[qubes-users] Re: fedora warning

[yrebstv]

personally, I find the vulgarity doesn't contribute anything, but I'm
not the admin  here,  so  carry  friggin on  sh*t

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fc7e0b721c2a3c6bf0bcc6ff33f31c6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Yubikey for OTP password manager 2FA only ...with Q4.5 sys-usb please

[yrebstv]

https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard

I wonder if this might fix  the yubikey OTP function  since  the yubikey
mimics  a HID keyboard 

R4.0, using salt

To allow USB keyboard usage (including early boot for LUKS passphrase),
make sure you have the latest qubes-mgmt-salt-dom0-virtual-machines
package (simply install dom0 updates) and execute in dom0:

sudo qubesctl state.sls qvm.usb-keyboard

The above command will take care of all required configuration,
including creating USB qube if not present. Note that it will expose
dom0 to USB devices while entering LUKS passphrase. Users are advised to
physically disconnect other devices from the system for that time, to
minimize the risk.

If you wish to perform only subset of this configuration (for example do
not enable USB keyboard during boot), see manual instructions below.

.
don't suppose anyone has tried this ?


I also am looking to get rid of my PS2 adapter, as its size messes up
the desktop USB port ..

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b585c90b438835f33063b30596d1b20%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL report for Lenovo ThinkPad T520 4240-4HG

[yrebstv]

Jan Hustak  

Feb 6

Hello, 

See attached. Regarding BIOS settings mentioned in "remark": the 
combination of both VT-d and Discrete Graphics being ON causes the 
installer to freeze. If configured post-install, it causes the OS to 
freeze while booting. 

Turning VT-d OFF allows for installation (with warning) but breaks 
networking and who knows what else. As the remark states, the proper 
configuration is VT-d ON and Discrete Graphics OFF. 

jh 


-


Hello, per 
https://groups.google.com/forum/#!msg/qubes-users/TB0r0Qv0yhc/l4e1tsCBAQAJ

I am attempting to install Q4.0 rc5 from a USB drive on a Thinkpad T520
4240-4AU  UEFI BIOS Version 8AET62WW (1.42) 

I note from the HCL Mr.Jan , says to disable "discrete graphics"  (I did
enable VT-d) , If I go to  Config -> Display , there is no reference to
"discrete graphics" it offers 1 option on Boot Display Device  "thinkpad
LCD", Analog VGA , etc 

Further, I have chosen  "UEFI only"  in the Startup-> UEFI/Legacy Boot  
choice  AND
I see no "secure boot" anywhere to disable. 

NOW when I boot off the USB Drive I see the line of penguins and then 
probably all the  loading information  BUT, it is all in warped and
unreadable .  So , I tried Legacy Mode, and it just stops @ a "
failed to load ldlinux.c32"   etc 


I , also , am aware of :
https://www.qubes-os.org/doc/thinkpad-troubleshooting/

but, again there is no "secure boot" option to disable ;  this  USB
stick  *Was  created  with dd if of  ; but the URL doesn't specifically 
reference the T520 .. and the solution looks quite involved 
.. is this my only choice at this stage ?

or is there some "discrete graphics"  to disable that I can't find  ?? 

the HCL Bios version  Mr. Jan  references for 4.0  is  8AET51WW (1.31 ) 
, if anything mine seems to be slightly newer and  should it  have
"discrete graphics" to disable ?


with the graphics messed up,  don't think I can't get to the Intel
HD3000 reference, that seems to be something to be done after
installation in any event?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2670eccedd8ccadd1d4314e6549d7ae3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] please remind me how to remove orphaned Domain: menu items, the AppVM is gone, but I still see it listed in the Application 'Q' menu in 3.2

[yrebstv]

On 2018-03-18 12:31, Unman wrote:
> On Sun, Mar 18, 2018 at 02:51:30PM -0700, yreb...@riseup.net wrote:
>> On 2018-03-13 16:36, awokd wrote:
>> > On Wed, March 14, 2018 12:30 am, yreb...@riseup.net wrote:
>> >> please remind me how to remove orphaned Domain: menu items,  the AppVM is
>> >> gone, but I still see it listed in the Application 'Q' menu in 3.2
>> >>
>> >> but not in  qvm-ls  ; I don't want to remove the wrong  config file
>> >> somewhere ,  I can't seem to find it in the  old  group  postings, though
>> >> I know it's there
>> >
>> > Look in the R3.2 section:
>> > https://www.qubes-os.org/doc/managing-appvm-shortcuts/
>>
>> hmm the issue seems to be that I have now upgraded debian-8 TemplateVM
>> to debian-9
>>
>> and the AppVM that won't go-away is based on the debian-8  TemplateVM
>> based on what I see in the menu-items in the "Q" menu..
>>
>> So:::
>>
>> something like:  qvm-sync -appmenus debian-8  isn't going to work   as
>> the Template is gone ...
>>
>> Further: after the debian-9 upgrade  I did do :
>>
>> [user@dom0 ~]$ sudo yum remove qubes-template-debian-8
>>
>> However, it ALSO is still in the "Q" menu on the taskbar  &  the
>> Right-Click  menus  Domain lists
>>
>>
>> any other ideas, besides this post and the previous one where I deleted
>> :
>>
>> /var/lib/qubes/appvms/  to no effect  .
>>
> Have you looked at:
> https://www.qubes-os.org/doc/remove-vm-manually/


ah yes, that was what I did last year at some point,  I guess I need to
add to my  list 'learn how to search qubes docs'  really 

steps 1 and 2 already did but not  3 -4   

thank you sir/s 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9fc1e2fa015a5e485ba816743d5eb915%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] please remind me how to remove orphaned Domain: menu items, the AppVM is gone, but I still see it listed in the Application 'Q' menu in 3.2

[yrebstv]

On 2018-03-13 16:36, awokd wrote:
> On Wed, March 14, 2018 12:30 am, yreb...@riseup.net wrote:
>> please remind me how to remove orphaned Domain: menu items,  the AppVM is
>> gone, but I still see it listed in the Application 'Q' menu in 3.2
>>
>> but not in  qvm-ls  ; I don't want to remove the wrong  config file
>> somewhere ,  I can't seem to find it in the  old  group  postings, though
>> I know it's there
> 
> Look in the R3.2 section:
> https://www.qubes-os.org/doc/managing-appvm-shortcuts/

hmm the issue seems to be that I have now upgraded debian-8 TemplateVM
to debian-9  

and the AppVM that won't go-away is based on the debian-8  TemplateVM
based on what I see in the menu-items in the "Q" menu..

So:::

something like:  qvm-sync -appmenus debian-8  isn't going to work   as
the Template is gone ... 

Further: after the debian-9 upgrade  I did do :

[user@dom0 ~]$ sudo yum remove qubes-template-debian-8

However, it ALSO is still in the "Q" menu on the taskbar  &  the 
Right-Click  menus  Domain lists 


any other ideas, besides this post and the previous one where I deleted
:

/var/lib/qubes/appvms/  to no effect  .


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/566ba54571d3291e97b396081b3af3cb%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: T520 for Qubes 4.0 , can I / should I boot Win7 HDD, and Qubes 4.0 from an SSD?

[yrebstv]

well looks like both an argument For and Against buying a drive-cd
caddie

for:
can remove the HDD with win10 on it and just use it when needed

against:
keep a CD with a bootloader on it in the CDROM drive  ( what % of users
of qubes are booting off a bootloader on a CD )


believe it or not,  somehow I'm really not worried at all that someone
is going to gain access to my laptop,  though it being a laptop and
travelling  US-> INT'l  I suppose it's possible 



bigger issue now is what condition to buy a T520 eg "verygood" i7 (which
is listed on HCM , though not the submodel) and installing extra RAM to
12GB  for double  what I might buy

an i5 T520 with 12gb installed already which oddly  seems To  match the
submodel  but not the cpu  type ... 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/735bf088b19cb271889e184feee3eb92%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] T520 for Qubes 4.0 , can I / should I boot Win7 HDD, and Qubes 4.0 from an SSD?

