[qubes-users] Installation on MacBook Pro
Hi, I am trying to install Qubes on Macbook Pro(15,5) 2019 Model but I can't get past the boot screen. I burned an image using Etcher but when I try to boot my Mac, the screen goes blank and the system freezes. I don't see any errors whatsoever. Any suggestions on how to troubleshoot and get it running will be greatly appreciated. Best regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/255611f2-fb22-440e-a30f-b4934a20b0c3n%40googlegroups.com.
Re: [qubes-users] How can I install new software in DOM0 ?
Thank you very much for your answer but the guide didn't help. The software I want to install is not in the repos and I cannot add a new repo. I have little knowledge, it would be great if you could point out how I can install directly from an new repo. On Sunday, August 8, 2021 at 12:40:22 PM UTC+3 a...@qubes-os.org wrote: > On 8/7/21 5:27 AM, qubes user wrote: > > How can I install a screen recorder program in DOM0. I tried to install > > "OBS" or "simplescreenrecorder" but everything I tried failed. Could you > > please explain how I can install a program in dom0? > > > > https://www.qubes-os.org/doc/how-to-install-software-in-dom0/ > > -- > Andrew David Wong > Community Manager > The Qubes OS Project > https://www.qubes-os.org > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/afc6c1c3-9ebe-41e4-8313-620d15109397n%40googlegroups.com.
[qubes-users] Re: How can I install new software in DOM0 ?
> > I am aware of the security risk it poses, I only need to install software > because I have to record screen. I want to learn how I can add a new repo > and download software from this repo. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bfa5e67-b3ec-455e-bcf9-b24bbc8f0b64n%40googlegroups.com.
[qubes-users] How can I install new software in DOM0 ?
How can I install a screen recorder program in DOM0. I tried to install "OBS" or "simplescreenrecorder" but everything I tried failed. Could you please explain how I can install a program in dom0? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4fc3b9d-cfd1-4830-864e-d115e04a8d42n%40googlegroups.com.
[qubes-users] Qubes won't boot
Hello, I was using Qubes for about 3 months and didn't use it last month. Yesterday it wouldn't boot. Using Qubes rescue didn't help. After typing passphrase it says Linux system not found so it doesn't mount. So i found a way to mount disk manually. Going through directories found out that boot folder is empty. Also if that is not an option i want to save my files but seems like private.img are missing. There is only icon.png file in VM folders. Is there any way to recover boot files so i can boot it again or at least save files from VMs somehow? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-b05fda5f-b9b7-48bc-94c1-aa98fb89ee53-1620324425410%403c-app-mailcom-lxa10.
Re: [qubes-users] How do I get Started?
Hi everyone, Thank you for all your help and discussion. I posted the HCL for the device I'm troubleshooting -- the latest Lenovo Flex 14 with the i5-10210U. You can find it here: https://groups.google.com/forum/#!topic/qubes-users/kamMImlGMNQ I'm guessing the plan is to set up networking, update the templates and dom0, then troubleshoot the trackpad and external monitor. I plugged in the monitor with HDMI and it didn't show up under System Tools > Display, and my touchpad doesn't show up under System Tools > Mouse and Touchpad. . Here are the outputs of some of the suggested commands in my sys-net terminal. My sys-net is based of Fedora 29. > [user@sys-net ~]$ iwconfig > lono wireless extensions. > > vif3.0no wireless extensions. > > [user@sys-net ~]$ ifconfig > lo: flags=73UP,LOOPBACK,RUNNING mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10host > loop txqueuelen 1000 (Local Loopback) > RX packets 1606 bytes 129550 (126.5 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 1606 bytes 129550 (126.5 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > vif3.0: flags=4163UP,BROADCAST,RUNNING,MULTICAST mtu 1500 > inet 10.137.0.5 