the DNAT portion of the iptables to work at all. Here 
> > is a very simple test:
> > 
> > On the proxyvm, I use the following rules to redirect port 5353 to 
> > localhost, and allow the connection:
> > 
> > iptables -t nat -I PR-QBS 1 -d 10.137.4.1 -p tcp --dport 5353 -j DNAT 
> > --to-destination 127.0.0.1
> > iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT
> > 
> > Then, on the proxyvm, I run the following command to listen on that port 
> > (no other service is running on that port):
> > 
> > nc -l -p 5353
> > 
> > Finally, on the AppVM, I run the following command:
> > 
> > nc 10.137.4.1 5353
> > 
> > My expectation is that the two netcats will connect, however they don't. 
> > What do I need to do to get my AppVM to talk to my ProxyVM? Thanks
> 
> Well, I feel like a fool, I finally figured it out. I realized the DNAT rules 
> aren't necessary at all, so all I needed was this:
> 
> iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT
> 
> Of course I overcomplicated such a simple problem... I learned a bunch about 
> iptables though.
> 
> I also have the PiHole adblocker working now. In case anyone stumbles onto 
> this thread trying to do the same thing, the final trick was to add the Qubes 
> vif interfaces to a dnsmasq config file to it would listen on them.

Hi Joe,
I'm would like to build a similar setup, with pi-hole as a proxyVM for some 
browsing AppVM on my fresh Qubes 4.0 install. 
I'm quite a beginner to Qubes (and to linux more genrally) and I'm struggling 
following what you've done to make it work. (I have also tried to follow some 
other instructions here: 
https://blog.tufarolo.eu/how-to-configure-pihole-in-qubesos-proxyvm/ but either 
I'm missing something, or it doesn't work like this anymore with 4.0)
Have you updated your setup to Qubes 4.0 if needed ?
Would you please agree to summarize as simply and clearly as possible the 
necessary steps to make it work for a noob like me.
Thanks

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5231186a-8856-45b6-8b7b-67fcfe9bf86d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Doc page 404 not found.

On Monday, April 30, 2018 at 7:31:31 AM UTC-4, Ivan Mitev wrote:
> On 04/30/2018 02:27 PM, cooloutac wrote:
> > Can't load the Qubes documentation page on website.
> 
> (posted in another thread):
> 
> https://github.com/QubesOS/qubes-issues/issues/3870

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/274dd7a1-cd96-4d4b-8f7c-b08209af7175%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 boot ISO

IMO your going to be unhappy in the short and long run, trying use Q4 
on a HDD, invest in a small  Solid State drive of some sort


And try not to preserve your old Windows installation just have 2 HDs 
one of an SSD for the Q4 and 8GB  RAM, and stick to the formula, 
otherwise there are just too many variables to troubleshoot to begin with.


When you finally do get it installed if you don't have at least 8GB ram 
you probably may also be unhappy, so 'bite the bullet',  on the SSD and 
try to follow the excellent documentation  on  installation and use ; 
new modern computers have DVDs anymore, so ..


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2065c29-01c8-ee7a-9159-76306576e66b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Thinkpad T440s i7 and Qubes 4.0 compatibility

On 04/30/18 02:13, Fernando wrote:

On Sunday, April 29, 2018 at 10:26:44 AM UTC-3, Eivind K. Dovik wrote:

On Sat, 28 Apr 2018, john wrote:

maybe, I am missing something, did you try installing 4.0 in legacy mode?

it seems with the older thinkpads this is the way to avoid the dreaded black
screen EFI thing.

I tried installing Qubes 4.0 in legacy mode at first. I was presented with
the legacy-installer, and after hitting "Return" the screen went black.
UEFI-installer worked like charm, but booting after install did not (stuck
in boot-loop, no grub-menu).

Eivind

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to
qubes-users+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/ez6zc...@public.gmane.org
To post to this group, send email to
qubes-users-/JYPxA39Uh5TLH3MbocFF+G/ez6zc...@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0243fee9-9cff-8919-629a-5ba035fdd234%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

I'm using a Thinkpad w530 and I had to play a little bit with BIOS settings,
since virtualization does not play well with graphic card.

So I had to enable virtualization in BIOS (it's disabled by default) and then
use integrated graphics (if no external monitor is connected) or optimus (if I
have a external monitor).

After finding the right combination of these settings, I could boot without
issues.

Hope this helps.