[yrebstv]

T520 for Qubes 4.0 , can I / should I boot Win7 HDD, and Qubes 4.0 from
an SSD?

I'm looking at buying an i7 T520 that is listed as working on the HCM
list on a website, for like $250, I see them cheaper on ebay but , the
thing has 4GB ram , by adding a DVD tray / caddie for an SSD and an SSD
and 4GB ram, I add another $140  or so  to the cost   so am
wondering  if this technically would not have the issue where  dual
booting is considering insecure, if I'm actually booting from 2 separate
HDs ;  and/or  if  doing the Qubes 4.0  install  is going to be any
tricker or easier  with 2 HD,  assuming,  I wasn't planning on  doing
another  dual boot off  1 HD again 


thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a377e5897e6e92f43ecfeef04de45e03%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] please remind me how to remove orphaned Domain: menu items, the AppVM is gone, but I still see it listed in the Application 'Q' menu in 3.2

[yrebstv]

On 2018-03-13 16:36, awokd wrote:
> On Wed, March 14, 2018 12:30 am, yreb...@riseup.net wrote:
>> please remind me how to remove orphaned Domain: menu items,  the AppVM is
>> gone, but I still see it listed in the Application 'Q' menu in 3.2
>>
>> but not in  qvm-ls  ; I don't want to remove the wrong  config file
>> somewhere ,  I can't seem to find it in the  old  group  postings, though
>> I know it's there
> 
> Look in the R3.2 section:
> https://www.qubes-os.org/doc/managing-appvm-shortcuts/

ok, I did remove the dir /var/lib/qubes/appvms/ , however have not as yet rebooted to see,
but as of now it still persists

if I do qvm-sync-appmenus   it just tells me that fooVM doesn't
exist


this isn't how I recall sync'ing menus before ..hmm

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9aaacecca5ee252f88b306c07cf3a5a7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] please remind me how to remove orphaned Domain: menu items, the AppVM is gone, but I still see it listed in the Application 'Q' menu in 3.2

[yrebstv]

please remind me how to remove orphaned Domain: menu items,  the AppVM
is gone, but I still see it listed in the Application 'Q' menu in 3.2

but not in  qvm-ls  ; I don't want to remove the wrong  config file
somewhere ,  I can't seem to find it in the  old  group  postings,
though I know it's there 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/711dc467a87b0758d81e8a4eba81ee50%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

[yrebstv]

is there any harm in leaving Template fedora-26-clone-printer-only  
connected to sys-net directly Not to sys-firewall ?

as of now it is working , I just made the Template the default for  DVMs
and print documents  from  the "open in DVM"

I am using Q3.2 , yes. 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/474d69b0744394a87c3fa0a1bc3ebc6e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

[yrebstv]

On 2018-03-01 18:47, awokd wrote:
> On Fri, March 2, 2018 4:20 am, yreb...@riseup.net wrote:
>> On 2018-03-01 18:16, awokd wrote:
>>
>>> On Fri, March 2, 2018 4:10 am, yreb...@riseup.net wrote:
>>>
>>>
 When you see the message "Will you specify the DeviceURI ?",



 For USB Users: Choose N(No)
 For Network Users: Choose Y(Yes) and DeviceURI number.
 ---



 So, I chose "yes" then it wanted something like the IPP:// address
 ;

>>>
>>> You have to put your printer's IP address in here.
>>>
>>>
 I
 may have put in the gateway address  and got nowhere I guess your
 saying it doesn't matter if it didn't work in the Template ,
>>>
>>> Right, doesn't matter it doesn't work, but put in the right IP address.
>>>
>>>
>>>
 And for the IP address of the printer in the AppVM use the gateway of
  the AppVM ?

 in system-config-printer  there are various options  in settings->
 device URI: usb://dev/usblp0  is  filled in ,  and in printer state it
  say "waiting for printer to become available"
>>>
>>> Change this to IPP:// and your printer's address.
>>>
>>>
>>>
 perhaps I DONT need to tweak the fw settings in the VM Manager,  but
 how or do I need to input the IP of the printer  (I have a DDWRT
 router fwiw, if I'm supposed to assign a static IP somehow, and if
 that is not going to mess up the other computers using the network
 printer)
>>>
>>> Check what IP address they are printing to.
>>>
>>>
 As a final option,  I don't use sys-usb qubes,  so maybe I could
 connect the USB cable  and try it that way instead ... sigh


>>
>>
>> thanks for responding , as you can see the common theme, is I've no clue,
>> how to find my printer IP , and apparently  it may change if it's not
>> static?
> 
> Look in system-config-printer on one of your working systems. Yes, it
> might change if it's not static. How did you set up the other system?
> 
>> I had been told that the gateway address Was the printer IP  , but I've
>> really no idea
> 
> That's usually incorrect, unless the printer is connected directly to your
> router by USB.

The working Linux Mint system says :
dnssd://Brother%20HL-L2360D%20series._ipp._tcp.local/ 

I pasted that into the AppVM as root with system-printer-config  ->
settings-> change -> IPP (ipp)  
and IPP (ipps)   with no luck 

I did notice when I launched system-printer-config in terminal I see:
Error creating proxy: The connection is closed (g-io-error-quark, 18)

doing a web search on it but not hopeful 


1) does it matter is system-printer-config runs as root or user in AppVM

2) will re running the driver setup /cups etc tarball package conflict
with what I already did in the fedora-26-cloneprinter Template VM ?

3) I'm afraid static IPs  are going to be a nonstarter  for  chronic 
newb as myself  https://dd-wrt.com/phpBB2/viewtopic.php?t=263998


4) so much for  qubes printing is so easy  posts I've seen .. even
without a sys-usb  :P



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9098b02a093c155c3d1a238ef9226de4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

[yrebstv]

sorry, yes, so if I do  system-config-printer -> settings-> device URI
then click "change" -> find network printer,  and I input the gateway
for the AppVM and it doesn't find the printer , perhaps the printer has
a different  IP  ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e984dad95c661c4ab92ebbb4036334b4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

[yrebstv]

On 2018-03-01 15:07, awokd wrote:
> On Fri, March 2, 2018 12:20 am, yreb...@riseup.net wrote:
>> per the network printing docs it says to :
>>
>>
>>
>> "Open an AppVM (make sure it’s based on the template where you just
>> installed the printer, normally all AppVMs are based on the default
>> template), and test if printing works. If it doesn’t then probably the
>> AppVM doesn’t have networking access to the printer – in that case
>> adjust the firewall settings for that AppVM in Qubes Manager."
> 
> To break it down:
> 1. Install printer into cloned template, using its network IP
> 2. Shutdown template
> 3. Start AppVM based on the cloned template
I did all this and more , installing the brother driver in the
Template ; however at the end it asks 

---
  When you see the message "Will you specify the DeviceURI ?",

 For USB Users: Choose N(No)
 For Network Users: Choose Y(Yes) and DeviceURI number.
---

So, I chose "yes" then it wanted something like the IPP:// address   ; I
may have put in the gateway address  and got nowhere
I guess your saying it doesn't matter if it didn't work in the Template
, but I'm not sure where and which IP address to put in the AppVM


> 
> If your AppVM is on sys-firewall with no custom firewall rules, you
> shouldn't have to add the printer's IP anywhere (except possibly within
> the AppVM) when you print for the first time.
> 
>> I also couldn't get anything to print from my
>> xubuntu  HVM
> 
> Are you sure the printer is on the network and Linux compatible?.yes , it 
> prints on my other  linux mint machine with the .deb package, though I used 
> the .rpm package in The template 


And for the IP address of the printer in the AppVM use the gateway of
the AppVM ?

in system-config-printer  there are various options  in settings->
device URI: usb://dev/usblp0  is  filled in ,  and in printer state it
say "waiting for printer to become available"

perhaps I DONT need to tweak the fw settings in the VM Manager,  but 
how or do I need to input the IP of the printer  (I have a DDWRT router
fwiw,  if I'm supposed to assign a static IP somehow, and if that is not
going to mess up the other computers using the network printer)

As a final option,  I don't use sys-usb qubes,  so maybe I could connect
the USB cable  and try it that way instead ... sigh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ebfad100db47e10c9b98ef42ae5a0475%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] fw for network printer setup

[yrebstv]

per the network printing docs it says to :



"Open an AppVM (make sure it’s based on the template where you just
installed the printer, normally all AppVMs are based on the default
template), and test if printing works. If it doesn’t then probably the
AppVM doesn’t have networking access to the printer – in that case
adjust the firewall settings for that AppVM in Qubes Manager."