netmask 255.255.255.255 broadcast 0.0.0.0 > inet6 fe80::fcff::feff: prefixlen 64 scopeid > 0x20link > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > RX packets 1093 bytes 67624 (66.0 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 170 bytes 15418 (15.0 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > [user@sys-net ~]$ iwlist > Usage: iwlist [interface] scanning [essid NNN] [last] > [interface] frequency > [interface] channel > [interface] bitrate > [interface] rate > [interface] encryption > [interface] keys > [interface] power > [interface] txpower > [interface] retry > [interface] ap > [interface] accesspoints > [interface] peers > [interface] event > [interface] auth > [interface] wpakeys > [interface] genie > [interface] modulation > > [user@sys-net ~]$ lsusb -v > > Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd > Couldnt open device, some information will be missing > Device Descriptor: > bLength18 > bDescriptorType 1 > bcdUSB 2.00 > bDeviceClass0 > bDeviceSubClass 0 > bDeviceProtocol 0 > bMaxPacketSize064 > idVendor 0x0627 Adomax Technology Co., Ltd > idProduct 0x0001 > bcdDevice0.00 > iManufacturer 1 > iProduct3 > iSerial 5 > bNumConfigurations 1 > Configuration Descriptor: > bLength 9 > bDescriptorType 2 > wTotalLength 0x0022 > bNumInterfaces 1 > bConfigurationValue 1 > iConfiguration 7 > bmAttributes 0xa0 > (Bus Powered) > Remote Wakeup > MaxPower 100mA > Interface Descriptor: > bLength 9 > bDescriptorType 4 > bInterfaceNumber0 > bAlternateSetting 0 > bNumEndpoints 1 > bInterfaceClass 3 Human Interface Device > bInterfaceSubClass 0 > bInterfaceProtocol 0 > iInterface 0 > HID Device Descriptor: > bLength 9 > bDescriptorType33 > bcdHID 0.01 > bCountryCode0 Not supported > bNumDescriptors 1 > bDescriptorType34 Report > wDescriptorLength 74 > Report Descriptors: >** UNAVAILABLE ** > Endpoint Descriptor: > bLength 7 > bDescriptorType 5 > bEndpointAddress 0x81 EP 1 IN > bmAttributes3 > Transfer TypeInterrupt > Synch Type None > Usage Type Data > wMaxPacketSize 0x0008 1x 8 bytes > bInterval 4 > > Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > Couldnt open device, some information will be missing > Device Descriptor: > bLength
[qubes-users] HCL - Lenovo 81XG, Flex 14 inch, Model 81XG000EUS
*Installation* Installed to hard drive. Secure boot was disabled. Legacy boot mode can be enabled, but EUFI works fine; no troubleshooting was required. Trackpad/touchpad didn't work during installation. I used a Logitech M510 USB mouse. To make the hard drive visible during installation, in the BIOS, change the Storage Controller from RST to AHCI. USB Qubes not configurable from initial configuration menu. The keyboard could be a USB keyboard. Or maybe the USB Mouse prevented me from configuring the USB Qubes. On start-up and shut-down, I get > [FAILED] Failed to start Load Kernel Modules. > See 'systemctl status systemd-modules-load.service' for details. > *Works without further troubleshooting* Lock screen *Requires Troubleshooting* Wifi Trackpad/touchpad Suspend Touchscreen HDMI external display Troubleshooting steps may be similar to those listed at https://groups.google.com/forum/#!msg/qubes-users/zCLYDy1bRKw/E58GDOgRBAAJ *Untested* Fingerprint scanner Bluetooth Camera Ethernet Microphone (although it shows up in devices with other USB drives) *Thoughts* There appears to be no TPM. Built-in keyboard and USB mouse are a bit laggy. This model uses a 10th gen i5-10210U processor; a newer model. This was the cheapest 16gb ram laptop available at Costco.com at this time at $721 after tax and shipping. Making newer, cheaper models compatible with Qubes could be a way to bring more new users to the OS. *Purchase Link:* https://www.costco.com/lenovo-flex-14-2-in-1-touchscreen-laptop---10th-gen-intel-core-i5-10210u---1080p.product.100517162.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b68621d3-a579-4473-b55a-d1e6f73f9abb%40googlegroups.com. Qubes-HCL-LENOVO-81XG-20191204-102948.yml Description: Binary data
Re: [qubes-users] How do I get Started?