I noticed on the HCL that some TPad users had to change the Bios
graphics as well, My 530 didn't have that setting , "discrete graphics"

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/598a8bb8-760d-d463-72ca-6faf8eaba757%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-30 Thread velcro

Sorry correction to my notes:


Using qTunnel:

For Debian proxy, add OpenVPN package to your VPN template:
su
apt-get update && apt-get install openvpn unzip

Download and transfer file to template
https://github.com/tasket/qubes-tunnel.git

cd “Then drag downloaded file into terminal from tasket”
sudo bash ./install

Create proxy AppVM using VPN template: sys-VPN
Colour: Green
Provides Network  Checked
connect to sys-net
Launch settings  - Checked

Settings:
Add files and Terminal to Applications
Add “qubes-tunnel-openvpn” to services

Move VPN config files to new proxy AppVM

Open proxy AppVM terminal:
sudo mkdir /rw/config/qtunnel

sudo /usr/lib/qubes/qtunnel-setup --config

Enter VPN name and password

sudo mv “Then highlight the .pem, .crt and config file (renamed to xx.ovpn)” 
/rw/config/qtunnel

Optional - Change config DNS:
setenv tunnel_dns '208.67.222.222 208.67.220.220'

cd /rw/config/qtunnel
sudo ln -s xx.ovpn qtunnel.conf
(xx is the VPN client config)

Restart AppVM...look for “Links is up” pop-up

https://github.com/tasket/qubes-tunnel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4bf9dd58-16af-48e7-b372-5c819946d402%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cannot get installer to load, Help and advice welcomed (semi-noob here).

2018-04-30 Thread cenkmyetis

Tried Qubes 4.0 installation on two PCs: 1) Asus Aspire S13 laptop, Intel 
i7-6500 CPU @ 2.50GHz 2.60 GHz, 8 GB RAM, 64-bit 2) Asus D620MT desktop, Intel 
i7-6700 CPU @ 3.40GHz, 3.40 GHz, 16 GB RAM, 64-bit.
For the first one, installation never proceeded further than few seconds (after 
few lines appeared on the screen, the screen was all black and the CPU was 
running at high speed without any progress). Tried both USB and CD drive.
For the second one, after selecting the language on the installation interface, 
it warned "unsupported hardware...Missing features: HVM/VT-x..."
According to the Qubes website, both of the PCs support the minimum 
requirements of Qubes 4.0, but I could not succeed to install.
This is a great opportunity for Qubes to become one of the big companies. I 
hope you can pull it off.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e113e3e-eca5-4ef0-bc6f-94bc5fa8681c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cannot get installer to load, Help and advice welcomed (semi-noob here).

2018-04-30 Thread cenkmyetis

Tried 4.0 installation on two PCs: 1) Asus Aspire S13 laptop, Intel i7-6500 CPU 
@ 2.50GHz 2.60 GHz, 8GM RAM, 64-bit 2) Asus D620MT desktop, Intel i7-6700 CPU @ 
3.40GHz, 3.40 GHz.
For the first one, installation never proceeded further than few seconds (after 
few lines appeared on the screen, the screen was all black and the CPU was 
running at high speed without any progress). Tried both USB and CD drive.
For the second one, after selecting language on the installation interface, it 
warned "unsupported hardware...Missing features: HVM/VT-x..."
According to the Qubes website, both processors of both PC support the minimum 
requirements of Qubes 4.0, but I could not succeed to install.

This is a great opportunity for Qubes to become one of the big companies. I 
hope you they can pull it off.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00834d19-1824-47cc-9b9b-e753a84d78b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Announcement: Parts of the Qubes OS website are temporarily down

2018-04-30 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

As many of you have noticed, parts of the Qubes OS website are
temporarily down. The reason is that GitHub is doing unplanned
maintenance on GitHub Pages, the service that hosts the Qubes website.
During this maintenance, sites that rely on submodules (like the Qubes
site) will not build until the work is completed. They tell us that
they're working to restore submodule functionality as soon as
possible, but there's no ETA yet.

