Re: [qubes-users] Responding to the Whonix trolls...

[Achim Patzner]

On 20190303 at 13:15 -0600 Andrew David Wong wrote:
> https://www.qubes-os.org/code-of-conduct/

So what will you do to correct the fact of a member of the mailing list
labeling me as "nazi" and "Gestapo"?

I would like to see something else besides pointing towards the code of
conduct unless you want to prove that it is totally useless to protect
anyone and not worth the electrons used to store it.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22774d9baf4a409d51e0542c811977d517d26c62.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re[2]: [qubes-users] Responding to the Whonix trolls...

[Achim Patzner]

On 02.03.2019 03:21:14, "unman"  wrote:

I don't want a list that is banning people or excluding them. It's
regrettable that Whonix does so. In my experience, that rarely works
given the ready availability of new email addresses.


That's why I like mailing lists which require a sponsor to add you and 
which will hold said sponsor responsible for the behaviour of his 
invitees. If you bring in too many duds. you're getting thrown out, too.



If you don't like a user, just add them to your kill file.


As long as there are no really useful tools that eliminate everything 
that contains quotes of the user you don't really need in your life this 
is not as helpful as eliminating that user completely. Unless said kill 
file is the input queue of a skilled assassin...




Build the community that *you* want, by promoting the issues/discussions
that are of value. Let the others wither away.


Some trolls don't wither on their own. Those have to be cut back.


Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/emc30e2d80-fe44-4f38-8356-e4aceebaedca%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] good bye, qubes-users list

[Achim Patzner]

On 28.02.2019 20:00:46, "Holger Levsen"  wrote:

Obviously I do think that some mailinglist moderation is in order...
I'd probably be willing to come back, if some changes have been implemented,
but like it is, it's sadly a waste of time and mental energy.


Seconded. What about a seriously moderated and access restricted 
"qubes-technical" list?



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em6780f1cf-77c6-4ffa-9c98-f82a8f9febfd%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re[2]: [qubes-users] Responding to the Whonix trolls...

[Achim Patzner]

On 28.02.2019 15:10:21, "unman"  wrote:



On Thu, Feb 28, 2019 at 11:03:12AM +0100, Achim Patzner wrote:

 On 20190227 at 22:30 -0800 cooloutac wrote:

 Whenever I accidentally read a posting by raahelps@ I'm wondering what
 crime we committed to have to bear something like this and what could
 be done to avoid attracting people like that...

 Do us all a favour and go troll somewhere else

I don't think this is helpful


I guess I'm of a different opinion in that case. Sometimes someone has 
to speak up and draw a line in the sand.



Please consider the guidelines and be respectful and polite to others.


Unlike others I strongly believe that respect has to be earned and it 
can be retracted. The user in question spent nearly all his time on this 
mailing list. And _none_ of his postings ever enriched any discussion.


Keep in mind that "a wise man changes his mind, a fool never will" just 
means the fools will win in the end.



None of these accusations of trolling help build the community, or
advance Qubes.


In that case I would like to demand a vote (of exclusion of certain 
users) as this is building a community I wouldn't want to be a part of. 
I can understand why he is not welcome on the whonix lists anymore. And 
I strongly believe it should be the same here. I guess we will need a 
management decision on that point.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/emae3e488d-2e2c-40a3-aca0-de466355820d%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Responding to the Whonix trolls...

[Achim Patzner]

On 20190227 at 22:30 -0800 cooloutac wrote:

Whenever I accidentally read a posting by raahelps@ I'm wondering what
crime we committed to have to bear something like this and what could
be done to avoid attracting people like that...

Do us all a favor and go troll somewhere else.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d516f783b0f6663f11916bd3d77ebd989f93c55.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Achim Patzner]

On 20190225 at 16:00 -0600 John Goold wrote:
> Making the leap to "catering to the lowest common denominator" is simply
> insulting.

No. it's necessary. And often enough people even miss the necessary
steps in that setting (like registering their PGP keys... even though
it is quite simple).

And you're missing the obvious points like minimal use of available
bandwidth or asynchronous delivery.

And as long as using Qubes is more complicated than getting Arch
running there are more important tasks than catering to people who are
think mailing lists are lacking sophistication or comfort.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24a4503e18a68b8c3548d589eccc81316660f1ea.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Achim Patzner]

Am Mittwoch, den 06.02.2019, 11:34 -0500 schrieb kitchm via Forum:
> So did you not read Stuart's post where he states "My
> current client has a court order to NEVER delete another
> e-mail"?

So you don't know the difference between a court order and a law?

> Have you not read books by experts such as Kevin Mitnick? 
> We who have, know the truth, because we keep abreast of what
> the experts say.

*rofl*

> Achim, you wrote "So what".

regarding putting public discussions into a place where they are easily
redistributable and archived

> Really?  You don't see the
> significance in that?

I do which is why I want to keep them in an easily archivable format
for offline storage where I can keep them accessible in case of the
original mechanism failing. Instead of putting it at the mercy of some
"web forum".

> BTW, you are certainly not polite,

Definitely not to entitled snowflakes.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c419beb83ffa419c5a334057b097b5e4edcc4295.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Achim Patzner]

Am Dienstag, den 05.02.2019, 13:34 -0500 schrieb kitchm via Forum:
> - Google is never a secure option.

And so what? This is a public mailing list with very little
requirements.

> - No one has ever explained how to archive on a local
> computer.

Yeah, well, learn to use the tools you are dealing with. Or pay for a
teacher.

> - Prohibiting top posting is a bad idea because we don't do
> that with the e-mail standard.

You mean "Outlook standard". Before Microsoft encroached upon the world
top posting was a clear request to be shunned. You should have tried it
on Usenet...

Again: If you want to be art of a group, adapt to their standards. or
make up your own environment and live with feeling very lonely there.

- We must all recognize the lowest common denominator which
> are interfaces such as Tutanota.  If you've never used a
> web-mail interface you probably don't understand this.

No. Stop patronizin "us". We don't have to do anything. Learn to find
appropriate tools or live with the things you have. You're the land of
the grown ups.

> The mailing list sends everything.  That's
> just another form of spam.

I just saw Picard and Riker sneaking around the corner doing a double
facepalm.

- There is no reasonable organization to mailing lists, and
> as such they are misleading.

And now Janeway is joining them. Can it get any better?

> By the way, to everyone who wants anonymity, you cannot use
> a mailing list or a forum.  It is currently illegal by
> federal law to clear your browser history.

Wich federation? And if that's a problem just leave the Alpha quadrant.

> What do you
> think would be the ruling regarding deleting an archive? 
> You had better not keep the info on your computer, and you
> had better make sure you are anonymous and untrackable.

You might be better off in "Tinfoil-Hat Folding 101".


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/675a53fd764778a8f18ba08e09a2218d41c44c1a.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Achim Patzner]

Am Dienstag, den 05.02.2019, 13:32 -0500 schrieb kitchm via Forum:
> @Achim Patzner - noses, Google groups is not intuitive by
> any standard.

So what? Stop being an entitled whiner and learn to use the tools that
are available instead of demanding the world to rotate around you.

> if you truly believed that holding
> your tongue was a good idea, then why did you comment
> further?

It was a polite way of telling you to stop whining and grow a pair.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32540534d5c34d47a6a9d1996cabefd332e8bb0d.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 29 HiDPI Resolution

[Achim Patzner]

Am Sonntag, den 03.02.2019, 09:28 -0800 schrieb Daniil Travnikov:
> Could anyone tell me how to put the Xft.dpi on Fedora 29 only once? Because 
> when I am creating AppVM it is always with another HiDPI option, less then 
> his own Template. I mean changes working only on Template, but not in AppVM's.

How are you trying to do it?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aab70cba71cb72d85c608728e6357b73c6ad5a59.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] APC UPS daemon

[Achim Patzner]

On 20190129 at 12:01 + 'awokd' via qubes-users wrote:
> > connection to a separate VM which in turn notifies dom0 using RPC. 
> How did you do this step?

Blatantly stealing the idea from qubes.SyncAppMenus but executing some
script that deals with the warning. It's really simple to do it.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a1dbb1b714527c55b23f0245c98b48895918ee4.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Achim Patzner]

Am Donnerstag, den 31.01.2019, 20:16 +0100 schrieb 19hundreds:
> The problem for me
> is that I don't have an anonymous-enough IMAP or POP enabled account
> so I'm stuck with Tutanota webinterface. If you know the interface
> you can imagine the pain in following a thread. There is no tree-
> groupping for a start.

If you are in such dire a position that you have to remain anonymous
you should read the group using TAILS on the TOR side of Google. Even
that's not reliable, though. Or stop believing in the false protection
of remaining anonymous.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00559c9231add7a682af6b369d808decddc52198.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Achim Patzner]

Am Freitag, den 01.02.2019, 16:24 -0500 schrieb kitchm:
> Personal beliefs mean little when people are crying out for
> help.  If something can be proven to be intuitive, then
> speak up, or else hold your tongue.  The bottom line remains
> that it provably does not work at this point in time.

Stop talking in the name of others who did not appoint you to.

Obviously those you want to draw on as your personal unpaid resource
are using their preferred technology. For those who cannot deal with
that there are certain mitigative measures (like the Google archive
everybody is free to use without a restriction or the gateway to a web
forum for those who cannot live without it).

> If something can be proven to be intuitive, 
> then speak up, or else hold your tongue.

Yes, it is indeed time to close this useless discussion.

As long as you are not paying for it: Take it or leave it. Tongue
holding seems to be a great idea.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3af798c69bf7b8bf4db824d18aad731e10fcc30.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Achim Patzner]

Am Donnerstag, den 31.01.2019, 11:10 -0600 schrieb Stuart Perkins:
> Some of us who keep e-mails off line have the additional benefit of having an 
> archive of all e-mails since joining the list.

I don't because I immediately erase everything not interesting to me.
But that's one of the more important aspects of Mail: The simple format
that makes storage and searching extremely easy.

> I have an archive going back almost 30 years with over 700,000

Only? I'm obviously still erasing too few. But this is the most
important part: I still retain ownership of my data not some strange
"cloud" thing.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7513b35c67dec27485924defedeaf2e88f28aca4.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Hijacking Threads

[Achim Patzner]

Am Samstag, den 02.02.2019, 03:31 -0800 schrieb pru...@riseup.net:
> I have been thinking of joining qubes users for long time but am put
> off
> by large number of threads being hijacked.
> 

Well... If you want a large number of people to change the way they
handle their communication (quite successfully):

What valuable contribution will we lose if we're going on with our
merry lives the way we see fit? What do you have to offer?


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9994ce36f1cc402e438240b4b4ff94d4601b3b7d.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Re: Forum Sync Test - please ignore.

[Achim Patzner]

Am Samstag, den 02.02.2019, 07:02 -0500 schrieb Zrubi via:
> If you are really interested:
> 
> the From header should look like this:
> Zrubi via   
> 
> If it's still just the forum address, I still not found the
> right place to modify...

Working now but your PGP key still cannot be found.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ec9938be3f53957b9f5827726de05ee99d7d4e6.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Achim Patzner]

Before we begin:

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Am Donnerstag, den 31.01.2019, 18:01 +0100 schrieb 19hundreds:
> 
> I agree at some level with what you are saying however, the current
> mailing list has a lot of valuable information so I believe it's
> gonna be hard to see it replaced with something else.

The problem is rather getting the people who are providing the answers
to use something else. It's a case of the prohpet having to walk to the
mountain... (People like to use mailing lists because dealing with them
fits their normal working environment and information archival tools.)

Besides: Mail teaches you patience. There is nothing worse than the
entitled Interweb Power User who is not getting an answer within 60
seconds.