How exactly do I do this ?  in 3.2  use the tab for firewall in the VM
manager , hit the + sign and choose  ? "any" and  what IP  ? neither the
GW nor the AppVM IP  seems to work 

I did install the driver in a cloned template VM  but it wouldn't print
from there , and I gave up ,  I also couldn't get anything to print 
from my  xubuntu  HVM 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08f016e064f69ca711d9f20b5a05a8fa%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] error opening sys-net & dom0 flashing yellow triangle

[yrebstv]

Today opening sys-net  I get these errors in the terminal , though
sys-net continues  on and  seems OK ,  I suppose by now, it is expected
behavior that sys-net takes a long time and sometimes never shutsdown ??

  File "/usr/bin/qvm-start", line 136, in 
main()
  File "/usr/bin/qvm-start", line 120, in main
xid = vm.start(verbose=options.verbose,
preparing_dvm=options.preparing_dvm, start_guid=not options.noguid,
notify_function=tray_notify_generic if options.tray else None)
  File
"/usr/lib64/python2.7/site-packages/qubes/modules/005QubesNetVm.py",
line 143, in start
vm.attach_network(wait=False)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
line 1738, in attach_network
self._format_net_dev(self.ip, self.mac, self.netvm.name))
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 530, in
attachDevice
if ret == -1: raise libvirtError ('virDomainAttachDevice() failed',
dom=self)
libvirt.libvirtError: invalid argument: network device with mac
00:16:3e:5e:6c:06 already exists



I cont'd on after  sys-net  started  via CLI  above  but occasionally I
see a dom0 flashing triangle  FWIW, maybe not related to below ??

(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set



THIRDLY,
of late qvm-shutdown --all   has been hanging and I must do a hard
reboot , or  do  qvm-shutdown VM1 VM2 VM3  etc ,  which is kind of a
pain ...


I'm not really geeky enough to know if any of these might be related or 
fix themselves,  Lastly,  I am running  the security update repo  , but
don't recall if any of these started before or after installing the
security patch  for  the intel  issues.


any suggestions to do something or nothing appreciated  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/860e350216c381a4ac7502794f7515aa%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: chromium gnome keyring how to disable in ?TempVM // Lastpass login doesn't persist FF 58

[yrebstv]

On 2018-02-03 12:31, yreb...@riseup.net wrote:
> Hello in search Qubes  Users I did find 
> 
> --
> 
> Re: [qubes-users] Re: Chromium asking about choosing password for new
> keyring?
> Other recipients: raah...@gmail.com, gaikokuji...@gmail.com
> - show quoted text -
> Exyctly, the window is coming from gnome-keyring. And it comes back, at
> least it did for me... Easiest way to disable it is to rename the
> gnome-keyring daemon in your template VM to some different name - as
> long as you don't need it elsewhere. Uninstalling gnome-keyring is
> unfortunately not easily possible due to some dumb dependency (also
> discussed elsewhere @qubes-users). 

.the 1st part anyway 

[user@computing ~]$ sudo mv /usr/bin/gnome-keyring-daemon
/usr/bin/gnome-keyring-daemon-old
[user@computing ~]$ killall gnome-keyring-daemon
[user@computing ~]$ 


> 
> At present I was trying to problem solve  while  Lastpass extension 
> won't persist in the login,  such a PITA,  think I've given up , removed
> its files and reinstalled and now it's actually worse, doesn't remember
> Username either now , before it was just the  yubikey relogin ... I
> realize  this is probably  not a Qub-user thing directly, but  .
> Chromium 63  the  login will persist between browser reboots,  so  maybe
>  I need to give up on Firefox  with Yubikey/Lastpass ; even installed in
> the test AppVM the universal LP login thingysigh

I'm thinking this may not be fixable , and maybe "a feature" at
least in FF ??

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6111e8c140411f5aff60befb3a6d187d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] chromium gnome keyring how to disable in ?TempVM // Lastpass login doesn't persist FF 58

[yrebstv]

Hello in search Qubes  Users I did find 

--

Re: [qubes-users] Re: Chromium asking about choosing password for new
keyring?
Other recipients: raah...@gmail.com, gaikokuji...@gmail.com
- show quoted text -
Exyctly, the window is coming from gnome-keyring. And it comes back, at
least it did for me... Easiest way to disable it is to rename the
gnome-keyring daemon in your template VM to some different name - as
long as you don't need it elsewhere. Uninstalling gnome-keyring is
unfortunately not easily possible due to some dumb dependency (also
discussed elsewhere @qubes-users). 
--

however I am not clear how to do this ,  I'd prefer not to break
anything.  If there is another way I can't find it in the Template
Settings ->Startup  GUI  area . I never have quite grasped why Gnome
insists on this thing.

At present I was trying to problem solve  while  Lastpass extension 
won't persist in the login,  such a PITA,  think I've given up , removed
its files and reinstalled and now it's actually worse, doesn't remember
Username either now , before it was just the  yubikey relogin ... I
realize  this is probably  not a Qub-user thing directly, but  .
Chromium 63  the  login will persist between browser reboots,  so  maybe
 I need to give up on Firefox  with Yubikey/Lastpass ; even installed in
the test AppVM the universal LP login thingysigh 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2005c731f042bd1cd69287e2b5fa6bbe%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Windows Tools

[yrebstv]

On 2018-02-02 06:37, awokd wrote:
> On Fri, February 2, 2018 9:24 am, yreb...@riseup.net wrote:
>> so, I created an win7 HVM ; and I think installed windows tools,  but when
>> I read through the qubes docs,  the instructions seem to be
>> circular.
> 
>> I guess the benefit of the AppVM over the HVM is Qubes integration for
>> copy and paste  and   anything else practical?
> 
> Qubes integration for copy/paste is one of the features provided by Qubes
> Windows Tools. Others are described on
> https://www.qubes-os.org/doc/windows-tools-3/. If you aren't sure what
> you'd use templates for, just go with an HVM. QWT installed properly in
> your Win7 HVM will allow secure copy/paste etc.


Problem is:
1) 
I can't really tell if QWT is or is not installed.  From the HVM I
wasn't able to copy out to another AppVM but  Frankly:

I don't really follow the protocol To install the QWT,  I have it from
the --repos in dom0 but then I am supposed to once flag it to install
while starting the HVM ?
or as the docs say "it may take multiple attempts" , and the way I'm
going to know besides trial copying out  would be , look at the  Win
Registry or ?


2)
I can't follow how one creates an AppVM from the HVM at all ?   I do see
an option in the  VMManager to create something called HVM Templates,
perhaps that fits the bill or 

is the paradigm for TemplateVM/AppVM somehow different in this win7  
scenario ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e211bba9d2d6da78b27fe15fe7e4e137%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Windows Tools

[yrebstv]

so, I created an win7 HVM ; and I think installed windows tools,  but
when I read through the qubes docs,  the instructions seem to be
circular. 

eg, I don't have any idea  how I would run an AppVM based on ?the Win7
HVM ??  or  should I try to make a win7 "Template HVM" instead ,  

or, how does one run an AppVM based on an HVM , doesn't make sense with
the normal Template/AppVM scheme for other templates, though I'm sure
I'm missing Something ...