Thank you for your help. On Tuesday, December 3, 2019 at 12:10:11 PM UTC-8, Claudia wrote: > > Qubes User: > > I just installed Qubes on a new laptop. I'm trying to do some basic > things > > not listed on https://www.qubes-os.org/getting-started/ > > > > 1. How do I get connected to my wi-fi? > > The networkmanager applet should appear in the task tray (next to the > clock). Just click on that and select a network. Make sure sys-net is > running. Can you manually launch networkmanager in sys-net? Do you see > your network card in iwconfig, ifconfig, lsusb, lspci, in sys-net? > > When I click the applet, I see: Ethernet Network device not managed VPN Connections > I don't see my WiFi networks. When I launch network manager in sys-net, I tried to manually input the information for my WiFi (with the SSID and WPA2/Personal), but it doesn't connect after. When I run "lsusb" in the dom0 terminal, I get: Realtek Semiconductor Corp VIA Labs, Inc. Linux Foundation 3.0 root hub blank Chicony Electronics Co., Ltd VIA Lbs, Inc. Logitech, Inc. Unifying Receiver (for my usb mouse) Terminus Technology Inc. VIA Labs, Inc. Intel Corp. Linux Foundation 2.0 root hub None of these are my network cards, right? > > 2. How do I use an external display with HDMI? (just plugging it in > doesn't > > work for me) > > What do you see when you plug it in? "No signal"? Blank screen? > > You might have to do some configuration in XFCE. Look under system tools > for monitor/screen settings. Otherwise, you could try installing KDE. > > https://www.qubes-os.org/doc/kde/ > > Note that a lot of hardware features don't always work in Qubes. HDMI is > not tested very often by Qubes users, so I don't know if HDMI usually > works or not. > > Does it work when running a Fedora 25 live CD? Did you have it working > on this machine on any other operating systems? > When I plug in my HDMI, nothing happens. On Windows, the external display works when I plug it in. I can try running Fedora on a live usb to see what happens. > > > 3. How do I reduce the lag on my USB mouse? > > I'm afraid I don't know much about this. Are you using dom0 or sys-usb? > Is anything else laggy? Does the touchpad (if any) work alright? > > You can try temporarily disabling sys-usb so devices are attached to > dom0. See if it works any better that way. > https://www.qubes-os.org/doc/usb-qubes/#removing-a-usb-qube I don't think I have usb-qubes enabled. I wasn't able to enable them after installation, maybe because I have a USB keyboard. However, my touchpad/trackpad doesn't work. What can I do about that? > > > - > This free account was provided by VFEmail.net - report spam to > ab...@vfemail.net > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of > the NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options! > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38321cc0-496a-4811-9cf7-46249e16ee4b%40googlegroups.com.
[qubes-users] How do I get Started?
I just installed Qubes on a new laptop. I'm trying to do some basic things not listed on https://www.qubes-os.org/getting-started/ 1. How do I get connected to my wi-fi? 2. How do I use an external display with HDMI? (just plugging it in doesn't work for me) 3. How do I reduce the lag on my USB mouse? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a48b2391-9159-46b3-b465-9ba3b6066938%40googlegroups.com.
[qubes-users] Re: HCL - Thinkpad X1 Carbon 5th gen - Qubes 4.0-rc3
How do you add psmouse.synaptics_intertouch=1 to the dom0 kernel parameter? On Friday, December 15, 2017 at 5:57:20 PM UTC-8, Marek Marczykowski-Górecki wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Sat, Dec 16, 2017 at 01:54:09AM +0100, Marek Marczykowski-Górecki > wrote: > > Hi, > > > > I have some initial comments about Qubes 4.0rc3 on Lenovo Thinkpad X1 > > Carbon 5th gen. I'll dig further into issues listed below. But for now I > > wouldn't call it "works out of the box", unfortunately :/ > > > > - EFI installer do not boot - gets back into grub instantly, > /noexitboot > >/mapbs do not help > > - legacy mode install works fine (although I've noticed small graphics > >glithes once or twice) > > - at next boot grub is horribly slow (you can see drawing each char) > > - system starts with default kernel (4.9.56) > > - trackpoint/touchpad do not work: > > > > psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte > 1 > > psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte > 1 > > psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte > 1 > > psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte > 1 > > psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte > 1 > > psmouse serio1: issuing reconnect request > > psmouse serio1: synaptics: queried max coordinates: x [..5678], y > [..4758] > > psmouse serio1: synaptics: queried min coordinates: x [1266..], y > [1094..] > > Fixed by adding psmouse.synaptics_intertouch=1 dom0 kernel parameter > (available in 4.14+). > > > > > - suspend: hang on suspend (green light flash quickly) > > > > Next step: upgrade dom0 (only!) kernel to 4.14.6 > > (https://github.com/QubesOS/qubes-linux-kernel/pull/13). You need to > > build it yourself, there is no > > binary package available, yet. > > > > Then add iwlmvm and iwlwifi to /rw/config/suspend-module-backlist in > sys-net > > > > - this fixed suspend issue, wireless also works after suspend > > - touchpad/trackpoint still do not work > > > > Other issues: > > - https://github.com/QubesOS/qubes-issues/issues/3108 > > > > > > Untested: > > - mic > > - camera > > - ethernet > > - thunderbolt (and do not plan to) > > - WiGig (does it even have Linux support?) > > - bluetooth > > - NFC > > - fingerprint reader (do not plan to test) > > > > Attached hardware info. > > > > > > > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJaL3qDAAoJENuP0xzK19csKzYH/iu1x869BqLeOkf2tthetBaK > njaKZb9SfP8QvX8XUPZcVOwCOldFuHjzGGf+zrCM3IRtsUKf3Ry6suKH7YRrmP2a > qUScHkusfDePDH47XpFnKvE2vRINCbd6j709dttr/GZtAHTKx8J6B6ZDuQl1YkSH > gqyQkW0FDtC3jEEQnAyh5249OwJjxW56EM/WvlVOqykBkx7GkmTPGk5PSVB76i+b > W3QFlj+XEmryMSbp51Nzzb1yuK7nkMiKcZBC74bg+/jOjipH/j4vphAnzMzZ/5MK > wi3vXzjf4G+M+IrsGbSOerURadQMsQTiEwVaeydquQOc7Op72vD5LsvoJUhOu8U= > =aCgK > -END PGP SIGNATURE- > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c97c0518-a3ef-419e-9efe-da562300c8f3%40googlegroups.com.
