Re: [qubes-users] xfce4 saved session
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Dodgson wrote on Wednesday, 30.03.2022 at 08:23: > I've found the small problem at the origin of this behavior on my system. > I'm no using the gui domain. > Nevertheless, when starting the qubes manager > (qubes-qube-manager) from the "Qubes Domains" icon, the qubes > manager is not part of the session. It does not even appear in > the current session on "Q" -> "System Tools" -> "Session and > StartUp" -> "Current Session". Now, when the qubes manager > (qubes-qube-manager) is started from "Q" -> "Qubes Tools" -> > "Qubes Manager", it appears in the current session and is > saved and restarted on login. Can anyone replicate this? I was able to reproduce *THIS* behaviour on my Qubes-OS 4.1 installation. I assume that this particular difference is related to the Xfce4 desktop environment and how applications are started from the desktop. However I've no idea how this could be fixed. May be the Xfce developers (some are active in the Xfce forum here: https://forum.xfce.org/search.php ) can help on this issue. Best regards, Peter Funk - -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 -BEGIN PGP SIGNATURE- iF0EARECAB0WIQROI4Mqw5CyN8/txIPLSSWCQ2k3QgUCYkRZ1gAKCRDLSSWCQ2k3 Qp4wAJ9CqEGLLMcbTzi2TGBdyjitMeh2swCcDBHmZGdTIt10YQ5UHShzDYMY1qY= =XUr8 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YkRZ3NFFtnOFdFpg%40arbeit.
Re: [qubes-users] How to use optical media (audio CDs and CDR, DVD, etc...) in qubes?
Hello, Last weekend 05.03.2022 11:53 'awokd' replied via qubes-users : > Peter Funk (that's me) : > > > https://www.qubes-os.org/doc/how-to-use-optical-discs/ > > I'm now a little bit concerned that I might not be able to make > > proper use of the Vendor: TSSTcorp Model: BDDVDW SN-506BB optical > > drive built into my laptop. > > > > Any advice how I can get around this? Or do I have to hope that > > a future version von Qubes-OS/Xen might include a driver which will > > allow to run sound-juicer in qube (guest)? > > Option #2 in the link may work with your laptop, but controller passthrough > is hit or miss and someone would have to have the same model of laptop to > say for sure if it would work. The motherboard of my laptop has only one single SATA controller: SATA controller: Intel Corporation 7 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04) If I try to use this as a passthrough device in the devices tab of the settings of a certain qube then my Qubes-OS system freezes immediately when I try to start this certain qube. I think the Qube Manager should forbid this. If the situation in dom0 is as follows (Shell-Pseudocode) then the Qube Manager gui should stop users being as naive as I was: if [ `lspci | grep SATA | wc -l` = 1 ] || [ selected_controller_is_SATA ] then error "passthrough would stop system disk from working" fi So for the moment I've given up any hope that I could use my builtin bluray drive of my laptop in Qubes-OS to work with any optical media. The next thing I tried was to plug an external USB optical drive into one of the USB ports. This also appears fine in the device manager menu similar to the builtin optical drive before when I put a audio media into that one. I can assign this sys-usb:sr0 device to the qube with the gnome sound juicer application installed. However this will not work either, because the virtual block device (/dev/xvdi in my case) appears not have some magical properties of a real audio cdrom this application seems to expect. Even creating symbolic links /dev/sr0 or /dev/cdrom pointing to /dev/xvdi are not sufficient enough to trick the program into reading the content of this device as audio cdrom tracks. The error message "Sound Juicer could not find any CD-ROM drives to read." persists. I've also tried other applications: K3B from KDE and clementine. Same problem. Best regards (Liebe Grüße), Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi3ZuAkABuPhwrCN%40arbeit. signature.asc Description: PGP signature
How to use "inline PGP"? (was: Re: [qubes-users] Should the footer at the bottom of the mailing list be deleted?)