> Beside the unofficial resources listed by others, I add 
> https://reddit.com/r/qubes (it's SO comfortable!)

Reddit is definitely less comfortable if you use it in a desktop
environment/web browser than any well configured mail client. It is
usable without network connection. And let's not get into the
indignities of searching something in that trash heap.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a17b18aa441098bb0cf347142d91376634501270.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

[Achim Patzner]

On 20190127 at 01:34 + unman wrote:
> I would rule some things out. And in this case it looks like a simple
> mistake.

It could even be intention. Most of you do not think about the cost
associated with TLS (and growing with key lengths). But there always
were (and will be) discussions whether offering a certain service
(especially free of charge) will be worth it considering the attached
cost. We're lucky that technology stepped up a bit (I remember doing
performance analysis when SSL was pushed into the market by Netscape
and found out that it cost about an eightfold increase in CPU
resources); you might want to read 
https://blog.cloudflare.com/how-expensive-is-crypto-anyway/ to get a
more recent look at things. But with Quantum computers just around the
corner there will be a new arms race current CPUs are not prepared for.
And keep in mind that only protecting "important targets" is stupid; if
you do not encrypt everything you are attaching target markers to your
secrets.

Crypto is added cost and designers will always try to find a balance
between cost and security...


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e557736131daa986892765e94eac2a6d25b9dec.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Seahorse and split GPG

[Achim Patzner]

Hi!

I'm fighting a hard case of MacOSinitis ("why should I use a command
line if there is a GUI tool wheelchair-for-the-mind?") with one of my
minions. Is there a way of getting Seahorse to play nicely with the
split PGP tools? Or do I have to perform a neural implant with an ice
pick on him?


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20a0eda5db0508c0362732a90943e505221cc902.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo Thinkpad P52

[Achim Patzner]

On 20190123 at 20:40 +0100 Aly Abdellatif wrote:

> Current Condition: Everything works perfectly(kali-rolling,offline
> penstesting lab,audio,bluetooth,wifi,updates,whonix,etc...) in legacy
> mode with discrete graphics for installation(with rufus) and hybrid
> graphics after disabling nouveau

Check if all CPU cores are running...

> Only problem is the ethernet

That's not a problem with "permissive=true" and "no-strict-rest=true".

> Uefi works too but problems with wake and sleep after closing the
> lid(Nvidia problem)

Actually using Fn+Backspace, too.

> Graphics:Discrete(Hybrid won't work in uefi)

Works for me since firmware 1.06

> Sadly, there wasn't
> any grub installed(grub and grub2 were empty folders) so I couldn't
> follow the steps regarding the nvidia troubleshooting to disable 

You can do that in xen.cfg.

> I will try now to fix the ethernet and the nvidia drivers . I will
> keep you updated.

To get nouveau working you have to create an xorg.conf. By hand, of
course, to make it more fun.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/386c545b05adbf2afe12afc6843f0abc4ab5f823.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0.x - Linux kernel 4.19.15 package available in testing repository

[Achim Patzner]

Well... Keep it. All CPUs are coming up and for the first time since
the 4.0 release touchpad and track point are working on Lenovo P52. And
all of the things that got successively worse to 4.19.12 are gone.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c020b30dfe9782f63370ab6cbc68ba55b5fccb71.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Resuming a suspended/hibernated VM

[Achim Patzner]

Chris Laprise wrote on Sat, 19 January 2019 12:35
> I don't know how to do the un-hibernate (and it seems
> unlikely to work 
> on Qubes), but you could avoid hibernate in the first
> place with 
> 'systemctl mask hibernate.target' in the template.


I would expect that a simulated finger on the simulated
power button would reanimate it (although it doesn't work on
my Qubes installation on a P52 either) but the xl trigger
power was ignored, too.


Achim
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/898.5c4370d9%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Resuming a suspended/hibernated VM

[Achim Patzner]

Hi!

A seriously broken application is issuing systemctl
hibernate in a VM. I cannot live well without it and do not
have the sources for it either (that's why it is sitting in
its own VM). How do I get a PVH out of suspension or
hibernation? xl trigger didn't work.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88f.5c43115a%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] APC UPS daemon

[Achim Patzner]

On 20190118 at 16:18 +0100 Bill Wether wrote:
> I installed apcupsd to Dom0

Is there any good reason to do that? I handed over my UPS' USB
connection to a separate VM which in turn notifies dom0 using RPC. My next step 
was moving that to an old Pi and asking it across the network.

And please don't forget to restrict access appropriately if you use a
separate server. Someone turned off my workplace's power bar (and thus
the UPS) and it shut down my notebook across the VPN link.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d39831202def96786f6e9f9d01328f3e68d4556b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

[Achim Patzner]

On 20190114 at 17:21 + 'awokd' via qubes-users wrote:
> Eric Duncan wrote on 1/13/19 9:08 PM:
> 
> > I then spent several days trying to get Nvidia drivers loaded to no avail.  
> > Also, trying to get just the Intel card working (hybrid graphics) but I've 
> > hit a brick wall there - Xen just freezes on the initial splash screen of 
> > the 4 lines showing what kernel is loading.  The system hard locks up 
> > there, with no logs.  I highly prefer the Intel drivers for battery life.

Arguing about the battery life was making me grin seriously; we're
talking about a desktop replacement machine (with the P1 being the
smallest of the current generation but even that one will suck the
battery dry before you finished watching a movie) and intending to use
it without a power supply is a rather limited experience.

> A nouveau.modeset=0 might help there.

Actually the only way to do it; unlike previous models the current
generation P systems offer you "dGPU and iGPU active" or "dGPU only"
(unlike the Px0 and Px1 where it was "iGPU" or "dGPU and iGPU").

But it's not a problem in itself; the dGPU is using less energy than
the iGPU running on "intel" or "modesetting" (and in my case it's a
P3200). And with kernel-latest installed you get all your cores working
vs. 1 core on a P52.

> That is too bad; I thought those Thinkpads usually worked well with Qubes.

It's more of a Linux (and Xen) problem as far as I can judge it; I'm
constantly comparing what Qubes can do with an Arch on a second
(identical) machine I have around. The worst complaint I might want to
make is that nouveau does not have control of screen brightness (unlike
intel/modesetting) and acpi_backlight=vendor thinkpad-
acpi.brightness_enable=1 is not working as thinkpad-acpi doesn't know
the hardware yet. Both network interfaces (and Bluetooth) are working
on the P52 so they will be working on the P1 if correctly set up.

If there are any Qubes-related problems I'm very sure they will be
found and fixed sooner or later.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/743b80eee6a22341709eded9590abafdc8fa482f.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo T480 freezes after resume on suspend

[Achim Patzner]

On 20190114 at 06:48 +0100 Zrubi wrote:
>   Error verifying signature: Output from /usr/bin/qubes-gpg-
> client-wrapper:
> open sig: No such file or directory

Did I do something wrong here?

- - disable Thunderbolt in BIOS
> (Hence, you will loose the USB-C connector)

At least on a P52 you are losing more than that; it confuses the hell
out of the GPUs if you turn off Thunderbolt and connect a monitor to
the USB-C port.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9230ea4795c393389a5b8b9eea0c56e7e45d5c.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] More information needed about Qubes security

[Achim Patzner]

On 20190114 at 07:16 -0500 Chris Laprise wrote:
> The only hardware alternative that has emerged is OpenPOWER CPUs because 
> they're an open source design and have no ME-like infrastructure. 
> Unfortunately, no Qubes-like OS currently runs on it.

That's not quite true; you can do something very Qubes-alike on it but
it would cost you an arm and a leg because you would have to license an
IBM hypervisor to do so. LPAR would definitely give you an adequate
environment to implement a similar setup.

And yes, I've seen it done already.

Although If I really had to start from scratch I would probably
reinvent OS/400 with a focus on security.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/357e9f114462344faee178445dab07a919a57f97.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: More information needed about Qubes security

[Achim Patzner]

On 20190114 at 03:26 -0800 Foppe de Haan wrote:
> can the IME really talk to any NIC? Or just the ones that it has drivers for 
> (e.g., other intel products)? If the latter, wouldn't an add-in card (or USB 
> dongle) solve that issue?

First: You do not need to quote the entire message if you just want to
add two lines of questions. Quote what you refer to and cut the rest
out.

To answer your question: It depends. The Management Engine has a
connection to every bus in your system but after initial tests and the
first part of the boot process should be pulling up something
euphemistically called "firewall" to prevent all unnecessary access.
That leaves you with what Intel calls "vPro" which is part of nearly
every current piece of business hardware (I tried getting my hands on a
vPro-free Lenovo P52 and was told that mere mortals are not permitted
to order them). In that case you have a second PHY on your network
connector and the wireless interface is offering a similar mechanism.
So getting a machine without THAT will put you at least in the driver's
seat regarding control of network connections. You could/should of
course remove all wireless interfaces and put a physical packet filter
in front of your computer (I'm currently using GL-Inet's GL-USB150 as
"USB WLAN interface"). It is of course more work and needs more
maintenance.

And yes, I consider damning VNC per se a very hipsteresque attitude to
security. Especially because the designers didn't even attempt to put
anything security-related into the protocol and force you to make your
own decisions on how to implement it. At that point I stopped reading
the message you quoted and nearly stopped reading yours, too.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d93dbafba3a8ad9b49e070466e8eaba19736dcc.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Document change request

[Achim Patzner]

On 20190108 at 00:54 + 'awokd' via qubes-users wrote:
> unman wrote on 1/7/19 11:31 PM:
> > It is, of course, still linked as /usr/lib/qubes/bind-dirs.sh
> > 
> Achim, why did you think it was init?

[user@work applications]$ sudo find / -name bind-dirs.sh
find: ‘/run/user/1000/doc’: Permission denied
find: ‘/run/user/1000/gvfs’: Permission denied
/usr/lib/qubes/init/bind-dirs.sh
[user@work applications]$ uname -a
Linux work 4.19.12-3.pvops.qubes.x86_64 #1 SMP Wed Dec 26 22:31:51 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
[user@work applications]$ 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e640cfb98522db8cbb57c4c64d1854b079863469.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

[Achim Patzner]

On 20190104 at 09:24 -0800 Eric Duncan wrote:

> It is upon completion of this step, just before the system switches to the 
> login screen, that the error message pops up:
> 
> /usr/bin/qvm-start sys-firewall failed
> stdout: ""
> stderr: "Start failed: internal error: Unable to reset PCI device 
> :00:1f:6:
> no FLR, PM reset or bus reset available, see 
> /var/log/libvirt/libxl/libxl-driver.log for details.
> "

The good old I219-LM problem...  Before assigning (or after 8-) it to
sys-net (I do not really see any reason it should be assigned to sys-
firewall... are you sure?) it needs to get set to no-strict-reset=true
and permissive=true; take a look at qubes-os.org.

> Click OK switches a black screen, and the system become unresponsive.  Only a 
> hard reset gets it to reboot, at which it boots up to the LUKS password, I 
> enter it, and the system boots to a black screen again - unresponsive.

Use the dGPU or take care of turning off the nouveau driver completely
(nouveau.modesetting=0).

> I suspect it's the Nvidia graphics.  However, I can't get the installer to 
> boot past Xen with Hybrid graphics - Xen pauses for 5 minutes or something, 
> and goes black.

Why don't you use the nVidia GPU instead? It is definitely faster than
the iGPU anyway, booting faster, using (at least on my machine) less
energy and you do not meed to modify the kernel command line. And on
kernel-latest my system is working with all cores.

> WARNING (to anyone else installing on a P1/X1 Extreme/P52, etc): To install, 
> you must switch to discrete graphics in BIOS (no hybrid).  But, DO NOT DO 
> THIS unless you have BIOS 1.17 or later or you will BRICK YOUR THINKPAD!

