[qubes-users] Re: sys-usb not working on Qubes 3.2

[cezgeth]

Den tirsdag den 5. september 2017 kl. 14.50.46 UTC skrev guz...@gmail.com:
> Hi, 
> 
> I successfully installed Qubes 3.2 with sys-usb experimental VM build 
> enabled. I can start sys-usb VM and see the USB devices controllers attached 
> to it from a sys-usb terminal: 
> 
> [user@sys-usb ~]$ lsusb
> Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 003 Device 002: ID 8087:8000 Intel Corp. 
> Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 002 Device 002: ID 8087:8008 Intel Corp. 
> Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> 
> However, after inserting an USB drive (mass storage or USB mouse) it didn't 
> work as expected: the commands qvm-usb and qvm-block -l in dom0 don't show 
> anything, and I can't access the attached device. It seems that I can't list 
> all available block devices connected to any USB controller in my system.
> 
> I read this guide https://www.qubes-os.org/doc/usb/, but I couldn't find any 
> solution. 
> 
> Any help? Do I miss something? Do I need to bring more information about this 
> problem to get a solution?
> 
> Thanks in advance, 
> 
> Guzmán


I had a similar issue once (never got it solved). I attempted to make a PCI 
card with 4 full USB controllers, one pr. USB port. It never worked, whatever I 
did, it was just impossible, even with pci strictreset set to false. 
Then I bought a new PCI card with a single controller, with 2 USB ports. It 
worked flawlessly when assigned to a VM, I never had to do anything, it just 
worked. 

Perhaps you are experiencing something similar?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6128409-6dd4-4f12-9521-60cfa8095e76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: VM:ERROR: insufficient memory

[cezgeth]

Den onsdag den 6. september 2017 kl. 00.14.28 UTC skrev Mark Eubanks:
> On Tuesday, September 5, 2017 at 7:55:44 PM UTC-4, cez...@gmail.com wrote:
> > Den tirsdag den 5. september 2017 kl. 23.48.08 UTC skrev Mark Eubanks:
> > > On Tuesday, September 5, 2017 at 12:06:28 PM UTC-4, Mark Eubanks wrote:
> > > > Can someone explain why I can start the work VM but when I start the 
> > > > personal I get the ERROR: insufficient mem .  Even though the memory 
> > > > settings are the same 
> > > > 
> > > > 
> > > > thanks
> > > 
> > > I have 16 gig of ram but if I do a free -m it only shows a total of 1058 
> > > used 364 free 26 . I'm not doing anything on any of the VM's its pretty 
> > > much a new install and I can't open the personal vm .Anyone have any ideas
> > 
> > ah, you did this in Dom0 terminal right?
> > The reason is because Qubes attempts to automatically balance which AppVM 
> > gets more RAM than the other. If you right click on each AppVM in the Qubes 
> > Manager (Qubes 3.2), you can see the automatic memory setting under the 
> > Advanced tab, near the RAM amount fields. 
> > So since each AppVM gets their fair share of the RAM portion, Dom0 will 
> > have less memory for itself. This might change dynamically, for example if 
> > you run a lot of AppVM's, the amount of RAM Dom0 has may shrink. Wnile not 
> > many AppVM's are running, or after a fresh boot, Dom0 should have more 
> > memory. 
> > If you open the Qubes Manager in Qubes 3.2, you can see the allocated 
> > memory to Dom0 and each the VM's. If it isnt visible, then you can make it 
> > visible at the top in the "View" menu. 
> > 
> > Also note that automatic memory dyanamics does not work if a VM has a PCI 
> > card passed through. So if you have any with automatic memory dynamics 
> > disabled, be careful you don't give it too much of your RAM resources. 16GB 
> > is a good amount, but it can still quickly run you if you have the wrong 
> > settings, or run unusual memory hungry and intensive programs.
> 
> Yes, this was in Dom0 term 
> 
> I tried lowering the mem usage per vm and it seem to take care of the problem 
> but I rebooted and it was again not allowing any other vm's to start other 
> Dom0 mem shows 1092 mb sys-net shows 401 mb, sys-firewall 151 mb ( I lowered 
> it) sys-whonix, 151 mb ( which I lowered it as well) which comes no where 
> close to 16 MEG
> What's a good number to run the vm's at for mem min and max ? I'm just not 
> sure whats taking up all the mem.

hmm odd, you shouldn't have memory issues with 16GB memory, unless you run 
something big, or way too many VM's.

Try run 
'XL list'
in Dom0 terminal. 

Grab a calculator, add up the "Mem" sizes of all the running VM's, see if it 
adds up to 16GB. 

If it adds up, then you should be able to detect where your RAM is used in the 
'xl list' as well.

