[qubes-users] has google- chrome slowed down for anyone else?
after the last dom0 update (and, i think a chrome one) chrome has been really slow, to the point where some sites just freeze up for a bit, though the browser still takes input so you can keep typing and just wait for it to catch up. firefox seems fine, but the sites that need chrome are the heavy js ones. dont know what dom0 would have to do with it, just noticed that at the same time. maybe an input / refresh thing? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d549aec6-b5b9-47dc-86c1-a7aa66edcddb%40googlegroups.com.
[qubes-users] Re: redshift or brightness control?
On 12/11/19 6:58 AM, shroobi wrote: >> On 12/9/19 9:33 PM, beppo wrote: >>> Am 10.12.19 um 08:09 schrieb rec wins: hello, is there a way to install and use redshift or any brightness control for dom0, which I assume is where the package would have to go >>> >>> That's right, you have to install it to dom0 (on your own risk). Just run >>> $ sudo qubes-dom0-update redshift >>> in dom0. (add also redshift-gtk for gtk-support. >>> >> >> I was under the impression , esp since dom0 is Fedora 25 to "never >> install anything" in dom0 but OK, >> >> is/are there any other helpful utilities people install in dom0 that are >> "safe" >> > > I second redshift. I also like having a graphical text editor. > > It's true that Qubes warns against adding packages to dom0, but the choice is > yours. I > rarely install anything to dom0, but when I do I only choose well-known > packages with few > or no dependencies. > so $sudo dnf install redshift-gtk ? seems to not be the package name , hmm -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82f231c1-98fb-325e-2d93-87991d1d7fb5%40riseup.net.
[qubes-users] Re: X Startup Failed
I have not been given a chance to replied to anyone on here so im going to attempt to do it right, I have tired to do the install the same way I had it before, it worked perfectly with 2 DGPUs both NVIDIA very surprising but no problems at all, I would take a USB then install it to internal drives. But now with the DGPUs both removed it wont install past the X start up failed. Graphical installer says X startup failed and then the GUI start up says critical unknown error with a very long log, I could try and get logs ported over if it comes down to it, but I would almost just buy another Dgpu if its the integrated inlet GPU thats not supported but I don't know how to verify that if its supported or not. I really dont need a DGPU so if its possible to get intel dedicated to work this would be very optimal for me UEFI mode leaves a bunch of scrambled white writing on a black screen instantly on boot, even with Dgpus installed it never worked, legacy is only mode this is a old school alienware 18 inch, im guessing that is why. 'nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off' seems to be a work around for other people who seemed to have the same problem i sort of understand what it does i just need to apply it in different ways then i was trying, i think. One of the main things i do not understand is why qubes would work with my DGPUs but I never applied them to any VM, from my knowledge everything i thought was ran off the Intel GPU, maybe the DGPUs were applied in the back ground but they seemed to sit in the PCI sandbox. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/412b9495-4208-4f08-94ea-b1ac231ae71a%40googlegroups.com.
[qubes-users] Re: X Startup Failed
I have not been given a chance to replied to anyone on here so im going to attempt to do it right, I have tired to do the install the same way I had it before, it worked perfectly with 2 DGPUs both NVIDIA very surprising but no problems at all, I would take a USB then install it to internal drives. But now with the DGPUs both removed it wont install past the X start up failed. Graphical installer says X startup failed and then the GUI start up says critical unknown error with a very long log, I could try and get logs ported over if it comes down to it, but I would almost just buy another Dgpu if its the integrated inlet GPU thats not supported but I don't know how to verify that if its supported or not. I really dont need a DGPU so if its possible to get intel dedicated to work this would be very optimal for me UEFI mode leaves a bunch of scrambled white writing on a black screen instantly on boot, even with Dgpus installed it never worked, legacy is only mode this is a old school alienware 18 inch, im guessing that is why. 'nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off' seems to be a work around for other people who seemed to have the same problem i sort of understand what it does i just need to apply it in different ways then i was trying, i think. One of the main things i do not understand is why qubes would work with my DGPUs but I never applied them to any VM, from my knowledge everything i thought was ran off the Intel GPU, maybe the DGPUs were applied in the back ground but they seemed to sit in the PCI sandbox. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/944a9b1b-1e51-4c18-be8b-2bdf19a1a2f3%40googlegroups.com.