That didn't break mine. Turning on Thunderbolt BIOS support and turning
off secure boot did that for me. Switching to dGPU is only causing
problems if you do not wait on the next reboot for the system to
reinitialize the device tree in ME (and thus starting with empty ACPI
tables) by resetting it at just the right time during the 30 seconds
this would take.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6322720ce13f51517724aad689eb58e5ab2c971.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] old version of xscreensaver

[Achim Patzner]

On 20190103 at 19:29 -0500 Chris Laprise wrote:
> The XFCE deficits are too numerous, unfortunately.

It's just the worst UI since OSF/Motif (which made me go to plain
X11/twm).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e051e37a42761c4679444de7c8b12ddfccce29b0.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo Thinkpad T480

[Achim Patzner]

On 20190104 at 10:14 +0100 Zrubi wrote:

> Thunderbolt BIOS Assist:
> if enabled, the mentioned device - causing the hibernation issues -
> are gone, then only one USB device remains, which is works without
> problems.

Be careful to have updated the firmware before turning it on; I've seen
the bug that is hitting the P series affecting T series models, too.

> Confirmation needed: As I do not have any Type-C devices, I can't
> check if that is still working in this case or not.

Without BIOS assist mode strange things are happening in Qubes (but not
up to date Arch) if you connect the Thunderbolt 3 Dock (and even worse
if you connect the Thunderbolt Graphics Dock should you have one).

Important point: Set Thunderbolt security in the setup, too. If you
leave it open it will be possible to attach any Thunderbolt device
without user intervention and use it to get full access to the
hardware.

> Moreover, if you don't need the thunderbolt at all, it can be
> disabled completely from BIOS. Hence then the USB-C connector lost
> its functionality for sure.

In the case of the P series the Thunderbolt controller has control over
the physical connector so if you turn it off the USB subsystem and the
GPU will lose their access, too. Stupid design if you ask me.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47180d3bbd028f3b6a260d89fcff4d3df436a7ee.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] old version of xscreensaver

[Achim Patzner]

Am Mittwoch, den 02.01.2019, 20:42 -0800 schrieb pixel fairy:
> xscreensaver complains about being an old version. doubt this matters, but 
> might scare some users.

There are worse problems with it (and some of them depend on X and the
hardware you're running on) which might also warrant finding something
different. I just have to find some time for constant rebooting of my
system to create a meaningful bug report.

(To give you an idea: Imagine a machine (let's call it Lenovo P52) with
multiple GPUs where certain output channels are connected to one of the
GPUs only starting a screen server. If you connect your second monitor
to the right port the screen saver will not blank one of them if you
start X without an appropriately xorg.conf... And to make things worse
it also depends on the GPU you are using and the phase of the moon.)


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c05d1e526f2c6fa177e8b86da18c986af74b28d9.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Am Donnerstag, den 03.01.2019, 00:02 + schrieb unman:
> On Wed, Jan 02, 2019 at 09:13:40PM +0100, Achim Patzner wrote:
> > Is it worth creating issues if certain parts of the Builder tools do
> > not work (e. g. template-local-centos7 or template-local-fc29+xfce)
> > which would be creating things not in the Qubes distribution?

> I would say ALL parts are "intended to work" rather than "guaranteed to work".

Let me rephrase it: Should bugs be reported to qubes-issues if the
affected item is not relevant for the generation of distribution-
related stuff? After all just reading it will bind resources that are
probably needed somewhere else.

> Anything that is included in builder *should* work - if it doesn't, it
> may be an issue, but I'd suggest raising it here first before heading
> over to github. You've already encountered this.

In that case a good example would be that make -j n (with n >=4) builds
of the targe qubes-vm are failing, right? (Which would also fix
rebuilding targets that have been finished already, too).

> (I exclude live iso build which hasnt worked as written for years.)

Maybe it should be removed...


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0bd84aaf74753bb03faa67d93ebdb7c7aba38166.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Right now I'm not even getting to centos-7:

make get-sources get-sources-extra qubes-vm is stopping at

-> Installing core RPM packages...
error: Failed dependencies:
glibc = 2.28-9.fc29 is needed by
glibc-all-langpacks-2.28-9.fc29.x86_64
glibc-common = 2.28-9.fc29 is needed by
glibc-all-langpacks-2.28-9.fc29.x86_64
make[1]: *** 
[/home/user/qubes-builder/qubes-src/builder-rpm/Makefile-leg
acy.rpmbuilder:35: 
/home/user/qubes-builder/chroot-fc29/home/user/.prepared_bas
e] Error 1
make: *** [Makefile:217: vmm-xen-vm] Error 1


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68d.5c2d3178%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Hi!

Is it worth creating issues if certain parts of the Builder tools do
not work (e. g. template-local-centos7 or template-local-fc29+xfce)
which would be creating things not in the Qubes distribution?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59d8e3c7dad130ac0f6a83f8706e96cf267bee32.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ubuntu templates

[Achim Patzner]

On 20181230 at 16:34 + unman wrote:
> > Not starting redoing everything to the point where the build
> > process stopped would be a good first step.
> 
> Yes, it's very aggravating.  I would work around this by commenting
> out the packages that *have* been built, so the build can start again
> from where it failed.

I (having started using Unix with 4.2BSD on a VAX where things tended
to take really long) wrote a csh script around make doing every single
component one-by-one and checking the exit state of the make jobs I'm
starting. Looks ridiculous but works unattended.

> I'm not surehow this could be done otherwise

By formulating further dependencies that check whether the goals are
already existing. If something that has been done flawlessly is remade
the thing has been missing in the dependencies.

Another good indicator that something is wrong with the makefile is
getting into a mess if using -j is causing any kind of race condition
or premature target being done. And no, "make -j4 qubes-vm" does not
work which means that rules fire before all prerequisites have been
done.


> download. Maybe a "download all required additional data" makeMaybe a
> "download all required additional data" maktarget
> > 
> > would be a good idea, too. Or did I miss that?
> 
> There's make get-sources, of course, but I dont think that is what
> you mean.

No, rather a target get-packages that will download all
.deb/.rpm/.whatever that will later be used to create the root
environments for VM templates. This step is coming REALLY late (after
building all qubes-packages) and I definitely do not see any reason to
rebuild all the qubes-* components because a package download fails.
Wrong order.

> I strongly recommend a caching proxy. apt-cacher-ng works pretty much
> out the box.

If you downloaded it once it stays in qubes-builder. (Which is another
target that is missing -- old packages are kept in there if later
builds are getting more recent versions.) So unless you are using a
tool with high tolerance to interrupted downloads this will not help
that much. And places with unstable network connections are easy to
find.

Btw: If I understood the license clauses of Ubuntu correctly you can do
with it whatever you want as long as you do not call it (genuine or
derived) (U)buntu. So if you provide a minimal template with
sufficiently free space (and calling it Pronto instead of Ubuntu) that
pulls down the "trade dress and feel" on a first run should be well
within the limits. Maybe that's a way to do it. Although I would
consider having supported Arch and a CentOS template much more
important. Debian is a glacier and Fedora... I'd better not start
thinking about that. But it will take considerable resources to keep
all necessary components working.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09b9a55ffa2e817c32a91e1c1e8da9112d49561d.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ubuntu templates

[Achim Patzner]

On 20181227 at 10:58 + unman wrote:
> There's an open issue relating to making build more fault tolerant, but
> since I never see that problem, it's not a priority.

Not starting redoing everything to the point where the build process
stopped would be a good first step.

> (I use
> apt-cacher-ng as a caching proxy which might help. Certainly does on the
> template updating.)

Probably. Sitting in jakarta and trying to do a make qubes-vm followed
by make template was tiring with every second package failing to
download. Maybe a "download all required additional data" make target
would be a good idea, too. Or did I miss that?

> On your second point did you read 
> https://qubes.3isec.org? I've been
> running those for about two years.

Sadly not but I will take a look at it now; I gave up using other
people's templates when the Arch template was running out of updates...
And to be honest: Using the Builder environment is a good exercise.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7255ae890dcbce5e18f7de9d4d3f66574ebf5fd.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ubuntu templates

[Achim Patzner]

On 20181226 at 10:39 + unman wrote:
> For any one who wants to try out Xenial or Bionic, I've put some
> updated templates for 4.0 online, including a bionic+desktop version.

Building the templates if the stars are aligned just right and nothing
in the build process breaks is not that big of a problem (although
someone might take a look at the builder script and the makefiles to
make them a bit more fault tolerant (e. g. in case the downloading of
additional packages fails)) if the process is not done in steps by the
user. The more interesting problem would be keeping the included qubes-
specific packages updated and offering the necessary server
infrastructure to deliver updates (providing the servers would be a
minor problem...). Do you feel up to doing that for the foreseeable
future?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dcc49700440c3be3ccf827afc5e059037ca8c2b5.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Port Forward in qubes-OS.

[Achim Patzner]

On 20181225 at 00:25 -0800 menoldst...@gmail.com wrote:
>  Permission denied (you must be root)

Sometimes a closer look at the error mesage solves the riddle.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e1bb1c4675aa2a607af4e23d27dc01f4b720f92.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: updating CentOS-7 templates

[Achim Patzner]

Frédéric Pierret  wrote on Sat, 22 December 2018
12:16
> A PR is opened. Waiting Marek's approval. It was related
> to ABI version requirement not done in the
> qubes-gui-agent-linux. Between xorg 1.19 and xorg 1.20 the
> ABI version changed from 23 to 24 so xserver was refusing
> to load the qubes driver.
> --

Just keep in mind more or less the same happens if you
transmongrify a Debian template into a Kali following
https://www.qubes-os.org/doc/pentesting/kali/ which is a
warning that there are problems ahead as soon as Debian is
getting its collective ass far enough off the ground to
update X.


Achim 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5bc.5c1e6ee7%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fed-28 update error

[Achim Patzner]

On 20181220 at 14:53 -0500 Chris Laprise wrote:
> How stable is the CentOS 7 "testing" template? I'm so over Fedora,
> but need dnf for full compatibility with qubes-dom0-update.

It just self-destructed by upgrading x11-xorg*, see "[qubes-users]
updating CentOS-7 templates" - I guess I have to find 
xorg-x11-server-{Xorg,common}-1.19.5 as Nick Darren wrote. Besides that it's 
quite useful (but the arch template is more versatile). Fedora and plain Debian 
have a sucking coefficient that rips fleas off dogs.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f87fd65e58a1d9bd582f9772aa0aa0f6fcfc5e2.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Where is Qubes' idea of private image size coming from?

[Achim Patzner]

On 20181218 at 23:53 + unman wrote:
> On Tue, Dec 18, 2018 at 09:18:06PM +0100, Achim Patzner wrote:
> > [ap@dom0 bin]$ qvm-ls --disk BuilderNAME STATE   DISKPRIV-
> > CURR  PRIV-MAX  PRIV-USED  ROOT-CURR  ROOT-MAX  ROOT-
> > USEDBuilder  Halted  124948  124948 2048  6100%  0 
> >  10240 0%[ap@dom0 bin]$ 
> > 
> > Before I start doing something stupid (like reporting a non-issue or
> > shooting my own foot): Where is that 2GB PRIV-USED coming from and how
> > do I correct it? The image file itself has a size of 128GB right now...

> 6100% used. Impressive.

I really like efficient data compression...

> I'm not clear if you tried to extend first or checked the sizes first.

I have to admit that I wanted to use the Qubes-Manager (GUI tools make
people lazy...) and started scratching my head first (getting me to
realize that just increasing the size might not be the wisest
decision).

> You can see the code in
> /usr/lib/python3.5/site-packages/qubesadmin/tools
> 
> PRIV-MAX comes from vm.volumes[private].size - it's strange that that
> should be showing the default 2G size.