Be careful with loweing the sys-firewall and sys-net memory though. Frankly I 
dont know if anything can happen, but I can't imagine it is a good thing if 
they run out of memory. It's probably better to keep them at the default 
values, just to be safe.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8fa85a92-562d-4676-855c-8f86eb6adc91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Root Access in dom0

[cezgeth]

Den tirsdag den 5. september 2017 kl. 23.18.15 UTC skrev Person:
> How to you get root access in the Terminal Emulator?

Just in case you refer to the Root account, it is diabled by default. You were 
given the choice to enable it during the install of Qubes 3.2, however it is 
ill advised for Qubes.

Albeit you can do "sudo -s" as Tai suggested above, or run "sudo -h" to get 
info.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b7b4bf2-342f-46d5-b48d-2118b16a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: QWT

[cezgeth]

Den mandag den 4. september 2017 kl. 04.52.19 UTC skrev Drew White:
> Hi folks,
> 
> Is there a leak in the QWT QGA.EXE that means it jsut keeps consuming CPU 
> resources?
> 
> It uses between 10% and 60% of the CPUs that I assign to the system, slowing 
> the whole thing down.
> 
> It's not like I'm using 3D graphics or anything advanced. Just simple 
> rendering things.
> 
> Also...
> 
> System Tray is not respected into Qubes itself, even under a sub-menu item in 
> the system tray for that one guest.
> 
> Is there any way that this could be implemented please? If I minimise 
> something to the system tray I can no longer access it. Task Bar is fine, but 
> System Tray is not.
> 
> Have I not set something up that should be?
> Is there something that is required for it to be done that I have not got 
> installed?
> 
> What is it that you would require to be able to look into this issue?
> 
> Sincerely,
> Drew.

I never had/knew about this issue, sounds like an odd bug.
How powerful is your CPU? Percentages are arbitrary numbers without something 
to compare the percentage with. For example if you got an Intel i5 4th 
generation, or AMD A6, or something, it might be more easy to relate with the 
percentages.
If you got a powerful machine, and it uses that much percentages, it gives a 
different view, compared to, say a weaker machine. 

I might not be able to provide a fix, but the more information you provide, the 
easier it gets for those who maybe can provide one.

There is also a chance that this is fixed in the upcoming Qubes 4.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/493bf4c0-a5dd-4fa0-9d1b-027c1219dad4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: VM:ERROR: insufficient memory

[cezgeth]

Den tirsdag den 5. september 2017 kl. 23.48.08 UTC skrev Mark Eubanks:
> On Tuesday, September 5, 2017 at 12:06:28 PM UTC-4, Mark Eubanks wrote:
> > Can someone explain why I can start the work VM but when I start the 
> > personal I get the ERROR: insufficient mem .  Even though the memory 
> > settings are the same 
> > 
> > 
> > thanks
> 
> I have 16 gig of ram but if I do a free -m it only shows a total of 1058 
> used 364 free 26 . I'm not doing anything on any of the VM's its pretty much 
> a new install and I can't open the personal vm .Anyone have any ideas

ah, you did this in Dom0 terminal right?
The reason is because Qubes attempts to automatically balance which AppVM gets 
more RAM than the other. If you right click on each AppVM in the Qubes Manager 
(Qubes 3.2), you can see the automatic memory setting under the Advanced tab, 
near the RAM amount fields. 
So since each AppVM gets their fair share of the RAM portion, Dom0 will have 
less memory for itself. This might change dynamically, for example if you run a 
lot of AppVM's, the amount of RAM Dom0 has may shrink. Wnile not many AppVM's 
are running, or after a fresh boot, Dom0 should have more memory. 
If you open the Qubes Manager in Qubes 3.2, you can see the allocated memory to 
Dom0 and each the VM's. If it isnt visible, then you can make it visible at the 
top in the "View" menu. 

Also note that automatic memory dyanamics does not work if a VM has a PCI card 
passed through. So if you have any with automatic memory dynamics disabled, be 
careful you don't give it too much of your RAM resources. 16GB is a good 
amount, but it can still quickly run you if you have the wrong settings, or run 
unusual memory hungry and intensive programs. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4ba4b53-d1f2-4d78-a0a1-0a69bbb57461%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Adding a second monitor fails

[cezgeth]

Den mandag den 4. september 2017 kl. 21.13.41 UTC skrev AJ:
> I did try installing Qubes while the second monitor was on but I did not 
> install nvidia propietary drivers to Dom0. I will reinstall as soon as I can 
> and try your solutions. Thanks for the help!

