Re: [qubes-users] Accurate time in AppVM
On 2018-09-19 07:36, Ivan Mitev wrote: > On 9/19/18 9:22 AM, Gaijin wrote: >> On 2018-09-19 05:22, Ivan Mitev wrote: >>> On 9/19/18 5:17 AM, Gaijin wrote: Running Qubes R3.2 I have some software that I run in an AppVM that needs to be accurate to within a second or two of NTP server time in order to work. I have finally figured out how to get my ClockVM to sync to an NTP server and for timesyncd.service to run when sys-net boots. My problem is that my AppVM slowly loses several seconds after some time, and I can't figure out a way to manually or automatically force it to resync itself. >>> >>> I don't have a R3.2 to test, but if it's like R4 your VM has a systemd >>> timer that updates the time every 6 hours [1]. In that case you could: >>> - change the definition of the timer so that it's run more frequently >>> - disable the timer and run a ntp client ; that'll be the best solution >>> if your software is very time sensitive, but it increases the attack >>> surface because of the ntp client. >>> >>> >>> [1] >>> https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md >> >> How might I adjust the schedule of qubes-sync-time.timer in the AppVM if >> that is available in R3.2? That looks like a safer way to proceed if >> possible. > > Provided that R3.2 time sync mechanism is the same as R4, you could > paste the following text into /etc/systemd/system/qubes-sync-time.timer: > > [Timer] > OnUnitActiveSec=10min > > > Doing so allows you to override stuff from > /usr/lib/systemd/system/qubes-sync-time.timer and preverve your changes > in case the original unit file is updated. > > Then reload the definitions with `sudo systemctl daemon-reload` > > You can see the timer's status with `systemctl list-timers` > > If you want those changes to stick after a reboot, apply them in the > TemplateVM you're using for your AppVM; alternatively you could add the > new file to your AppVM's /rw/config and issue commands in the rc.local > script there (copy the file + reload systemd). Looks like this would be easier in R4. The 3.2 doesn't have the qubes-sync-time.timer or perhaps it's named something else. Would anyone know which file might control this in 3.2? Or is there a way to make a systemd timer in an AppVM to force Qubes to resync with the NTP server? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/619a68c891926551f489ec415d62e7c7%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] BT adapter with Qubes OS 4.0
gdru...@gmail.com: > Hi, > > I'm trying to look for a USB bluetooth adapter. > > Why qvm-usb doesn't list available USB devices ? > > [user@dom0 ~]$ qvm-usb > BACKEND:DEVID DESCRIPTION USED BY > [user@dom0 ~]$ > > %<--- > > [user@dom0 ~]$ lsusb > Bus 002 Device 002: ID 0bc2:61b6 Seagate RSS LLC > Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub > Bus 001 Device 005: ID 046d:c52b Logitech, Inc. Unifying Receiver > Bus 001 Device 004: ID 046d:c52b Logitech, Inc. Unifying Receiver > Bus 001 Device 002: ID 050d:065a Belkin Components F8T065BF Mini Bluetooth > 4.0 Adapter <- > Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub I'm assuming you haven't set up a USB qube because you're using that logitech receiver for keyboard & mouse. However, from the two busses listed in lsusb, you may have two separate USB controllers. Check with lspci. If you do, you can set up a USB qube per https://www.qubes-os.org/doc/usb/#creating-and-using-a-usb-qube and assign one of your two controllers to it (the one with the Seagate device, assuming Qubes isn't on it). Then you should be able to plug your Bluetooth adapter in that controller. You may still have trouble with qvm-usb seeing it, but there are a couple other options at that point. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e1c3e0a-e17b-69f5-effe-8857329f17e9%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Networking Disabled Error
'B Hayse' via qubes-users: > > Can anyone help me? Need help enabling networking Like the error says, have you gone to the Basic tab and set the Networking drop-down to something other than (none)? You probably want sys-firewall. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88623ef7-d95b-9eec-caf3-b441c2f87e00%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Whonix 14 upgraded - only a couple of mis-steps
Dave: > quick question... > Are appVMs managed with QVM, Yes, try typing qvm-[TAB] in dom0 for a list of commands, or you can use the Qube Menu/System Tools/Qube Manager. > and templateVMs managed with DNF packages? No, you'd normally use the qvm commands/gui to manage these as well. DNF packages come into play if you want to customize or update a Fedora template (and APT for Debian, etc.). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05908170-842e-e83a-f7a9-9ccfed8be6bb%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: dom0 uses 105%+ of cpu