It's really there. But I used qubes tools to grow the image and they
usually register correctly what they did in the relevant databases.

> Just to be safe I would backup anything you have on the BuilderVM.
> What does qvm-volume info Builder:private show?

size 2G (in bytes)
usage 128GB (in bytes)

> You could try then resizing with extend. 

... without changing any stored data...

Ok, now the information is matching reality.

If this is happening again I'll open an issue. Or get a patent for my
compression algorithm.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f938cf7f5a3eafd7323fbabed524950996188f0.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Where is Qubes' idea of private image size coming from?

[Achim Patzner]

Hi!

I just ran out of space in my Bulder VM again and wanted to extend it a
bit, but somehow PRIV-CURR and PRIV-MAX do not like each other that
much:

[ap@dom0 bin]$ qvm-ls --disk BuilderNAME STATE   DISKPRIV-
CURR  PRIV-MAX  PRIV-USED  ROOT-CURR  ROOT-MAX  ROOT-
USEDBuilder  Halted  124948  124948 2048  6100%  0 
 10240 0%[ap@dom0 bin]$ 

Before I start doing something stupid (like reporting a non-issue or
shooting my own foot): Where is that 2GB PRIV-USED coming from and how
do I correct it? The image file itself has a size of 128GB right now...


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ac155022bbe53a17b5a28f8977d6c84e0468250.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] updating CentOS-7 templates

[Achim Patzner]

On 20181215 at 18:06 + Nick Darren wrote:
> On Thu, Dec 13, 2018 at 10:36:18AM +0100, Achim Patzner wrote:
> > So: Which packages (of the few millions) is the one to back out or
> > what would have to be added again?
> I just downgrade these packages upgrade on centos
> 7, 
> xorg-x11-server-{Xorg,common}-1.20.1 back to 
> xorg-x11-server-{Xorg,common}-1.19.5 and now qubes-gui-agent seems 
> working fine with it and I can use back my centos-7 as usual.

Thank you.

Finding the right point to get back to was not trivial -- I did yum
downgrade of these packages but mine were at 1.20.1-5.1 and successive
downgrades using "yum downgrade" brought them to 1.20.1-5, then -3 (and
the I got bored by that game).


Achim



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/91b115d207f5bb1040055fe5b9cb359c7165bb67.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes with newer hardware and error messages still safe enough?

[Achim Patzner]

On 20181213 at 19:20 -0800 Sphere wrote:
> If only I could establish my own CPU production company I would definitely 
> support libre hardware/libreboot/coreboot and such but sadly we are in a 
> world with high demands to processing and stuff and due to how there is 
> hardly any support for libre hardware, the processing needs are hardly filled 
> out and even more so with limited budget.

You could have bought a Power 9-based board and (4-core/16-thread) CPU
for less than $1000 a few weeks ago.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33d5345b1850fe7e96963df9f158d056b5e893d7.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] updating CentOS-7 templates

[Achim Patzner]

Am Donnerstag, den 13.12.2018, 06:12 + schrieb Wynn Tseng:
> Yes, mine happened too. 
> 
> Post error log about /var/log/Xorg.0.log in centos-7 template.
> 
> In dom0, use sudo xl console (insert centos vmname here)to access
> centos7 vm

I did that; that's why I know that there was X11 breakage.

So: Which packages (of the few millions) is the one to back out or what
would have to be added again?


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aeab7ef45df15fa767e04ce20dd81aecfd334856.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] updating CentOS-7 templates

[Achim Patzner]

I just updated my CentOS templates (with hundreds of packages being
upgraded) which seems to have messed up the X environment sufficiently;
did that only happen to my local generated templates or is that worth
reporting an issue?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8519467e6b306bb3922fd9e460c7a1b2b50ad74.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Where is qubes-dom0-update getting $releasevar from

[Achim Patzner]

Hi!

I just noticed that I'm not getting anything from qubes-do0-current-
testing with the very helpful message "Failed to synchronize cache
for...". Taking a look at qubes-dom0-update -v showed me that the 
r$releasevar component came out as "r25-5" instead of r4.0.

I can get it to behave by adding --releasevar=4.0 to the command but I
would really know what has been messed up...


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/360c5d31429237df199bb9b9e2a1e92a4132b279.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The state of the HiDPI display support in Qubes

[Achim Patzner]

Am Donnerstag, den 29.11.2018, 09:16 +0200 schrieb Ivan Mitev:
> The following might help to work around your issues:
> 
> https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md

It is solving a few of the issues but you definitely need more (like
HiDPI themes in several sizes). Or moving new Xresources into templates
(or VMs) if they change in dom0. And dealing with xsettingsd.

Especially xsettingsd -- it would be an ideal point of attack if Qubes
had a dedicated UI (or UX in techno hipster speak) team. Just give it
another database backend for its settings that was maintained in dom0
and accessible to all running VMs and you could easily change settings
in everything running on your system.

> Granted, having a "scale everything by a factor X" option in dom0
> would be way better

It is necessary unless you like using a microscope for HVMs. In a few
months we will see the first 12" mobile computers running at mobile
phone resolutions...

> but it'd be nearly impossible to implement/support if the 
> config has to be passed down to the VMs.

Not at all. The currently implemented mechanisms for the virtual X
servers are not working perfectly yet but that could be changed. It
just won't solve the problem of xsettingsd messing everything up
(including Xft settings which are coming from Xresources and
.xresources) if it does not have the correct parameters in its
database. So all we have to take care of was getting the databases in
all VMs right -- or implement a central one. If one was mad enough he
could use the qubesdb which is already accessible everywhere.

> I'm wondering if it couldn't be solved at a lower level
[...]
> That could also end up being very CPU intensive.

You should let the GPU handle that; applying transformations is a
standard feature today.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e1f199f6cb9b469d37858c293b7e374a0bd791f.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Manjaro Spitfire laptop with Qubes 4.x?

[Achim Patzner]

Am Montag, den 26.11.2018, 17:00 -0500 schrieb taii...@gmx.com:
> What they state they will do is impossible and they are setting the
> freedom computing movement back by years by brainwashing people in to
> thinking that modern x86 hardware can be free.

And I'm feeling the same about the Librem and similar hardware. It's
misleading to the point of cheating the customer.

> They could have made an OpenPOWER laptop that is actually owner
> controlled and libre from the factory but they simply refuse to do
> anything like that.

I just ordered the cyborg monday offer from Raptor CS. I'm just
wondering if I can get a real hypervisor running on this hardware. I
would of course like to get Qubes on top of LPARs but don't really see
this coming in the near future...


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f79c64542563568786c097f1299d09f118087af1.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Setup NextCloud in Qubes

[Achim Patzner]

Am Sonntag, den 25.11.2018, 14:44 -0800 schrieb pr0xy:
> Looking through past messages here it seems that others have got
> OwnCloud and NextCloud working. I wonder if they were able to do this
> with bind-dirs, or whether they had to use a StandaloneVM.

Again: What do you want to gain? Having access to the same files on
multiple VMs? Having copies on all of them (plus the copy on the
storage VM) seems like a bit of overkill to me.

> There are some other aspects of NextCloud aside from the file sharing
> like Calendar, Contacts, Notes and others that might also me nice to
> have internally.

And to be honest: I do not trust all those plugins that far. They are
complicating things and complicated things cannot be easily verified.
Why not do everything on the same VM (which would be a risk you could
at least try to assess)? And where would be the limit? The Password
application? Giving external  users access because you need to share
files?

I'm not against a centralized "file service and storage VM" but it
would take considerable work to really find a secure way to do it;
access would likely have to use an RPC mechanism like current file
copying. It might be better to find out if it was possible to implement
something like WebDAV on top of a Qubes RPC services with a fuse front
end.


Achim Patzner

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a8b29e7afb1678b92924c2926258849663d736c.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Compatibility Lenovo P52

[Achim Patzner]

Eric Duncan wrote on Sun, 25 November 2018 14:31
> Just off the bat, the biggest concern is that dGPU: you
> can't turn After I ordered my P1, I just found out that
> the Dell Precision 5520 (same as the famous XPS 15) had
> the option to be ordered with no GPU! This means it would
> be perfect for qubes as it's fairly low cost, 32 GB ram
> (no ECC though) and hex core.

At least in the German Lenovo online shop you can order all
three base models without dGPU.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/36b.5bfad5a9%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Donation costs

[Achim Patzner]

Patrick Schleizer wrote on Mon, 19 November 2018 08:33
> I don't think crypto currencies add much carbon dioxide
> compared to
> legacy financial institutions.

Answers like this make me wonder how people arrive at their
threat assessments.

If you do not know the facts making assumptions based on
your wishes does not work. I strongly believe in finding
facts if I do not have precise data. Try taking a look at
some research:
https://www.nature.com/articles/s41893-018-0152-7.epdf (if
you do not want to pay for the article you will be able to
read it at sci-hub). The current equivalent of the creation
USD 1 in Bitcoin (at the time of writing the article when
Bitcoin was still more expensive than today) is about
17MJoule (about 4.6kWh). Gold is currently at 5MJ. The
mining of the first 6 months of this year took 30TWh,
estimate for the year is 73TWh. If we're lucky this will
have led to less than 70Mt carbon dioxide. If not we will
have gained quite some nuclear waste we still don't know how
to deal with.

And as you are making noises about banks: Please add in the
environmental cost of all the computers involved in Bitcoin
transactions. One Bitcoin transaction is currently costing
about as much energy as 40 credit card transactions.

And yes, the reference section of the article is quite
interesting.
 

Achim Patzner

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/358.5bf9d7a7%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re[2]: [qubes-users] Donation costs

[Achim Patzner]

On 17.11.2018 03:42:25, "taii...@gmx.com"  wrote:

Using alipay is super bad considering you would be supporting a country
that censors the internet and imprisons people for viewing the "wrong"
things.


Not using Alipay is worse; it's been the only way of getting your money 
back if a dealer on one of 10Cent's market places is not keeping his 
side. So using the accumulated cash there for something I want to use it 
for is a bad idea? Well, then... And yes, I will continue buying 
interesting stuff directly from China instead of getting it via USA and 
Amazon.


Crypto payments and cash in mail to trusted qubes people (with secret 
shoppers to help ensure honesty) are the least terrible option.


From my point of view on ecology: not. Besides throwing all your money 
towards China, too or where do you think is most crypto mining being 
done because there currently is no place you're paying less for the 
ecological damage right now. So while China's censorship is not 
threatening me right now, adding unnecessary carbon dioxide to my 
environment is.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em1e3bd25a-70a9-4f86-8870-ca8597b98372%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donation costs

[Achim Patzner]

On 20181114 at 06:01 -0600 Andrew David Wong wrote:

> They looked into it and have informed me that switching from OC to
Stripe wouldn't be cheaper at this point because the accounting costs
for the large number of small donations we receive
would exceed OC's fee.

Wow. This is sounding a bit strange to me because their pricing would
be about 31 cents on 2€ and getting consecutively cheaper; a friend of
mine is using it as street musician (but to be fair, for him the ease
of use is gaining him additional income -- he set up an old Android
device as terminal and asks for a minimum of 2€ if people want to use
it and instead of dropping 1€ they are now transferring something
around 5€).

> We're approaching the point where switching would be cheaper, but
we're not quite there yet.

Good to hear. I just got a message from AliPay they would give me a
discount of 30% on my next payment up to 700 RMB and it would have been
a good opportunity to get rid of the excess RMB hanging there I cannot
get out of their system easily. OC doesn't offer me that.

> It's worth noting that Bitcoin donations and payments from Qubes
Partners both bypass OC, so the largest amounts tend to avoid that fee.