Hope it works for you, Qubes is definitely a nice system once you are settled 
down. Btw you might know this already, however Qubes 4 is about to be released 
soon, and RC1 is already out. Perhaps your issues will be fixed in the new 
release, there is a chance with Fedora 25, new hardware support, etc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c367c60-411c-492d-9f57-24bdd23573d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: VM:ERROR: insufficient memory

[cezgeth]

Den tirsdag den 5. september 2017 kl. 19.58.50 UTC skrev Mark Eubanks:
> On Tuesday, September 5, 2017 at 12:06:28 PM UTC-4, Mark Eubanks wrote:
> > Can someone explain why I can start the work VM but when I start the 
> > personal I get the ERROR: insufficient mem .  Even though the memory 
> > settings are the same 
> > 
> > 
> > thanks
> 
> Ok.. you can ignore my newb Qubes questions

Did you find out why? 
If not, it's due to limited RAM on your system, if you have scarce amount, you 
need to jungle a bit to make sure you never run out.
I.e. on my 8GB laptop, I need to shutdown some AppVM's every now and then to 
make room for more memory for other AppVM's.
In contrast, on my 32GB RAM desktop, I never, ever, worry about RAM.

So basically, the less RAM you have, and the more RAM you need, the more you 
need to balance which AppVM you have running.

btw Mark, I noticed it isn't the first time, but give it a day or two for 
answers. While Qubes is getting more and more popular, there aren't too many 
people around here. It gets worse since Qubes has many different 
forums/IRC/mail-posts/etc. so among the Qubes users that are, many are spread 
out. It will often take time to get answers. So, no need to worry.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f55da546-36fe-4f6f-b8dd-a41947f5cf44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Usability: No icons Just Lock Icons, No Task Manager Grouping

[cezgeth]

Den tirsdag den 5. september 2017 kl. 18.44.29 UTC skrev Guy Frank:
> Thanks!  I'll give that command a try when I get a chance.  Will let you know 
> how it turns out.
> 
> Qubes 4 says it requires IOMMU and non-USB keyboard, which isn't my machine 
> (no non-USB ports for keyboard e.g.), so am under the impression I can't move 
> to 4 until I get new hardware.  Am hoping that 3.2 will be supported for a 
> couple years.  Does anyone have any idea?
> 
> I didn't notice a way to make XFCE nicer (and am not sure it solves the icons 
> issue).  Will need to look into Whiskermenus.  Would also have to find a way 
> to get back to XFCE now that I activated KDE (didn't see instructions for 
> reversing).

I forgot to mention, whiskermenu might look wrong on some devices initially 
after first install, possibly due to low resolution screens. Drag and drop the 
lower right corner to increase the size, and it will look normal the instant it 
becomes a bit bigger.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad92f189-a2ca-4940-9a34-f08f95202900%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Usability: No icons Just Lock Icons, No Task Manager Grouping

[cezgeth]

Den tirsdag den 5. september 2017 kl. 18.44.29 UTC skrev Guy Frank:
> Thanks!  I'll give that command a try when I get a chance.  Will let you know 
> how it turns out.
> 
> Qubes 4 says it requires IOMMU and non-USB keyboard, which isn't my machine 
> (no non-USB ports for keyboard e.g.), so am under the impression I can't move 
> to 4 until I get new hardware.  Am hoping that 3.2 will be supported for a 
> couple years.  Does anyone have any idea?
> 
> I didn't notice a way to make XFCE nicer (and am not sure it solves the icons 
> issue).  Will need to look into Whiskermenus.  Would also have to find a way 
> to get back to XFCE now that I activated KDE (didn't see instructions for 
> reversing).

I'm a little worried about giving out advice on this as I'm by no means a 
super-user, however it should be relatively easy and quick to switch between 
the two, XFCE4 and KDE. Be sure you google it first to double check before you 
follow these commands, and also that you have backups of your system, just in 
case anything should go wrong. 
It's also discussed here: 
https://stackoverflow.com/questions/28386453/how-do-i-set-the-default-window-manager-under-fedora-21

Be sure you didn't remove XFCE4 first, similar you don't need to remove KDE, 
they can both be installed at the same time, but only one is allowed to be run 
at the same time.
Enter fullscreen command tty with "Ctrl+Alt+F2" and type in your credentials. 

sudo systemctl stop gdm
sudo systemctl disable gdm 
sudo systemctl enable lightdm
systemctl start lightdm

Last command should trigger graphics to return, if it doesn't, try manually 
"Ctrl+Alt+F1". 

The enable/disable parts make it stick when you boot, while the stop/start is 
only until you reboot again. Be absolutely sure you never run them both at the 
same time.

~ ~ ~

hmm, I'm not sure if USB-VM is forced to be enabled, or if it is just 
"default". Like how Qubes 4 gives the choice between PV and HVM virtualization, 
I'd imagine it might also allow you to have a choice between USB-VM and USB in 
Dom0, even if USB-VM is default. I'm not sure, a lot changes in Qubes 4, and I 
haven't got the chance to try it much yet. I installed Qubes 4-RC1 temporarily 
on my Tablet/PC hybrid, and it worked fine despite my touchscreen is connected 
to the USB. I believe Qubes 4 will by default not force the USB-VM if it isn't 
feasible to do so. If I manually  make a Qubes USB-VM on that machine, the 
entire screen freezes, so USB-VM is definitely a no-go, yet it still booted and 
worked just fine. Ran it for a couple of minutes, so I don't think you are 
forced to use PS/2 or USB keyboard through a USB-VM, Qubes seems to detect if 
you can't make a USB-VM. To be determined, there are some unanswered questions 
there. As for IOMMU, perhaps it is similar logic, it might still install, but 
it won't be optimal or recommended by Qubes. Remains to be seen also.