I guess the benefit of the AppVM over the HVM is Qubes integration for
copy and paste  and   anything else practical?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f495819684c9f8ff93172188c507d2b4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please reference

[yrebstv]

I did   qvm-start win7 --install-windows-tools
--custom-config=/tmp/win7.conf

then 

qvm-start win7worked fine  , but  .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db05e6236baae988e2f05a09a78601e7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please reference

[yrebstv]

btw,  what behaviour do I expect if windows-tools are probably
installed?  I've no idea,  e.g. how does one increase the screen size 
or is there a plain english version of what windows-tool does ?

probably another newb question

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/194c748075aad35e3c3b137c58e70339%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please reference

[yrebstv]

nevermind .

:)

seems to be up and running with cirrus driver
https://support.hidemyass.com/hc/en-us/articles/202723596-How-to-disable-Driver-Signing-check-on-Windows

re:bcedit 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99954a6502842b7ab7dfacd73d2e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] dd command to creat an .iso from the win7 cdrom please

[yrebstv]

dd command to creat an .iso from the win7 cdrom please 

I'm trying to create a win7 HVM and am getting stuck at the magic
glowing windows logo and I discovered in the reference doc's eventually:
https://github.com/QubesOS/qubes-issues/issues/2488

only problem, Is I don't think the original doc, actually gives the dd
command arguments etc,  and somehow I'm not linuxy enough to know it. 


2)
BTW, any suggested amount of RAM or HD space to allocate in the HVM for
win7 ?

3)
Lastly, I don't think I understand step #8 
"When windows is successfully installed, disable driver signing with
bcedit (see install docs)" . 



.if these docs are meant
https://www.qubes-os.org/doc/windows-appvms/
https://www.qubes-os.org/doc/windows-appvms/ (btw  there seem to be two
different pages loading with the same URL )

https://www.qubes-os.org/doc/hvm/

I don't see any reference to bcedit  or how/where I would disable 
driver signing  sigh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09e933a7750c010b55bc02c13dfc5483%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

[yrebstv]

On 2018-01-25 13:33, awokd wrote:
> On Thu, January 25, 2018 10:51 pm, yreb...@riseup.net wrote:
> 
>> *by this if I ran sudo qubes-dom0-update
>> --enablerepo=qubes-dom0-security-testing*once,  I take it , that
>> I am still on  the Stable  Track  "repo"  so somehow  magically  I
>> have the current testing Xen version (I checked and do),  but  when the
>> security  Xen  goes to Stable ,  they will just be integrated  . so
>> currently   I have a  combination of 1 time  security Xen and the rest is
>> "current"  (Not testing) ?
> 
> Exactly!


sorry, plz just disregard, restart the AppVM disappears , guess I don't
need to know :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f11fe0f4034c1950f36eb761d84d578a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

[yrebstv]

On 2018-01-25 13:33, awokd wrote:
> On Thu, January 25, 2018 10:51 pm, yreb...@riseup.net wrote:
> 
>> *by this if I ran sudo qubes-dom0-update
>> --enablerepo=qubes-dom0-security-testing*once,  I take it , that
>> I am still on  the Stable  Track  "repo"  so somehow  magically  I
>> have the current testing Xen version (I checked and do),  but  when the
>> security  Xen  goes to Stable ,  they will just be integrated  . so
>> currently   I have a  combination of 1 time  security Xen and the rest is
>> "current"  (Not testing) ?
> 
> Exactly!

fwiw, I am noticing "qrexec not connected" in AppVM triangle in the GUI
Manager  on what appears to be a normal operating AppVM , but think I
saw it on a frozen HVM before rebooting 


is this of any particular concern .or possibly related to the new
Testing Xen packages?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba5150aa517babac1bf3c064cb73d747%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

[yrebstv]

On 2018-01-24 23:20, awokd wrote:
> On Thu, January 25, 2018 2:17 am, yreb...@riseup.net wrote:
>> On 2018-01-24 15:12, Andrew David Wong wrote:
> 
>>>
>>> These packages will migrate from the security-testing repository to the
>>>  current (stable) repository over the next two weeks after being tested
>>>  by the community.
>>
>>
>> 1)
>> The latter (security) packages will migrate, I'd assume this means ?
> 
> Yes, this is the standard model for deploying all updates including
> security. They appear in testing first for bleeding edge users, then
> stable for everyone. Sometimes bugs are found in the testing phase causing
> the package to be pulled, so unless you are comfortable rolling back
> packages yourself you should leave it on stable.
> 
>> 2)
>> Where would I find the repositories in dom0 for the track I'm currently
>> using?
> 
> If you haven't changed it manually, you are on stable.
> 
>> 3)
>> after doing the 1x securitytesting repo update, how do I check which Xen
>> package is now installed?
> 
> In dom0, "dnf list installed".
> 
>> and/or  how do I bring up the  GUI
>> update manager  when it doesn't actually need to update it doesn't persist
> 
> No GUI, but in dom0 you can force it to check for updates with "sudo
> qubes-dom0-update". Might not be following your question here.

Mostly, got it.  Just the one item I'm unsure about.  @URL:
https://www.qubes-os.org/doc/software-update-dom0/

it mentions:
--
To temporarily enable any of these repos, use the
--enablerepo= option. Example commands:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable

To enable or disable any of these repos permanently, change the
corresponding boolean in /etc/yum.repos.d/qubes-dom0.repo.
--


*by this if I ran sudo qubes-dom0-update
--enablerepo=qubes-dom0-security-testing*once,  I take it , that
I am still on  the Stable  Track  "repo"  so somehow  magically  I
have the current testing Xen version (I checked and do),  but  when the
security  Xen  goes to Stable ,  they will just be integrated  . so
currently   I have a  combination of 1 time  security Xen and the rest
is  "current"  (Not testing) ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a80d2cd6a26c9e89b67949a414f96f9d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

[yrebstv]

On 2018-01-24 15:12, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2018-01-24 16:14, yreb...@riseup.net wrote:
>> [...]
>>
>> So... there are packages *to be released *at some undefined point
>> in the near future? -- The following packages contain the patches
>> described above:
>>
>> - Xen packages, version 4.6.6-36 --
>>
>> via the normal dom0 update process ?   would be nice to see it in
>> simple English
>>
> 
> Sorry! We forgot to include our usual patching instructions. I've just
> created a pull request [1] to have this added to the QSB:
> 
> ```
> The specific packages that contain the XPTI patches for Qubes 3.2 are
> as follows:
> 
>   - Xen packages, version 4.6.6-36
> 
> The packages are to be installed in dom0 via the Qubes VM Manager or via
> the qubes-dom0-update command as follows:
> 
>   For updates from the stable repository (not immediately available):
>   $ sudo qubes-dom0-update
> 
>   For updates from the security-testing repository:
>   $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
> 
> A system restart will be required afterwards.
> 
> These packages will migrate from the security-testing repository to the
> current (stable) repository over the next two weeks after being tested
> by the community.


1)
The latter (security) packages will migrate, I'd assume this means ?  

2)
Where would I find the repositories in dom0 for the track I'm currently
using?