Bitcoins are for me an ethical problem. The mining is now costing so
much energy that there are lots of (mostly Chinese, but we're somehow
sharing the planet with them) unclean power plants generating the
energy for them (because they are cheaper). [Cheap shot: This should
pose a more serious problem for people claiming loudly "I'm a vegan to
save the planet" and then developing technologies that need crypto
currencies to be viable... I just had that discussion.]


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1622c5107cf56af5fa676f087df6f82293f5cc50.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 2nd external monitor using usb c-type

[Achim Patzner]

On 20181113 at 12:05 -0800 Patrick wrote:
> Has anyone done that - i.e. use a 2nd external monitor using a usb c-type 
> connector?

What difference between using a USB-C and a DP connector did you
expect? It is just another port on your GPU... So yes, it is working if
there is a running GPU connected to it. It got a bit interesting on a
Lenovo P70 because I had to have two GPUs running but that's not a
problem with X11 either.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/086d24283330a37d17c1b77cbda4134e4b13bfa8.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

[Achim Patzner]

On 20181113 at 06:44 +0200 Ivan Mitev wrote:
> I've also added a note about QWT 4 breaking *new* HVMs (I thought the 
> breakage was only when updating from QWT3 to QWT4). It seems it's a 
> hit-or-miss process, IIRC some users managed to have QWT4 running.

The real problem with these tools is not being able to install and
deinstall them in steps. Somewhere along the way I lost libvirt and
there is no easy way to just put it where it belongs. Using the
installer to "repair" the system breaks it because it is messing with
the drivers. If you uninstall completely you break the system with the
reinstallation. All in all it worked better NOT to use the Qubes tools
but the XEN installers and add the Qubes video driver later.

> > What value, if anything, should go under Gateway in the VM? The ip address 
> > shown by Qubes as belonging to the network-providing VM itself, ie Sys-Net 
> > or Sys-Firewall, namely 10.137.0.6 ? Or something else?
> 
> The ip output by `qvm-prefs vmname visible_gateway` ; if you don't have 
> a fancy vpn/firewall setup, it's likely 10.137.0.6.

This is another joke I'm not understanding. Ok, no DHCP for the
unwashed masses. But if I have qubes-rpc working, why not inject the
necessary settings using this mechanism?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74949a1f504baa8c94af509a063e022bf6a17661.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4: Windows 7 HVM loses internet connection after installing Qubes Windows Tools

[Achim Patzner]

On 20181112 at 20:52 +0200 Ivan Mitev wrote:
You do not need to quote a full message as a block; just coppy what you
really refer to.

> Since you mention that the network is functional without QWT
> installed there's probably an issue with your ip settings in the
> windows HVM.

Not necessarily so; it depends on how much of what has been installed
and updated at what point.

I've just finished setting up a new Windows 7 HVM, too. The up to now
best route for me was installing an original Windows 7 SP 1 medium and
then spend about two days of updating it (including 28 reboots...)
before even trying to install the tools package.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b713b5b973be4184915513bac3fd39b0b145c02.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Removing KDE

[Achim Patzner]

On 20181112 at 00:28 -0800 aaq via qubes-users wrote:
> Honestly I completely agree. If I was to use a DE I would definitely prefer 
> KDE or GNOME over XFCE (I sincerely hate XFCE, loose opinion held strongly)

Seconded. My ass is still in pain over getting it to run at 286 dpi,
especially if disp VMsneed to get everything, too. And I'm still trying
to get a handle on the nome-tools menu bar sizes. Getting KDE to agree
on a different resolution is definitely easier (although i fell in love
with Mint - you don't have to do anything, it's like MacOS on this
machine.)

> My machine only has 8 gb of RAM, and so far that is more enough for my usage, 
> but I fear if I bloat dom0 too much, that I might end up having some issues..

Right now it's CPU cores we're lacking, not RAM -- that can be added,
mobile CPUs are limited. But maybe that's because I once had a Sun
Tadpole, the only mobile computer thatever felt like having enough
horsepower.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22ad0b15ff48e5d2a89decd38a22fbc9ca510766.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Vertrauliche Nachricht von Sebastian Schatter

[Achim Patzner]

Am Samstag, den 10.11.2018, 21:11 +0100 schrieb Sebastian Schatter:
> Guten Tag,
> ich habe gerade eine vertrauliche Nachricht mit Tutanota (
> https://tutanota.com) gesendet. Tutanota verschlüsselt E-Mails
> automatisch Ende-zu-Ende, inklusive aller Anhänge. Der folgende Link
> führt zur verschlüsselten Mailbox, von der aus auch verschlüsselt
> geantwortet werden kann:

Aber sonst gehts noch, oder?

[But other it still goes, or?]


Achim Patzner

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/135a3dc961b5f81fd143bd91962cf13482e5bf7b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: The state of the HiDPI display support in Qubes

[Achim Patzner]

Am Donnerstag, den 01.11.2018, 11:20 -0700 schrieb ka...@transmuted.io:
> I feel this situation would get better once Xfce finishes their GTK3
> porting. They are at 80% right now and GTK3 supports HiDPI natively
> and then Qubes will need help porting their Window decoration system
> to the new interface if required (I haven't looked at it yet).

I'm still owing you an answer on this...

Trying to solve this somewhere at the level of GTK is a bit late and it
will not help applications flying lower.

I'm a dinosaur. I'm coming from a time without all that stuff where X11
(finally version 1.1! yeah!) came with The Window Manager (twm) and the
scaling was controlled by starting X with the correct settings for dpi
and position in your x11.conf.

I'm still living in that age as I'm using lots of stuff that is still
stuck in the age of Motif. My weapon of choice is the terminal and it
is coming as xterm (because you will find it everywhere) and if the X
server is configured correctly it will do miracles for you (just read 
the description at 
http://www.futurile.net/2016/06/14/xterm-setup-and-truetype-font-configuration/
for a good idea).

If you want this to be working well for you (including readable pop-up-
menus your X geometry has to be correct (and I don't think that gnome
is doing a better job there without that). You can of course set
parameters "by hand" in configuration files but it will not work easily
across monitors with different resolutions.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c1a94658cce8f031b82caac5ae36e20ef230f85.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donation costs

[Achim Patzner]

Am Mittwoch, den 07.11.2018, 18:40 +0100 schrieb 799:
> In Germany you can even save taxes when you make donations to a
> charitable organization.

It's a tax nightmare if that entity wants to hand over money to
something else. It would be easier if the "Qubes FOundation" would get
that status.
> I think it would help if recurring  payments can be done easily
> without loosing 16%.

Using Stripe would alrady improve things.

Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ce83f58a788a695ee6c319acd59f2bd6c0efc49.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes User Forum

[Achim Patzner]

Am Mittwoch, den 07.11.2018, 18:10 +0100 schrieb Zrubi:
> Any further suggestion and/or bug reports are welcome.

Replace the useless smiley by things like ⚙️, ☠️, ,  and ✔️? (8-))


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cac3557ee8a3b23d1105d94e40634dee09f88e1f.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Donation costs

[Achim Patzner]

Well... As https://www.qubes-os.org/donate/ is warning, 16%
of the donation are going to administrative costs due to
Open Collective's charges. 10% could be saved (probably
more, Stripe is charging at most 2.9% plus 0,25€ per
transaction) if ITL would get their own Stripe account (by
buying a Stripe card reader off Amazon and registering with
Stripe) and I don't think the administrative/bookkeeping/tax
headache would be any less that way.

They are accepting AliPay and WeChat pay (and all the other
exotic things roaming around the European banking system).

I would bet we could create a secure payment gateway...


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/192.5be3171a%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donating to qubes

[Achim Patzner]

Am Samstag, den 03.11.2018, 00:24 +0100 schrieb pieter lems:
> Are there any other options available for donating such as paypal

Just tried it; Open Collective is taking credit cards and Paypal. So go
there and donate.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b794de00c47e60ecfd24c2b0111840fac109a8b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Donating to qubes

[Achim Patzner]

Am Samstag, den 03.11.2018, 00:24 +0100 schrieb pieter lems:
> Are there any other options available for donating such as paypal or
> IDeal (for people from Holland)? If not is it possible to create
> those options for people that either dont use a credit card or are
> not familliar with bitcoins?

Paypal. But not a credit card? Really? In my opinion that's like "I'm
only eating vegan chicken" (nothing against chicken, though, we all
should fight the dinosaur invasion).

Why don't you just set up a virtual credit card with Entropay or a
similar service and be over with it? 


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/199ca07e3c15731b90bb712b31842c27d7d667fa.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Running a single appVM off another volume

[Achim Patzner]

Hi!

Is there an easier way of storing a single VM on an external device
(assume it to be an USB conneted medium) without doing elaborate dances
around it or having to backup and restore? One of our customers got the
bright idea to store a VM containing their CA on an USB flash and
connecting it to "an appropriate machine" (Yes! "Appropriate! Imagine
the fun I'm having *now*) for key signing ("Guys, have you ever heard
of a device called HSM?" "No, and please don't tell us.").

$appropriate was considered to be VMware without a virtual network
interface, running the machine off a USB flash. Securely stored on a
hook besides the door, "because if it is physically disconected it is
safe".

Ok, may not be TAILS (because that's used by criminals) but using Qubes
is an option. Getting off the VM-on-external-media-only trip not. Is it
possible to get these guys on Qubes without "changing the documented
process"?


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30149d2008d3ee42cd7ebfc798a3a1772c071d35.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] gnome-control-center in Fedora > 27

[Achim Patzner]

Hi!

Finally having updated the fedora-26 template to something more recent
I'm hit by the side effects of not having a full GNOME running there.
One of them is the gnome-control-center not doing its job as it needs
to be started with

env XDG_CURRENT_DESKTOP=GNOME gnome-control-center

As certain other abgnominations are launching it directly the
modification ot the .desktop files seems the best way to go:

grep -l "Exec=gnome-control-center" /usr/share/applications/* |  xargs
-n 1 sed 's/Exec=gnome-control-center/Exec=env
XDG_CURRENT_DESKTOP=GNOME gnome-control-center/g' -i

(I'm of course not responsible for this turning your system into a
toad...)


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4694a5045a0bd828a77e0646daff852d137ac820.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL entry Lenovo P52 (20M9001NGE)

[Achim Patzner]

TL;DR: Don't bother buying one (or a similar machine from the other 
series (T, X, P1)) yet.


Well...

I finally got my personal Lenovo P52 back (actually forced Lenovo into 
late DOA as there are no spare parts for them right now).


[Side notes: If you have a current generation Lenovo (Px2, X/Tx80) DO 
NOT actitvate Thunderbolt pre-boot support (recommended for Linux but 
completely useless for current generation Linux kernels) as it will 
immediately brick your mainboard. The same will happen if you do an ME 
firmware upgrade and reboot into the setup menu immediately afterwards 
instead of rebooting it into some OS. The same may happen if you turn 
off Secure Boot and reset any secrets involved in it at the same time. 
Yes, I caused 5 DOAs in one week by de-Windowing them (is someone from 
Prague permitting me to call that "defenestration"?).]


1) Unlike former generation hardware I cannot get the CPU's GPU to work 
with it; not even as EFI frame buffer (much less as i915). Thanks to 
current kernels nouveau is able to bring it up at all but as soon as I 
try changing resolution or terminate my session the display goes black 
(even on the text consoles). The nVidia is a major annoyance but it is 
at least working.


1a) Unlike Lenovo's compatibility chart claims the system none of the 
Linux distributions I have been testing are working with this Intel GPU 
ight now (https://certification.ubuntu.com/hardware/201806-26280/ is 
probably plainly synthetic). As soon as you type lshw with the device 
active (as in "enabled in the firmware setup") our P52 hang and have to 
be powered off. I've heard that the latest kernel might be working... 
But at least none of the others are crashing with the nVidia GPU.