Re: [qubes-users] X Startup Failed
Master Node: My 3rd post on this forum seems like the only person who offers to pay some one over and over and yet one of the few that doesnt even get a response back, this is getting depressing. I thought I replied to this thread but it appears I didn't. I must have dreamt it. Anyway, there are a lot of variables here. Is it failing during the installation itself, or only when you boot into the installed system? I'm assuming it has a nvidia dGPU and an Intel integrated GPU? Or does it actually have two dGPUs crossfired together or something like that? Did you have the one GPU replaced with a new one of the exact same model? Nvidia cards tend to be problematic in Qubes to begin with. If you're trying to use two of them, you're probably asking for trouble. Just saying. What GPUs do you have? Preferably you can generate an HCL report which will contain that info as well. https://www.qubes-os.org/doc/hcl/ What Qubes version did it work in originally, and what version did you reinstall with this time? Did you try the original version again to verify it still works, after replacing the GPU? I'm assuming you tried UEFI mode too? UEFI mode is preferred if you can get it to work. Try adding "nomodeset" to kernel options. I'm not sure what nouveau.modeset=0 does. I think nomodeset prevents graphics drivers from being loaded at all. Worth a try. It fixed a amdgpu issue for me in 4.0.2. What happens when you boot the failsafe option? - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aab43074-50ef-c49e-39e2-7c76f220dadd%40vfemail.net.
Re: [qubes-users] unsupported hardware detected with the installation of qubes 4.0.1, and 4.0.2-rc2
Steve Coleman: On 2019-12-10 10:26, rickey wrote: Good morning Everyone, I have installed previously Qubes 3.2.1 on a Dell small form factor desktop pc, and lenovo x120e, and I was able to use them. When I tried to install the Qubes versions mentioned above on the same hardware, it is showing the message into the attached screenshot. If I proceed despite it, I cannot finish the installation of the thinkpad, and Dell's doesn't allow Tor to start. You have two separate problems here apparently, and not really enough detail for us to go by to help much. - For the Lenovo x120e I would start by checking your BIOS version to see if you are up to date. You can find that information here: https://pcsupport.lenovo.com/si/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x120e/downloads/driver-list/component?name=BIOS%2FUEFI If you are not up to date then download the bootable CD version, reflash your bios to the latest and try again. You also may have to play with the UEFI settings to be able to continue the installation, if its rebooting that isn't working. You have not told us what error you are getting or where in the install process it stops working. There are no x120e's in the HCL list yet but somebody might have some experience with something similar. - For the Dell, we don't even know what system model you have yet. Are you talking about the whonix system for Tor? Have the whonix service VM's been started? What VM logs are available? We need more information in order to be able to help. Note: Since you have two separate system problems I would suggest splitting this email thread into two separate threads so the people familiar with each kind of system can focus better on that particular issue. We will try to help if we can. Just wanted to add, please include an HCL report for each machine. It contains information which helps us troubleshoot your specific hardware. It also helps the Qubes developers improve compatibility. https://www.qubes-os.org/doc/hcl/ Also, where is the original message? My mailbox and even mail-archive.com is showing Steve Coleman's message as the root of a thread, even though it is prefixed with "Re:" and contains quoted text. This isn't the first time I've seen this happen. Am I missing something? https://www.mail-archive.com/qubes-users@googlegroups.com/msg31376.html As a result I can't see the aforementioned screenshot... - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cce74fdf-6b78-57d9-a654-0e3bf2ad4e29%40vfemail.net.
[qubes-users] X Startup Failed
My 3rd post on this forum seems like the only person who offers to pay some one over and over and yet one of the few that doesnt even get a response back, this is getting depressing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77881c53-e9fd-4693-9a60-da3177335bdc%40googlegroups.com.
Re: [qubes-users] Re: redshift or brightness control?
> On 12/9/19 9:33 PM, beppo wrote: > > Am 10.12.19 um 08:09 schrieb rec wins: > >> hello, is there a way to install and use redshift or any brightness > >> control for dom0, which I assume is where the package would have to go > > > > That's right, you have to install it to dom0 (on your own risk). Just run > > $ sudo qubes-dom0-update redshift > > in dom0. (add also redshift-gtk for gtk-support. > > > > I was under the impression , esp since dom0 is Fedora 25 to "never > install anything" in dom0 but OK, > > is/are there any other helpful utilities people install in dom0 that are > "safe" > I second redshift. I also like having a graphical text editor. It's true that Qubes warns against adding packages to dom0, but the choice is yours. I rarely install anything to dom0, but when I do I only choose well-known packages with few or no dependencies. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47Y36f3HjDz6tmM%40submission01.posteo.de.