Hello, Demi Marie Obenour wrote Wednesday, 09.03.2022 16:33: > On Wed, Mar 09, 2022 at 04:25:11PM -0500, Demi Marie Obenour wrote: > > The footer on each message is rather annoying, mostly because it breaks > > digital signatures. Should it be set to the empty string, or do its > > benefits outweigh the drawbacks? > > Looks like Google mangles the message in other ways, too. In my case, > the charset is changed from us-ascii to UTF-8, and the > Content-Transfer-Encoding header is removed, with the `=20` at the end > of one line being replaced by a space. So the only solutions are either > inline PGP or to switch list hosting solutions. Where can I learn, how to use inline PGP (GPG) properly in my messages? I use 'mutt' as my preferred MUA. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 office ✉: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany; ☎:+49-421-20419-0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YinifIFO9rwL2%2BK3%40arbeit. signature.asc Description: PGP signature
Re: [qubes-users] xfce4 saved session
Hello, Charles Dodgson wrote Wednesday, 09.03.2022 10:55: > Hello, > > I have a small problem with the xfce4 session on qubes 4.1. > when I login, I start the qubes manager (qubes-qube-manager) > and a xfce4-terminal. If I logout and then login again (or > restart) the xfce4-terminal appears but the qubes manager > does not. The qubes manager appears in the xfce4 session > files under ~/.cache/sessions/xfce4-X but it does > not load. Back in 4.0.x, the session would work as expected. > > Has anyone noticed this? Thanks, > Charles I started the Qube Manager using the Q-Menu -> Qubes Tools -> Qube Manager and logged out. After logging in again the Qube Manager was started again. So I can't reproduce the behaviour you described above with my Qubes-OS 4.1.0 installation. However: I do not use the experimental gui domain yet. My gui is still running in dom0 as it used to be in 4.0.4. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 office ✉: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany; ☎:+49-421-20419-0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YiiffrELi/tYZa1a%40arbeit. signature.asc Description: PGP signature
[qubes-users] How to use optical media (audio CDs and CDR, DVD, etc...) in qubes?
Hello, In the past I used the builtin SATA optical drive of my laptop to play audio CDs from my collection or convert them into .ogg or .mp3 files. This was before I migrated from Ubuntu to Qubes-OS. Now I'm looking for a suitable way to use the application sound-juicer which worked really nice in Ubuntu. After reading the documentation here: https://www.qubes-os.org/doc/how-to-use-optical-discs/ I'm now a little bit concerned that I might not be able to make proper use of the Vendor: TSSTcorp Model: BDDVDW SN-506BB optical drive built into my laptop. Any advice how I can get around this? Or do I have to hope that a future version von Qubes-OS/Xen might include a driver which will allow to run sound-juicer in qube (guest)? Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YhkJue49eg8J1BIs%40arbeit. signature.asc Description: PGP signature
[qubes-users] HCL report: Schenker Xirios = Clevo P170EM barebone with Qubes-OS 4.1.0
Dear Sven, Sven Semmler schrieb am 08.02.2022 um 15:24: > Everyone! > > When you upgrade to / install R4.1 please submit a new HCL report. > > This is a very quick and easy 2 minute way of supporting the project! > > If your machine fulfills the following criteria, please call it out for > inclusion in the community-recommended list: > > * Qubes OS installs without any workarounds > * Graphics, networking, audio and suspend work without troubleshooting > * Recommended 16 GB RAM are possible > * Keyboard can be connected via PS/2 in case of desktops > * Readily available to be purchased (including pre-owned) I took me a while to migrate my E-Mail setup from Qubes-OS 4.0.4 to my fresh install of Qubes-OS 4.1.0 Below you find the edited output of my `qubes-hcl-report`: Liebe Grüße, Peter Funk -- cut here 8< - 8< - 8< - 8< - 8< - 8< - 8< -- layout: 'hcl' type: 'notebook' hvm: 'yes' iommu: 'yes' slat: 'yes' tpm: 'unknown' remap: 'yes' brand: | Schenker Xirios build based on a CLEVO barebone model: | P170EM bios: | 4.6.5 cpu: | Intel(R) Core(TM) i7-3540M CPU @ 3.00GHz cpu-short: | Intel i7-3540M chipset: | Intel Corporation 3rd Gen Core processor DRAM Controller [8086:0154] (rev 09) chipset-short: | FIXME gpu: | Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 09) (prog-if 00 [VGA controller]) NVIDIA Corporation GK104M [GeForce GTX 670MX] [10de:11a1] (rev a1) (prog-if 00 [VGA controller]) gpu-short: | NVidia GTX670MX network: | Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0a) Intel Corporation Centrino Wireless-N 2230 (rev c4) memory: | 16276 scsi: | HFS480G3H2X069N Rev: DZ00 ST2000LM003 HN-M Rev: 0001 BDDVDW SN-506BB Rev: SB00 MTFDDAK480TDCRev: F003 usb: | 3 versions: - works: 'yes' qubes: | R4.1 xen: | 4.14.3 kernel: | 5.10.90-1 remark: | The performance in Qubes-OS was not as good as in Ubuntu. I had to change "smt=off" to "sched-gran=core smt=on" in order to enable hyper threading. That was first possible with Qubes 4.1.0. In Qubes 4.0.4 hyper threading was disabled. credit: | Peter Funk link: | https://www.artcom.gmbh/ --- -- >8 - >8 - >8 - >8 --- cut here again >8 - >8 -- -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 office ✉: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany; ☎:+49-421-20419-0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YhIvKCW63n7dNhM/%40arbeit. signature.asc Description: PGP signature