2) If you boot the system set to external GPU you will get these PCI 
devices


00:00.0 Host bridge: Intel Corporation Device 3ec4 (rev 07)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen 
Core Processor PCIe Controller (x16) (rev 07)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 
v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 07)
00:08.0 System peripheral: Intel Corporation Xeon E3-1200 v5/v6 / 
E3-1500 v5 / 6th/7th Gen Core Processor Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Device a379 (rev 
10)

00:14.0 USB controller: Intel Corporation Device a36d (rev 10)
00:14.2 RAM memory: Intel Corporation Device a36f (rev 10)
00:14.3 Network controller: Intel Corporation Device a370 (rev 10)
00:15.0 Serial bus controller [0c80]: Intel Corporation Device a368 (rev 
10)

00:16.0 Communication controller: Intel Corporation Device a360 (rev 10)
00:16.3 Serial controller: Intel Corporation Device a363 (rev 10)
00:17.0 SATA controller: Intel Corporation Device a353 (rev 10)
00:1b.0 PCI bridge: Intel Corporation Device a340 (rev f0)
00:1c.0 PCI bridge: Intel Corporation Device a338 (rev f0)
00:1c.7 PCI bridge: Intel Corporation Device a33f (rev f0)
00:1d.0 PCI bridge: Intel Corporation Device a330 (rev f0)
00:1e.0 Communication controller: Intel Corporation Device a328 (rev 10)
00:1f.0 ISA bridge: Intel Corporation Device a30e (rev 10)
00:1f.3 Audio device: Intel Corporation Device a348 (rev 10)
00:1f.4 SMBus: Intel Corporation Device a323 (rev 10)
00:1f.5 Serial bus controller [0c80]: Intel Corporation Device a324 (rev 
10)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (7) 
I219-LM (rev 10)
01:00.0 VGA compatible controller: NVIDIA Corporation Device 1bbb (rev 
a1)
02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd 
Device a808
70:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS525A 
PCI Express Card Reader (rev 01)
71:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd 
Device a808


(02:00.0 and 71:00.0 depend on NVMe devices being installed; the 
firmware is hiding them if they are empty).


If you connect something to the USB-C ports before booting Qubes (which 
is ignoring devices coming up after booting now) you will get additional 
devices like


04:00.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:00.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:01.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:02.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
05:04.0 PCI bridge: Intel Corporation Device 15ea (rev 06)
06:00.0 System peripheral: Intel Corporation Device 15eb (rev 06)
3a:00.0 USB controller: Intel Corporation Device 15ec (rev 06)

(06:00.0 being a Thunderbolt controller -- the device on the other end 
of the line, a TEKQ SSD "drive" doesn't show up and is not usable on 
Qubes but bloody fast on Windows and can keep your coffee hot)


Turning on the Intel GPU would add a

00:02.0 VGA compatible controller: Intel Corporation Device 3e9b

(but as soon as it is on, Qubes (better: Xen) is not showing more than 5 
lines of messages before the fan goes to high speed and  the system 
freezes).


3) The Intel NIC needs 

[qubes-users] The state of the HiDPI display support in Qubes

[Achim Patzner]

Hi!

As I'm trying to set up a Lenovo P52 with HiDPI display (and external 
nVidia GPU -- don't buy one without right now) I'm close to getting rid 
of it completely and install Windows on it...


1) Xfce is not bringing in a single HiDPI theme and the window 
decorations are looking extremely awful unless you find one of the 
scarce themes adapted for this. It would be nice to have at least one 
Theme suitable for an environment like this n the standard distribution. 
At least it is xfce -- setting resolution (and some other things) in 
.Xresources (or the default file in /etc) is solving the worst problems 
easily.


2) The Fedora VMs delivered with Qubes right now are still fully Gnome 
based, so just copying an appropriate Xresources is not sufficient 
(luckily someone created an fc28-xfce template VM; could we please have 
that as part of the standard distribution?) and one has to jump through 
hoops to set up the template correctly.


Could whoever is doing the VM startup scripts right now (still Marek?) 
consider expanding the X setup scripting to not only getting the screen 
size in pixels into the virtual X server but also the correct resolution 
and add a very late script that will, independently of the virtual 
session manager, move a copy of the X resource db data from Dom0 into 
the VM (in the current fedora template this is messed up by 
gsd-xsettings which is merrily overwriting what came from Xresources via 
xinitrc).


Petition: Take the developers' Lenovo laptops and replace them with 
generation 6 HiDPI X1 (and to completely annoy kernel developers they 
have to be using P52 or similar systems).



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em98d84865-1e63-45f4-bf99-bb2b2e5a317d%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes User Forum

[Achim Patzner]

Am Freitag, den 26.10.2018, 13:17 +0200 schrieb Zrubi:
> This means: it is able to sync any mailing list with a forum.
> So every mail posted to any of the qubes mailing lists will be
> received by the forum engine, and convert it to a forum post.

How well is it dealing with the endemic "I can earn 8000$ an hour by
selling all my grandmothers and so can you"-type forum spam (besides
having a houskeeping department consisting of more mods than users)?

> As the sync working both ways if a user post a new topic, or reply to
> an existing one using the forum interface, it will be sent out as a
> regular mail to the corresponding mailing list.
> 
> This way - if it's really work in practice - You don't have to chose
> one solution, both the mailing list and the forum can work and live
> together.
> 
> So if you prefer the forum interface - or just want to give it a try
> -
> you can login to the forum, and just start using it. :)
> Every kind of feedback are welcome. ;)
> 
> The direct registration is disabled for a reason:
> If you post any mail to one of the mailing lists, the forum engine
> creates a user account automatically, using your email address and
> your name (if you using any alongside your mail address)

And then sends out the password for that account by mail to the mailing
list? 8-)

> Some technical background:
> The domain name is registered by me for "personal use". But if the
> PoC
> will be successful, and/or the Qubes team ever would need it, I
> willing to cooperate.

If that would be a problem I would be able to donate the domain
irren.haus...


> The domain, and the hosting is paid for 12 months.

Even with 1&1 being quite cheap: How expensive is it?

> However I would really need help to:
> - test this solution, by using it :)
> - forum administrators also welcome.
> - some voluntary moderators would be nice also.

You mean "cleaning staff"? 8-) Sounds like a great idea if all heavy
duty users should volunteer some time for it.

> - creating a privacy policy, and such pages...

UGH.

To make it a bit more palatable: Make it Tapatalk compatible... 8-).


Achim



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48f3059ba0335fec955bd284c860fbed42be24e6.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB-C hub

[Achim Patzner]

Am Donnerstag, den 25.10.2018, 19:46 + schrieb 'Christophe Vial'
via qubes-users:
Any workaround for this problem ?

Connect the hub before booting and look at lspci; all my Lenovo systems
turn on the required controllers (and only them!) only after something
has been connected to the physical port and requested something. In
Qubes 3.2 this was annoying because there were sudden appearances of
USB (or Thunderbolt) controllers in Dom0 and it seems someone turned
off adding busses that appear after booting now (good decision).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/14b9c057b706c7c5a78780ff8790debdfb0b35d0.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo P52

[Achim Patzner]

Am Freitag, den 05.10.2018, 03:21 -0700 schrieb brendan.h...@gmail.com:
> On Thursday, October 4, 2018 at 3:05:00 PM UTC-4, Achim Patzner wrote:
> > Does anyone have an idea how to convince it to boot?
> 
> Ha ha ha, ouch. I am SOOO jealous of you right now ...but also feel so much 
> pain for you as well. That's a very expensive doorstop.

After IBM UK had to admit the _earliest_ possible date for a mainboard
replacement was December 15th it was surprisingly easy to get them to
accept "either DOA or I just return it and take my money to Apple". 8-)

> There should be 4 SODIMMS. Remove two to try booting with 64GB of RAM?

I was hoping for some boot command magic to get things done.
Removing/adding memory on current P series triggers 7 kind of demonic
things on the next boot (including ComuTrace if it was turned on).

> Can you not get to the BIOS by vigorously tapping F1 after power on, then 
> reset it to factory config?

No. It's deader than Spock was as it is not even initializing the boot
process (it is never leaving the ME's initialization stage). (Just in
case anyone wants to try it at home: In the EFI boot variables you will
find a _lot_ of strange stuff like "Lenovo Diagnostics" and similar
things as disabled boot entries. Removing them caused the same kind of
lock ups on my P70 (which got 9 replacement mainboards due to this
nonsense)).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3729565fda80976edfe7ef2d051fb1ae196322a.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Lenovo P52

[Achim Patzner]

I just tried installing Qubes 4.0 on a Lenovo P52 (out of the box, no
firmware updates) and it didn't even boot the distribution media off
USB (after trying several USB ports; there are at least three separate
controllers in this thing). I'm getting exactly 4 lines of mesages
during boot and as it is a 4k display I would have had to take a photo
of it to enlarge whatever was written there (so I can't really tell you
what I saw).

My first suspicion is the RAM; I ordered it with 128GB to keep it from
even thinking about swapping. Is there a limit on in the current
distribution?

The firmware has old bugs I encountered on P70 already; I turned off
secure boot and reordered the EFI boot entries resulting in a machine
that is not even displaying the Lenovo banner after turning it on so I
have enough time to think about the errors of my ways (kids, don't try
this at home -- there aren't any replacement mainboards in Europe and a
"repair" will take 6 weeks so you have to force IBM UK into calling it
a late DOA if it happens).

Does anyone have an idea how to convince it to boot?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9485b3e9bac5d921fcffbae2a1690d6f3048510b.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo ThinkPad P50

[Achim Patzner]

On 22.08.2018 09:36:33, "Benjamin Girdner"  
wrote:
Everything seems to have worked without any special troubleshooting.  
Docking station, multiple monitors, wireless network, lan network, etc  
My windows vm is a bit laggy at times when switching windows within the 
windows vm itself but I don't think that has anything to do with my 
hardware?


I would expect it to have the same problems as a P70 in regard to USB-C 
connectors (attaching devices will create new PCI attachments leading to 
new USB controllers showing up which will be attached to dom0 at that 
point. The same happens for Thunderbolt devices (but creating different 
entries). Not quite what I like...



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em3014d819-6270-4e67-bc28-303a81bf1f8a%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: Re: [qubes-users] Re: porting to ARM

[Achim Patzner]

On 11.01.2018 14:58:34, "Vít Šesták" 
 
wrote:


Qubes is a desktop OS*, so it does not make much sense to target ARM 
servers.


My current workstation is an Intel server system. What's wrong with that 
(besides the noise so the system is not exactly besides my desk)? I 
would definitely like using ARM-based (or POWER-based) systems instead 
just to throw a few bird droppings on Intel's heads.


Remember: Today the classification "server" does not mean "high I/O 
load-capable machine" but "very expensive system" the common user would 
not buy but is nice to have (as in Mac Pro with two 18-core CPUs and a 
metric shitload of memory -- on which booting Qubes is an adventure).



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/em9f53854b-e221-42bd-b337-05a4b0acc928%40sir-face.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes and HiDPI

[Achim Patzner]

Am 02.12.2016 um 00:25 schrieb pixel fairy:
> Im missing something here,

Yes

> why not just set your screen res in dom0 to 1920x1080 or whatever you
> find comfortable? 

 Because it is looking much better and for people spending more than 12
hours using a computer this makes a difference.


> i could see it useful for art or visualization. what other advantage would it 
> have?

Ask your ophtalmologist.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbfb5722-c62e-3c44-2b63-5504c5074687%40noses.com.
For more options, visit https://groups.google.com/d/optout.

"What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?