[qubes-users] Docker Bridge Mode Not Working in Qubes
Hi, So basically: docker run -it --network=bridge ubuntu No internet... docker run -it network=host ubuntu Internet! (apt-get update works) Bridged mode works on my laptop but not on Qubes with the same version of docker. (18.09.1 from docker.io package) I'm new to docker so if I have any misconceptions then please forgive me. I also read this: https://www.qubes-os.org/doc/network-bridge-support/ and am not sure if it is relevant to the situation and if so how I can get it working with that. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3424181552870329%40iva3-a2a8aac410a1.qloud-c.yandex.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Issue finishing install. after reboot
So, I've tried looking for an answer and can't find anything. I've tried using different settings on Rufus. All the ones that work end with this same issue. I can install qubes. Mostly. When I get to the part after reboot is where I have issues. It tells me something along the lines of being unable to create the sys net qube. Then I press ok and finish and there no way to connect to the internet besides an Ethernet connection. I went to the terminal and did sudo journalctl . I'm going to start putting in everything that says failed or error or is just in red. Hopefully there's not too much... Failed to find module 'uniput' line 655 ACPI Error: Field [TBF3] at bit offset/length 188416/196608 exceeds size of target buffer (368640 bits) (20170728/dsopcode-235) line 784 ACPI Error: Method parse/execution failed \_SB.PCI0.PEG.VID.GETB, AE_AML_BUFFER_LIMIT (20170728/psparse-550) line 785 ACPI Error: Method parse/execution failed \_SB.PCI0.PEG.VID.GETB, AE_AML_BUFFER_LIMIT (20170728/psparse-550) line 786 TBD: tbd_open_ex: could not open file /var/lib/xenstored/tbd: No such file or directory line 1269 Checking store ... Line 1270 Checking store complete. Line 1276 Error loading modules: Error opening directory '/usr/lib64/udisks2/modules': No such file or directory line 1337 ['/usr/bin/qvm-start', 'sys-firewall'] failed: stdout: "" stderr: "Cannot connect to qrexec agent for 60 seconds, see /var/log/xen/console/guest-sys-net.log for details " lines 4829-4832 Can't find send mail at /usr/sbin/send mail, not mailing output line 5170 I don't think I missed anything, but if there's something specific you want me looking for... I'm using a lenovo Thinkpad w530. I have both legacy and bios enabled with legacy first. Secure boot off. I did have qubes working at one point, but it crashed last week...I probably broke it with my noobishness. This is me trying to just do a fresh install. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/DB6PR0801MB1350119589517E45F72FB5BBC1930%40DB6PR0801MB1350.eurprd08.prod.outlook.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Time Sync Failed and one other problem
I have two problems right now in Qubes. When I do qubes-dom0-update, the first thing it says is 'Time Sync Failed! - Exiting'. When I do qvm-sync-clock, it says the same thing. I did timedatectl set-ntp 1 to see if that would fix it, same error. The other problem also comes up when I run qubes-dom0-update. Qubes is still downloading updated for Fedora 23 when I've had Fedora 24 for months. I don't have the Fedora 23 template anywhere on the machine (that I know of). To clarify what I mean, it is NOT installing updates for Fedora 24 (which I am using), it is looking for updates for Fedora 23. I've had many problems since installing the Fedora 24 template but I just noticed this one. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a5a56999-dd66-452d-82ff-34c5ebebc9e9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Turn standalone VM to a template VM
Hello, I have a Standalone Windows 7 VM that I want to convert to a Template VM so I can deploy clones from it like in vSphere Server. Is there a way to convert an existing Standalone VM to a Template VM? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e356b6d2-9363-4d61-a48d-5f2d2de54ea3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: epoxy on ram to prevent cold boot attacks?