[qubes-users] zenity is not installed in dom0 by default in Qubes-OS 4.1.0
Hello all, While playing around with a freshly installed Qubes-OS 4.1.0 I discovered by accident that there are a few core commands which make still use of the utility program zenity to display error messages but the package zenity is not installed in dom0 by default. For me the fix was easy:: sudo qubes-dom0-update zenity I added the missing tool. Out of curiosity I had a look into the sources and found at least three places which make use of zenity:: $ grep -rn zenity . ./qubes-core-admin-linux/file-copy-vm/qfile-dom0-agent.c:23:#define ZENITY_CMD "zenity --title 'File copy/move error' --warning --text " ./qubes-core-admin-linux/dom0-updates/qubes-dom0-update:187: zenity --error --text "$message1\n$message2" ./qubes-core-admin-linux/dom0-updates/qubes-dom0-update:334:zenity --info --title='Dom0 updates' --text='No updates available' So since kdialog is also not installed by default I believe this could be considered as a bug in the default package selection. Either zenity should be installed in dom0 by default or these three places in qubes-core-admin-linux should be changed to some other mechanism to display error messages. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yg40KVrds3wR8UJ7%40arbeit. signature.asc Description: PGP signature
Re: [qubes-users] Help using qubes as testing VMs
Eric W. Biederman schrieb am Monday, den 24.01.2022 um 12:01: ... > >>> https://www.qubes-os.org/doc/firewall has information about enabling > >>> networking between qubes. ... > > nft flush ruleset ... > In particular "nft flush ruleset" was needed before any iptables changes > were reflected in the forwarding behavior. Very interesting! I've a comparable setup in my qubes-firewall-user-script but since the fedora-34 template receive updates so frequently I've switched template for my sys-firewall to debian-11. For me this `nft flush ruleset` command wasn't necessary. I will try to switch my sys-firewall back to the fedora-34 to see if this will break things for me and if adding this command will fix it. Thank you for figuring this out. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 homeoffice ☎:+49-4222-950270 office ✉: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany; ☎:+49-421-20419-0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YfAEK%2BQ4zIUEgO5u%40work.
Re: [qubes-users] Solved: null pointer reference in kernel-latest in QubesOS 4.0
Hi, On Thu, Nov 18, 2021 at 01:21:23PM +0100, I wrote: ... > On Thu, Nov 18, 2021 at 07:00:58PM +0900, Jin-oh Kang wrote: > > libvirtd tried to assign the USB controller to a VM, and the USB controller > > was already attached to the driver (xhci-pci) in dom0. The bug was > > triggered while the driver was detaching itself. ... > > Try one of the following: > > > > - Temporarily detach the USB controller from the VM. > > - Blacklist the xhci-pci driver in dom0. (create a .conf file with line > > "blacklist xhci-pci" in /etc/modprobe.d) ... > I will try blacklisting the xhci-pci as you suggested above and report > later, whether this made a difference. I have tried the second suggestion: At first this made no difference. The kernel-latest (5.13) was still rebooting itself. I took me a while to figure out that additionally I had to recreate the initramfs belonging to this kernel using the following commands:: sudo mkinitrd new_initramfs-5.13.6-1.fc25.qubes.x86_64.img \ 5.13.6-1.fc25.qubes.x86_64 sudo mv initramfs-5.13.6-1.fc25.qubes.x86_64.img \ initramfs-5.13.6-1.fc25.qubes.x86_64.img.orig sudo mv new_initramfs-5.13.6-1.fc25.qubes.x86_64.img \ initramfs-5.13.6-1.fc25.qubes.x86_64.img Afterwards I was able to boot into the new kernel. However now I had to use the builtin keyboard of my laptop to enter the LUKS-Passphrase. After startup of the sys-usb qube the external keyboard becomes usable again. Furthermore me and also some others in our german language Qubes-OS user group noticed a new effect: After typing Enter in the LUKS passphrase input field for some fractions of a second some blinking pixel gibberish appears above the passphrase input field just before the screen is cleared. Neither of these problems were/are present in the stable kernel vmlinuz-5.4.143-1.fc25.qubes.x86_64 I installed August 27th this year. So I think those effects could be considered as regressions. Best regards, Peter Funk -- Peter Funk; Oldenburger Str.86, 2 Ganderkesee, Germany homeoffice phone: +49-4222-950270 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2029113645.GB8739%40artcom0-ac50365.artcom-gmbh.de.