[Achim Patzner]

> Am 20.11.2016 um 21:16 schrieb Joonas Lehtonen 
> :
> 
> Hi,
> 
> since Qubes 3.1 is supported until 2017-03-29

This is a question I always wanted to ask: What does “support” mean in relation 
to Qubes? Security fixes? Plus bug fixes? Plus feature upgrades?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/51E5C22F-D678-4486-860D-BD4B94928B92%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Kaspersky OS

[Achim Patzner]

Am 20.11.2016 um 05:44 schrieb Fabian Wloch:
> And: Probably nothing will run on that Kaspersky OS, because its coded
> from scratch. No browser, no email client etc.

What would the be needed for? It's obviously not the intended use
anyway. As soon as there is a user in front of a terminal,
"hack-proofing" the system isn't possible as it is a known fact that the
stated goal of nature is creating dumber and dumber users. Technology
will never catch up.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33d51c17-48b3-4965-2093-0e382a03d8bc%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Kaspersky OS

[Achim Patzner]

Am 20.11.2016 um 05:26 schrieb Sec Tester:

> Dam maybe this could be a new super hardened VM for Qubes..?

All we get is a heap of paper. And a switch I could not even pre-order
yet. But I've got a few Qubes systems happily running.

It might be an ideal solution for the outward-facing VMs (networking,
firewall) as it is in fact a minimalistic OS for this kind of devices
(or why would they have put it on a router first?). But I could just as
well imagine them running on QNX which is obviously safe enouth to
protect Cisco hardware (think IOS XR) (keep in mind that the Cisco
vulnerabilities up to now are results from sloppily written non-core
functionality modules). I even wondered briefly if it was possible to
use a Mikrotik router VM on Qubes. Alas, someone has to provide it; I'm
not going to do that myself.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b37ccae-7caa-613c-bb6f-3208442a83e5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cryptsetup Vulnerability affects QubesOS?

[Achim Patzner]

Am 19.11.2016 um 12:54 schrieb Andrew David Wong:
> By default, Qubes does not encrypt /boot. Traditionally, that's
> because doing so would render the
> system unbootable. However, that's no longer true with newer versions
> of GRUB, which are now capable
> of booting from encrypted block devices.

There is still the option of grub-less EFI booting. With exotic setups
like mine which is getting its boot loader from an external USB device
that unlocks boot and compares checksums of relevant files to a table
stored on that external device.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc1a208a-b061-c626-4d6e-22b9d59d4948%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

[Achim Patzner]

Am 16.11.2016 um 11:53 schrieb taii...@gmx.com:
The "certified" program is stupid in its current form I agree but what 
is stopping you from buying a dell business or hpe machine with 
iommu/TPM and using that?


The uncertainty whether it will work with Qubes 4.0 at all as it is very 
improbable that it will support coreboot. And many companies require 
hardware fulfilling all requirements of the software they are planning 
to use so this will kill Qubes for them.


If you want a new open source firmware machine that supports adv. 
virtualization go hit up IBM, they'll happily sell you a high 
performance OpenPOWER8 system with just that, complete with a nice fat 
enterprise grade extended support maintenance contract.


Can I carry it around with me? I once had a SparcBook... Nice thing, that.


Coreboot is hobbyist/embedded pretty much,


That's the problem. Requiring it will exclude many from using Qubes. And 
a disclaimer "Qubes 4.0 might also work on EFI or even legacy firmware" 
isn nor enough reassurance.


the reason that only "outdated" designs are supported is because intel 
(and now AMD) actively tries to stop free firmware and people are 
mostly doing this on their spare time - it boils down to an issue of 
funding.


I don't care for the reason. There is no applicable "serious" hardware 
fulfilling the requirement so I cannot seriously try to move Qubes into 
corporate environments. Which will in the end severely restrictspreading 
of Qubes.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f84a708-565a-bbd3-516f-988560059d5e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

[Achim Patzner]

Am 15.11.2016 um 14:46 schrieb Andrew David Wong:
If you plan to be using the same machines for Qubes 4.x, you should 
also take into consideration the updated requirements for 
Qubes-certified hardware, which will go into effect for 4.x:

https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/


These requirements are probably the worst you can do for corporate 
users; they prefer "standard hardware"; even I would rather stop using 
Qubes than not being able to take any off-the-shelf Lenovo systems but 
having to use underperforming boxes from unknown sources. Keep in mind 
that the average company doesn't like hardware with broad maintenance 
contracts and won't buy outdated designs (and that's about every system 
supported by coreboot) either.



Achim

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db901ce2-ac2b-69e7-5204-52b978500373%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Improvement: check disk space before copy to VM

[Achim Patzner]

Am 14.11.2016 um 14:46 schrieb Robert Mittendorf:

> One basic principle of usability is to make it hard to make mistakes
> (including destroying work/files). 

Imagine a guy dressed in an elaborate tin can standing behind you,
kicking you down some cliff shouting "THIS... IS... UINX...". Really, it
is. Failing to copy a file is nothing dramatic. Nothing is destroyed,
nothing erased. Let some air out of the elephant until you can recognize
the shape of the original mosquito, would you?

> As I stated before I think the protocol would not have to become "more
> non-unidirectional" to improve on this.

Why don't you just write a proof -of-concept and put it on github? If it
is working well and showin an improvement I'm sure someone will add it
to the Qubes repositories. They are not that dogmatic.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75b2f969-3036-89ef-6e52-83e99dee5579%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

Am 10.11.2016 um 12:43 schrieb Eva Star:

>> I hope I'm not too offtopic but a gui option to shut down multiple vms at 
>> once would be cool.
> `qvm-shutdown --all --wait` -- will shutdown all VMs (if it helps)

Multiple, not all. Select multipel lines and then get a pop-up option
"shut these down". Or "qvm-shutdown --class=Template --all".


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/524504aa-61af-72ca-8db6-842c6aba33b2%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

Am 10.11.2016 um 00:24 schrieb Marek Marczykowski-Górecki:
> On Tue, Nov 08, 2016 at 10:37:02PM +0100, Achim Patzner wrote:
> > Maybe I should have added the (obviously in my eyes obvious) argument:
> > The current update-procedures are launched by a GUI-application and then
> > open a window that is asking questions which need keyboard interaction.
> > And in some cases the default answer (at least in Fedora) (which is
> > making things worse – at least the default Xterm is looking different
> > for Fedora and Debian) is not what you want. Or at least not what I want
> > (aborting the update). Now someone wants to add another bloody
> > interactive option that will require at least me to select the
> > non-default option.
>
> I'd like to change this default - indeed it is very confusing, but I
> don't know how.

Only be recompiling it. This is hardcoded. I remember a
"Linux-Stammtisch" in the area where the discussion over this topic
nearly led to bloodshed so please avoid supplying patches unless you've
got a black belt in something.

> The only related option is to accept automatically.
> Maybe this is the way to go?

I'm currently living with about 10 Fedora-based templates. I'm usually
updating the fattest, reviewing the list carefully and then go on with
the update. The others are just getting a treatment using qvm-run
(because I am annoyed by all those questions using the Manager). So
using "-y" on the command line would not be exactly what I consider safe
nor secure.

> Personally I like to review list of packages to be updated, but I guess
> most users don't do that.

… until they have been burnt. I just spent hours finding out how I
destroyed my native Arch system until I remembered that I'm EFI booting
without grub and forgot copying the new kernel (which I didn't notice
being installed because I didn't check the f* list) to /boot/efi/EFI/arch.

> I think it's important to give the user some feedback. Fully automated
> updates are somehow broken in most tools[1] - this is why we have this
> terminal window,

I guess I mentioned already that I'm mildly hating someone for using an
xterm in default settings 8-). Although it is looking coool when you're
updating 20 machines at the same time and showing your stamp collection
to someone I've yet to figure out how to use a different font size for it.

> instead of just some progress bar or something even less intrusive.

Sometimes I like the way Ubuntu and the likes are handling things –
until they break something. 8-)

> But automatically shutting down the template (after user have a chance
> to see update feedback) is a good idea. Something like "Press enter to
> shutdown template, or Ctrl-C to just close this window".

I once got into a serious discussion with Jordan Hubbard about the fact
that I really disliked the sudden pop-ups asking for something innocent
like "do you really want to shut down/have your cat slaughtered by
satanists/vote for Trump?" with the least convenient option being the
default while I was busily typing at something (you know that Macs are
used by pushing mice and touching pads; that's why you can remove keys,
one after the other, without any user noticing it).

It's the same with the update process; the keyboard is not flushed
before the "shutdown or not" question so any extraneous return key will
still be in the buffer. Shutting a machine down isn't as bad as messing
up your boot disk (which I did on the Mac by accepting a system update I
would not have accepted if I had time to read the pop-up) but you should
always be careful with users… Their attitude might type first, think later.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee71786a-1bf7-475b-3637-fee3a1e6bc38%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing VPN in Qubes Versus VPN on a Router

[Achim Patzner]

Am 13.11.2016 um 14:22 schrieb hed...@tutanota.com:

> 13. Nov 2016 08:48 by amad...@riseup.net :
>
> We see much correspondence in these forums about installing a VPN
> within Qubes. Surely, the most secure place for VPN is to install
> on a Router?
>

You might continue proving that this is the case for a router running on
its own VM compared to a router running on separate hardware but keep in
mind counting the problem of keeping the router's os current and free of
security-relevant problems.

> The solution they say is to isolate these rogue routers in the
> Militarized Zone by creating a DMZ [demilitarized zone]. Achieved
> by installing a 2nd router [flashed with open source firmware such
> as OPenWRT]. It is here, on the router, that we should enable and
> run OpenVPN.
>

And of course another router/packet filter/firewall/whatever behind it
as there could be something _inside_ the VPN that would not be agreaable
to you.

> Thoughts on this paper and it's conclusions are welcomed
>

There is a point where additional components won't give you
defense-in-depth but only additional complexity that will in the end
make you less secure.

> An always-on VPN connection on the router works well but can be a bit
> slow since the processing power of router CPUs is generally quite
> limited. If choosing a router, I'd suggest a dual-core ARM-based
> device. Although openvpn is only single-threaded you can usually
> configure cpu-affinity to place it on one core and the other routing
> tasks on the other core.
>

One of the GL-Inet small arm(s 8-) ) routers is sufficient for 80 MBit/s
(see https://www.gl-inet.com/). I'm using one of their "Mifi" devices
(https://www.gl-inet.com/mifi/) to write this and right now it is
holding up quite well with 150 MBit/s LTE plus an OpenVPN on top of it.
The only problem is the about 1MBit/s I'm getting from their uplink.

> For those who want to go beyond around 20-25 Mb/s, which is where an
> ARM router will start to reach its limits
>

Seriously? I doubt that. Right now I'm using an ASUS RT-AC5300 (ARM,
dual core) router on a 400/20 MBit link (residential cable) and even if
I'm sturating it using an OpenVPN process running on the router its
cores seem quite unimpressed. But maybe DD-WRT is magical.

> , a fine alternative is a small fanless PC, such as the Intel NUC or
> Gigabyte Brix, and run an open source firewall on it, instead of a router.
>

For security-sensitive applications I'm using a USBArmory-based
"crypto-afterburner" that I can plug into other machines offering two
"USB-NICs" and I don't have problems with reathing the USB bandwidth
limit. If it wasn't impossible to get a single USB port into a VM I
would have found a place to stick one inside my Thinkpad already. If
there was a Qubes developer feeling bored I would have thrown one at him
already to see if we could have a few interesting things introduced into
Qubes (like boot media running on a separate volume that need to be
unlocked first, external key storage, external crypto functions…)

> Finally, I've always felt that running a vpn on Qubes and having an
> always-on vpn running on a router/PC complement each other.