On Wednesday, August 31, 2016 at 8:25:33 PM UTC+4, pixel fairy wrote: > poured some epoxy over where the ram connects to the motherboard modern RAM keeps data after hours after disconnecting in from MB. (wont search that paper now, plz search on your own). there are also physical traces of RAM state on RAM device. thats why some folks are moving keys in RAM(xoring it actually) every 10 seconds or so, in their opensource encryption software. there is papper on in too, with photo of such physical micro traces. paper also explains why RAM manufacturers are trying to keep volts as low as possible. imo encrypted RAM is more safe. but where to store keys? CPU cache, VRAM? or separate PCI device? unsure about speed of PCI vs RAM though. but safe storing keys in HW of major, massive vendors is a wrong idea because of obligatory unofficial backdooring. maybe it is possible to only encrypt part of RAM with PCI located key(original PCI storage device). example: main system is in RAM, VM's RAM is encrypted (using driver) and the key is on PCI storage device. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/512950a4-6d96-4698-833d-ccf20ba33f9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: USG - AFirewall For USB's
as far as i understand general method(control everything in data stream), adding support for new type of device is difficult, IF such HW firewall is connected to HW USB. i recall some device which transfers USB data over LAN, so user can connect any USB HW over LAN. by this way it is possible to have special VM with fresh state for every USB dev connection. after device is used, every possible not wanted effects are gone with the reset of VM. such VM could start automatically upon each USB plugin event. there is no real reason also to store such mini temp VM in SSD. it can be located in RAM. i believe Gbit LAN has potential. right now am considering some perverted "immortal SSD" idea based on following: SODIMM CHEAP (used) RAM modules (1,2,4 GB) in few motherboards. RAM disc is created in such motherboard upon boot and then shared over Gbit LAN. i believe it is possible to make very compact version for notebook(thats what am planning to do after i figure out how to connect about 16 RAMs. without having lots of notebook motherboards). motherboards are backed up by battery. how to use: before actual task, the contents of SSD copied to LAN disk. before shutdown, HW SSD (or even HDD actually) gets only updated data from this shared over LAN RAM disk. on RAM disk user can have VMs. WHY? there are plenty of cheap 1 2 4 GB used RAM modules. as far as i can remember RAM module have long lifespan. so user actually gets cheap SSD which capacity only gets bigger over time. i believe there can be one trusted HW machine and lots of untrusted HW devices shared over LAN or SPI. LAN or SPI opensource HW. LAN speed is just fine unless you want USB display or Kinect. again: main idea is to transport original HW USB data stream to the emulated (Virtual) USB connected to VM, _without firewalling it at all_. using LAN or other means. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb160e8a-c1e5-413b-88f3-b097a2f2d5b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Feature request: "HDD Airbag" analog
Feature request: "HDD Airbag" analog overview: https://support.lenovo.com/nl/en/solutions/ht003517 list of supported devices: http://support.lenovo.com/nl/en/downloads/ds015000 is it possible to add this feature to Qubes? or atleast provide some interface to poweroff/park HDD? yes, Qubes requires SSD for good operation, but imo most users like to have SSD + large HDD for media or other content. i believe qubes can be really friendly for not so geeky user, by having such features or atleast providing support so user could write such soft. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16be7dee-54e1-404a-9e42-581fba972bb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Remove menu entries in XFCE on Qubes
My mistake, it was in here > ~/.local/share/applications/ I got rid of it by doing rm fedora-23* Thanks for the help. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb834344-e5f8-4d68-8b2b-ebcfc5575cac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Remove menu entries in XFCE on Qubes
On Wednesday, February 1, 2017 at 1:21:18 PM UTC-5, raah...@gmail.com wrote: > On Tuesday, January 31, 2017 at 10:36:03 AM UTC-5, qubes-user-000 wrote: > > I'm trying to remove an entry in the applications menu for fedora 23 that's > > still there from when I updated to 24. How can I do this? > > I think its alt f3 to get the editing mode for start menu. This works to hide it but hidden is still there in a sense. Seems a little goofy that there's no way to do this, no? I understand Qubes has its parts separate intentionally but I think there's a problem in some places, like this one; where you aren't able to do something as simple as remove a menu entry. Just my 2c if there really is no way to do this properly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f844d4ad-0e6e-408c-8554-4e26f362dcf6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo Thinkpad X250
Thanks for sharing the info! Is there any issues left, or everything works fine? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23b14322-a88d-464c-8108-ab381c968336%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL Lenovo Thinkpad X250 i3-5010U
On Friday, March 11, 2016 at 2:45:50 AM UTC+4, Pablo Di Noto wrote: > So far, everything works as expected Thanks for sharing info! Have you tested graphics software yet (especially 3d editing/games)? Webcam working? Have any other issues? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea6b25ac-780c-4e77-8c97-4f020d6ddbdf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes refuses to boot