3) 
after doing the 1x securitytesting repo update, how do I check which Xen
package is now installed? and/or  how do I bring up the  GUI
update manager  when it doesn't actually need to update it doesn't
persist 

cc: thelist

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/239f63f73844750735049543719e3032%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

[yrebstv]

On 2018-01-23 23:29, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear Qubes Community,
> 
> We have just updated Qubes Security Bulletin (QSB) #37:
> Information leaks due to processor speculative execution bugs.
> 
> The text of the main changes are reproduced below. For the full
> text, please see the complete QSB in the qubes-secpack:
> 
> 
> 
> Learn about the qubes-secpack, including how to obtain, verify, and
> read it:
> 
> 
> 
> View all past QSBs:
> 
> 
> 
> View XSA-254 in the XSA Tracker:
> 
> 
> 
> ```
> Changelog
> ==
> 
> 2018-01-11: Original QSB published
> 2018-01-23: Updated mitigation plan to XPTI; added Xen package versions
> 
> [...]
> 
> (Proper) patching
> ==
> 
> ## Qubes 4.0
> 
> As explained above, almost all the VMs in Qubes 4.0 are
> fully-virtualized by default (specifically, they are HVMs), which
> mitigates the most severe issue, Meltdown. The only PV domains in Qubes
> 4.0 are stub domains, which we plan to eliminate by switching to PVH
> where possible. This will be done in Qubes 4.0-rc4 and also released as
> a normal update for existing Qubes 4.0 installations. The only remaining
> PV stub domains will be those used for VMs with PCI devices. (In the
> default configuration, these are sys-net and sys-usb.) To protect those
> domains, we will provide the Xen page-table isolation (XPTI) patch, as
> described in the following section on Qubes 3.2.
> 
> ## Qubes 3.2
> 
> Previously, we had planned to release an update for Qubes 3.2 that would
> have made almost all VMs run in PVH mode by backporting support for this
> mode from Qubes 4.0. However, a much less drastic option has become
> available sooner than we and the Xen Security Team anticipated: what the
> Xen Security Team refers to as a "stage 1" implementation of the Xen
> page-table isolation (XPTI) mitigation strategy [5]. This mitigation
> will make the most sensitive memory regions (including all of physical
> memory mapped into Xen address space) immune to the Meltdown attack. In
> addition, this mitigation will work on systems that lack VT-x support.
> (By contrast, our original plan to backport PVH would have worked only
> when the hardware supported VT-x or equivalent technology.)
> 
> Please note that this mitigation is expected to have a noticeable
> performance impact. While there will be an option to disable the
> mitigation (and thereby avoid the performance impact), doing so will
> return the system to a vulnerable state.
> 
> The following packages contain the patches described above:
> 
>  - Xen packages, version 4.6.6-36
> 
> [...]
> 
> Here is an overview of the VM modes that correspond to each Qubes OS
> version:
> 
> VM type \ Qubes OS version | 3.2 | 4.0-rc1-3 | 4.0-rc4 |
> - -- | --- | - | --- |
> Default VMs without PCI devices| PV  |HVM|   PVH   |
> Default VMs with PCI devices   | PV  |HVM|   HVM   |
> Stub domains - Default VMs w/o PCI | N/A |PV |   N/A   |
> Stub domains - Default VMs w/ PCI  | N/A |PV |   PV|
> Stub domains - HVMs| PV  |PV |   PV|
> 
> ```
> 
> On 2018-01-11 08:57, Andrew David Wong wrote:
>> Dear Qubes Community,
>>
>> We have just published Qubes Security Bulletin (QSB) #37:
>> Information leaks due to processor speculative execution bugs.
>> The text of this QSB is reproduced below. This QSB and its accompanying
>> signatures will always be available in the Qubes Security Pack
>> (qubes-secpack).
>>
>> View QSB #37 in the qubes-secpack:
>>
>> 
>>
>> Learn about the qubes-secpack, including how to obtain, verify, and
>> read it:
>>
>> 
>>
>> View all past QSBs:
>>
>> 
>>
>> View XSA-254 in the XSA Tracker:
>>
>> 
>>
>> ```
>>  ---===[ Qubes Security Bulletin #37 ]===---
>>
>>January 11, 2018
>>
>>
>> Information leaks due to processor speculative execution bugs
>>
>> Summary
>> 
>>
>> On the night of January 3, two independent groups of researchers
>> announced the results of their months-long work into abusing modern
>> processors' so-called speculative mode to leak secrets from the system's
>> privileged memory [1][2][3][4]. As a response, the Xen Security Team
>> published Xen Security Advisory 254 [5]. The Xen Security Team did _not_
>> previously share information about these problems via their (non-public)
>> security pre-disclosure list, of which the Qubes Security Team is a
>> member.
>>
>> In the limited time we've had to 

[qubes-users] HVM Window resizing with Ubuntu on it

[yrebstv]

So, thought I should learn how to use HVMs a bit re: the intel issue/4.0
etc. 

Was able to install Ubuntu in a HVM, however the HVM window is quite
small to do anything in , it appears to be un-resizable.  I'm not sure
if I ran Win7 on it, if there might be these "win tools" that might
change this , or maybe there is something simple I am missing?

Seems not an easy to sort through all the "windows" references when
doing search, as this isn't about the OS, but just the HVM window *size 
:)   thanks in advance   go qubes!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5f9d4402e6bc714b6adcd1bd8dda085%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Frequent 3.2 crashes , How to troubleshoot?

[yrebstv]

On 2018-01-06 08:23, awokd wrote:
> On Sat, January 6, 2018 5:32 pm, yreb...@riseup.net wrote:
> 
>>
>> The "OOM" bug, as I read it on the URL, seems to indicate only that "X"
>> crashes, in my case more often the whole system has rebooted, but perhaps
>> the OOM could also cause that?
>>
>> Plus "grep" seems to find  only 2 entries , and I've had many such
>> crashes :)
> 
> Look through that journalctl log manually and try to find more crashes.
> Might be something else besides OOM causing them too. Also, look through
> /var/log/xen/console/hypervisor.log for crash messages.

sadly, it being in dom0 complicates that, as journalctl is so huge ;
besides |more and |less  any other suggestions  on  examining logs in
dom0? 

or particular terms to grep ?  "crash" didn't seem to do much :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99d1e6fa72ffdae30ebe11b3b6200123%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Frequent 3.2 crashes , How to troubleshoot?

[yrebstv]

On 2018-01-06 03:13, awokd wrote:
> On Sat, January 6, 2018 4:06 am, yreb...@riseup.net wrote:
> 
>> Despite not using the Wireless, once in a while it pops up asking me if
>> I want to connect , and I just close the window. I'm really not sure, if
>> there is a better way to "disable" it, or if that explains  the   entry
>> above  ?
> 
> Unless that helped with the crashes, go ahead and keep using wireless. I
> think this is actually what you are hitting:
> https://github.com/QubesOS/qubes-issues/issues/3079. You can see if it's
> the same issue by doing a "sudo journalctl" after a crash and looking for
> those messages about oom-killer.

I browsed through that URL and did this on my system:

[quser4@dom0 Desktop]$ journalctl|grep oom
Dec 27 21:11:28 dom0 kernel: Xorg invoked oom-killer:
gfp_mask=0x240c0d0(GFP_TEMPORARY|__GFP_COMP|__GFP_ZERO), nodemask=0,
order=3, oom_score_adj=0
Dec 27 21:11:28 dom0 kernel:  []
oom_kill_process+0x219/0x3e0
Dec 27 21:11:28 dom0 kernel: [ pid ]   uid  tgid total_vm  rss
nr_ptes nr_pmds swapents oom_score_adj name
Dec 27 21:11:28 dom0 kernel: oom_reaper: reaped process 5560 (Xorg), now
anon-rss:0kB, file-rss:0kB, shmem-rss:270816kB
Jan 03 12:25:17 dom0 kernel: Xorg invoked oom-killer:
gfp_mask=0x240c0d0(GFP_TEMPORARY|__GFP_COMP|__GFP_ZERO), nodemask=0,
order=3, oom_score_adj=0
Jan 03 12:25:17 dom0 kernel:  []
oom_kill_process+0x219/0x3e0
Jan 03 12:25:17 dom0 kernel: [ pid ]   uid  tgid total_vm  rss
nr_ptes nr_pmds swapents oom_score_adj name
Jan 03 12:25:17 dom0 kernel: oom_reaper: reaped process 5545 (Xorg), now
anon-rss:0kB, file-rss:0kB, shmem-rss:422640kB

The "OOM" bug, as I read it on the URL, seems to indicate only that "X"
crashes, in my case more often the whole system has rebooted, but
perhaps the OOM could also cause that?