~ ~ ~

As for the Qubes 3.2 support, it has been extended from the default 6 months to 
12 months, due to the hardware requirements as you noted. Qubes 4 is released 
about now, give or take some weeks, so roughly in one year Qubes 3.2 support is 
planned to end. That is, assuming no further extended support has been given, 
due to the hardware issue. Remains to be seeen I guess, but for now, you should 
have a year. The question is probably whether Qubes wants to force security, or 
if they will allow choice to opt-out some security in order to make it run on 
older hardware. They have shown a good positive attitude towards giving people 
choice before (within having resources/time to do so), so perhaps they will 
allow choice in Qubes 4. Who knows though, we still need an official statement 
on that. at least I haven't seen one.
There is also this page, which you may or may not have read yet 
https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/

~ ~ ~ 

Taste is unique, but I'll tell you what I did so you can easier experiment to 
find yours. What I did with XFCE4 was to put the panel on the left side of the 
screen, Unity style like, albeit I heavily disliked Unity, I grew to like the 
side-panel. Having the panel there was inconvenient in the beginning, but 
eventually after a few days I got so used to it I wouldn't have it any other 
way. Then I removed any application/program text on the window buttons (in the 
default XFCE4 window plugin settings). I expanded the panel wider in the panel 
settings, so albeit the button-sizes can't be adjusted (that I know of), they 
will automatically grow bigger if the menu is bigger, while no text is enabled. 
Then I found the "dusk" theme to make it bit more stylish/dark'ish, it's 
default in XFCE4 appearance settings. 
Then I moved the "Sound" button and "Logout/Lock-screen" buttons, etc. to a new 
panel, which is somewhere midscreen at the top, but has autodisappearenace. The 
reason is because that I cant resize the Sound button, so I gave it a new home 
instead of 

[qubes-users] Re: Qubes OS 4.0rc2

[cezgeth]

Den tirsdag den 5. september 2017 kl. 09.06.47 UTC skrev gregor.plata:
> Hi all,
> 
> Qubes OS 4.0rc2 was announced for yesterday. Unfortunately I can't found it 
> on 
> the download page. Does anyone know when it will be released and what is the 
> reason for the delay ?
> 
> kind regards
> Gregor

It is probably a delay in order to increase quality, but it's good that they 
worry about quality rather than rushing a release.
Having said that, I'm a bit sad too as I need a new installer to get past an 
installation bug (keeps freezes at the same package x/900 somewhere abouts). I 
can't update Qubes if I can't even install it. 
But if you can finish the install for the RC1 version, go with that, then you 
can update it with the newest updates and fixes, and you should be good to go.

As for the RC2 we just have to be patient I guess, it's ready when its ready, 
quality trumps over rushed releases, which is a good thing as well.

Although if I had to criticize anything, it isn't any delays, it is the lack of 
communication. It would be nice knowing what is going on rather than being kept 
in the dark. But in the end of the day, we shouldn't complain if we don't pay 
for it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46dc4e5d-01a4-4d35-b9ee-3c73a3fa4ca2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 18.55.57 UTC skrev Guerlan:
> But it does support UEFI, as I already installed arch linux in uefi mode. So 
> if it supports, why it won't boot qubes?

https://en.wikipedia.org/wiki/Secure_boot

Apparently Apple uses something else, which apparently even predates secure 
boot.
This however might also give a clue as to why Linux Arch/Windows works, while 
Qubes isn't, at at least on a 2011 version of Apple's, unless Qubes uses an old 
key.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/961b7894-01e8-4b09-9a96-4116577cfb0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 18.55.57 UTC skrev Guerlan:
> But it does support UEFI, as I already installed arch linux in uefi mode. So 
> if it supports, why it won't boot qubes?

Unfortunately knowledge is limited on that, the first I would guess would be 
wrong secure boot keys, but as you said you have no secure boot on your system. 

However as memory serves, secure boot isn't always possible to disable or even 
detect. Perhaps this is the case with your machine? As such, Arch might have a 
secure key that works with your 2011 UEFI with force enabled secure boot. While 
Qubes isn't using a key, which will be allowed to be install. 

As far as I know, secure boot is as old as UEFI, or at least older than 2011.