Re: [qubes-users] null pointer reference in kernel-latest in QubesOS 4.0
Hi, Thanks for taking the time to have a look at my problem. On Thu, Nov 18, 2021 at 07:00:58PM +0900, Jin-oh Kang wrote: > libvirtd tried to assign the USB controller to a VM, and the USB controller > was already attached to the driver (xhci-pci) in dom0. The bug was > triggered while the driver was detaching itself. Interesting. I've not changed my setup and I'm currently writing this while running the same configuration with dom0 5.4.143-1.fc25.qubes.x86_64 So I think this bug is new. It was reproducable though. I've tried booting the 5.13.6-1.fc25.qubes.x86_64 from kernel-latest at least five times in a row to make sure it is no race condition. > Try one of the following: > > - Temporarily detach the USB controller from the VM. > - Blacklist the xhci-pci driver in dom0. (create a .conf file with line > "blacklist xhci-pci" in /etc/modprobe.d) I'm using an external keyboard, which is attached to my laptop through one of it's USB controllers. Because I've usually mounted the laptop on a stand, I don't want to be forced to use the internal keyboard to enter the LUKS passphrase. I will try blacklisting the xhci-pci as you suggested above and report later, whether this made a difference. Best regards, Peter Funk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2028122123.GA13687%40artcom0-ac50365.artcom-gmbh.de.
Intrusion detection (was: Re: [qubes-users] Q: Installing additional software)
unman schrieb am Samstag, den 16.01.2021 um 01:39: ... > Many attacks rely on chaining exploits and loopholes in an assortment of > applications and libraries. > You see this very often in "capture the flag" contests, and in real > world attacks. ... > Are there risks? Of course. Sorry for stealing this thread and jumping to a related topic: If someone is going to attack my digital life I would like to know about it. What do you think about HIDS (host-based intrusion detection systems)? For example https://www.la-samhna.de/samhain/index.html is such a system. While your point about broadening the attack surface will certainly also apply to such additional software it might on the other hand help to get hints that you or more specific a certain qube of yours is currently being attacked. Best regards (oder in Deutsch: Liebe Grüße), Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210118122742.GB32586%40pfmaster-P170EM. signature.asc Description: Digital signature
Re: [qubes-users] A way to "write configurations" to SALT?
Hello all, Stumpy schrieb am Dienstag, den 21.07.2020 um 07:14: > I have been trying to figure out SALT in my spare time and every > time I start I finish with watery eyes and a mushy brain... for me > its hard to wrap my head around. > > While I am not giving up per se it occurred to me, so i just thought > id ask on the off chance its possible... Can one say setup an AppVM > and configure it to ones own needs _then_ somehow write that > configuration to SALT? While this seems unlikely I have to ask. I'm no expert, but I believe this is not possible per se. However: When you wrote "setup an AppVM and configure it" do you meant doing the configuration on the terminal command line as a sequence of shell commands? If so then keep a full record of all those configuration commands using the shell history command: history > log_of_my_personal_configuration_actions I recommend to first set the following variables in your $HOME/.bashrc files: export HISTSIZE=10 export HISTFILESIZE=20 export HISTTIMEFORMAT="%F %T " The default values of HISTSIZE and HISTFILESIZE are small so chances are you could loose something otherwise. This will help later on if you want to review all of your own configuration actions and when you did what. If you configure something by editing certain configuration files I would recommend to make copies of the original files first to be able to produce .patch files using the command: diff -u some_configfile.orig some_configfile > some_configfile.patch Those could also be useful later. I hope this helps to get you somewhat started. Turning those history log and .patch files into a set of SALT configuration files is however completely another story. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200721130439.GA601%40pfmaster-P170EM. signature.asc Description: Digital signature
Re: [qubes-users] Security advantages of static DVMs for sys-VMs?