Plus "grep" seems to find  only 2 entries , and I've had many such
crashes :)


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0999243e5532ca7d2dbfce4ae1d10a3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Frequent 3.2 crashes , How to troubleshoot?

[yrebstv]

On 2018-01-05 14:31, awokd wrote:
> On Sat, January 6, 2018 12:14 am, yreb...@riseup.net wrote:
>> (XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
>> fff0, iommu reg = 82c0009f4000 (XEN) [VT-D]DMAR: reason 05 - PTE
>> Write access is not set
>>
>>
>>
>> ..repeat another 300 times :)
> 
> I'm not seeing any of the memory balancing log messages I was expecting,
> maybe they aren't listed there in 3.2? I'll check on my system later.
> 
> Is it possible to remove or disable device 04:00.0 for a while to see if
> that's causing your issue? I'm guessing it's an Ethernet card. You can
> check with "lspci".
> 
> "sudo journalctl -b" might also give you some clues.


Hi   *yes, 04:00.0 is : 

00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2)
I219-V (rev 31)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)

04:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821AE
802.11ac PCIe Wireless Network Adapter

Despite not using the Wireless, once in a while it pops up asking me if
I want to connect , and I just close the window. I'm really not sure, if
there is a better way to "disable" it, or if that explains  the   entry 
above  ? 

ok, I'll wait to hear back on which log. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e61e31940808cd867418f1e109a9e5f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Frequent 3.2 crashes , How to troubleshoot?

[yrebstv]

On 2018-01-05 13:35, awokd wrote:
> On Fri, January 5, 2018 6:54 pm, yreb...@riseup.net wrote:
>> Hello,  I've had a stable system for >6 months, but in the last month,
>> I'd say I've had 4-6 total crashes, where the machine reboots itself ,
>> then maybe 2-4  crashes where  the system doesn't reboot, but closes all
>> VMs and asks me to re-login .
> 
> Look in "xl dmesg" for memory balancing errors. You might need to add
> loglvl=all to your Xen command line.


On 01/05/2018 01:35 PM, 'awokd' via qubes-users wrote:
> On Fri, January 5, 2018 6:54 pm, 
> yrebstv-sgozh3hwpm2stnjn9+b...@public.gmane.org wrote:
>> Hello,  I've had a stable system for >6 months, but in the last month,
>> I'd say I've had 4-6 total crashes, where the machine reboots itself ,
>> then maybe 2-4  crashes where  the system doesn't reboot, but closes all
>> VMs and asks me to re-login .
> 
> Look in "xl dmesg" for memory balancing errors. You might need to add
> loglvl=all to your Xen command line.
> 
1)
Thanks for responding.  I have always have these ACPI complaints when I
boot, it may have grown to about 5-6 lines, but flashes by and continues
to boot, FWIW.

2) Below, is what a "memory balancing error" might look like?   If so ,
what , if anything in the  BIOS  or elsewhere  would you advise ??

3) 
Meanwhile.  Please excuse the long post below of 

$xl dmesg   (actually I used the copy from dom0 log feature) 

--
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000

(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
(XEN) [VT-D]DMAR:[DMA Write] Request device [:04:00.0] fault addr
fff0, iommu reg = 82c0009f4000
(XEN) [VT-D]DMAR: reason 05 - PTE Write access is not set
 Xen 4.6.6-35.fc23
(XEN) Xen version 4.6.6 (user@[unknown]) (gcc (GCC) 5.3.1 20160406 (Red
Hat 5.3.1-6)) debug=n Tue Nov 28 12:59:56 UTC 2017
(XEN) Latest ChangeSet: 
(XEN) Bootloader: EFI
(XEN) Command line: loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M
(XEN) Video information:
(XEN)  VGA is graphics mode 1920x1080, 32 bpp
(XEN) Disc information:
(XEN)  Found 0 MBR signatures
(XEN)  Found 2 EDD information structures
(XEN) EFI RAM map:
(XEN)   - 00058000 (usable)
(XEN)  00058000 - 00059000 (reserved)
(XEN)  00059000 - 0009f000 (usable)
(XEN)  0009f000 - 000a (reserved)
(XEN)  0010 - 5cec8000 (usable)
(XEN)  5cec8000 - 5cec9000 (ACPI NVS)
(XEN)  5cec9000 - 5cef3000 (reserved)
(XEN)  5cef3000 - 5cf43000 (usable)
(XEN)  5cf43000 - 5dc64000 (reserved)
(XEN)  5dc64000 - 76e59000 (usable)
(XEN)  76e59000 - 777b2000 (reserved)
(XEN)  777b2000 - 77f99000 (ACPI NVS)
(XEN)  77f99000 - 77ffe000 (ACPI data)
(XEN)  77ffe000 - 77fff000 (usable)
(XEN)  7800 - 7810 (reserved)
(XEN)  e000 - f000 (reserved)
(XEN)  fe00 - fe011000 (reserved)
(XEN)  fec0 - fec01000 (reserved)
(XEN)  fee0 - fee01000 (reserved)
(XEN)  ff00 - 0001 (reserved)
(XEN)  0001 - 00047600 (usable)
(XEN) ACPI: RSDP 77F3, 0024 (r2 ALASKA)
(XEN) ACPI: XSDT 77F300A0, 00C4 (r1 ALASKA   A M I   1072009 AMI
10013)
(XEN) ACPI: FACP 77F51188, 010C (r5 ALASKA   A M I   1072009 AMI
10013)
(XEN) ACPI: DSDT 77F30200, 20F88 (r2 ALASKA   A M I   1072009 INTL
20120913)
(XEN) ACPI: FACS 77F98F80, 0040
(XEN) ACPI: APIC 77F51298, 0084 (r3 ALASKA   A M I   1072009 AMI
10013)
(XEN) ACPI: FPDT 77F51320, 0044 (r1 ALASKA   A M I   1072009 AMI
10013)
(XEN) ACPI: FIDT 77F51368, 009C (r1 ALASKA   A M I   1072009 AMI
10013)
(XEN) ACPI: MCFG 77F51408,

[qubes-users] Frequent 3.2 crashes , How to troubleshoot?

[yrebstv]

Hello,  I've had a stable system for >6 months, but in the last month,
I'd say I've had 4-6 total crashes, where the machine reboots itself ,
then maybe 2-4  crashes where  the system doesn't reboot, but closes all
VMs and asks me to re-login . 

The last machine reboot was after initiating a Fedora-25 update ; I have
16GB of RAM, but am always up against the max RAM  allowed , and have to
close VMs to open others etc 
Is there a particular log item I can post  or  look for  to explain or 
maybe fix this?   Or maybe  it will just fix itself  eventually ?   Kind
of annoying to have to  re-open and set up  my VMs over and over  more
than I already do .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20e8cc9161b164b818b5e21c5e9f9637%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] In Q3.2 is there official advice to upgrade to Deb-9 ?

[yrebstv]

Maybe I missed something , is there some reason to or not to  upgrade to
Deb-9 , I hardly use Deb 8 as it is , but I do use Whonix  .

I vaguely recall some reason not to, but do see it in the official docs,
how to .. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83defa4ad0c247a3ade1b4ea37cbfda5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

On 2017-12-26 10:14, awokd wrote:
> On Tue, December 26, 2017 7:15 pm, yreb...@riseup.net wrote:
>> fwiw, I am unable to actually add backupVM diskspace for the same reason,
>> duh.  I think my only option is to remove the huge dom0 file , but I'm
>> still wondering how do I get a system wide understanding of how 3.2  is
>> using the 1GB  HD,  seems should be otherwise plenty of room to run 3.2
>> ... sigh
> 
> In dom0, do
> cd /
> du -hd1
> 
> then cd into large directories and repeat du -hd1.