On Friday, December 23, 2016 at 2:07:51 PM UTC-5, raah...@gmail.com wrote: > from windows you can try rawrite32.exe thats what I use. > https://www.netbsd.org/~martin/rawrite32/download.html might sound like a > long shot, but worth a try at least.I have had Qubes usb problems myself > cause either bad drive or not enough space. one time everything worked right > and I was just missing a kernel I wanted to install from the repos, or for > some reason I had a different default kernel, and i coudln't figure out why > lol. On Friday, December 23, 2016 at 2:09:06 AM UTC-5, tai...@gmx.com wrote: > I have had many problems with rufus fucking up linux iso writing. > > Try using dd to write the iso in linux (NOTE: BE VERY CAREFUL - Use > /dev/disk/by-id to do writing instead of /dev/sdX or else you could > easily nuke your data) > > Whats the model of your laptop you want to install on? I check manual > for you to see what is up. I don't think it's an error with writing the iso to my usb because my other (older) laptop can boot from the live usb fine. My main laptop I'm trying to boot from is an Alienware M17X (which is on the compatibility list). So far, I've tried booting from the live iso and installed qubes with varying success. On my Alienware, I can't boot the live iso and get a blinking cursor booting the installed qubes. On an old Gateway laptop, I can boot the live iso fine, but the installed qubes reboots. Finally, on an old desktop, both the live and the installation yield a blinking cursor (with the live's appearing a few minutes after selecting from the GRUB menu). I'm about ready to just give up and wait until Qubes gets broader hardware compatibility and stability. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d189780-eb7e-4ee9-825c-016791bcbe3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Maybe a provocative question
You mentioned some good points about QubesOS. One thing I definitely dislike about QubesOS (and that's no offense of course - it's simply unavoidable, and of course that's not the developers' fault - in contrast I couldn't imagine how they could optimize it even more [maybe one could do so as a user by switching from Fedora to a distro template which needs very few ressources despite having to run multiple VMs]) is that it consumes a really huge amount of CPU and memory, even on modern hardware. Well, another approach for isolation (not in the way by VMs employed on any Linux distro, it's a totally different approach) is GNU Hurd, but it's still experimental and only works on QEMU as far as I know (didn't follow it for quite a while). However, those guys are really enthusiastic as well and maybe that could be another promising approach someday. Yes, if the NSA etc. really wouldn't be able to break into your QubesOS system, then they'll certainly have plenty of other means to gain access to your data (refer to the NSA-ANT catalogue, papers about key strokes and radio sginal interception etc.). No, I don't agree to your last paragraph. Any well-configured Linux distro plus a good firewall (pfsense etc.) / router (like Turris Omnia) will prevent any (super professional) hacker from breaking into your system, if you set up everything in the best possible way AND choose the right (open-source) hardware. Kind regards and all the best 16.10.2016, 03:47, "raahe...@gmail.com" <raahe...@gmail.com>: > On Saturday, October 15, 2016 at 9:16:52 PM UTC-4, QubesOS User wrote: >> 16.10.2016, 01:03, "raahe...@gmail.com" <raahe...@gmail.com>: >> > On Saturday, October 15, 2016 at 5:09:46 PM UTC-4, QubesOS User wrote: >> >> Hello everyone, >> >> >> >> I could imagine that this question has been discussed before already, >> and if this should be the case, then I'm very sorry for posting this (I'd be >> thankful for an according link if so though). >> >> >> >> I think that I've gained quite much knowledge about possible attack >> surfaces provided on hardware and software level during the last 15 years, >> trying to keep up-to-date and often doing research on new approaches in this >> field. First of all, I'd like to stress that the 'objection' (which I don't >> mean as such) I may raise by this post does not have any intention of >> criticizing the great work and effort done by the QubesOS developers and the >> community (it's not meant as an unhelpful 'critique' at all). Much rather I >> have a huge respect for the commitment shown by everyone involved in the >> development of QubesOS. >> >> >> >> Having compared various approaches in this field (e. g. OpenBSD, Linux >> using a hardened security kernel, GNU Hurd), I'd basically come to the >> conclusion that QubesOS is the most promising approach, especially if VT-d >> isolation is available. >> >> >> >> However, the main points I'd like to address are: >> >> >> >> 1) XEN is developed by people working for a company based in the U.S. >> (I know the difference between open-source and proprietary software, but >> still they belong to the same team/company). If even developers of TrueCrypt >> received one of those 'blue letters' - What is the reason to assume that the >> XEN developers didn't receive one of those as well? Seen from the >> perspective of the NSA it looks totally odd and irrational to me if they >> would not to so, since they can do so, and it's their task to thwart any >> efforts which might hinder them from collecting data. I don't regard those >> people as being 'evil' or anything like that (nor do I regard