I don't know for sure, but if I had to guess, it's probably that secure boot 
might be there without realizing it. Even if there are no settings available 
for it, therefore it won't be obvious if secure boot is running in the 
background during boot.

Basically it comes down to tracking if secure boot is really there (hidden) or 
not, before you can eliminate it as a source to the problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6292e569-5471-49fd-985c-3ff97e3f72eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 18.24.34 UTC skrev Guerlan:
> Its a macbook air 2011. So old it doesn't have secure boot :(

True, it might not work since it's that old, irregardless of secure boot. 

Found this too, 
https://forums.macrumors.com/threads/macbook-air-2013-is-the-first-mac-that-supports-efi-booting-on-windows-natively.1600147/
 
It's EFI Windows on Mac 2013, so it might be the same issue with Linux EFI 
support too on older Mac's. 

I don't follow MacOS development much, but it does indeed seem like it is lack 
of UEFI support in older Macbook versions, or at the very least a likely 
hunch/guess.

I guess you could say that the reason it won't work on older models is the lack 
of support, while in contrast on modern models it is a question of having the 
right matching secure boot keys between hardware and the OS to boot/install. 
Beyond that, there are a few UEFI machines that are bugged and doesn't work 
properly. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f85f6e3a-f512-4e0d-88d8-4c5894125cf8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[cezgeth]

Den mandag den 4. september 2017 kl. 13.11.49 UTC skrev Mark Eubanks:
> On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> > I have created a NETVM and I have connect the usb nic to the vm and is 
> > working. It shows up in Connection manager and I can give it a static IP . 
> > So I've also connected a different physical laptop with a cross over cable 
> > to the usb nic going to the NETVM. Both nics are on the same network and I 
> > can ping from the NETVM to the physical but I don't get a reply from the 
> > NETVM. I can see both in both arp tables . Any ideas why the physical 
> > doesn't get a reply?
> 
> I agree it sounds like a firewall but I see that it shows allow imcp traffic. 
> What I'm trying to do is make Qubes a passthrough firewall.. so I need 2 nics 
> on the laptop

Apologies for late reply, had a short leave for work.

I'm not the most knowledgeable on this topic, especially the Qubes firewalls. 
However I believe NetVM must have a default firewall too, to block unauthorized 
requests, otherwise it would be quite simple and too easy to attack the NetVM. 
So it seems to me that the NetVM has a default firewall, (routor firewall 
behavior like), blocking unauthorized incoming signals. 

To solve that (Assuming it is indeed the problem), I believe 
https://www.qubes-os.org/doc/firewall/ might be quite helpful, down in the port 
forwarding section. Here it seems you should be able to poke a hole for your 
connection in the NetVM. 

You separated all this from your other networks right? As far as I know, it 
should be secure enough if this has no internet connection, while on a separate 
Qubes network.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6df991c3-63e4-46c6-9876-d6274715f055%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[cezgeth]

Den mandag den 4. september 2017 kl. 12.15.29 UTC skrev Mark Eubanks:
> I have created a NETVM and I have connect the usb nic to the vm and is 
> working. It shows up in Connection manager and I can give it a static IP . So 
> I've also connected a different physical laptop with a cross over cable to 
> the usb nic going to the NETVM. Both nics are on the same network and I can 
> ping from the NETVM to the physical but I don't get a reply from the NETVM. I 
> can see both in both arp tables . Any ideas why the physical doesn't get a 
> reply?

Sounds like its a firewall that blocks incoming connections which wasn't 
established first by an outgoing connection? Are there any firewalls between? 
It doesn't sound like you put a firewall between them, but on the other hand, 
the ping behaviour does on the contrary sound a lot like a firewall.

Also if moving a lot of files is your goal, perhaps you might want try 
www.Syncthing.net (free, open source). You will have to allow it through the 
firewall though, or alternatively do it on a separate connection like you're 
doing now. 
Optionally if syncthing is running where internet is accessible, you can 
disable the global discovery in syncthing. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b50c23df-b648-4626-8741-a52c815bbae8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 01.04.07 UTC skrev Guerlan:
> but why it won't work? I was intersted in the reason behind this, and why it 
> wasn't fixed. Also, did you install rEFInd before?

UEFI and booting up through EFI should work just fine on most systems, however 
without secure boot enabled. If your motherboard allow it, disable your secure 
boot, or delete your secure boot keys. Some systems want you to do both to 
actually disable it fully, simply disabling it might not be enough without 
removing your keys also. 
Notice however, if you delete your secure boot keys, you will break any 
currently installed OS's relying on the secure boot keys. For example typical 
windows installations, but even other Linux systems using the keys will break. 
I have no idea about MacOS, but be sure to check before you delete your keys.

Some motherboards allow you to backup your keys too, which might be an option 
if you just want to test it. But do your research and make backups before you 
take such risks.

Once secure boot is disabled, you should be able to install with UEFI and load 
the EFI boot files.