Ok, thx

only thing seems strange is in a Debian AppVM (my only Deb AppVM)  I
have 2 files private.img and volatile.img  which  end up  *near 1.3Gb   
any idea  if this is normal ?




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3400f0c49c70f0f85b09e13f436bc599%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

fwiw, I am unable to actually add backupVM diskspace for the same
reason, duh.  I think my only option is to remove the huge dom0 file ,
but I'm still wondering how do I get a system wide understanding of how 
3.2  is using the 1GB  HD,  seems should be otherwise plenty of room to 
run 3.2 ... sigh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84c38c96a40f58423c01f4ba3e75980c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

 re: /var/tmp  is  dom0  I am unable  to  cut and paste  from
 dom0 what I see is /dev/mapper/qubes_dom0-root  952848292
 780151168(used) 123272164(available) 87%   / and various others
 smaller directories   ; I don't know what a "partial restore"
 would look like ; I never touch dom0 :0

>>>
>>> It would be some large directories in /var/tmp that start with
>>> `restore_`. But it sounds like that's not your problem. Pretty
>>> sure it's what we diagnosed above (large backups in dom0 home).
>>>
>>
>> - And *Once something is in dom0  files  it can't be moved
>> *out to any other VMs ,
> 
> You can move files from dom0 to other VMs:
> 
> https://www.qubes-os.org/doc/copy-from-dom0/
> 
>> so guess I need to  delete the  large  AppVM backup, that is
>> *indeed in dom0 /home   and re-back it up to an another internal
>> HD  would seem to be preferable , that backing up to dom0 to
>> dom0 (since I guess I'll be backing up "everything" and if that's
>> too large then maybe I'll skip the Templates...

Well I rm 'd all but the 1 large successful photo AppVM. And instead of
re-backing it up to backupVM (AppVM) I attached another internal HD to
the backupVM and am trying to back to it( by 1st doing qvm-copy-to-vm
   , however it's complaining  "qfile-dom0-agent: File
copy: no space left on device" 

I do note that whatever qubes_dom0-root ?file is above is stating 87%
used . (this qubest install is running on a 1GB HD there should be
plenty of run, I have a lot of AppVM perhaps each one walls off a
certain amount of the HD whether they are used or not ?  or perhaps I
need to allow   backupVM  AppVM  more "Basic-> Disk storage -> private
storage max size: which is currently set to 2048MB ? l0l change that to
512000 MB   maybe ?




>> But, again just curious,  are the Templates , Whonix, and AppVMs,
>> dom0 going to be *importable   into   Qubes 4.0  ?  in general , I
>> don't really use Deb-8  which it sounds like will be in Q4.0, and
>> Fedora's Templates will be F26  *not F25 ... ?
>>
> 
> I haven't personally experimented with this much, so I'll leave it to
> someone who has done so to comment on whether it's possible.


Isn't part of the purpose for a 3.2  backup  being to enable to
eventually   "import" their  VMs  into  4.0  from 3.2  ???   Seems to me
this would be something basic  task that folks  are going to do? 
or maybe it's so trivial  for all  the  pro users out there , doesn't
need commenting ?  

or:  if 4.0  is going to come stock  with Fedora 26 ,  are  AppVMs 
based on Fedora 25  even  going to be  "import"-able   into  4.0 ?   
I'd really not have to re-tweak all my Firefox  instances again for
example  :)


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54c0c72dd023e1bc2477006d6a1d7206%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

On 2017-12-24 16:01, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-12-24 19:08, yreb...@riseup.net wrote:
>> On 2017-12-23 11:11, Andrew David Wong wrote:
>>> On 2017-12-22 21:30, yreb...@riseup.net wrote:
 On 2017-12-22 09:50, awokd wrote:
> On Fri, December 22, 2017 10:29 am, 'Tom Zander' via
> qubes-users wrote:
>> On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net
>> wrote:
>>
>>> assuming 4.0 is going to come out of the box with like
>>> Debian 9 and Fed 26?
>
> If you have room for it, back up everything! You can restore
>  selectively later.

 thanks for the two replies, *However, neither gets to the gist
 of my inquiry. Namely, which VMs am I supposed to be backing
 up,
>>>
>>> You should back up every VM that contains data that you don't
>>> want to lose and can't replace. For most people, this means
>>> backing up every VM that contains things like documents, emails,
>>> photos, and videos. If you're short on space, it's not necessary
>>> to make backups of things that you know you'll be able to
>>> download easily again later (e.g., an unmodified TemplateVM).
>>>
 Dom0 (which for some reason is over *500GB!)  , hence  I can't
  backup "everything" even with a 2GB internal HD that I'm
 trying to use

>>>
>>> For most users, the main reason to back up dom0 is because that's
>>> where your dom0 user settings are stored. Normally, dom0 should
>>> not be that large, since you're only backing up the home
>>> directory. (You're using qvm-backup, right?) It sounds like you
>>> didn't expect it to be that large, so if there's not enough data
>>> in your home directory to account for it, check /var/tmp to see
>>> if you have a lot of partial restores taking up space.
>>>
 I was thinking of skipping the 1 large offline AppVM where I
 keep old photos, and did, so why did  the Templates and Dom0
 come out to such a *Huge filesize,   what would be typical ???

> From what your saying can I skip the Debian 8 Template, I
> have 2 AppVMs
 and the Whonix stuff based on it I guess

>>
>>
>> What is the default backup location from the GUI VM Manager
> 
> It looks like the default is dom0. (Not sure, since I usually use the
> CLI, but I just tried going through the first few prompts in the GUI,
> and the default target was dom0.)
> 
>> : I'm wondering now where I backed up my 300GB VM with old photos
>> back in May 2017 maybe that has something to do with the size
>> problem I'm encountering .. I probably wanna know where is it
>> anyway. I don't think I thought to change it from the default
>> setting, as I was new, and still am to what behaviour to expect
>> from Qubes systems ...and just let it back up where-ever the
>> default would be.
>>
> 
> Yeah, it sound like you probably have ~500GB worth of backups in your
> dom0 home directory. You'll probably want to move those to another
> location before backing up dom0 (if you don't want to include those
> backups in your backup).
> 
>> PS: keeping in mind, my perhaps, *only reason to be attempting a
>> backup would be to migrate it to 4.0  ,
> 
> I recommend making frequent backups (so that you don't lose data in an
> unexpected hardware or software malfunction), not just for migration.
> 
>> so I  *still want to back up Templates and Dom0??
> 
> That really depends on you. The answer will be different for different
> people. The main consideration is whether you have any data in dom0's
> home or in your TemplateVMs that you don't want to lose. Personally, I
> would back everything up just in case. You may not end up using it all
> in the migration process, but the problem is that you may not be
> entirely certain, before that process is complete, which data you will
> want to have migrated. In hindsight, you may wish you had migrated
> more. You can always exclude data you have, but you can't include data
> you no longer have.
> 
>> Most of my AppVMs are just for browsing the web and the 15
>> different times, I've reset up  firefox with perhaps a few
>> downloads . considering that would there be some reason to
>> backup AppVMs .
>>
>>
>> Maybe the only VM that matters *is the 300GB AppVM with photos in
>> it , that stays offline ?
>>
> 
> Again, it really just depends on what data you want to keep. Given
> your uncertainty, I highly recommend backing up *everything* so that
> you don't regret losing something later. It sounds like you're talking
> about less than a terabyte in total, which is a pretty small amount of
> data relative to hard drive capacities these days. Better safe than
> sorry!
> 
>>
>> re: /var/tmp  is  dom0  I am unable  to  cut and paste  from  dom0
>> what I see is /dev/mapper/qubes_dom0-root  952848292
>> 780151168(used) 123272164(available) 87%   / and various others
>> smaller directories   ; I don't know what a "partial restore"
>> would look like ; I never touch 