Holger Levsen: > On Tue, Sep 18, 2018 at 03:11:10PM -0700, Guy Frank wrote: >> Could someone clue me in on whether it's unusual for dom0 to be perpetually >> running the processor at at least 105% all the time according to xentop? > > 13% here, when not displaying anything else on the screen. 27% when > playing music... > > (with 3.2) Dom0's around 10% on my 4.0. 105% seems high. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92f0037d-8036-ac09-4899-7046fbde003c%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] BT adapter with Qubes OS 4.0
Hi, I'm trying to look for a USB bluetooth adapter. Why qvm-usb doesn't list available USB devices ? [user@dom0 ~]$ qvm-usb BACKEND:DEVID DESCRIPTION USED BY [user@dom0 ~]$ %<--- [user@dom0 ~]$ lsusb Bus 002 Device 002: ID 0bc2:61b6 Seagate RSS LLC Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 005: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 001 Device 004: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 001 Device 002: ID 050d:065a Belkin Components F8T065BF Mini Bluetooth 4.0 Adapter <- Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Any help and advice would be greatly appreciated. Best regards. GD Rub -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a10ce9c5-6267-4a9e-8d3c-eac2a8e6428e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Possible to lock the screen without turning off the display(s)?
Hi, is there a way to "lock" the keyboard and mouse as is the effect of turning on the "screensaver" function - but without actually loosing sight of what is going on on the screen? Just force the use of password in order to continue doing something. The "xtrlock" software does this, but not sure if I want to put that in dom0, for security reasons. There are many scenarios where it is very useful to lock without turning the screen off, for example during a self-going presentation while the presenter needs to shortly step out/go to the loo or other, while presenting/watching a video, screencast, and the presenter temporarily has the attention elsewhere, etc. etc. Regards, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOQTMaxNxx-vmwMmN3RzWthXwTC0uqZy9akAierQYoZpy819yg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix 14 upgraded - only a couple of mis-steps
quick question... Are appVMs managed with QVM, and templateVMs managed with DNF packages? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd897e7f-56f3-4ae2-bcdf-3f4c9a70f7df%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix 14 upgraded - only a couple of mis-steps
Success! but not without a few snags... Using Qube-Manager to remove templateVM resulted in: [Dom0] Error removing Qube! ERROR: Domain is in use: details in system log ran QVM-LS; verified Qube state halted found reference: https://github.com/QubesOS/qubes-issues/issues/3193 and followed instructions: I wasn't aware of the Default-Disposable-VM setting on the Advanced tab in Qube Mangager GUI The required commands are: qvm-prefs --set whonix-ws-dvm netvm "" qvm-prefs --set whonix-ws-dvm default_dispvm "" qvm-remove whonix-ws-dvm qvm-remove sys-whonix Took these actions: changed netVM's to "" in appVMs using sys-whonix changed templateVM in appVMs using whonix-** to other changed global-property-updatevm to another netVM Again attempted: sudo qvm-remove whonix-ws Now new err msg returned: ERROR: VM installed by package manager: whonix-ws but the correct command was: $ sudo dnf remove qubes-template-whonix-** REINSTALLATION ran much smoother using "The recommended approach is to use salt (wrapped by the command qubesctl in Qubes), as this one call automatically:" i/a/w https://www.whonix.org/wiki/Qubes/Install That ran without a hitch. Then UPDATE the new templates. sudo apt-get update (Whonix is Debian based, so dnf doesn't work) Now to push on and upgrade Fedora 26 to 28 (starting to get this too, Wolf moon) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d42a1232-e739-47ab-8112-3976ac94c1dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: kushal das told me to do it
On Tuesday, 18 September 2018 20:54:40 UTC+1, Wolf moon wrote: > Guys I was told the fedora 26 that came with my latest version of qubes 4.0 > is out of date so after a google search I found kushal das's page telling me > to open up dom 0 and enter sudo qubes-dom0-update qubes-template-fedora-28 > > https://kushaldas.in/posts/fedora-28-template-is-available-on-qubesos.html > > It ran and installed fine. > > The thing is..( as rick would say )..I still have fedora 26-dvm default > (sys-firewall) in my qubes manager and all my templates are still saying > fedora-26. > > Any ideas what and where I should go from here? > > Best, > > Wolf moon Followed the Docs, changed every template to the newly downloaded fedora 28 in qubes settings and the global settings then removed fedora 28 in dom0 after checking everthing first. Thank you. Starting to get my head around Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23b0b7c1-088c-4540-9b41-6b8764e64ecb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] kushal das told me to do it