[qubes-users] QSB #55: Issues with PV type change and handling IOMMU on AMD (XSA-310, XSA-311)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #055: Issues with PV type change and handling IOMMU on AMD (XSA-310, XSA-311). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #055 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-055-2019.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ View the Xen Security Advisory (XSA) Tracker: https://www.qubes-os.org/security/xsa/ ``` ---===[ Qubes Security Bulletin #55 ]===--- 2019-12-11 Issues with PV type change and handling IOMMU on AMD (XSA-310, XSA-311) Summary On 2019-12-11, the Xen Security Team published the following Xen Security Advisories (XSAs): XSA-310 (CVE-2019-19580) [1] Further issues with restartable PV type change operations: | XSA-299 addressed several critical issues in restartable PV type | change operations. Despite extensive testing and auditing, some | corner cases were missed. | | A malicious PV guest administrator may be able to escalate their | privilege to that of the host. XSA-311 (CVE-2019-19577) [2] Bugs in dynamic height handling for AMD IOMMU pagetables: | When running on AMD systems with an IOMMU, Xen attempted to | dynamically adapt the number of levels of pagetables (the pagetable | height) in the IOMMU according to the guest's address space size. The | code to select and update the height had several bugs. | | Notably, the update was done without taking a lock which is necessary | for safe operation. | | A malicious guest administrator can cause Xen to access data | structures while they are being modified, causing Xen to crash. | Privilege escalation is thought to be very difficult but cannot be | ruled out. | | Additionally, there is a potential memory leak of 4kb per guest boot, | under memory pressure. Impact === XSA-310 applies only to PV domains. Most of the domains in Qubes 4.0 are PVH or HVM domains and are therefore not affected by XSA-310. However, PV domains are still supported in Qubes 4.0, and they are specifically used to host Qemu-instance-supporting HVM domains. In the default Qubes 4.0 setup, several attacks would have to be chained together in order to exploit this vulnerability. Specifically, an attacker would have to: 1. Take control of an HVM domain, e.g., sys-usb, sys-net, or a user-created HVM domain. (Most user domains are PVH and are therefore not affected.) 2. Successfully attack a Qemu instance running in an associated PV stubdomain. 3. Finally, find some way to exploit the vulnerability described in XSA-310. Moreover, since this vulnerability is a race condition, it is an unreliable attack vector in real world scenarios. XSA-311 affects only systems running on AMD hardware and also is thought to be very hard to exploit. But since it can't be ruled out completely, we recommend applying updates nevertheless. Patching = The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes 4.0: - Xen packages, version 4.8.5-14 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits See the original Xen Security Advisory. References === [1] https://xenbits.xen.org/xsa/advisory-310.html [2] https://xenbits.xen.org/xsa/advisory-311.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl3w9qAACgkQ24/THMrX 1ywNmgf+ModX2TIC5BNbPXNRjXQAFGByj21sTdmKlj3mo5Q1zus00gvEYvwWUvRA ob8Sb1DuaHZhM4x3Ea2FjSqYA+GszDctj9dY5VWrlecd1tsmTijlHPo2x1FpIyWm Qf24697gel0TDb+51JFCXrqZYye3Bj4mL4tEplDZRmH8fw9J94zPQROztnzi9mmF ownqn40LMEiTBg0WaV7k3ymnLPRX3rLZGS1oG//ESouL7Mz8Id/vjpsWyrBX8P3A TyisLzrblA1/9+bSGEUaP4jq5Uf98Eb+GKkXX6yjD8CT+kO7ez02AL+PzmxK7YmT G67PD1wDDcFFFr/+AeoHkjgjYdyghQ== =erlC -END PGP SIGNATURE--
Re: [qubes-users] sys-net keeps dying
tetrahedra via qubes-users: > However, when I try to configure sys-firewall to use sys-net2 instead of > sys-net for networking, I get the error: > ERROR Basic tab: Failed to access 'netvm' property This should work, but make sure sys-firewall is shutdown before attempting to change. If it still isn't, try changing with qvm-prefs sys-firewall. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d73b003e-622b-a722-9a7a-5ee7b87f3988%40danwin1210.me.