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

On 2017-12-23 11:11, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-12-22 21:30, yreb...@riseup.net wrote:
>> On 2017-12-22 09:50, awokd wrote:
>>> On Fri, December 22, 2017 10:29 am, 'Tom Zander' via qubes-users
>>>  wrote:
 On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net
 wrote:

> assuming 4.0 is going to come out of the box with like Debian
> 9 and Fed 26?
>>>
>>> If you have room for it, back up everything! You can restore
>>> selectively later.
>>
>> thanks for the two replies, *However, neither gets to the gist of
>> my inquiry. Namely, which VMs am I supposed to be backing up,
> 
> You should back up every VM that contains data that you don't want to
> lose and can't replace. For most people, this means backing up every
> VM that contains things like documents, emails, photos, and videos. If
> you're short on space, it's not necessary to make backups of things
> that you know you'll be able to download easily again later (e.g., an
> unmodified TemplateVM).
> 
>> Dom0 (which for some reason is over *500GB!)  , hence  I can't
>> backup "everything" even with a 2GB internal HD that I'm trying to
>>  use
>>
> 
> For most users, the main reason to back up dom0 is because that's
> where your dom0 user settings are stored. Normally, dom0 should not be
> that large, since you're only backing up the home directory. (You're
> using qvm-backup, right?) It sounds like you didn't expect it to be
> that large, so if there's not enough data in your home directory to
> account for it, check /var/tmp to see if you have a lot of partial
> restores taking up space.
> 
>> I was thinking of skipping the 1 large offline AppVM where I keep
>> old photos, and did, so why did  the Templates and Dom0  come out
>> to such a *Huge filesize,   what would be typical ???
>>
>>> From what your saying can I skip the Debian 8 Template, I have 2
>>>  AppVMs
>> and the Whonix stuff based on it I guess
>>
> 
> - -- 
> Andrew David Wong (Axon)


What is the default backup location from the GUI VM Manager : I'm
wondering now where I backed up my 300GB VM with old photos back in May
2017 maybe that has something to do with the size problem I'm
encountering .. I probably wanna know where is it anyway. I don't
think I thought to change it from the default setting, as I was new, and
still am to what behaviour to expect from Qubes systems ...and just let
it back up where-ever the default would be. 

PS: keeping in mind, my perhaps, *only reason to be attempting a backup
would be to migrate it to 4.0  , so I  *still want to back up Templates
and Dom0??  Most of my AppVMs are just for browsing the web and the 15
different times, I've reset up  firefox with perhaps a few downloads
. considering that would there be some reason to backup AppVMs .


Maybe the only VM that matters *is the 300GB AppVM with photos in it ,
that stays offline ?


re: /var/tmp  is  dom0  I am unable  to  cut and paste  from  dom0  what
I see is 
/dev/mapper/qubes_dom0-root  952848292  780151168(used) 
123272164(available) 87%   / 
and
various others smaller directories   ; I don't know what a "partial
restore" would look like ; I never touch dom0 :0

--
cc: the user group
--

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04a90bcb398de37dce6a3d3ba4d83320%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

On 2017-12-22 09:50, awokd wrote:
> On Fri, December 22, 2017 10:29 am, 'Tom Zander' via qubes-users wrote:
>> On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net wrote:
>>
>>> assuming 4.0 is going to come out of the box with like Debian 9 and Fed
>>> 26?
> 
> If you have room for it, back up everything! You can restore selectively
> later.

thanks for the two replies, *However, neither gets to the gist of my
inquiry. Namely, which VMs am I supposed to be backing up, Dom0 (which
for some reason is over *500GB!)  , hence  I can't backup "everything"
even with a 2GB internal HD that I'm trying to use 

I was thinking of skipping the 1 large offline AppVM where I keep old
photos, and did, so why did  the Templates and Dom0  come out to such a
*Huge filesize,   what would be typical ??? 

>From what your saying can I skip the Debian 8 Template, I have 2 AppVMs
and the Whonix stuff based on it I guess 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31d315564e9db9c896af46fcbb4fa81e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

hello, I went through the docs on creating a backup of the VMs, trouble
is , I don't have the basic concept of which VMs to backup, e.g. Dom0 is
said to be 500Gb  by itself, and the Deb 8 and Fed 25 are also hundreds
of Gbs,  as is my non-network VM where I keep all my old photos , which
I did backup to somewhere, it's the only VM I've ever backed up.

But, lets say I skip the large  "old docs" file ; and wanted to migrate
my VMs to 4.0  , just which VMs would be translatable to 4.0 assuming
4.0 is going to come out of the box with like Debian 9 and Fed 26?

Am I/do people just back up AppVMs  and mostly just for 3.2 ? or what am
I missing . I am a basic user as you can guess :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9d355786302fc3b51d9ca5bbd30e46%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora25 fails updates unless I reboot the machine 9.13.17

[yrebstv]

On 2017-09-14 03:51, Robert Fisk wrote:
> On 09/14/2017 10:49 AM, qubester wrote:
>> Fedora25 fails updates unless I reboot the machine 9.13.17
>>
>> 2 or 3 times now, are others having this problem?  is there some
>> particular remedy or  just  let it go?
>>
>> "failed to syncronize cache"
>>
> 
> I see this problem on a Q3.2 system that has been running for several days.
> 
> Updating Fedora 25 template:
>> sudo dnf update
>> Error: Failed to synchronize cache for repo 'updates'
> 
> Updating Debian 9 template:
>> sudo apt update
>> Err:1 http://security.debian.org stretch/updates
>> InRelease
>> Could not connect to 10.137.255.254:8082 (10.137.255.254), connection
>> timed out
>> Err:2 http://deb.qubes-os.org/r3.2/vm stretch
>> InRelease
>> Could not connect to 10.137.255.254:8082 (10.137.255.254), connection
>> timed out
>> Err:3 http://deb.debian.org/debian stretch
>> InRelease
>> Could not connect to 10.137.255.254:8082 (10.137.255.254), connection
>> timed out
>> Err:4 http://deb.debian.org/debian stretch-updates InRelease
>> Unable to connect to 10.137.255.254:8082:
> 
> Dom0 update seems to work (or at least fails silently):
>> sudo qubes-dom0-update
>> Using sys-firewall as UpdateVM to download updates for Dom0; this may
>> take some time...
>> Running command on VM: 'sys-firewall'...
>> Running command on VM: 'sys-firewall'...
>> Checking for dom0 updates...
>> No new updates available
> 
> 
> Restarting fixes the problem temporarily. I guess the update proxy is
> crashing? My sys-firewall is running a Debian 9 template, what about yours?
> 
> Regards,
> Robert

Are you saying by chance, that if I changed the template that the
sys-firewall is based on, that that might fix this ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30520dcf9f8809cbc43eefbe6079a47f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] paranoid mode backup

[yrebstv]

Hello ,

So at this point using 3.2  I have 3 ProxyVMs for my VPN, that took a
bit of time to setup ,  from reading :
https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/

I'm trying to sort out, what might be best practice.


I've no reason to believe I've any compromise of any sort at all, but
are people out there  using this  backup tool regularly?  If so why ?

In plain English, what it seems to do  is what?   This is something for
when you KNOW your whole system is compromised OR  something to do from
time to time,  because your "paranoid" ?

If the latter,  then when . maybe its bit over my head, and I should
just forget about it . 

it doesn't seem like it would do much  harm  other than  I would lose 
the   VPN  ProxyVMs  because of the  CLI version that I used that 
tweaks the firewall 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f597af8eb5ef38ecf5b598ab2da2b457%40riseup.net.
For more options, visit https://groups.google.com/d/optout.