It's likely secure boot causing the problem, not UEFI/EFI. 
So in conclusion, legacy boot is definitely not the only option to install 
Qubes.

I believe the reason is Qubes is still not supported in the secure boot keys, 
rather than a bug. There are UEFI bugs too, but it's supposed to be on few 
systems, unless you have Lenovo where UEFI bugs apparently happens frequently.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31c2bf3d-3d15-4533-80a6-6fdec4e53d74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Adding a second monitor fails

[cezgeth]

Den mandag den 4. september 2017 kl. 00.35.31 UTC skrev ajme...@gmail.com:
> Qubes OS version (e.g., R3.2):
> 
> R3.2
> 
> 
> Expected behavior:
> 
> When I went into display settings and saw my second monitor, I clicked the 
> "Use this display" button and it should have let me use my second display.
> 
> 
> Actual behavior:
> 
> Qubes kicks me out to the sign in screen and won't let me sign back in unless 
> I reinstall the entire operating system.
> 
> 
> Steps to reproduce the behavior:
> 
> Go to display settings and click "Use this display" on your second monitor.
> 
> 
> General notes:
> 
> I reinstalled Qubes twice and each time it did the same thing. I have 2 MSI 
> GTX 970s running in SLI (at least in Windows. Not sure if it works in Qubes). 
> I am using 1 HDMI port on each card.

I cannot provide you with a straight solution, but perhaps a workaround. Here 
are some thoughts.

In my experience it often fails when you try to install Qubes with nvidia, 
especially modern cards, but old cards have their quirks too. It's especially 
bad without nvidia proprietary drivers, which have to be installed in Dom0 
after the Qubes installation if you want them to work properly. To begin with, 
it's nice that you even managed to boot up Qubes with your nvidia cards. 

* Did you install nvidia in Dom0 before attempting to enable your second 
monitor btw?
* Alternatively, did you try install Qubes while the second monitor was on?

* Also SLI might indeed be a factor too, you might want to try disable it and 
see if it works. Assuming that you're new to Qubes, imho, it's well worth the 
trouble, Qubes is awesome.

* Do you have on-board graphics? Like for example Intel integrated graphics in 
your CPU? Intel graphics is known to run quite well in Linux/Qubes.

If you do have Intel integrated graphics (change to primary in bios, you don't 
need to remove the graphic cards) then this is the most likely approach that 
will work without much trouble. Also you hardly need anything more than Intel 
graphics, Qubes can't run games or similar yet anyway. You will have to switch 
screen cables or use a KVM to do so, if you choose to dual-boot with windows or 
another system. Assuming you still use your graphics card on your dual-boot 
systems.

Also I find it odd that you have to re-install Qubes. I usually have the 
opposite problem, my screen settings never ever stick with me between reboots 
or screen reconnections, I believe the fault is in XFCE4, I have to make an 
automated script to make settings stick.

Perhaps a similar solution would make it easier to test without having to 
re-isntall Qubes every time. If you find the file which saves the second 
monitor configuaration, at least you should be able to edit it without having 
to re-install every time you try something new.

Does tty terminal work? (Ctrl+Alt+F2, Ctrl+Alt+F1, etc.)?
Irregardless, too little information, it would be helpful if you provide more 
details, especially if someone more knowledgeable drops by. I'm just a regular 
user like you, after all.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a3ed718-4bef-4763-9f8d-d5a036e4d60d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why doesn't whonix-gw run the latest 0.2.8.x tor?

[cezgeth]

Den søndag den 29. januar 2017 kl. 12.36.04 UTC+1 skrev Joonas Lehtonen:
> Hi,
> 
> whonix-gw apparently uses tor 0.2.8.10, the latest 0.2.8.x version being
> 0.2.8.12 (released 2016-12-19).
> 
> Why is it not updated?
> I guess there is very little risk in upgrading from 0.2.8.10 to 0.2.8.12.
> 
> I'm using a default whonix-gw template with
> deb http://deb.whonix.org jessie main
> 
> From the tor 0.2.8.12 changelog:
> 
> >   o Major bugfixes (parsing, security, backported from 0.2.9.8):
> > - Fix a bug in parsing that could cause clients to read a single
> >   byte past the end of an allocated region. This bug could be used
> >   to cause hardened clients (built with --enable-expensive-hardening)
> >   to crash if they tried to visit a hostile hidden service. Non-
> >   hardened clients are only affected depending on the details of
> >   their platform's memory allocator. Fixes bug 21018; bugfix on
> >   0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
> >   2016-12-002 and as CVE-2016-1254.
> 
> 
> 
> https://deb.whonix.org/dists/jessie/main/binary-amd64/Packages:
> 
> > 
> > Package: tor
> > Version: 0.2.8.10-1~d80.jessie+1
> > Architecture: amd64
> > Maintainer: Peter Palfrader 
> > Installed-Size: 3935
> [...]
> > Priority: optional
> > Section: net
> > Filename: pool/main/t/tor/tor_0.2.8.10-1~d80.jessie+1_amd64.deb
> > Size: 1422520
> > SHA256: b36f5e8fc4590f6fa8431e7114fb187ce9f892f406b9bc55cdf28ef611320f89
> > SHA1: afb6720c65df114b772d02554f563fdbb385b7b7
> > MD5sum: 7a9c9fd5616f51eec6420d3254273ee3