On Tuesday, 18 September 2018 21:40:48 UTC+1, awokd wrote: > Wolf moon: > > Guys I was told the fedora 26 that came with my latest version of qubes 4.0 > > is out of date so after a google search I found kushal das's page telling > > me to open up dom 0 and enter sudo qubes-dom0-update > > qubes-template-fedora-28 > > > > https://kushaldas.in/posts/fedora-28-template-is-available-on-qubesos.html > > > > It ran and installed fine. > > > > The thing is..( as rick would say )..I still have fedora 26-dvm default > > (sys-firewall) in my qubes manager and all my templates are still saying > > fedora-26. > > > > Any ideas what and where I should go from here? > > > https://www.qubes-os.org/doc/templates/#how-to-switch-templates-40 > > You might want to check out some of the other docs available in > https://www.qubes-os.org/doc too. When I was new to Qubes they helped a > lot in figuring out what it could do. Thank you Awokd that is very helpful. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8aee767c-9650-4c23-b354-998da2b6eef2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accurate time in AppVM
On 9/19/18 9:22 AM, Gaijin wrote: > On 2018-09-19 05:22, Ivan Mitev wrote: >> On 9/19/18 5:17 AM, Gaijin wrote: >>> Running Qubes R3.2 >>> >>> I have some software that I run in an AppVM that needs to be accurate to >>> within a second or two of NTP server time in order to work. I have >>> finally figured out how to get my ClockVM to sync to an NTP server and >>> for timesyncd.service to run when sys-net boots. >>> >>> My problem is that my AppVM slowly loses several seconds after some >>> time, and I can't figure out a way to manually or automatically force it >>> to resync itself. >> >> I don't have a R3.2 to test, but if it's like R4 your VM has a systemd >> timer that updates the time every 6 hours [1]. In that case you could: >> - change the definition of the timer so that it's run more frequently >> - disable the timer and run a ntp client ; that'll be the best solution >> if your software is very time sensitive, but it increases the attack >> surface because of the ntp client. >> >> >> [1] >> https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md > > How might I adjust the schedule of qubes-sync-time.timer in the AppVM if > that is available in R3.2? That looks like a safer way to proceed if > possible. Provided that R3.2 time sync mechanism is the same as R4, you could paste the following text into /etc/systemd/system/qubes-sync-time.timer: [Timer] OnUnitActiveSec=10min Doing so allows you to override stuff from /usr/lib/systemd/system/qubes-sync-time.timer and preverve your changes in case the original unit file is updated. Then reload the definitions with `sudo systemctl daemon-reload` You can see the timer's status with `systemctl list-timers` If you want those changes to stick after a reboot, apply them in the TemplateVM you're using for your AppVM; alternatively you could add the new file to your AppVM's /rw/config and issue commands in the rc.local script there (copy the file + reload systemd). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49c3cd57-e802-7998-bba5-3c6bc2b8ec9a%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accurate time in AppVM
On 2018-09-19 05:22, Ivan Mitev wrote: > On 9/19/18 5:17 AM, Gaijin wrote: >> Running Qubes R3.2 >> >> I have some software that I run in an AppVM that needs to be accurate to >> within a second or two of NTP server time in order to work. I have >> finally figured out how to get my ClockVM to sync to an NTP server and >> for timesyncd.service to run when sys-net boots. >> >> My problem is that my AppVM slowly loses several seconds after some >> time, and I can't figure out a way to manually or automatically force it >> to resync itself. > > I don't have a R3.2 to test, but if it's like R4 your VM has a systemd > timer that updates the time every 6 hours [1]. In that case you could: > - change the definition of the timer so that it's run more frequently > - disable the timer and run a ntp client ; that'll be the best solution > if your software is very time sensitive, but it increases the attack > surface because of the ntp client. > > > [1] > https://github.com/Qubes-Community/Contents/blob/master/docs/system/clock-time.md How might I adjust the schedule of qubes-sync-time.timer in the AppVM if that is available in R3.2? That looks like a safer way to proceed if possible. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bcf9dbe3e29a10a858fabded0a371451%40riseup.net. For more options, visit https://groups.google.com/d/optout.