Please see this issue for more information:

https://github.com/QubesOS/qubes-issues/issues/3870

In the meantime, remember that you can always run your own local copy
of the website by following these instructions:

https://github.com/QubesOS/qubesos.github.io#instructions

In addition, please remember that all of our documentation pages are
designed to be readable as plain text (Markdown) files. If you need to
refer to any documentation, it's still available in the qubes-doc repo:

https://github.com/QubesOS/qubes-doc

We recommend having your own local copy of this repo.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrnIAYACgkQ203TvDlQ
MDCYLQ//UHJ8hbnQ7d5TUUO0SmaugggJ9x1vt3JojPBbgNDDKLPX2Y01EuKdkrVw
1h1kv6zNi4qJj8Eg5eOlBjWpaWnrj1fD8NkZhwRJR8qAW7BBxQhJlxkG8YLJqeJ/
TOqkzgL3XT7T5dUGPfsI+q6vUhv0jpUTwaLNS9gx0QX+FdT+syrxidgmPGaEEHj5
DOdY6OiEd8QYuxdcSxc0hdChzYoRh1HyivZ3/D4BPX4n9yH1s+CSWaa673VoVkAZ
+AtgRU0YxGrEE0v9PtbAEe4QbxFS3ckvTrVGv7qkHvZBFvyjyvWs7DNbg+jkQAfz
y8+8bx5wD4U/5kyBKTwsiCT4vL7OCbZDvqcKNS/K5nbkpK4vYDf6aiM8Ynn8Wau7
oBj4lJZ5/gKIU3IsG3Nre6GBqPf27KkhjLWJioQrkoHmfDCI5HvXS+OI2q1W5wBK
Kr74sUeBmyHYSBJinBpBft7EglxBbWhyJnyLn2WFGfWYllMfKzK51rWTyz3eBjbH
mxkxeqRISXdSKWS1RccyUeJwFQxnzWBg1aPx+F2hKIZ7LXj30C5HXyMQ49+N6aVt
lM4RgJBi2lHoufLMZOZkKT4o2EIMfiUPKafxfro5Q5+0PV1hmx9DihRxtqKZu7FS
h700QRCQ4tAhnPz7avVDuuB2Sr7w+PqPJ/LsbVG1pmJWdNg3+30=
=wMrO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a33f761-9e17-edaf-3273-7cfe498acd8e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Remote Control Question

2018-04-30 Thread 799

Hello Stuart,

Stuart Perkins  schrieb am Mo., 30. Apr. 2018,
14:58:

>
> >> I'm considering setting up Qubes capable server at my home.  What I
> need, however, is to be able to remotely control it.
> Updates...reboot/stop/start system and app vm's etc.  Is this even possible
> with Qubes?  I currently run a Ubuntu powered old laptop as a "server" and
> have it hosting a couple of VM's with virtualbox.
>

Depending on the hardware you can completely remote administrate the server
using Intel AMT.
It allows you to remotely control the hardware even when the device is
switched off but connected to the LAN.
Using AMT you can open up a VNC connection to the server.
AMT will allow you to remotely control and restart a server even it has
crashed into a blue/purple screen.

This technology is the reason that some people are flashing their BIOS
(Coreboot) in order to get rid of this piece of software.
I am using AMT with my corporate Q
laptop which runs Qubes OS.
On my 2nd Laptop a X230 I am running Coreboot to get rid of AMT.

[799]

>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2v2kbPH2PSjwYFL5tpeBUkJZBD-cDyzPnkjAfuNDzK_RQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Remote Control Question

2018-04-30 Thread Stuart Perkins



On Sun, 29 Apr 2018 10:39:21 -0400
Ed  wrote:

>On 04/28/2018 08:50 PM, Stuart Perkins wrote:
>> Hi list.
>> 
>> I'm considering setting up Qubes capable server at my home.  What I need, 
>> however, is to be able to remotely control it. Updates...reboot/stop/start 
>> system and app vm's etc.  Is this even possible with Qubes?  I currently run 
>> a Ubuntu powered old laptop as a "server" and have it hosting a couple of 
>> VM's with virtualbox.  I can ssh into it and even have an sshuttle setup for 
>> VPN over SSH functionality for when I need to do something "gui" remotely.  
>> One of my VM's is an old XP system which monitors my solar electric. One is 
>> a ubuntu install hosting a Drupal website.  One is also installed which is a 
>> full blow VPN server for when I need to do more than just simple things...I 
>> rarely use this one.
>> 
>> I will be upgrading my "server" hardware to a real server class platform one 
>> of these days, and I would like something specific to running independent 
>> VM's, but the remote maintenance might be a Qubes eliminating need...
>> 
>> Anybody here attacked a remote console to dom0 before, or does it so 
>> completely violate the philosophy of Qubes that it is an absolute 
>> no-way-in-hell thing?
>> 
>> Stuart
>>   
>
>Hi Stuart,
>
>Philosophies aside, you can do whatever you want :)  Adding networking 
>to dom0 is certainly defeating a lot of the hardwork/security that went 
>into qubes.  If you wanted to go this route you might consider just 
>running Xen directly?  Especially if you are putting this in your 
>closet/basement?
>
>There is another issue however, aside from just giving dom0 network 
>access, and that's the LUKS password.  If you needed to reboot the 
>machine entirely from remote, you'd be stuck if you had LUKS encryption 
>on the disk with no way to enter it remotely.
>
>Unless you do what I did, and hook up a Raspberry Pi to the serial 
>console of my machine, and update the kernel boot line in grub to use 
>the serial console (Note: This REQUIRES you to use the serial console to 
>enter the LUKS password, you lose the ability to enter it from your 
>keyboard locally).
>
>Stating the obvious, if someone gets access to the Raspberry Pi I'd be 
>in a bit of trouble, though as long as I remember to log out of the 
>shell at the serial console on the Pi, someone compromising that machine 
>does not immediately give them access to the Qubes box, they would have 
>to guess my password or wait for me to log back in and enter it if I 
>didn't know they were there and they could capture it.  I run OSSEC on 
>this PI to help combat that issue.
>
>Also considering defense in depth, I can only access that Raspberry Pi 
>via VPN, I do NOT expose it directly to the internet, it also sits on 
>it's own VLAN which I leave isolated, so when I do have to do remote 
>administration I first have to grant access to that VLAN from my router 
>console.
>
>So at the end of the day, less secure? Yes.  Added convenience? Yes. 
>Added complexity? Yes...
>
>You can draw the line wherever you want :)
>
>Ed
>

Thanks for the detailed answer.  I may consider a straight up xen hypervisor 
host for those reasons.  Physical compromise is unlikely.  I have no 
neighbors...at least none who would care to hack my computer system.  The only 
one even remotely capable is a trusted friend...who I would call to physically 
touch something if needed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180430085825.420cd021%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Dell Inspiron 13 5387 - Qubes 4.0

2018-04-30 Thread donoban

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 04/30/18 14:20, NaBaCo wrote:
> 1. I'm unable to start HVM from ISO's. They all crash while
> loading.

Check 'qvm-prefs VM', kernel should be empty.


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlrnEG8ACgkQFBMQ2OPt
CKUuCw/+OcCLUJ7V0m3zwmLhsYqXBroy0EltYXG0FyJ+JwWSTcz4Q+QjaUavwK3w
5IUnnR90v54HOj0Aakje1VVXcmxZdMVmAIXismD+xKYKjWkuqeSQ2XczcTtoGZLF
3wGReX8YYlfHtZ+pTpYBVBnFL2hXlw/+c+C6twehgr9HUIH6LgmpPOX8aJgD9Ifg
0LMUS+/lrtr4OrXdemNsuIzg+QJInsWnUeKR994qmvIzMEkqQHLnnLnRSJ9a3bKc
yZ3FkgBBpSK4AKX6tKLUuDO47/OsYRqgxJF8zkws9RvGFeMTb9vkBQCKYyvhHMuF
5y3U1buRhcQfEcG9t0efATtAdFL2JMUdvh9rnnQMunywBWA4SV4u/hMbVipq/QnM
xBL+uzn1oIjskjB8aoQlqiy5ZrXjtBNoneGi1Coem/adl59pWZ4fLIdLoI6o0BmZ
lKcnJPh0As2BuLgGoRbILQI3+Cs3KAd+qOfLu5nAan46RK2wo5zk2dbZdtHZKU9b
Ku69/RCVhu0gb/4O7tDdXHAKrLIkbfDNcp1eSpKVZZRbmw1M9oiAAdIMf03n9LHk
6Bn/WMDJnE418AEB8HCo3Gv2/GEB/e6glNpQgiThQRg29q9vifw2neuQWIJsid75
lhf13y+ZP1N72ul2q8GIIkxxpJoP7WW6ZR3vvc3tT0v9UD4H4VI=
=l8nR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10c6be00-36ad-f0bd-bd36-af01606afdea%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-30 Thread velcro

Here are my notes/instructions I made based on yours, I drag and drop some 
files into terminal(vs purely command lines):

Using qTunnel:

For Debian proxy, add OpenVPN package to your VPN template:
su
apt-get update && apt-get install openvpn unzip

Download and transfer file to template
https://github.com/tasket/qubes-tunnel.git

cd “Then drag downloaded file into terminal from tasket”
sudo bash ./install

Create proxy AppVM using VPN template: sys-VPN
Colour: Green
Provides Network  Checked
connect to sys-net
Launch settings  - Checked