My guess is lack of time and funding. Qubes definitely could need better 
funding. The Qubes team are doing a great job, but they might be limited on 
what they can manage to get done because there are so many things on the to-do 
list.

Maybe this will change with the new upcoming funding plans, it would be very 
positive change if so. 

For the time being, I suppose you can install your own updated Whonix?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c983015-6f44-441f-9a4d-748d07d29fed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: disk utility in dom0

[cezgeth]

Den søndag den 29. januar 2017 kl. 02.42.55 UTC+1 skrev Ted Brenner:
> I assume this is something that could be done during install right? Does seem 
> like something should already be there. Though having gparted seems 
> worthwhile. Thanks for the help!
> 
> 
> On Sat, Jan 28, 2017 at 7:15 PM,   wrote:
> Btw, forgot to add just in case, be sure to download the gparted that matches 
> the Fedora version which Dom0 is running on. If you are running Qubes 3.2, 
> then it is likely to be Fedora 23. Also be mindful of downloading to the 
> right architecture matching your system, there are 3 architecture RPM 
> download choices once you click on the Fedora version.
> 
> 
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/3eca86f0-cb65-447a-b277-40d9c5b2436b%40googlegroups.com.
> 
> 
> 
> For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> 
> 
> -- 
> 
> Sent from my Desktop

Don't think it can be included during install, it isn't like old-school Linux 
in that sense. The reason most of Dom0 has been stripped is presumably to 
reduce the attack surface. But as you said, partition management indeed is 
really something of the sorts of is "mandatory". Hard to picture how such 
small, simple and widely used open source tool, that doesn't use internet 
access, can be a security risk. Maybe I missed something, but in the event it 
indeed can pose a security risk, then it would be nice with some write-up or 
documentation to learn why. If nothing else, not to leave us puzzled and 
scratching the backs of our heads. 

No probs btw, hope it works out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ec8418c-2de1-4676-9124-d95040f78478%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: disk utility in dom0

[cezgeth]

Btw, forgot to add just in case, be sure to download the gparted that matches 
the Fedora version which Dom0 is running on. If you are running Qubes 3.2, then 
it is likely to be Fedora 23. Also be mindful of downloading to the right 
architecture matching your system, there are 3 architecture RPM download 
choices once you click on the Fedora version.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3eca86f0-cb65-447a-b277-40d9c5b2436b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: disk utility in dom0

[cezgeth]

Den lørdag den 28. januar 2017 kl. 20.09.44 UTC+1 skrev Ted Brenner:
> What is the best way to add and partition disks in dom0? I just added some 
> hard drives that I'd like to format and partition and then pass those to a 
> guest VM for storing my person files. With xfce, I don't see any GUI based 
> disk utility. Does this have to be done via the command line?
> 
> 
> Thanks!
> 
> 
> -- 
> 
> Sent from my Desktop


As far as I know there are none pre-installed, but I could be wrong. I usually 
solve this by installing gparted my self.

There are three ways that I know of to install it, all of them are security 
risks in their own way, either minor or major depending on your environment or 
what you download into Dom0, etc. One approach to install gparted in Dom0 is 
adding a repository in Dom0. Another approach is to download gparted through 
your browser and move it over to Dom0 via shared harddrive or USB, (remember to 
umount in both Dom0 and Dum0 whenever accessing the opposite, that is 
Dom0/DomU). It is also possible to just move it with terminal which avoids 
shared-drives/USB transfer altogether. Whichever method you use, all are a 
security risk in their own rights, though trusting Fedora/gparted, and you 
trust your USB devices then, then you should be fine.

Terminal move approach is more secure method if you don't trust your shared 
drives or USB device in Dom0, Qubes has official guides for how to do that with 
the terminal.

So in order to use two of the above three methods to transfer the file to Dom0, 
grab and download gparted 
https://koji.fedoraproject.org/koji/packageinfo?packageID=1950 

Once you downloaded it and moved it over to Dom0, then open the Dom0 terminal, 
and write "sudo yum install /path-to-gparted-rpm-in-Dom0" or just write "sudo 
yum install" and drag and drop the file to automatically generate the path 
after the install part. 

After install just type gparted in terminal to start it. 