fiftyfourthparal...@gmail.com asked: > I read about running sys-vms as static disposable VMs on the Qubes > documentation site > <https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys->, > > then on the Whonix guide to Qubes security > <https://www.whonix.org/wiki/Qubes-Whonix_Security>. I have my reservations > about this (but then I'm no expert) and it feels like the outcome will be > unstable and hard to use. However, since this is on both the Qubes and > Whonix sites, this is probably worth looking at. > > What do you think about using static DVMs as sys-VMs? I'm no real expert either. But from my knowledge so far: The basic idea of disposable VMs is, that any bad change to this virtual machine is disposed (thrown away) after a restart by returning to an "known good state" automatically. However: If it was possible in the first place that something bad happened to this "known good state" then starting over will not remove this possibility for future events. Throwing everything away will also delete any evidence that something bad might have happened to this part of your digital life and will make later analysis of the events harder. I think those disposable VMs are great if you want to enter new unexplored territory and want to keep the risk of your experiments under better control. However if for example you use an external USB keyboard (as most of us must today as the old PS/2 connector is dead) and you have this device connected to your Qubes OS laptop using the ordinary USB socket then I see not much gain by bothering about making sys-usb a static DisposableVM. Please correct me if I'm wrong. Best regards, Peter. -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200716102604.GD15925%40pfmaster-P170EM. signature.asc Description: Digital signature
[qubes-users] broken link in https://www.qubes-os.org/doc/vm-sudo/
While reading in the official Qubes OS documentation I discovered a broken link in the page titled "Passwordless Root Access in VMs" in "Background (/etc/sudoers.d/qubes in VM)". I was interested in the Background and was unable to find the mentioned https://github.com/QubesOS/qubes-core-agent-linux/blob/master/misc/qubes.sudoers anywhere else. Does anybody know where this was moved to? Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200713095115.GA15085%40pfmaster-P170EM.
Re: [qubes-users] How to make aliases persistent?
Alex Lu asked 10.07.2020 at 08:28: > For example, when I type: > > alias ll='ls -lh' > > it works just fine, but after restarting the VM (either appVM or > templateVM), I have to do all over it again. This question is not really Qubes OS specific. If you want these aliases to persist you have to put them into the "run commands" file of your command line interpreter (the shell). This is most likely the BASH. (see https://en.wikipedia.org/wiki/Bash_(Unix_shell) for more information). The usual "run commands" file of the your BASH is called "$HOME/.bashrc". So you could either use an text editor of your choice to edit this file or you could append the alias commands to this file by typing: echo "alias ll='ls -lh'" >>$HOME/.bashrc Luckily the $HOME directory is located in /rw of your appVM so these edits should persist after a restart of either type of VM. Regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200710091657.GD12515%40pfmaster-P170EM. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.12 (GNU/Linux) mQGiBEDUE2ERBACj3D1taoubhECjVe/QMp0FJXdHC5IZ9l/CUb0HDez+WjiERCvg NqP+Qj/Ot1hmNETitXhskNu/wIqmukHRGsozgEC+6j9jLGDh16Hh2l0npUUZIWz+ yZnLY5BwGNCDsgERw4vVkbm+MgmQaED4tFuFbToc3FIQM1wTx04OgdUcPwCg0xEV VY7ODo/A0QDD6Vn1NX8qjOMD/j83AbRI9nUxdDwwoG0pd47Dr4F1b4bEtnJlqlZP X4G3UeKPlCfCoq2MLmLK5dNThCV264C8GxbLRmG9y6L5z2Ma1cXhcIjyRtzaHrEL ERYqa01G09D/2lW/vRiK+bOS5glJE+CLIDsefrsTV1YD/pV7RXb6CR97KZuUWJDh WCYpBACE2mmFmxLbM/XvKDIqyIUq6pvCUAoOa5TwPN50evYb4gatdbMBJDeUwXrx gvkQx/rGdXG/U/aJLQx0Gl2ZlVdfnXh6dS5yyrSBPKgRBasgHzuIewE4lDXf8770 VI/G5S6vpv+OSGBF8XGgqRxT+5UjwlPYDe3SoDUtBbUrcUFoSLReUGV0ZXIgRnVu ayAoMDQyMjItOTUwMjgwLCBPbGRlbmJ1cmdlciBTdHIuODYsIEQtMjc3NzcgR2Fu ZGVya2VzZWUpIDxwZkBhcnRjb20wLmFydGNvbS1nbWJoLmRlPohfBBMRAgAXBQJB VWQUBQsHCgMEAxUDAgMWAgECF4AAEgkQy0klgkNpN0IHZUdQRwABASWEAKCSgxzJ fgWED7hipTk+Kp5PMtmfWwCgsZT5XlzcqabWmjZXkzaQCY6VHHG0VlBldGVyIEZ1 bmsgKDAxNzktNjQwODg3OCwgT2xkZW5idXJnZXIgU3RyLjg2LCBELTI3Nzc3IEdh bmRlcmtlc2VlKSA8cGZAYXJ0Y29tLWdtYmguZGU+iF8EExECABcFAkDUE2EFCwcK AwQDFQMCAxYCAQIXgAASCRDLSSWCQ2k3QgdlR1BHAAEBNSQAniU9Es87RFUfIKZg YNNd4+ibNkRLAJ4ihRP/zFeivtq7yid6BnEQTK8O6LRZUGV0ZXIgRnVuayAob2Zm aWNlOiBBcnRDb20gR21iSCwgTGlzZS1NZWl0bmVyLVN0ci4gNSwgRC0yODM1OSBC cmVtZW4pIDxwZkBhcnRjb20tZ21iaC5kZT6IXwQTEQIAFwUCQVBAhgULBwoDBAMV AwIDFgIBAheAABIJEMtJJYJDaTdCB2VHUEcAAQH+4gCgtbrZGnHyWZ99RUD7T3oH J+75KhIAn2w7Za+EBHCvqjcjFarABSzyaCZE0dFn0WUBEAABAQAA AP/Y/+AAEEpGSUYAAQEBAHYAdgAA/9sAQwABAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB/9sAQwEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEB/8AAEQgAQABAAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEB AAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUS ITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5 OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeY mZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq 8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEBAgMEBQYHCAkKC//EALUR AAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1Lw FWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdo aWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLD xMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A /lfk/Yo+P2kLIbfwF8QZJba3nsref/hHW1Ga4064iltGtYbm0vLJ/I+zyuigNbTp blVRvLSKNOXX9lj4x+HBci58GeMYYGt5nB1XwBc6Xa6c32OZZIreabXCypEGyyhW Mtwkc6XK3Yiul/sF0vw35IiQIRwqA/ewSo5ckkE4UjA6E5ycDGT8aIL/AMPfBz4m atpqOl7YeDdduraZDOJIpl06YedGYlZ0aMuzbyBgJlcbVZfjV4hYtuMKmXYaV3Fe 7VrrRuN+a8W11tZ6dNDy6nCLSnKOZVOWzbToUZOdknFN+7JWd3onrvvY/kM+H37M Xjnx5oPib4h30WmxeGbHXbnwtpl02mLDPquuXLKt9p9pZ3UUqpYaLEzrHdW/mz2d z5cVnKIYcL9seDP2VdFt/Dlnp1zot5fXcL+aLi9mZ9sjqhYJCIVhigG0FI0wS2xm 3MhJ+t/gfZ2mreFPhlbXphlU/wDCSaxdGfzzChg1XVUZpVkZ4WeS4N1cyz5LgXTK 2UTA+zrCLTdSSKXT00TUYJIFdP7Pu7KVpoyrKrq1tKZJQRtZWCOpdQq/Ma/KuN+P 86qZhLC0eajQpTlJex+GCTSjGc+VJKyTTkl3Wlj+yfATwb4UzHIqecZ5Rp47F4mM HQhVjFRavH3oRlOOs3JqKstY2irn4n+Mf2arfT7HVVXQ7uJ7mJTFLFMIXtBEp2SQ iPKlX4Yq+UL4Lp1UfIk/wy+J2m+HfEHiWx0nxJqcXh7UrK1kl0GC6vLiSyubgxXM 5InnjtHs4FJDS6bdxGZ4ml/cZNf0EfFG40DSg9jr2s+GNLu/KMy6dcarpyamLVnC rM+nmQXRjwJFyYSxVXJG+vlr4WeJfCsPj+D4PeItHt9Y8FfEnxv4Yh1CESzCG4s7 zV9Nt5XhubV4z9nvLWRLeZ4Z1ElncO0bIDE57+BONs0+sqOMhKtT92fvWj7SlBx9 pyN6Tk6ako2bvUUbppu/l/SA8IeF8syt5pkMaNCvRryjUoRqQlCMm6ajKcKU5uKU nGnNWTjJ8ujWn48f8JZ8XdC0yWa28T/EfTp1u7Z7QTaA1hZJpbQXL3UcsMFmuoXe pPL9hS0VodPsOJ5JrgpJFKlj/hfXju0sF1CXx5rfnofJuNN1HUNdhuf
Re: Maybe salt has an issue with Python 3.8? (was: Re: [qubes-users] Salt issue with fedora 32)
> > File "/var/tmp/.root_62a99a_salt/pyall/salt/grains/core.py", > > line 40, in > > from platform import _supported_dists > > ImportError: cannot import name '_supported_dists' from > > 'platform' (/usr/lib64/python3.8/platform.py) ... I had the chance to do some more research: This particular line was originally added in 2012 to salt/grains/core.py: https://github.com/saltstack/salt/commit/1f050476dee2b27278f1c8f7772339444c153f06 But the current version of this module from looks very different: https://github.com/saltstack/salt/blob/master/salt/grains/core.py So it seems like the version of salt in your installation of Qubes OS is to old by now to work together with the Python 3.8 in Fedora 32. Regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200701145915.GC31289%40pfmaster-P170EM.