Settings:
Add files and Terminal to Applications
Add “qubes-tunnel-openvpn” to services

Move VPN config files to new proxy AppVM

Open proxy AppVM terminal:
sudo mkdir /rw/config/qtunnel

sudo /usr/lib/qubes/qtunnel-setup --config

Enter VPN name and password

sudo mv “Then highlight the .pem, .crt and config file (renamed to 
“openvpn-client.ovpn)” /rw/config/qtunnel

Optional - Change config DNS:
setenv tunnel_dns '208.67.222.222 208.67.220.220'

cd /rw/config/qtunnel
sudo ln -s xx.ovpn qtunnel.conf
(xx is the VPN client config)

Restart AppVM...look for “Links is up” pop-up

https://github.com/tasket/qubes-tunnel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/81279605-3256-4e42-a2c4-c62337fcfdf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Dell Inspiron 13 5387 - Qubes 4.0

2018-04-30 Thread NaBaCo

Installation worked well, with only EFI post-installation boot problem
that was solved with this fix:

https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing

Main points:
1. I'm unable to start HVM from ISO's. They all crash while loading.

2. Since the touch screen is on the same USB controller as all the other
USB ports, it's locked inside sys-usb, meaning it's unusable. I'm not
willing to write a proxy, due to security considerations, so I'm
thinking to send the computer to Dell and ask them to reconnect it to a
separate controller.

3. I'm not using a TPM yet, but I know the laptop has such an option.

4. Suspend works very well, very fast. The only problem is post resume
screen locking, which I know is an X11 problem.

5. Hibernate doesn't work at all (when given a command there's either no
reaction or the screen locks), but I think this is done purposely on Qubes.

6. Microphone, camera, and USB pass-through to VMs works perfectly.

I had Qubes 3.2 before hand which also worked well. I had to apply the
same EFI fix after installation. At first the suspend didn't work,
freezing at resume, so I had to update the kernel (including updating it
in the BOOT folder, as written in the aforementioned fix) to fix it.

--
NaBaCo.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/pc71hg%24unf%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Qubes-HCL-Dell_Inc_-Inspiron_13_5378-20180430-105707.yml
Description: application/yaml

Re: [qubes-users] Re: Thinkpad T440s i7 and Qubes 4.0 compatibility

2018-04-30 Thread Fernando

On Sunday, April 29, 2018 at 10:26:44 AM UTC-3, Eivind K. Dovik wrote:
> On Sat, 28 Apr 2018, john wrote:
> 
> > maybe, I am missing something, did you try installing 4.0  in legacy mode?
> >
> > it seems with the older thinkpads this is the way to avoid the dreaded 
> > black 
> > screen EFI thing.
> >
> I tried installing Qubes 4.0 in legacy mode at first. I was presented with 
> the legacy-installer, and after hitting "Return" the screen went black. 
> UEFI-installer worked like charm, but booting after install did not (stuck 
> in boot-loop, no grub-menu).
> 
> 
> Eivind
> 
> 
> >
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to qubes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to qubes-users@googlegroups.com.
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/qubes-users/0243fee9-9cff-8919-629a-5ba035fdd234%40riseup.net.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >

I'm using a Thinkpad w530 and I had to play a little bit with BIOS settings, 
since virtualization does not play well with graphic card.

So I had to enable virtualization in BIOS (it's disabled by default) and then 
use integrated graphics (if no external monitor is connected) or optimus (if I 
have a external monitor).

After finding the right combination of these settings, I could boot without 
issues.

Hope this helps.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ca276cb-1dc6-49a6-91ed-aa08bbd719f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-30 Thread velcro

Adding this to my config:
setenv tunnel_dns '208.67.222.222 208.67.220.220' 

instead of:
setenv vpn_dns '208.67.222.222 208.67.220.220'

worked. 

Both http://welcome.opendns.com/ and https://www.dnsleaktest.com/ show that 
OpenDNS are being used.


I am more then happy to help test, I was planning to make the shift but my DNS 
wasn't working...all good now. Thanks for the help...

I'll move my sys-VPNs to this new project...I was just reluctant to make the 
move as my DNS was not showing correct. All good now!

Thanks again...if anything comes up I'll report back. If you want me to try 
something more then happy to help...

Thx




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bba2bdb-0253-4283-9be4-d8ce097e261a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Doc page 404 not found.