Best to avoid installing or moving anything to Dom0 as far possible, but 
sometimes it just isn't practical, i.e. gparted is really nice to have. Maybe 
Qubes has a build-in partition manager, but I never managed to find it, so this 
is what I do.

Keep in mind this is just what I do to work around it, it might or might not be 
best practice.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f75e5ee-560e-4c06-8645-3838b7ba35e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Mouse and Keyboard Stuck After USB Qube

[cezgeth]

Den fredag den 27. januar 2017 kl. 15.24.38 UTC+1 skrev jgmalh...@gmail.com:
> I just created a USB Qube, following the instructions from 
> https://www.qubes-os.org/doc/usb/.
> Immediately after booting the new qube, my mouse and keyboard stopped working.
> 
> After that, I waited for around 15 min, and nothing changed. So I powerd off 
> my pc by pressing the button in the CPU.
> 
> When I turned it on again, my mouse and keyboard kept stuck in the page to 
> input the password. The keyboard worked during the GRUB fase. 
> 
> I'm pretty sure that I only need to give the USB's control back to dom0, but 
> I have no ideia how to do that now that I can't even log in. 
> 
> Has any one experienced similar problems? Do you know how I could solve that?
> 
> PS: Sorry for the grammar errors. I'm using my phone right now

Did you try to unplug/plug first? You're not telling us much, it is hard to 
help you without much information, a little extra will be insightful.

Also do you have a PS/2 port as Andrew mentioned? If you do, then the fix is 
really, really straight forward and easy to fix by grabbing an old or cheap to 
buy PS/2 mouse or keyboard. Been there, done that, it works.
Also it is possible to use just a PS/2 keyboard without a PS/2 mouse, but it 
takes a bit of keyboard navigation to reach the USB-Qubes settings to disable 
the "Auto-start at boot" function. A PS/2 mouse would make that easier, best 
with both PS/2 devices if you got a password on your login. Once that 
auto-start on your USB-Qube QVM has been disabled then just reboot, and you're 
back to normal. 
In the event you are on a laptop, then this likely won't work, but it should 
work on most desktops with a PS/2 port, or really old laptops with PS/2 ports.

Also be mindful if your system has any extra USB controllers which might still 
reside in Dom0, you might be lucky. Most cheap systems just have a single USB 
controller though, but for example if you got 3.1 or even sometimes with 3.0, 
then it is likely you got an extra USB controller. If you didn't remove that 
possible extra controller from Dom0, then you should still be able to use your 
USB keyboard/mouse on those USB ports. Assuming, of course, you got an extra 
unassigned controller left in Dom0.

If none of that works, then your best hope is probably indeed changing the 
Xen.cfg boot file. You already got a live USB Debian, that will be helpful. 
Boot it up and go to your terminal. It is likely that your xen.cfg is on 
separate boot partition, in that case you need to make an empty folder on your 
temporary live boot and mount that partition to it (i.e. in /media or /mnt). 
It's usually on the smallest partition, typically 100MB to 700MB in size. Also 
in order to edit the xen.cfg file you will likely need to either chroot to 
directly access it or alternatively use 'sudo mv' command to physically move 
the xen.cfg file to somewhere you have write access, whichever is easier for 
you. If you used the move method (i.e. to your live boot at 
/liveboot/home/user/ then remember to move it back to its original location 
after you modified it. It is far easier to just move it than to learn how to 
use chroot if you haven't used that before. Basically in short, move file to 
where you got write access, modify it, and then move it back again, done. There 
are other ways to do this, but this is pretty simple and straight forward.

Furthermore if your xen.cfg file was empty, then this is likely because you 
didn't open it correctly and instead it created a new file, since if you didn't 
get the path right, then it will just make a new file with that name at 
whatever path you put in. That, or it was the wrong xen.cfg file, because it 
can't be empty, your system can't boot without it. So be sure to get the path 
right. 
You can always use the "cd" command to navigate the folders one by one. And 
each time you reach a new folder/directory, use the "dir" command to see the 
content before cd'ing to the next directory. Once you find the xen.cfg, you can 
i.e. use "nano xen.cfg" to read it, but remember you can't edit it without 
write access. So at this point you either chroot, move it, or other means to 
gain write access.

As for what you need to put into the xen.cfg I am not sure about, it is most 
likely a single and simple short command. Someone else might be able to provide 
you with that answer. 

The xen.cfg file is the boot file for Xen/Qubes, so be sure not to mess up any 
existing commands in the file, or forgetting to move it back to its exact 
original location. Without it Qubes won't boot at all, or not boot correctly. 
So modify/move the xen.cfg file carefully. It definitely won't hurt to make a 
backup copy before you edit it.

Others might know more than me about this, but if there indeed is a 
rd.qubes.hide_all_usb command in your xen.cfg file as Levojohn suggested, then 
the above should work if you clear that commmand from the xen.cfg file.

-- 
You received this