Maybe salt has an issue with Python 3.8? (was: Re: [qubes-users] Salt issue with fedora 32)
Hi, galt...@gmail.com schrieb am Mittwoch, den 01.07.2020 um 04:00: ... > to make a new template and it all works with fedora 31. With 32 I am > getting this error: ... > import salt.grains.core > File "/var/tmp/.root_62a99a_salt/pyall/salt/grains/core.py", > line 40, in > from platform import _supported_dists > ImportError: cannot import name '_supported_dists' from > 'platform' (/usr/lib64/python3.8/platform.py) > stdout: > > How can I fix this? I only viewed this traceback. As Python programmer not knowing salt in detail I've the following comment: identifiers beginning with an undescore (here: "_supported_dists") should be considered as private to the module in question (here: platform.py from Python 3.8 standard library). It is not recommended to use any private features from library modules in other code because they might change without notice due to further development of the module in upcoming versions of the Python language. However the Python language allows this: But the programmer of "salt" did this in the module pyall/salt/grains/core.py which now breaks in this combination. This should be reported to the salt development team if there is not already an existing issue on this. It looks like an incompatibility between this version of salt (not mentioned in the Traceback) and Python 3.8 Regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200701133753.GA31289%40pfmaster-P170EM.
Re: [qubes-users] What Intrusion Detection system should I use?
Hello Joo, Joo Nasss schrieb am Mittwoch, den 10.06.2020 um 13:39: > What Intrusion Detection system should I use? > > And what Kind of Network IDS is good? > > https://en.m.wikipedia.org/wiki/Intrusion_detection_system A similar question has been asked in qubes-users before in 2016: https://groups.google.com/forum/#!topic/qubes-users/Rqod1Mcf_ws Before I started to migrate to QubesOS I have used the host based IDS https://www.la-samhna.de/samhain/index.html on Debian and other systems. But I did not tried it in QubesOS yet. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200611143121.GB30712%40pfmaster-P170EM.
Re: [qubes-users] X Startup Failed, Aborting Installation. Pane is Dead.
Hello Dennis, dennisjmen...@gmail.com schrieb am Donnerstag, den 28.05.2020 um 21:58: > Full transparency, I’m completely new to Qubes. So treat me like I’m an > idiot. > > I’ve dd’d the iso onto my usb 3.0 drive using Rufus. > > When I run the installer legacy it opens the installer GUI. > > I’ve tried: > • regular install of R4.0.3. > • test this media and install Qubes R4.0.3 > • ran UEFI text only installer. > • different usb drives. (But same brand.) > • different USB ports > > Always, I get the message: > X startup failed, aborting installation. > > Any help would be greatly appreciated! Thanks so much! You could try another Live-Linux Distro (for example fedora) to find out, whether your graphics hardware is supported by Linux at all. See https://docs.fedoraproject.org/en-US/quick-docs/creating-and-using-a-live-installation-image/index.html for more information. Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 ✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany ☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200529103811.GA22715%40pfmaster-P170EM.
[qubes-users] created a new Telegram chat group "QubesOS Benutzer Deutschsprachig"
Hi, I've created a new Telegram (see https://www.telegram.org/ for more info) chat group for german speaking users of QubesOS since AFAIK there was no such group until now. If you are german speaking user of QubesOS or planning to use QubesOS in the future you are invited to join this group: https://t.me/QubesOS_user_de The same again in German: Ich habe eine neue Telegram Gruppe angelegt für deutschsprechende Benutzer von QubesOS, da es so weit ich weiß bisher keine solche Gruppe gab. Wenn Du ein deutsch sprechender Benutzer von QubesOS bist oder planst in der Zukunft QubesOS zu benutzen bist Du eingeladen, Dich dieser Gruppe anzuschließen: https://t.me/QubesOS_user_de Liebe Grüße, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200528134721.GA24874%40pfmaster-P170EM. signature.asc Description: Digital signature
USB controllers and Bus numbers (was: Re: Solved: [qubes-users] external CD writer)
dhorf-hfref.4a288...@hashmail.org wrote 05.05.2020 00:16: ... > https://www.qubes-os.org/doc/usb-devices/ ... > there are some _really_ weird USB setups where it looks like different > controllers, but it is really just multiple pci devices on the same > physical controller. and usb devices plugged into the same usb port end > up on one or the other "controller" depending on speed negotiated. > my check would be to configure different usbvms for each controller, > then plug around some devices between physical ports and see in > which vm they end up, and keep notes on that. I always thought that the column "Bus 00X" in the output of the command ``lsusb`` shows me which controller chip a certain device is connected to. For example I have an old external CHERRY keyboard which I must connect using a PS/2 to USB adaptor to my laptop because this machine from 2013 is lacking a PS/2 jack socket (which is probably even more true for more recent laptops):: Bus 001 Device 015: ID 0a81:0205 Chesen Electronics Corp. PS/2 Keyboard+Mouse Adapter A sys-usb VM which was not created by default during the install of Qubes OS 4.0.1 at that time. I added one after my initial install. I decided to put only the controllers of Bus 002 to Bus 004 into the sys-usb VM. My only reason for the decision to leave Bus 001 out was that I wanted to be able to enter the LUKS passphrase from the external keyboard during boot. This might have been a somewhat risky decision due to my lack of knowledge at that time though. After reading the document you pointed out in my citiation of your post above I used these commands:: readlink /sys/bus/usb/devices/usb1 readlink /sys/bus/usb/devices/usb2 readlink /sys/bus/usb/devices/usb3 readlink /sys/bus/usb/devices/usb4 and discovered that both Bus 003 and Bus 004 are indeed connected to the same controller which is on PCI :00:14.0 in my case! Luckily the ``Bus 001`` is exclusively used for the external keyboard. Best Regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200507125339.GF12647%40pfmaster-P170EM.