On 04/30/2018 02:27 PM, cooloutac wrote:
> Can't load the Qubes documentation page on website.

(posted in another thread):

https://github.com/QubesOS/qubes-issues/issues/3870

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bff3c135-96e6-cd12-a7ff-42cb31efcce3%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Doc page 404 not found.

Can't load the Qubes documentation page on website.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c758eadd-1a0d-44b9-8e2c-70f4897b3f9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dvm is not starting from command line, starts normal AppVM

On Friday, April 27, 2018 at 3:39:58 AM UTC-4, qube...@tutanota.com wrote:
> hi, I try to start firefox in my deb-dvm-net from command line with alt+f2
> 
> qvm-run deb-dvm-net firefox
> 
> It starts a normal AppVM deb-dvm-net instead of dvm. 
> 
> If I but start the firefox directly from Start - Disposable: deb-dvm-net - 
> firefox, it starts the dvm normally like for example disp2441. 
> 
> Is the dvm disabled in konsole? Also I cant start konsole in dvm. The console 
> window blinks and disapears.
> 
> Thank you!

Ya i'm having same problem also with gnome terminal in default fedora dvm.  It 
doesn't start.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8cb94042-d2c5-4bd0-98fd-2e0d3232b35c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4 boot ISO

On Sunday, April 29, 2018 at 8:11:28 PM UTC-4, Drew White wrote:
> On Sunday, 29 April 2018 01:50:22 UTC+10, awokd  wrote:
> > On Sat, April 28, 2018 2:24 am, Drew White wrote:
> > > On Saturday, 28 April 2018 02:07:21 UTC+10, awokd  wrote:
> > >
> > >> On Fri, April 27, 2018 6:40 am, Drew White wrote:
> > >>
> > >>> Still not working no matter what I do.
> > >>>
> > >>>
> > >>>
> > >>> Does anyone have any possible resolution to resolve this please?
> > >>>
> > >>
> > >> How are you making the boot device? If USB from Linux, a standard "cp
> > >> qubes.iso /dev/xvdj" (where xvdj is your USB device) should work. You
> > >> can also try switching to legacy boot mode.
> > >
> > > I burn it to DVD. It is an ISO after all.
> > > I always use Legacy Boot mode.
> > 
> > I had trouble burning to DVD at first because the image is large enough to
> > require dual-layer burner support. Ended up using Debian Stretch with
> > default software and a newer drive before I got a good burn. If you're
> > using some other tool, try Debian instead.
> 
> The Qubes 4 ISO fits on a normal DVD. So it's fine.
> The thing is it worked and booted in a Guest once.
> But wouldn't boot on the PC or using external HDD.
> 
> This is why I am unsure.
> 
> I have all the requirements filled, but it won't boot to it because of that 
> issue.

Are you sure its fine?  You can't even download the iso to a default qube its 
so big.4.7gb is the size of a normal dvd.  And thats the same space I 
needed to download the iso sucessfully.  Thats cutting it pretty close, you 
sure a bigger dvd wouldn't help? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c4b3d12-0bab-42f6-8d66-a595104f5345%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes

2018-04-30 Thread Chris Laprise

On 04/29/2018 10:14 PM, vel...@tutamail.com wrote:

I just tried this version in 4.0 in the template. Some notes feedback:

1) When I tried changing the DNS to OpenDNS in my config file:
setenv vpn_dns '208.67.222.222 208.67.220.220'

I then went to:
http://welcome.opendns.com/

It failed and informed me I was not using OpenDNS.

Using debian 9, link indicates "Link is up", I get internet connection,
https://www.dnsleaktest.com/ indicates my VPNs IP(despite "setenv vpn_dns '208.67.222.222
208.67.220.220'" in my vpn configuration) when I use this configuration...

Its working when I try it. On dnsleaktest.com, your VPN provider IP
should always appear on the first page. Then when you click on a test
button it should show "OpenDNS, LLC" in the ISP column. The OpenDNS
addresses will also show up in the log alongside "Using DNS servers...".

The problem is you're mixing instructions from the two different
projects. This thread is for testing qubes-tunnel but you said you were
using Qubes-vpn-support (...but said you were using qtunnel* commands
which belong to qubes-tunnel and are not correct for Qubes-vpn-support).