And an independent packet filter in front of it. And one behind it. And
no wireless networking in between any component. Again: Consider a USB
Armory; write some interesting tools, add them to Qubes. That might
really help.


Achom

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a07e2dfb-10f7-d37e-50f4-0712f8d25453%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Archlinux template – dend early Christmas gifts to Marek ASAP! Re: [qubes-users] Arch-template and Firefox (49.0.2)

[Achim Patzner]

> qubes-template-archlinux package is available qubes-templates-community 
> repository!

Make a wish 8-). But watch the movie “Wishmaster” first to see why getting more 
Genies is not a good idea.

> I haven't tested it in any way. It include only what builder-archlinux
> scripts does

> - test it out

Without testing it (I do not have real bandwidth in the middle of nowhere right 
now): Did you modify /etc/fstab to mount a /dev/shm larger than 256MB?

> - automate powerpill setup (probably as part of core-agent-linux
>   repository - some post-installation script or such)

As much as I am in favor of it, everybody with a good grasp on security should 
think what was the least of three evils: Adding another repository (for 
powerpill as package), using the AUR to install powerpill or giving his 
template access to the network for updating (while updating). I’m still not 
clear about it myself (although using powerpill at home with a 400 MBit line 
is… fascinating).

> - adjust https://www.qubes-os.org/doc/templates/archlinux/
> - write some separate announcement(?)

Just change the subject on this message 8-)


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0F71EC19-F107-4BF9-85C3-5AEE0D568392%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

Am 08.11.2016 um 12:31 schrieb Andrew David Wong:
> >>> After template updated ask user at the console to shutdown current
> template.
> >>
> >>> "Shutdown current template [Y/n]"
> >>
> >> Currently tracking a very similar suggestion here:
> >>
> >> https://github.com/QubesOS/qubes-issues/issues/832
>
> > Wouldn't a command-line tool qvm-update-template [--all]
> > [--shutdown-after-upgrade] [, ]* be much more
> flexible?
>
> Yes, but I don't think the primarily goal of that ticket is flexibility.
> Rather, I think it's to implement a quality-of-life feature that will
> benefit users generally, including novice users who never touch the
> command-line.

Maybe I should have added the (obviously in my eyes obvious) argument:
The current update-procedures are launched by a GUI-application and then
open a window that is asking questions which need keyboard interaction.
And in some cases the default answer (at least in Fedora) (which is
making things worse – at least the default Xterm is looking different
for Fedora and Debian) is not what you want. Or at least not what I want
(aborting the update). Now someone wants to add another bloody
interactive option that will require at least me to select the
non-default option.

No. Thank you very much, but no. If someone is making things even more
like a text adventure they could just as well do it right, make the
update process command line based and give up interactive decisions in
favor of command line parameters to finally deliver a launch-and-forget
solution. That could be easily scripted without opening that barrel of salt.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24af09d7-f174-a1b7-e0d9-ac7e659f93a4%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [feature request] Shutdown template after update

[Achim Patzner]

m 08.11.2016 um 10:07 schrieb Andrew David Wong:
> On 2016-11-07 10:05, Eva Star wrote:
> > After template updated ask user at the console to shutdown current
> template.
>
> > "Shutdown current template [Y/n]"
>
>
> Currently tracking a very similar suggestion here:
>
> https://github.com/QubesOS/qubes-issues/issues/832

Wouldn't a command-line tool qvm-update-template [--all]
[--shutdown-after-upgrade] [, ]* be much more flexible?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04a97647-4ff9-0636-239d-55ce636e3f46%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3 MacOSX

[Achim Patzner]

Am 06.11.2016 um 10:42 schrieb Alex:

> On 11/06/2016 10:31 AM, Jeremy Rand wrote:
> Actually reading the license of OSX available at
> https://store.apple.com/Catalog/US/Images/MacOSX.htm is very easy
> because they are awfully short and simple, compared to a lot of other
> software.
>
> And in 2.A. there is the actual permitted use:
>> This License allows you to install and use one copy of the Apple 
>> Software on a single Apple-labeled computer at a time.
> which means that you can own an Apple Mac computer, install
> Qubes/Linux/what you want on it, install VirtualBox/VMWare/Xen on it,
> and have an OSX virtual machine while still behaving according to the
> license.

There were other people who thought it would be that simple (mind you,
I'm not talking about Mac OS X Server, a product that became a 30$
add-on later); does anyone remember a product called VMware Fusion
version 4.10 which suddenly removed the artificial barrier against
running non-Server Mac OS X on VMware and which had ot be replaced by
version 4.11 only two weeks later with the only bug fixed being able to
run Mac OS X on a VM? That must have ben one hell f a letter Apple sent,
I guess I would pay for reading it.

> The third point, "ensure your physical system is an Apple-labeled
> computer", explicits the then-actual license conditions to run a
> virtualized OSX within the license terms.

And if you do, you can run VMware ESXi on a Mac Pro cluster and use it
to virtualize multiple Mac OS-based machines, as long as they are
installing Server.app on them. One of our customers is doing it to get
the applications from his old Mac Servers running in a world where the
most important customer is obviously the iPad Pro user...

> AFAIK, by the link from the apple store reported above, these terms are
> still valid - you can run a virtualized OSX and be within the license
> terms if it is the only instance you run, and it runs on an
> Apple-labeled computer.

Point is: You can't buy a valid license without buying a machine with
it. I guess you could buy *heaps* of Mac mini just to obtain licenses...
Just like having to buy defective power supplies to get MagSafe
connectors. And Apple does not attack the people breaking the licenses;
they are usually aiming at those who enable others to break them (which
I regard as a good thing).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b63a0115-312d-a809-8cad-62154112c7b0%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?

[Achim Patzner]

Am 03.11.2016 um 19:51 schrieb Marek Marczykowski-Górecki:
> Really is all that needed? I'd guess you need to have the window visible
> during calibration only, which means it should be ok to manually switch
> it to fullscreen (from titlebar menu) for that time only. As for the
> brightness - is it ok to set it manually?

If you take a closer look at the W540's hand rest area you'll notice a
small camera-like device. This is a built-in colorimeter. The Windows
software coming with it is about the worst piece of "I have to ignore
all kinds of security" trash I've ever seen. It is running as "local
system" in order to control screen brightness and turn the screen
on/interdict sleep while the lid is closed in order to run. I can't
really imagine anyone really wanting to use it (considering the fact
that the Windows software is carrying about 100MB into your system,
parts of it having more privileges than Administrator – who needs that
much stuff for calculationg a color profile using specialized hardware?).

So yes, the software seems to need those rights (including modifying
screen brightness during measurement, at least in the case of Lenovo).

> Of course in practice calibration software may not like those
> constrains...

I would bet on it. Maybe Zrubi can bribe you with 5kg of assorted
chocolate to try it yourself (some years ago this
https://www.amazon.de/Toblerone-Jumbo-1er-Pack-4-5/dp/B004INT01A used to
be quite good currency to convince developers).



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c96dfcef-f6fa-2b1f-f466-1af92b8478fa%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Arch-template and Firefox (49.0.2)

[Achim Patzner]

Hi!


I just tried moving my main working environments from the Fedora
template to Arch. All in all a much better user experience for nearly
everything besides one thing: Firefox tabs are constantly crashing. If
I'm opening the same URLs on a native Arch installation or other
templates the contents is displayed without any problems. Am I the only
one with that problem?


And no, no plugins installed at all.


Besides that: I could live without ever getiing a Ubuntu (or lookalike)
template but it might be time to adopt the Arch template (even if that
means the debian template was dropped completely). (Marek: What could we
offer to convince a core developer that he always wanted to do this?)



Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92613b45-b8ae-b19f-32f0-97615d6f86e0%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Introducing the qubes-announce read-only mailing list

[Achim Patzner]

Am 28.10.2016 um 12:32 schrieb Manuel Amador (Rudd-O):

> Forgive me for asking this: 

Forgiveness granted.

> Anyone else beginning to get annoyed

No. I'm so far beyond the beginning that I'll probably start being
unfriendly to him soon.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00509084-0c7e-2822-5b1b-f8f270f1f1d5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Introducing the qubes-announce read-only mailing list

[Achim Patzner]

Am 28.10.2016 um 02:00 schrieb Drew White:
> On Friday, 28 October 2016 10:57:03 UTC+11, Andrew David Wong  wrote:
> We've just introduced a new mailing list: qubes-announce
> > So it's a forum, not a mailing list >

No, darling. It's a mailing liist. The contents are transferred to
registered users by mail and only those subscribed will receive it. The
contents are distributed by SMTP. The link he sent is an explanation
page on a web server.

Don't pretend to be dumber than you are, it doesn't make you look better.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf2f3c00-5ae6-2f86-389c-1e7e11bda8dd%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Remnder: Ubuntu-template anyone?

[Achim Patzner]

Am 26.10.2016 um 00:17 schrieb Unman:

> On Tue, Oct 25, 2016 at 11:17:44AM +0200, Robert Mittendorf wrote:
>> What would be the advantage of a Ubuntu-template compared to the Debian
>> template?
>> (No offense, I'm just curious)
>>
> No offense taken.
>
> Comparing Stable with LTS, probably not that great a difference. Perhaps
> Ubuntu is slightly easier out of the box and the core software is well
> integrated.
> Comparing stable with Ubuntu releases, Ubuntu will generally have newer
> versions and better driver support.

Even Arch was already a major improvement for me... I've baesd most of
my machines on a (rather easy to produce) arch template...


Achim


>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53fea010-1d22-2210-c9dc-deb1817bcd79%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Import a .img file (Windows7) into Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:30 schrieb jidar :
> 
> qemu-img has worked for an "enterprise" VM I use without any issue (going 
> from VMDK to raw/qcow2). If the disk is encrypted you might be SOL though.

It was the LanDesk Manager that killed me last time…


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/F1EDB378-64C4-46D4-8CE8-F1E0A06D9E0C%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Future plans for KDE on Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:14 schrieb Marek Marczykowski-Górecki:
> I think we can keep its current state. Shouldn't be a problem for Qubes
> 4.0 and later. At least until next major incompatible changes in KDE...

I'm wondering whether I should try to get one of the discontinued Lenovo
P50 with 3840x2160 dots at 15" just to make someone's eyes bleed
enough... Believe me, even with all available settings it is not usable
with xfce; not everything in a window will be text and not every
application is taking care of adapting to Xft.dpi.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ff2a1f6-3bbf-ba59-5e78-4973de4d1221%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Import a .img file (Windows7) into Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:10 schrieb Marek Marczykowski-Górecki:
> On Sun, Oct 23, 2016 at 12:29:32PM -0700, Dima Puntus wrote:
> > Is it possible at all? I'm trying to virtualize my windows machine
> and move
> > entirely to Qubes. Some of the applications can't be reinstalled so
> fresh
> > install isn't an option.
>
> Should be possible, but probably you'll need to install some drivers (as
> the emulated hardware is most likely different than your real one).

And it depends on the installed software; some "enterprise-typical
software" for remote administration will make things hard to impossible
(I have  a few machines) that really work hard on not being compatible
with Qubes, even as pure HVM without any XEN drivers).

> You'll need a lot of disk space for this... You can make it smaller by
> first filling all free space of the (windows) disk with zeros (create
> big file with zeros, then remove it). And then add "conv=sparse" to dd
> command. It will not copy unused space.

If wasting money is not a problem you can use a physical-to-virtual tool
to convert it to a VMware image which will do all those things on the
way and convert the VMware disk to a Xen image; the better ones will
also disable drivers that won't work in virtual environments.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa1af92a-9c39-e44c-af94-5727153d6636%40noses.com.
For more options, visit https://groups.google.com/d/optout.