this as being >> positive, which should go without saying), I just look at things in a >> rational way: If QubesOS is a great approach to ensure security, then one >> must be naive to assume that this won't automatically lead to classifiying >> this as a 'high priority target' - With all the consequences. >> >> >> >> 1.2) Since this looks so obvious to me: Why isn't it a top priority for >> QubesOS developers to make use of a supervisor (or develop an independent >> one, which would surely need endless efforts, but wouldn't it be worth it?), >> which is not subjected to the objections I tried to express? >> >> >> >> 2) QubesOS totally relies on 2.1) trusting XEN developers to completely >> understand the more than just complex x64 architecture being used today and >> 2.2) on trusting Intel's VT technology. >> >> Regarding 2.2): Just assuming Intel would hav
Re: [qubes-users] Re: Maybe a provocative question
16.10.2016, 01:03, "raahe...@gmail.com" <raahe...@gmail.com>: > On Saturday, October 15, 2016 at 5:09:46 PM UTC-4, QubesOS User wrote: >> Hello everyone, >> >> I could imagine that this question has been discussed before already, and >> if this should be the case, then I'm very sorry for posting this (I'd be >> thankful for an according link if so though). >> >> I think that I've gained quite much knowledge about possible attack >> surfaces provided on hardware and software level during the last 15 years, >> trying to keep up-to-date and often doing research on new approaches in this >> field. First of all, I'd like to stress that the 'objection' (which I don't >> mean as such) I may raise by this post does not have any intention of >> criticizing the great work and effort done by the QubesOS developers and the >> community (it's not meant as an unhelpful 'critique' at all). Much rather I >> have a huge respect for the commitment shown by everyone involved in the >> development of QubesOS. >> >> Having compared various approaches in this field (e. g. OpenBSD, Linux >> using a hardened security kernel, GNU Hurd), I'd basically come to the >> conclusion that QubesOS is the most promising approach, especially if VT-d >> isolation is available. >> >> However, the main points I'd like to address are: >> >> 1) XEN is developed by people working for a company based in the U.S. (I >> know the difference between open-source and proprietary software, but still >> they belong to the same team/company). If even developers of TrueCrypt >> received one of those 'blue letters' - What is the reason to assume that the >> XEN developers didn't receive one of those as well? Seen from the >> perspective of the NSA it looks totally odd and irrational to me if they >> would not to so, since they can do so, and it's their task to thwart any >> efforts which might hinder them from collecting data. I don't regard those >> people as being 'evil' or anything like that (nor do I regard this as being >> positive, which should go without saying), I just look at things in a >> rational way: If QubesOS is a great approach to ensure security, then one >> must be naive to assume that this won't automatically lead to classifiying >> this as a 'high priority target' - With all the consequences. >> >> 1.2) Since this looks so obvious to me: Why isn't it a top priority for >> QubesOS developers to make use of a supervisor (or develop an independent >> one, which would surely need endless efforts, but wouldn't it be worth it?), >> which is not subjected to the objections I tried to express? >> >> 2) QubesOS totally relies on 2.1) trusting XEN developers to completely >> understand the more than just complex x64 architecture being used today and >> 2.2) on trusting Intel's VT technology. >> Regarding 2.2): Just assuming Intel would have received some kind of >> 'advice' (they may even find motivation without getting such - I certainly >> don't think that Intel is an 'NSA subcontractor', but they are simply a big >> and profit-orientated company, not an idealistic open-source community like >> the QubesOS developers etc.) - Then how realistic is it that an absolutely >> professionally designed and implemented backdoor etc. as the result of sheer >> endless human, technological and financial ressources gets discovered by >> people like the QubesOS community, no matter how enthusiastic, intelligent, >> cautious and sceptical those are? >> >> Referring once again to 2.1) I'd like to point to and quote from a highly >> interesting Qubes Security Bulletin >> (https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-018-2015.txt): >> "2) We are not entirely convinced if the way Xen Security Team decided to >> address this vulnerability is really optimal, security wise. It seems like a >> more defensive approach would be to get rid of this >> dangerous construct of reusing the same memory for both an internal pointer >> and VM-provided data. Apparently Xen developers believe that they can fully >> understand the code, with all its execution paths, for decoding x86 >> operands. This optimistic attitude seems surprising, given the very bug >> we're discussing today." >> [One should read the whole bulletin to know the context, but I didn't want >> this to become too long.] >> >> One might also like to take a look at this bulletin, which gives me, among >> other XEN-related informations and facts, the strong impression that seeking &g
[qubes-users] Maybe a provocative question
Hello everyone,
I could imagine that this question has been discussed before already, and if
this should be the case, then I'm very sorry for posting this (I'd be thankful
for an according link if so though).