error messages could be improved (was: Re: [qubes-users] Storing AppVMs on Secondary Drives)
Hello Jörg, 'Jörg Widmann' via qubes-users schrieb am Freitag, den 24.04.2020 um 08:34: ... > >>> > volume_group=qubes,thin_pool=poolhd0,revision_to_keep=2 > >>> > > >>> > usage: qvm-pool [--verbose] [--quiet] [--help] [-o options] > >>> > [-l | -i POOLNAME | -a NAME DRIVER | -r NAME | -s ... > i found the error its revisions_to_keep not revison_to_keep, i had to > debug trough the source to figure out my typo *faceplam* Then it was a least not totally your fault: The software could certainly be improved in a way that unknown option keywords lead to error messages, which give more hints. Would you care to share which portion of the source code led you on the right track to discover your typo? Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200429133554.GA27361%40pfmaster-P170EM.
Re: [qubes-users] How can I recover my Qube'sVM if I cannot boot anymore ?
Dear Chris, Chris Laprise schrieb am Sonntag, den 22.03.2020 um 13:17: ... > The perceived "mess" is actually rather organized, and has nothing > to do with LVM thin pools. ... I beg your pardon for stealing this discussion thread to ask a somewhat related question: Can you recommend some text for reading about how the varying storage demands from the various VMs are handled in Qubes OS internally for someone who wants to learn more about this? Best regards, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200323141319.GA1785%40pfmaster-P170EM. signature.asc Description: Digital signature
Re: [qubes-users] how to start with QubesOS
Hello all, agrozda...@cegepgim.ca wrote yesterday, 19.03.2020 at 11:11 CET: > On Thursday, 19 March 2020 13:38:11 UTC-4, Sven Semmler wrote: > > I think you'd be best served going onto youtube and searching for Qubes > > demos and overview presentations/talks. ... > Thank you for thr prompt reply Sven, > > Could you send links to some particular ones, please? I would start by watching this one: https://www.youtube.com/watch?v=Aghj8MyDF4I It is less than six months old by now. And this one is also interesting: https://www.youtube.com/watch?v=sbN5Bz3v-uA Best regards or as we say here in Germany: Liebe Grüße, Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; 📱:+49-179-640-8878 A: Because most humans read top down. Q: Why should I write my answer below the asked question? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200320093640.GA11880%40pfmaster-P170EM.
[qubes-users] Clipboard security and risks pasting commands from documentation to a dom0 bash prompt
Hello, Although I'm using Linux on my desktop computers since 1994 I'm a Newbie to Qubes OS. Last weekend I enjoyed playing around with Qubes OS installed on a fresh dedicated SSD and I must say you (the developers) did a great job. Hopefully the following is no dumb question: I would like to copy commands from certain pages of docs (for example something like those here:: sudo dnf upgrade --enablerepo=qubes-vm-*-current-testing sudo dnf upgrade --enablerepo=qubes-vm-*-security-testing sudo dnf upgrade --enablerepo=qubes-vm-*-unstable into a dom0 shell window. I've found and read the Paragraph in doc/copy-from-dom0/ which has the section title "Copying to dom0". I understand that copy/pasting malicious commands would be a risk. But why is not possible to filter a selection so it only contains plain ASCII characters? This would save users from having to retype certain long commands from the documentation. Best regards (Liebe Grüße), Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany;📱:+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200203110415.GB6913%40pfmaster-P170EM. signature.asc Description: Digital signature