If using 'qubes-tunnel-openvpn' service for your VPN VM, your configs
should reside in /rw/config/qtunnel and the setenv line that you add
will be:

setenv tunnel_dns '208.67.222.222 208.67.220.220'

It would be nice, however, if you made the switch to qubes-tunnel to
give us some testing feedback. :)

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c5f727a8-f577-5a1e-0b64-9fc9df47202f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 4.0 not updating dom0 nor fedora?

2018-04-30 Thread NaBaCo

On 04/16/18 16:35, cooloutac wrote:
> On Sunday, April 15, 2018 at 8:34:52 PM UTC-4, Stumpy wrote:
>> One small caveat, whonix-ws updated, everything else says there are no 
>> updates? While this is possible I am thinking its unlikely?
>> I tried to update dom0 from the terminal
>>   sudo qubes-dom0-update
>> and got
>>   /usr/lib/qubes/qubes-rpc-multiplexer: 14: 
>> /etc/profile.d/20_power_savings_disable_in_vms.sh shopt: not found
>>  /usr/lib/qubes/qubes-rpc-multiplexer: 14: 
>> /etc/profile.d/20_power_savings_disable_in_vms.sh shopt: not found
>>  No new updates available
>>  No updates available
>> For what its worth, none of them, not even whonix-ws would update until 
>> I set whonix-gw as the NetVMs, even though I had selected the option for 
>> appvms to update via tor.
>> I did open a terminal for each template and managed to do updates using 
>> apt-get for debian and whonix but not for fedora nor dom0, and not via 
>> the qubes manager "update qube" option
>> For fedora it gave the error
>>  Error: Failed to synchronize cache for repo qubes-vm-r4.0-current
>> Thoughts?
> 
> I get the same errors when updating dom0.  I think its a known issue.  I hope 
> lol.
> 
> For the fedora error,  when using whonix as updatevm you have to go into the 
> qubes-r4.repo file in /etc/yum.repos.d directory of the fedora template and 
> change everything from http to https.  
> 

I solved this, as described in the following link:

https://www.reddit.com/r/Qubes/comments/88d5hs/fresh_install_of_qubes_40_issues_and_solutions/dx4hlng

Good luck!
--
NaBaCo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/pc6oca%24tda%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help understanding qubes networking

On Mon, April 30, 2018 8:16 am, awokd wrote:
> On Mon, April 30, 2018 7:19 am, Ivan Mitev wrote:
>
>> Hi !
>>
>>
>>
>> On 04/30/2018 09:48 AM, [799] wrote:
>>
>
>>> I looked at the Qubes OS networking doc located at
>>> https://www.qubes-os.org/doc/networking/ but it seems that the side is
>>>  gone. -> 404 not found
>
> This seems to be a bigger issue than just that document, I'm getting 404
> on all of the ones I'm trying at https://www.qubes-os.org/doc/. I'll submit
> an issue if there isn't one already out there.

https://github.com/QubesOS/qubes-issues/issues/3870

Github issue. Per Marek: "Looks like git submodules are not fetched.
Github support says they are working on resolving this, but no ETA yet."



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9cb557aaffd17fd19c43573f4c210fb2.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help understanding qubes networking

On Mon, April 30, 2018 7:19 am, Ivan Mitev wrote:
> Hi !
>
>
> On 04/30/2018 09:48 AM, [799] wrote:

>> I looked at the Qubes OS networking doc located at
>> https://www.qubes-os.org/doc/networking/ but it seems that the side is
>> gone. -> 404 not found

This seems to be a bigger issue than just that document, I'm getting 404
on all of the ones I'm trying at https://www.qubes-os.org/doc/. I'll
submit an issue if there isn't one already out there.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/898bfe9c8e555492a7489a4b670fd296.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Domains.py Widget Seems Wedged

2018-04-30 Thread NaBaCo

On 03/30/18 13:01, William Bormann wrote:
> 
> I'm seeing an oddity with this widget.  At random, some VMs show the update 
> indicator as continuously spinning.  It appears to show a VM always starting, 
> but qvm-ls in dom0 shows the VM as started.  In a nutshell, the widget seems 
> to be unsure of the VM's state.
> 
> Anyone else seeing this?  Is there a workaround/fix I can try?
> 
> Oh, I am running Qubes 4.0.
> 
> Bill Bormann
> 

I'm confirming this bug. I'm also running Q4.0. It seems to me the
widget thinks at times that the VM is stuck, showing an endless
"loading" circle, and showing the logs and kill buttons, instead of the
shutdown button.