I think that I've gained quite much knowledge about possible attack surfaces
provided on hardware and software level during the last 15 years, trying to
keep up-to-date and often doing research on new approaches in this field. First
of all, I'd like to stress that the 'objection' (which I don't mean as such) I
may raise by this post does not have any intention of criticizing the great
work and effort done by the QubesOS developers and the community (it's not
meant as an unhelpful 'critique' at all). Much rather I have a huge respect for
the commitment shown by everyone involved in the development of QubesOS.
Having compared various approaches in this field (e. g. OpenBSD, Linux using a
hardened security kernel, GNU Hurd), I'd basically come to the conclusion that
QubesOS is the most promising approach, especially if VT-d isolation is
available.
However, the main points I'd like to address are:
1) XEN is developed by people working for a company based in the U.S. (I know
the difference between open-source and proprietary software, but still they
belong to the same team/company). If even developers of TrueCrypt received one
of those 'blue letters' - What is the reason to assume that the XEN developers
didn't receive one of those as well? Seen from the perspective of the NSA it
looks totally odd and irrational to me if they would not to so, since they can
do so, and it's their task to thwart any efforts which might hinder them from
collecting data. I don't regard those people as being 'evil' or anything like
that (nor do I regard this as being positive, which should go without saying),
I just look at things in a rational way: If QubesOS is a great approach to
ensure security, then one must be naive to assume that this won't automatically
lead to classifiying this as a 'high priority target' - With all the
consequences.
1.2) Since this looks so obvious to me: Why isn't it a top priority for QubesOS
developers to make use of a supervisor (or develop an independent one, which
would surely need endless efforts, but wouldn't it be worth it?), which is not
subjected to the objections I tried to express?
2) QubesOS totally relies on 2.1) trusting XEN developers to completely
understand the more than just complex x64 architecture being used today and
2.2) on trusting Intel's VT technology.
Regarding 2.2): Just assuming Intel would have received some kind of 'advice'
(they may even find motivation without getting such - I certainly don't think
that Intel is an 'NSA subcontractor', but they are simply a big and
profit-orientated company, not an idealistic open-source community like the
QubesOS developers etc.) - Then how realistic is it that an absolutely
professionally designed and implemented backdoor etc. as the result of sheer
endless human, technological and financial ressources gets discovered by people
like the QubesOS community, no matter how enthusiastic, intelligent, cautious
and sceptical those are?
Referring once again to 2.1) I'd like to point to and quote from a highly
interesting Qubes Security Bulletin
(https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-018-2015.txt):
"2) We are not entirely convinced if the way Xen Security Team decided to
address this vulnerability is really optimal, security wise. It seems like a
more defensive approach would be to get rid of this
dangerous construct of reusing the same memory for both an internal pointer and
VM-provided data. Apparently Xen developers believe that they can fully
understand the code, with all its execution paths, for decoding x86 operands.
This optimistic attitude seems surprising, given the very bug we're discussing
today."
[One should read the whole bulletin to know the context, but I didn't want this
to become too long.]
One might also like to take a look at this bulletin, which gives me, among
other XEN-related informations and facts, the strong impression that seeking an
alternative hyperadvisor should have higest priority for the QubesOS
development (believe me, I'd more than like to contribute to doing so by
myself, too, and if I shold be able to aquire the necessary skills, I'll
definitely try to do so):
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt
"A more radical reader might be of the opinion that we should completely
replace Xen with some other hypervisor. Such an opinion is surely not
unfounded, as we have previously expressed our disappointment in the Xen
security process [5]. Sadly, not much has improved over the past several
months. Moreover, even though Qubes is now based on a hypervisor-abstracting
architecture ("Odyssey"), which should make switching to a different VMM a
relatively easy task, the primary problem that
Re: [qubes-users] feature request: luksAddNuke
On Tuesday, February 17, 2015 at 3:17:08 PM UTC+4, Andrew wrote: > (and only ever work on clones of your disk). this will work only with clones of _not corrupted_ data. ofcourse user can have special method of destroying data, but having such extra method encapsulates key data nature (location of headers, ...) from user. if user somehow has low tech knowledge level, it should design and develop tools for traceless data destruction, if failed to find existing. R isnt fast and easy task. > Even if you encountered such a miraculously dumb government, you might > still be exposing yourself to criminal liability (or worse) for > knowingly causing the destruction. only in case of provable intentional destruction -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3c876c2-0568-4500-9e7f-f52c8feb99e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] how to run Windows quest vm in Qubes on hw without required features (vt-d)?
more specific - Lenovo Y580 is listed in hcl as having no proper hw features.(vt-d) what for? 1) using Qubes instead of non-hypervisor based OS is more safer, even without features like hardware virtualization. . 2) using hypervisor is more convenient than using virtualization soft like VirtualBox -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f2547cd-b9ad-472b-9bf1-d5aef957b4be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