--
NaBaCo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/pc6ird%24ctf%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing the boot loader to /dev/sda6 instead of /dev/sda

On Sun, April 29, 2018 12:04 pm, shiroik...@gmail.com wrote:
> Is there a way to specify that the boot loader will be installed to a
> partition, i.e. /dev/sda6 instead of to /dev/sda during Qubes 4.0
> install? I couldn't figure it out in the install menu, the only thing I
> can select is not to install the boot loader to /dev/sda—which would be
> fine, if I can then do it later.

I think you are talking about manual partitioning here? That's the only
way I know too.

Modifying your steps a bit might make it easier:

— install Qubes to sda6 without the boot loader
— boot your primary Linux OS (the one that originally set up GRUB on your
HDD)
— run grub-mkconfig and/or edit grub.cfg manually to add entry for Qubes
— then Qubes should be bootable from sda6 via chainloading


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/560a00d9c670611f945076f274caa5af.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing the boot loader to /dev/sda6 instead of /dev/sda

On Sun, April 29, 2018 12:04 pm, shiroik...@gmail.com wrote:
> Is there a way to specify that the boot loader will be installed to a
> partition, i.e. /dev/sda6 instead of to /dev/sda during Qubes 4.0
> install? I couldn't figure it out in the install menu, the only thing I
> can select is not to install the boot loader to /dev/sda—which would be
> fine, if I can then do it later.

I think you're talking about the manual partitioning step here? That's the
only way I know how too.

Modifying your steps a bit might make it easier:

 — install Qubes to sda6 without the boot loader
 — boot from your primary existing Linux install
 — run grub-mkconfig and/or edit grub.cfg manually to add an entry for Qubes
 — then Qubes should be bootable from sda6 via chainloading



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/81d8b69f75b5d2f4322efa2d09009b05.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4 boot ISO

On Mon, April 30, 2018 6:04 am, Drew White wrote:

> You can, but I'm using a DVD, not a USB that takes the ISO and writes it
> to USB. Even if I did that I would still have the same issue if it isn't
> even booting from an ISO OR a DVD. There is a lot more than just burning
> it that is causing any issue. It's the ISO/DVD itself from Qubes that has
> an issue.
>
> Nothing my end, just the Qubes ISO from Qubes.

I don't think that conclusion is warranted yet, or there would be a lot
more reports of that ldlinux.c32 error. I used the DVD to install my
systems and it worked fine in both UEFI and legacy once I got a
good/verified burn. Things to try to narrow down the problem:

- boot the DVD in UEFI mode
- try the DVD on a different system
- use a USB drive instead
- since Qubes mostly uses the Fedora installer, try a web search for
"Fedora ldlinux.c32". When I tried it, the second hit was to a page about
problems created with a certain burning tool, thus my earlier suggestion
to use the one built in to Debian.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef6b639e063b916bdc27efa5a4062b1e.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help understanding qubes networking

Hi !

On 04/30/2018 09:48 AM, [799] wrote:
> Hello,
> 
> I'm trying to understand where I can tweak my network configuration in a 
> fedora-26-min based AppVM.
> As far as I understand networking for eth0 is currently configured by DHCP 
> from the sys-firewall AppVM.
> 
> I am trying to understand how networking is configured.
> 
> Nomally I would expect to find the IP-configuration for eth0 in 
> /etc/sysconfig/network-scripts but there is only an ifcfg-lo not an 
> ifcfg-eth0.
> Nameservers are set as usual in /etc/resolv.conf.
> 
> I assume that there are qubes specific script involved?
> Can someone explain?

- when the XEN network interface appears, /usr/lib/qubes/setup-ip
 script is run by udev (see /etc/udev/rules.d/99-qubes-network.rules)

- /usr/lib/qubes/setup-ip gets the VM's definitions from dom0 with
`qubesdb-read /blah` and sets the network accordingly



> I would like to know how networking is setup and how I can change my 
> configuration (likely on sys-firewall) so that I can decide which AppVM gets 
> which IP-address.

you can change a VM's network prefs with `qvm-prefs vmname ip`,
`qvm-prefs vmname gateway`, ...; I see there's a bunch of `visible_...`
network prefs, no idea how those works nor nor how they're generated).



> I looked at the Qubes OS networking doc located at 
> https://www.qubes-os.org/doc/networking/ but it seems that the side is gone.
> -> 404 not found
> 
>  [799]
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ce32708-af63-c0c4-d27b-741637f3950e%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: QUBES 4.0 | Installation issue: [Dom0] Qubes OS Setup, Configuring TemplateVM fedora-26 freezed